NSLU2-Linux
view · edit · print · history

HowTo.SetupFetchMailWithGMail History

Hide minor edits - Show changes to markup

January 19, 2009, at 04:43 PM by vivekv --
Changed line 85 from:
to:
  • make sure you name the certificate files with a .pem extension
November 27, 2008, at 10:26 PM by avgrichter --
Changed lines 84-85 from:
  • Locate the italic section from the output starting with "issuer=", this is the issuing certificate authority for the google certificate. Be aware that gmail and googlemail use different certificate authorities!!! The "CN=Thawte Premium Server CA" identifies the certificate we will create next. Search for the string in "/usr/share/ssl/cert.pem". Right above the "CN=Thawte Premium Server CA" string you will find another --BEGIN CERTIFICATE-- and --END CERTIFICATE-- section. Copy this section (again including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- lines) into a file in the directory /opt/cert/.cert. Name the file after the certificatre authority where the certificate comes from. If you need more certificates, use the same technique to create different files for them.
to:
  • Locate the italic section from the output starting with "issuer=", this is the issuing certificate authority for the google certificate. Be aware that gmail and googlemail use different certificate authorities!!! The "CN=Thawte Premium Server CA" identifies the certificate we will create next. Search for the string in http://prdownloads.sourceforge.net/souptonuts/cert.pem?download. Right above the "CN=Thawte Premium Server CA" string you will find another --BEGIN CERTIFICATE-- and --END CERTIFICATE-- section. Copy this section (again including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- lines) into a file in the directory /opt/cert/.cert. Name the file after the certificatre authority where the certificate comes from. If you need more certificates, use the same technique to create different files for them.
November 27, 2008, at 10:15 PM by avgrichter --
Changed lines 84-85 from:
  • Locate the italic section from the output starting with "issuer=", this is the issuing certificate authority for the google certificate. Be aware that gmail and googlemail use different certificate authorities!!! The "CN=Thawte Premium Server CA" identifies the certificate we will create next. Search for the string in [[http://prdownloads.sourceforge.net/souptonuts/cert.pem?download|"/usr/share/ssl/cert.pem"]. Right above the "CN=Thawte Premium Server CA" string you will find another --BEGIN CERTIFICATE-- and --END CERTIFICATE-- section. Copy this section (again including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- lines) into a file in the directory /opt/cert/.cert. Name the file after the certificatre authority where the certificate comes from. If you need more certificates, use the same technique to create different files for them.
to:
  • Locate the italic section from the output starting with "issuer=", this is the issuing certificate authority for the google certificate. Be aware that gmail and googlemail use different certificate authorities!!! The "CN=Thawte Premium Server CA" identifies the certificate we will create next. Search for the string in "/usr/share/ssl/cert.pem". Right above the "CN=Thawte Premium Server CA" string you will find another --BEGIN CERTIFICATE-- and --END CERTIFICATE-- section. Copy this section (again including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- lines) into a file in the directory /opt/cert/.cert. Name the file after the certificatre authority where the certificate comes from. If you need more certificates, use the same technique to create different files for them.
November 27, 2008, at 10:14 PM by avgrichter --
Changed lines 84-85 from:
  • Locate the italic section from the output, this is the issuing certificate authority for the google certificate. Be aware that gmail and googlemail use different certificate authorities!!! The "CN=Thawte Premium Server CA" identifies the certificate we will create next. Search for the string in [[http://prdownloads.sourceforge.net/souptonuts/cert.pem?download|"/usr/share/ssl/cert.pem"]. Right above the "CN=Thawte Premium Server CA" string you will find another --BEGIN CERTIFICATE-- and --END CERTIFICATE-- section. Copy this section (again including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- lines) into a file in the directory /opt/cert/.cert. Name the file after the certificatre authority where the certificate comes from. If you need more certificates, use the same technique to create different files for them.
to:
  • Locate the italic section from the output starting with "issuer=", this is the issuing certificate authority for the google certificate. Be aware that gmail and googlemail use different certificate authorities!!! The "CN=Thawte Premium Server CA" identifies the certificate we will create next. Search for the string in [[http://prdownloads.sourceforge.net/souptonuts/cert.pem?download|"/usr/share/ssl/cert.pem"]. Right above the "CN=Thawte Premium Server CA" string you will find another --BEGIN CERTIFICATE-- and --END CERTIFICATE-- section. Copy this section (again including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- lines) into a file in the directory /opt/cert/.cert. Name the file after the certificatre authority where the certificate comes from. If you need more certificates, use the same technique to create different files for them.
November 27, 2008, at 10:11 PM by avgrichter --
Changed lines 44-45 from:
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

'''[@

to:
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division

/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com @]'''[@

Changed lines 73-74 from:

issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

to:

issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division /CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

Changed lines 94-95 from:

depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

to:

depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division /CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

Changed lines 102-103 from:
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
to:
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division

/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

Changed lines 128-129 from:

issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

to:

issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division /CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

Added line 148:

@]'''[@

Added line 150:

@]'''[@

November 27, 2008, at 10:07 PM by avgrichter -- Added Debian Comments, clarified matters and removed typos
Changed lines 3-4 from:

This article has been tested on a Slug running Unslug 6.8. I am sure it can be easily adopted for other distributions.

to:

This article has been tested on a Slug running Unslug 6.8 and Debian 4.0 (etch). I am sure it can be easily adopted for other distributions.

Added lines 12-13:

For Debian you will have to substitute "ipkg" with "apt-get" above!

Changed lines 28-30 from:

Google's gmail talks in an encrypted POP3 protocol that will be supported by FetchMail if you configure it with the right SSL certificates. Here I am going to describe the process of doing it on the SLUG.

  • Download the two certificates for OpenSSL from the following site
to:

Google's gmail talks in an encrypted POP3 protocol that will be supported by FetchMail if you configure it with the right SSL certificates. Here I am going to describe the process of doing it on the SLUG. Be aware, that there are different hosts from which mail can be retrieved, e.g. pop.gmail.com and pop.googlemail.com, etc. Different hosts use different certificates so take care! This tutorial will use pop.googlemail.com for fetching mail.

Changed lines 31-37 from:
  • move the two files under /opt/cert/.cert
  • go to /opt/cert and type /tmp/c_rehash .cert this will create the necessary symbolic links for openssl.
  • Test your certificates using the following command

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath /opt/certs/.certs/

to:
  • Download the gmail/googlemail certificate using the following command from the correct server:

[root@smallguy certs]$ openssl s_client -connect pop.gmail.com:995 -showcerts

Changed lines 36-39 from:

depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

to:

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com verify error:num=20:unable to get local issuer certificate ... verify error:num=21:unable to verify the first certificate

Deleted lines 40-41:

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com verify return:1

Changed lines 43-46 from:
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

--- Server certificate

to:
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

'''[@

Changed lines 47-62 from:
to:

MIIDZzCCAtCgAwIBAgIQVgcr3aRmXe9qOpz240ZwgzANBgkqhkiG9w0BAQUFADCB? zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE? CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh? d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTA4MDMxNDIzMjMyNFoXDTA5MDMxNDIzMjMyNFow bDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGzAZBgNVBAMTEnBvcC5n b29nbGVtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvyNeXqie ElJeN0Bxh2?+UQFs67TtsShZRWNfyk4u5?+waQoHsmsBL2UKtPSeFnuW6/60SpeyUr EnIMNgtv2t6JbA4fPgN5iOMvGNybR?+CZoE56OUfH7XxVBbhSxvvO?/HXJvYkflsYJ? FRT+OMDiu91V2HgAdAn8hgcjYDvldGFMoq8CAwEAAaOBpjCBozAdBgNVHSUEFjAU? BggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2Ny? bC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJDQS5jcmwwMgYIKwYBBQUH AQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMAwGA1Ud? EwEB?/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAHovI/7KRFAfDzQevDyjsHTt8jRCJ cdmMvzeVFUInWa3iKJFmCCEKscOQjHhMJ0Undl4SkATuyc2nKs7B6boyb40U9Rbz RlAWi?+zIDuj2kRml/b1IQexbKZBAUa17q+Q4PzTmgFzW0UF0?++G29J7rxnZgtlJ1? n4f5gfa+lFXpf+k=

Changed lines 67-68 from:

subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

to:

@]'''[@

Added lines 69-74:

Server certificate subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com

@]
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
[@

---

Changed lines 76-92 from:

--- SSL handshake has read 891 bytes and written 314 bytes --- New, TLSv1?/SSLv3?, Cipher is DES-CBC3?-SHA Server public key is 1024 bit SSL-Session:

    Protocol  : TLSv1?
    Cipher    : DES-CBC3?-SHA
    Session-ID: 01B74ECC24F4327E6B8A0D7546BA90F89734A4EABD9FDC6D7BFAA6AED3FEBEBF
    Session-ID-ctx:
    Master-Key: 786761D1B113DD37F5A68CA24A69DD1561C737052BB6D477F5C4A5C3AAA1AA9E6A5B27478DB181E1595289ACC51589EA
    Key-Arg   : None
    Start Time: 1198379343
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

--- +OK Gpop ready for requests from 122.164.255.73 b21pf2941934rvf.0

to:

... +OK Gpop ready for requests from 85.178.177.47 12pf79459fks.20

Changed lines 80-83 from:
  • Notice the Verify return code: 0 (ok) message in the third line from the bottom. If you see a non zero return code then you have most probably missed some step so far. Typically you will get error code 21 if the certificates are not accessible (path errors, permission errors and so on). Make sure you get error code zero.
  • Now in your home directory, create a file called .fetchmailrc (notice the dot at the beginning of the filename). This will contain fetchmail configuration for this user account on the slug.
  • Add the following contents to the file
to:
  • Copy everything between the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- including the BEGIN and END lines into a file in the directory /opt/cert/.cert. Name the file after the host where you just got the certificate from.
  • Locate the italic section from the output, this is the issuing certificate authority for the google certificate. Be aware that gmail and googlemail use different certificate authorities!!! The "CN=Thawte Premium Server CA" identifies the certificate we will create next. Search for the string in [[http://prdownloads.sourceforge.net/souptonuts/cert.pem?download|"/usr/share/ssl/cert.pem"]. Right above the "CN=Thawte Premium Server CA" string you will find another --BEGIN CERTIFICATE-- and --END CERTIFICATE-- section. Copy this section (again including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- lines) into a file in the directory /opt/cert/.cert. Name the file after the certificatre authority where the certificate comes from. If you need more certificates, use the same technique to create different files for them.
  • go to /opt/cert and type /tmp/c_rehash .cert this will create the necessary symbolic links for openssl.
  • Test your certificates using the following command (remember to use the right hostname!)

[root@smallguy certs]$ openssl s_client -connect pop.googlemail.com:995 -CApath /opt/cert/.cert

Added lines 91-153:

CONNECTED(00000003) depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com verify return:1 --- Certificate chain

 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

--- Server certificate


BEGIN CERTIFICATE-----

MIIDZzCCAtCgAwIBAgIQVgcr3aRmXe9qOpz240ZwgzANBgkqhkiG9w0BAQUFADCB? zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE? CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh? d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTA4MDMxNDIzMjMyNFoXDTA5MDMxNDIzMjMyNFow bDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGzAZBgNVBAMTEnBvcC5n b29nbGVtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvyNeXqie ElJeN0Bxh2?+UQFs67TtsShZRWNfyk4u5?+waQoHsmsBL2UKtPSeFnuW6/60SpeyUr EnIMNgtv2t6JbA4fPgN5iOMvGNybR?+CZoE56OUfH7XxVBbhSxvvO?/HXJvYkflsYJ? FRT+OMDiu91V2HgAdAn8hgcjYDvldGFMoq8CAwEAAaOBpjCBozAdBgNVHSUEFjAU? BggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2Ny? bC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJDQS5jcmwwMgYIKwYBBQUH AQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMAwGA1Ud? EwEB?/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAHovI/7KRFAfDzQevDyjsHTt8jRCJ cdmMvzeVFUInWa3iKJFmCCEKscOQjHhMJ0Undl4SkATuyc2nKs7B6boyb40U9Rbz RlAWi?+zIDuj2kRml/b1IQexbKZBAUa17q+Q4PzTmgFzW0UF0?++G29J7rxnZgtlJ1? n4f5gfa+lFXpf+k=


END CERTIFICATE-----

subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com --- No client certificate CA names sent --- SSL handshake has read 1021 bytes and written 300 bytes --- New, TLSv1?/SSLv3?, Cipher is RC4?-MD5? Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session:

    Protocol  : TLSv1?
    Cipher    : RC4?-MD5?
    Session-ID: B46CB6EFDBE999473C12E1312D23A61A25C79170ECC6FEF5D18D69945B27A571?
    Session-ID-ctx:
    Master-Key: 38C9C43B2E6FC58111BC1F5614207B02513EADAFE99134E7C02B00A0F916C6C0936CB367539A882F8F22328B6D19AD66
    Key-Arg   : None
    Start Time: 1227823017
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

--- +OK Gpop ready for requests from 122.164.255.73 b21pf2941934rvf.0 @]

  • Notice the Verify return code: 0 (ok) message in the third line from the bottom. If you see a non zero return code then you have most probably missed some step so far. Typically you will get error code 21 if the certificates are not accessible (path errors, permission errors and so on). Make sure you get error code zero.
  • Now in your home directory, create a file called .fetchmailrc (notice the dot at the beginning of the filename). This will contain fetchmail configuration for this user account on the slug.
  • Add the following contents to the file

[@

Changed line 169 from:

poll pop.gmail.com with proto POP3? and options no dns

to:

poll pop.googlemail.com with proto POP3? and options no dns ssl sslcertck sslcertpath '/opt/cert/.cert'

Changed line 175 from:

user 'youruser@gmail.com' with pass "yourpassword" is 'your slug account' here options

to:

user 'youruser@googlemail.com' with pass "yourpassword" is 'your slug account' here options

January 08, 2008, at 12:06 PM by fcarolo -- formatting
Changed lines 12-13 from:

You need a special perl script called c_rehash. You can find it at this location c_rehash. Download this perl script locally and move it to your slug through FTP or just fire up VI on a xterm session and cut and paste it in!

to:

You need a special perl script called c_rehash. You can find it at this location. Download this perl script locally and move it to your slug through FTP or just fire up VI on a xterm session and cut and paste it in!

Added line 23:
Added line 27:
Changed lines 35-36 from:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

to:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath /opt/certs/.certs/

Changed lines 112-113 from:
  1. I receive my gmail to the root user on the Slug
  2. In the line below replace 'youruser' with your gmail account, 'yourpassword' with your gmail password and 'your slug account' with the user id on the slug who should be configured to receive the mails
to:
  1. I receive my gmail to the root user on the Slug
  2. In the line below replace 'youruser' with your gmail account,
  3. 'yourpassword' with your gmail password and 'your slug account'
  4. with the user id on the slug who should be configured to receive the mails
Deleted lines 120-121:
December 23, 2007, at 03:28 AM by vivekv --
Added lines 88-117:
  • Now in your home directory, create a file called .fetchmailrc (notice the dot at the beginning of the filename). This will contain fetchmail configuration for this user account on the slug.
  • Add the following contents to the file
#
#
# Sample .fetchmailrc file for Gmail
#
# Check mail every 900 seconds
set daemon 900
set syslog


set postmaster root

#set bouncemail
#
#  To keep mail on the server use the you would put keep at the end.
#
poll pop.gmail.com with proto POP3 and options no dns
#
#I receive my gmail to the root user on the Slug
#In the line below replace 'youruser' with your gmail account, 'yourpassword' with your gmail password and 'your slug account' with the user id on the slug who should be configured to receive the mails
user 'youruser@gmail.com' with pass "yourpassword"  is 'your slug account' here options
# You would use this to by-pass Postfix
# mda '/usr/bin/procmail -d %T'
December 23, 2007, at 03:19 AM by vivekv --
Changed lines 12-13 from:

You need a special perl script called c_rehash. You can find it at this location http://web.mit.edu/crypto/bin/c_rehash][c_rehash. Download this perl script locally and move it to your slug through FTP or just fire up VI on a xterm session and cut and paste it in!

to:

You need a special perl script called c_rehash. You can find it at this location c_rehash. Download this perl script locally and move it to your slug through FTP or just fire up VI on a xterm session and cut and paste it in!

Changed lines 87-88 from:

Note: This article has been adapted to the Slug and is based on the very detailed article at http://souptonuts.sourceforge.net/postfix_tutorial.html

to:
  • Notice the Verify return code: 0 (ok) message in the third line from the bottom. If you see a non zero return code then you have most probably missed some step so far. Typically you will get error code 21 if the certificates are not accessible (path errors, permission errors and so on). Make sure you get error code zero.

Note: This article has been adapted to the Slug and is based on the very detailed article at http://souptonuts.sourceforge.net/postfix_tutorial.html

December 23, 2007, at 03:17 AM by vivekv --
Added lines 32-33:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

Deleted lines 34-35:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

Changed line 82 from:
    <b>Verify return code: 0 (ok)</b>
to:
    Verify return code: 0 (ok)
December 23, 2007, at 03:16 AM by vivekv --
Changed line 82 from:
    Verify return code: 0 (ok)
to:
    <b>Verify return code: 0 (ok)</b>
December 23, 2007, at 03:15 AM by vivekv --
Changed lines 33-34 from:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

to:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

December 23, 2007, at 03:14 AM by vivekv --
Changed lines 20-22 from:
   * Log into your gmail account
   * Go into gmail options and select POP3/IMAP and enable it.  
   * Pick whatever option works best for you (ie. send all the mails through POP3 or just the new ones)
to:
  • Log into your gmail account
  • Go into gmail options and select POP3/IMAP and enable it.
  • Pick whatever option works best for you (ie. send all the mails through POP3 or just the new ones)
Changed lines 26-34 from:
   * Download the two certificates for OpenSSL from the following site
   * Create a directory called /opt/cert/.cert
   * move the two files under /opt/cert/.cert
   * go to /opt/cert and type /tmp/c_rehash .cert this will create the necessary symbolic links for openssl.
   * Test your certificates using the following command

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

to:
  • Download the two certificates for OpenSSL from the following site
  • Create a directory called /opt/cert/.cert
  • move the two files under /opt/cert/.cert
  • go to /opt/cert and type /tmp/c_rehash .cert this will create the necessary symbolic links for openssl.
  • Test your certificates using the following command
Added lines 33-34:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

December 23, 2007, at 03:13 AM by vivekv --
Changed line 35 from:

<pre>

to:

[@

Changed lines 86-87 from:

</pre>

to:

@]

December 23, 2007, at 03:10 AM by vivekv --
Changed line 35 from:
to:

<pre>

Changed lines 86-87 from:
to:

</pre>

December 23, 2007, at 03:10 AM by vivekv --
Changed lines 32-33 from:
      * openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/
to:

[root@smallguy certs]$openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/

CONNECTED(00000003) depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com verify return:1 --- Certificate chain

 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

--- Server certificate


BEGIN CERTIFICATE-----

MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT? MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0? aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2 WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN? TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv? cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV 8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL?/6z/Z59ZQvrztqkwhchA2? APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2?+nbuFl flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH?/BAQD AgTwMB0GA1UdDgQWBBTJRG?/OFpZt?+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC?+g LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf? BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF? BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf? 3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn?+eDEpqmU3CE7IP HDCjWOK1fGkZ?/yFAuTxuxAc=


END CERTIFICATE-----

subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- No client certificate CA names sent --- SSL handshake has read 891 bytes and written 314 bytes --- New, TLSv1?/SSLv3?, Cipher is DES-CBC3?-SHA Server public key is 1024 bit SSL-Session:

    Protocol  : TLSv1?
    Cipher    : DES-CBC3?-SHA
    Session-ID: 01B74ECC24F4327E6B8A0D7546BA90F89734A4EABD9FDC6D7BFAA6AED3FEBEBF
    Session-ID-ctx:
    Master-Key: 786761D1B113DD37F5A68CA24A69DD1561C737052BB6D477F5C4A5C3AAA1AA9E6A5B27478DB181E1595289ACC51589EA
    Key-Arg   : None
    Start Time: 1198379343
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

--- +OK Gpop ready for requests from 122.164.255.73 b21pf2941934rvf.0

December 23, 2007, at 03:07 AM by vivekv --
Changed lines 32-33 from:
      * *openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/*
to:
      * openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/
December 23, 2007, at 03:06 AM by vivekv --
Changed line 19 from:

Configure GMail (on the server)

to:

Configure GMail (on the Google servers)

Changed lines 30-31 from:
to:
   * go to /opt/cert and type /tmp/c_rehash .cert this will create the necessary symbolic links for openssl.
   * Test your certificates using the following command
      * *openssl s_client -connect pop.gmail.com:995 -CApath? /opt/certs/.certs/*
December 23, 2007, at 03:04 AM by vivekv --
Changed lines 12-15 from:

You need a special perl script called c_rehash. You can find it at this location http://web.mit.edu/crypto/bin/c_rehash][c_rehash

to:

You need a special perl script called c_rehash. You can find it at this location http://web.mit.edu/crypto/bin/c_rehash][c_rehash. Download this perl script locally and move it to your slug through FTP or just fire up VI on a xterm session and cut and paste it in!

Save the c_rehash file in a temporary directory (say /tmp) and change its permissions to enable execution (chmod 744 c_rehash)

December 23, 2007, at 03:02 AM by vivekv --
Changed lines 12-14 from:

Once you have these three pieces ready, you need to follow step by step configuration of each piece.

to:

You need a special perl script called c_rehash. You can find it at this location http://web.mit.edu/crypto/bin/c_rehash][c_rehash Once you have these pieces ready, you need to follow step by step configuration of each piece.

December 19, 2007, at 06:56 PM by fcarolo -- fixed false wikilinks
Changed lines 21-23 from:

Google's gmail talks in an encrypted POP3 protocol that will be supported by FetchMail? if you configure it with the right SSL certificates. Here I am going to describe the process of doing it on the SLUG.

   * Download the two certificates for OpenSSL? from the following site
to:

Google's gmail talks in an encrypted POP3 protocol that will be supported by FetchMail if you configure it with the right SSL certificates. Here I am going to describe the process of doing it on the SLUG.

   * Download the two certificates for OpenSSL from the following site
December 19, 2007, at 04:05 PM by vivekv --
December 19, 2007, at 03:24 PM by vivekv -- still work in progress
Changed lines 10-11 from:
to:
   * Perl : ipkg install perl - This is only temporarily to run the rehash program
Changed lines 21-22 from:

Google's gmail talks in an encrypted POP3 protocol that will be supported by

to:

Google's gmail talks in an encrypted POP3 protocol that will be supported by FetchMail? if you configure it with the right SSL certificates. Here I am going to describe the process of doing it on the SLUG.

   * Download the two certificates for OpenSSL? from the following site
   * Create a directory called /opt/cert/.cert
   * move the two files under /opt/cert/.cert
December 18, 2007, at 05:52 PM by fcarolo -- fixed false wikilinks
Changed lines 5-6 from:

To setup GMail? mail download from the Slug, you will need to install the following packages

to:

To setup GMail mail download from the Slug, you will need to install the following packages

Changed line 14 from:

Configure GMail? (on the server)

to:

Configure GMail (on the server)

Changed lines 16-17 from:
   * Go into gmail options and select POP3?/IMAP and enable it.  
   * Pick whatever option works best for you (ie. send all the mails through POP3? or just the new ones)
to:
   * Go into gmail options and select POP3/IMAP and enable it.  
   * Pick whatever option works best for you (ie. send all the mails through POP3 or just the new ones)
Changed lines 20-21 from:

Google's gmail talks in an encrypted POP3? protocol that will be supported by

to:

Google's gmail talks in an encrypted POP3 protocol that will be supported by

December 18, 2007, at 01:47 AM by vivekv --
Changed lines 1-2 from:

---++Setting up fetchmail and gmail on the slug

to:

Setting up fetchmail and gmail on the slug

Changed line 14 from:

---+++Configure GMail? (on the server)

to:

Configure GMail? (on the server)

Changed lines 18-19 from:

---+++Fetchmail

to:

Fetchmail

December 18, 2007, at 01:45 AM by vivekv --
Changed lines 11-12 from:

Once you have these three pieces ready, you

to:

Once you have these three pieces ready, you need to follow step by step configuration of each piece.

---+++Configure GMail? (on the server)

   * Log into your gmail account
   * Go into gmail options and select POP3?/IMAP and enable it.  
   * Pick whatever option works best for you (ie. send all the mails through POP3? or just the new ones)

---+++Fetchmail

Google's gmail talks in an encrypted POP3? protocol that will be supported by

December 18, 2007, at 01:38 AM by vivekv --
Changed lines 1-2 from:

---++Setting up FetchMail? and GMail? on the slug

to:

---++Setting up fetchmail and gmail on the slug

This article has been tested on a Slug running Unslug 6.8. I am sure it can be easily adopted for other distributions.

Changed lines 7-10 from:
   * OpenSSL?
   * FetchMail?
   * sendmail (or some other MTA)
to:
   * Openssl : ipkg install openssl
   * fetchmail : ipkg install fetchmail
   * sendmail (or some other MTA) : ipkg install sendmail

Once you have these three pieces ready, you

December 18, 2007, at 01:34 AM by vivekv --
Added lines 1-9:

---++Setting up FetchMail? and GMail? on the slug

To setup GMail? mail download from the Slug, you will need to install the following packages

   * OpenSSL?
   * FetchMail?
   * sendmail (or some other MTA)

Note: This article has been adapted to the Slug and is based on the very detailed article at http://souptonuts.sourceforge.net/postfix_tutorial.html

view · edit · print · history · Last edited by vivekv.
Based on work by avgrichter, fcarolo, and vivekv.
Originally by vivekv.
Page last modified on January 19, 2009, at 04:43 PM