MandrakeUser.Org - Your Mandrake-Linux Knowledge Base!


 
 

* DocIndex - Connectivity

Mail The Unix Way - Fetchmail

* Fetchmailconf
* Automating Fetchmail
* Fetchmail and SMTP-After-POP Authentication
* Fetchmail Via SSL/SSH

Related Resources:

Fetchmail Home Page
man fetchmail
Fetchmail FAQ

Revision / Modified: July 06, 2001 / Mar. 25, 2002
Author: Tom Berger

 

* Fetchmailconf

Before you do anything else, have a look into '/var/spool/mail' first. If there's a file with your user name, everything's fine. If not, create it as 'root' with these commands:

touch /var/spool/mail/[user name]
chmod 600 !$ && chown [user name] !$

'Fetchmail' is controlled by a file called '.fetchmailrc' in your or 'root's' home directory. Since the syntax of this file is very simple and well documented in man fetchmail, you could write it yourself. But 'easier' is better than 'easy', and since 'Fetchmail' comes with an exemplary good graphical configuration-helper, you want to use it.

Start the configuration-helper as the user who is supposed to get the mail by typing fetchmailconf & on a virtual terminal prompt. Click on the 'Configure Fetchmail' button and then on the 'Novice Configuration' button. Don't care about the 'Poll interval', I will show you a better way to configure that later.
Enter the full name of the server(s) you get your mail from into the 'New Server' field, adding each entry by hitting the ENTER key. Now double click on an entry to bring up the configuration window for this server.
Into the 'New User' field you put your user name at the remoteserver. Usually it is the first part of your mail address, e.g. if your mail address would be 'joe@isp.com', you would have to enter 'joe' here. Add it with the ENTER key and double-click on the entry.
Enter the password for your mail account and the name of the local user who should get mail retrieved from this account (most likely that's you). Remove any other entries 'Fetchmailconf' might have already put in there.
I would advise you to check the option "Suppress the deletion of messages after reading" for now. If everything works properly, you can change it later. If not, you've avoided running the risk of losing mail. This option will leave a copy of all messages you retrieve on the remote server.
Close the windows by clicking on the OK buttons until you are back at the first window, the 'fetchmail launcher'. Open a connection to the Internet and click the 'Test fetchmail' button. You will see a log window. Do not be alarmed if this window shows no sign of life for a while: the log will be printed after fetchmail has finished its job. If the second to last line reads fetchmail: normal termination, status 0, everything's OK. If not, check the log and your configuration.

Note that fetchmail has most likely put your mail not into your local mail directory in your home directory, but into a file called '/var/spool/mail/[your user name]'. Don't worry, I'll show you how to change that later.

* section index * top

* Automating Fetchmail

Running 'Fetchmail' by hand or from the launcher every time would be to awkward. How about retrieving mail every time you connect to the Internet? And to elaborate this idea: what about making 'Fetchmail' polling your mail in specified intervals as long as you are connected to the 'Net?

This is done via the scripts 'ip-up.local' and 'ip-down.local' in '/etc/ppp'. These scripts can contain commands you want to have executed each time you connect or disconnect. These scripts must be executable (chmod +x) and the first line must contain #!/bin/bash.

Making 'Fetchmail' poll your mailboxes automatically is done by putting it into 'daemon mode' :

fetchmail -d [seconds]

[seconds] specifies the polling interval in seconds. So to poll your mail every five minutes, put this line into /etc/ppp/ip-up.local:

fetchmail -d 300

Note that since ip-up/down scripts are called by a root process, 'Fetchmail' looks for its configuration file in root's home directory. For security reasons the configuration must only be read/writable by its owner (since your passwords are stored in there). 'Fetchmail' refuses to work with configurations which do not meet this requirement.
Another effect is that you can't use a configuration file which does not belong to 'root'. This is simple logic: all programs started from ip-up/down scripts are owned by root and so does 'Fetchmail'. And 'Fetchmail' does not accept a configuration file which isn't owned by the user who started it.
This command for 'root' will solve the problem:

chown root:root .fetchmailrc && mv .fetchmailrc ~

Another possibility would be to run Fetchmail in daemon mode right on boot, e.g. by installing the 'fetchmail-daemon' package from your Mandrake CD. This package installs a service script in '/etc/rc.d/init.d' which can be controlled via the usual 'service' commands. If you use this package, the 'fetchmailrc' has to be located in the '/etc' directory.

If the next two paragraphs ('SMTP After POP' and 'SSH') are of no interest to you, jump directly to the last step of configuring your email system, the page about configuring the Procmail mail filter.

* section index * top

* Fetchmail and SMTP-After-POP Authentication

Many service providers use SMTP-After-POP Authentication to protect their servers against being abused as spam-relays. This means that clients are required to poll their mailbox first (which is password-protected), before they are allowed to send mail (which usually isn't protected).
You can run into a problem when you are using a "Smarthost" and 'Postfix' "gets there" before 'Fetchmail'. In this case the remote host won't accept mail delivered by 'Postfix' and by the time 'Fetchmail' has authenticated you, 'Postfix' might have given up already on trying to get rid of its mail. So what you need is a mechanism which ensures that 'Postfix' will always be runafter 'Fetchmail' has connected the remote host. For this 'Fetchmail' provides the 'postconnect' option. Append the following string to '.fetchmailrc':

postconnect "/usr/sbin/sendmail -q"

Of course you must remove the sendmail command from 'ip-up.local' now to allow this setting to take effect.

* section index * top

* Fetchmail Via SSL/SSH

Note: this requires that you have SSH already installed and configured on your machine. (Article on SSH.

If you are polling your mail frequently, your password is sent via an insecure network very often. SSH does not only protect your password, as a nice side effect it also allows you to compress data sent via its tunnel.

If your mail server supports SSL certificates (Article on Secure POP3 Server), things are pretty easy: just add ssl to the end of the server's entry in your '~/.fetchmailrc'. Make sure to run the fetchmail command with the--verbose switch once to see if it works. You should get something like this when 'fetchmail' contacts the mail server:

fetchmail: Issuer Organization: [ISP.com]
fetchmail: Issuer CommonName: [ISP.com]
fetchmail: Server CommonName: [ISP.com]

This is a part of the server's SSL certificate and proves that all data will be transmitted safely using SSL.

If your mail server runs an SSH server, but doesn't support SSL (or you have trouble getting your mail via SSL), you can tunnel your connection via SSH. The appropriate entry in your '~/.fetchmailrc' should look like this then:

poll localhost with protocol POP3 and port 11110:
user "[remote user]" there is [local user] here
preconnect "ssh -C -f [remote user]@[remote server] -L 11110:[remote server]:110 sleep 5"
password "[remote password]"
mda "/usr/bin/procmail -d %T"

What happens is this: before fetchmail connects to the remote mail server, it tells SSH to build an encrypted data tunnel between the remote server and your machine. Once this tunnel is established, 'fetchmail' polls thelocal end of the tunnel (port 11110 of localhost), the tunnel forward this poll to the remote end (port 110 of [remote server], port 110 is the standard port for POP3) and the remote server forward his replies to the local end of the tunnel. If you run 'fetchmail' from the command line, you will get a message like this as soon as the tunnel is established:

Waiting for forwarded connections to terminate...
The following connections are open:
direct-tcpip: listening port 11110 for [remote server] port 110, connect from 127.0.0.1 port 32790

More information about this can be found in the Secure POP via SSH mini-HOWTO.

* section index * top

* Configuring Procmail

 
Legal: All texts on this site are covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB (Tom Berger) and Mandrakesoft 1999-2002.