#!/bin/sh
# ~jhs/bin/.sh/fetchmail.sh		by Julian H. Stacey
# http://berklix.com/~jhs/bin/.sh/fetchmail.sh

# JJLATER add checks if enough space:
#	 df /var/mail/jhs /crypt/fs/1700m/home/jhs

# Fetches mail from POP servers.
# Can be called manually.  Normaly called by crontab. Try crontab -e

# First check we have somewhere to save the mail, as if on a laptop with an
# encrypted partition, if no password was given there's no FS to save in.
# Don't skip the next test, thinking crontab from /var won't find
# this /home/jhs/bin/.sh/fetchmail.sh if the encrypted file system
# is not mounted. Fetchmail.sh is public in ~/public_html on
# more systems, whereas ~/mail is private.

# check=/home/jhs/mail/Makefile
# above obsolete, used till 2012-07-27
# was OK for travelling as host=lapr.no.berklix.net,
# but no good for return to using host=gate
# new below should be OK for gate & lapr:
check=/home/jhs/bin/.sh/fetchmail.sh
# One could posit: no point checking one's self, as if not there to
# execute, not there to be tested, but some day this script might
# migrate from ~jhs/bin to /usr/local/bin, & the one would still need
# to check existence of something within /home or /home/jhs/

if [ -e $check ]; then # {
	# Only fetch mail if there is a place to store it.
	# On a travelling laptop, with an encrypted file systems,
	# it asks for the password at boot, & if the password is wrong,
	# it will still boot, but only with a ~root, & even a minimal
	# ~jhs/ , but without the mounted encryped file system where ~jhs/mail
	# symbolic link points to, so if $check does not exist,
	# do not fetch mail
	true
else	# }{
	echo "fetchmail.sh: $check not mounted" | \
		mail -s "fetchmail.sh: unmounted $check" root
	exit 1
fi	# }

# Sometimes the connection is down
# (eg @ night for security, when link not needed).
# No connection used to cause /usr/local/bin/fetchmail when called
# direct from crontab to bleat, eg :
#	"fetchmail: Query status=2 (SOCKET)"
# so this script does a ping first to check line is up.

# Even when line is up, each direct /usr/local/bin/fetchmail produced mail with
#	Subject: Cron <jhs@lapr> /usr/local/bin/fetchmail
#	From: Cron Daemon <jhs@lapr.no.berklix.net>
#	To: jhs@lapr.no.berklix.net
#
#	fetchmail: No mail for jhs-pop at slim.berklix.org
#	fetchmail: No mail for jhs-pop at land.berklix.org
#	fetchmail: No mail for jhs-list at slim.berklix.org
#	fetchmail: No mail for jhs-list at land.berklix.org

# Bug: After an overnight ftp filled /usr I saw:
#	/home/jhs/.fetchmail.pid: File exists
#	At that point I also need to rm /home/mk/.fetchmail.pid

# In case one mail server is down, & 1 up, do a ping per host,
# to avoid error messages about host that is down.

ping="/sbin/ping -q -c 1"
	# -q doesnt make it completely quiet,
	# I do not want it creating output that winds up as mail,
	# so I need the redirect.

case `uname -r` in   #{
	# brackets.c: (
	"6.4-RELEASE")	#{
		# Client does not support syntax --nosslcertck
		# Client does support syntax:
		#  --ssl	enable ssl encrypted session
		#  --sslkey	ssl private key file
		#  --sslcert	ssl client certificate
		#  --sslcertck	do strict server certificate check
		#    (recommended)
		#  --sslcertpath path to ssl certificates
		#  --sslfingerprint fingerprint that must match that of
		#    the server's cert.
	#  --sslproto	force ssl protocol (SSL2/SSL3/TLS1)
		nossl=""
		;;	#}
	# brackets.c: (
	"9.2-RELEASE")	#{	Guessed
		nossl=""
		;;	#}
	# brackets.c: (
	"9.3-RELEASE")	#{	Guessed
		nossl=""
		;;	#}
	# brackets.c: (
	"12.2-RELEASE") #{
		nossl="--nosslcertck"
		;;	#}
	# brackets.c: (
	"12.2-STABLE")	#{
		# Client host Lapr to server host Slim 10.3-STABLE
		# failed without this:
		nossl="--nosslcertck"
		# Alternate: nossl="--sslproto ''"
		# To avoid:
		#  fetchmail: POP3< -ERR TLS support isn't enabled.
		#  fetchmail: TLS support isn't enabled.
		#  fetchmail: slim.berklix.org: upgrade to TLS failed.
		# 12.2-STABLE man fetchmail:
		#  "(Keyword: no sslcertck, only in v6.4.X)
		#  The opposite of --sslcertck, this is a discouraged
		#  option. It permits fetchmail to continue connecting
		#  even if the server certificate failed the
		#  verification checks.	Should only be used together
		#  with --sslfingerprint."
		;;	#}
	"12.3-RELEASE")	#{
		nossl="--nosslcertck"
		;;	#}
	"12.4-STABLE")	#{
		nossl="--nosslcertck"
		;;	#}
	"12.4-RELEASE")	#{
		nossl="--nosslcertck"
		;;	#}
	"13.0-CURRENT") #{	Guessed
		nossl="--nosslcertck"
		;;	#}
	"14.0-CURRENT") #{	Guessed
		nossl="--nosslcertck"
		;;	#}
	# brackets.c: (
	*)	#{
		echo "fetchmail.sh: extend case statement" | \
			mail -s "fetchmail.sh: extend case statement" root
		exit 1
		;;	#}

	esac	# }

# fetchm="/usr/local/bin/fetchmail -s -p POP3 $nossl"
# fetchm="/usr/local/bin/fetchmail -p POP3"
fetchm="/usr/local/bin/fetchmail"
	# No -p POP3 now each .fetchmailrc block specifies PO3 or IMAP
	# $nossl	no longer needed now .fetchmailrc blocks fetching from
	#		berklix each have "no sslcertck"
	# -s		--silent
	# -p POP3	avoids error reports trying IMAP.
	# -v		--verbose
	# If route is down, stderr error warning goes to mail of mk

if [ "X$*" = "X" ]; then # {
	# echo "No hosts named, so fetching all hosts in ~/.fetchmailrc"
	# $ping berklix.org > /dev/null && $fetchm
	# As the above ping fails when my solne name server fails,
	# its better to ping elsewhere.
	$ping bbc.com > /dev/null && $fetchm
else	# }{
	# echo "Specific hosts named, fetching only those."
	for i in $* ; do
		$ping $i > /dev/null && $fetchm $i
		done
fi	# }

exit 0