What is likely to be causing, and how do I fix, this fetchmail error in Debian 9?

A colleague recently upgraded a Debian 8 system to Debian 9.9. Since then, this fetchmail error has been occurring:

Jun 17 11:03:02 localhost fetchmail[13802]: Your OpenSSL version does not support SSLv3.

Jun 17 11:03:02 localhost fetchmail[13802]: SSL connection failed.

Jun 17 11:03:02 localhost fetchmail[13802]: socket error while fetching from

Jun 17 11:03:02 localhost fetchmail[13802]: Query status=2 (SOCKET)

There are two local systems that have been used to collect mail from the server, an older i386 system here at work, that is working just fine. The faulty system is a newer amd64 system my colleague uses at home.

We found that the .fetchmailrc file had disappeared on this system after the upgrade. When it was recreated (from the work system), there was no change in behaviour, the error occurs endlessly and no mail is fetched.

Our .fetchmailrc file is below:

set no bouncemail
set postmaster "local_account"

poll email.server protocol pop3 port 995
   with uidl
   user "email.server.user" with password "this.is.not.the.password" is "local.account" here
   with ssl and sslproto 'TLS1+'
   with sslfingerprint "01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:FF" 
   with keep
   smtpaddress "local.smtp.server"
   mda "/usr/bin/procmail -d %T"

We don't have the experience/knowledge to diagnose & fix this. Any suggestions as to what to look for and try would be greatly appreciated. Is there anything I could post here that would help this process?

Thanks in advance.

Joe Aquilina

Posted 2019-06-17T03:23:21.140

Reputation: 1

Have you specified any ssl* options in your ~/.fetchmailrc? – AnFi – 2019-06-17T06:57:29.030

I probably should have included the .fetchmailrc file earlier shouldn't I? Here it is, with relevant "secret" bits changed:

set no bouncemail set postmaster "local_account" poll email.server protocol pop3 port 995 with uidl user "email.server.user" with password "this.is.not.the.password" is "local.account" here with ssl and sslproto 'TLS1+' with sslfingerprint "01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:FF" with keep smtpaddress "local.smtp.server" mda "/usr/bin/procmail -d %T" – Joe Aquilina – 2019-06-17T07:39:24.737

Sorry, having trouble with formatting. Very new here, clearly lots of learning to be done . – Joe Aquilina – 2019-06-17T07:56:23.293

1@Joe: It would be better to edit your original question and add the new information there. Question content supports more options for formatting. – RedGrittyBrick – 2019-06-17T10:03:16.987

Thanjks for the suggestion, I have added the .fetchmailrc file in my question above. That looks much more readable. – Joe Aquilina – 2019-06-18T01:22:24.333

Openssl version is: OpenSSL 1.1.0j 20 Nov 2018

openssl ciphers -ssl3 command returns:

ciphers: Option unknown option -ssl3

ciphers: Use -help for summary.

Have not ever built any packages from source so I am guessing that could be a bit of an adventure in itself.

If SSLv3 is deprecated, and TLS is preferred, I should probably look at confirming that our mail server supports TLS and use that, rather than rebuilding openssl for SSLv3 support. Not sure how I find out what our mail server supports, this is all a mystery to me; I am feeling very much out of my depth here. – Joe Aquilina – 2019-06-18T01:34:19.393

What is likely to be causing, and how do I fix, this fetchmail error in Debian 9?

Answers