Setup Fetchmail For GMail To XDove

From QNAPedia
Jump to navigation Jump to search

STEP BY STEP “FETCHMAIL FOR GMAIL/HOTMAIL” CONFIGURATION

Article Information
Writer eagle00789
Date August 2009
Version 1.1


Requirements:

XDove Installed and running
IPKG Installed and running
OpenSSL 0.9.8 Installed
Perl Installed

Install Fetchmail

Before we can do anything, we must install fetchmail. Login to your QNAP via SSH and execute the following command:

  $ ipkg install fetchmail

After a few moments of patiently waiting, the prompt returns and tells you that it was finished successfully.

Install Certificates

The next step is to download 2 certificates and putt them in a directory. The first thing we do is to create the directory which will hold the certificates. Execute the following command:

  $ mkdir /opt/etc/cert

Now we are going to fetch our first certificate. Enter the following command:

  $ openssl s_client -connect pop.gmail.com:995 –showcerts

If you want to do this for hotmail, then enter the following command:

  $ openssl s_client -connect pop3.live.com:995 –showcerts

This will throw out something like this:

  CONNECTED(00000003)
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
  verify error:num=20:unable to get local issuer certificate
  verify return:1
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
  verify error:num=27:certificate not trusted
  verify return:1
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
  verify error:num=21:unable to verify the first certificate
  verify return:1
  ---
  Certificate chain
   0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
     i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
  -----BEGIN CERTIFICATE-----
  MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
  MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
  aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2
  WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
  TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
  cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV
  8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2
  APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl
  flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
  AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g
  LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
  BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
  BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf
  3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K
  sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP
  HDCjWOK1fGkZ/yFAuTxuxAc=
  -----END CERTIFICATE-----
  ---
  Server certificate
  subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
  issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
  ---
  No client certificate CA names sent
  ---
  SSL handshake has read 883 bytes and written 306 bytes
  ---
  New, TLSv1/SSLv3, Cipher is RC4-MD5
  Server public key is 1024 bit
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1
      Cipher    : RC4-MD5
      Session-ID: 010D2AA18BB7C97A75B2F2B7895EA0CD60FDA7F8BDA71F63C00602D93CD8C3AA
      Session-ID-ctx:
      Master-Key:D72722A6A76DC4F2579CC01C26EFCD98AA9D72D908350CEC588FF09EEBD8847C9DC6A26023A51DCD0CB92676F7E28016
      Key-Arg   : None
      Start Time: 1240684427
      Timeout   : 300 (sec)
      Verify return code: 21 (unable to verify the first certificate)
  ---
  +OK Gpop ready for requests from 85.146.48.6 7pf12009241eyg.18

The output for Hotmail will look slightly different, but the working is the same. In the output you will find something like this

  ----BEGIN CERTIFICATE----- 
  MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
  MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 
  aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2 
  WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN 
  TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv 
  cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV 
  8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2 
  APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl 
  flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD 
  AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g 
  LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf 
  BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF 
  BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf 
  3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K sO/NUVZ
  /IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP HDCjWOK1fGkZ/yFAuTxuxAc= 
  ----END CERTIFICATE----- 

Copy that complete piece just like above and save it in a file called gmail.pem and save it in the /opt/etc/cert folder

For hotmail you will encounter this 3 times. The first 2 times you should copy and save them both seperately to files called: mssa.pem for the first certificate and mia.pem for the second certificate

The second certificate will be downloaded via our web browser. Go to the following URL

[1]

You should see something like this in your browser:

  ----BEGIN CERTIFICATE----- 
  MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV 
  UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy 
  dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 
  MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx 
  dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B 
  AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f 
  BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A 
  cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC 
  AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ 
  MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm 
  aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw 
  ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj 
  IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF 
  MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA 
  A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y 
  7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh 
  1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 
  ----END CERTIFICATE----- 

Go to [2] for the 3rd certificate you need for hotmail. Copy everything and save it in a file called equifax.pem for gmail and gctgr.pem for hotmail and save it in the /opt/etc/cert folder. The only thing left to do is rehash all of these certificates. Execute the following command:

  $c_rehash /opt/etc/cert

It should tell you something like the following:

  doing /opt/etc/cert
  equifax.pem => 7f549ca4.0
  gmail.pem => 4d3e56a1.0 

If you get an error message saying "/opt/etc/cert" is a directory, check the availability of "/etc/ssl/misc/c_rehash".

If it tells you that it can’t find c_rehash, read below, else skip the part below

To do this we first must add a special file to our QNap as this file is not present (not even after updating OpenSSL. Download the following file:

[3]

Extract this file to a location on your normal pc. Also extract the file in this file. In the folder tools you will the following 2 files:

  c_rehash
  c_rehash.in 

copy both files to the /etc/ssl/misc folder. Edit c_rehash's first line and change "#!/usr/bin/perl" to "#!/opt/bin/perl" and try again.

Setup fetchmailrc.

To setup fetchmail itself, copy the part below and paste it into your /opt/etc/fetchmailrc file.

  poll pop.gmail.com with protocol POP3 service 995 
     user 'gmailusername' there with password 'gmailpassword' is 'xdoveusername' here options ssl 
     sslcertpath /opt/etc/cert smtphost localhost/50025

Just make sure that you change gmailusername to your own gmail username and gmailpassword with your gmail password. Also don’t forget to change xdoveusername with the user in xdove that should get the e-mail (using the full loginname for that user)

Or use the following piece as an example for hotmail:

  poll pop3.live.com with protocol POP3 service 995 
     user 'hotmailadress' there with password 'hotmailpassword' is 'xdoveusername' here options ssl 
     sslcertpath /opt/etc/cert smtphost localhost/50025

Just make sure that you change hotmailadressto your own hotmailadress (including @hotmail.com or @live.com or what ever is needed) and hotmailpassword with your gmail password. Also don’t forget to change xdoveusername with the user in xdove that should get the e-mail (using the full loginname for that user)

All that is left to do is to add the following line to autostart.sh and also run it manually once.

  $ /opt/etc/init.d/S52fetchmail

Just sit back and enjoy.