How to fetchmail on Debian 11

21. 01. 2023 Don Matteo Leave a comment

fetchmail on Debian with Postfix retrieving and forwarding e-mails

The fetchmail utility can run in daemon mode to repeatedly poll one or more systems at a certain interval, here on a debian system, collecting mail from servers that support all popular mail retrieval services, such as the POP3 and IMAP.

This tutorial show you how to use fetchmail on a Debian 11 (bullseye) with Postfix. The e-mails from external mail service providers are retrieved and forwarded to the recipients to the mailbox server which receives e-mails from the smarthost. No forwarding is required for the mail accounts, but the e-mails can be scanned by the smarthost for viruses and SPAM before they are delivered to the user’s mailbox.

How to install fetchmail on Debian

fetchmail can be deployed from the Debian standard repository.

$ sudo apt install -y fetchmail

Enable daemon mode in/etc/default/fetchmail

# This file will be used to declare some vars for fetchmail
#
# Uncomment the following if you don't want localized log messages
# export LC_ALL=C

# If you want to specify any additional OPTION to the start
# scripts specify them here
# OPTIONS=...

# Declare here if we want to start fetchmail. 'yes' or 'no'
START_DAEMON=yes

Change START_DAEMON from no to yes.

Create fetchmail global recourcen configuration fetchmailrc for operation as a daemon in/etc/fetchmailrc on debian.

Set Daemon 900
set no syslog
set logfile /var/log/fetchmail
Set Postmaster "Postmaster"
set no bouncemail
set no spambounce
set properties ""

poll pop.gmail.com with proto POP3
user 'john.dohe911@gmail.com' there with password 'M1HXGLKQJ9OZPCA6V34R' is john.dohe@foo.org here options fetchall nokeep ssl sslcommonname pop.gmail.com smtphost localhost

fetchmail poll is fetching emails

fetchmail poll line is created for each mail server from which emails are fetched. Every 15 minutes, the external mailbox from john.dohe911@gmail.com is retrieved from the POP3 server pop.gmail.com and delivered to the user john.dohe@foo.org with smtphost via localhost using Postfix to the mailbox server. So that the logging does not end up in /var/log/mail.log, they are logged in /var/log/fetchmail instead

The Common Name (CN) from the certificate, which must be passed with sslcommonname, can be determined using the web browser, or with hit the following command in the Linux shell or from the Windows command prompt.

$ echo "QUIT" | openssl s_client -connect pop.gmail.com:995 2>/dev/null | grep "CN"
# use on Windows
C:\> openssl s_client pop.gmail.com:995 | findstr "CN ="

On Windows 10/11, OpenSSL must first be provided, the binaries are available at slproweb.com, or you can install the package with hit the command winget install openssl

fetchmail options

fetchmail provides a number of syntactic features to make it easier to read fetchmailrc. While it is possible to provide credentials for a server on a row, common configurations are specified over a number of different lines. fetchmail is insensitive to whitespace unless the argument is between quotation marks.

There are several options for the Poll statement (for example, nofetchall (default), fetchall, keep, or nokeep).The meanings are as follows:

nofetchall: Get only new messages (default).Unless otherwise specified (e.g. fetchall, keep), this means nofetchall.
fetchall: Fetches all messages, whether seen or not.
keep: Does not delete messages on the server.
nokeep: Deletes the read messages from the server.

Set owner fetchmail for the file fetchmailrc on debian.

$ chown fetchmail /etc/fetchmailrc
$ chmod 0600 /etc/fetchmailrc

The fetchmail daemon restarts.

$ systemctl restart fetchmail

The fetchmail conversation to the external server can be checked with the following command.

$ fetchmail -vv -N --ssl -p pop3 -P 995 -ujohn.dohe911@gmail.com pop.gmail.com

Test the fetchmailrc configuration file.

$ fetchmail -v -a -k -f /etc/fetchmailrc

Check the fetchmail process on our debian server.

$ ps -ef | grep -v grep | Grep Fetchmail

The output may look something like this.

fetchma+ 23566 1 0 2022 ?        00:01:42 fetchmail -vv -d 900 -a -f /etc/fetchmailrc -L /var/log/fetchmail

Logging now takes place in the fetchmail file on the debian.

$ tail -f /var/log/fetchmail

Something like the following is logged in the fetchmail log file.

fetchmail: awakened at Sat 21 Jan 2023 08:56:23 AM CET
fetchmail: 6.3.24 querying pop.gmail.com (protocol POP3) at Sat 21 Jan 2023 08:56:23 AM CET: poll started
fetchmail: Trying to connect to 198.51.100.52/995...connected.
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: Google Trust Services LLC
fetchmail: Issuer CommonName: GTS Root R1
fetchmail: Server certificate:
fetchmail: Subject CommonName: pop.gmail.com
fetchmail: pop.gmail.com key fingerprint: 34:2C:71:41:AE:58:A5:BB:6F:21:6F:24:B7:68:23:CD
fetchmail: SSL/TLS: using protocol TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384, 256/256 secret/processed bits
fetchmail: POP3< +OK POP server ready H mgmail603 1MNFyQ-1p3A592gZq-00YADU
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN
fetchmail: POP3< IMPLEMENTATION trinity
fetchmail: POP3< .
fetchmail: POP3> USER john.dohe911@gmail.com
fetchmail: POP3< +OK password required for user "john.dohe911@gmail.com"
fetchmail: POP3> PASS *
fetchmail: POP3< +OK mailbox "john.dohe911@gmail.com" has 0 messages (0 octets) H mgmail603
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for john.dohe911@gmail.com at pop.gmail.com
fetchmail: POP3> QUIT
fetchmail: POP3< +OK POP server signing off
fetchmail: 6.3.24 querying pop.gmail.com (protocol POP3) at Sat 21 Jan 2023 08:56:23 AM CET: poll completed
fetchmail: New UID list from pop.gmail.com: <empty>
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: sleeping at Sat 21 Jan 2023 08:56:23 AM CET for 900 seconds

The example shows a login sequence in a somewhat shortened form.

The fetchmail man page provides a lot of useful information.

$ man fetchmail

UNBLOG Tutorials (EN)

SMTP server reply codes

Home

15. 01. 2023 neutrinus Leave a comment

List of the main SMTP server reply codes, with explanation and hints how to do it.

The SMTP server reply codes can be used to help determine why an email bounced, or why you’re receiving an SMTP error when sending an email.

CODE	Declaration	Task to solving

101	The server is unable to connect.	Try to change the server’s name (maybe it was spelt incorrectly) or the connection port.
111	Connection refused or inability to open an SMTP stream.	This error normally refers to a connection issue with the remote SMTP server, depending on firewalls or misspelled domains. Double-check all the configurations and in case ask your provider.

211	System status message or help reply.	It comes with more information about the server.
214	A response to the HELP command.	It contains information about your particular server, normally pointing to a FAQ page.
220	SMTP server is ready.	It’s just a welcome message. Just read it and be happy that everything is working.
221	The server is closing its transmission channel. It can come with side messages like “Goodbye” or “Closing connection”.	The mailing session is going to end, which simply means that all messages have been processed.
250	Its typical side message is “Requested mail action okay completed”: meaning that the server has transmitted a message.	The oppsite of an error: everything has worked and your email has been delivered.
251	“User not local will forward”: the recipient’s account is not on the present server, so it will be relayed to another.	It’s a normal transfer action. For other information check out our article on what is an SMTP server.
252	The server cannot verify the user, but it will try to deliver the message anyway.	The recipient’s email account is valid, but not verifiable. Normally the server relays the message to another one that will be able to check it.

354	The side message can be very cryptic (“Start mail input end <CRLF>.<CRLF>”). It’s the typical response to the DATA command.	The server has received the “From” and “To” details of the email, and is ready to get the body message.

420	“Timeout connection problem”: there have been issues during the message transfer.	This error message is produced only by GroupWise servers. Either your email has been blocked by the recipient’s firewall, or there’s a hardware problem. Check with your provider.
421	The service is unavailable due to a connection problem: it may refer to an exceeded limit of simultaneous connections, or a more general temporary problem.	The server (yours or the recipient’s) is not available at the moment, so the dispatch will be tried again later.
422	The recipient’s mailbox has exceeded its storage limit.	Try to contact the user via another channel to alert him and ask to create some free space in his mailbox.
431	Not enough space on the disk, or an “out of memory” condition due to a file overload.	This error may depend on too many messages sent to a particular domain. You should try again sending smaller sets of emails instead of one big mail-out.
432	Typical side-message: “The recipient’s Exchange Server incoming mail queue has been stopped”.	It’s a Microsoft Exchange SMTP Server reply error code. You should contact it to get more information: generally it’s due to a connection problem.
441	The recipient’s server is not responding.	There’s an issue with the user’s incoming server: yours will try again to contact it.
442	The connection was dropped during the transmission.	A typical network connection problem, probably due to your router: check it immediately.
446	The maximum hop count was exceeded for the message: an internal loop has occurred.	Ask your SMTP provider to verify what has happened.
447	Your outgoing message timed out because of issues concerning the incoming server.	This happens generally when you exceeded your server’s limit of number of recipients for a message. Try to send it again segmenting the list in different parts.
449	A routing error.	Like error 432, it’s related only to Microsoft Exchange. Use the CLI route print.
450	“Requested action not taken – The user’s mailbox is unavailable”. The mailbox has been corrupted or placed on an offline server, or your email hasn’t been accepted for IP problems or blacklisting.	The server will retry to mail the message again, after some time. Anyway, verify that is working on a reliable IP address.
451	“Requested action aborted – Local error in processing”. Your ISP’s server or the server that got a first relay from yours has encountered a connection problem.	It’s normally a transient error due to a message overload, but it can refer also to a rejection due to a remote antispam filter, ask your SMTP provider to check. Exchange issue: 451 4.7.0 Temporary server error. Please try again later. PRX. If the DC “lags” then this error also frequently shows up.
452	Too many emails sent or too many recipients: more in general, a server storage limit exceeded.	Again, the typical cause is a message overload. Usually the next try will succeed: in case of problems on your server it will come with a side-message like “Out of memory”.
471	An error of your mail server, often due to an issue of the local anti-spam filter.	Contact your SMTP service provider to fix the situation.

500	A syntax error: the server couldn’t recognize the command.	It may be caused by a bad interaction of the server with your firewall or antivirus. Read carefully their instructions to solve it.
501	Another syntax error, not in the command but in its parameters or arguments.	In the majority of the times it’s due to an invalid email address, but it can also be associated with connection problems (and again, an issue concerning your antivirus settings).
502	The command is not implemented.	The command has not been activated yet on your own server. Contact your provider to know more about it.
503	The server has encountered a bad sequence of commands, or it requires an authentication.	In case of “bad sequence”, the server has pulled off its commands in a wrong order, usually because of a broken connection. If an authentication is needed, you should enter your username and password.
504	A command parameter is not implemented.	Like error 501, is a syntax problem; you should ask your provider.
510/511	Bad email address.	One of the addresses in your TO, CC or BBC line doesn’t exist. Check again your recipients’ accounts and correct any possible misspelling.
512	A DNS error: the host server for the recipient’s domain name cannot be found.	Check again all your recipients’ addresses: there will likely be an error in a domain name (like mail@domian.com instead of mail@domain.com).
513	“Address type is incorrect”: another problem concerning address misspelling. In few cases, however, it’s related to an authentication issue.	Doublecheck your recipients’ addresses and correct any mistake. If everything’s ok and the error persists, then it’s caused by a configuration issue (simply, the server needs an authentication).
523	The total size of your mailing exceeds the recipient server’s limits.	Re-send your message splitting the list in smaller subsets.
530	Normally, an authentication problem. But sometimes it’s about the recipient’s server blacklisting yours, or an invalid email address.	Configure your settings providing a username+password authentication. If the error persists, check all your recipients’ addresses and if you’ve been blacklisted.
541	The recipient address rejected your message: normally, it’s an error caused by an anti-spam filter.	Your message has been detected and labeled as spam. You can ask the recipient to whitelist you.
550	It usually defines a non-existent email address on the remote side.	Though it can be returned also by the recipient’s firewall (or when the incoming server is down), the great majority of errors 550 simply tell that the recipient email address doesn’t exist. You should contact the recipient otherwise and get the right address.
551	“User not local or invalid address – Relay denied”. Meaning, if both your address and the recipient’s are not locally hosted by the server, a relay can be interrupted.	It’s a (not very clever) strategy to prevent spamming. You should contact your ISP and ask them to allow you as a certified sender. Of course, with a professional SMTP provider you won’t ever deal with this issue.
552	“Requested mail actions aborted – Exceeded storage allocation”: simply put, the recipient’s mailbox has exceeded its limits.	Try to send a simple message: that usually happens when you dispatch emails with big attachments, so check them first.
553	“Requested action not taken – Mailbox name invalid”. That is, there’s an incorrect email address into the recipients line.	Check all the addresses in the TO, CC and BCC field. There should be an error or a misspelling somewhere.
554	This means that the transaction has failed. It’s a permanent error and the server will not try to send the message again.	The incoming server detects that your email is spam, or your IP has been blacklisted. Check carefully if you ended up in some spam lists, or rely on a professional SMTP service that will fixes this problem.

If that you have understanding of what an SMTP Server reply response code is, here are 21 common SMTP response codes, as laid out in RFC 821 (RFC stands for Request for Comments documents).