Fetchmail and Exchange

Im trying to configure fetchmail to work with an Exchange 2016 server with the configuration

poll XXXX.XXXcom protocol pop3 user “XXX@XXXorg” there with password XXXXX is HendGrow here mda ‘/opt/rt5/bin/rt-mailgate --url http://XXXX --queue “General” --action correspond’

but when I run “sudo fetchmail -f /etc/fetchmailrc” I get
fetchmail: Connection errors for this poll:
name 0: connection to XXX.XXXXcom:pop3 [XX.XX.XX.X/110] failed: Connection refused.
POP3 connection to XXx.XXXcom failed: Connection refused
fetchmail: Query status=2 (SOCKET)

I’ve seen posts saying I may need a recieve connector or a relay connector but none that actually explains the whole set up.

Is POP3 enabled on your Exchange server – or is your server allowed to connect by any firewall policy?

A quick test is that if you try to connect with telnet (for instance):

% telnet localhost pop3 
Trying ::1...
telnet: connect to address ::1: Connection refused
telnet: connect to address Connection refused
telnet: Unable to connect to remote host

and the connection fails INSTANTLY, you aren’t able to talk to the service at all (so look at server-side config or firewall policy).

I’ve got pop3 enabled and running but now im getting
fetchmail: Authorization failure on XXX@XXXX@mail.XXXX.org
fetchmail: For help, see The Fetchmail FAQ
fetchmail: Query status=3 (AUTHFAIL)

the site says to add auth “cram-md5” or auth “password” to the rcfile but I dont know where

I don’t know if this helps at all, but an example mailbox I had in my fetchmail config file was:

poll mailserver with proto imap
     user "sAMAccountName" with password "hunter2" \
     is localpart-in-aliases-file here keep

I had some global settings above that, which are maybe useful for you; maybe not:

defaults proto imap
    sslproto tls1
    sslcertpath /etc/ssl
    no sslcertck
    # get the fingerprint with this command:
    # fetchmail --ssl -v -p imap -P 993 -u sAMAccountName \
    #     mailserver | grep -i fingerprint
    sslfingerprint 'DA:08:DF:6D:B6:D9:F2:C3:22:7F:2E:77:D3:E7:0F:88'

The basic gist of this is that I required SSL with the mail server but pinned a cert fingerprint instead of trusting that the cert validated (due to an obsolete situation with an internal cert with a name mismatch). It took some effort to figure out at the time, so hopefully it saves you a minute.

Im currently using pop3 but I might move to Imap, but I think right now I have to figure out what type of authentication is being used by the exchange server