(By the way, fetchmail should work OK without these changes, it'll just whine about the certificates.)
First I needed to install the ca-certificates package from the Ubuntu repositories, and then I needed to change the gmail line of my
poll imap.gmail.com protocol IMAP user "email@example.com" there with password "my_password" nofetchall keep sslto
poll imap.gmail.com protocol IMAP user "firstname.lastname@example.org" there with password "my_password" nofetchall keep ssl sslcertck sslcertpath /etc/ssl/certsThis tells fetchmail where to find the public certificate it needs to verify the SSL connection to the gmail server.
I also use fetchmail to check some IMAP accounts on a server using self-signed certificates, certificates which don't appear in
/etc/ssl/certs. One way of doing this is to compute the IMAP certificate's fingerprint and telling that to fetchmail. If the IMAP server is imap.example.com and it's running on the standard port (993), you can use openssl to grab the certificate like this:
openssl s_client -ign_eof -connect imap.example.com:993 > imap.cert
(You may need to Contol-C to get back to the command prompt.)
Then use openssl to find the MD5 fingerprint:
openssl x509 -fingerprint -md5 -in imap.cert
The output of this latter command should contain a line starting with MD5 Fingerprint. Add the fingerprint to your
~/.fetchmailrcfile with something like this:
poll mail.example.com via imap.example.com protocol IMAP user mbrisby there with password "my_password" nofetchall nokeep ssl sslfingerprint "4C:69:E2:E6:F9:6B:6C:4E:E9:8B:E1:C8:2B:B9:4F:B9"
And then just run fetchmail in cron every now and then.