How to use fetchmail with Tor email services

tags: tor, mail, fetchmail

This post describes how to fetch mail from the Tor mail services such as via POP3.

Used tools are:


I’ve added the following lines to my /etc/tor/torrc

TransPort 9051 IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
DNSPort 9053
AutomapHostsOnResolve 1

This causes Tor to open UDP port 9053 and listens for DNS requests. Tor’s DNS resolver handles A, AAAA, and PTR requests only.

When you perform a DNS lookup of the .onion domain against Tor’s DNSPort, Tor creates a temporary internal mapping, linking random IP address from the range to that .onion hostname.


dig +short A protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion -p 9053  @


To allow applications transparently connects to Tor services, redirect all traffic to to TransPort 9051 defined in /etc/tor/torrc:

iptables -t nat -A OUTPUT -d -p tcp -j REDIRECT --to-ports 9051

TLS certificates and fingerprints

Get mail server certificate and put it into cert.pem:

echo | openssl s_client \
    -servername \
    -connect 2>/dev/null \
| openssl x509 -text \
| sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.pem

Get certificate MD5 finger print

openssl x509 -in cert.pem -noout -md5 -fingerprint



poll xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion with proto POP3
    user '' there with password c00lp055w0rd
    is 'vasiok' here
    options ssl
    sslfingerprint "DC:78:45:BE:CF:DE:5C:BA:71:7F:66:50:D6:EC:CD:64"

fetch mail

fetchmail -v