[pkg-fetchmail-maint] Bug#568455: Bug#568455: Bug#568455: fetchmail TLS/SSL with Exchange 2007 results in Autorization failures

Patrick Rynhart P.Rynhart at massey.ac.nz
Sun Feb 7 19:42:12 UTC 2010 

Hi Nico,

The relevant snip from my user config file is:

poll owa.massey.ac.nz with
  proto pop3
  user prynhart there with password "******" is prynhart here
  ssl
mda "/usr/bin/procmail -d %s"

The host "owa.massey.ac.nz" is a Microsoft Exchange 2007 Outlook Web
Access node.

If I try invoking the debian packaged version of fetchmail I get:

$ /usr/bin/fetchmail -v
fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08
Feb 2010 08:38:25 NZDT: poll started
Trying to connect to 130.123.129.207/995...connected.
fetchmail: Issuer Organization: DigiCert Inc
fetchmail: Issuer CommonName: DigiCert High Assurance CA-3
fetchmail: Server CommonName: owa.massey.ac.nz
fetchmail: Subject Alternative Name: owa.massey.ac.nz
fetchmail: Subject Alternative Name: exchange.massey.ac.nz
fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz
fetchmail: Subject Alternative Name: tur-exchcas1
fetchmail: Subject Alternative Name: tur-exchcas2
fetchmail: owa.massey.ac.nz key fingerprint:
D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18
fetchmail: POP3< +OK Microsoft Exchange Server 2007 POP3 service ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< SASL NTLM GSSAPI PLAIN
fetchmail: POP3< USER
fetchmail: POP3< .
fetchmail: POP3> AUTH GSSAPI
fetchmail: POP3< +
fetchmail: Sending credentials
fetchmail: Error exchanging credentials
fetchmail: POP3< +
YGAGBisGAQUFAqBWMFSgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqMgMB6gHBsadHVyLWV4Y2hjYXMxJEBNQVNTRVkuQUMuTlo=
fetchmail: POP3> USER prynhart
fetchmail: POP3< -ERR Logon failure: unknown user name or bad password.
fetchmail: Logon failure: unknown user name or bad password.
fetchmail: Authorization failure on prynhart at tur-exchcas.massey.ac.nz
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Microsoft Exchange Server 2007 POP3 server signing off.
fetchmail: 6.3.9-rc2 querying owa.massey.ac.nz (protocol POP3) at Mon 08
Feb 2010 08:38:25 NZDT: poll completed
fetchmail: Query status=3 (AUTHFAIL)
fetchmail: normal termination, status 3

Please note the "Error Exchanging Credentials" which occurs prior to the
attempt to send username/password combination.

If I aptitude remove fetchmail, build fetchmail from source with SSL
support enabled, I get:

~$ fetchmail -v
fetchmail: 6.3.13 querying owa.massey.ac.nz (protocol POP3) at Mon 08
Feb 2010 08:40:24 NZDT: poll started
Trying to connect to 130.123.129.207/995...connected.
fetchmail: Issuer Organization: DigiCert Inc
fetchmail: Issuer CommonName: DigiCert High Assurance CA-3
fetchmail: Server CommonName: owa.massey.ac.nz
fetchmail: Subject Alternative Name: owa.massey.ac.nz
fetchmail: Subject Alternative Name: exchange.massey.ac.nz
fetchmail: Subject Alternative Name: autodiscover.massey.ac.nz
fetchmail: Subject Alternative Name: tur-exchcas1
fetchmail: Subject Alternative Name: tur-exchcas2
fetchmail: owa.massey.ac.nz key fingerprint:
D1:05:DB:94:20:7A:B9:E7:0D:71:EB:D9:93:65:0E:18
fetchmail: POP3< +OK Microsoft Exchange Server 2007 POP3 service ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< SASL NTLM GSSAPI PLAIN
fetchmail: POP3< USER
fetchmail: POP3< .
fetchmail: POP3> USER prynhart
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< +OK User successfully logged on.
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for prynhart at owa.massey.ac.nz
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Microsoft Exchange Server 2007 POP3 server signing off.
fetchmail: 6.3.13 querying owa.massey.ac.nz (protocol POP3) at Mon 08
Feb 2010 08:40:25 NZDT: poll completed
fetchmail: normal termination, status 1

I note that the Debian packaged version attempts an "AUTH GSSAPI" which
appears to fail whereas the version of fetchmail build from source does
not attempt this.

Regards,

Patrick

Dr Patrick Rynhart
Linux Systems Administrator / Team Leader
IT Support Group
School of Engineering and Advanced Technology
AgHort A Room 3.61
Massey University (Turitea Campus)
NEW ZEALAND
Phone +64 6 356 9099 extn 2444



Nico Golde wrote:
> Hey,
> * Patrick Rynhart <P.Rynhart at massey.ac.nz> [2010-02-06 19:54]:
>   
>> Thanks for your mail. However, I'm not trying to match the version of fetchmail 
>> shipped with Lenny - just attempting to get a version of fetchmail with SSL 
>> support that works within our environment. (In particular, I'm not using Debian 
>> src, rather the tgz downloaded direct from the fetchmail site.)
>>     
>
> Ok
>
>   
>> What I have noticed is that if I "aptitude install fetchmail" then we end up 
>> with a version of fetchmail which is unable to retrieve messages via POP3 in 
>> our Exchange 2007 environment; this has been confirmed by other users of this 
>> shared server.  However, if I build fetchmail with SSL support from source 
>> (obtained direct from the fetchmail website) then mail can be retrieved.
>>     
>
> Can you please provide a relevant snippet of your config file?
>
> Cheers
> Nico
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20100208/a419dada/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MasseyEmailFooter170px.jpg
Type: image/jpeg
Size: 6746 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20100208/a419dada/attachment.jpg>

More information about the pkg-fetchmail-maint mailing list