Am 31.12.21 um 16:32 schrieb Karsten:
Package: fetchmail
Version: 6.4.16-4+deb11u1
Severity: important
I upgraded the server from Debian 9 to 11 and afterwards it seems not possible
to get fetchmail to work.
I tried every possible option of ssl and sslproto, but fetchmail can't fetch
the mails.
The log says:
fetchmail: Trying to connect to 185.11.xxx.xxx/993...connected.
fetchmail: Server certificate:
fetchmail: Issuer Organization: mydomain
fetchmail: Issuer CommonName: mydomain.de
fetchmail: Subject CommonName: mydomain.de
fetchmail: mydomain.de key fingerprint:
7C:CA:43:33:2A:12:B6:8D:83:3C:6E:88:0F:40:4B:6F
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate:
/C=DE/ST=germany/L=here/O=mydomain/OU=Privacy/CN=mydomain.de/emailAddress=webmas...@mydomain.de
fetchmail: This could mean that the root CA's signing certificate is not in the
trusted CA certificate location, or that
c_rehash needs to be run on the certificate directory. For details, please see
the documentation of --sslcertpath and
--sslcertfile in the manual page. See README.SSL for details.
fetchmail: OpenSSL reported: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
fetchmail: mydomain.de: SSL connection failed.
It is possible to work with Tunderbird (Debian11) direct with the mailserver
(Dovecot on Debian 8), but not to download
the emails with fetchmail.
What must be done to get it working again?
Unless you own "mydomain.de" you've now hit innocent bystanders, and in
that case, making up log data with a domain you do not own is not helpful.
If Thunderbird can fetch, either it has a local trust setting, or you've
missed installing the ca-certificates package, or, as László suggested,
the certificate is self-signed and you have not installed the signing
CA's certificate in the trust store.
