[opensuse] fetchmail from gmail problems
I suppose google is playing name games or round-robin with ssl certs but am just guessing based on inexperience. I began three or four days ago receiving "Query status=2 (SOCKET)" errors in fetchmail log for gmail. If I specify an ip address to poll rather than imap.gmail.com, I get "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed". Adding nodns to poll imap.gmail.com, or with an ip address makes no difference. I even tried following google'd info to update Equifax certs to no avail. Switching to pop3 rather than imap is not different, same errors with same conditions. I don't understand, fetchmail has worked very well for many years with gmail/imap. # Configuration created Sun Dec 28 14:56:16 2003 by fetchmailconf set logfile "/home/<user>/.procmail/fetchmail.log" #set syslog set postmaster "invalid" set no bouncemail set no spambounce set daemon 150 poll imap.gmail.com tracepolls with proto IMAP timeout 45 user '<user1>@gmail.com' there with password '<passwd1>' is '<user1>' here options fetchall stripcr ssl sslcertck mda '/usr/lib/sendmail -i -oem -f %F %T' antispam 571 550 501 554 user '<user2>@gmail.com' there with password '<passwd2>' is '<user2>' here options fetchall stripcr ssl sslcertck mda '/usr/lib/sendmail -i -oem -f %F %T' antispam 571 550 501 554 Five other providers continue to work as expected. Help :) -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 19 Jul 2015 17:06, Patrick Shanahan wrote:
I suppose google is playing name games or round-robin with ssl certs but am just guessing based on inexperience.
I began three or four days ago receiving "Query status=2 (SOCKET)" errors in fetchmail log for gmail. If I specify an ip address to poll rather than imap.gmail.com, I get "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed". Adding nodns to poll imap.gmail.com, or with an ip address makes no difference. I even tried following google'd info to update Equifax certs to no avail.
Switching to pop3 rather than imap is not different, same errors with same conditions.
I don't understand, fetchmail has worked very well for many years with gmail/imap.
# Configuration created Sun Dec 28 14:56:16 2003 by fetchmailconf set logfile "/home/<user>/.procmail/fetchmail.log" #set syslog set postmaster "invalid" set no bouncemail set no spambounce set daemon 150
poll imap.gmail.com tracepolls with proto IMAP timeout 45 user '<user1>@gmail.com' there with password '<passwd1>' is '<user1>' here options fetchall stripcr ssl sslcertck mda '/usr/lib/sendmail -i -oem -f %F %T' antispam 571 550 501 554 user '<user2>@gmail.com' there with password '<passwd2>' is '<user2>' here options fetchall stripcr ssl sslcertck mda '/usr/lib/sendmail -i -oem -f %F %T' antispam 571 550 501 554
Thoughts / shots into the dark: preface/info: "man fetchmail" search for "--sslproto <name>" It may have to do with the deprecation of the SSL3 protocol, try forcing TLS1, by adding "sslproto TLS1" to your options, after ssl or after sslcertck. Otherwise, it could be caused by a non-available / non-reachable CA server during the "sslcertck", does it work if you remove the "sslcertck" option (temporary)? - Yamaban -- The golden rule on input checks: "IT is like standing with a shovel at a fan, shit input equals shit output." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Yamaban
Thoughts / shots into the dark:
Appreciated, cause that is what I have employed so far :)
preface/info: "man fetchmail" search for "--sslproto <name>"
It may have to do with the deprecation of the SSL3 protocol, try forcing TLS1, by adding "sslproto TLS1" to your options, after ssl or after sslcertck.
failed: Sun Jul 19 11:34:14 EDT 2015 fetchmail: Server CommonName mismatch: imap.gmail.com != 64.233.191.108 fetchmail: OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed fetchmail: SSL connection failed. fetchmail: socket error while fetching from <user1>@gmail.com@64.233.191.108 fetchmail: Query status=2 (SOCKET) fetchmail: Server CommonName mismatch: imap.gmail.com != 64.233.191.108 fetchmail: OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed fetchmail: SSL connection failed. fetchmail: socket error while fetching from <user2>@gmail.com@64.233.191.108 fetchmail: Query status=2 (SOCKET) "CommonName mismatch" expected and of no concern.
Otherwise, it could be caused by a non-available / non-reachable CA server during the "sslcertck", does it work if you remove the "sslcertck" option (temporary)?
Sadly no, one of my many "shots into ..." :) tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Patrick Shanahan
* Yamaban
[07-19-15 11:31]: [...] Thoughts / shots into the dark:
Appreciated, cause that is what I have employed so far :)
preface/info: "man fetchmail" search for "--sslproto <name>"
It may have to do with the deprecation of the SSL3 protocol, try forcing TLS1, by adding "sslproto TLS1" to your options, after ssl or after sslcertck.
failed: Sun Jul 19 11:34:14 EDT 2015 fetchmail: Server CommonName mismatch: imap.gmail.com != 64.233.191.108 fetchmail: OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed fetchmail: SSL connection failed. fetchmail: socket error while fetching from <user1>@gmail.com@64.233.191.108 fetchmail: Query status=2 (SOCKET) fetchmail: Server CommonName mismatch: imap.gmail.com != 64.233.191.108 fetchmail: OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed fetchmail: SSL connection failed. fetchmail: socket error while fetching from <user2>@gmail.com@64.233.191.108 fetchmail: Query status=2 (SOCKET)
"CommonName mismatch" expected and of no concern.
Otherwise, it could be caused by a non-available / non-reachable CA server during the "sslcertck", does it work if you remove the "sslcertck" option (temporary)?
Sadly no, one of my many "shots into ..." :)
Added "port 993" to "poll" line after proto and now: 6.3.26 querying 64.233.191.108 (protocol IMAP) at Sun 19 Jul 2015 11:45:41 AM EDT: poll started Trying to connect to 64.233.191.108/993...connected. Server certificate: Issuer Organization: Google Inc Issuer CommonName: Google Internet Authority G2 Subject CommonName: imap.gmail.com Subject Alternative Name: imap.gmail.com Server CommonName mismatch: imap.gmail.com != 64.233.191.108 64.233.191.108 key fingerprint: B0:AB:96:08:3D:DF:B1:92:73:72:87:A5:45:EB:9A:51 OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed SSL connection failed. socket error while fetching from <user1>@gmail.com@64.233.191.108 6.3.26 querying 64.233.191.108 (protocol IMAP) at Sun 19 Jul 2015 11:45:41 AM EDT: poll completed Query status=2 (SOCKET) "sslproto TSL!" not yields: Invalid SSL protocol 'TSL1' specified, using default (SSLv23) -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
This is still working here set daemon 60 poll imap.gmail.com protocol IMAP uidl user "<u1>@gmail.com" there with password "<p1>" is "<user1>" keep ssl; user "<u2>@gmail.com" there with password "<p2>" is "<user2>" keep ssl; Did you try to remove sslcertck ? I never used it. Marco Il 19. 07. 15 17:38, Patrick Shanahan ha scritto:
* Yamaban
[07-19-15 11:31]: [...] Thoughts / shots into the dark: Appreciated, cause that is what I have employed so far :)
preface/info: "man fetchmail" search for "--sslproto <name>"
It may have to do with the deprecation of the SSL3 protocol, try forcing TLS1, by adding "sslproto TLS1" to your options, after ssl or after sslcertck. failed: Sun Jul 19 11:34:14 EDT 2015 fetchmail: Server CommonName mismatch: imap.gmail.com != 64.233.191.108 fetchmail: OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed fetchmail: SSL connection failed. fetchmail: socket error while fetching from <user1>@gmail.com@64.233.191.108 fetchmail: Query status=2 (SOCKET) fetchmail: Server CommonName mismatch: imap.gmail.com != 64.233.191.108 fetchmail: OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed fetchmail: SSL connection failed. fetchmail: socket error while fetching from <user2>@gmail.com@64.233.191.108 fetchmail: Query status=2 (SOCKET)
"CommonName mismatch" expected and of no concern.
Otherwise, it could be caused by a non-available / non-reachable CA server during the "sslcertck", does it work if you remove the "sslcertck" option (temporary)? Sadly no, one of my many "shots into ..." :)
tks,
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Marco
This is still working here
set daemon 60 poll imap.gmail.com protocol IMAP uidl user "<u1>@gmail.com" there with password "<p1>" is "<user1>" keep ssl; user "<u2>@gmail.com" there with password "<p2>" is "<user2>" keep ssl;
Did you try to remove sslcertck ? I never used it.
Yes, thanks. It still fails the same manner. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Sun, 19 Jul 2015 11:06:23 -0400
Patrick Shanahan
I suppose google is playing name games or round-robin with ssl certs but am just guessing based on inexperience.
I began three or four days ago receiving "Query status=2 (SOCKET)" errors in fetchmail log for gmail. If I specify an ip address to poll rather than imap.gmail.com, I get "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed". Adding nodns to poll imap.gmail.com, or with an ip address makes no difference. I even tried following google'd info to update Equifax certs to no avail.
I get "Unknown certificate" every now and then from Claws Mail. Every time I look at certificate it looks like credible Google one so I just hit Accept and continue. I have seen other people complaining about this issue as well.
Switching to pop3 rather than imap is not different, same errors with same conditions.
I don't understand, fetchmail has worked very well for many years with gmail/imap.
# Configuration created Sun Dec 28 14:56:16 2003 by fetchmailconf set logfile "/home/<user>/.procmail/fetchmail.log" #set syslog set postmaster "invalid" set no bouncemail set no spambounce set daemon 150
poll imap.gmail.com tracepolls with proto IMAP timeout 45 user '<user1>@gmail.com' there with password '<passwd1>' is '<user1>' here options fetchall stripcr ssl sslcertck mda '/usr/lib/sendmail -i -oem -f %F %T' antispam 571 550 501 554 user '<user2>@gmail.com' there with password '<passwd2>' is '<user2>' here options fetchall stripcr ssl sslcertck mda '/usr/lib/sendmail -i -oem -f %F %T' antispam 571 550 501 554
Five other providers continue to work as expected.
Help :)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-19 17:06, Patrick Shanahan wrote:
Help :)
I will try fetching email in a while and tell you. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWr2MAACgkQja8UbcUWM1zk+QD/ZKgGCA4Zy2UfnDtwqamNugdN uixoHaiCoSOzn6emkWYA/1XawwO1vvcHt7l9hyL3pyvnXST7cZYJaOY2UKNtpNlL =KKpo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2015-07-19 a las 19:05 +0200, Carlos E. R. escribió:
On 2015-07-19 17:06, Patrick Shanahan wrote:
Help :)
I will try fetching email in a while and tell you.
It went fine. I use this rule: poll imap.gmail.com with interval 0 proto imap timeout 50, and tracepolls user LOGIN@gmail.com, with password PASS, is cer here, expunge 20, and ssl, and fetchall Log goes like this (private data edited): <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - 6.3.26 querying imap.gmail.com (protocol IMAP) at 2015-07-19T19:23:05 CEST: poll completed <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - 6.3.26 querying imap.gmail.com (protocol IMAP) at 2015-07-19T19:23:05 CEST: poll started <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - Trying to connect to 74.125.133.109/993...connected. <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - Server certificate: <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - Issuer Organization: Google Inc <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - Issuer CommonName: Google Internet Authority G2 <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - Subject CommonName: imap.gmail.com <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - Subject Alternative Name: imap.gmail.com <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - imap.gmail.com key fingerprint: B0:... <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - IMAP< * OK Gimap ready for requests from 89... ... <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - IMAP> A0001 CAPABILITY <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - IMAP< * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=XOAUTH <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - IMAP< A0001 OK Thats all she wrote! ... <2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - IMAP> A0002 LOGIN "NAME@gmail.com" * <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTENDED LIST-STATUS <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< A0002 OK NAME@gmail.com authenticated (Success) <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP> A0003 SELECT "INBOX" <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * FLAGS (\Answered \Flagged \Draft \Deleted \Seen $Forwarded $MDNSent $NotPhishing $Phishing $label1 $label1 $label3 $label4 $label5 Junk NonJunk) <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen $Forwarded $MDNSent $NotPhishing $Phishing $label1 $label3 $label4 $label5 Junk NonJunk \*)] Flags permitted. <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * OK [UIDVALIDITY 640703966] UIDs valid. <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * 2 EXISTS <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * 0 RECENT <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * OK [UIDNEXT 2124] Predicted next UID. <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * OK [HIGHESTMODSEQ 667588] <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< A0003 OK [READ-WRITE] INBOX selected. (Success) <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP> A0004 EXPUNGE <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< A0004 OK Success <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - 2 messages for NAME@gmail.com at imap.gmail.com. <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP> A0005 FETCH 1:2 RFC822.SIZE <2.6> 2015-07-19 19:23:06 minas-tirith fetchmail 4494 - - IMAP< * 1 FETCH (RFC822.SIZE 235941) HTH. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWr6DIACgkQja8UbcUWM1x5tQD+LmDuGZcFUoNzGP9Id5C/8lxy HBphsSdnAc+589xXV9wA/11u/ua9i230iX+iIJo4wQ+top7Jv3BCBXPQ9Mk6Yswg =ewHa -----END PGP SIGNATURE-----
* Carlos E. R.
El 2015-07-19 a las 19:05 +0200, Carlos E. R. escribió:
On 2015-07-19 17:06, Patrick Shanahan wrote:
Help :)
I will try fetching email in a while and tell you.
It went fine.
I use this rule:
poll imap.gmail.com with interval 0 proto imap timeout 50, and tracepolls user LOGIN@gmail.com, with password PASS, is cer here, expunge 20, and ssl, and fetchall
Log goes like this (private data edited):
<2.6> 2015-07-19 19:23:05 minas-tirith fetchmail 4494 - - 6.3.26 querying imap.gmail.com (protocol IMAP) at 2015-07-19T19:23:05 CEST: poll completed [...]
Altering my fetchmailrc to resemble yours. fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:07:53 PM EDT: poll started fetchmail: Trying to connect to 2607:f8b0:4001:c06::6d/993... (log message incomplete) fetchmail: timeout after 45 seconds waiting to connect to server imap.gmail.com. fetchmail: socket error while fetching from <user1>@gmail.com@imap.gmail.com fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:08:38 PM EDT: poll completed fetchmail: Query status=2 (SOCKET) Same problem :(. tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-19 21:11, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 14:13]:
Altering my fetchmailrc to resemble yours.
fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:07:53 PM EDT: poll started fetchmail: Trying to connect to 2607:f8b0:4001:c06::6d/993... (log message incomplete) fetchmail: timeout after 45 seconds waiting to connect to server imap.gmail.com. fetchmail: socket error while fetching from <user1>@gmail.com@imap.gmail.com fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:08:38 PM EDT: poll completed fetchmail: Query status=2 (SOCKET)
Same problem :(.
No no, that's a different problem, not related to certificates. You have a network problem: it is trying to use IPv6 and failing, you have no IPv6 connectivity probably. It doesn't seem to try IPv4. You should try first with "host imap.gmail.com" and see what it returns. And ping it. I also see a problem here: "fetching from <user1>@gmail.com@imap.gmail.com", there are two "@" in there. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWr+yEACgkQja8UbcUWM1zGqgD/QhhJe0pRMVpSW82DSK9CqFGt 2z4fEgkU5n8tYyZjVfgA/3j0PcF3eaPZyAb9n2NZdmf9U5UTgBaPD8Ml5UnviHTY =yX1n -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2015-07-19 21:11, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 14:13]:
Altering my fetchmailrc to resemble yours.
fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:07:53 PM EDT: poll started fetchmail: Trying to connect to 2607:f8b0:4001:c06::6d/993... (log message incomplete) fetchmail: timeout after 45 seconds waiting to connect to server imap.gmail.com. fetchmail: socket error while fetching from <user1>@gmail.com@imap.gmail.com fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:08:38 PM EDT: poll completed fetchmail: Query status=2 (SOCKET)
Same problem :(.
No no, that's a different problem, not related to certificates. You have a network problem: it is trying to use IPv6 and failing, you have no IPv6 connectivity probably. It doesn't seem to try IPv4.
I saw that, but: poll 64.233.181.108 nodns tracepolls with proto IMAP port 993 timeout 45 and: 6.3.26 querying 64.233.181.108 (protocol IMAP) at Sun 19 Jul 2015 05:32:20 PM EDT: poll started Trying to connect to 64.233.181.108/993...connected. Server certificate: Issuer Organization: Google Inc Issuer CommonName: Google Internet Authority G2 Subject CommonName: imap.gmail.com Subject Alternative Name: imap.gmail.com Server CommonName mismatch: imap.gmail.com != 64.233.181.108 64.233.181.108 key fingerprint:B0:AB:96:08:3D:DF:B1:92:73:72:87:A5:45:EB:9A:51 OpenSSL reported: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed SSL connection failed. socket error while fetching from <user1>@gmail.com@64.233.181.108 6.3.26 querying 64.233.181.108 (protocol IMAP) at Sun 19 Jul 2015 05:32:20 PM EDT: poll completed Query status=2 (SOCKET) Second line show it made a connection, and I tried with "fingerprint" specified in fetchmailrc, but still reports routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, even though the fingerprint matches. What I see googling is that google/gmail has multiple certificates and is not consistant with which is used :(
You should try first with "host imap.gmail.com" and see what it returns. And ping it.
Above
I also see a problem here: "fetching from <user1>@gmail.com@imap.gmail.com", there are two "@" in there.
My logs have shown that for several years :) tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 19/07/2015 23:45, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 15:39]:
No no, that's a different problem, not related to certificates. You have a network problem: it is trying to use IPv6 and failing, you have no IPv6 connectivity probably. It doesn't seem to try IPv4.
I saw that, but: poll 64.233.181.108 nodns tracepolls with proto IMAP port 993 timeout 45
and:
6.3.26 querying 64.233.181.108 (protocol IMAP) at Sun 19 Jul 2015 05:32:20 PM EDT: poll started
Server CommonName mismatch: imap.gmail.com != 64.233.181.108
And this is true: you said to use a server by IP, but the server identifies its certificate by name, so they don't match. It is not a problem with the certificate, it is a problem that you can't use the IP to address it. You have to write the same name as is inside the certificate.
You should try first with "host imap.gmail.com" and see what it returns. And ping it.
Above
No, by name. You appear to have a name solving issue.
I also see a problem here: "fetching from <user1>@gmail.com@imap.gmail.com", there are two "@" in there.
My logs have shown that for several years :)
Ah, ok. -- Saludos/Cheers, Carlos E.R. (Minas-Morgul - W7) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R.
On 19/07/2015 23:45, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 15:39]:
No no, that's a different problem, not related to certificates. You have a network problem: it is trying to use IPv6 and failing, you have no IPv6 connectivity probably. It doesn't seem to try IPv4.
I saw that, but: poll 64.233.181.108 nodns tracepolls with proto IMAP port 993 timeout 45
and:
6.3.26 querying 64.233.181.108 (protocol IMAP) at Sun 19 Jul 2015 05:32:20 PM EDT: poll started
Server CommonName mismatch: imap.gmail.com != 64.233.181.108
And this is true: you said to use a server by IP, but the server identifies its certificate by name, so they don't match.
It is not a problem with the certificate, it is a problem that you can't use the IP to address it. You have to write the same name as is inside the certificate.
You should try first with "host imap.gmail.com" and see what it returns. And ping it.
Above
No, by name. You appear to have a name solving issue.
18:36 wahoo:~ > host imap.gmail.com imap.gmail.com is an alias for gmail-imap.l.google.com. gmail-imap.l.google.com has address 173.194.196.109 gmail-imap.l.google.com has address 173.194.196.108 gmail-imap.l.google.com has IPv6 address 2607:f8b0:4001:c0d::6c 18:36 wahoo:~ > ping gmail-imap.l.google.com PING gmail-imap.l.google.com (74.125.202.108) 56(84) bytes of data. 64 bytes from io-in-f108.1e100.net (74.125.202.108): icmp_seq=1 ttl=45 time=38.5 ms ^C --- gmail-imap.l.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 38.585/38.585/38.585/0.000 ms tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/07/2015 0:37, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 18:26]:
No, by name. You appear to have a name solving issue.
18:36 wahoo:~ > host imap.gmail.com imap.gmail.com is an alias for gmail-imap.l.google.com. gmail-imap.l.google.com has address 173.194.196.109 gmail-imap.l.google.com has address 173.194.196.108 gmail-imap.l.google.com has IPv6 address 2607:f8b0:4001:c0d::6c 18:36 wahoo:~ > ping gmail-imap.l.google.com PING gmail-imap.l.google.com (74.125.202.108) 56(84) bytes of data. 64 bytes from io-in-f108.1e100.net (74.125.202.108): icmp_seq=1 ttl=45 time=38.5 ms ^C --- gmail-imap.l.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 38.585/38.585/38.585/0.000 ms
Ok... I'm on Windows this instant, so I can't verify what I get. But your problem is here: fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:07:53 PM EDT: poll started fetchmail: Trying to connect to 2607:f8b0:4001:c06::6d/993... (log message incomplete) fetchmail: timeout after 45 seconds waiting to connect to server imap.gmail.com. Fetchmail is trying to use the IPv6 address instead of the IPv4 addresses. I don't know if Fetchmail can be told not to use IPv6, but if it can't, then you will have to disable IPv6 globally. -- Saludos/Cheers, Carlos E.R. (Minas-Morgul - W7) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R.
On 20/07/2015 0:37, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 18:26]:
No, by name. You appear to have a name solving issue.
18:36 wahoo:~ > host imap.gmail.com imap.gmail.com is an alias for gmail-imap.l.google.com. gmail-imap.l.google.com has address 173.194.196.109 gmail-imap.l.google.com has address 173.194.196.108 gmail-imap.l.google.com has IPv6 address 2607:f8b0:4001:c0d::6c 18:36 wahoo:~ > ping gmail-imap.l.google.com PING gmail-imap.l.google.com (74.125.202.108) 56(84) bytes of data. 64 bytes from io-in-f108.1e100.net (74.125.202.108): icmp_seq=1 ttl=45 time=38.5 ms ^C --- gmail-imap.l.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 38.585/38.585/38.585/0.000 ms
Ok... I'm on Windows this instant, so I can't verify what I get. But your problem is here:
fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:07:53 PM EDT: poll started fetchmail: Trying to connect to 2607:f8b0:4001:c06::6d/993... (log message incomplete) fetchmail: timeout after 45 seconds waiting to connect to server imap.gmail.com.
Fetchmail is trying to use the IPv6 address instead of the IPv4 addresses. I don't know if Fetchmail can be told not to use IPv6, but if it can't, then you will have to disable IPv6 globally.
I don't know either, but have disabled ipv6 in "yast network" which says a reboot is required. Odd that the connection worked with ipv6 enabled since late april when I changed provider until ~16 July and then just stopped. Anyway, disabling ipv6 will prove itself right or wrong. Will advise. tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/07/2015 1:33, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 19:18]:
I don't know either, but have disabled ipv6 in "yast network" which says a reboot is required.
Odd that the connection worked with ipv6 enabled since late april when I changed provider until ~16 July and then just stopped. Anyway, disabling ipv6 will prove itself right or wrong. Will advise.
Not that odd, it is surely related. Maybe with the old provider you did not get the IPv6 address in the result list, or it was in a different order, so it was not tried, and you didn't see the problem... Disabling IPv6 is a hack, not the real solution. It is bad. But it is the only thing we can do, because there is no global setting to disable DNS from getting IPv6 responses on Internet, when the provider doesn't give us an IPv6 connection. It also disables IPv6 in your entire machine. It can be used on local connections. -- Saludos/Cheers, Carlos E.R. (Minas-Morgul - W7) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R.
On 20/07/2015 1:33, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 19:18]:
I don't know either, but have disabled ipv6 in "yast network" which says a reboot is required.
Odd that the connection worked with ipv6 enabled since late april when I changed provider until ~16 July and then just stopped. Anyway, disabling ipv6 will prove itself right or wrong. Will advise.
Not that odd, it is surely related. Maybe with the old provider you did not get the IPv6 address in the result list, or it was in a different order, so it was not tried, and you didn't see the problem...
No, odd that it worked from late April to ~ 16 July with no problem with the *new* provider. Never had problem with gmail with old provider.
Disabling IPv6 is a hack, not the real solution. It is bad. But it is the only thing we can do, because there is no global setting to disable DNS from getting IPv6 responses on Internet, when the provider doesn't give us an IPv6 connection.
It also disables IPv6 in your entire machine. It can be used on local connections.
Ok, but now I don't know what solved it. "ifconfig" no longer provides an ipv6 address, but "host imap.gmail.com" does ?? But altering the poll line from an ip addr, 173.194.196.108, to imap.gmail.com and adding to /etc/hosts: 74.125.202.108 gmail-imap.l.google.com 74.125.202.109 gmail-imap.l.google.com 173.194.196.108 gmail-imap.l.google.com 173.194.196.109 gmail-imap.l.google.com provides: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 07:56:20 PM EDT: poll started Trying to connect to 64.233.191.109/993...connected. Server certificate: Issuer Organization: Google Inc Issuer CommonName: Google Internet Authority G2 Subject CommonName: imap.gmail.com Subject Alternative Name: imap.gmail.com imap.gmail.com key fingerprint: B0:AB:96:08:3D:DF:B1:92:73:72:87:A5:45:EB:9A:51 IMAP< * OK Gimap ready for requests from 108.246.208.62 qt2mb96321477iec IMAP> A0001 CAPABILITY IMAP< * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=XOAUTH IMAP< A0001 OK Thats all she wrote! qt2mb96321477iec IMAP> A0002 LOGIN "patrick.shanahan@gmail.com" * IMAP< * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTEND$ IMAP< A0002 OK patrick.shanahan@gmail.com authenticated (Success) IMAP> A0003 SELECT "INBOX" IMAP< * FLAGS (\Answered \Flagged \Draft \Deleted \Seen $NotPhishing $Phishing) IMAP< * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen $NotPhishing $Phishing \*)] Flags permitted. IMAP< * OK [UIDVALIDITY 594727056] UIDs valid. IMAP< * 0 EXISTS IMAP< * 0 RECENT IMAP< * OK [UIDNEXT 27715] Predicted next UID. IMAP< * OK [HIGHESTMODSEQ 3171144] IMAP< A0003 OK [READ-WRITE] INBOX selected. (Success) No mail for <user1>@gmail.com at imap.gmail.com IMAP> A0004 LOGOUT IMAP< * BYE LOGOUT Requested IMAP< A0004 OK 73 good day (Success) 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 07:56:21 PM EDT: poll completed Now I need to decide if I want fetchmail to resume getting mail from google or want to continue having google forward mail to my own server. Both ways are still sorted and stored by procmail and It is working atm. It is a big world and there are many wonders including the workings of networking and email. At least m$ is/was not involved. Tks much to all and cudos to Yamaban and Marco who both suggested adding the ipv4 addresses of gmail to /etc/hosts. And thankyou for your tenacity. happy camper is me :) -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/07/2015 2:21, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 19:42]:
Not that odd, it is surely related. Maybe with the old provider you did not get the IPv6 address in the result list, or it was in a different order, so it was not tried, and you didn't see the problem...
No, odd that it worked from late April to ~ 16 July with no problem with the *new* provider. Never had problem with gmail with old provider.
Oh, I see.
Ok, but now I don't know what solved it. "ifconfig" no longer provides an ipv6 address, but "host imap.gmail.com" does ?? But altering the poll line from an ip addr, 173.194.196.108, to imap.gmail.com and adding to /etc/hosts:
Yes, of course, because this bypasses DNS query.
Tks much to all and cudos to Yamaban and Marco who both suggested adding the ipv4 addresses of gmail to /etc/hosts. And thankyou for your tenacity.
Welcome
happy camper is me :)
:-) -- Saludos/Cheers, Carlos E.R. (Minas-Morgul - W7) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
An unfortunate result of the solution for fetchmail to work with imap.gmail.com, disabling ipv6, x11-fordwarding over ssh no longer works and I *must* have x11-forwarding. And restoring ipv6 results in fetchmail failure with imap.gmail.com. The addition to /etc/hosts is not a solution on it's own or maybe not at all :(. So I have to enable ipv6 to have x11-fordwarding unless I can find a solution there. Another thread is warranted and I will post my findings after research. Thank you all. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Sun, 19 Jul 2015 23:00:14 -0400
Patrick Shanahan
An unfortunate result of the solution for fetchmail to work with imap.gmail.com, disabling ipv6, x11-fordwarding over ssh no longer works
Set AddressFamily=IPv4 in /etc/ssh/sshd_config.
and I *must* have x11-forwarding. And restoring ipv6 results in fetchmail failure with imap.gmail.com. The addition to /etc/hosts is not a solution on it's own or maybe not at all :(.
So I have to enable ipv6 to have x11-fordwarding unless I can find a solution there. Another thread is warranted and I will post my findings after research.
Thank you all.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Mon, 20 Jul 2015 06:29:23 +0300
Andrei Borzenkov
В Sun, 19 Jul 2015 23:00:14 -0400 Patrick Shanahan
пишет: An unfortunate result of the solution for fetchmail to work with imap.gmail.com, disabling ipv6, x11-fordwarding over ssh no longer works
Set AddressFamily=IPv4 in /etc/ssh/sshd_config.
This is AddressFamily=inet, sorry.
and I *must* have x11-forwarding. And restoring ipv6 results in fetchmail failure with imap.gmail.com. The addition to /etc/hosts is not a solution on it's own or maybe not at all :(.
So I have to enable ipv6 to have x11-fordwarding unless I can find a solution there. Another thread is warranted and I will post my findings after research.
Thank you all.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Andrei Borzenkov
В Mon, 20 Jul 2015 06:29:23 +0300 Andrei Borzenkov
пишет: В Sun, 19 Jul 2015 23:00:14 -0400 Patrick Shanahan
пишет: An unfortunate result of the solution for fetchmail to work with imap.gmail.com, disabling ipv6, x11-fordwarding over ssh no longer works
Set AddressFamily=IPv4 in /etc/ssh/sshd_config.
This is AddressFamily=inet, sorry.
"AddressFamily inet" works, tks
and I *must* have x11-forwarding. And restoring ipv6 results in fetchmail failure with imap.gmail.com. The addition to /etc/hosts is not a solution on it's own or maybe not at all :(.
So I have to enable ipv6 to have x11-fordwarding unless I can find a solution there. Another thread is warranted and I will post my findings after research.
And to disable ipv6 quickly and temporarily, echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6 substituting your dev name for eth0 enable it by using "echo 0 ..." To turn off permanently, edit /etc/sysctl.conf and change # net.ipv6.conf.all.disable_ipv6 = 1 to: net.ipv6.conf.all.disable_ipv6 = 0 a reboot may then be delayed until convenient. And again, thanks all. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Patrick Shanahan
To turn off permanently, edit /etc/sysctl.conf and change # net.ipv6.conf.all.disable_ipv6 = 1 to: net.ipv6.conf.all.disable_ipv6 = 0
ERROR, should read: net.ipv6.conf.all.disable_ipv6 = 1 removing the "#" is all that is necessary. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-20 05:00, Patrick Shanahan wrote:
An unfortunate result of the solution for fetchmail to work with imap.gmail.com, disabling ipv6, x11-fordwarding over ssh no longer works and I *must* have x11-forwarding. And restoring ipv6 results in fetchmail failure with imap.gmail.com. The addition to /etc/hosts is not a solution on it's own or maybe not at all :(.
I would suggest asking directly in the featchmail mail list :-) (how to disable fetchmail from using IPv6, probably. I don't see it in the manual) - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWsz/wACgkQja8UbcUWM1w6DgEAnKtMmheGwKI7MzR/kHWAfve0 8S0XyKmRbpj0/fOYzAoA/13YhyJi70Pa7fdgQUBx18ODJf7dhfDQ4ftz6I6HHT33 =PYg7 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Mon, 20 Jul 2015 01:38:50 +0200
"Carlos E. R."
On 20/07/2015 1:33, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 19:18]:
I don't know either, but have disabled ipv6 in "yast network" which says a reboot is required.
Odd that the connection worked with ipv6 enabled since late april when I changed provider until ~16 July and then just stopped. Anyway, disabling ipv6 will prove itself right or wrong. Will advise.
Not that odd, it is surely related. Maybe with the old provider you did not get the IPv6 address in the result list, or it was in a different order, so it was not tried, and you didn't see the problem...
Disabling IPv6 is a hack, not the real solution. It is bad. But it is the only thing we can do, because there is no global setting to disable DNS from getting IPv6 responses on Internet, when the provider doesn't give us an IPv6 connection.
/etc/gai.conf may be used to change precedence of IPv4 vs. IPv6; default it to favor IPv6. I run with IPv6 disabled since years (my provider does not offer IPv6 anyway) so I cannot test. I also am not sure whether this affects all glibc name resolution behavior or only specifically getaddrifo.
It also disables IPv6 in your entire machine. It can be used on local connections.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-20 05:26, Andrei Borzenkov wrote:
В Mon, 20 Jul 2015 01:38:50 +0200 "Carlos E. R." <> пишет:
/etc/gai.conf may be used to change precedence of IPv4 vs. IPv6; default it to favor IPv6. I run with IPv6 disabled since years (my provider does not offer IPv6 anyway) so I cannot test. I also am not sure whether this affects all glibc name resolution behavior or only specifically getaddrifo.
Well, I have just un-commented the line: # For sites which prefer IPv4 connections change the last line to # precedence ::ffff:0:0/96 100 I don't know if anything else is necessary, everything is commented out in that file. But as I don't have problems with fetchmail, I can't say if this works. Patrick, please try this with IPv6 enabled ;-) - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWs0bAACgkQja8UbcUWM1wjiwD/Zd54k2ASRBqjZx6ryD5gDKVR bKkK54kPQ9BoH2pUhs4A/3IrwH4ThPPVeBZyu1AtAWwvNvPPBpYWGQSgZ7j1R/jJ =lAVw -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2015-07-20 05:26, Andrei Borzenkov wrote:
В Mon, 20 Jul 2015 01:38:50 +0200 "Carlos E. R." <> пишет:
/etc/gai.conf may be used to change precedence of IPv4 vs. IPv6; default it to favor IPv6. I run with IPv6 disabled since years (my provider does not offer IPv6 anyway) so I cannot test. I also am not sure whether this affects all glibc name resolution behavior or only specifically getaddrifo.
Well, I have just un-commented the line:
# For sites which prefer IPv4 connections change the last line to # precedence ::ffff:0:0/96 100
I don't know if anything else is necessary, everything is commented out in that file. But as I don't have problems with fetchmail, I can't say if this works. Patrick, please try this with IPv6 enabled ;-)
I uncommented the "precedence" line quoted above and restarted network, issued: echo 1 > /proc/sys/net/ipv6/conf/enp1s0/disable_ipv6 Confirmed via ifconfig that ipv6 was active and immediately saw failures in fetchmail to gmail. Issuing "echo 0 ..." returned functionality to fetchmail/gmail connection. Guess it "does not work for me" :) Or, I don't know how to properly use it (distinct possibility). Perhaps the "imap.gmail.com group of addresses" need to be added to /etc/gai.conf ??? Happy to test more if someone can give more guidance. tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-20 22:14, Patrick Shanahan wrote:
* Carlos E. R. <> [07-20-15 06:47]:
Guess it "does not work for me" :) Or, I don't know how to properly use it (distinct possibility).
That makes two, I don't know how to configure that file.
Happy to test more if someone can give more guidance.
At this point, I would ask on the fetchmail mail list:
List-Id: "general discussion on fetchmail, its use,
and support"
* Patrick Shanahan
* Carlos E. R.
[07-20-15 06:47]: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2015-07-20 05:26, Andrei Borzenkov wrote:
В Mon, 20 Jul 2015 01:38:50 +0200 "Carlos E. R." <> пишет:
/etc/gai.conf may be used to change precedence of IPv4 vs. IPv6; default it to favor IPv6. I run with IPv6 disabled since years (my provider does not offer IPv6 anyway) so I cannot test. I also am not sure whether this affects all glibc name resolution behavior or only specifically getaddrifo.
Well, I have just un-commented the line:
# For sites which prefer IPv4 connections change the last line to # precedence ::ffff:0:0/96 100
I don't know if anything else is necessary, everything is commented out in that file. But as I don't have problems with fetchmail, I can't say if this works. Patrick, please try this with IPv6 enabled ;-)
I uncommented the "precedence" line quoted above and restarted network, issued: echo 1 > /proc/sys/net/ipv6/conf/enp1s0/disable_ipv6 Confirmed via ifconfig that ipv6 was active and immediately saw failures in fetchmail to gmail.
Issuing "echo 0 ..." returned functionality to fetchmail/gmail connection.
Guess it "does not work for me" :) Or, I don't know how to properly use it (distinct possibility).
Perhaps the "imap.gmail.com group of addresses" need to be added to /etc/gai.conf ???
Happy to test more if someone can give more guidance.
Some days ago my wired network became very slow, almost crawling, so I disabled ipv6 via yast and restarted machine. Name resolution and network activity returned to my expected norm. Later, on a whim, I enabled ipv6 using yast, checked that /proc/...disable_ipv6 was "0", checked that "ifconfig" displayed ipv6 addresses and checked name resolution and connection speeds. They all appeared at speeds expected. ??? I monitored my fetchmail log for problems fetching mail from gmail and see none. wtf ??? :) If I notice another problem, my next approach will be to disable ipv6 on my att motorola modem/router. tks for listening -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-08-02 18:50, Patrick Shanahan wrote:
Later, on a whim, I enabled ipv6 using yast, checked that /proc/...disable_ipv6 was "0", checked that "ifconfig" displayed ipv6 addresses and checked name resolution and connection speeds. They all appeared at speeds expected. ??? I monitored my fetchmail log for problems fetching mail from gmail and see none.
I think you did then a dns query on gmail. Have the results changed? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
* Carlos E. R.
On 2015-08-02 18:50, Patrick Shanahan wrote:
Later, on a whim, I enabled ipv6 using yast, checked that /proc/...disable_ipv6 was "0", checked that "ifconfig" displayed ipv6 addresses and checked name resolution and connection speeds. They all appeared at speeds expected. ??? I monitored my fetchmail log for problems fetching mail from gmail and see none.
I think you did then a dns query on gmail. Have the results changed?
I couldn't say for sure as I removed the ip addr from fetchmailrc and went back to using gmail.com :(. Strange happenings :) -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-08-02 21:44, Patrick Shanahan wrote:
* Carlos E. R. <> [08-02-15 13:50]:
I think you did then a dns query on gmail. Have the results changed?
I couldn't say for sure as I removed the ip addr from fetchmailrc and went back to using gmail.com :(.
But you copied it to the mail, it must be on the archive. Let me search... here:
18:36 wahoo:~ > host imap.gmail.com imap.gmail.com is an alias for gmail-imap.l.google.com. gmail-imap.l.google.com has address 173.194.196.109 gmail-imap.l.google.com has address 173.194.196.108 gmail-imap.l.google.com has IPv6 address 2607:f8b0:4001:c0d::6c 18:36 wahoo:~ > ping gmail-imap.l.google.com PING gmail-imap.l.google.com (74.125.202.108) 56(84) bytes of data. 64 bytes from io-in-f108.1e100.net (74.125.202.108): icmp_seq=1 ttl=45 time=38.5 ms ^C --- gmail-imap.l.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 38.585/38.585/38.585/0.000 ms
- -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlW+nR8ACgkQja8UbcUWM1xqpwD/T+UMX30b5v6zZAJ48UQ6lwJr 1GSz5PomGVJSsn9bqjQA/3GRkTbh9deOr3+Pefpz87x4gCT5N3euZ8QAbYrq3WhJ =EcYo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2015-08-02 21:44, Patrick Shanahan wrote:
* Carlos E. R. <> [08-02-15 13:50]:
I think you did then a dns query on gmail. Have the results changed?
I couldn't say for sure as I removed the ip addr from fetchmailrc and went back to using gmail.com :(.
But you copied it to the mail, it must be on the archive. Let me search... here:
18:36 wahoo:~ > host imap.gmail.com imap.gmail.com is an alias for gmail-imap.l.google.com. gmail-imap.l.google.com has address 173.194.196.109 gmail-imap.l.google.com has address 173.194.196.108 gmail-imap.l.google.com has IPv6 address 2607:f8b0:4001:c0d::6c 18:36 wahoo:~ > ping gmail-imap.l.google.com PING gmail-imap.l.google.com (74.125.202.108) 56(84) bytes of data. 64 bytes from io-in-f108.1e100.net (74.125.202.108): icmp_seq=1 ttl=45 time=38.5 ms ^C --- gmail-imap.l.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 38.585/38.585/38.585/0.000 ms
Ah 18:53 wahoo:~ > host imap.gmail.com imap.gmail.com is an alias for gmail-imap.l.google.com. gmail-imap.l.google.com has address 173.194.74.108 gmail-imap.l.google.com has address 173.194.74.109 gmail-imap.l.google.com has IPv6 address 2607:f8b0:4001:c1e::6d So, no. Address is same -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-08-03 00:59, Patrick Shanahan wrote:
So, no. Address is same
And in the same order. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlW+oe0ACgkQja8UbcUWM1x/iwD/UX4fzGGMru35BbH4zANrVNP5 +UMvjy8lZ1rv65/l658BAIX5Rf4oAHc6Y4NaCccwilZrk0UV7Ozf0R/bN3muq/Zg =+zzU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, 20 Jul 2015 01:33, Patrick Shanahan
* Carlos E. R.
[07-19-15 19:18]: On 20/07/2015 0:37, Patrick Shanahan wrote:
* Carlos E. R. <> [07-19-15 18:26]:
No, by name. You appear to have a name solving issue.
18:36 wahoo:~ > host imap.gmail.com imap.gmail.com is an alias for gmail-imap.l.google.com. gmail-imap.l.google.com has address 173.194.196.109 gmail-imap.l.google.com has address 173.194.196.108 gmail-imap.l.google.com has IPv6 address 2607:f8b0:4001:c0d::6c 18:36 wahoo:~ > ping gmail-imap.l.google.com PING gmail-imap.l.google.com (74.125.202.108) 56(84) bytes of data. 64 bytes from io-in-f108.1e100.net (74.125.202.108): icmp_seq=1 ttl=45 time=38.5 ms ^C --- gmail-imap.l.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 38.585/38.585/38.585/0.000 ms
Ok... I'm on Windows this instant, so I can't verify what I get. But your problem is here:
fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Sun 19 Jul 2015 03:07:53 PM EDT: poll started fetchmail: Trying to connect to 2607:f8b0:4001:c06::6d/993... (log message incomplete) fetchmail: timeout after 45 seconds waiting to connect to server imap.gmail.com.
Fetchmail is trying to use the IPv6 address instead of the IPv4 addresses. I don't know if Fetchmail can be told not to use IPv6, but if it can't, then you will have to disable IPv6 globally.
I don't know either, but have disabled ipv6 in "yast network" which says a reboot is required.
Odd that the connection worked with ipv6 enabled since late april when I changed provider until ~16 July and then just stopped. Anyway, disabling ipv6 will prove itself right or wrong. Will advise.
tks,
Easier and faster for a simple test is to add the ipv4 addresses to /etc/hosts use "host imap.gmail.com" a few times to get a nice pool, then build the needed lines e.g. from above: [code /etc/hosts] # ... usual stuff, after last line: # added ipv4 gmail-imap.l.google.com for testing fetchmail 74.125.202.108 gmail-imap.l.google.com 74.125.202.109 gmail-imap.l.google.com 173.194.196.108 gmail-imap.l.google.com 173.194.196.109 gmail-imap.l.google.com [/code] Maybe you need to reload your dns and/or nscd services after this. Then try with "host imap.gmail.com" again, there should not be a ipv6 address anymore. Try fetchmail again. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/19/2015 10:06 AM, Patrick Shanahan wrote:
I suppose google is playing name games or round-robin with ssl certs but am just guessing based on inexperience.
I began three or four days ago receiving "Query status=2 (SOCKET)" errors in fetchmail log for gmail. If I specify an ip address to poll rather than imap.gmail.com, I get "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed". Adding nodns to poll imap.gmail.com, or with an ip address makes no difference. I even tried following google'd info to update Equifax certs to no avail.
Switching to pop3 rather than imap is not different, same errors with same conditions.
I don't understand, fetchmail has worked very well for many years with gmail/imap.
<snip>
Help :)
Patrick, It may just be a flipped bit with whatever the local or remote host believe the agreed upon key to be. I had this exact type of spurious ssl failure with firefox on 7/10 (see my post: 13.1 FF38 - Why all the new "Secure Connection Failed" screens?) Never happened to me before. But all of a sudden, nothing ssl related was working. For whatever reason, after I installed the new flash-player (completely unrelated to the issue) and rebooted, the ssl magic was working again. I didn't have time to drill-down and figure out what process was at the root of the problem. I couldn't tell if it was a generic ssl issue or checksum failure, what happened, but it was as if some switch was flipped suddenly shutting my ssl connections off?? -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* David C. Rankin
It may just be a flipped bit with whatever the local or remote host believe the agreed upon key to be. I had this exact type of spurious ssl failure with firefox on 7/10 (see my post: 13.1 FF38 - Why all the new "Secure Connection Failed" screens?) Never happened to me before. But all of a sudden, nothing ssl related was working.
unfortunately, nothing remotely obvious :(
For whatever reason, after I installed the new flash-player (completely unrelated to the issue) and rebooted, the ssl magic was working again.
I have the newest flash-player (group) and have rebooted since the failures began. But to make sure, will perform the non-linux solution to many problems and do another reboot, shortly.
I didn't have time to drill-down and figure out what process was at the root of the problem. I couldn't tell if it was a generic ssl issue or checksum failure, what happened, but it was as if some switch was flipped suddenly shutting my ssl connections off??
Yes, I looked for package changes during the time period and nothing looks suspicious. tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Andrei Borzenkov
-
Carlos E. R.
-
David C. Rankin
-
Marco
-
Patrick Shanahan
-
Yamaban