Setup Fetchmail For GMail To XDove
STEP BY STEP “FETCHMAIL FOR GMAIL/HOTMAIL” CONFIGURATION
| Writer | eagle00789 |
| Date | August 2009 |
| Version | 1.1 |
Requirements:
XDove Installed and running
IPKG Installed and running
OpenSSL 0.9.8 Installed
Perl Installed
Install Fetchmail
Before we can do anything, we must install fetchmail. Login to your QNAP via SSH and execute the following command:
$ ipkg install fetchmail
After a few moments of patiently waiting, the prompt returns and tells you that it was finished successfully.
Install Certificates
The next step is to download 2 certificates and putt them in a directory. The first thing we do is to create the directory which will hold the certificates. Execute the following command:
$ mkdir /opt/etc/cert
Now we are going to fetch our first certificate. Enter the following command:
$ openssl s_client -connect pop.gmail.com:995 –showcerts
If you want to do this for hotmail, then enter the following command:
$ openssl s_client -connect pop3.live.com:995 –showcerts
This will throw out something like this:
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV
8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2
APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl
flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf
3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K
sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP
HDCjWOK1fGkZ/yFAuTxuxAc=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 883 bytes and written 306 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 010D2AA18BB7C97A75B2F2B7895EA0CD60FDA7F8BDA71F63C00602D93CD8C3AA
Session-ID-ctx:
Master-Key:D72722A6A76DC4F2579CC01C26EFCD98AA9D72D908350CEC588FF09EEBD8847C9DC6A26023A51DCD0CB92676F7E28016
Key-Arg : None
Start Time: 1240684427
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
+OK Gpop ready for requests from 85.146.48.6 7pf12009241eyg.18
The output for Hotmail will look slightly different, but the working is the same. In the output you will find something like this
----BEGIN CERTIFICATE----- MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2 WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV 8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2 APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf 3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K sO/NUVZ /IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP HDCjWOK1fGkZ/yFAuTxuxAc= ----END CERTIFICATE-----
Copy that complete piece just like above and save it in a file called gmail.pem and save it in the /opt/etc/cert folder
For hotmail you will encounter this 3 times. The first 2 times you should copy and save them both seperately to files called: mssa.pem for the first certificate and mia.pem for the second certificate
The second certificate will be downloaded via our web browser. Go to the following URL
You should see something like this in your browser:
----BEGIN CERTIFICATE----- MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y 7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh 1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 ----END CERTIFICATE-----
Go to [2] for the 3rd certificate you need for hotmail. Copy everything and save it in a file called equifax.pem for gmail and gctgr.pem for hotmail and save it in the /opt/etc/cert folder. The only thing left to do is rehash all of these certificates. Execute the following command:
$c_rehash /opt/etc/cert
It should tell you something like the following:
doing /opt/etc/cert equifax.pem => 7f549ca4.0 gmail.pem => 4d3e56a1.0
If you get an error message saying "/opt/etc/cert" is a directory, check the availability of "/etc/ssl/misc/c_rehash".
If it tells you that it can’t find c_rehash, read below, else skip the part below
To do this we first must add a special file to our QNap as this file is not present (not even after updating OpenSSL. Download the following file:
Extract this file to a location on your normal pc. Also extract the file in this file. In the folder tools you will the following 2 files:
c_rehash c_rehash.in
copy both files to the /etc/ssl/misc folder. Edit c_rehash's first line and change "#!/usr/bin/perl" to "#!/opt/bin/perl" and try again.
Setup fetchmailrc.
To setup fetchmail itself, copy the part below and paste it into your /opt/etc/fetchmailrc file.
poll pop.gmail.com with protocol POP3 service 995
user 'gmailusername' there with password 'gmailpassword' is 'xdoveusername' here options ssl
sslcertpath /opt/etc/cert smtphost localhost/50025
Just make sure that you change gmailusername to your own gmail username and gmailpassword with your gmail password. Also don’t forget to change xdoveusername with the user in xdove that should get the e-mail (using the full loginname for that user)
Or use the following piece as an example for hotmail:
poll pop3.live.com with protocol POP3 service 995
user 'hotmailadress' there with password 'hotmailpassword' is 'xdoveusername' here options ssl
sslcertpath /opt/etc/cert smtphost localhost/50025
Just make sure that you change hotmailadressto your own hotmailadress (including @hotmail.com or @live.com or what ever is needed) and hotmailpassword with your gmail password. Also don’t forget to change xdoveusername with the user in xdove that should get the e-mail (using the full loginname for that user)
All that is left to do is to add the following line to autostart.sh and also run it manually once.
$ /opt/etc/init.d/S52fetchmail
Just sit back and enjoy.