[aklug] Fetchmail :: suppressing 'local issuer certificate' complaints

From: Tim Johnson <tim@akwebsoft.com>
Date: Tue Oct 18 2011 - 15:24:39 AKDT

I've been as of lately setting up email on a mac mini with Lion (OSX
10.7).
I'm used to using postfix for sending emai, fetchmail for retrieving
email, procmail to distribute it and mutt as my reader/composer.
This has been the case on the linux boxes that I have used for the
last many years.

The version of fetchmail on this mac is SSL-enabled. The problems
that I am having on the mac do not occur on my linux boxes, which
_are not_ linked against SSL

I retrieve email from 3 different mail servers.
gmail - which is handled by ssl and local certificates.
  No problem...
mtaonline, which has no certs.
  No problem...
hostmonster, which has server-side certs
With this new fetchmail, I am getting complaints from fetchmail
about the hostmonster accounts. Examples for one account can be
seen between the lines of asterisks:
**************************************************************
fetchmail: Server certificate verification error: unable to get
local issuer certificate
fetchmail: This means that the root signing certificate (issued for
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware) is
not in the trusted CA certificate locations, o
fetchmail: Server certificate verification error: certificate not
trusted
fetchmail: Warning: the connection is insecure, continuing anyways.
(Better use --sslcertck!)
**************************************************************
Now, even with these messages, retrieval is successful, but I want
to get rid of them!

Below is the poll statement and options for one user as taken from
.fetchmailrc
**************************************************************
poll host266.hostmonster.com with proto POP3
       user '***@akwebsoft.com' there with password '*******' is
           'tim' here mda "/usr/bin/procmail" options ssl
**************************************************************
Any ideas? BTW: adding the sslcertck option will cause retrieval to
fail, because then fetchmail _must_ find valid local certs.

I've contacted hostmonter's techs but have not yet heard back from
them.

Any input would be appreciated.
thanks 

-- 
Tim 
tim at tee jay forty nine dot com or akwebsoft dot com
http://www.akwebsoft.com
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Oct 18 15:23:32 2011

This archive was generated by hypermail 2.1.8 : Tue Oct 18 2011 - 15:23:32 AKDT