If you are in the army and you use the Army Knowlege Online webmail, and you want to use fetchmail to automatically download it from IMAP, then this is what you want to do:
1. Create a directory to hold the AKO SSL certificate:
mkdir ~/.certs
2. Download the certificate:
openssl s_client -connect imap.us.army.mil:993 \
|perl -ne '{print; /-END CERTIFICATE-/ && exit}' \
|sed -ne '/-BEGIN CERTIFICATE-/,$p' \
> ~/.certs/imap.us.army.mil.pem
The cert file (~/.certs/imap.us.army.mil.pem) should look something like this:
-----BEGIN CERTIFICATE-----
MIIEDDCCA3WgAwIBAgIDAiuQMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UE
CxMDUEtJMRkwFwYDVQQDExBET0QgQ0xBU1MgMyBDQS03MB4XDTA1MDcyNjE1MjQx
M1oXDTA4MDcyNjE1MjQxM1owgZgxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMu
IEdvdmVybm1lbnQxDDAKBgNVBAsTA1BLSTEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
EwNVU0ExGTAXBgNVBAMTEGltYXAudXMuYXJteS5taWwxKjAoBgkqhkiG9w0BCQEW
G3JheW1vbmQud2lsc29uMkB1cy5hcm15Lm1pbDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA7vZE/HJD1x0E3Sk09DDZwAmGmzAo+ZUdMFGKYYI+cM+JYp6nIYIW
Y0DHSQqLEsWMgYS4VkoQgT98UNX8yrvUZB61JUTTgZyMuqxKrEzESZKilhsl2Tf4
+193c2enhOymKGV7HPdNT9Witre7G8N+ZPPk4EOjryuszOnefdJ3FmECAwEAAaOC
AZswggGXMB8GA1UdIwQYMBaAFALFH0MRc2AyNz7mR4Yp3iG2cmYjMB0GA1UdDgQW
BBQQ1f8KwwPnkxN0DK5stJnQOQa5szAOBgNVHQ8BAf8EBAMCBaAwgawGA1UdHwSB
pDCBoTCBnqCBm6CBmIaBlSBsZGFwOi8vZHMtMy5jM3BraS5jaGFtYi5kaXNhLm1p
bC9jbiUzZERPRCUyMENMQVNTJTIwMyUyMENBLTclMmNvdSUzZFBLSSUyY291JTNk
RG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVTP2NlcnRpZmljYXRl
cmV2b2NhdGlvbmxpc3Q7YmluYXJ5MBYGA1UdIAQPMA0wCwYJYIZIAWUCAQsFMH4G
A1UdEgR3MHWGc2xkYXA6Ly9kcy0zLmMzcGtpLmNoYW1iLmRpc2EubWlsL2NuJTNk
RE9EJTIwQ0xBU1MlMjAzJTIwQ0EtNyUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNv
JTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMwDQYJKoZIhvcNAQEFBQADgYEA
haIiC/Adgm3gmL822RqvsJX4VGP0eX4MPKRdrzXh13eXavzwvVhwZjU7qZo7t6gC
NVaHCltTK5g1+zF0Nkhn+Coa70uJumYV1ay0KxP8PeiVWz6hz6URnZz3hGBKymse
SCR7iENgK+lqE2Bm4YYPimOKl+zTGVr7rX2esXyepvQ=
-----END CERTIFICATE-----
3. Edit your fetchmail configuration file (~/.fetchmailrc) to look something like this (for the fictional user ‘beetle.s.bailey@us.army.mil’ with password ‘sargesux’):
poll imap.us.army.mil
port 993
protocol imap
username "beetle.s.bailey"
password "sargesux"
sslfingerprint "4C:64:D0:DD:DC:90:E6:93:E4:79:65:75:B6:4B:DB:E5"
sslcertpath "$HOME/.certs"
mda procmail
keep
ssl
The sslfingerprint option allows you to manually verify the authenticity of the SSL cert. You need to do this because AKO uses government self-signed certificates. As a workaround you can get the fingerprint using fetchmail with the -v option.
Be aware that this is a potential security issue if there is a “man in the middle” pretending to be the AKO imap server. Such an evesdropper could then set up an IMAP server to collect your login and password info. A sophisticated attacker could even relay your connection to the real AKO server and let you read your mail, etc. so you would not even necessarily know that any shenanigans were going on.
Also this configuration is set up to use procmail for the local mail delivery.
See: fetchmail(1)
Comment
Converting Tabs To Spaces In Vim The While-Do Function in PHP
zHRMGY qccianwicgnr, [url=http://ltivxynwclyd.com/]ltivxynwclyd[/url], [link=http://mkmhxifjlker.com/]mkmhxifjlker[/link], http://rychkyftisbb.com/
— llopdal · Apr 2, 06:52 PM · #
rCrF4L rednayumqrqp, [url=http://vhksgibprrue.com/]vhksgibprrue[/url], [link=http://hzhjbixyfssb.com/]hzhjbixyfssb[/link], http://dlsscisxenuk.com/
— gfnozafso · Jun 7, 04:13 PM · #
PnOEwJs
— WpgfMPs · Mar 9, 10:18 AM · #