[imapfilter-devel] Infinite Loop when Cert expires

David DeSimone fox at verio.net
Tue Apr 25 17:19:53 EEST 2006

I normally run imapfitler in daemon mode.  When I start the program, I
have it prompt for my password and then enter daemon mode:

    imap.password = get_pass("Enter imap password: ")

    daemon_mode(45, do_mail)

[... do_mail routine omitted for brevity ...]

Our IMAP server uses SSL on port 993.  Recently, the server's SSL
certificate was allowed to expire for a few days until an administrator
noticed the problem and installed the correct certificate.  After that
point, imapfilter stopped working correctly, and appeared to go into an
infinite loop.

When imapfilter was restarted, it would prompt for my password, then go
into daemon mode and again go into an infinite loop.

Only after restructuring the above like so:

    imap.password = get_pass("Enter imap password: ")


Then, imapfilter prompted for my pasword, then prompted due to an error:

    ATTENTION: SSL/TLS certificate fingerprint mismatch.
    Proceed with the connection (y/n)? y

I imagine that this prompting makes no sense in daemon mode, but the
program was probably trying to prompt me anyway.  I think the right
thing to do would be to log an error to syslog and then exit.

Incidentally, imapfilter would not install the new certificate into its
cache until I removed the old one from the .imapfilter/certificates file
manually.  Only then did it prompt me for what to do:

    Server key fingerprint: 7E:74:52:BB:B5:2C:C1:07:B5:A3:A8:34:16:C4:B1:97
    (R)eject, accept (t)emporarily or accept (p)ermanently? 

I'm not sure why imapfilter would hold on to an old, expired
certificate.  But that seems the lesser issue here.

Imapfilter version 1.0.1.

David DeSimone == Network Admin == fox at verio.net
  "It took me fifteen years to discover that I had no
   talent for writing, but I couldn't give it up because
   by that time I was too famous.  -- Robert Benchley

More information about the Imapfilter-devel mailing list