Explore & discover

Helpful Links

inbound.att.net ssl certificates fail for fetchmail pop3

Contributor

inbound.att.net ssl certificates fail for fetchmail pop3

Within the last month or so, my fetchmailrc script stopped working. I use the pop3 with sslcertck:

poll inbound.att.net with proto pop3 service 995:

sslproto 'TLS1'

user "<username>@att.net" password "<password>" is <username> here

sslcertck sslcertpath '/etc/ssl/certs/' smtphost localhost

 

Openssl check appears to be normal with the exception of possible ssl mismatch at legacy.pop.mail.yahoo.com :

# openssl s_client -host inbound.att.net -port 995
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = US, ST = California, L = Sunnyvale, O = Yahoo Inc., OU = Information Technology, CN = legacy.pop.mail.yahoo.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=legacy.pop.mail.yahoo.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIpjCCB46gAwIBAgIQDc9LFCaU7HXISZt8q924/zANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDkyMDAwMDAwMFoX
DTE4MDkyMDIzNTk1OVowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
bmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAoMCllhaG9vIEluYy4xHzAd
BgNVBAsMFkluZm9ybWF0aW9uIFRlY2hub2xvZ3kxIjAgBgNVBAMMGWxlZ2FjeS5w
b3AubWFpbC55YWhvby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDAjpsBvYb8X3BXrHeriSRWugNBxGjlpVpbiJ2JzdymxjaGQyOdcyYV5Oe8malA
1UHH+jr82ekkhR24AINlCkW3ojoKk10dC0Q6HbR8s5tckGVTJQIuEXOyxLZ74772
dKM0x2B0Yz1LDKPV7RJEn+DE+6fYyGzz3UkJWpyxw9b5QARjHO68CCMHuY+2NyhR
2lf8W/DZdomhy1rO/z/ul149b7g87pdh1uyRP8CMe6EbxhymTSbEAd0LFA2LgSFU
1du4+q6k6F1+FxQm+f+a63NgpfFR2PeqTmBnTsVW9VNzysX5vpa61f6ChShQsN7W
272fqPV6PvEd3ezH6JpptadrAgMBAAGjggULMIIFBzCCAj0GA1UdEQSCAjQwggIw
ghlsZWdhY3kucG9wLm1haWwueWFob28uY29tghJwb3AubWFpbC55YWhvby5jb22C
FCoucG9wLm1haWwueWFob28uY29tghVwb3AuYml6bWFpbC55YWhvby5jb22CFXBv
cC5tYWlsLnlhaG9vLmNvbS5hcoIVcG9wLm1haWwueWFob28uY29tLmF1ghVwb3Au
bWFpbC55YWhvby5jb20uYnKCFXBvcC5tYWlsLnlhaG9vLmNvbS5oa4IVcG9wLm1h
aWwueWFob28uY29tLm15ghVwb3AubWFpbC55YWhvby5jb20ucGiCFXBvcC5tYWls
LnlhaG9vLmNvbS5zZ4IVcG9wLm1haWwueWFob28uY29tLnR3ghVwb3AubWFpbC55
YWhvby5jb20udm6CFHBvcC5tYWlsLnlhaG9vLmNvLmlkghRwb3AubWFpbC55YWhv
by5jby5pboIUcG9wLm1haWwueWFob28uY28ua3KCFHBvcC5tYWlsLnlhaG9vLmNv
LnRoghRwb3AubWFpbC55YWhvby5jby51a4IRcG9wLm1haWwueWFob28uY2GCEXBv
cC5tYWlsLnlhaG9vLmRlghFwb3AubWFpbC55YWhvby5mcoIRcG9wLm1haWwueWFo
b28uaW6CEXBvcC5tYWlsLnlhaG9vLml0ghNwb3AuY29ycmVvLnlhaG9vLmVzgg5w
b3AueTdtYWlsLmNvbYIRcG9wLmF0dC55YWhvby5jb20wCQYDVR0TBAIwADAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1Ud
IARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5j
b20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8G
A1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByG
Gmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggr
BgEFBQcwAYYTaHR0cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDov
L3NzLnN5bWNiLmNvbS9zcy5jcnQwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2
AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABV0nx/14AAAQDAEcw
RQIgfkkZxUY04LfwJP0jyi4by4UoOd7N7394vK5QjFiBk5UCIQCNDpUVXUlkjGC8
KvEcZJZRcMtOuD3S0G1Gc/yQbIlMNwB1AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE
0QpnrLtPT/vEAAABV0nyABoAAAQDAEYwRAIgDWpqOUTmigsLtt4HV8QnUBZXmJoe
peI/aboc7KIvCjUCIB9IR8YT2cPT8Wt7U/Iw/3+xS04MMu4WzOBy+3AEBNQJAHcA
7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFXSfIBXwAABAMASDBG
AiEAhamp7suhJVpxwwLgbS6WDCvt+yeyuNZmWFZ2fYLS6t8CIQDdkwSwXD1k4h8I
1mtP0v0XDlmN92oyCkZiW1TXlo7BgjANBgkqhkiG9w0BAQsFAAOCAQEAaI/pl8sL
3bBHFAivshZ7r0X7VMNVXa9L9/qYmdbNfmNChIlGFsrLrXCghl3pEOvB9G8rvDRZ
U6XVLReH9XYZk/zYOPZ9MfJ2iePpEyyC098SXI/mM4PzkfaImcRvgLk2n05BvKOC
NfF0l9IIQXU7RugEC97dPoIqO2sucevHPVKD1VttPWQznVdgTGekiAAg++Kylrjg
ljRns3rLED8uN7CKCk2qs7belbnvNtrTOnrNCKa9jmEeCaO9DZbpvA1s2LA5L6HR
S2d0ohqZe63JbuWVIAekyFshyBxGOYDwT3QWGyFlvcbR6GgJI5iH0aNY3iTgugKH
x3Ychr4Jo8cNtQ==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=legacy.pop.mail.yahoo.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5284 bytes and written 429 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 58D2702A2B33733688B90B1D39F4E516A34355525B3CFB4FAFBF6DBF8CCD8045
Session-ID-ctx:
Master-Key: AB56F70F6DB40E8884BA6CD1FD35ABD1D60B984E166A00B293231F587399D1180150F3E70F8A7038D7659DA9554F835C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1490186282
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
+OK Hello from jpop-0.1

 

Since I cannot use sslcertck I was trying to make use of the peer fingerprint (ssl fingerprint)

e.g. sslfingerprint "66:89:36:BA:15:CD:9BSmiley Very HappyA:BE:39:02:34:5C:0B:C1:30"

 

I have been unable to collect or set the ssl fingerprint. Maybe if I set up Thunderbird to do the pop3 exchange.

Comments are welcome

375 Views
Message 1 of 2
Highlighted
Contributor

Re: inbound.att.net ssl certificates fail for fetchmail pop3

The easy and working solution is this.

 

Inbound mail server is currently inbound.att.net

Change it to legacy.pop.mail.yahoo.com

 

Fixed.

 

miletx.com

Message 2 of 2
Share this topic
Share this topic
Announcements...
Are you having trouble logging in? Is your email password not working? Let us show you how to Reset your Email Password using myAT&T!
Additional Support