# [SOLVED] fetchmail + hotmail: SSL error

## v1pEr

I'm used to running fetchmail with gotmail, but as hotmail now finally supports pop3 I'd like to do it that way.

So I have this part in my fetchmailrc:

```
poll pop3.live.com

        with proto POP3 port 995

                user 'xxx@hotmail.com' there with password xxx' is 'v1per' here

                keep

                sslfingerprint 'D0:3C:4D:59:F6:95:37:59:EA:A9:5D:4C:CE:D3:2A:A1'

                sslcertpath /home/v1per/.certs

                sslproto ssl23

                ssl
```

But whenever I run fetchmail, I get this:

```
RoSe v1per # fetchmail -vvvv -N -d0 -f /etc/fetchmailrc

fetchmail: WARNING: Running as root is discouraged.

fetchmail: 6.3.9 querying pop3.live.com (protocol POP3) at Mon Jul 20 17:03:48 2009: poll started

fetchmail: Trying to connect to 65.55.172.253/995...connected.

fetchmail: SSL connection failed.

fetchmail: socket error while fetching from xxx@hotmail.com@pop3.live.com

fetchmail: 6.3.9 querying pop3.live.com (protocol POP3) at Mon Jul 20 17:03:49 2009: poll completed

fetchmail: Query status=2 (SOCKET)

fetchmail: Writing fetchids file.

fetchmail: normal termination, status 2

fetchmail: Writing fetchids file.
```

I searched high and low but there doesn't seem to be much documentation on how to get this running...Last edited by v1pEr on Tue Jul 21, 2009 10:04 am; edited 1 time in total

----------

## Mike Hunt

Can you try with a simpler fetchmailrc?  Mine for gmail is like this

```
$ cat .fetchmailrc

poll pop.gmail.com

        proto POP3

        user 'myusername@gmail.com'

        pass 'supertopsecret'

        ssl
```

 Works perfect every time, and when I used hotmail this worked as well.    :Wink: 

----------

## cach0rr0

i would steer clear of adding a fingerprint, as the fella above me suggested 

i dont use either, but am making a blind guess  here - hotmail has 8 gazillion nodes, likely a different cert for each. If you're only allowing one specific cert, you'll get a conflict unless you connect to that one specific node that has the cert you've specified

again, this is coming from someone without a clue how fetchmail is intended to work, just a general pointer

as well there's no reason to specify an SSL method I don't think. What if hotmail supports TLSv1 at some point?

----------

## v1pEr

Oh my god, I cannot believe it was that simple. It's working now, thank you a lot for helping me with a such a stupid and convenient solution.

----------

## Mike Hunt

Sure, no problem v1pEr   :Cool: 

----------

## WackyDoo

 *Mike Hunt wrote:*   

> Can you try with a simpler fetchmailrc?  Mine for gmail is like this
> 
> ```
> $ cat .fetchmailrc
> 
> ...

 

I would add the "sslcrtck" option to ensure that the server cert is signed by one of your trusted certs in /etc/ssl/certs.  Running 

```

openssl s_client -connect pop3.live.com:995 -CApath /etc/ssl/certs

```

shows that the server cert is signed by  *Quote:*   

> GTE CyberTrust Global Root

  which should be one of your machines "trusted" cert authorities. Otherwise you are vulnerable to a man-in-the-middle attack.

----------

