Re: SOLVED Fetchmail; continually losing authentication with gmx.net

[Ron Leach <ronleach@tesco.net>]

On 26/11/2014 07:50, Frédéric Marchal wrote:
> Fetchmail certainly uses the system ssl library and SSLv3 was recently
> disabled system wide for security reasons (see the poodle attack).
>
> [snip]
>
> You'll have to investigate a bit but my theory is that fetchmail is
> requesting SSLv3. As it is disabled by wheezy but is accepted by etch
> it works with the latter but not the former.
>
> Fetchmail should have an option to force the ssl protocol to be TLSv1.
> I think it should be --sslprotoversion tlsv1 or something similar.

Astute, Frederick.

I altered the poll details for ...@gmx.net to say:
	
poll pop.gmx.net with proto POP3 timeout 100 and options
  auth password no dns uidl

 user '[...]@gmx.net' there with password '[...]' is
  '[...]' here options sslproto 'TLS1' keep stripcr fetchlimit 5

[the 'keep' parameter is only there while I am testing, so as not to 
lose any mails after architecture changes or rebuilds etc.  In the 
production system the 'keep' will be absent.]

This has been running for 3 days, now, without missing a beat.

You solved it.  Thank you for the insights.

regards, Ron