<DKIM> Cannot use offlineimap with gmail
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Wed May 3 19:15:37 BST 2017
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Wed, May 3, 2017 at 6:08 PM, Ilias Tsitsimpis <i.tsitsimpis at gmail.com> wrote:
> Hi Luke, Sridhar,
>
> On Wed, May 03, 2017 at 04:17PM, Luke Kenneth Casson Leighton wrote:
>> On Wed, May 3, 2017 at 1:35 PM, Sridhar M. A. <alaymari at gmail.com> wrote:
>> > But, the problem I notice is that everytime I run offlineimap, the
>> > fingerprint keeps changing
>>
>> there's absolutely no way that google would be changing the SSL
>> certificate every hour. the complaints would be absolutely
>> catastrophic.
>>
>> thus the only logical conclusion that can be reached is that someone
>> in between you and imap.gmail.com is hijacking the SSL connection and
>> carrying out a man-in-the-middle attack.
>
> This is not necessarily because of a man-in-the-middle attack.
> imap.gmail.com resolves to more that one IPs, and depending on which one
> is being used, the certificate changes. See for example:
ahh that makes sense. i wasn't aware that the fingerprint changes
per IP address. so... one possible "solution" would be to use a fixed
IP address instead... but yes i'd agreee the ca-certificate would be
much, much better.
l.
More information about the OfflineIMAP-project
mailing list