搜索了半天,不知道该怎么解决,请大神帮忙分析下。以下是日志,及命令返回。
1. 手动执行下载邮件命令:
代码: 全选
$ sudo -u fetchmail fetchmail -vvv --ssl --nodetach -f /etc/fetchmailrc
代码: 全选
Apr 6 11:36:21 localhost fetchmail[8657]: Old UID list from pop.163.com:#012 <empty>#012
Apr 6 11:36:21 localhost fetchmail[8657]: Scratch list of UIDs:#012 <empty>#012
Apr 6 11:36:21 localhost fetchmail[8658]: starting fetchmail 6.4.2 daemon
Apr 6 11:36:21 localhost fetchmail[8658]: 6.4.2 querying pop.163.com (protocol POP3) at Wed Apr 6 11:36:21 2022: poll started
Apr 6 11:36:21 localhost fetchmail[8658]: Trying to connect to 123.126.97.79/995...connected.
Apr 6 11:36:21 localhost fetchmail[8658]: Loaded OpenSSL library 0x1010106f newer than headers 0x1010104f, trying to continue.
Apr 6 11:36:21 localhost fetchmail[8658]: SSL verify callback depth 0: preverify_ok == 0, err = 20, unable to get local issuer certificate
Apr 6 11:36:21 localhost fetchmail[8658]: Server certificate:
Apr 6 11:36:21 localhost fetchmail[8658]: Issuer Organization: DigiCert Inc
Apr 6 11:36:21 localhost fetchmail[8658]: Issuer CommonName: GeoTrust RSA CN CA G2
Apr 6 11:36:21 localhost fetchmail[8658]: Subject CommonName: *.163.com
Apr 6 11:36:21 localhost fetchmail[8658]: Subject Alternative Name: *.163.com
Apr 6 11:36:21 localhost fetchmail[8658]: Subject Alternative Name: 163.com
Apr 6 11:36:21 localhost fetchmail[8658]: pop.163.com key fingerprint: D8:E7:BD:73:21:8E:11:22:73:81:88:F8:7E:58:A7:26
Apr 6 11:36:21 localhost fetchmail[8658]: Server certificate verification error: unable to get local issuer certificate
Apr 6 11:36:21 localhost fetchmail[8658]: Broken certification chain at: /C=US/O=DigiCert Inc/CN=GeoTrust RSA CN CA G2
Apr 6 11:36:21 localhost fetchmail[8658]: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail.
Apr 6 11:36:21 localhost fetchmail[8658]: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
Apr 6 11:36:21 localhost fetchmail[8658]: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Apr 6 11:36:21 localhost fetchmail[8658]: pop.163.com: SSL connection failed.
Apr 6 11:36:21 localhost fetchmail[8658]: socket error while fetching from ou.leiqi@163.com@pop.163.com
Apr 6 11:36:21 localhost fetchmail[8658]: 6.4.2 querying pop.163.com (protocol POP3) at Wed Apr 6 11:36:21 2022: poll completed
Apr 6 11:36:21 localhost fetchmail[8658]: Merged UID list from pop.163.com:#012 <empty>
Apr 6 11:36:21 localhost fetchmail[8658]: Query status=2 (SOCKET)
Apr 6 11:36:21 localhost fetchmail[8658]: sleeping at Wed Apr 6 11:36:21 2022 for 473 seconds
代码: 全选
$ openssl s_client -showcerts -verify 5 -connect pop.163.com:995
verify depth is 5
CONNECTED(00000003)
depth=0 C = CN, ST = zhejiang, L = hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = zhejiang, L = hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:C = CN, ST = zhejiang, L = hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
i:C = US, O = DigiCert Inc, CN = GeoTrust RSA CN CA G2
-----BEGIN CERTIFICATE-----
MIIGWjCCBUKgAwIBAgIQBkyKaq3fT+CKRKOTe9dYyjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH
ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjIwMzI1MDAwMDAwWhcNMjMwNDExMjM1
OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT
CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD
by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvWFOPsTGwaR2ppMeFv01BmBViqGrmNf+JF2fMNUq1cC5ZlXF
j617SRrfVqvkhA8YgWeF8El0s1gjHjX2ym+ZWwdF5sH4gX95y05A3IYo6KGyLTvp
04MIiOeT3GJtd9qE0UonjpuHRRgErLugzBdy4UhRMXHNH07z5+OABhWbVIsYJrDQ
awA4T16f/5+ZUmflZ5OP7y5C/Mj3JBa3cIfjdv3XxqqLUa3Dt5IRpIq2o9zaIWqk
cw26JIaa1wuGCiOYAn0j3IqfIFfBwSOTRoc3smrSaaqREPOXOjUhv4InNGNgdRUC
gU/Qj6RFZcisbErKYNUdRhvxOMpNXy5lMJFcsQIDAQABo4IDFTCCAxEwHwYDVR0j
BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFHdZ9qFxTou63UPa
wGZXD+PDuo1HMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2
MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB
RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6
Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH
MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v
Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwDAYDVR0T
AQH/BAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcArfe++nz/EMiLnT2c
Hj4YarRnKV3PsQwkyoWGNOvcgooAAAF/v6HKpQAABAMASDBGAiEA+uqM0ngks7jH
e+UpsC5ZN6AJ8ihjcH3dPQO59tb6FB4CIQD3C5gQiCmAGmogYzsWj//anTfhx2PU
bBSJq3jBcJVQzQB1ADXPGRu/sWxXvw+tTG1Cy7u2JyAmUeo/4SrvqAPDO9ZMAAAB
f7+hyq4AAAQDAEYwRAIgJK6uIk08LUZk1RAAxlqMUcazg6Tg7N1HTsAHWWcdTsUC
IDsv8jIwf+XfNvd/TpHlH7J+aVhii9vih+y/VF8muvRZAHcAs3N3B+GEUPhjhtYF
qdwRCUp5LbFnDAuH3PADDnk2pZoAAAF/v6HK1AAABAMASDBGAiEAv67mHZqyS2ET
TklpVkXdbZHXqgksPrGVP0qgKi/bxDICIQCq8HcjilE3ZhCCG98/GON2wAZf/Fs1
Qec5ebOCnkBysjANBgkqhkiG9w0BAQsFAAOCAQEAIl5PGPoU6+9w61SZN870Znt9
A2Xc4+/UXR0mUVuHeLJPcSpwd4/w1+d1Jnm+dd0vP11bdwvyuc1tekKocdUvwip7
dOCHsqIJmW1T2w0QysBCqLs88Zkrq3HLOGEDVzMk+KZXVUMPgzYgzcUS0rGxjXPi
AyP2XsTEv0rBn8qIwEwcNdgUqPq+XvRs/JZZztWjIQwq3AGmwa/eCSth6PJPqKxU
XQVJLEDLEr/gCwjOdt8HBryBjJ9DDriAhGRQEl5PAmICGhz1/INf/H4gj+tie67X
q4gvvLvTFBhlgbMXwTM19ymgXKeOhXotsBWDCXOlwDR8I1mIamlo0y0nlU3N+Q==
-----END CERTIFICATE-----
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust CN RSA CA G1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIQCgRw0Ja8ihLIkKbfgm7sSzANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xOTA2MjAxMjI3NThaFw0yOTA2MjAxMjI3NThaMF8xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHjAcBgNVBAMTFUdlb1RydXN0IENOIFJTQSBDQSBHMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALFJ+j1KeZVG4jzgQob23lQ8PJUNhY31ufZihuUx
hYc6HSU4Lw0fxfA43a9DpJl74M3E6F1ZRBOfJ+dWnaiyYD0PxRIQd4wJisti4Uad
vz61IYY/oQ/Elxk/X7GFDquYuxCSyBdHtTVMXCxFSvQ2C/7jWZFDfGGKKNoQSiJy
wDe8iiHbUOakLMmXmOTZyWJnFdR/TH5YNTiMKCNUPHAleG4IigGxDyL/gbwrdDNi
bDA4lUNhD0xNvPjQ8BNKqm5HWDvirUuHdC+4hpi0GJO34O3iiRV16YmWTuVFNboU
LDZ0+PQtctJnatpuZKPGyKX6jCpPvzzPw/EhNDlpEdrYHZMCAwEAAaOCAc4wggHK
MB0GA1UdDgQWBBSRn14xFa4Qn61gwffBzKpINC8MJjAfBgNVHSMEGDAWgBQD3lA1
VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wMQYIKwYBBQUHAQEEJTAj
MCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5kY29jc3AuY24wRAYDVR0fBD0wOzA5
oDegNYYzaHR0cDovL2NybC5kaWdpY2VydC1jbi5jb20vRGlnaUNlcnRHbG9iYWxS
b290Q0EuY3JsMIHOBgNVHSAEgcYwgcMwgcAGBFUdIAAwgbcwKAYIKwYBBQUHAgEW
HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFu
eSB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNl
IG9mIHRoZSBSZWx5aW5nIFBhcnR5IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBz
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9ycGEtdWEwDQYJKoZIhvcNAQELBQADggEBABfg
eXrxIrtlixBv+KMDeqKxtNJbZiLDzJBkGCd4HI63X5eS6BElJBn6mI9eYVrr7qOL
Tp7WiO02Sf1Yrpaz/ePSjZ684o89UAGpxOfbgVSMvo/a07n/220jUWLxzaJhQNLu
lACXwwWsxYf8twP8glkoIHnUUNTlhsyyl1ZzvVC4bDpI4hC6QkJGync1MNqYSMj8
tZbhQNw3HdSmcTO0Nc/J/pK2VZc6fFbKBgspmzdHc6jMKG2t4lisXEysS3wPcg0a
Nfr1Odl5+myh3MnMK08f6pTXvduLz+QZiIh8IYL+Z6QWgTZ9e2jnV8juumX1I8Ge
7cZdtNnTCB8hFfwGLUA=
-----END CERTIFICATE-----
---
Server certificate
subject=C = CN, ST = zhejiang, L = hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
issuer=C = US, O = DigiCert Inc, CN = GeoTrust RSA CN CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3501 bytes and written 383 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 6FB60C087815A6A5B865E636556BC725D30246F05FC514B3FE9E382C67F8DBFB
Session-ID-ctx:
Resumption PSK: 14399A9296849BCF3D07D67C1148A54280D5A55FA58C681A0B043644AB23870F5D1B47C18CF2AAC88FDA913C15CE4CBB
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 120 (seconds)
TLS session ticket:
0000 - 64 7f c9 4c da 31 3f 1e-8c d4 f1 43 97 8f fe 85 d..L.1?....C....
0010 - 79 57 70 2f bb c2 91 b4-27 60 40 49 e7 9c c5 e0 yWp/....'`@I....
0020 - 5c 4e 8c 3e 41 5b 3e 8c-d2 38 c0 8e a2 be 6b 1f \N.>A[>..8....k.
0030 - 34 b3 d1 73 a6 cf e8 ad-5d 83 c0 20 2f df ff e6 4..s....].. /...
0040 - e1 7d 29 3a 3c 9c 6e d7-61 66 0e 70 7e b6 2d aa .}):<.n.af.p~.-.
0050 - c6 e3 fd 75 cc 01 13 5d-d2 86 9e 9f 8e 30 80 ad ...u...].....0..
0060 - bb 5a 7b 54 1b 48 9e ff-78 02 c4 24 68 63 f3 54 .Z{T.H..x..$hc.T
0070 - 21 7e 33 d1 1e 15 c9 0f-bf 0e 69 e9 a3 62 71 88 !~3.......i..bq.
0080 - 2f dd 1b 87 fa 38 d3 80-e6 83 40 52 a9 b8 21 c1 /....8....@R..!.
0090 - f3 87 df df 45 97 c2 30-66 3d 6f d8 29 0e c9 c8 ....E..0f=o.)...
00a0 - bd a1 75 a7 32 05 7f 46-89 c0 ee 4f 99 c7 a8 f3 ..u.2..F...O....
00b0 - 60 29 20 95 65 d5 77 f3-2f 52 28 da e9 07 d3 70 `) .e.w./R(....p
Start Time: 1649222069
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3E5FCA7B0567AF5353CD7D66844B09DF42142B615C80FC9AAF42B1767963AB78
Session-ID-ctx:
Resumption PSK: 0189F7E167C79D262ED02BD8F064A176FD9B31ACAFC77AFBB5544B0D8F8661EFBD484E90CF47B06C7BAFCBCE36787163
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 120 (seconds)
TLS session ticket:
0000 - 64 7f c9 4c da 31 3f 1e-8c d4 f1 43 97 8f fe 85 d..L.1?....C....
0010 - 17 fa 14 90 19 1b 36 3d-c1 89 ec 3f b3 92 34 df ......6=...?..4.
0020 - 24 d1 9e 6f f4 1b a4 fa-66 14 25 f0 4d 05 3f 63 $..o....f.%.M.?c
0030 - a5 80 68 3e 56 44 13 45-77 a5 16 89 ed 33 93 6c ..h>VD.Ew....3.l
0040 - c6 6d c1 7f be 6a 38 3d-55 31 33 24 bb ec b9 3e .m...j8=U13$...>
0050 - c2 1c 45 45 28 9e 16 d5-75 71 0d a0 89 96 ee f5 ..EE(...uq......
0060 - 85 ed 8d 50 c5 a4 ae be-4a 5b 25 7a 3e a8 11 b6 ...P....J[%z>...
0070 - e4 84 a2 7c 1d 09 0d 1c-f2 8b b4 e3 5b 42 66 82 ...|........[Bf.
0080 - c5 cf 37 db 58 28 78 b7-b5 43 14 ca b4 83 b5 23 ..7.X(x..C.....#
0090 - 0e 8c 4b da 8f 31 a2 36-fc f2 3c da 35 57 b4 47 ..K..1.6..<.5W.G
00a0 - ef db f9 9b bd 21 75 49-32 1f 2a 39 cb 91 6e 1a .....!uI2.*9..n.
00b0 - 96 f9 03 45 71 07 b4 84-c0 d4 6b 15 fc 3f 65 4d ...Eq.....k..?eM
Start Time: 1649222069
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
+OK Welcome to coremail Mail Pop3 Server (163coms[10774b260cc7a37d26d71b52404dcf5cs])