From owner-freebsd-questions@FreeBSD.ORG Mon May 11 23:40:39 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 498C8BDF for ; Mon, 11 May 2015 23:40:39 +0000 (UTC) Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 10FB31D7B for ; Mon, 11 May 2015 23:40:39 +0000 (UTC) Received: by igbpi8 with SMTP id pi8so85923143igb.1 for ; Mon, 11 May 2015 16:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=7Gv01mXJmOlH5XgKsnGEb92CY0dfA5UMuWmshoV+nww=; b=Vzt0qapln7y4xnO0DMMkDyTxAOeETg9DoIplZ14aUKM290O4JT7rAEH3hCQyyHIPS7 9G/Onq59sNcPiTxaWUF9q0t6WNBbInYSdUROS9Eedfqi7wgOjp7UaRADA7VRhW9muner Dt4UkZJIa4CSxfDybE0bSy4DY2L+q5JFzbx7ee5ISy+A5TUmBgiHAQyRkKQaK6fqwfvB +WoeEabBa08/TG1oYDdKwjy6eWttP/MXZLQl0MWiTUmALjOGwIcKvMb0H8b9m7Kci7xJ UWYfiP2clqW9kUTgCsRCKUGXV079TCv628YpPX7hvkf0YasSAd4Mwt5b5zTZ8Bnu+XAT q49A== X-Received: by 10.42.188.19 with SMTP id cy19mr18595icb.92.1431387638461; Mon, 11 May 2015 16:40:38 -0700 (PDT) Received: from [10.0.10.5] (cpe-76-190-244-6.neo.res.rr.com. [76.190.244.6]) by mx.google.com with ESMTPSA id fs5sm169907igb.0.2015.05.11.16.40.37 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 11 May 2015 16:40:37 -0700 (PDT) Message-ID: <55513E19.3010103@gmail.com> Date: Mon, 11 May 2015 19:41:13 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) To: freebsd-questions@freebsd.org CC: freebsd-questions-local@be-well.ilk.org Subject: Re: Certificate error References: <554FC878.7070401@gmail.com> <55501D92.2020102@radel.com> <5550C454.60202@gmail.com> <555105BA.4010702@radel.com> <5551153A.4000800@gmail.com> <441timg662.fsf@be-well.ilk.org> In-Reply-To: <441timg662.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2015 23:40:39 -0000 Lowell Gilbert wrote: Ernie Luzar [1] writes: When I run fetchmail againest my ISP mail pop server it runs fine and populates my postfix server and shows basically the same log sequence. Your ISP's POP server has a certificate signed by a certificate authority that fetchmail trusts. I just change the poll and user statements in .fetchmailrc. Your personal POP server does *not* have a certificate signed by a certificate authority that fetchmail trusts. Please answer the following question as directly as you can: how did you configure fetchmail to accept the certificate being used by your personal POP server? The normal way you configure fetchmail to accept a self-signed certificate is by using the "sslfingerprint" option in your .fetchmailrc file. Have you done this? No When I tried to get the fingerprint source openssl s_client -connect pop.a1poweruser.com:110 -showcerts CONNECTED(00000003) 675508300:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_cln t.c:795: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 307 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- I thought qpopper would have launched TLS when s_client connected. At a lost of what to do next. Here is my qpopper.conf set server-mode = true set statistics = true set shy = true set fast-update = true set reverse-lookup = false set log-facility = mail set tls-support = stls set clear-text-password = tls set tls-server-cert-file = /usr/local/etc/qpopper/fme-cert.pem set tls-private-key-file = /usr/local/etc/qpopper/fme-key.pem References 1. mailto:luzar722@gmail.com