<DKIM> Cannot use offlineimap with gmail

Luke Kenneth Casson Leighton lkcl at lkcl.net
Wed May 3 19:15:37 BST 2017


---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68


On Wed, May 3, 2017 at 6:08 PM, Ilias Tsitsimpis <i.tsitsimpis at gmail.com> wrote:
> Hi Luke, Sridhar,
>
> On Wed, May 03, 2017 at 04:17PM, Luke Kenneth Casson Leighton wrote:
>> On Wed, May 3, 2017 at 1:35 PM, Sridhar M. A. <alaymari at gmail.com> wrote:
>> > But, the problem I notice is that everytime I run offlineimap, the
>> > fingerprint keeps changing
>>
>>  there's absolutely no way that google would be changing the SSL
>> certificate every hour.  the complaints would be absolutely
>> catastrophic.
>>
>>  thus the only logical conclusion that can be reached is that someone
>> in between you and imap.gmail.com is hijacking the SSL connection and
>> carrying out a man-in-the-middle attack.
>
> This is not necessarily because of a man-in-the-middle attack.
> imap.gmail.com resolves to more that one IPs, and depending on which one
> is being used, the certificate changes. See for example:

 ahh that makes sense.  i wasn't aware that the fingerprint changes
per IP address.  so... one possible "solution" would be to use a fixed
IP address instead... but yes i'd agreee the ca-certificate would be
much, much better.

l.




More information about the OfflineIMAP-project mailing list