Mandriva.com
Store
Club
Mail The Unix Way - Fetchmail
Sommaire :
- Fetchmailconf
- Automating Fetchmail
- Fetchmail and SMTP-After-POP Authentication
- Fetchmail Via SSL/SSH
Fetchmailconf
Before you do anything else, have a look into '/var/spool/mail' first. If there's a file with your user name, everything's fine. If not, create it as 'root' with these commands:
touch /var/spool/mail/{user name}<br> chmod 600 1.1 $ && chown {user name} 1.1 $
'Fetchmail' is controlled by a file called '.fetchmailrc' in your or 'root's' home directory. Since the syntax of this file is very simple and well documented in
man fetchmail
Start the configuration-helper as the user who is supposed to get the mail by typing
fetchmailconf &
Enter the full name of the server(s) you get your mail from into the 'New Server' field, adding each entry by hitting the ENTER key. Now double click on an entry to bring up the configuration window for this server.
Into the 'New User' field you put your user name at the remote server. Usually it is the first part of your mail address, e.g. if your mail address would be '[email protected]', you would have to enter 'joe' here. Add it with the ENTER key and double-click on the entry.
Enter the password for your mail account and the name of the local user who should get mail retrieved from this account (most likely that's you). Remove any other entries 'Fetchmailconf' might have already put in there.
I would advise you to check the option "Suppress the deletion of messages after reading" for now. If everything works properly, you can change it later. If not, you've avoided running the risk of losing mail. This option will leave a copy of all messages you retrieve on the remote server.
Close the windows by clicking on the OK buttons until you are back at the first window, the 'fetchmail launcher'. Open a connection to the Internet and click the 'Test fetchmail' button. You will see a log window. Do not be alarmed if this window shows no sign of life for a while: the log will be printed after fetchmail has finished its job. If the second to last line reads
fetchmail: normal termination, status 0
Note that fetchmail has most likely put your mail not into your local mail directory in your home directory, but into a file called '/var/spool/mail/{your user name}'. Don't worry, I'll show you how to change that later.
Automating Fetchmail
Running 'Fetchmail' by hand or from the launcher every time would be to awkward. How about retrieving mail every time you connect to the Internet? And to elaborate this idea: what about making 'Fetchmail' polling your mail in specified intervals as long as you are connected to the 'Net?
This is done via the scripts 'ip-up.local' and 'ip-down.local' in '/etc/ppp'. These scripts can contain commands you want to have executed each time you connect or disconnect. These scripts must be executable (
chmod +x
#1.1 /bin/bash
Making 'Fetchmail' poll your mailboxes automatically is done by putting it into 'daemon mode' :
fetchmail -d {seconds}
{seconds} specifies the polling interval in seconds. So to poll your mail every five minutes, put this line into /etc/ppp/ip-up.local:
fetchmail -d 300
Note that since ip-up/down scripts are called by a root process, 'Fetchmail' looks for its configuration file in root's home directory. For security reasons the configuration must only be read/writable by its owner (since your passwords are stored in there). 'Fetchmail' refuses to work with configurations which do not meet this requirement.
Another effect is that you can't use a configuration file which does not belong to 'root'. This is simple logic: all programs started from ip-up/down scripts are owned by root and so does 'Fetchmail'. And 'Fetchmail' does not accept a configuration file which isn't owned by the user who started it.
This command for 'root' will solve the problem:
chown root:root .fetchmailrc && mv .fetchmailrc ~
Another possibility would be to run Fetchmail in daemon mode right on boot, e.g. by installing the 'fetchmail-daemon' package from your Mandrake CD. This package installs a service script in '/etc/rc.d/init.d' which can be controlled via the usual 'service' commands. If you use this package, the 'fetchmailrc' has to be located in the '/etc' directory.
If the next two paragraphs ('SMTP After POP' and 'SSH') are of no interest to you, jump directly to the last step of configuring your email system, the page about configuring the Procmail mail filter.
Fetchmail and SMTP-After-POP Authentication
Many service providers use SMTP-After-POP Authentication to protect their servers against being abused as spam-relays. This means that clients are required to poll their mailbox first (which is password-protected), before they are allowed to send mail (which usually isn't protected).
You can run into a problem when you are using a "Smarthost" and 'Postfix' "gets there" before 'Fetchmail'. In this case the remote host won't accept mail delivered by 'Postfix' and by the time 'Fetchmail' has authenticated you, 'Postfix' might have given up already on trying to get rid of its mail. So what you need is a mechanism which ensures that 'Postfix' will always be run after 'Fetchmail' has connected the remote host. For this 'Fetchmail' provides the 'postconnect' option. Append the following string to '.fetchmailrc':
postconnect "/usr/sbin/sendmail -q"
Of course you must remove the sendmail command from 'ip-up.local' now to allow this setting to take effect.
Fetchmail Via SSL/SSH
Note : il est nécessaire d'avoir installé et configuré SSH sur votre machine (voir l'article sur SSH?).
Si vous allez fréquemment vérifier la présence de nouveaux messages, votre mot de passe est donc envoyé souvent en clair sur un réseau non sécurisé. SSH ne se contente pas seulement de protéger votre mot de passe, il vous permet aussi de compresser les données envoyées dans le tunnel.
Si votre serveur de mail supporte les certificats SSL (voir l'article sur la Sécurisation d'un Serveur POP3?), les choses sont plutôt simples : ajoutez simplement
ssl
––verbose
fetchmail: Issuer Organization: {ISP.com}<br> fetchmail: Issuer ~CommonName: {ISP.com}<br> fetchmail: Server ~CommonName: {ISP.com}
Cela fait partie du certificat SSL du serveur et prouve que toutes les données seront transmises de façon sécurisée en utilisant SSL.
Si votre serveur de messages fait tourner un serveur SSH mais ne supporte pas SSL (ou si vous n'arrivez pas à récupérer votre courrier par SSL), vous pouvez créer un tunnel SSH. L'entrée appropriée dans le fichier '/.fetchmailrc' ressemble alors à :
poll localhost with protocol POP3 and port 11110:<br> user "{remote user}" there is {local user} here<br> preconnect "ssh -C -f {remote user}@{remote server} -L 11110:{remote server}:110 sleep 5"<br> password "{remote password}"<br> mda "/usr/bin/procmail -d %T"
Voilà ce qui se passe : avant que fetchmail ne se connecte au serveur de messages, il demande à SSH de construire un tunnel chiffré entre le serveur et votre machine. Une fois que le tunnel est établi, fetchmail fait une demande d'accès au serveur sur le bout du tunnel local (port 11110 sur localhost), le tunnel transmet cette demande sur la machine distante (sur le port 110 du serveur distant, 110 étant le port standard de POP3) et le serveur distant transmet ses réponses sur le bout local du tunnel. Si vous lancez fetchmail en ligne de commandes, vous obtiendrez un message de ce genre une fois le tunnel établi :
Waiting for forwarded connections to terminate...<br> The following connections are open:<br> direct-tcpip: listening port 11110 for {remote server} port 110, connect from 127.0.0.1 port 32790
Plus d'informations sont disponibles dans le mini-HOWTO "Secure POP via SSH".
Article suivant : Configuring Procmail
Autre langue : English
Related Resources:
man fetchmail
Fetchmail FAQ
Revision / Modified: July 06, 2001 / Mar. 25, 2002
Author: Tom Berger
Legal: This page is covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB and Mandrakesoft.
Version 1.5 modifié par Diwann le 09/09/2005 à 15:46
Données du document
Base de connaissances
- Compte perdu ?
- Rejoignez la communauté, faites partie du Club: c'est gratuit!
- Abonnez vous au service PWP!
