fetchmail disable TLS

A

axe13

New Member
Jan 29, 2025
2
0
1
Good day.
I ran into a problem when using fetchmail.
The fetchmail service cannot deliver mail. because When connecting, it uses TLS, although the settings explicitly indicate not to do this.
Attached part of the log
and settings /etc/pmg/fetchmailrc
Tell me how to make it work without TLS.
PS. via telnet everything is OK.
Thank you.

LOG
Server CommonName mismatch: xxxxx.by != xxx.xxxxx.su
Jan 29 09:37:28 mx fetchmail[283150]: Server certificate verification error: hostname mismatch
Jan 29 09:37:28 mx fetchmail[283150]: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed
Jan 29 09:37:28 mx fetchmail[283150]: xxx.xxxxx.su: upgrade to TLS failed.
Jan 29 09:37:28 mx fetchmail[283150]: Socket or TLS error on user@xxxxx.su@xxx.xxxxx.su.su
Jan 29 09:37:28 mx fetchmail[283150]: socket error while fetching from user@xxxxx.su@proxmox0000
Jan 29 09:37:28 mx fetchmail[283150]: Query status=2 (SOCKET)
Jan 29 09:42:28 mx fetchmail[283150]: Server CommonName mismatch: xxxxx.by != xxx.xxxxx.su
Jan 29 09:42:28 mx fetchmail[283150]: Server certificate verification error: hostname mismatch
Jan 29 09:42:28 mx fetchmail[283150]: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed
Jan 29 09:42:28 mx fetchmail[283150]: xxx.xxxxx.su: upgrade to TLS failed.
Jan 29 09:42:28 mx fetchmail[283150]: Socket or TLS error on user@xxxxx.su@xxx.xxxxx.su
Jan 29 09:42:28 mx fetchmail[283150]: socket error while fetching from user@xxxxx.su@proxmox0000
Jan 29 09:42:28 mx fetchmail[283150]: Query status=2 (SOCKET)

/etc/pmg/fetchmailrc
set daemon 300
set no bouncemail

defaults:
antispam -1
batchlimit 100

smtphost 192.99.00.00/25

# proxmox settings (Do not delete this marker!!)

poll proxmox0000 via "xxx.xxxxx.su"
protocol pop3 port 110
interval 1
user "user@xxxxx.su" pass "**********"
to "user1@xxxxx.com"
dropdelivered keep
 
Hi,

I suspect that the requesting server is requesting an upgrade to TLS and PMG is following the request. Since the certificate doesn't seem to match the hostname you are querying, the whole thing fails as a missmatch.

You can try adding the following parameters to your account entry in the config under: /etc/pmg/fetchmailrc

Code: 
sslproto ''
sslcertck off

in the config. It should look like this in the end:

Code: 
poll proxmox0000 via "xxx.xxxxx.su"
protocol pop3 port 110
interval 1
user "user@xxxxx.su" pass "**********"
to "user1@xxxxx.com"
dropdelivered keep
sslproto ''
sslcertck off

After that restart the Fecthmal Service:

Code: 
systemctl restart fetchmail
 
You must log in or register to reply here.
Top Bottom