For the longest time (years, greater than 10) I’ve been using fetchmail to retrieve mail from my mail server. I do so over SSL and use a self-signed certificate for simple cost reasons. This historically created several errors in the fetchmail output regarding self-signed certificate validation:
fetchmail: Server certificate verification error: self signed certificate
Add to that the normal ‘no mail’ output from fetchmail and a regular cron job to retrieve mail and you had the recipe for constant output from cron while it was retrieving mail. So, I had been redirecting the output from the cron job along with STDERR to /dev/null for years. During that time the certificate expired, the hostname changes, and a whole bunch of other changes:
/usr/bin/fetchmail >/dev/null 2>&1
Long story short (ok, too late for that) I finally decided to clean that all up, as part of the migration to cloud-based services. Here are my notes from said adventure. Nothing special at all, much of it gleaned from various posts and searches on the internets.
First I made a shiny new self-signed certificate for my new server:
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/my-server-x509-cert.pem -keyout /etc/ssl/private/my-server-key.pem
Yes, I know, I just created a 10-year cert. I hate 1 year expirations.
Add that cert to /etc/dovecot/dovecot.conf and restart dovecot.
Now get a fingerprint of the cert for fetchmail:
openssl x509 -in my-server.org-x509-cert.pem -noout -md5 -fingerprint
And add said fingerprint to .fetchmailrc, below all the bits about the server and everything but before the next server’s stanza:
And finally, the piece do resistance, the new cron job to suppress the “no mail” message.
/usr/bin/fetchmail -s || [ $? -eq 1 ]