Retrieving and forwarding e-mails using fetchmail on Debian with Postfix
The fetchmail utility can run in daemon mode to repeatedly poll one or more systems at a certain interval, collecting mail from servers that support all popular mail retrieval services, such as the POP3 and IMAP.
This tutorial shows how to use fetchmail on a Debian 11 (bullseye) with Postfix. The e-mails from external mail service providers are retrieved and forwarded to the recipients to the mailbox server which receives e-mails from the smarthost. No forwarding is required for the mail accounts, but the e-mails can be scanned by the smarthost for viruses and SPAM before they are delivered to the user’s mailbox.
How to install fetchmail on Debian
fetchmail can be deployed from the Debian standard repository.
$ sudo apt install -y fetchmail
Enable daemon mode in
# This file will be used to declare some vars for fetchmail # # Uncomment the following if you don't want localized log messages # export LC_ALL=C # If you want to specify any additional OPTION to the start # scripts specify them here # OPTIONS=... # Declare here if we want to start fetchmail. 'yes' or 'no' START_DAEMON=yes
Change START_DAEMON from no to yes.
Create the global recourcen configuration fetchmailrc for operation as a daemon in
Set Daemon 900 set no syslog set logfile /var/log/fetchmail Set Postmaster "Postmaster" set no bouncemail set no spambounce set properties "" poll pop.gmx.net with proto POP3 user 'firstname.lastname@example.org' there with password 'M1HXGLKQJ9OZPCA6V34R' is email@example.com here options fetchall nokeep ssl sslcommonname mail.gmx.net smtphost localhost
A poll line is created for each mail server from which emails are fetched. Every 15 minutes, the external mailbox from firstname.lastname@example.org is retrieved from the POP3 server mail.gmx.net and delivered to the user email@example.com with smtphost via localhost using Postfix to the mailbox server. So that the logging does not end up in /var/log/mail.log, they are logged in /var/log/fetchmail instead
The Common Name (CN) from the certificate, which must be passed with sslcommonname, can be determined using the web browser, or with hit the following command in the Linux shell or from the Windows command prompt.
$ openssl s_client -connect pop.gmail.com:995 | grep "CN=" # with Windows OS C:\> openssl s_client pop.gmail.com:995 | findstr "CN ="
On Windows 10/11, OpenSSL must first be provided, the binaries are available at slproweb.com, or you can install the package with hit the command
winget install openssl
fetchmail provides a number of syntactic features to make it easier to read fetchmailrc. While it is possible to provide credentials for a server on a row, common configurations are specified over a number of different lines. fetchmail is insensitive to whitespace unless the argument is between quotation marks.
There are several options for the Poll statement (for example, nofetchall (default), fetchall, keep, or nokeep).The meanings are as follows:
nofetchall: Get only new messages (default).Unless otherwise specified (e.g. fetchall, keep), this means nofetchall.
fetchall: Fetches all messages, whether seen or not.
keep: Does not delete messages on the server.
nokeep: Deletes the read messages from the server.
Set owner fetchmail for the file fetchmailrc.
$ chown fetchmail /etc/fetchmailrc $ chmod 0600 /etc/fetchmailrc
The fetchmail daemon restarts.
$ systemctl restart fetchmail
The fetchmail conversation to the external server can be checked with the following command.
$ fetchmail -vv -N --ssl -p pop3 -P 995 -firstname.lastname@example.org mail.gmx.net
Test the fetchmailrc configuration file.
$ fetchmail -v -a -k -f /etc/fetchmailrc
Check the fetchmail process.
$ ps -ef | grep -v grep | Grep Fetchmail
The output may look something like this.
fetchma+ 23566 1 0 2022 ? 00:01:42 fetchmail -vv -d 900 -a -f /etc/fetchmailrc -L /var/log/fetchmail
Logging now takes place in the fetchmail file.
$ tail -f /var/log/fetchmail
Something like the following is logged in the fetchmail log file.
fetchmail: awakened at Sat 21 Jan 2023 08:55:45 AM CET fetchmail: 6.3.24 querying pop.gmx.net (protocol POP3) at Sat 21 Jan 2023 08:55:45 AM CET: poll started fetchmail: Trying to connect to 18.104.22.168/995...connected. fetchmail: Certificate chain, from root to peer, starting at depth 2: fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 3 fetchmail: Server certificate: fetchmail: Subject CommonName: mail.gmx.net fetchmail: pop.gmx.net key fingerprint: 36:6D:93:38:DE:58:A2:8B:6D:61:F7:76:1F:56:70:BF fetchmail: SSL/TLS: using protocol TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384, 256/256 secret/processed bits fetchmail: POP3< +OK POP server ready H migmx106 1MMFyQ-1p2A592gZq-00YABU fetchmail: POP3> CAPA fetchmail: POP3< +OK Capability list follows fetchmail: POP3< TOP fetchmail: POP3< UIDL fetchmail: POP3< USER fetchmail: POP3< SASL PLAIN fetchmail: POP3< IMPLEMENTATION trinity fetchmail: POP3< . fetchmail: POP3> USER email@example.com fetchmail: POP3< +OK password required for user "firstname.lastname@example.org" fetchmail: POP3> PASS * fetchmail: POP3< +OK mailbox "email@example.com" has 0 messages (0 octets) H migmx106 fetchmail: selecting or re-polling default folder fetchmail: POP3> STAT fetchmail: POP3< +OK 0 0 fetchmail: No mail for firstname.lastname@example.org at pop.gmx.net fetchmail: POP3> QUIT fetchmail: POP3< +OK POP server signing off fetchmail: 6.3.24 querying pop.gmx.net (protocol POP3) at Sat 21 Jan 2023 08:55:45 AM CET: poll completed fetchmail: New UID list from pop.gmx.net: <empty> fetchmail: not swapping UID lists, no UIDs seen this query fetchmail: Query status=1 (NOMAIL) fetchmail: sleeping at Sat 21 Jan 2023 08:55:45 AM CET for 900 seconds
The example shows a login sequence in a somewhat shortened form.
The fetchmail man page provides a lot of useful information.
$ man fetchmail
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?