neurotrigger

Using fetchmail with gmail

by mmnicolas on Jul.28, 2009, under gnu/linux

Gmail requires a secured connection for authentication and for this we need a certificate, here’s how:

Verify the current certificate gmail is using with this command:

openssl s_client -connect smtp.gmail.com:995 -showcerts

Hit Ctrl-c to terminate the command once you got something like this:

—–BEGIN CERTIFICATE—–
MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV
8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2
APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl
flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf
3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K
sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP
HDCjWOK1fGkZ/yFAuTxuxAc=
—–END CERTIFICATE—–


Copy & Paste it to some file, let’s say gmail.pem in /usr/share/ssl-cert/ (debian-specific)

Stay in that directory and type:

c_rehash .

Then:

openssl x509 -fingerprint -md5 -noout -in gmail.pem

The first line will create a symbolic link based on the hash value (a fingerprint) we will use in our ~/.fetchmailrc, the second prints out that MD5 fingerprint, copy it and open your .fetchmailrc in your favourite text editor
and add something that look likes this:

poll pop.gmail.com with proto POP3
user ‘USERNAME@gmail.com’ there with password ‘PASSWORD’
options keep ssl sslfingerprint ’44:A8:E9:2C:FB:A9:7E:6D:F9:DB:F3:62:B2:9E:F1:A9′
sslcertck sslcertpath /usr/share/ssl-cert/

It’s time for the final run test, just type fetchmail and watch it fetch your mail without complaining.

Share this post:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • email
  • LinkedIn
  • PDF
  • StumbleUpon
  • Twitter
:, , , , , ,

Leave a Reply

Looking for something?

Use the form below to search the site:

Visit my idols!

Those who gave us tools to play with...

    Archives

    All entries, chronologically...