Wikia

FastMailWiki

Watchlist Random page Recent changes

ConfiguringFetchmail

Talk0
262pages on
this wiki

Introduction Edit

Whether you use Linux or FreeBSD or even Mac OS X, fetchmail can be used to retrieve your fastmail.fm e-mail using secure IMAP with SSL encryption. You will need to have OpenSSL and fetchmail with SSL support installed. This is standard on many Linux/BSD distributions.

NOTE: the SSL certificate changed on 30 Aug 2011. You will need to re-fetch the certificates below and update the fingerprint in your fetchmail config file

Installing the Certificates Edit

Certificates are used to verify the identity of the IMAP server. First, you'll need to create a ~/.certs directory: 

mkdir ~/.certs
cd ~/.certs

Next, you will need to retrieve the certificates for the fastmail.fm IMAP server (mail.messagingengine.com) and the company that issued fastmail.fm their certificate. 

openssl s_client -CApath $HOME/.certs -connect mail.messagingengine.com:993 -showcerts \
  < /dev/null \
  | perl -lne 'print if /BEGIN CERT/ .. /END CERT/; last if /END CERT/' \
  > fastmail.pem

FastMail are currently using a digicert certificate, which is chained though to the DigiCert root certificate. You can fetch the intermediate and root certificates from our servers: 

wget https://www.fastmail.fm/certs/DigiCertHighAssuranceCA-3.crt
wget https://www.fastmail.fm/certs/DigiCertHighAssuranceEVRootCA.crt

Note: You should use https in the above wget to ensure a secure connection to FastMail when retrieving the root certificate, otherwise the whole point of SSL trust chains falls down.

Now, you just need to execute one more command and your certificates directory should be complete: 

c_rehash .

c_rehash is part of OpenSSL. It will create symbolic links with hexadecimal names that point to each of the .pem files in your ~/.certs directory. The contents of your ~/.certs directory should look something like this: 

lrwxrwxrwx   1 brong brong    29 2011-09-01 13:47 02b2d53d.0 -> DigiCertHighAssuranceCA-3.crt
lrwxrwxrwx   1 brong brong    29 2011-09-01 13:47 1445ed77.0 -> DigiCertHighAssuranceCA-3.crt
lrwxrwxrwx   1 brong brong    33 2011-09-01 13:47 244b5494.0 -> DigiCertHighAssuranceEVRootCA.crt
lrwxrwxrwx   1 brong brong    12 2011-09-01 13:47 4f9f158f.0 -> fastmail.pem
lrwxrwxrwx   1 brong brong    33 2011-09-01 13:47 81b9768f.0 -> DigiCertHighAssuranceEVRootCA.crt
-rw-rw-r--   1 brong brong  2256 2011-09-01 13:22 DigiCertHighAssuranceCA-3.crt
-rw-rw-r--   1 brong brong  1390 2011-09-01 13:45 DigiCertHighAssuranceEVRootCA.crt
lrwxrwxrwx   1 brong brong    12 2011-09-01 13:47 e726ed0b.0 -> fastmail.pem
-rw-rw-r--   1 brong brong  2399 2011-09-01 13:35 fastmail.pem

Execute the openssl s_client command again to verify that you have all of the certificates installed properly: 

openssl s_client -CApath $HOME/.certs -connect mail.messagingengine.com:993 -showcerts  < /dev/null

After the initial "CONNECTED" line, there should be lines that start with "depth=" for each of the certificates in the certifcation chain. On the line after each of these lines, it should say "verify return:1" in each case. If it doesn't, then you have a problem with your certificates or you are missing a certificate.

If you would prefer to fetch the certificates directly from DigiCert, their certificate page can be found at https://www.digicert.com/digicert-root-certificates.htm

Configuring ~/.fetchmailrc Edit

After this, you will need to create a ~/.fetchmailrc file. It should be readable only by you, since it will ultimately contain your fastmail.fm password. (You could leave out your password, if you so desire; fetchmail will prompt you for a password each time you start it.) 

touch ~/.fetchmailrc
chmod 600 ~/.fetchmailrc

Next, load ~/.fetchmailrc into your favorite text editor and paste the following lines: 

set daemon 600  # Poll at 10-minute intervals
set logfile "/path/to/your/home/directory/.fetchmail.log"

defaults
        no dns
        mimedecode
        fetchall

poll mail.messagingengine.com protocol IMAP:
        user your@complete.fastmail.email.address is yourlocaluserid here
        ssl
        sslfingerprint "05:0E:9B:F2:0F:0E:4C:DE:F9:8B:D3:2D:9B:FB:B6:CE"
        sslcertck sslcertpath /path/to/your/home/directory/.certs
        password yourfastmailpasswordhere;

Obviously, replace "your@complete.fastmail.email.address" with your fastmail.fm e-mail address. Replace "yourlocaluserid" with the user ID you use on your computer. Replace "/path/to/your/home/directory" with the actual path to your home directory. Replace "yourfastmailpasswordhere" with your fastmail.fm password. Make sure you do not delete the semicolon at the end of that last line.

The hexadecimal string on the "sslfingerprint" line was obtained using the following command: 

openssl x509 -in ~/.certs/fastmail.pem -noout -md5 -fingerprint

You should verify that the output of that command matches the fingerprint specified in your ~/.fetchmailrc. It is possible that the fastmail.fm certificate could change. If it does, then the fingerprint of the certificate will be different from what is listed above. This should not happen frequently. Most commercial certificates do not expire for a year or more.

The above ~/.fetchmailrc assumes you have a mail transport/delivery agent (MTA/MDA), such as sendmail or postfix listening on port 25. If you do not, you should set one up. Doing so is beyond the scope of this tutorial.

You are now ready to start up fetchmail! You'll want to start it up in verbose, non-daemon mode first to see if you have configured everything correctly: 

fetchmail -N -v

It should print something like the following lines to your terminal: 

fetchmail: 6.3.6 querying mail.messagingengine.com (protocol IMAP) at Wed Jan 28 19:10:28 2009: poll started
fetchmail: Trying to connect to 66.111.4.52/993...connected.
fetchmail: Issuer Organization: DigiCert Inc
fetchmail: Issuer CommonName: DigiCert Global CA
fetchmail: Server CommonName: *.messagingengine.com
fetchmail: Subject Alternative Name: mail.messagingengine.com
fetchmail: Subject Alternative Name: dav.messagingengine.com
fetchmail: Subject Alternative Name: ftp.messagingengine.com
fetchmail: Subject Alternative Name: ldap.messagingengine.com
fetchmail: Subject Alternative Name: chat.messagingengine.com
fetchmail: Subject Alternative Name: www.messagingengine.com
fetchmail: Subject Alternative Name: wap.messagingengine.com
fetchmail: Subject Alternative Name: messagingengine.com
fetchmail: Subject Alternative Name: *.messagingengine.com
fetchmail: mail.messagingengine.com key fingerprint: 05:0E:9B:F2:0F:0E:4C:DE:F9:8B:D3:2D:9B:FB:B6:CE
fetchmail: mail.messagingengine.com fingerprints match.

It should then proceed to download any e-mails you may have on the fastmail.fm server, and you should be able read the e-mail on your local machine using your favorite e-mail program (pine, mutt, etc.), also known as mail user agent or MUA.

After it is done, type control-C to terminate fetchmail. You are now ready to use fetchmail in daemon mode.

Just type 

fetchmail

to start the fetchmail daemon.

If your computer is configured to use the X11 session manager, I recommend putting fetchmail in your ~/.xsession file. With that there, the fetchmail daemon will start up whenever you login to X11 on console and it should terminate when you logout.

Retrieved from "http://fastmail.wikia.com/wiki/ConfiguringFetchmail?oldid=10182"

Photos

Add a Photo
11photos on this wiki
See all photos >

Recent Wiki Activity

See more >

Around Wikia's network

Random Wiki