Kerio Connect IMAP Exchange Download
07/01/13 21:38 Filed in: OS X
I recently upgraded my OS X Server on 10.7 to 10.8 (Mountain Lion) and was left with a not so Mac feeling. In short, a lot of the functionality working perfectly under 10.7 now just stopped working. After a lot of frustrating hours i decided to replace most of the standard OS X functionality by Kerio Connect. Kerio Connect installed in minutes and was easy to configure due to its friendly administrative interface, so i was back online! On OS X i used fetchmail to download my e-mail from different POP and IMAP servers. Kerio disappointingly only supports POP3 downloads and is bearing IMAP downloads. Since i still wanted to download mail from a Exchange 2010 IMAP server using SSL i found out how to use fetchmail to download mail from an Exchange 2010 server and forward it to the Kerio Connect server.
Since upgrading to OS X 10.8 also removes fetchmail, it has to be installed again. First install Xcode, this can be done from the app store. When Xcode is installed install the Command Line Tools for Xcode. Do this by opening the preferences within Xcode, selecting the tab downloads. Then select Components, then select the Install button for Command Line Tools. When this is done, you are ready to install fetchmail.
First download the fetchmail sources from: http://sourceforge.net/projects/fetchmail/ and unzip it to any destination, the Downloads folder is fine. For decompressing files with the xz extension, you can use The Unarchiver a free unarchiving app for OS X. Open terminal and got to the unzipped folder, e.g. /Users/superuser/Downloads/fetchmail-6.3.24. Configure fetchmail by executing the instruction ./configure --with-ssl , then execute make and last execute sudo make install. Fetchmail is now installed at /usr/local/bin/fetchmail.
To run fetchmail in the background, a LaunchDaemon has to be configured. To do this, create the fetchmail.plist file which is shown below as root in /Library/LaunchDaemons. Replace the value for UserName, superuser in the example file, with the name of the user where under you want to run fetchmail. Substitute superuser with the username you chose in the other instructions below.
You can start and stop fetchmail as a background process using the instructions launchctl load /Library/LaunchDaemons/fetchmail.plist and launchctl unload /Library/LaunchDaemons/fetchmail.plist. Do NOT start fetchmail yet, we will do this later. Fetchmail will automatically start when restarting OS X.
Create as superuser, or the username you choose for UserName in the fetchmail.plist file, in /private/var/fetcmail the .fetcmailrc file.
Change the ACL of the .fetchmailrc file with sudo chmod 0710 /private/var/fetchmail/.fetchmailrc.
Start with the example below, extensive documentation about fetchmail can be found here.
Line 1 smtphost 127.0.0.1 results in that default e-mails are forwarded to smtp server 127.0.0.1 the SMTP server running on this system, thus your Kerio Connect server. The keyword keep will make fetchmail not to delete e-mails by default when downloaded from the server.
Line 2 Logging will be done to syslog, on OS X this is /var/log/system.log
Line 3 Fetchmail will poll with an interval of 60 seconds.
Line 8 Mail is polled from exchange server mail.exchange-server.com at port 143. Replace these values corresponding with your exchange server.
Line 9 Fetchmail authenticates against exchange using the username exchusername and password exchusrpwd. Replace these values with the values for the exchange user wherefore you want forward the e-mail to your Kerio Connect account. Replace the e-mail address kerio_user@kerio_domain.com with the e-mail address of the user whereto you want to forward the mail.
To run fetchmail as a daemon, it must be able to verify the SSL certificates of the Exchange server. Go (as superuser) to the directory /private/var/fetchmail/certs, if necessary create the folder certs under fetchmail. Show the certificates of your Exchange (IMAP) server by issuing the instruction openssl s_client -connect mail.exchange-server.com:143 -showcerts. If you get a SSL23_GET_SERVER_HELLO:unknown protocol error, try port 443 instead. Now you have to retrieve the certificate of the root CA, which can be identified by string issuer=.
in the output of the openssl instruction. In my case this the issuer is /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/CN=USERTrust Legacy Secure Server CA, wherefore the root certificates can be found at http://www.entrust.net/developer/index.cfm. When you have another issuer, google on the keywords root certificate and the Canonical Name of the issuer, which is the part after CN=. Cut and paste the Base-64 encoded version of the certificate into a file with a filename containing the name of the issuer and extension .pem. e.g. entrust_2048_ca.pem
Now execute c_rehash /private/var/fetchmail/certs to hash the certificates.
For Kerio Connect you have to configure Relay Control to accept SMTP forwarding from local clients. Login to your Kerio Connect Administration page and go to Configuration -> SMTP Server -> Relay Control and select Users from IP address group "local clients". Select Edit and verify that local client 127.0.0.1 is in the list.
You are almost done, test the configuration by running fetchmail in the foreground by executing /usr/local/bin/fetchmail -vvvv --nodetach -f /private/var/fetchmail/.fetchmailrc --nosyslog. Check if there are no errors in the output, specifically for Server certificate verification error. If you see this, you have not yet loaded the correct certificates. Fetchmail wil report in the line preceding the error the common name of the certificate which is missing. After adding another certificate, do not to forget to execute c_rehash /private/var/fetchmail/certs.
Now you can start the daemon with launchctl load /Library/LaunchDaemons/fetchmail.plist and you are done!
Tweet
Installing fetchmail
Since upgrading to OS X 10.8 also removes fetchmail, it has to be installed again. First install Xcode, this can be done from the app store. When Xcode is installed install the Command Line Tools for Xcode. Do this by opening the preferences within Xcode, selecting the tab downloads. Then select Components, then select the Install button for Command Line Tools. When this is done, you are ready to install fetchmail.
First download the fetchmail sources from: http://sourceforge.net/projects/fetchmail/ and unzip it to any destination, the Downloads folder is fine. For decompressing files with the xz extension, you can use The Unarchiver a free unarchiving app for OS X. Open terminal and got to the unzipped folder, e.g. /Users/superuser/Downloads/fetchmail-6.3.24. Configure fetchmail by executing the instruction ./configure --with-ssl , then execute make and last execute sudo make install. Fetchmail is now installed at /usr/local/bin/fetchmail.
Configuring the LaunchDaemon
To run fetchmail in the background, a LaunchDaemon has to be configured. To do this, create the fetchmail.plist file which is shown below as root in /Library/LaunchDaemons. Replace the value for UserName, superuser in the example file, with the name of the user where under you want to run fetchmail. Substitute superuser with the username you chose in the other instructions below.
You can start and stop fetchmail as a background process using the instructions launchctl load /Library/LaunchDaemons/fetchmail.plist and launchctl unload /Library/LaunchDaemons/fetchmail.plist. Do NOT start fetchmail yet, we will do this later. Fetchmail will automatically start when restarting OS X.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>Label</key>
<string>fetchmail</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>1</integer>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/bin/fetchmail</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/fetchmail</string>
<string>-f</string>
<string>/private/var/fetchmail/.fetchmailrc</string>
<string>-s</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>superuser</string>
</dict>
</plist>
Configuring .fetchmailrc
Create as superuser, or the username you choose for UserName in the fetchmail.plist file, in /private/var/fetcmail the .fetcmailrc file.
Change the ACL of the .fetchmailrc file with sudo chmod 0710 /private/var/fetchmail/.fetchmailrc.
Start with the example below, extensive documentation about fetchmail can be found here.
Line 1 smtphost 127.0.0.1 results in that default e-mails are forwarded to smtp server 127.0.0.1 the SMTP server running on this system, thus your Kerio Connect server. The keyword keep will make fetchmail not to delete e-mails by default when downloaded from the server.
Line 2 Logging will be done to syslog, on OS X this is /var/log/system.log
Line 3 Fetchmail will poll with an interval of 60 seconds.
Line 8 Mail is polled from exchange server mail.exchange-server.com at port 143. Replace these values corresponding with your exchange server.
Line 9 Fetchmail authenticates against exchange using the username exchusername and password exchusrpwd. Replace these values with the values for the exchange user wherefore you want forward the e-mail to your Kerio Connect account. Replace the e-mail address kerio_user@kerio_domain.com with the e-mail address of the user whereto you want to forward the mail.
defaults keep smtphost 127.0.0.1
set syslog
set daemon 60
set no bouncemail
set no spambounce
## Exchange 2010 Server using IMAP
poll mail.exchange-server.com proto imap port 143:
auth password user 'exchusername' with password 'exchusrpwd' sslproto TLS1 sslcertck sslcertpath /private/var/fetchmail/certs smtpname kerio_user@kerio_domain.com
nokeep
Install SSL Certificates
To run fetchmail as a daemon, it must be able to verify the SSL certificates of the Exchange server. Go (as superuser) to the directory /private/var/fetchmail/certs, if necessary create the folder certs under fetchmail. Show the certificates of your Exchange (IMAP) server by issuing the instruction openssl s_client -connect mail.exchange-server.com:143 -showcerts. If you get a SSL23_GET_SERVER_HELLO:unknown protocol error, try port 443 instead. Now you have to retrieve the certificate of the root CA, which can be identified by string issuer=.
in the output of the openssl instruction. In my case this the issuer is /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/CN=USERTrust Legacy Secure Server CA, wherefore the root certificates can be found at http://www.entrust.net/developer/index.cfm. When you have another issuer, google on the keywords root certificate and the Canonical Name of the issuer, which is the part after CN=. Cut and paste the Base-64 encoded version of the certificate into a file with a filename containing the name of the issuer and extension .pem. e.g. entrust_2048_ca.pem
Now execute c_rehash /private/var/fetchmail/certs to hash the certificates.
Configure Relay Control
For Kerio Connect you have to configure Relay Control to accept SMTP forwarding from local clients. Login to your Kerio Connect Administration page and go to Configuration -> SMTP Server -> Relay Control and select Users from IP address group "local clients". Select Edit and verify that local client 127.0.0.1 is in the list.
Testing time !
You are almost done, test the configuration by running fetchmail in the foreground by executing /usr/local/bin/fetchmail -vvvv --nodetach -f /private/var/fetchmail/.fetchmailrc --nosyslog. Check if there are no errors in the output, specifically for Server certificate verification error. If you see this, you have not yet loaded the correct certificates. Fetchmail wil report in the line preceding the error the common name of the certificate which is missing. After adding another certificate, do not to forget to execute c_rehash /private/var/fetchmail/certs.
Now you can start the daemon with launchctl load /Library/LaunchDaemons/fetchmail.plist and you are done!
Tweet
blog comments powered by Disqus