Bug#1076604: fetchmail: “configuration invalid, you normally need --ssl for port 995” ← probably incorrect msg

[Manny]

Package: fetchmail
Version: 6.4.37-1
Severity: minor
Tags: upstream
X-Debbugs-Cc: debbug.fetchm...@sideload.33mail.com

This warning:

  fetchmail: WARNING: pop.yandex.com configuration invalid, you normally need 
--ssl for port 995/service pop3s.

is triggered by this configuration stanza:

  poll pop.yandex.com
          no dns
          plugin         "socat STDIO SOCKS4A:127.0.0.1:%h:%p,socksport=9050"
          protocol       pop3
          port           995
          username       manny
          sslproto       'SSL3+'
          sslcertck
          sslfingerprint "94:6A:CF:B1:A7:BE:30:11:B5:E0:B1:F9:0C:3B:37:B7"
          fetchall

The 'SSL3+' is not accidental or arbitrary. It is there after a
struggle with the normal parameters (“ssl”) and experimentation found
SSL3+ was necessary in order to establish a connection. I stopped
using Yandex when they started blocking Tor years ago, so it’s unclear
whether “SSL3+” still needed. But that’s irrelevant anyway.

The problem is that fetchmail is making a false assertion. It’s a
nuance of English but fetchmail cannot know for certain if this stanza
is an “invalid” config. The warning should probably be rephrased to
say something like “the configuration is unusual and possibly
incorrect…” And even then, it’s a bit annoying to see this warning
every invocation. IMO it would be more appropriate to put the warning
in the logs, not print to the screen. Or perhaps have a separate CLI
option just for checking the config file.

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fetchmail depends on:
ii  adduser                    3.134
ii  debianutils                5.7-0.5~deb12u1
ii  init-system-helpers        1.65.2
ii  libc6                      2.36-9+deb12u7
ii  libcom-err2                1.47.0-2
ii  libgssapi-krb5-2           1.20.1-2+deb12u1
ii  libkrb5-3                  1.20.1-2+deb12u1
ii  libssl3                    3.0.11-1~deb12u2
ii  lsb-base                   11.6
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages fetchmail recommends:
ii  ca-certificates  20230311

Versions of packages fetchmail suggests:
pn  fetchmailconf                   <none>
ii  postfix [mail-transport-agent]  3.7.10-0+deb12u1
ii  systemd-resolved [resolvconf]   252.22-1~deb12u1

-- no debconf information