### Fetchmail Quickstart (Verbose Fetch) Source: https://context7.com/fetchmail/fetchmail/llms.txt Execute a fetchmail operation with verbose output, showing the protocol dialogue between fetchmail and the mail server. This is useful for debugging and initial setup. ```bash # Fetch verbose (show protocol dialogue) — recommended for first-time setup fetchmail -v --fetchlimit 2 ``` -------------------------------- ### Install Fetchmail from Source (Autoconf) Source: https://context7.com/fetchmail/fetchmail/llms.txt Build and install fetchmail using the autoconf/automake build system. Ensure OpenSSL, gettext, and Python 3.7+ are installed. Run the test suite before installation. ```bash ./autogen.sh # only needed when building from Git ./configure --with-ssl make make check # run the test suite sudo make install ``` -------------------------------- ### Install Fetchmail from Source (Meson) Source: https://context7.com/fetchmail/fetchmail/llms.txt Build and install fetchmail using the meson build system. This is an alternative to the classic autoconf method. Ensure all build dependencies are met. ```bash meson setup build --buildtype=release cd build Meson compile Meson test sudo meson install ``` -------------------------------- ### Install Fetchmail Package (Debian/Ubuntu) Source: https://context7.com/fetchmail/fetchmail/llms.txt Install fetchmail using the system's package manager on Debian or Ubuntu-based systems. ```bash sudo apt install fetchmail ``` -------------------------------- ### Fetchmail Quickstart (One-Shot Fetch) Source: https://context7.com/fetchmail/fetchmail/llms.txt Perform a one-time mail fetch using fetchmail. This command will read the ~/.fetchmailrc configuration file and poll all configured servers. ```bash # One-shot fetch using ~/.fetchmailrc fetchmail ``` -------------------------------- ### Verify Fetchmail Installation Source: https://context7.com/fetchmail/fetchmail/llms.txt Check the installed fetchmail version and its TLS/SSL library defaults. This command confirms the installation and provides information about the cryptographic library used. ```bash fetchmail --version # Output includes: SSL/TLS library info, default CA paths, version string ``` -------------------------------- ### Launch fetchmailconf GUI Source: https://context7.com/fetchmail/fetchmail/llms.txt Start the fetchmailconf GUI configuration wizard. Requires Python 3.7+ and Tkinter. ```bash # Launch the GUI configuration wizard (requires Python 3.7+ and Tkinter) fetchmailconf ``` -------------------------------- ### Fetchmail Authentication Methods Source: https://context7.com/fetchmail/fetchmail/llms.txt Configuration examples for various authentication schemes supported by fetchmail. ```ini # ~/.fetchmailrc — Authentication examples # Default: auto-select strongest method poll imap.example.org proto IMAP user alice password "s3cr3t" authenticate any # default; probes GSSAPI → CRAM-MD5 → password ``` ```ini # CRAM-MD5 challenge-response (avoids sending password in clear) poll pop.example.org proto POP3 user alice password "s3cr3t" authenticate cram-md5 ``` ```ini # GSSAPI / Kerberos 5 poll imap.example.org proto IMAP user alice@REALM.EXAMPLE.ORG authenticate gssapi ``` ```ini # NTLM for Microsoft Exchange poll exchange.example.org proto IMAP user "DOMAIN\alice" password "s3cr3t" authenticate ntlm ``` ```ini # Implicit (IMAP PREAUTH via SSH tunnel — no password needed) poll mailhost.example.org proto IMAP plugin "ssh %h /usr/sbin/imapd" authenticate implicit sslproto '' # disable STARTTLS over SSH user alice is alice here ``` ```ini # APOP (MD5 challenge — deprecated, avoid on untrusted networks) poll pop.example.org proto APOP user alice password "s3cr3t" ``` -------------------------------- ### Install SSL certificates Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Commands to install SSL root CA certificates for fetchmail to use. This involves creating a directory, copying certificate files, and running a script to generate necessary symlinks. ```bash mkdir /etc/ssl/certs ``` ```bash cp *.pem /etc/ssl/certs/ ``` ```bash perl c_rehash ``` -------------------------------- ### Fetchmail User Mapping Example Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/website/fetchmail-FAQ.html Example of mapping a remote user to a local user in fetchmail configuration. Ensure the local user exists and can receive mail. ```fetchmailrc user 'remoteuser' there with password '*' is 'localuser' here ``` -------------------------------- ### Fetchmail Quickstart (Specific Server Fetch) Source: https://context7.com/fetchmail/fetchmail/llms.txt Fetch mail from a specific POP3 server using command-line arguments to override or supplement the ~/.fetchmailrc configuration. Includes SSL/TLS options. ```bash # Fetch from a specific POP3 server with explicit credentials fetchmail -p POP3 -u alice --ssl mail.example.org ``` -------------------------------- ### Fetchmail command line execution Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Example of running fetchmail from the command line. This used to work without a .fetchmailrc file in older versions but now requires specific configuration. ```shell fetchmail -u "itz" -p POP3 -s bolero.rahul.net ``` -------------------------------- ### Full cron job example with NOMAIL handling Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html A complete cron job entry that runs fetchmail every 15 minutes and suppresses the 'NOMAIL' error. ```bash */15 * * * * fetchmail -s || [ $? -eq 1 ] ``` -------------------------------- ### Fetchmail Configuration Example Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/archived-messages/000154.html This is a sample fetchmailrc configuration. It sets logging to syslog, defines the postmaster, disables bounce mail, and specifies an ID file. The daemon setting is commented out. ```shell set syslog set postmaster "[david at dgreaves.com](https://lists.berlios.de/mailman/listinfo/fetchmail-devel)" set nobouncemail set properties "" #set daemon 180 set idfile /var/run/fetchmail.ids ``` -------------------------------- ### Sendmail configuration for fetchmail Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Example sendmail configuration directives to ensure compatibility with fetchmail, particularly for relaying and hostname recognition. ```sendmail Cwlocalhost ``` -------------------------------- ### Fetchmail Configuration (Deliver via MDA) Source: https://context7.com/fetchmail/fetchmail/llms.txt Configure fetchmail to deliver fetched mail using a Mail Delivery Agent (MDA) instead of SMTP. This example uses maildrop. Ensure the MDA path and arguments are correct. ```ini # ────────────────────────────────────────────── # Deliver via MDA instead of SMTP # ────────────────────────────────────────────── poll mail.example.org proto POP3 uidl user alice password "s3cr3t" mda "/usr/bin/maildrop -d %T" ssl sslproto tls1.2+ ``` -------------------------------- ### Debug Fetchmail with Full Protocol Trace Source: https://context7.com/fetchmail/fetchmail/llms.txt Execute fetchmail with `-vvv --nodetach --nosyslog` to get a full protocol trace, displaying every server command and response. Use `env LC_ALL=C` for consistent output. ```bash # Step 2: run with full protocol trace (shows every server command/response) env LC_ALL=C fetchmail -vvv --nodetach --nosyslog ``` -------------------------------- ### Fetchmail configuration for SSL/TLS without authentication Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html This configuration example demonstrates using fetchmail with SSL/TLS via the openssl s_client utility. Note that this method does not authenticate the server. ```fetchmailrc poll MYSERVER port 993 plugin "openssl s_client -connect %h:%p" protocol imap username MYUSERNAME password MYPASSWORD ``` -------------------------------- ### Fetchmail Multi-Drop Mode for Demon Internet SDPS Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/website/fetchmail-FAQ.html Example fetchmail configuration for multi-drop mode with Demon Internet's SDPS. This setup handles multiple email addresses within a single POP3 account and requires specifying local domains. ```fetchmailrc poll pop3.demon.co.uk proto pop3 aka mailstore no dns: localdomains xyz.demon.co.uk my-company.co.uk user xyz is \* ``` -------------------------------- ### Get Backtrace with GDB Source: https://context7.com/fetchmail/fetchmail/llms.txt After enabling core dumps, use GDB with the fetchmail executable and the generated core file (`fetchmail.core`) to get a backtrace of the crash. ```bash # Once core is written, get a backtrace with GDB gdb ./fetchmail fetchmail.core # (gdb) backtrace full # (gdb) quit ``` -------------------------------- ### Configure fetchmail with SSL support Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Enable SSL support during fetchmail compilation. This is the default since fetchmail v6.4.0. If OpenSSL is installed in a non-default location, provide the path to the installation directory. ```bash --with-ssl ``` -------------------------------- ### Use Connection Hooks for Dial-up Source: https://context7.com/fetchmail/fetchmail/llms.txt Employ connection hooks to establish a PPP connection before polling and hang up afterwards. Ensure pppd is in your PATH. ```fetchmailrc poll dialup.provider.net proto POP3 user alice password "s3cr3t" preconnect "pppd call myisp" postconnect "pppd call hangup" ``` -------------------------------- ### Get Server TLS Fingerprint Source: https://context7.com/fetchmail/fetchmail/llms.txt Obtain the TLS fingerprint of a server using `openssl s_client` and `openssl x509`. This is useful for certificate pinning. ```bash # Get TLS fingerprint of the server (use for sslfingerprint pinning) openssl s_client -connect imap.example.org:993 /dev/null \ | openssl x509 -noout -sha256 -fingerprint ``` -------------------------------- ### Build Fetchmail with wolfSSL Source: https://context7.com/fetchmail/fetchmail/llms.txt Configure fetchmail to build with the wolfSSL library instead of OpenSSL. This requires specific compilation flags for wolfSSL itself. ```bash ./configure --with-wolfssl # wolfSSL must have been compiled with: # CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_BLIND_PRIVATE_KEY -O" \ # ./configure --enable-opensslall --enable-harden --enable-context-extra-user-data ``` -------------------------------- ### Fetchmail Configuration for Non-RPA Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Example fetchmail configuration for non-RPA (Remote Procedure Access) polling. It specifies the server, protocol, user credentials, and local user mapping. ```fetchmailrc poll non-rpa.csi.com via "pop.site1.csi.com" with proto POP3 and options no dns user "CSERVE_USER" there with password "CSERVE_POP3_PASSWORD" is LOCAL_USER here options fetchall stripcr ``` -------------------------------- ### Configure fetchmail with GSSAPI support Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Use this option when compiling fetchmail to enable GSSAPI support, typically for Kerberos V authentication. Specify the root directory of your Kerberos V libraries. ```bash configure --with-gssapi=/usr/krb5 ``` -------------------------------- ### Update .fetchmailrc for interface option (fetchmail < 2.8) Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html For fetchmail versions prior to 2.8, the 'interface' option was a global 'set' command. This example shows how to convert it to a per-server option. ```shell set interface = "sl0/10.0.2.15" ``` ```shell interface sl0/10.0.2.15 ``` -------------------------------- ### SSL/TLS Utility and Testing Commands Source: https://context7.com/fetchmail/fetchmail/llms.txt Commands for obtaining server certificate fingerprints and testing TLS connections. ```bash # Obtain a server's SHA-256 fingerprint for pinning openssl x509 -in server-cert.pem -noout -sha256 -fingerprint ``` ```bash # Test TLS connection before committing to config env LC_ALL=C fetchmail -vvv --nodetach --nosyslog \ --ssl --sslproto tls1.2+ -p IMAP -u alice imap.example.org ``` ```bash # Allow core dumps for crash debugging (passwords may appear — handle with care) ulimit -Sc unlimited fetchmail -Nvd0 --nosyslog -vvv ``` -------------------------------- ### Fetchmail Configuration (Daemon Mode) Source: https://context7.com/fetchmail/fetchmail/llms.txt Configure fetchmail to run as a background daemon, polling mail servers at a specified interval. Includes settings for logging and a postmaster address. ```ini # ────────────────────────────────────────────── # Run fetchmail as a daemon every 15 minutes # ────────────────────────────────────────────── set daemon 900 set logfile /var/log/fetchmail.log set postmaster alice ``` -------------------------------- ### Fetchmail configuration with SSL certificate path Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Configure fetchmail to use SSL with a specified certificate path for verification. This is useful when dealing with self-signed certificates or custom CA setups. ```fetchmailrc poll pop3.example.com proto pop3 uidl no dns user foobar@example.com password xyzzy is foobar ssl sslcertpath /etc/ssl/certs ``` -------------------------------- ### Resource Limits: Message Size and Warnings Source: https://context7.com/fetchmail/fetchmail/llms.txt Set a limit for message size (in bytes) and configure warnings for daemon mode. Messages exceeding the limit are handled according to other options. ```ini poll imap.example.org proto IMAP user alice password "s3cr3t" ssl limit 1048576 warnings 3600 ``` -------------------------------- ### Fetchmail SSL/TLS Configuration Source: https://context7.com/fetchmail/fetchmail/llms.txt Configuration snippets for securing mail retrieval connections using SSL/TLS with fetchmail. ```ini # ~/.fetchmailrc — Implicit TLS (recommended, dedicated SSL ports 993/995) poll imap.example.org proto IMAP user alice password "s3cr3t" ssl # wrap entire connection in TLS sslproto tls1.2+ # require TLSv1.2 or newer (default since 6.5.0) sslcertck # verify server certificate (default since 6.4.0) ``` ```ini # STARTTLS on standard port (in-band negotiation, no --ssl flag) poll imap.example.org proto IMAP user alice password "s3cr3t" sslproto tls1.2+ # triggers STARTTLS; omit 'ssl' keyword ``` ```ini # Pin server certificate by SHA-256 fingerprint (defense against MitM) poll imap.example.org proto IMAP user alice password "s3cr3t" ssl sslproto tls1.2+ sslfingerprint "{SHA256}AA:BB:CC:DD:EE:FF:..." ``` ```ini # Custom CA certificate bundle (e.g. self-signed corporate CA) poll imap.example.org proto IMAP user alice password "s3cr3t" ssl sslproto tls1.2+ sslcertfile /etc/ssl/certs/my-company-ca.pem ``` ```ini # Client certificate authentication poll imap.example.org proto IMAP user alice ssl sslproto tls1.2+ sslcert /home/alice/.ssl/client-cert.pem sslkey /home/alice/.ssl/client-key.pem authenticate external # skip password; identity comes from cert ``` -------------------------------- ### Generating Letter-Sized FAQ PDF with HTMLDOC Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/website/fetchmail-FAQ.html To create a letter-sized PDF of the fetchmail FAQ, install HTMLDOC, edit the fetchmail-FAQ.book file to change the paper size, and then run the make command. ```shell make fetchmail-FAQ.pdf ``` -------------------------------- ### Workaround for c_rehash with Multiple OpenSSL Versions Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Provides a workaround for issues with OpenSSL's c_rehash script when multiple OpenSSL versions are installed. This ensures the correct OpenSSL binary and certificate path are used. ```bash env PATH=/opt/openssl3.0/bin /opt/openssl3.0/bin/c_rehash /home/hans/certs ``` -------------------------------- ### Initialize va_list before vsnprintf Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/website/fetchmail-SA-2008-01.txt Ensures that the va_list 'args' is properly initialized using VA_START before each call to vsnprintf. This is crucial because vsnprintf modifies the va_list, and it must be reset for subsequent calls. ```c /* * args has to be initialized before every call of vsnprintf(), * because vsnprintf() invokes va_arg macro and thus args is * undefined after the call. */ VA_START(args, message); n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used, message, args); va_end (args); ``` -------------------------------- ### Configure Sendmail for Red Hat Linux 6.x Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/fetchmail-FAQ.html Enable SMTP service in Red Hat Linux 6.x by setting DAEMON=yes in the sendmail configuration file and restarting the service. ```bash DAEMON=yes /sbin/service sendmail restart ``` -------------------------------- ### Build Fetchmail with Latest Flex Source: https://gitlab.com/fetchmail/fetchmail/-/blob/legacy_6x/website/fetchmail-FAQ.html If fetchmail dumps core with an invalid rc file, especially on older systems, ensure you have the latest version of flex installed. This resolves issues related to archaic lex versions. ```shell build and install the latest version of [flex](http://flex.sourceforge.net/) ```