用fetchmail接收和发送gmail邮箱的邮件

JBug

1：按照BLFS-6.1文档安装fetchmail/procmail/mutt
2：安装libesmtp/esmtp : 地址 http://www.stafford.uklinux.net/libesmtp/libesmtp-1.0.4.tar.bz2
http://prdownloads.sourceforge.net/esmtp
3: 按照BLFS-6.1文档安装openssl
4：取得gmail的cert文件:
   运行:
   $ openssl s_client -connect smtp.gmail.com:995 -showcerts
   输出:
   CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDBZIAMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUxMTE1MjEyMjQ0WhcNMDcxMTE2MjEyMjQ0
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMP8LCYiLGJ/
RihwcOi1V/zHVTw0Gfu+mI141Vjuuj2DtQoav8emwlXbu8gZoKP9GeMWpX1Vo9qN
4gkslIToHmDnIwGjcaEAfpdhSR9g54Kf5Y7BEXVyco6mTIlpe9vsbV0dmB1FvLP2
1N09dkUJfi7V0fjb8mcn3QYu6+6QNoxPAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTdASsopgao1m8hcEg0cDZhucltljA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAln3/pVqYnUXA1TVGzOqX
LFhohGxpuNkr1UJnQmYxmZeB07uPBYRX8c0JXEKs29TmAHRsLhmp8kF36F11Dxgi
Xm/Y8I9zgWHoMj7SL3Ve/u8K8K7XcUyUuaWmldLQAREafpFy+f+KYHGuAVh8hjy6
XyPlMCqj+PNp8QXjgOcgO68=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 891 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DES-CBC3-SHA
    Session-ID: CFCAB44667A90184C8ABCC6F4D2D1C8EC29A9DBDAD11D815E7E22DC5E34213F6
    Session-ID-ctx:
    Master-Key: 1AFCF4EC31DF0A5930B527BDC55B86D69285DD044E939BDDF18884F61F1E8340EFE7BF85CC50F98F657FB0579CF612F7
    Key-Arg   : None
    Start Time: 1134601370
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
+OK Gpop m2pf1356431nzf ready.
    将中间的:
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
    拷贝到~/.cert/gmail.pem
5: 生成CA文件
   将上面的gmail.pem前面加上Fingerprint, 生成~/.cert/cert.pem
MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E1:1B:EC4
PEM Data:
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
6: rehash 4和5产生的文件:cert.pem和gmail.pem
  运行:
$ c_rehash .certs
7: 检查CA文件:
  运行:
openssl s_client -connect pop.gmail.com:995 -CApath .certs/
  如果输出中有:
Verify return code: 0 (ok)
则CA文件是好的.
8: 编辑~/.fechmailrc
# begin of ~/.fetchmailrc

defaults
mda "/usr/bin/esmtp -f %F %T"

poll pop.gmail.com proto POP3 and options no dns
user "XXX" there with pass 'XXXXXX' is 'XXX' here options ssl sslcertck sslcertpath '/home/XXX/.certs'

# end of ~/.fetchmailrc
运行
$ chmod 0600 .fetchmailrc
9: 编辑~/.esmtprc
# begin of ~./esmtprc

hostname = smtp.gmail.com
username = "XXX@gmail.com"
password = "XXXXXX"
starttls = enabled
mda = "/usr/bin/procmail -d %T"

# end of ~/.esmtprc
运行
$ chmod 0710 .esmtprc
10: 编辑~/.muttrc
# begin of ~/.muttrc

set envelope_from
set sendmail="/usr/bin/esmtp -v -X ~/.esmtplog"
my_hdr From: "XXX@gmail.com"
my_hdr Reply-To: "XXX@gmail.com"
set sendmail_wait=0

# end of ~/.muttrc
11: 用fetchmail收信
运行:
$ fetchmail -avk
12: 用mutt测试发信.
运行:
$ mutt
按"m"写信, 按"y"寄信

我在自己的机器上测试发送信件到yahoo的邮箱成功.

JBug

开机启动fetchmail收信:
1: 将上面的.certs 拷贝至: /usr/share/ssl/gmailcerts

2: 编写/etc/fetchmailrc
# begin of ~/.fetchmailrc

set syslog
set postmaster "forrest"
set daemon 30

defaults
mda "/usr/bin/esmtp -f %F %T"
poll pop.gmail.com proto POP3 and options no dns
user "XXX" there with pass 'XXX' is 'XXX' here options ssl sslcertck sslcertpath '/usr/share/ssl/gmailcerts'

# end of ~/.fetchmailrc
运行:
# chmod 0600 /etc/fetchmailrc

3: 编写 /etc/esmtprc
# begin of /etc/esmtprc

hostname = smtp.gmail.com
username = "XXX@gmail.com"
password = "XXX"
starttls = enabled
mda = "/usr/bin/procmail -d %T"

# end of /etc/esmtprc

4: 编写 /#!/bin/sh
# Begin $rc_base/init.d/fetchmail


. /etc/sysconfig/rc
. $rc_functions

case "$1" in
        start)
                boot_mesg "Starting fetchmail..."
                loadproc /usr/bin/fetchmail -f /etc/fetchmailrc
                ;;

        stop)
                boot_mesg "Stopping fetchmail..."
                killproc /usr/bin/fetchmail
                ;;

        restart)
                $0 stop
                sleep 1
                $0 start
                ;;

        status)
                statusproc /usr/bin/fetchmail
                ;;

        *)
                echo "Usage: $0 {start|stop|restart|status}"
                exit 1
                ;;
esac

# End $rc_base/init.d/fetchmailetc/rc.d/init.d/fetchmail
运行:
# chmod a+x /etc/rc.d/init.d/fetchmail

5: 将/etc/rc.d/init.d/fetchmail 链接到相应的运行级别:
ln -sf ../init.d/fetchmail /etc/rc.d/rc0.d/K62fetchmail
ln -sf ../init.d/fetchmail /etc/rc.d/rc1.d/K62fetchmail
ln -sf ../init.d/fetchmail /etc/rc.d/rc2.d/K62fetchmail
ln -sf ../init.d/fetchmail /etc/rc.d/rc3.d/S38fetchmail
ln -sf ../init.d/fetchmail /etc/rc.d/rc4.d/S38fetchmail
ln -sf ../init.d/fetchmail /etc/rc.d/rc5.d/S38fetchmail
ln -sf ../init.d/fetchmail /etc/rc.d/rc6.d/K62fetchmail

晨想

不错。有时间试试。。

已加入置顶帖子。

gnap

Verify return code: 0 (ok)
CA文件是好的。
但是运行fetchmail -avk输出：
fetchmail: 6.2.5.5 querying pop.gmail.com (protocol POP3) at Sat 04 Mar 2006 06:                                                      11:13 PM CST: poll started
fetchmail: Issuer Organization: Equifax
fetchmail: Unknown Issuer CommonName
fetchmail: Server CommonName: pop.gmail.com
fetchmail: pop.gmail.com key fingerprint: 59:51:61:89:CDD:B2:35:94:BB:44:97:A0                                                      :395:B4
fetchmail: Warning: server certificate verification: unable to get local issuer                                                       certificate
17968:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify                                                       failed:s3_clnt.c:844:
fetchmail: SSL connection failed.
fetchmail: Issuer Organization: Equifax
fetchmail: Unknown Issuer CommonName
fetchmail: Server CommonName: pop.gmail.com
fetchmail: Warning: server certificate verification: unable to get local issuer                                                       certificate
fetchmail: POP3> QUIT
fetchmail: Issuer Organization: Equifax
fetchmail: Unknown Issuer CommonName
fetchmail: Server CommonName: pop.gmail.com
fetchmail: Warning: server certificate verification: unable to get local issuer                                                       certificate
fetchmail: 6.2.5.5 querying pop.gmail.com (protocol POP3) at Sat 04 Mar 2006 06:                                                      11:23 PM CST: poll completed
fetchmail: Query status=3 (AUTHFAIL)
fetchmail: normal termination, status 3

这是什么错误？

这是我的版本：
[gnap@osiris ~]$ rpm -q openssl
openssl-0.9.7f-7.10
[gnap@osiris ~]$ rpm -q fetchmail
fetchmail-6.2.5.5-1.fc4
[gnap@osiris ~]$

JBug

你的GMAIL邮箱设置了POP收信没有? 在GMAIL的设置里面设置.

gnap

郁闷！～偶就是因为gmail web打不开才计划用fetchmail。

8g，我在gmail里面启用了pop收信，但是错误依旧。

gnap

Post by JBug
你的GMAIL邮箱设置了POP收信没有? 在GMAIL的设置里面设置.

现在收发正常，原来我把用户名中的`.'记成了`_'了！～
这是我的启动脚本。希望RH/FC上的用户用得方便：

1. 
   
2. #!/bin/sh
   
3. # Begin $rc_base/init.d/fetchmail
   
4. 
   
5. 
   
6. . /etc/rc.d/init.d/functions
   
7. 
   
8. lockfile=/var/lock/subsys/fetchmail
   
9. 
   
10. RETVAL=0
    
11. 
    
12. start() {
    
13.         echo -n "Starting fetchmail..."
    
14.         /usr/bin/fetchmail -f /etc/fetchmailrc && touch "$lockfile" && success || failure
    
15.         RETVAL=$?
    
16.         echo
    
17. }
    
18. stop()  {
    
19.         echo -n  "Stopping fetchmail..."
    
20.         killall /usr/bin/fetchmail && rm -f "$lockfile" && success || failure
    
21.         RETVAL=$?
    
22.         echo
    
23. }
    
24. restart(){
    
25.         stop
    
26.         sleep 1
    
27.                start
    
28. }
    
29. 
    
30. case "$1" in
    
31.   start)
    
32.         start
    
33.         ;;
    
34.   stop)
    
35.           stop
    
36.         ;;
    
37.   restart|force-reload)
    
38.           restart
    
39.         ;;
    
40.   reload)
    
41.           ;;
    
42.   condrestart)
    
43.           [ -f "$lockfile" ] && restart
    
44.         ;;
    
45.   status)
    
46.           if [ -f "$lockfile" ]; then
    
47.                 echo $"Fetchmail is running."
    
48.                 RETVAL=0
    
49.         else
    
50.                 echo $"Fetchmail is not running."
    
51.                 RETVAL=3
    
52.         fi
    
53.         ;;
    
54.   *)
    
55.           echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
    
56.         exit 1
    
57. esac
    
58. 
    
59. exit $RETVAL
    

复制代码

zlbruce

我想问一下，那个 MD5 Fingerprint: 是怎么出来的？

晨想

pop.gmail.com key fingerprint: 59:51:61:89:CDD:B2:35:94:BB:44:97:A0 :395:B4


你是说这个么？

用 MD5算出来的。。。应该是用这堆东西作源算出来的。

MIIC3TCCAkagAwIBAgIDBZIAMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUxMTE1MjEyMjQ0WhcNMDcxMTE2MjEyMjQ0
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMP8LCYiLGJ/
RihwcOi1V/zHVTw0Gfu+mI141Vjuuj2DtQoav8emwlXbu8gZoKP9GeMWpX1Vo9qN
4gkslIToHmDnIwGjcaEAfpdhSR9g54Kf5Y7BEXVyco6mTIlpe9vsbV0dmB1FvLP2
1N09dkUJfi7V0fjb8mcn3QYu6+6QNoxPAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTdASsopgao1m8hcEg0cDZhucltljA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAln3/pVqYnUXA1TVGzOqX
LFhohGxpuNkr1UJnQmYxmZeB07uPBYRX8c0JXEKs29TmAHRsLhmp8kF36F11Dxgi
Xm/Y8I9zgWHoMj7SL3Ve/u8K8K7XcUyUuaWmldLQAREafpFy+f+KYHGuAVh8hjy6
XyPlMCqj+PNp8QXjgOcgO68=

zlbruce

google 了一下，发现这样可以算[php]$ openssl x509 -fingerprint -md5 -noout -in gmail.pem
MD5 Fingerprint=59:51:61:89:CDD:B2:35:94:BB:44:97:A0:395:B4
[/php]
我在做 c_rehash 的时候出现了一个 WARNING[php]$ c_rehash .certs
Doing .certs
cert.pem => 7f549ca4.0
WARNING: Skipping duplicate certificate gmail.pem
[/php]而检查CA文件的时候也出现了[php]
Verify return code: 0 (ok)[/php]
但是运行 fetchmail -avk 的时候出现错误[php]$ fetchmail -avk
fetchmail: 6.3.2 querying pop.gmail.com (protocol POP3) at 2006年03月08日 星期三 23时27分27秒: poll started
fetchmail: Issuer Organization: Equifax
fetchmail: Unknown Issuer CommonName
fetchmail: Server CommonName: pop.gmail.com
fetchmail: pop.gmail.com key fingerprint: 59:51:61:89:CDD:B2:35:94:BB:44:97:A0:395:B4
fetchmail: Server certificate verification error: unable to get local issuer certificate
4842:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from zlbruce@pop.gmail.com
fetchmail: 6.3.2 querying pop.gmail.com (protocol POP3) at 2006年03月08日 星期三 23时27分28秒: poll completed
fetchmail: Query status=2 (SOCKET)
fetchmail: normal termination, status 2
[/php]