[Nelug] Messages from fetchmail in syslog

Richard Patterson richard at helpquick.co.uk
Sun Oct 15 11:41:06 UTC 2006 

Douglas Nisbet wrote:
> Can anyone tell me whether these messages are a problem?
>
> Oct 15 11:40:10 nick fetchmail[2725]: awakened at Sun Oct 15 11:40:10
> 2006
> Oct 15 11:40:12 nick fetchmail[2725]: Server CommonName mismatch:
> localhost != www.ripple.myzen.co.uk
> Oct 15 11:40:12 nick fetchmail[2725]: Server CommonName mismatch:
> localhost != www.ripple.myzen.co.uk
> Oct 15 11:40:16 nick fetchmail[2725]: sleeping at Sun Oct 15 11:40:16
> 2006
>
CommonName is SSL speak for the name as recorded in the SSL certificate...

It sounds like you are using SSL, but it's not specified in the clip you
gave, so i can only assume that fetchmail is being told to use SSL from
somewhere else...

(I have just read that fetchmail will automatically try TLS if it's
advertised by the server)

There is no way for you to fix it, as the SSL certificate is on their
server... Basically looks like they are using a self signed certificate.


>
> I use fetchmail to periodically collect email from my ISP, using the
> following stanza:
>
> poll www.ripple.myzen.co.uk with proto POP3
>        user 'ripple' there with password 'X' is 'postie' here options
> flush
>
>
> I'm just wondering whether I need to put something in my /etc/hosts to
> shut syslog up. Is it just a mild nuisance or am I seriously
> misconfigured?
I don't think you'd be able to shut it up by putting anything in the
hosts file...

>From the fetchmail FAQ:
"
K6. How can I tell fetchmail not to use TLS if the server advertises it?
Why does fetchmail use SSL even though not configured?

Some servers advertise STLS (POP3) or STARTTLS (IMAP), and fetchmail
will automatically attempt TLS negotiation if SSL was enabled at compile
time. This can however cause problems if the upstream didn't configure
his certificates properly.

In order to prevent fetchmail from trying TLS (STLS, STARTTLS)
negotiation, add this option:

sslproto ssl23

This restricts fetchmail's SSL/TLS protocol choice from the default
"SSLv2, SSLv3, TLSv1" to the two SSL variants, disabling TLSv1. Note
however that this causes the connection to be unencrypted unless an
encrypting "plugin" is used or SSL is requested explicitly.
"

Hope that helps

Regards


-- 

Richard Patterson          HelpQuick Limited
Tel: 0191 2582888          Fax: 0191 6408666
Jabber chat:  richard at jabber.helpquick.co.uk
Web:     http://www.helpquick.co.uk

More information about the Nelug mailing list