being spoofed?

chris coleman christocoleman at
Mon Oct 1 07:27:02 BST 2012

Dmitri wrote:

Noticed offlineimap failing with

ERROR: Server SSL fingerprint
'6d1b5b5ee0180ab493b71d3b94534b5ab937d042' for hostname
'' does not match configured fingerprint. Please verify
and set 'cert_fingerprint' accordingly if not set yet.

I have in my .offlineimaprc

Repeated attempts to connect only succeed if I set maxconnections = 1.
With maxconnections = 5 I see the above error popping up halfway the
offlineimap session
(different threads hit different certs, I suppose).

Is it a genuine hacking attempt going on, or some misconfiguration somewhere?

Any easy way to gather extra info on these connections?
(I program in Python, but I have no time to read and modify
offlineimap, at least not now...)

Hi Dmitri,

Here are the steps to manually verify that gmail SSL certificate.

Note that is accessible at 2 different ip addresses.

So you should check both of them, by IP address, not by the hostname..

Let us know what you find out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the OfflineIMAP-project mailing list