Fetchmail:
Fetchmail用于将其它支持pop3的邮件服务器上取回邮件并保存到本地的spool中。它的配置文件为
~/.fetchmail,在配置好后,还需要在shell的启动脚本里写入启动fetchmail的指令。
.fetchmail文件的内容为:
=============================================================================
set daemon 60 #设置每过60秒取一次邮件
poll st.gsau.edu.cn #设置邮件服务器的地址
uidl #设置每次只取新邮件
protocol POP3 #取信协议为POP3
user "username" #用户名
password "password" #登陆口令
keep #取完邮件后保留邮件在服务器上。
ssl #对于启用了SSL加密的POP3服务器需要加入这条规则,比如GMAIL。
1、设置exim4,通过smarthost外发邮件
$dpkg-reconfigure exim4-config
(1)将配置文档拆分成小文件么? 否
(2)选择“用smarthost发信;通过smtp或fetchmail接受邮件”
(3)系统邮件名称,随意;(这里我写了tom.com)
(4)要监听的入站 SMTP 连接的 IP 地址:127.0.0.1 (这样,就只有本机可以利用exim4)
(5)其它可接受的邮件目的地址:(empty)
(6)为这些主机进行邮件转发:(empty)
(7)负责处理从本机寄出的邮件的机器(smarthost):真正用来外发邮件的smtp地址
(我这里用smtp.gmail.com)
(8)要在寄出的邮件中隐藏本地邮件名称吗? 是
(9)本地用户的可视域名:同(3)
(10)保持最小 DNS 查询量吗(按需拔号 Dial-on-Demand)? 否
还要修改几个配置文件:
(1)/etc/exim4/passwd.client,smtp的帐号密码设置,加入:
smtp.gmail.com:[email protected]:passwordgmail-smtp.l.google.com:[email protected]:password
后一个地址非常重要,当 exim 联向 smtp.gmail.com 时它会以类似重定向的方式联向 gmail-smtp.l.google.com,所以也要给它写上认证信息。
(2)/etc/email-addresses,系统邮箱地址,加入:
user: [email protected]
(3)/etc/exim4/exim4.conf.template,exim4配置文件
### transport/30_exim4-config_remote_smtp_smarthost################################## This transport is used for delivering messages over SMTP connections# to a smarthost. The local host tries to authenticate and does some# modification in headers and return-path.# This transport is used for smarthost and satellite configurations.remote_smtp_smarthost:debug_print = "T: remote_smtp_smarthost for $local_part@$domain"driver = smtp# hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}tls_tempfail_tryclear = false# DEBCONFheaders_rewriteDEBCONF# DEBCONFreturn_pathDEBCONFhosts_require_auth = smtp.gmail.comhosts_require_tls = smtp.gmail.comport=587
配置完以后,update-exim4.conf,update-exim4.conf.template,然后重启 exim4 服务即可。
2、配置mutt:编辑/etc/Muttrc
这里加入:
set envelope_from=yesset sendmail="/usr/sbin/exim4"set [email protected] realname="josephpei"set use_from=yes
3、opensll认证:
(1)取得gmail的cert文件
运行:
$openssl s_client -connect smtp.gmail.com:995 -showcerts
输出:
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDBZIAMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUxMTE1MjEyMjQ0WhcNMDcxMTE2MjEyMjQ0
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMP8LCYiLGJ/
RihwcOi1V/zHVTw0Gfu+mI141Vjuuj2DtQoav8emwlXbu8gZoKP9GeMWpX1Vo9qN
4gkslIToHmDnIwGjcaEAfpdhSR9g54Kf5Y7BEXVyco6mTIlpe9vsbV0dmB1FvLP2
1N09dkUJfi7V0fjb8mcn3QYu6+6QNoxPAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTdASsopgao1m8hcEg0cDZhucltljA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAln3/pVqYnUXA1TVGzOqX
LFhohGxpuNkr1UJnQmYxmZeB07uPBYRX8c0JXEKs29TmAHRsLhmp8kF36F11Dxgi
Xm/Y8I9zgWHoMj7SL3Ve/u8K8K7XcUyUuaWmldLQAREafpFy+f+KYHGuAVh8hjy6
XyPlMCqj+PNp8QXjgOcgO68=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 891 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: CFCAB44667A90184C8ABCC6F4D2D1C8EC29A9DBDAD11D815E7E22DC5E34213F6
Session-ID-ctx:
Master-Key: 1AFCF4EC31DF0A5930B527BDC55B86D69285DD044E939BDDF18884F61F1E8340EFE7BF85CC50F98F657FB0579CF612F7
Key-Arg : None
Start Time: 1134601370
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
+OK Gpop m2pf1356431nzf ready.
将中间的:
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
拷贝到~/.certs/gmail.pem(自己建立这个目录和文件)
(2) 生成CA文件
$openssl x509 -in gmail.pem -noout -fingerprint
将上面的gmail.pem前面加上Fingerprint
MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E1:1B:EC4PEM Data:-----BEGIN CERTIFICATE-----......-----END CERTIFICATE-----
(gmail.pem似乎可以不加fingerprint,我加上,就没有删,就画个蛇加个足吧)
在~/.certs/建立equifax.pem文件,内容如下:
MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4PEM Data:-----BEGIN CERTIFICATE-----MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4-----END CERTIFICATE-----
(3)rehash上步两个文件:equifax.pem和gmail.pem,运行:
$ c_rehash .certs
(4)检查CA文件,运行:
$openssl s_client -connect pop.gmail.com:995 -CApath .certs/
如果输出中有:
Verify return code: 0 (ok)
则CA文件是好的.
4、配置fetchmail
这个比较简单,修改~/.fetchmail文件,加入:
# # # Sample /home/chirico/.fetchmailrc file for Gmail # # Check mail every 90 seconds set daemon 90 set syslog set postmaster chirico #set bouncemail # # Google Gmail is mchirico but on computer it is chirico # To keep mail on the server use the you would put keep at the end. # user '[email protected]' with pass "pa33w0r8" is 'chirico' here options ssl sslcertck sslcertpath '/home/chirico/certs/.certs' keep # poll pop.gmail.com with proto POP3 and options no dns user '[email protected]' with pass "pa33w0r8" is 'chirico' here options ssl sslcertck sslcertpath '/home/chirico/certs/.certs' smtphost localhost # You would use this to by-pass Postfix # mda '/usr/bin/procmail -d %T'
tsinghua brep:如果有重复收信问题
poll pop3.sina.com.cn with proto POP3 uidl
~~~~加上这个
然后执行:
$chmod 0600 .fetchmailrc
呵呵,终于完工了,测试:
josephpei@hit-pei:~$ fetchmail -avkfetchmail: 6.3.2 querying pop.gmail.com (protocol POP3) at 2006年04月06日 星期四 20时07分26秒: poll startedfetchmail: Issuer Organization: Equifaxfetchmail: Unknown Issuer CommonNamefetchmail: Server CommonName: pop.gmail.comfetchmail: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4fetchmail: POP3< +OK Gpop ready z52pf972624pygfetchmail: POP3> CAPAfetchmail: POP3< +OK Capability list followsfetchmail: POP3< USERfetchmail: POP3< RESP-CODESfetchmail: POP3< EXPIRE 0fetchmail: POP3< LOGIN-DELAY 300fetchmail: POP3< X-GOOGLE-VERHOEVENfetchmail: POP3< .fetchmail: POP3> USER [email protected]: POP3< +OK send PASSfetchmail: POP3> PASS *fetchmail: POP3< +OK Welcome.fetchmail: POP3> STATfetchmail: POP3< +OK 1 23051 message for [email protected] at pop.gmail.com (2305 octets).fetchmail: POP3> LIST 1fetchmail: POP3< +OK 1 2305fetchmail: POP3> RETR 1fetchmail: POP3< +OK message followsreading message [email protected]@pop.gmail.com:1 of 1 (2305 octets)fetchmail: SMTP< 220 hit-pei.optic ESMTP Exim 4.60 Thu, 06 Apr 2006 20:07:31 +0800fetchmail: SMTP> EHLO hit-pei.opticfetchmail: SMTP< 250-hit-pei.optic Hello localhost [127.0.0.1]fetchmail: SMTP< 250-SIZE 52428800fetchmail: SMTP< 250-PIPELININGfetchmail: SMTP< 250 HELPfetchmail: SMTP> MAIL FROM:
附(还未试):为了和word附件的配合,需要在.muttrc中加入:
auto_view application/msword
另外,还需要在~/.mailcap中加入:
text/html; lynx -force_html %s; needsterminal;
application/msword; /usr/bin/antiword '%s'; copiousoutput; #这里用到antiword,apt-get install就行
description="Microsoft Word Text"; nametemplate=%s.doc
这样,就能够在mutt中显示word附件了。