<DKIM> Cannot use offlineimap with gmail

Luke Kenneth Casson Leighton lkcl at lkcl.net
Wed May 3 16:17:25 BST 2017


On Wed, May 3, 2017 at 1:35 PM, Sridhar M. A. <alaymari at gmail.com> wrote:
> On Mon, May 01, 2017 at 10:44:20PM +0530, Sridhar M. A. wrote:
>    > On Mon, May 01, 2017 at 02:28:47PM +0100, Luke Kenneth Casson Leighton wrote:
>    >    > https://wiki.archlinux.org/index.php/OfflineIMAP#SSL_fingerprint_does_not_match
>    >    >
>    >    > http://blog.developwithpassion.com/2014/12/18/quickly-fix-offlineimap-ssl-fingerprint-error-in-tmux/
>    >    >
>    > I looked at them both. I will try replacing the fingerprint and see how
>    > it goes.
>    >
> I replaced the fingerprint (as indicated by the error output) and the
> mail sync worked.
>
> But, the problem I notice is that everytime I run offlineimap, the
> fingerprint keeps changing

 there's absolutely no way that google would be changing the SSL
certificate every hour.  the complaints would be absolutely
catastrophic.

 thus the only logical conclusion that can be reached is that someone
in between you and imap.gmail.com is hijacking the SSL connection and
carrying out a man-in-the-middle attack.

 it could be absolutely anywhere in between your computer and
imap.gmail.com, so candidates include *your own computer* (which may
have been compromised with a rootkit), the router in your office, the
office server, the office's ISP, the router in between your ISP and
gmail... absolutely anywhere.

 perhaps it might be time to consider if you'd like to bring this to
the attention of your employer (if you are allowed permission to be
*running* offlineimap from within the office) so you'll have to think
carefully about that.

l.




More information about the OfflineIMAP-project mailing list