5
fetchmail logs showing a Tor exit node is compromised - SDF Chatter
lemmy.sdf.orgThis is what my fetchmail log looks like today (UIDs and domains obfuscated):
fetchmail: starting fetchmail 6.4.37 daemon fetchmail: Server certificate
verification error: self-signed certificate in certificate chain fetchmail:
Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This
could mean that the root CA's signing certificate is not in the trusted CA
certificate location, or that c_rehash needs to be run on the certificate
directory. For details, please see the documentation of --sslcertpath and
--sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL
reported: error:0A000086:SSL routines::certificate verify failed fetchmail:
server4.com: SSL connection failed. fetchmail: socket error while fetching from
user4@server4.com@server4.com fetchmail: Query status=2 (SOCKET) fetchmail:
Server certificate verification error: self-signed certificate in certificate
chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3
fetchmail: This could mean that the root CA's signing certificate is not in the
trusted CA certificate location, or that c_rehash needs to be run on the
certificate directory. For details, please see the documentation of
--sslcertpath and --sslcertfile in the manual page. See README.SSL for details.
fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify
failed fetchmail: server3.com: SSL connection failed. fetchmail: socket error
while fetching from user3@server3.com@server3.com fetchmail: Server certificate
verification error: self-signed certificate in certificate chain fetchmail:
Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This
could mean that the root CA's signing certificate is not in the trusted CA
certificate location, or that c_rehash needs to be run on the certificate
directory. For details, please see the documentation of --sslcertpath and
--sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL
reported: error:0A000086:SSL routines::certificate verify failed fetchmail:
server2.com: SSL connection failed. fetchmail: socket error while fetching from
user2@server2.com@server2.com fetchmail: Query status=2 (SOCKET) fetchmail:
Server certificate verification error: self-signed certificate in certificate
chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3
fetchmail: This could mean that the root CA's signing certificate is not in the
trusted CA certificate location, or that c_rehash needs to be run on the
certificate directory. For details, please see the documentation of
--sslcertpath and --sslcertfile in the manual page. See README.SSL for details.
fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify
failed fetchmail: server1.com: SSL connection failed. fetchmail: socket error
while fetching from user1@server1.com@server1.com fetchmail: Query status=2
(SOCKET) In principle I should be able to report the exit node somewhere. But I
don’t even know how I can determine which exit node is the culprit. Running nyx
just shows some of the circuits (guard, middle, exit) but I seem to have no way
of associating those circuits with fetchmail’s traffic. Anyone know how to track
which exit node is used for various sessions? I could of course pin an exit node
to a domain, then I would know it, but that loses the benefit of random
selection.
Thanks for the tip. The info would be gone now but I’ll try that next time it happens.