I use Fetchmail 6.3.25+NTLM+SSL+NLS to get email from our Exchange 2010 Server, but for some reason I keep getting an error on attempting to connect:
403 Forbidden fetchmail: reading message [email protected]:1 of 1 (776 octets) (log message incomplete) fetchmail: MDA returned nonzero status 75 fetchmail: not flushed fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: Broken certification chain at: /CN=exch1 fetchmail: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail. fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. fetchmail: Server certificate verification error: unable to verify the first certificate fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) fetchmail: 1 message for support at exch1.mk.local (776 octets). An Error Occurred I was wondering if anyone with experience using fetchmail to download mail from exchange to RT mailgate has ever experienced this and how it was resolved. My fetchmail config is as follows: set daemon 15 set logfile /opt/fetchmail.log poll [exchange server name redacted] proto pop3 user "support" pass "[password redacted]" to root sslproto "TLS1" mda "/opt/rt4/bin/rt-mailgate --url http://localhost/rt/ --queue support --action correspond" I also tried: Set daemon 15 Set logfile /opt/fetchmail.log Poll [exchange server name redacted] proto pop3 user "support" pass "[password redacted]" to root mda "/opt/rt4/bin/rt-mailgate --url http://localhost/rt/ --queue support --action correspond" And still got the same error messages. I was unable to locate any information about how to use --sslcertck! Per the error message, and I don't have c_rehash installed on my rt machine. Thanks, Shane
