Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
fetchmail: - fingerprints do not match!
421 views
Skip to first unread message
Harald Seitter
Mar 21, 2021, 1:55:06 PM3/21/21
to
Hallo zusammen,
ich bekomme seit ein paar Tagen Fehler in fetchmail beim Abholen von Mails von Strato.
Vorgeschichte:
Am 18.03.21 gingen die Fingerprints nicht mehr. Kommt jedes Jahr vor also mit
fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol pop3
fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol imaop
die fingerprints ermittelt, eingetragen und neu gestartet. Alles wieder gut.
Am 19.03.21 waren dann wohl die Zertifikate abgelaufen also mehr Arbeit.
D.h. Zertifikate neu eingetragen gehasht usf.
Seitdem kommen nicht immer aber meistens diese beiden Mails im Eingang:
Mail-addon-certs certificate updater on 'mailserver'
Fetchmail event Report from Server 'mailserver'
Versenden geht einwandfrei. Ich bekomme auch die Mails, d.h. das ist nicht das Problem,
aber warum kommen meistens (aber nicht immer) die Fehlermeldungen.
Das Phänomen tritt bei 2 Mailservern seit 2 Tagen mit Verbindungen zu Strato auf.
Was kann das sein und weiss jemand Rat.
Dafür habe ich möglichst viele Informationen anschliessend zusammengefasst
(Domain und Passwörter geändert).
Viele Grüße
Harald Seitter
A. Mail-addon-certs certificate updater on 'mailserver'
Dispatched from mail-addon-certs certificate updater on 'mailserver'
Current Date: 2021-03-21 Time: 16:23:52
-------------------------------------------------------
Start request of pop/imap certificates
Requesting: pop3.strato.de
pop3.strato.de in progress
pop3.strato.de:110 No port given; assuming port 110
pop3.strato.de:110 pop/imap certificate downloaded (pop3.strato.de.pem)
pop3.strato.de:110 Updating CRL
pop3.strato.de:110 No fingerprint update needed
pop3.strato.de in progress
pop3.strato.de:110 No port given; assuming port 110
pop3.strato.de:110 pop/imap certificate already downloaded
pop3.strato.de:110 No fingerprint update needed
pop3.strato.de in progress
pop3.strato.de:110 No port given; assuming port 110
pop3.strato.de:110 pop/imap certificate already downloaded
.....
Finished request of pop/imap certificates
Rehashing certificates
und:
B. Fetchmail event Report from Server 'mailserver'
Dispatched from fetchmail agent on server 'mailserver'
Current Date: 2021-03-21 Time: 16:23:50
fetchmail: awakened at Sun, 21 Mar 2021 16:23:47 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 16:23:50 (CET) for 600 seconds
Starting Fingerprint Update
pop3.strato.de
---------------------------------------------------------------
Die Zertifikate:
xCertificate : /usr/local/ssl/certs/imap.strato.de.pem
a
x Subject : = DE, O = Strato AG, OU = Rechenzentrum, ST = Berlin, L = Berlin, CN = imap.strato.de
a
x Valid from : Mar 8 08:14:22 2021 GMT
a
x Valid until: Mar 13 23:59:59 2022 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/pop3.strato.de.pem
a
x Subject : = DE, O = Strato AG, OU = Rechenzentrum, ST = Berlin, L = Berlin, CN = pop3.strato.de
a
x Valid from : Mar 17 09:21:10 2021 GMT
a
x Valid until: Mar 22 23:59:59 2022 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/smtp.strato.de.pem
a
x Subject : = DE, O = Strato AG, OU = Rechenzentrum, ST = Berlin, L = Berlin, CN = smtp.strato.de
a
x Valid from : Mar 8 06:57:59 2021 GMT
a
x Valid until: Mar 13 23:59:59 2022 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/telesec_serverpass_class_2_ca.pem
a
x Subject : = DE, O = T-Systems International GmbH, OU = T-Systems Trust Center, ST = Nordrhein Westfalen, postalCode = 57250, L = Netphen, street
= Untere Industriestr. 20, CN = Tea
x Valid from : Feb 11 14:39:10 2014 GMT
a
x Valid until: Feb 11 23:59:59 2024 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
a
x Subject : = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
a
x Valid from : Oct 1 10:40:14 2008 GMT
a
x Valid until: Oct 1 23:59:59 2033 GMT
a
x
a
---------------------------------------------------------------
Die Zertifikatsketten stimmen meines Erachtens:
x*
x
x| certificate : imap.strato.de.pem (32eee2cd)
x
x| subject : C = DE O = Strato AG OU = Rechenzentrum ST = Berlin L = Berlin CN = imap.strato.de
x
x| issuer : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street =
Untere Industriestr. 20 CN = TeleSex
x| MD5 f-print : 5B:B1:B1:47:81:7F:3F:6A:C3:80:AF:57:7A:3E:B3:AE
x
x| SHA1 f-print: 37:6F:D3:41:F5:26:79:5D:49:9A:16:D9:62:9D:44:92:FA:5D:F8:6F
x
x|
x
x+->| certificate : telesec_serverpass_class_2_ca.pem (33013750)
x
x | subject : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street
= Untere Industriestr. 20 CN = Telx
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 74:78:51:90:16:76:6E:B0:3D:53:A5:E3:CA:5A:1A:91
x
x | SHA1 f-print: 7B:C0:04:8A:1F:D8:F4:23:8C:CC:C9:CC:56:6D:D3:8B:FF:7E:67:E2
x
x |
x
x +->| certificate : T-TeleSec_GlobalRoot_Class_2.pem (1e09d511)
x
x | subject : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
x
x | SHA1 f-print: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
x
x |
x
x +-> end of chain!
x
x
x
xchecking certificate chain:
x
x* OCSP Response verify OK (cache)
x
x imap.strato.de.pem: good
x
x This Update: Mar 19 11:07:33 2021 GMT
x
x Next Update: Mar 24 11:07:33 2021 GMT
x
x
x
x*
x
x| certificate : pop3.strato.de.pem (4ef65644)
x
x| subject : C = DE O = Strato AG OU = Rechenzentrum ST = Berlin L = Berlin CN = pop3.strato.de
x
x| issuer : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street =
Untere Industriestr. 20 CN = TeleSex
x| MD5 f-print : BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
x
x| SHA1 f-print: EA:C8:40:98:31:EA:B2:1A:59:E0:8A:3E:4F:07:17:69:A0:2F:4C:51
x
x|
x
x+->| certificate : telesec_serverpass_class_2_ca.pem (33013750)
x
x | subject : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street
= Untere Industriestr. 20 CN = Telx
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 74:78:51:90:16:76:6E:B0:3D:53:A5:E3:CA:5A:1A:91
x
x | SHA1 f-print: 7B:C0:04:8A:1F:D8:F4:23:8C:CC:C9:CC:56:6D:D3:8B:FF:7E:67:E2
x
x |
x
x +->| certificate : T-TeleSec_GlobalRoot_Class_2.pem (1e09d511)
x
x | subject : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
x
x | SHA1 f-print: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
x
x |
x
x +-> end of chain!
x
x
x
xchecking certificate chain:
x
x* OCSP Response verify OK (cache)
x
x pop3.strato.de.pem: good
x
x This Update: Mar 19 11:05:28 2021 GMT
x
x Next Update: Mar 24 11:05:28 2021 GMT
x
mailserver # cat fetchmail.conf
#------------------------------------------------------------------
# /etc/fetchmail.conf file generated by mail.sh v1.13.9
#
# Do not edit this file, edit /etc/config.d/mail
# Creation Date: 2021-03-19 Time: 13:33:46
#------------------------------------------------------------------
set postmaster "postmaster"
set daemon 600
set logfile /var/log/fetchmail.log
set no bouncemail
set no spambounce
set softbounce
defaults
proto pop3
timeout 90
limit 70000000
warnings 86400
no fetchall
#
poll imap.strato.de proto imap service 993 bad-header reject
user "harald....@abcdefgh.xxxx" password "xxxxxxxxx" is "ich"
keep
sslproto tls1+
ssl
sslfingerprint "5B:B1:B1:47:81:7F:3F:6A:C3:80:AF:57:7A:3E:B3:AE"
sslcertpath /usr/local/ssl/certs
sslcertck
preconnect "echo 'fetchmail: awakened at '`date +'%a, %d %b %G %H:%M:%S (%Z)'`"
#
poll pop3.strato.de proto pop3 bad-header reject
user "in...@abcdefgh.xxxx" password "xxxxx" is "ich"
fetchall
sslproto tls1+
ssl
sslfingerprint "BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A"
sslcertpath /usr/local/ssl/certs
sslcertck
#
poll pop3.strato.de proto pop3 bad-header reject
user "ma...@abcdefgh.xxxx" password "xxxxx" is "mail3"
fetchall
sslproto tls1+
ssl
sslfingerprint "BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A"
sslcertpath /usr/local/ssl/certs
sslcertck
#
poll pop3.strato.de proto pop3 bad-header reject
user "ma...@abcdefgh.xxxx" password "xxxxx" is "mail4"
fetchall
sslproto tls1+
ssl
sslfingerprint "BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A"
sslcertpath /usr/local/ssl/certs
sslcertck
postconnect "echo 'fetchmail: sleeping at '`date +'%a, %d %b %G %H:%M:%S (%Z)'` for 600 seconds; /var/spool/exim/custom-mail-check-fingerprint"
mailserver # /etc/init.d/mail -debug restart fetchmail
* Stopping Fetchmail daemon ...
[ OK ]
* Starting Fetchmail daemon in DEBUG mode ...
fetchmail: Old UID list from imap.strato.de:
<empty>
fetchmail: Old UID list from pop3.strato.de:
<empty>
fetchmail: Old UID list from pop3.strato.de:
<empty>
mailserver #
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: 6.4.5 querying imap.strato.de (protocol IMAP) at Sun, 21 Mar 2021 15:59:33 +0100 (CET): poll started
fetchmail: awakened at Sun, 21 Mar 2021 15:59:33 (CET)
fetchmail: Trying to connect to 81.169.145.103/993...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: imap.strato.de
fetchmail: Subject Alternative Name: imap.strato.de
fetchmail: Subject Alternative Name: imap.strato.com
fetchmail: imap.strato.de key fingerprint: 5B:B1:B1:47:81:7F:3F:6A:C3:80:AF:57:7A:3E:B3:AE
fetchmail: imap.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: IMAP< * OK [CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 CHILDREN ENABLE I18NLEVEL=2 ID IDLE MOVE
MULTIAPPEND NAMESPACE QUOTA SORT STATUS=SIZE UIDPLUS UNSELECT WITHIN XLIST] IMAP server ready (P30 TLSv1.3:TLS_AES_256_GCM_SHA384)
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 CHILDREN ENABLE I18NLEVEL=2 ID IDLE MOVE MULTIAPPEND
NAMESPACE QUOTA SORT STATUS=SIZE UIDPLUS UNSELECT WITHIN XLIST
fetchmail: IMAP< A0001 OK CAPABILITY completed
fetchmail: Protocol identified as IMAP4 rev 1
fetchmail: GSSAPI error gss_inquire_cred: Unspecified GSS failure. Minor code may provide more information
fetchmail: GSSAPI error gss_inquire_cred: No Kerberos credentials available (default cache: DIR:/run/user/42/krb5cc)
fetchmail: No suitable GSSAPI credentials found. Skipping GSSAPI authentication.
fetchmail: If you want to use GSSAPI, you need credentials first, possibly from kinit.
fetchmail: IMAP> A0002 AUTHENTICATE CRAM-MD5
fetchmail: IMAP< + PGMzM2UzMDBjODZjNjVjODE3ODk2NzI0NzNhQGltYXAuc3RyYXRvLmRlPg==
fetchmail: decoded as <c33e300c86c65...@imap.strato.de>
fetchmail: IMAP> aGFyYWxkLnNlaXR0ZXJAcmVjaG5lcnRlY2huaWstdW5kLW1ldGhvZGVuLmRlIDBmODFhMGJmNDUwOGYwYjgxZjc2OTRiNDQ5NmMxMTE2
fetchmail: IMAP< A0002 OK User logged in (189)
fetchmail: selecting or re-polling default folder
fetchmail: IMAP> A0003 SELECT "INBOX"
fetchmail: IMAP< * FLAGS (\Answered \Flagged \Deleted \Seen \Draft \Forwarded $Junk $Forwarded)
fetchmail: IMAP< * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \Forwarded $Junk $Forwarded \*)]
fetchmail: IMAP< * OK [URLMECH INTERNAL]
fetchmail: IMAP< * 283 EXISTS
fetchmail: IMAP< * 0 RECENT
fetchmail: IMAP< * OK [UIDVALIDITY 1116023632]
fetchmail: IMAP< * OK [UIDNEXT 133071]
fetchmail: IMAP< A0003 OK [READ-WRITE] SELECT completed
fetchmail: 283 messages waiting after first poll
fetchmail: IMAP> A0004 SEARCH UNSEEN UNDELETED
fetchmail: IMAP< * SEARCH
fetchmail: IMAP< A0004 OK SEARCH completed
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: IMAP> A0005 LOGOUT
fetchmail: IMAP< * BYE Logout
fetchmail: IMAP< A0005 OK LOGOUT completed
fetchmail: 6.4.5 querying imap.strato.de (protocol IMAP) at Sun, 21 Mar 2021 15:59:34 +0100 (CET): poll completed
fetchmail: New UID list from imap.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:34 +0100 (CET): poll started
fetchmail: Trying to connect to 81.169.145.131/995...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.com
fetchmail: pop3.strato.de key fingerprint: BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
fetchmail: pop3.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: POP3< +OK POP3 server ready <1785ab12e...@pop3.strato.de>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows:
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN SASL LOGIN SASL CRAM-MD5 SASL DIGEST-MD5
fetchmail: POP3< .
fetchmail: POP3> AUTH CRAM-MD5
fetchmail: POP3< + PDcwNzA3NThlODhhY2Y2ODE3ODI1M2MwYjk4QHBvcDMuc3RyYXRvLmRlPg==
fetchmail: decoded as <7070758e88acf...@pop3.strato.de>
fetchmail: POP3> aW5mb0ByZWNobmVydGVjaG5pay11bmQtbWV0aG9kZW4uZGUgYWU0OTIzYjE3NWM5Njg4YzJjYzhkMjQ1ZGQ5OWM2ZjE=
fetchmail: POP3< +OK User logged in, proceed. (189)
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for in...@abcdefgh.xxxx at pop3.strato.de
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Closing connection
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:34 +0100 (CET): poll completed
fetchmail: New UID list from pop3.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:36 +0100 (CET): poll started
fetchmail: Trying to connect to 81.169.145.131/995...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.com
fetchmail: pop3.strato.de key fingerprint: BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
fetchmail: pop3.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: POP3< +OK POP3 server ready <1781edeb...@pop3.strato.de>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows:
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN SASL LOGIN SASL CRAM-MD5 SASL DIGEST-MD5
fetchmail: POP3< .
fetchmail: POP3> AUTH CRAM-MD5
fetchmail: POP3< + PGM4NGQ4NDIzOTNkYWE0MDE3ODlkMDFmMzI1QHBvcDMuc3RyYXRvLmRlPg==
fetchmail: decoded as <c84d842393daa...@pop3.strato.de>
fetchmail: POP3> bWFpbDNAcmVjaG5lcnRlY2huaWstdW5kLW1ldGhvZGVuLmRlIGI2Nzk0Mzg1OWE2ZGI3MmRlZGYwNTI4N2VjNGEwNjMx
fetchmail: POP3< +OK User logged in
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for ma...@abcdefgh.xxxx at pop3.strato.de
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Closing connection
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:36 +0100 (CET): poll completed
fetchmail: New UID list from pop3.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:36 +0100 (CET): poll started
fetchmail: Trying to connect to 81.169.145.131/995...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.com
fetchmail: pop3.strato.de key fingerprint: BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
fetchmail: pop3.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: POP3< +OK POP3 server ready <17837e01...@pop3.strato.de>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows:
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN SASL LOGIN SASL CRAM-MD5 SASL DIGEST-MD5
fetchmail: POP3< .
fetchmail: POP3> AUTH CRAM-MD5
fetchmail: POP3< + PGRiZmMzNGIxOGE4YjVkMDE3ODhlYjA0MmQwQHBvcDMuc3RyYXRvLmRlPg==
fetchmail: decoded as <dbfc34b18a8b5...@pop3.strato.de>
fetchmail: POP3> bWFpbDRAcmVjaG5lcnRlY2huaWstdW5kLW1ldGhvZGVuLmRlIDk3NWI2NGM5NzJmMGZlODliYWI2YzU0ZjA5NzU2NDdm
fetchmail: POP3< +OK User logged in
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for ma...@abcdefgh.xxxx at pop3.strato.de
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Closing connection
fetchmail: sleeping at Sun, 21 Mar 2021 15:59:37 (CET) for 600 seconds
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:37 +0100 (CET): poll completed
fetchmail: New UID list from pop3.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: sleeping at Sun, 21 Mar 2021 15:59:37 +0100 (CET) for 600 seconds
mailserver #
-----------------------------------------------------------------------
wieder "normale" Ausgabe:
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: awakened at Sun, 21 Mar 2021 16:03:40 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:03:43 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:13:43 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: 1 message for in...@abcdefgh.xxxx at pop3.strato.de (24267 octets).
fetchmail: reading message in...@abcdefgh.xxxx@pop3.strato.de:1 of 1 (24267 octets) flushed
fetchmail: sleeping at Sun, 21 Mar 2021 16:13:47 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:23:47 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 16:23:50 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:33:50 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:33:53 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:43:54 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:43:57 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:53:57 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 16:54:00 (CET) for 600 seconds
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: awakened at Sun, 21 Mar 2021 16:54:12 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from in...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: sleeping at Sun, 21 Mar 2021 16:54:13 (CET) for 600 seconds
fetchmail: Query status=2 (SOCKET)
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: awakened at Sun, 21 Mar 2021 16:54:26 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:54:29 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:04:29 (CET)
fetchmail: 285 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: reading message harald....@abcdefgh.xxxx@imap.strato.de:284 of 285 (5387 header octets) (42 body octets) not flushed
fetchmail: reading message harald....@abcdefgh.xxxx@imap.strato.de:285 of 285 (5544 header octets) (41 body octets) not flushed
fetchmail: sleeping at Sun, 21 Mar 2021 17:04:33 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:14:33 (CET)
fetchmail: 285 messages (285 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 17:14:37 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:24:37 (CET)
fetchmail: imap.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: imap.strato.de: SSL connection failed.
fetchmail: socket error while fetching from harald....@abcdefgh.xxxx@imap.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 17:24:40 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:34:40 (CET)
fetchmail: 285 messages (285 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 17:34:43 (CET) for 600 seconds
ich bekomme seit ein paar Tagen Fehler in fetchmail beim Abholen von Mails von Strato.
Vorgeschichte:
Am 18.03.21 gingen die Fingerprints nicht mehr. Kommt jedes Jahr vor also mit
fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol pop3
fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol imaop
die fingerprints ermittelt, eingetragen und neu gestartet. Alles wieder gut.
Am 19.03.21 waren dann wohl die Zertifikate abgelaufen also mehr Arbeit.
D.h. Zertifikate neu eingetragen gehasht usf.
Seitdem kommen nicht immer aber meistens diese beiden Mails im Eingang:
Mail-addon-certs certificate updater on 'mailserver'
Fetchmail event Report from Server 'mailserver'
Versenden geht einwandfrei. Ich bekomme auch die Mails, d.h. das ist nicht das Problem,
aber warum kommen meistens (aber nicht immer) die Fehlermeldungen.
Das Phänomen tritt bei 2 Mailservern seit 2 Tagen mit Verbindungen zu Strato auf.
Was kann das sein und weiss jemand Rat.
Dafür habe ich möglichst viele Informationen anschliessend zusammengefasst
(Domain und Passwörter geändert).
Viele Grüße
Harald Seitter
A. Mail-addon-certs certificate updater on 'mailserver'
Dispatched from mail-addon-certs certificate updater on 'mailserver'
Current Date: 2021-03-21 Time: 16:23:52
-------------------------------------------------------
Start request of pop/imap certificates
Requesting: pop3.strato.de
pop3.strato.de in progress
pop3.strato.de:110 No port given; assuming port 110
pop3.strato.de:110 pop/imap certificate downloaded (pop3.strato.de.pem)
pop3.strato.de:110 Updating CRL
pop3.strato.de:110 No fingerprint update needed
pop3.strato.de in progress
pop3.strato.de:110 No port given; assuming port 110
pop3.strato.de:110 pop/imap certificate already downloaded
pop3.strato.de:110 No fingerprint update needed
pop3.strato.de in progress
pop3.strato.de:110 No port given; assuming port 110
pop3.strato.de:110 pop/imap certificate already downloaded
.....
Finished request of pop/imap certificates
Rehashing certificates
und:
B. Fetchmail event Report from Server 'mailserver'
Dispatched from fetchmail agent on server 'mailserver'
Current Date: 2021-03-21 Time: 16:23:50
fetchmail: awakened at Sun, 21 Mar 2021 16:23:47 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 16:23:50 (CET) for 600 seconds
Starting Fingerprint Update
pop3.strato.de
---------------------------------------------------------------
Die Zertifikate:
xCertificate : /usr/local/ssl/certs/imap.strato.de.pem
a
x Subject : = DE, O = Strato AG, OU = Rechenzentrum, ST = Berlin, L = Berlin, CN = imap.strato.de
a
x Valid from : Mar 8 08:14:22 2021 GMT
a
x Valid until: Mar 13 23:59:59 2022 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/pop3.strato.de.pem
a
x Subject : = DE, O = Strato AG, OU = Rechenzentrum, ST = Berlin, L = Berlin, CN = pop3.strato.de
a
x Valid from : Mar 17 09:21:10 2021 GMT
a
x Valid until: Mar 22 23:59:59 2022 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/smtp.strato.de.pem
a
x Subject : = DE, O = Strato AG, OU = Rechenzentrum, ST = Berlin, L = Berlin, CN = smtp.strato.de
a
x Valid from : Mar 8 06:57:59 2021 GMT
a
x Valid until: Mar 13 23:59:59 2022 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/telesec_serverpass_class_2_ca.pem
a
x Subject : = DE, O = T-Systems International GmbH, OU = T-Systems Trust Center, ST = Nordrhein Westfalen, postalCode = 57250, L = Netphen, street
= Untere Industriestr. 20, CN = Tea
x Valid from : Feb 11 14:39:10 2014 GMT
a
x Valid until: Feb 11 23:59:59 2024 GMT
a
x
a
xCertificate : /usr/local/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
a
x Subject : = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
a
x Valid from : Oct 1 10:40:14 2008 GMT
a
x Valid until: Oct 1 23:59:59 2033 GMT
a
x
a
---------------------------------------------------------------
Die Zertifikatsketten stimmen meines Erachtens:
x*
x
x| certificate : imap.strato.de.pem (32eee2cd)
x
x| subject : C = DE O = Strato AG OU = Rechenzentrum ST = Berlin L = Berlin CN = imap.strato.de
x
x| issuer : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street =
Untere Industriestr. 20 CN = TeleSex
x| MD5 f-print : 5B:B1:B1:47:81:7F:3F:6A:C3:80:AF:57:7A:3E:B3:AE
x
x| SHA1 f-print: 37:6F:D3:41:F5:26:79:5D:49:9A:16:D9:62:9D:44:92:FA:5D:F8:6F
x
x|
x
x+->| certificate : telesec_serverpass_class_2_ca.pem (33013750)
x
x | subject : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street
= Untere Industriestr. 20 CN = Telx
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 74:78:51:90:16:76:6E:B0:3D:53:A5:E3:CA:5A:1A:91
x
x | SHA1 f-print: 7B:C0:04:8A:1F:D8:F4:23:8C:CC:C9:CC:56:6D:D3:8B:FF:7E:67:E2
x
x |
x
x +->| certificate : T-TeleSec_GlobalRoot_Class_2.pem (1e09d511)
x
x | subject : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
x
x | SHA1 f-print: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
x
x |
x
x +-> end of chain!
x
x
x
xchecking certificate chain:
x
x* OCSP Response verify OK (cache)
x
x imap.strato.de.pem: good
x
x This Update: Mar 19 11:07:33 2021 GMT
x
x Next Update: Mar 24 11:07:33 2021 GMT
x
x
x
x*
x
x| certificate : pop3.strato.de.pem (4ef65644)
x
x| subject : C = DE O = Strato AG OU = Rechenzentrum ST = Berlin L = Berlin CN = pop3.strato.de
x
x| issuer : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street =
Untere Industriestr. 20 CN = TeleSex
x| MD5 f-print : BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
x
x| SHA1 f-print: EA:C8:40:98:31:EA:B2:1A:59:E0:8A:3E:4F:07:17:69:A0:2F:4C:51
x
x|
x
x+->| certificate : telesec_serverpass_class_2_ca.pem (33013750)
x
x | subject : C = DE O = T-Systems International GmbH OU = T-Systems Trust Center ST = Nordrhein Westfalen postalCode = 57250 L = Netphen street
= Untere Industriestr. 20 CN = Telx
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 74:78:51:90:16:76:6E:B0:3D:53:A5:E3:CA:5A:1A:91
x
x | SHA1 f-print: 7B:C0:04:8A:1F:D8:F4:23:8C:CC:C9:CC:56:6D:D3:8B:FF:7E:67:E2
x
x |
x
x +->| certificate : T-TeleSec_GlobalRoot_Class_2.pem (1e09d511)
x
x | subject : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | issuer : C = DE O = T-Systems Enterprise Services GmbH OU = T-Systems Trust Center CN = T-TeleSec GlobalRoot Class 2
x
x | MD5 f-print : 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
x
x | SHA1 f-print: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
x
x |
x
x +-> end of chain!
x
x
x
xchecking certificate chain:
x
x* OCSP Response verify OK (cache)
x
x pop3.strato.de.pem: good
x
x This Update: Mar 19 11:05:28 2021 GMT
x
x Next Update: Mar 24 11:05:28 2021 GMT
x
mailserver # cat fetchmail.conf
#------------------------------------------------------------------
# /etc/fetchmail.conf file generated by mail.sh v1.13.9
#
# Do not edit this file, edit /etc/config.d/mail
# Creation Date: 2021-03-19 Time: 13:33:46
#------------------------------------------------------------------
set postmaster "postmaster"
set daemon 600
set logfile /var/log/fetchmail.log
set no bouncemail
set no spambounce
set softbounce
defaults
proto pop3
timeout 90
limit 70000000
warnings 86400
no fetchall
#
poll imap.strato.de proto imap service 993 bad-header reject
user "harald....@abcdefgh.xxxx" password "xxxxxxxxx" is "ich"
keep
sslproto tls1+
ssl
sslfingerprint "5B:B1:B1:47:81:7F:3F:6A:C3:80:AF:57:7A:3E:B3:AE"
sslcertpath /usr/local/ssl/certs
sslcertck
preconnect "echo 'fetchmail: awakened at '`date +'%a, %d %b %G %H:%M:%S (%Z)'`"
#
poll pop3.strato.de proto pop3 bad-header reject
user "in...@abcdefgh.xxxx" password "xxxxx" is "ich"
fetchall
sslproto tls1+
ssl
sslfingerprint "BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A"
sslcertpath /usr/local/ssl/certs
sslcertck
#
poll pop3.strato.de proto pop3 bad-header reject
user "ma...@abcdefgh.xxxx" password "xxxxx" is "mail3"
fetchall
sslproto tls1+
ssl
sslfingerprint "BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A"
sslcertpath /usr/local/ssl/certs
sslcertck
#
poll pop3.strato.de proto pop3 bad-header reject
user "ma...@abcdefgh.xxxx" password "xxxxx" is "mail4"
fetchall
sslproto tls1+
ssl
sslfingerprint "BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A"
sslcertpath /usr/local/ssl/certs
sslcertck
postconnect "echo 'fetchmail: sleeping at '`date +'%a, %d %b %G %H:%M:%S (%Z)'` for 600 seconds; /var/spool/exim/custom-mail-check-fingerprint"
mailserver # /etc/init.d/mail -debug restart fetchmail
* Stopping Fetchmail daemon ...
[ OK ]
* Starting Fetchmail daemon in DEBUG mode ...
fetchmail: Old UID list from imap.strato.de:
<empty>
fetchmail: Old UID list from pop3.strato.de:
<empty>
fetchmail: Old UID list from pop3.strato.de:
<empty>
mailserver #
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: 6.4.5 querying imap.strato.de (protocol IMAP) at Sun, 21 Mar 2021 15:59:33 +0100 (CET): poll started
fetchmail: awakened at Sun, 21 Mar 2021 15:59:33 (CET)
fetchmail: Trying to connect to 81.169.145.103/993...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: imap.strato.de
fetchmail: Subject Alternative Name: imap.strato.de
fetchmail: Subject Alternative Name: imap.strato.com
fetchmail: imap.strato.de key fingerprint: 5B:B1:B1:47:81:7F:3F:6A:C3:80:AF:57:7A:3E:B3:AE
fetchmail: imap.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: IMAP< * OK [CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 CHILDREN ENABLE I18NLEVEL=2 ID IDLE MOVE
MULTIAPPEND NAMESPACE QUOTA SORT STATUS=SIZE UIDPLUS UNSELECT WITHIN XLIST] IMAP server ready (P30 TLSv1.3:TLS_AES_256_GCM_SHA384)
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 CHILDREN ENABLE I18NLEVEL=2 ID IDLE MOVE MULTIAPPEND
NAMESPACE QUOTA SORT STATUS=SIZE UIDPLUS UNSELECT WITHIN XLIST
fetchmail: IMAP< A0001 OK CAPABILITY completed
fetchmail: Protocol identified as IMAP4 rev 1
fetchmail: GSSAPI error gss_inquire_cred: Unspecified GSS failure. Minor code may provide more information
fetchmail: GSSAPI error gss_inquire_cred: No Kerberos credentials available (default cache: DIR:/run/user/42/krb5cc)
fetchmail: No suitable GSSAPI credentials found. Skipping GSSAPI authentication.
fetchmail: If you want to use GSSAPI, you need credentials first, possibly from kinit.
fetchmail: IMAP> A0002 AUTHENTICATE CRAM-MD5
fetchmail: IMAP< + PGMzM2UzMDBjODZjNjVjODE3ODk2NzI0NzNhQGltYXAuc3RyYXRvLmRlPg==
fetchmail: decoded as <c33e300c86c65...@imap.strato.de>
fetchmail: IMAP> aGFyYWxkLnNlaXR0ZXJAcmVjaG5lcnRlY2huaWstdW5kLW1ldGhvZGVuLmRlIDBmODFhMGJmNDUwOGYwYjgxZjc2OTRiNDQ5NmMxMTE2
fetchmail: IMAP< A0002 OK User logged in (189)
fetchmail: selecting or re-polling default folder
fetchmail: IMAP> A0003 SELECT "INBOX"
fetchmail: IMAP< * FLAGS (\Answered \Flagged \Deleted \Seen \Draft \Forwarded $Junk $Forwarded)
fetchmail: IMAP< * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \Forwarded $Junk $Forwarded \*)]
fetchmail: IMAP< * OK [URLMECH INTERNAL]
fetchmail: IMAP< * 283 EXISTS
fetchmail: IMAP< * 0 RECENT
fetchmail: IMAP< * OK [UIDVALIDITY 1116023632]
fetchmail: IMAP< * OK [UIDNEXT 133071]
fetchmail: IMAP< A0003 OK [READ-WRITE] SELECT completed
fetchmail: 283 messages waiting after first poll
fetchmail: IMAP> A0004 SEARCH UNSEEN UNDELETED
fetchmail: IMAP< * SEARCH
fetchmail: IMAP< A0004 OK SEARCH completed
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: IMAP> A0005 LOGOUT
fetchmail: IMAP< * BYE Logout
fetchmail: IMAP< A0005 OK LOGOUT completed
fetchmail: 6.4.5 querying imap.strato.de (protocol IMAP) at Sun, 21 Mar 2021 15:59:34 +0100 (CET): poll completed
fetchmail: New UID list from imap.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:34 +0100 (CET): poll started
fetchmail: Trying to connect to 81.169.145.131/995...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.com
fetchmail: pop3.strato.de key fingerprint: BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
fetchmail: pop3.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: POP3< +OK POP3 server ready <1785ab12e...@pop3.strato.de>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows:
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN SASL LOGIN SASL CRAM-MD5 SASL DIGEST-MD5
fetchmail: POP3< .
fetchmail: POP3> AUTH CRAM-MD5
fetchmail: POP3< + PDcwNzA3NThlODhhY2Y2ODE3ODI1M2MwYjk4QHBvcDMuc3RyYXRvLmRlPg==
fetchmail: decoded as <7070758e88acf...@pop3.strato.de>
fetchmail: POP3> aW5mb0ByZWNobmVydGVjaG5pay11bmQtbWV0aG9kZW4uZGUgYWU0OTIzYjE3NWM5Njg4YzJjYzhkMjQ1ZGQ5OWM2ZjE=
fetchmail: POP3< +OK User logged in, proceed. (189)
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for in...@abcdefgh.xxxx at pop3.strato.de
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Closing connection
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:34 +0100 (CET): poll completed
fetchmail: New UID list from pop3.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:36 +0100 (CET): poll started
fetchmail: Trying to connect to 81.169.145.131/995...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.com
fetchmail: pop3.strato.de key fingerprint: BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
fetchmail: pop3.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: POP3< +OK POP3 server ready <1781edeb...@pop3.strato.de>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows:
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN SASL LOGIN SASL CRAM-MD5 SASL DIGEST-MD5
fetchmail: POP3< .
fetchmail: POP3> AUTH CRAM-MD5
fetchmail: POP3< + PGM4NGQ4NDIzOTNkYWE0MDE3ODlkMDFmMzI1QHBvcDMuc3RyYXRvLmRlPg==
fetchmail: decoded as <c84d842393daa...@pop3.strato.de>
fetchmail: POP3> bWFpbDNAcmVjaG5lcnRlY2huaWstdW5kLW1ldGhvZGVuLmRlIGI2Nzk0Mzg1OWE2ZGI3MmRlZGYwNTI4N2VjNGEwNjMx
fetchmail: POP3< +OK User logged in
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for ma...@abcdefgh.xxxx at pop3.strato.de
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Closing connection
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:36 +0100 (CET): poll completed
fetchmail: New UID list from pop3.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:36 +0100 (CET): poll started
fetchmail: Trying to connect to 81.169.145.131/995...connected.
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 2
fetchmail: Subject CommonName: TeleSec ServerPass Class 2 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Class 2 CA
fetchmail: Subject CommonName: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.de
fetchmail: Subject Alternative Name: pop3.strato.com
fetchmail: pop3.strato.de key fingerprint: BF:25:8A:DF:F1:8B:59:3F:A7:1A:B2:5F:E2:7C:D2:1A
fetchmail: pop3.strato.de fingerprints match.
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: POP3< +OK POP3 server ready <17837e01...@pop3.strato.de>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows:
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN SASL LOGIN SASL CRAM-MD5 SASL DIGEST-MD5
fetchmail: POP3< .
fetchmail: POP3> AUTH CRAM-MD5
fetchmail: POP3< + PGRiZmMzNGIxOGE4YjVkMDE3ODhlYjA0MmQwQHBvcDMuc3RyYXRvLmRlPg==
fetchmail: decoded as <dbfc34b18a8b5...@pop3.strato.de>
fetchmail: POP3> bWFpbDRAcmVjaG5lcnRlY2huaWstdW5kLW1ldGhvZGVuLmRlIDk3NWI2NGM5NzJmMGZlODliYWI2YzU0ZjA5NzU2NDdm
fetchmail: POP3< +OK User logged in
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for ma...@abcdefgh.xxxx at pop3.strato.de
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Closing connection
fetchmail: sleeping at Sun, 21 Mar 2021 15:59:37 (CET) for 600 seconds
fetchmail: 6.4.5 querying pop3.strato.de (protocol POP3) at Sun, 21 Mar 2021 15:59:37 +0100 (CET): poll completed
fetchmail: New UID list from pop3.strato.de:
<empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: sleeping at Sun, 21 Mar 2021 15:59:37 +0100 (CET) for 600 seconds
mailserver #
-----------------------------------------------------------------------
wieder "normale" Ausgabe:
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: awakened at Sun, 21 Mar 2021 16:03:40 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:03:43 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:13:43 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: 1 message for in...@abcdefgh.xxxx at pop3.strato.de (24267 octets).
fetchmail: reading message in...@abcdefgh.xxxx@pop3.strato.de:1 of 1 (24267 octets) flushed
fetchmail: sleeping at Sun, 21 Mar 2021 16:13:47 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:23:47 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 16:23:50 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:33:50 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:33:53 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:43:54 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:43:57 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 16:53:57 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 16:54:00 (CET) for 600 seconds
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: awakened at Sun, 21 Mar 2021 16:54:12 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from in...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: pop3.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: pop3.strato.de: SSL connection failed.
fetchmail: socket error while fetching from ma...@abcdefgh.xxxx@pop3.strato.de
fetchmail: sleeping at Sun, 21 Mar 2021 16:54:13 (CET) for 600 seconds
fetchmail: Query status=2 (SOCKET)
fetchmail: terminated with signal 15
fetchmail: starting fetchmail 6.4.5 daemon
fetchmail: awakened at Sun, 21 Mar 2021 16:54:26 (CET)
fetchmail: 283 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 16:54:29 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:04:29 (CET)
fetchmail: 285 messages (283 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: reading message harald....@abcdefgh.xxxx@imap.strato.de:284 of 285 (5387 header octets) (42 body octets) not flushed
fetchmail: reading message harald....@abcdefgh.xxxx@imap.strato.de:285 of 285 (5544 header octets) (41 body octets) not flushed
fetchmail: sleeping at Sun, 21 Mar 2021 17:04:33 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:14:33 (CET)
fetchmail: 285 messages (285 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 17:14:37 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:24:37 (CET)
fetchmail: imap.strato.de fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: imap.strato.de: SSL connection failed.
fetchmail: socket error while fetching from harald....@abcdefgh.xxxx@imap.strato.de
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sun, 21 Mar 2021 17:24:40 (CET) for 600 seconds
fetchmail: awakened at Sun, 21 Mar 2021 17:34:40 (CET)
fetchmail: 285 messages (285 seen) for harald....@abcdefgh.xxxx at imap.strato.de.
fetchmail: sleeping at Sun, 21 Mar 2021 17:34:43 (CET) for 600 seconds
Marcus Röckrath
Mar 21, 2021, 2:20:01 PM3/21/21
to
Hallo Harald,
Harald Seitter wrote:
> ich bekomme seit ein paar Tagen Fehler in fetchmail beim Abholen von Mails
> von Strato. Vorgeschichte:
> Am 18.03.21 gingen die Fingerprints nicht mehr. Kommt jedes Jahr vor also
> mit fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol
> pop3 fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol
> imaop die fingerprints ermittelt, eingetragen und neu gestartet. Alles
> wieder gut. Am 19.03.21 waren dann wohl die Zertifikate abgelaufen also
> mehr Arbeit. D.h. Zertifikate neu eingetragen gehasht usf.
>
> Seitdem kommen nicht immer aber meistens diese beiden Mails im Eingang:
Manche Provider bekommen es nicht gebacken, auf allen Rechnern ihrer
Serverfarm das neue Zertifikat zeitnah einzurichten, dadurch bekommt man
mal das alte mal das neue Zertifikat.
Wenn dass beim Mailabruf der Mismatch kommt, hat man ein anderes als das
eingetragene bekommen; beim anschließenden Zertifkatsupdate bekommt man
aber dann wieder das in der Konfiguration eingetragene.
Da gibts nur abwarten und Tee trinken oder in der Mailkonfiguration den
Fingerprint leer zu lassen, dann ist man das Problem dauerhaft los.
--
Gruß Marcus
[eisfair-Team]
Harald Seitter wrote:
> ich bekomme seit ein paar Tagen Fehler in fetchmail beim Abholen von Mails
> von Strato. Vorgeschichte:
> Am 18.03.21 gingen die Fingerprints nicht mehr. Kommt jedes Jahr vor also
> mit fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol
> pop3 fetchmail pop3.strato.de --ssl --verbose --username xxxxxx --protocol
> imaop die fingerprints ermittelt, eingetragen und neu gestartet. Alles
> wieder gut. Am 19.03.21 waren dann wohl die Zertifikate abgelaufen also
> mehr Arbeit. D.h. Zertifikate neu eingetragen gehasht usf.
>
> Seitdem kommen nicht immer aber meistens diese beiden Mails im Eingang:
Serverfarm das neue Zertifikat zeitnah einzurichten, dadurch bekommt man
mal das alte mal das neue Zertifikat.
Wenn dass beim Mailabruf der Mismatch kommt, hat man ein anderes als das
eingetragene bekommen; beim anschließenden Zertifkatsupdate bekommt man
aber dann wieder das in der Konfiguration eingetragene.
Da gibts nur abwarten und Tee trinken oder in der Mailkonfiguration den
Fingerprint leer zu lassen, dann ist man das Problem dauerhaft los.
--
Gruß Marcus
[eisfair-Team]
Marcus Röckrath
Mar 21, 2021, 2:30:02 PM3/21/21
to
Hallo Harald,
Marcus Röckrath wrote:
> Manche Provider bekommen es nicht gebacken, auf allen Rechnern ihrer
> Serverfarm das neue Zertifikat zeitnah einzurichten, dadurch bekommt man
> mal das alte mal das neue Zertifikat.
Wenn ich das Zertifkat mehrfach hintereinander abrufe, bekomme ich neben dem
neuen (Gültigkeit ab 2021) auch in nennenswerter Anzahl noch das alte
Zertifikat (Gültigkeit ab 2020):
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 17 09:21:10 2021 GMT
--
Gruß Marcus
[eisfair-Team]
Marcus Röckrath wrote:
> Manche Provider bekommen es nicht gebacken, auf allen Rechnern ihrer
> Serverfarm das neue Zertifikat zeitnah einzurichten, dadurch bekommt man
> mal das alte mal das neue Zertifikat.
neuen (Gültigkeit ab 2021) auch in nennenswerter Anzahl noch das alte
Zertifikat (Gültigkeit ab 2020):
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 17 09:21:10 2021 GMT
Not Before: Mar 23 08:52:00 2020 GMT
Not Before: Mar 17 09:21:10 2021 GMT
--
Gruß Marcus
[eisfair-Team]
Harald Seitter
Mar 21, 2021, 2:38:32 PM3/21/21
to
Hallo Markus,
Du sprichst mir aus der Seele. Mein Bauchgefühl hat mir sowas schon untergejubelt.
Durch die Unregelmässigkeit war es eine Hoffnung. Am Samstag mittag waren die
Meldung zwei Stunden lang weg. Aber dann auf einmal kamen sie wieder.
Na ja solange die richtigen Mails reinkommen leite ich die "Fehlermails" über eine Regel
erstmal in den Papierkorb. Ich finde es halt traurig, dass man so etwas nicht in 2-3 Tagen
gebacken bekommt.
Erstmal vielen Dank für die Unterstützung (auch noch so schnell :-) )
und noch einen schönen Sonntag Abend.
Viele Grüße
Harald Seitter
Du sprichst mir aus der Seele. Mein Bauchgefühl hat mir sowas schon untergejubelt.
Durch die Unregelmässigkeit war es eine Hoffnung. Am Samstag mittag waren die
Meldung zwei Stunden lang weg. Aber dann auf einmal kamen sie wieder.
Na ja solange die richtigen Mails reinkommen leite ich die "Fehlermails" über eine Regel
erstmal in den Papierkorb. Ich finde es halt traurig, dass man so etwas nicht in 2-3 Tagen
gebacken bekommt.
Erstmal vielen Dank für die Unterstützung (auch noch so schnell :-) )
und noch einen schönen Sonntag Abend.
Viele Grüße
Harald Seitter
Marcus Röckrath
Mar 21, 2021, 3:00:02 PM3/21/21
to
Hallo Harald,
Harald Seitter wrote:
> Du sprichst mir aus der Seele. Mein Bauchgefühl hat mir sowas schon
> untergejubelt. Durch die Unregelmässigkeit war es eine Hoffnung. Am
> Samstag mittag waren die Meldung zwei Stunden lang weg. Aber dann auf
> einmal kamen sie wieder. Na ja solange die richtigen Mails reinkommen
> leite ich die "Fehlermails" über eine Regel erstmal in den Papierkorb. Ich
> finde es halt traurig, dass man so etwas nicht in 2-3 Tagen gebacken
> bekommt.
Telekom hat da nach meiner Erinnerung auch schonmal eine Woche gebraucht,
Harald Seitter wrote:
> Du sprichst mir aus der Seele. Mein Bauchgefühl hat mir sowas schon
> untergejubelt. Durch die Unregelmässigkeit war es eine Hoffnung. Am
> Samstag mittag waren die Meldung zwei Stunden lang weg. Aber dann auf
> einmal kamen sie wieder. Na ja solange die richtigen Mails reinkommen
> leite ich die "Fehlermails" über eine Regel erstmal in den Papierkorb. Ich
> finde es halt traurig, dass man so etwas nicht in 2-3 Tagen gebacken
> bekommt.
oder sogar mal behauptet, mit zwei verschiedenen Zertifikaten dauerhaft
arbeiten zu können.
> Erstmal vielen Dank für die Unterstützung (auch noch so schnell :-) )
> und noch einen schönen Sonntag Abend.
--
Gruß Marcus
[eisfair-Team]
Harald Seitter
Mar 21, 2021, 5:12:45 PM3/21/21
to
Hallo Marcus,
Alles schön und gut, so was sollte sich doch automatisiert entsprechend aktualisieren lassen.
Aber was ist dann der Unterschied zu einem normalen Mailclient, der mault doch auch nicht?
Ich will jetzt kein neues Fass aufmachen. :-)
Gruss Harald
Marcus Röckrath
Mar 22, 2021, 1:20:02 AM3/22/21
to
Hallo Harald,
Harald Seitter wrote:
Harald Seitter wrote:
> Aber was ist dann der Unterschied zu einem normalen Mailclient, der mault
> doch auch nicht? Ich will jetzt kein neues Fass aufmachen. :-)
Wie ich schon schrieb, kannst du den Fingerprint in der Mailkonfiguration
> doch auch nicht? Ich will jetzt kein neues Fass aufmachen. :-)
leer lassen, dann verhält sich fetchmail vergleichbar zu einem normalen
Mailclient.
Diese nehmen schlicht den Schlüssel, der vom Server angeboten wird, ohne
diese gegen einen Fingerprint zu prüfen. Es ist denen also egal, ob
Schlüssel A oder Schlüssel B kommt.
Die Prüfung mittels Fingerprint ist eine zusätzliche Sicherheitsstufe, die
eben genau einen bestimmten Key erlaubt.
--
Gruß Marcus
[eisfair-Team]
Harald Seitter
Mar 22, 2021, 4:45:49 AM3/22/21
to
Hallo MArcus,
ok. Danke für die Info. :-)
Gruss Harald
ok. Danke für die Info. :-)
Gruss Harald
Marcus Röckrath
Mar 22, 2021, 5:30:02 PM3/22/21
to
Hallo Harald,
Harald Seitter wrote:
> ok. Danke für die Info. :-)
Bitte, zwischenzeitlich scheint das alte Zertifikat auf allen Servern
Harald Seitter wrote:
> ok. Danke für die Info. :-)
ersetzt worden zu sein.
--
Gruß Marcus
[eisfair-Team]
Harald Seitter
Mar 23, 2021, 1:57:21 PM3/23/21
to
Hallo Marcus,
ich wollte mich gerade nochmal melden und mitteilen,
dass seit 22.03.21 21:17 der Spuk ein Ende hatte - aber Du warst schneller :-)
Viele Grüße
Harald
Marcus Röckrath
Mar 23, 2021, 2:30:02 PM3/23/21
to
Hallo Harald,
Harald Seitter wrote:
> ich wollte mich gerade nochmal melden und mitteilen,
> dass seit 22.03.21 21:17 der Spuk ein Ende hatte - aber Du warst schneller
> :-)
:-) In meinem Alter muss man zeigen, dass man noch eine gewisse
Harald Seitter wrote:
> ich wollte mich gerade nochmal melden und mitteilen,
> dass seit 22.03.21 21:17 der Spuk ein Ende hatte - aber Du warst schneller
> :-)
Reaktionsschnelligkeit hat.
--
Gruß Marcus
[eisfair-Team]
0 new messages