Difference between revisions of "Mengambil gmail menggunakan fetchmail"

From OnnoWiki
Jump to navigation Jump to search
(New page: Configuring your incoming email client for Gmail: fetchmail 1. Enable POP in your Gmail account. 2. Find out where X.509/“privacy-enhanced-mail (PEM)” certificates...)
 
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
Configuring your incoming email client for Gmail: fetchmail
+
* Edit .fetchmailrc, gunakan entry sebagai berikut:
  
   1.
+
poll pop.gmail.com with proto POP3 service 995
 +
   user 'eric.schmidt@gmail.com' there with password 'xxxxxxxx' is eric here
 +
  options keep ssl sslfingerprint '6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6'
 +
  sslcertck sslcertpath /usr/share/purple/ca-certs
  
      Enable POP in your Gmail account.
+
* Pastikan bahwa
  2.
 
  
      Find out where X.509/“privacy-enhanced-mail (PEM)” certificates live on your system, e.g., in the /usr/share/ssl/certs/ directory. The “locate .pem” command may help you figure this out, or you can just create a new world-readable directory exclusively for this.
+
chmod 600 ~/.fetchmailrc
  3.
 
  
      The Gmail POP3-over-SSL (pop3s) server presents a server certificate at every secure-socket-layer (SSL) connection establishment; we will want to be able to verify its authenticity.
+
* Pastikan
  
      (A new server certificate was rolled out by Gmail on 2005-12-13 when the old one expired on that same day with a few minutes of POP service unavailability.)
+
mkdir /usr/share/purple
 +
mkdir /usr/share/purple/ca-certs
  
      That server certificate is itself signed by a certificate authority (CA), Equifax Secure (now GeoTrust), using a self-signed root certificate having the “Equifax Secure Certificate Authority” organizational unit name (OU) and no common name (CN). You need to download, install in its own file, and index this root certificate.
 
  
      sh# cd /usr/share/ssl/certs
+
==Langkah yang lebih lengkap; tapi tidak perlu kayanya==
      sh# wget -O Equifax_Secure_Certificate_Authority.pem \
 
              https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
 
      sh# chmod 644 Equifax_Secure_Certificate_Authority.pem
 
      sh# openssl x509 -in Equifax_Secure_Certificate_Authority.pem \
 
                      -fingerprint -subject -issuer -serial -hash -noout
 
      MD5 Fingerprint=67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
 
      subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 
      issuer= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 
      serial=35DEF4CF
 
      594f1775
 
      sh# c_rehash .
 
      sh# file 594f1775.*
 
      594f1775.0: symbolic link to `Equifax_Secure_Certificate_Authority.pem'
 
  
      The c_rehash command is a Perl script that comes with the OpenSSL toolkit; it creates symbolic links to certificate files (with a “.pem” extension) using symlink names based on a hash of each certificate's whole subject name. Fetchmail uses the OpenSSL libraries and will only try to open the installed file by looking it up under the 594f1775.0 (or 594f1775.1 and so on) file name in the end.
+
Langkah untuk mengkonfigurasi fetchmail agar dapat mengambil gmail adalah sebagai berikut:
  
      The server certificate itself does not need to be stored anywhere.
+
* [http://mail.google.com/support/bin/answer.py?hl=en&answer=13273 Enable POP di account Gmail]
  4.
+
* Cari lokasi sertifikat X.509/“privacy-enhanced-mail (PEM)”. Di [[Ubuntu]] tampaknya berada di folder
  
      The fetchmail client does not need to present a client certificate. Instead, client authentication is performed using the USER and PASS post-office-protocol version 3 (POP3) commands within the SSL connection, once it has been properly established.
+
/usr/share/purple/ca-certs.
  5.
 
  
      Edit the appropriate .fetchmailrc file, depending on how you run fetchmail (i.e., as root or as a lesser-privileged local user). The contents of this file are documented by the fetchmail(1) man page, which can be consulted using the “man fetchmail” command. You will need an entry such as this one:
+
Atau bisa melalui perintah
  
      poll pop.gmail.com with proto POP3
+
locate .pem
          user 'eric.schmidt@gmail.com' there with password 'xxxxxxxx' is eric here
 
              options keep ssl sslfingerprint '59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4'
 
                  sslcertck sslcertpath /usr/share/ssl/certs
 
  
      Add any other option according to your preferences. If other family members also have a Gmail account and this is root's .fetchmailrc file, you can add similar three-line user subsections under this same poll section; the last two lines will redundantly be identical for every Gmail account.
+
* Gmail POP3-over-SSL (pop3s) [[server]] akan memberikan sertifikat [[server]] setiap kali hubungan [[secure-socket-layer]] ([[SSL]]) dilakukan. Kita perlu memverifikasi kebenaran sertifikat tersebut. Sertifikat tersebut di tanda tangan oleh [[certificate authority]] ([[CA]]), [[GeoTrust]] (Dulu-nya Equifax), menggunakan sebuah self-signed root certificate dengan kata-kata “Equifax Secure Certificate Authority” sebagai nama unit organisasi (OU) and tidak ada common name (CN). Kita perlu men-download,  install file tersebut, dan meng-index root ceritificate-nya.
  
      The specified password is that of the Gmail account, not the local user's password. Since this configuration file contain passwords, it must be non-world-readable:
+
sudo su -
 +
mkdir /usr/share/purple
 +
mkdir /usr/share/purple/ca-certs
 +
cd /usr/share/purple/ca-certs
 +
wget -O Equifax_Secure_Certificate_Authority.pem \
 +
    https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
 +
chmod 644 Equifax_Secure_Certificate_Authority.pem
 +
openssl x509 -in Equifax_Secure_Certificate_Authority.pem \
 +
    -fingerprint -subject -issuer -serial -hash -noout
  
      sh# chmod 600 $HOME/.fetchmailrc
+
akan keluar
  
      The MD5 fingerprint is that of the “pop.gmail.com” server certificate delivered by the Gmail POP3-over-SSL server, not that of the “Equifax Secure Certificate Authority” root certificate.
+
SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
 +
subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 +
issuer= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 +
serial=35DEF4CF
 +
594f1775
  
      Note that this will not be enough to perform certificate-revocation-list (CRL) verifications, which fetchmail/OpenSSL does not support; however, this shortcoming is somewhat mitigated by the MD5 fingerprint verification, at the price of a loss in unattended flexibility (should Gmail wish to change its server certificate for some unlikely reason).
+
lanjutkan
  
      There is no need to inform fetchmail that the POP3-over-SSL (pop3s) TCP port is 995; it's smart enough to figure it out on its own.
+
c_rehash .
 +
file 594f1775.*
  
      Note that POP3-over-SSL is not the same as regular (non-SSL) POP3 with use of the STLS command and capability (i.e., RFC 2595's POP3 STARTTLS extension), which Gmail does not support.
+
akan keluar
  6.
 
  
      You should be able to test this with
+
594f1775.0: symbolic link to `Equifax_Secure_Certificate_Authority.pem'
  
      sh# fetchmail -d0 -v pop.gmail.com
+
Perintah c_rehash adalah [[script]] [[Perl]] bawaan dari OpenSSL toolkit; dia akan membuat link symbolic ke file sertifikat (dengan extension .pem) menggunakan nama berbasis symlink dapat hash pada masing-masing nama subjek sertifikat. Fetchmail akan menggunakan library OpenSSL dan akan membuka file yang di install di bawah nama file 594f1775.0 (atau 594f1775.1 dst).
  
      once you complete the email-forwarding/email-delivery part of fetchmail's configuration and integration (which is beyond the email-retrieval scope of this help document).
+
Sertifikat server tidak perlu di simpan di mana-mana.
  7.
 
  
      The Gmail POP3-over-SSL server specifies that it does not want to be polled more than once every five minutes (i.e., 300 seconds), as can be verified by executing the following command:
+
* Fetchmail client tidak perlu memperlihatkan sertifikat client. Melainkan, authentifikasi client dilakukan menggunakan perintah USER dan PASS pada  [[post-office-protocol version 3]] ([[POP3]]) pada sambungan [[SSL]], pada saat dia tersambung dengan baik. Biasanya akan tampak
  
      sh$ openssl s_client -connect pop.gmail.com:995 -CApath /usr/share/ssl/certs -quiet
+
fetchmail: Issuer Organization: Google Inc
      depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
+
fetchmail: Issuer CommonName: Google Internet Authority
      verify return:1
+
fetchmail: Server CommonName: pop.gmail.com
      depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
+
fetchmail: pop.gmail.com key fingerprint: 90:9A:84:92:E7:60:7C:A2:45:73:C9:11:D7:FE:7D:8A
      verify return:1
 
      +OK Gpop x99xx9999xxx ready.
 
      CAPA
 
      +OK Capability list follows
 
      USER
 
      RESP-CODES
 
      EXPIRE 0
 
      LOGIN-DELAY 300
 
      X-GOOGLE-VERHOEVEN
 
      .
 
      USER eric.schmidt@gmail.com
 
      +OK send PASS
 
      PASS xxxxxxxx
 
      +OK Welcome.
 
      CAPA
 
      +OK Capability list follows
 
      USER
 
      RESP-CODES
 
      PIPELINING
 
      EXPIRE 0
 
      LOGIN-DELAY 300
 
      TOP
 
      UIDL
 
      X-GOOGLE-VERHOEVEN
 
      .
 
      QUIT
 
      +OK Farewell.
 
      read:errno=0
 
  
      (Authenticating is not strictly necessary for this test. It was done to show how Gmail's POP3 server presents a different list of capabilities before and after login.)
 
  
      Make sure to respect this delay if automatic polling is configured. This can be achieved by specifying “set daemon 300” in the .fetchmailrc file, or by specifying “-d 300” on the fetchmail command line, where 300 can be replaced by a greater number if desired.
+
Catat baik-baik fingerprint-nya dah copyka ke file .fetchmailrc sebagai berikut
  
* Did you click ‘Save Changes’ after enabling POP in Gmail? To ensure that Gmail can communicate with your mail client, be sure to click ‘Save Changes’ on the Gmail ‘Mail Settings’ page.
+
* Edit .fetchmailrc, gunakan entry sebagai berikut:
 +
 
 +
poll pop.gmail.com with proto POP3 service 995
 +
  user 'eric.schmidt@gmail.com' there with password 'xxxxxxxx' is eric here
 +
  options keep ssl sslfingerprint '90:9A:84:92:E7:60:7C:A2:45:73:C9:11:D7:FE:7D:8A'
 +
  sslcertck sslcertpath /usr/share/purple/ca-certs
 +
 
 +
Pastikan bahwa
 +
 
 +
chmod 600 $HOME/.fetchmailrc
 +
 
 +
fingerprint MD5 yang digunakan adalah milik sertifikat 'pop.gmail.com' yang akan mengirimkan Gmail POP3-over-SSL, jadi bukan sertifikat root “Equifax Secure Certificate Authority”.
 +
 
 +
* Anda dapat mengambil mail dari Google
 +
 
 +
fetchmail -v pop.gmail.com
  
  
Line 112: Line 93:
  
 
* http://download.gna.org/hpr/fetchmail/FAQ/gmail-pop-howto.html
 
* http://download.gna.org/hpr/fetchmail/FAQ/gmail-pop-howto.html
 
  
 
==Pranala Menarik==
 
==Pranala Menarik==
  
 
* [[Linux Howto]]
 
* [[Linux Howto]]
 +
 +
[[Category: Linux]]
 +
[[Category: e-mail]]

Latest revision as of 05:44, 1 April 2011

  • Edit .fetchmailrc, gunakan entry sebagai berikut:
poll pop.gmail.com with proto POP3 service 995
  user 'eric.schmidt@gmail.com' there with password 'xxxxxxxx' is eric here
  options keep ssl sslfingerprint '6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6'
  sslcertck sslcertpath /usr/share/purple/ca-certs
  • Pastikan bahwa
chmod 600 ~/.fetchmailrc
  • Pastikan
mkdir /usr/share/purple
mkdir /usr/share/purple/ca-certs


Langkah yang lebih lengkap; tapi tidak perlu kayanya

Langkah untuk mengkonfigurasi fetchmail agar dapat mengambil gmail adalah sebagai berikut:

/usr/share/purple/ca-certs.

Atau bisa melalui perintah

locate .pem
  • Gmail POP3-over-SSL (pop3s) server akan memberikan sertifikat server setiap kali hubungan secure-socket-layer (SSL) dilakukan. Kita perlu memverifikasi kebenaran sertifikat tersebut. Sertifikat tersebut di tanda tangan oleh certificate authority (CA), GeoTrust (Dulu-nya Equifax), menggunakan sebuah self-signed root certificate dengan kata-kata “Equifax Secure Certificate Authority” sebagai nama unit organisasi (OU) and tidak ada common name (CN). Kita perlu men-download, install file tersebut, dan meng-index root ceritificate-nya.
sudo su -
mkdir /usr/share/purple
mkdir /usr/share/purple/ca-certs
cd /usr/share/purple/ca-certs
wget -O Equifax_Secure_Certificate_Authority.pem \
   https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
chmod 644 Equifax_Secure_Certificate_Authority.pem
openssl x509 -in Equifax_Secure_Certificate_Authority.pem \
   -fingerprint -subject -issuer -serial -hash -noout

akan keluar

SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
issuer= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
serial=35DEF4CF
594f1775

lanjutkan

c_rehash .
file 594f1775.*

akan keluar

594f1775.0: symbolic link to `Equifax_Secure_Certificate_Authority.pem'

Perintah c_rehash adalah script Perl bawaan dari OpenSSL toolkit; dia akan membuat link symbolic ke file sertifikat (dengan extension .pem) menggunakan nama berbasis symlink dapat hash pada masing-masing nama subjek sertifikat. Fetchmail akan menggunakan library OpenSSL dan akan membuka file yang di install di bawah nama file 594f1775.0 (atau 594f1775.1 dst).

Sertifikat server tidak perlu di simpan di mana-mana.

  • Fetchmail client tidak perlu memperlihatkan sertifikat client. Melainkan, authentifikasi client dilakukan menggunakan perintah USER dan PASS pada post-office-protocol version 3 (POP3) pada sambungan SSL, pada saat dia tersambung dengan baik. Biasanya akan tampak
fetchmail: Issuer Organization: Google Inc
fetchmail: Issuer CommonName: Google Internet Authority
fetchmail: Server CommonName: pop.gmail.com
fetchmail: pop.gmail.com key fingerprint: 90:9A:84:92:E7:60:7C:A2:45:73:C9:11:D7:FE:7D:8A


Catat baik-baik fingerprint-nya dah copyka ke file .fetchmailrc sebagai berikut

  • Edit .fetchmailrc, gunakan entry sebagai berikut:
poll pop.gmail.com with proto POP3 service 995
  user 'eric.schmidt@gmail.com' there with password 'xxxxxxxx' is eric here
  options keep ssl sslfingerprint '90:9A:84:92:E7:60:7C:A2:45:73:C9:11:D7:FE:7D:8A'
  sslcertck sslcertpath /usr/share/purple/ca-certs

Pastikan bahwa

chmod 600 $HOME/.fetchmailrc

fingerprint MD5 yang digunakan adalah milik sertifikat 'pop.gmail.com' yang akan mengirimkan Gmail POP3-over-SSL, jadi bukan sertifikat root “Equifax Secure Certificate Authority”.

  • Anda dapat mengambil mail dari Google
fetchmail -v pop.gmail.com


Referensi

Pranala Menarik