New to Linode, Centos-8, fetchmail, gmail
I'm moving a job from a server on a customer site where it runs well but the hardware is rather old and due to Covid not readily available for repair or replacement. A key part of this job is the automated fetch of mail from Google's Gmail using fetchmail. Previously did this on a Centos-6 development machine and am currently doing this on the Centos-7 production machine that needs replacement.
I created a new Linode Nanode with CentOS-8 for testing/development.
Installed fetchmail and postfix.
Tested my new Linode box's fetchmail against the imap server at my ISP and all works normally. Tested fetchmail against Google's imap gmail server and it fails. In both cases the scripts and fetchmail.rc files work fine on the previous development and production machines.
I'm stuck. Certs and ssl are areas that I have no experience in.
I'm attaching fetchmail log file of a failed gmail/fetchmail retrieval session hoping someone can provide some help.
fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Mon 06 Jul 2020 02:08:37 AM EDT: poll started
Trying to connect to 2607:f8b0:4004:c0b::6c/993…connected.
fetchmail: Server certificate:
fetchmail: Unknown Organization
fetchmail: Issuer CommonName: invalid2.invalid
fetchmail: Subject CommonName: invalid2.invalid
fetchmail: Server CommonName mismatch: invalid2.invalid != imap.gmail.com
fetchmail: imap.gmail.com key fingerprint: 90:4A:C8:D5:44:5A:D0:6A:8A:10:FF:CD:8B:11:BE:16
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from REDACTED@REDACTED.org@imap.gmail.com
fetchmail: 6.3.26 querying imap.gmail.com (protocol IMAP) at Mon 06 Jul 2020 02:08:38 AM EDT: poll completed
fetchmail: Query status=2 (SOCKET)
fetchmail: normal termination, status 2
To my inexperienced eye it looks like my Linode is not recognizing Google's cert. I chased down the c_rehash hint in the error message. I believe this hint is accomplished by the command "openssl rehash /etc/pki/tls/certs" but that did not correct.
TIA for any help you can offer,
JoeC
1 Reply
Solved - replying to my own request for help for the benefit of anyone else who encounters this problem …
The version of Centos-8 available (as of Jul 7, 2020) at Linode apparently does not know how to handle the certs associated with Google's imap gmail server.
I installed Centos-7 on another new minimal Linode and the same code that failed on the Centos-8 virtual box worked properly on the Centos-7 virtual box.
JoeC