Admin: 1 revision imported

2015-06-18T10:31:22Z

1 revision imported

New page

STEP BY STEP “FETCHMAIL FOR GMAIL/HOTMAIL” CONFIGURATION

{{Writer
| Name = eagle00789
| Date = August 2009
| Version = 1.1}}

= Requirements: =

XDove Installed and running<br> IPKG Installed and running<br> OpenSSL 0.9.8 Installed<br>Perl Installed

= Install Fetchmail =

Before we can do anything, we must install fetchmail. Login to your QNAP via SSH and execute the following command:

$ ipkg install fetchmail

After a few moments of patiently waiting, the prompt returns and tells you that it was finished successfully.

= Install Certificates =

The next step is to download 2 certificates and putt them in a directory. The first thing we do is to create the directory which will hold the certificates. Execute the following command:

$ mkdir /opt/etc/cert

Now we are going to fetch our first certificate. Enter the following command:

$ openssl s_client -connect pop.gmail.com:995 –showcerts

If you want to do this for hotmail, then enter the following command:

$ openssl s_client -connect pop3.live.com:995 –showcerts

This will throw out something like this:

CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV
8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2
APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl
flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf
3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K
sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP
HDCjWOK1fGkZ/yFAuTxuxAc=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 883 bytes and written 306 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1
Cipher  : RC4-MD5
Session-ID: 010D2AA18BB7C97A75B2F2B7895EA0CD60FDA7F8BDA71F63C00602D93CD8C3AA
Session-ID-ctx:
Master-Key:D72722A6A76DC4F2579CC01C26EFCD98AA9D72D908350CEC588FF09EEBD8847C9DC6A26023A51DCD0CB92676F7E28016
Key-Arg  : None
Start Time: 1240684427
Timeout  : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
+OK Gpop ready for requests from 85.146.48.6 7pf12009241eyg.18

The output for Hotmail will look slightly different, but the working is the same. In the output you will find something like this

----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV
8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2
APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl
flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf
3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K sO/NUVZ
/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP HDCjWOK1fGkZ/yFAuTxuxAc=
----END CERTIFICATE-----

Copy that complete piece just like above and save it in a file called gmail.pem and save it in the /opt/etc/cert folder

For hotmail you will encounter this 3 times. The first 2 times you should copy and save them both seperately to files called: mssa.pem for the first certificate and mia.pem for the second certificate

The second certificate will be downloaded via our web browser. Go to the following URL

[https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer]

You should see something like this in your browser:

----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
----END CERTIFICATE-----

Go to [http://secure.globalsign.net/cacert/ct_root.pem] for the 3rd certificate you need for hotmail. Copy everything and save it in a file called equifax.pem for gmail and gctgr.pem for hotmail and save it in the /opt/etc/cert folder. The only thing left to do is rehash all of these certificates. Execute the following command:

$c_rehash /opt/etc/cert

It should tell you something like the following:

doing /opt/etc/cert
equifax.pem => 7f549ca4.0
gmail.pem => 4d3e56a1.0

If you get an error message saying "/opt/etc/cert" is a directory, check the availability of "/etc/ssl/misc/c_rehash".

If it tells you that it can’t find c_rehash, read below, else skip the part below

To do this we first must add a special file to our QNap as this file is not present (not even after updating OpenSSL. Download the following file:

[http://www.openssl.org/source/openssl-0.9.8k.tar.gz]

Extract this file to a location on your normal pc. Also extract the file in this file. In the folder tools you will the following 2 files:

c_rehash
c_rehash.in

copy both files to the /etc/ssl/misc folder. Edit c_rehash's first line and change "#!/usr/bin/perl" to "#!/opt/bin/perl" and try again.

= Setup fetchmailrc. =

To setup fetchmail itself, copy the part below and paste it into your /opt/etc/fetchmailrc file.

poll pop.gmail.com with protocol POP3 service 995
user 'gmailusername' there with password 'gmailpassword' is 'xdoveusername' here options ssl
sslcertpath /opt/etc/cert smtphost localhost/50025

Just make sure that you change gmailusername to your own gmail username and gmailpassword with your gmail password. Also don’t forget to change xdoveusername with the user in xdove that should get the e-mail (using the full loginname for that user)

Or use the following piece as an example for hotmail:

poll pop3.live.com with protocol POP3 service 995
user 'hotmailadress' there with password 'hotmailpassword' is 'xdoveusername' here options ssl
sslcertpath /opt/etc/cert smtphost localhost/50025

Just make sure that you change hotmailadressto your own hotmailadress (including @hotmail.com or @live.com or what ever is needed) and hotmailpassword with your gmail password. Also don’t forget to change xdoveusername with the user in xdove that should get the e-mail (using the full loginname for that user)

All that is left to do is to add the following line to autostart.sh and also run it manually once.

$ /opt/etc/init.d/S52fetchmail

Just sit back and enjoy.

[[Category:Communications]] [[Category:Email_Server]] [[Category:XDove|X]]

Setup Fetchmail For GMail To XDove - Revision history

Admin: 1 revision imported