Useful Fetchmail Stuff

For the longest time (years, greater than 10) I’ve been using fetchmail to retrieve mail from my mail server.  I do so over SSL and use a self-signed certificate for simple cost reasons.  This historically created several errors in the fetchmail output regarding self-signed certificate validation:

fetchmail: Server certificate verification error: self signed certificate

Add to that the normal ‘no mail’ output from fetchmail and a regular cron job to retrieve mail and you had the recipe for constant output from cron while it was retrieving mail.  So, I had been redirecting the output from the cron job along with STDERR to /dev/null for years.  During that time the certificate expired, the hostname changes, and a whole bunch of other changes:

/usr/bin/fetchmail >/dev/null 2>&1

Long story short (ok, too late for that) I finally decided to clean that all up, as part of the migration to cloud-based services.  Here are my notes from said adventure.  Nothing special at all, much of it gleaned from various posts and searches on the internets.

First I made a shiny new self-signed certificate for my new server:

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/my-server-x509-cert.pem -keyout /etc/ssl/private/my-server-key.pem

Yes, I know, I just created a 10-year cert.  I hate 1 year expirations.

Add that cert to /etc/dovecot/dovecot.conf and restart dovecot.

Now get a fingerprint of the cert for fetchmail:

openssl x509 -in -noout -md5 -fingerprint

And add said fingerprint to .fetchmailrc, below all the bits about the server and everything but before the next server’s stanza:

sslfingerprint “BB:46:3B:B8:44:DC:82:45:98:2E:D9:94:D5:EE:80:B7”

And finally, the piece do resistance, the new cron job to suppress the “no mail” message.

/usr/bin/fetchmail -s || [ $? -eq 1 ]


Pièce de résistancePièce de résistance