Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
It appears after another couple of hours of debugging and trying that depending on the excact circumstances, the GSS library in use may return when the actual AUTH SASL process has not completed, for instance, because credentials are missing. However, fetchmail has never cancelled the authentication phase properly in that situation. Ever since the gssapi.c code had been added to fetchmail in February 2001, fetchmail sent a blank line to wake up the server, which worked in some circumstances. However, according to various RFCs (1734/5034, 3501), fetchmail was supposed to send an asterisk, *, on a line by its own, to really cancel the AUTHentication phase. Also, the authentication framework in fetchmail sent the star to cancel things a bit later, but did not wait for and did not pick up the authentication error message that the server is required to send. This caused fetchmail to go out of synch and mistake the GSSAPI AUTH error for an error response to the later USER command. Relevant changes that should fix the bug but require testing are in the upstream test release 6.3.18-pre2; it is spread out across various commits in Git unfortunately. I'd propose that 6.3.18-pre2 be packaged for experimental, or for unstable with a marker to NOT migrate to testing until we have evidence that the bug is really fixed in -pre2. -- Matthias Andree -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Nico, Héctor, this was repeated again and again on the fetchmail list, and it is a massive regression from Debian 4.0 - and we can solve it with a patch. I have asked Patrick Rynhart and Alan Murrell to test [1] (it may need a few more of the previous commits, too, see [2], and disregard failures to patch NEWS). If that works out well, I will then ask you to merge the patch to all fetchmail versions that are configured and built with ./configure --with-gssapi, and upload new versions. [1] http://gitorious.org/fetchmail/fetchmail/commit/82e1d66f6bee1a8837d8d6c89c7ed6b11f2c0a48 [2] http://gitorious.org/fetchmail/fetchmail/blobs/history/master/gssapi.c Best Matthias -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568455: fetchmail, TLS/SSL with Exchange 2007 results in Autorization failures
This pretty much looks like a pilot error on either end of your link. I can successfully authenticate via GSSAPI (w/ Kerberos V under the hood) to a Cyrus server. It's also documented that fetchmail will try passwordless authentication schemes before exposing the password. Try configuring kerberos properly (krb5.conf or krb5.ini according to site instructions) and running kinit before running fetchmail. If that works, it's a problem on your end. If you can successfully obtain a ticket-granting ticket with kinit, but it's not good for authentication, contact the staff that sees to your Exchange server. I propose to close this bug as it's not a fetchmail bug. (If it can later be proven to be, you can reopen it.) -- Matthias Andree -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Hi all, Regarding: Apparently the POP3/IMAP server or the client is misconfigured. The server might offer Kerberos without proper setup (that's in case the user isn't recognized), or the client may not have the required credentials (use kinit LOGIN before running fetchmail). I can authenticate with GSSAPI to a Kerberized Cyrus IMAP/POP3 server, so I need further evidence before I believe this to be a fetchmail bug. Is there anyone else who has access to an Exchange 2007 environment so that we could possibly narrow this issue down ? The only Exchange box that I have access to is our production environment. Thanks Matthias for your suggested workaround. Regards, Patrick -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568455: fetchmail, TLS/SSL with Exchange 2007 results in Autorization failures
(sorry for breaking threading, replying through web interface to BTS) Apparently the POP3/IMAP server or the client is misconfigured. The server might offer Kerberos without proper setup (that's in case the user isn't recognized), or the client may not have the required credentials (use kinit LOGIN before running fetchmail). I can authenticate with GSSAPI to a Kerberized Cyrus IMAP/POP3 server, so I need further evidence before I believe this to be a fetchmail bug. The fetchmail client option to work around would be auth, quoting the manpage. --auth type (Keyword: auth[enticate]) This option permits you to specify an authentication type (see USER AUTHENTICATION below for details). The possible values are any, password, kerberos_v5, kerberos (or, for excruciating exactness, kerberos_v4), gssapi, cram-md5, otp, ntlm, msn (only for POP3), external (only IMAP) and ssh. When any (the default) is specified, fetchmail tries first methods that don't require a pass- word (EXTERNAL, GSSAPI, KERBEROS IV, KERBEROS 5); then it looks for methods that mask your password (CRAM-MD5, X-OTP - note that NTLM and MSN are not autoprobed for POP3 and MSN is only supported for POP3); and only if the server doesn't support any of those will it ship your password en clair. Other values may be used to force various authentication methods (ssh suppresses authentication and is thus useful for IMAP PREAUTH). (external suppresses authentication and is thus useful for IMAP EXTERNAL). Any value other than password, cram-md5, ntlm, msn or otp suppresses fetchmail's normal inquiry for a password. Specify ssh when you are using an end-to-end secure connection such as an ssh tunnel; specify external when you use TLS with client authenti- cation and specify gssapi or kerberos_v4 if you are using a protocol variant that employs GSSAPI or K4. Choosing KPOP protocol automatically selects Kerberos authentication. This option does not work with ETRN. NTLM or password should work for you. I believe this was somewhat obvious enough, but let me know your suggestions for improvement. HTH -- Matthias Andree -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568455: [pkg-fetchmail-maint] Bug#568455: Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Hey, * Patrick Rynhart p.rynh...@massey.ac.nz [2010-02-06 19:54]: Thanks for your mail. However, I'm not trying to match the version of fetchmail shipped with Lenny - just attempting to get a version of fetchmail with SSL support that works within our environment. (In particular, I'm not using Debian src, rather the tgz downloaded direct from the fetchmail site.) Ok What I have noticed is that if I aptitude install fetchmail then we end up with a version of fetchmail which is unable to retrieve messages via POP3 in our Exchange 2007 environment; this has been confirmed by other users of this shared server. However, if I build fetchmail with SSL support from source (obtained direct from the fetchmail website) then mail can be retrieved. Can you please provide a relevant snippet of your config file? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpHKLqexCQr2.pgp Description: PGP signature
Bug#568455: [pkg-fetchmail-maint] Bug#568455: Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Hi Nico, The relevant snip from my user config file is: poll owa.massey.ac.nz with proto pop3 user prynhart there with password "**" is prynhart here ssl mda "/usr/bin/procmail -d %s" The host "owa.massey.ac.nz" is a Microsoft Exchange 2007 Outlook Web Access node. If I try invoking the debian packaged version of fetchmail I get: $ /usr/bin/fetchmail -v fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:38:25 NZDT: poll started Trying to connect to 130.123.129.207/995...connected. fetchmail: Issuer Organization: DigiCert Inc fetchmail: Issuer CommonName: DigiCert High Assurance CA-3 fetchmail: Server CommonName: owa.massey.ac.nz fetchmail: Subject Alternative Name: owa.massey.ac.nz fetchmail: Subject Alternative Name: exchange.massey.ac.nz fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz fetchmail: Subject Alternative Name: tur-exchcas1 fetchmail: Subject Alternative Name: tur-exchcas2 fetchmail: owa.massey.ac.nz key fingerprint: D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18 fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 service ready fetchmail: POP3 CAPA fetchmail: POP3 +OK fetchmail: POP3 TOP fetchmail: POP3 UIDL fetchmail: POP3 SASL NTLM GSSAPI PLAIN fetchmail: POP3 USER fetchmail: POP3 . fetchmail: POP3 AUTH GSSAPI fetchmail: POP3 + fetchmail: Sending credentials fetchmail: Error exchanging credentials fetchmail: POP3 + YGAGBisGAQUFAqBWMFSgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqMgMB6gHBsadHVyLWV4Y2hjYXMxJEBNQVNTRVkuQUMuTlo= fetchmail: POP3 USER prynhart fetchmail: POP3 -ERR Logon failure: unknown user name or bad password. fetchmail: Logon failure: unknown user name or bad password. fetchmail: Authorization failure on prynh...@tur-exchcas.massey.ac.nz fetchmail: POP3 QUIT fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 server signing off. fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:38:25 NZDT: poll completed fetchmail: Query status=3 (AUTHFAIL) fetchmail: normal termination, status 3 Please note the "Error Exchanging Credentials" which occurs prior to the attempt to send username/password combination. If I aptitude remove fetchmail, build fetchmail from source with SSL support enabled, I get: ~$ fetchmail -v fetchmail: 6.3.13 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:40:24 NZDT: poll started Trying to connect to 130.123.129.207/995...connected. fetchmail: Issuer Organization: DigiCert Inc fetchmail: Issuer CommonName: DigiCert High Assurance CA-3 fetchmail: Server CommonName: owa.massey.ac.nz fetchmail: Subject Alternative Name: owa.massey.ac.nz fetchmail: Subject Alternative Name: exchange.massey.ac.nz fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz fetchmail: Subject Alternative Name: tur-exchcas1 fetchmail: Subject Alternative Name: tur-exchcas2 fetchmail: owa.massey.ac.nz key fingerprint: D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18 fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 service ready fetchmail: POP3 CAPA fetchmail: POP3 +OK fetchmail: POP3 TOP fetchmail: POP3 UIDL fetchmail: POP3 SASL NTLM GSSAPI PLAIN fetchmail: POP3 USER fetchmail: POP3 . fetchmail: POP3 USER prynhart fetchmail: POP3 +OK fetchmail: POP3 PASS * fetchmail: POP3 +OK User successfully logged on. fetchmail: POP3 STAT fetchmail: POP3 +OK 0 0 fetchmail: No mail for prynhart at owa.massey.ac.nz fetchmail: POP3 QUIT fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 server signing off. fetchmail: 6.3.13 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:40:25 NZDT: poll completed fetchmail: normal termination, status 1 I note that the Debian packaged version attempts an "AUTH GSSAPI" which appears to fail whereas the version of fetchmail build from source does not attempt this. Regards, Patrick Dr Patrick Rynhart Linux Systems Administrator / Team Leader IT Support Group School of Engineering and Advanced Technology AgHort A Room 3.61 Massey University (Turitea Campus) NEW ZEALAND Phone +64 6 356 9099 extn 2444 Nico Golde wrote: Hey, * Patrick Rynhart p.rynh...@massey.ac.nz [2010-02-06 19:54]: Thanks for your mail. However, I'm not trying to match the version of fetchmail shipped with Lenny - just attempting to get a version of fetchmail with SSL support that works within our environment. (In particular, I'm not using Debian src, rather the tgz downloaded direct from the fetchmail site.) Ok What I have noticed is that if I "aptitude install fetchmail" then we end up with a version of fetchmail which is unable to retrieve messages via POP3 in our Exchange 2007 environment; this has been confirmed by other users of this shared server. However, if I build fetchmail with SSL support from source (obtained direct from the fetchmail website) then mail can be retrieved. Can you please provide a relevant snippet of your config file? Cheers Nico
Bug#568455: [pkg-fetchmail-maint] Bug#568455: Bug#568455: Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Hey, * Patrick Rynhart p.rynh...@massey.ac.nz [2010-02-07 20:54]: The relevant snip from my user config file is: poll owa.massey.ac.nz with proto pop3 user prynhart there with password ** is prynhart here ssl mda /usr/bin/procmail -d %s Ok that looks normal The host owa.massey.ac.nz is a Microsoft Exchange 2007 Outlook Web Access node. If I try invoking the debian packaged version of fetchmail I get: $ /usr/bin/fetchmail -v fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:38:25 NZDT: poll started Trying to connect to 130.123.129.207/995...connected. fetchmail: Issuer Organization: DigiCert Inc fetchmail: Issuer CommonName: DigiCert High Assurance CA-3 fetchmail: Server CommonName: owa.massey.ac.nz fetchmail: Subject Alternative Name: owa.massey.ac.nz fetchmail: Subject Alternative Name: exchange.massey.ac.nz fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz fetchmail: Subject Alternative Name: tur-exchcas1 fetchmail: Subject Alternative Name: tur-exchcas2 fetchmail: owa.massey.ac.nz key fingerprint: D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18 fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 service ready fetchmail: POP3 CAPA fetchmail: POP3 +OK fetchmail: POP3 TOP fetchmail: POP3 UIDL fetchmail: POP3 SASL NTLM GSSAPI PLAIN fetchmail: POP3 USER fetchmail: POP3 . fetchmail: POP3 AUTH GSSAPI fetchmail: POP3 + fetchmail: Sending credentials fetchmail: Error exchanging credentials fetchmail: POP3 + YGAGBisGAQUFAqBWMFSgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqMgMB6gHBsadHVyLWV4Y2hjYXMxJEBNQVNTRVkuQUMuTlo= fetchmail: POP3 USER prynhart fetchmail: POP3 -ERR Logon failure: unknown user name or bad password. fetchmail: Logon failure: unknown user name or bad password. fetchmail: Authorization failure on prynh...@tur-exchcas.massey.ac.nz fetchmail: POP3 QUIT fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 server signing off. fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:38:25 NZDT: poll completed fetchmail: Query status=3 (AUTHFAIL) fetchmail: normal termination, status 3 Please note the Error Exchanging Credentials which occurs prior to the attempt to send username/password combination. Hmm this is strange, Error exchanging credentials happens if after initiating the security context (gssapi) and it doesn't return with either successful completion or a continuation is needed (call to gss_init_sec_context()). This doesn't really look like a fetchmail problem to me though but rather like a bug in the gssapi sources or your microsoft exchange server. If I aptitude remove fetchmail, build fetchmail from source with SSL support enabled, I get: ~$ fetchmail -v fetchmail: 6.3.13 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:40:24 NZDT: poll started Trying to connect to 130.123.129.207/995...connected. fetchmail: Issuer Organization: DigiCert Inc fetchmail: Issuer CommonName: DigiCert High Assurance CA-3 fetchmail: Server CommonName: owa.massey.ac.nz fetchmail: Subject Alternative Name: owa.massey.ac.nz fetchmail: Subject Alternative Name: exchange.massey.ac.nz fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz fetchmail: Subject Alternative Name: tur-exchcas1 fetchmail: Subject Alternative Name: tur-exchcas2 fetchmail: owa.massey.ac.nz key fingerprint: D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18 fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 service ready fetchmail: POP3 CAPA fetchmail: POP3 +OK fetchmail: POP3 TOP fetchmail: POP3 UIDL fetchmail: POP3 SASL NTLM GSSAPI PLAIN fetchmail: POP3 USER fetchmail: POP3 . fetchmail: POP3 USER prynhart fetchmail: POP3 +OK fetchmail: POP3 PASS * fetchmail: POP3 +OK User successfully logged on. fetchmail: POP3 STAT fetchmail: POP3 +OK 0 0 fetchmail: No mail for prynhart at owa.massey.ac.nz fetchmail: POP3 QUIT fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 server signing off. fetchmail: 6.3.13 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:40:25 NZDT: poll completed fetchmail: normal termination, status 1 The different to the Debian package is that you are not authenticating with gssapi in this case, not the lack of fetchmail: Sending credentials. What does the ldd command tell you for the Debian binary and the self compiled version? I note that the Debian packaged version attempts an AUTH GSSAPI which appears to fail whereas the version of fetchmail build from source does not attempt this. Yes exactly, additionally to the above, how are you building your version? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpNBTYKfPMMg.pgp Description: PGP signature
Bug#568455: [pkg-fetchmail-maint] Bug#568455: Bug#568455: Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Hi Nico, I have compared the versions of fetchmail packaged with Debian 4.0 and 5.0. For Debian 4.0, GSS support is not included in the binary, i.e. $ fetchmail -V This is fetchmail release 6.3.6+NTLM+SDPS+SSL+NLS. However, in Debian 5.0 it is $ fetchmail -V This is fetchmail release 6.3.9-rc2+GSS+NTLM+SDPS+SSL+NLS+KRB5. I had a Google around and couldn't find any way for a user to disable GSS support via a fetchmailrc file (for example). It seems that the only fix is to recompile the binary. Where to from here ? At this stage we don't know whether it's a gssapi issue or Exchange just not liking GSS ? Also, why doesn't fetchmail try one of the other auth mechanisms once GSS fails ? Interesting... Regards, Patrick Dr Patrick Rynhart Linux Systems Administrator / Team Leader IT Support Group School of Engineering and Advanced Technology AgHort A Room 3.61 Massey University (Turitea Campus) NEW ZEALAND Phone +64 6 356 9099 extn 2444 Nico Golde wrote: Hey, * Patrick Rynhart p.rynh...@massey.ac.nz [2010-02-07 20:54]: The relevant snip from my user config file is: poll owa.massey.ac.nz with proto pop3 user prynhart there with password "**" is prynhart here ssl mda "/usr/bin/procmail -d %s" Ok that looks normal The host "owa.massey.ac.nz" is a Microsoft Exchange 2007 Outlook Web Access node. If I try invoking the debian packaged version of fetchmail I get: $ /usr/bin/fetchmail -v fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:38:25 NZDT: poll started Trying to connect to 130.123.129.207/995...connected. fetchmail: Issuer Organization: DigiCert Inc fetchmail: Issuer CommonName: DigiCert High Assurance CA-3 fetchmail: Server CommonName: owa.massey.ac.nz fetchmail: Subject Alternative Name: owa.massey.ac.nz fetchmail: Subject Alternative Name: exchange.massey.ac.nz fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz fetchmail: Subject Alternative Name: tur-exchcas1 fetchmail: Subject Alternative Name: tur-exchcas2 fetchmail: owa.massey.ac.nz key fingerprint: D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18 fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 service ready fetchmail: POP3 CAPA fetchmail: POP3 +OK fetchmail: POP3 TOP fetchmail: POP3 UIDL fetchmail: POP3 SASL NTLM GSSAPI PLAIN fetchmail: POP3 USER fetchmail: POP3 . fetchmail: POP3 AUTH GSSAPI fetchmail: POP3 + fetchmail: Sending credentials fetchmail: Error exchanging credentials fetchmail: POP3 + YGAGBisGAQUFAqBWMFSgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqMgMB6gHBsadHVyLWV4Y2hjYXMxJEBNQVNTRVkuQUMuTlo= fetchmail: POP3 USER prynhart fetchmail: POP3 -ERR Logon failure: unknown user name or bad password. fetchmail: Logon failure: unknown user name or bad password. fetchmail: Authorization failure on prynh...@tur-exchcas.massey.ac.nz fetchmail: POP3 QUIT fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 server signing off. fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:38:25 NZDT: poll completed fetchmail: Query status=3 (AUTHFAIL) fetchmail: normal termination, status 3 Please note the "Error Exchanging Credentials" which occurs prior to the attempt to send username/password combination. Hmm this is strange, Error exchanging credentials happens if after initiating the security context (gssapi) and it doesn't return with either successful completion or a continuation is needed (call to gss_init_sec_context()). This doesn't really look like a fetchmail problem to me though but rather like a bug in the gssapi sources or your microsoft exchange server. If I aptitude remove fetchmail, build fetchmail from source with SSL support enabled, I get: ~$ fetchmail -v fetchmail: 6.3.13 querying owa.massey.ac.nz (protocol POP3) at Mon 08 Feb 2010 08:40:24 NZDT: poll started Trying to connect to 130.123.129.207/995...connected. fetchmail: Issuer Organization: DigiCert Inc fetchmail: Issuer CommonName: DigiCert High Assurance CA-3 fetchmail: Server CommonName: owa.massey.ac.nz fetchmail: Subject Alternative Name: owa.massey.ac.nz fetchmail: Subject Alternative Name: exchange.massey.ac.nz fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz fetchmail: Subject Alternative Name: tur-exchcas1 fetchmail: Subject Alternative Name: tur-exchcas2 fetchmail: owa.massey.ac.nz key fingerprint: D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18 fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3 service ready fetchmail: POP3 CAPA fetchmail: POP3 +OK fetchmail: POP3 TOP fetchmail: POP3 UIDL fetchmail: POP3 SASL NTLM GSSAPI PLAIN fetchmail: POP3 USER fetchmail: POP3 . fetchmail: POP3 USER prynhart fetchmail: POP3 +OK fetchmail: POP3 PASS * fetchmail: POP3 +OK User successfully logged on. fetchmail: POP3 STAT fetchmail: POP3 +OK 0 0 fetchmail: No mail for prynhart at owa.massey.ac.nz fetchmail: POP3 QUIT fetchmail: POP3 +OK Microsoft Exchange Server 2007 POP3
Bug#568455: [pkg-fetchmail-maint] Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Hey, * Patrick Rynhart p.rynh...@massey.ac.nz [2010-02-05 02:49]: Package: fetchmail Version: Lenny Severity: important After upgrading from Debian Etch to Lenny using SSL/TLS to retreive email via POP from our Exchange 2007 environment is broken. All attempts to retrieve mail (with credentials provided in users .fetchmailrc files) result in Autorization failure The certificates used to secure our Exchange environment are issued by DigiCert Inc (I'm not sure if this is related but thought that the CA for this certificate could have been dropped between Etch and Lenny - however, if I build from source and compile against the Debian Lenny provided SSL libraries then the problem is resolved). The issue was resolved by building fetchmail 6.3.13 from source with SSL support enabled. 6.3.13 is not in lenny?! downgrading and tagged with moreinfo, using 6.3.13 SSL works fine. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpzC7poGWiou.pgp Description: PGP signature
Bug#568455: [pkg-fetchmail-maint] Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Hi Nico, Thanks for your mail. However, I'm not trying to match the version of fetchmail shipped with Lenny - just attempting to get a version of fetchmail with SSL support that works within our environment. (In particular, I'm not using Debian src, rather the tgz downloaded direct from the fetchmail site.) What I have noticed is that if I aptitude install fetchmail then we end up with a version of fetchmail which is unable to retrieve messages via POP3 in our Exchange 2007 environment; this has been confirmed by other users of this shared server. However, if I build fetchmail with SSL support from source (obtained direct from the fetchmail website) then mail can be retrieved. Thanks Regards, Patrick On 7/02/10 2:19 AM, Nico Golde wrote: Hey, * Patrick Rynhartp.rynh...@massey.ac.nz [2010-02-05 02:49]: Package: fetchmail Version: Lenny Severity: important After upgrading from Debian Etch to Lenny using SSL/TLS to retreive email via POP from our Exchange 2007 environment is broken. All attempts to retrieve mail (with credentials provided in users .fetchmailrc files) result in Autorization failure The certificates used to secure our Exchange environment are issued by DigiCert Inc (I'm not sure if this is related but thought that the CA for this certificate could have been dropped between Etch and Lenny - however, if I build from source and compile against the Debian Lenny provided SSL libraries then the problem is resolved). The issue was resolved by building fetchmail 6.3.13 from source with SSL support enabled. 6.3.13 is not in lenny?! downgrading and tagged with moreinfo, using 6.3.13 SSL works fine. Cheers Nico -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures
Package: fetchmail Version: Lenny Severity: important After upgrading from Debian Etch to Lenny using SSL/TLS to retreive email via POP from our Exchange 2007 environment is broken. All attempts to retrieve mail (with credentials provided in users .fetchmailrc files) result in Autorization failure The certificates used to secure our Exchange environment are issued by DigiCert Inc (I'm not sure if this is related but thought that the CA for this certificate could have been dropped between Etch and Lenny - however, if I build from source and compile against the Debian Lenny provided SSL libraries then the problem is resolved). The issue was resolved by building fetchmail 6.3.13 from source with SSL support enabled. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages fetchmail depends on: ii adduser 3.110add and remove users and groups ii debianutils 2.30 Miscellaneous utilities specific t ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libkrb531.6.dfsg.4~beta1-5lenny2 MIT Kerberos runtime libraries ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries ii lsb-base3.2-20 Linux Standard Base 3.2 init scrip Versions of packages fetchmail recommends: ii ca-certificates 20080809 Common CA certificates Versions of packages fetchmail suggests: pn fetchmailconf none (no description available) pn resolvconfnone (no description available) ii ssmtp [mail-transport-agent] 2.62-3 extremely simple MTA to get mail o -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org