UPDATE (22-09-2012 By Bart Tuts)
--------------------------------

I noticted that I haven't been getting any more forwards from my student.kuleuven.be e-mail address. Nothing had changed in the configuration, but it appears there was a problem with the certificates. You can run a test and fix it if necessary by doing the following:
1) log in to your ulyssis account (or other shell server on which you're running fetchmail)
2) fetchmail --quit (to quit the fetchmail daemon)
3) fetchmail -d0 -vk (run fetchmail once and immediately and output info/warnings/error) -> this is where I saw there was a problem with the SSL certificates. If you see no errors here, you can skip to step 6. If you're unsure, just continue with step 4. There should be no danger in executing step 4 and 5 even if they're not necessary. 
4) c_rehash ~/.certs/ (to rehash the certificates as suggested in the error message in step 3)
5) fetchmail -d0 -vk (to verify that it's working correctly now)
6) fetchmail (to start up the daemon so it will start forwarding automatically)

Questions/corrections/updates welcome at my firstname dot lastname and then gmail

Receiving your K.U.Leuven e-mail into your Gmail inbox
______________________________________________________

Check these links for a more verbose explanation: (aka my sources)

(1) http://www.axllent.org/docs/networking/gmail_pop3_with_fetchmail
(2) http://nsaunders.wordpress.com/2008/06/17/linux-tip-forward-email-from-m-exchange-server-to-gmail/

Shell
-----

You must have a shell account with fetchmail at your disposal.
Get one from http://www.ulyssis.be/ for 7,50 euro/year.

A list of free unix shells: http://www.red-pill.eu/freeunix.shtml
I haven't tested those.
http://ninthfloor.org/
http://www.geekshells.org/

Note: You'll be putting your KULeuven password in a file on these machines, 
so personally I advice you to use a ulyssis.org account, 
even though you have to pay for it. --Bart

Test whether fetchmail supports ssl:

  ldd /usr/bin/fetchmail | grep ssl

Getting the certificates (1)
------------------------

Create a directory to put your certificates:

  mkdir ~/.certs
  cd ~/.certs

The following command shows the two necessary certificates:

  openssl s_client -connect imaps.student.kuleuven.be:993 -showcerts

Both of them must be put in a .pem file. See (1) or copy/paste the following.

Put it in ~/.certs/imapkul.pem, including "-----BEGIN CERTIFICATE-----" and
"-----END CERTIFICATE-----".

-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgIRAO9jeLoMe4QH+7JLTZqJNlQwDQYJKoZIhvcNAQEFBQAw
NjELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRFUkVOQTEWMBQGA1UEAxMNVEVSRU5B
IFNTTCBDQTAeFw0xMDAyMTkwMDAwMDBaFw0xMzAyMTgyMzU5NTlaMIGcMQswCQYD
VQQGEwJCRTEPMA0GA1UEBxMGTGV1dmVuMScwJQYDVQQKEx5LYXRob2xpZWtlIFVu
aXZlcnNpdGVpdCBMZXV2ZW4xLzAtBgNVBAsTJkNvbXBldGVuY2UgQ2VudHJlIElu
Zm9ybWF0aW9uIFNlY3VyaXR5MSIwIAYDVQQDExlpbWFwcy5zdHVkZW50Lmt1bGV1
dmVuLmJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyY7nsy4J0Vh5
lHV8pi16JiwT2/OBsIHIj5/B4G9wnlThllQpXC2Qdq+9RvJECeSfeA2Y+WH1rWj4
I0uTwPwmjm5CnfnqCXxSZ84DCMjLWANtkPfukjjm/Jo4rL5563OqPDhD87iyruTN
Bk5TT5RF8MKKRl4bzgBrkXUw87tHERMUl7IgY4mEAAJwZLpu7MPe4QwBu9UfDqV2
l8/9sjAXj2OPQSjLsolfKwaaOzYARSEF1scCBN8Vw0G5EOKxAAumFALy0+5LMhPb
a+QxJpPF+edZBRO4UTIcTEs7la28WBsnkYULtR5F7Cahj/EdHbuJw85iDEL+ZP4x
lkRCf9TvTQIDAQABo4IBbDCCAWgwHwYDVR0jBBgwFoAUDL2TaAzz3qujSWsrN1dH
6pDjue0wHQYDVR0OBBYEFChINnVZo5iGeKyx/uisRrRFwGmwMA4GA1UdDwEB/wQE
AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMG0GCCsGAQUF
BwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3MudGVyZW5hLm9yZy9U
RVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRjcy50ZXJl
bmEub3JnMCQGA1UdEQQdMBuCGWltYXBzLnN0dWRlbnQua3VsZXV2ZW4uYmUwDQYJ
KoZIhvcNAQEFBQADggEBACY2VJNnZnEVFm2H+sTHNaTZVDwm8PwIo8dyn437QtbQ
hKu1/5Fna7Rhb4X3KPvKc7kE99Vcka+J6T4X1bvrZ1K3WUcAUmZyV60xvrfABo1p
awkFIDB6weomk2lX5rpXsd+XE8dVigEIBsG0apsYWdY0aJqyTN4lWkOsufLioZf3
Fxx/vmYfzzzkyvSqLGSko1DeENFuWydn+SWKW03wluJDjmOhVfvbqAoqjO0X1RG0
PEH9mo2+Jqqtnv8oTbHb/p1uTNWtD7asziWevW1g6TOlB4o4KWOMcLg1E8WfdTkN
XWlhnf9b1bWPN1Spsl95wcuSltud5ZDPUCC4jVTWz18=
-----END CERTIFICATE-----

The same, put it in ~/.certs/terna-ssl-ca.pem

-----BEGIN CERTIFICATE-----
MIIEmDCCA4CgAwIBAgIQS8gUAy8H+mqk8Nop32F5ujANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHdhcmUwHhcNMDkwNTE4MDAwMDAwWhcNMjAwNTMwMTA0ODM4WjA2MQswCQYD
VQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+NIxC9cwcupmf0booNd
ij2tOtDipEMfTQ7+NSUwpWkbxOjlwY9UfuFqoppcXN49/ALOlrhfj4NbzGBAkPjk
tjolnF8UUeyx56+eUKExVccCvaxSin81joL6hK0V/qJ/gxA6VVOULAEWdJRUYyij
8lspPZSIgCDiFFkhGbSkmOFg5vLrooCDQ+CtaPN5GYtoQ1E/iptBhQw1jF218bbl
p8ODtWsjb9Sl61DllPFKX+4nSxQSFSRMDc9ijbcAIa06Mg9YC18em9HfnY6pGTVQ
L0GprTvG4EWyUzl/Ib8iGodcNK5Sbwd9ogtOnyt5pn0T3fV/g3wvWl13eHiRoBS/
fQIDAQABo4IBPjCCATowHwYDVR0jBBgwFoAUoXJfJhsomEOVXQc31YWWnUvSw0Uw
HQYDVR0OBBYEFAy9k2gM896ro0lrKzdXR+qQ47ntMA4GA1UdDwEB/wQEAwIBBjAS
BgNVHRMBAf8ECDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wRAYD
VR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VS
Rmlyc3QtSGFyZHdhcmUuY3JsMHQGCCsGAQUFBwEBBGgwZjA9BggrBgEFBQcwAoYx
aHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VUTkFkZFRydXN0U2VydmVyX0NBLmNy
dDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG
9w0BAQUFAAOCAQEATiPuSJz2hYtxxApuc5NywDqOgIrZs8qy1AGcKM/yXA4hRJML
thoh45gBlA5nSYEevj0NTmDa76AxTpXv8916WoIgQ7ahY0OzUGlDYktWYrA0irkT
Q1mT7BR5iPNIk+idyfqHcgxrVqDDFY1opYcfcS3mWm08aXFABFXcoEOUIEU4eNe9
itg5xt8Jt1qaqQO4KBB4zb8BG1oRPjj02Bs0ec8z0gH9rJjNbUcRkEy7uVvYcOfV
r7bMxIbmdcCeKbYrDyqlaQIN4+mitF3A884saoU4dmHGSYKrUbOCprlBmCiY+2v+
ihb/MX5UR6g83EMmqZsFt57ANEORMNQywxFa4Q==
-----END CERTIFICATE-----

The same, put it in ~/.certs/usertrust.pem

-----BEGIN CERTIFICATE-----
MIIEPDCCAySgAwIBAgIQSEus8arH1xND0aJ0NUmXJTANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTA1MDYwNzA4MDkxMFoXDTIwMDUzMDEwNDgzOFow
gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl
IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY
aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0
LUhhcmR3YXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsffDOD+0
qH/POYJRZ9Btn9L/WPPnnyvsDYlUmbk4mRb34CF5SMK7YXQSlh08anLVPBBnOjnt
KxPNZuuVCTOkbJex6MbswXV5nEZejavQav25KlUXEFSzGfCa9vGxXbanbfvgcRdr
ooj7AN/+GjF3DJoBerEy4ysBBzhuw6VeI7xFm3tQwckwj9vlK3rTW/szQB6g1ZgX
vIuHw4nTXaCOsqqq9o5piAbF+okh8widaS4JM5spDUYPjMxJNLBpUb35Bs1orWZM
vD6sYb0KiA7I3z3ufARMnQpea5HW7sftKI2rTYeJc9BupNAeFosU4XZEA39jrOTN
SZzFkvSrMqFIWwIDAQABo4GqMIGnMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8D
veAky1QaMB0GA1UdDgQWBBShcl8mGyiYQ5VdBzfVhZadS9LDRTAOBgNVHQ8BAf8E
BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v
Y3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwDQYJ
KoZIhvcNAQEFBQADggEBADzse+Cuow6WbTDXhcbSaFtFWoKmNA+wyZIjXhFtCBGy
dAkjOjUlc1heyrl8KPpH7PmgA1hQtlPvjNs55Gfp2MooRtSn4PU4dfjny1y/HRE8
akCbLURW0/f/BSgyDBXIZEWT6CEkjy3aeoR7T8/NsiV8dxDTlNEEkaglHAkiD31E
NREU768A/l7qX46w2ZJZuvwTlqAYAVbO2vYoC7Gv3VxPXLLzj1pxz+0YrWOIHY6V
9+qV5x+tkLiECEeFfyIvGh1IMNZMCNg3GWcyK+tc0LL8blefBDVekAB+EcfeEyrN
pG1FJseIVqDwavfY5/wnfmcI0L36tsNhAgFlubgvz1o=
-----END CERTIFICATE-----

  nano ~/.certs/imapkul.pem
  nano ~/.certs/terna-ssl-ca.pem
  nano ~/.certs/usertrust.pem
And paste the above certificates respectively.
You can also create those files on your desktop and copy them over
by using FileZilla or any other ftp client.

Add the root certificate to complete the chain. This step works on Ulyssis.
  cp /etc/ssl/certs/AddTrust_External_Root.pem ~/.certs/

Alternative: (unnecessary if the above command worked)
  nano ~/.certs/AddTrust_External_Root.pem
create the file and add the following certificate:

-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJT
RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5h
bCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzEL
MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1B
ZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1
c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8
k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50
ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504
B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDez
eWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5
aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB
3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQD
AgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6
xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdv
cmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJ
KoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5R
xNKWt9x+Tu5w/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjT
K3rMUUKhemPR5ruhxSvCNr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1
n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHx
REzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49O
hgQ=
-----END CERTIFICATE-----

Rehash all the certificates so they can be used.

  c_rehash ~/.certs/

Testing certificates (1)
--------------------

You can test the certificates:

  openssl s_client -connect imaps.student.kuleuven.be:993 -CApath ~/.certs/

The last line must be: * OK The Microsoft Exchange IMAP4 service is ready.
Ctrl-c to return to the console.

Create configuration (2)
--------------------

Create a fetchmail configuration file:

  nano ~/.fetchmailrc

Put the following into the file with your correct info after username, password and smtpname


# set polling time (10 minutes)
set daemon 600
poll imaps.student.kuleuven.be port 993 protocol imap username "s0190303" password "yourPasswordHere" smtpname "your.address@gmail.com" ssl sslcertck keep sslcertpath .certs/

Note: the "keep" option tells fetchmail to keep each e-mail in your kuleuven account, 
even after it has been forwarded (it will automatically be marked as read)
If you don't want to keep the original, just leave out the word "keep" in of the above line.


Change the access rights: (IMPORTANT!)

  chmod 600 ~/.fetchmailrc

Start the deamon:

  fetchmail

No output on the screen is expected.

And you can use the following command to check your configuration
if something went wrong.

  fetchmail --configdump

Some more interesting commands:

fetchmail --quit
kill the fetchmail daemon

fetchmail -d0 -vk (after doing fetchmail --quit)
immediately poll the server for new e-mails, forward them but keep a copy on the server. 
Also fetchmail will print out in detail what it is doing. This is useful for debugging.

Restart fetchmail after server reboot
-------------------------------------

For some reason this doesn't work like expected for me,
however you will receive an e-mail with an error message when the server is rebooted.
This way you will know when you need to restart fetchmail.

You can edit your crontab file by doing:
  crontab -e

Add the following line to you crontab file:

@reboot fetchmail

Save.

Security certificate changed (2010-03-15)
----------------------------

fetchmail stopped working because the certificates changed:

fetchmail: Server certificate verification error: unable to get local issuer certificate
19695:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:951:
fetchmail: SSL connection failed.

To fix this, replace the certificate in: (see above for new one)
  ~/.certs/imapkul.pem

Remove the old unnecessary ones:
  rm ~/.certs/cybertrust-educational.pem
  rm ~/.certs/sureserverEDU.pem
  rm ~/.certs/ct_root.pem

And add those 2 new certificates: (see above for copy/paste)
  nano ~/.certs/terna-ssl-ca.pem
  nano ~/.certs/usertrust.pem

Add the root certificate to complete the chain. This step works on Ulyssis.
Check above for an alternative, if that would be necessary.
  cp /etc/ssl/certs/AddTrust_External_Root.pem ~/.certs/

Rehash all the certificates so they can be used.

  c_rehash ~/.certs/

Extra: How to find that last certificate?
-----
In the command that shows the necessary certificates, the last one in the chain
is issued by an external root certificate authority. That's the one you need.

   2 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
     i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root                          <--
  -----BEGIN CERTIFICATE-----

s: subject - this certificate
i: issuer - the one we need
Google the name "AddTrust External CA Root"
or better yet, check /etc/ssl/certs/ to see if it isn't already there.

Label new e-mails (in Gmail)
----------------------------

Settings -> Filters -> To: your KUL e-mail address ->
Apply the label: kuleuven -> Create Filter

--
You may use/reformulate/translate my text so it becomes more accessible to the casual user.
See the following license for more details:
http://creativecommons.org/licenses/by/2.0/be/deed.en

Jef.Van.den.Brandt+no.spam+and.enjoy@gmail.com

2009-09-21: first version. http://www.student.kuleuven.be/~s0190303/fetchmail/
            http://forum.wina.be/index.php?t=msg&goto=58748
2009-10-18: some corrections and additions were made by Bart Tuts (e-mail is firstname.lastname at gmail)
2010-03-16: certificates changed, crontab to restart fetchmail
2012-09-22: problem with certificates, had to rehash. instructions at the top of this document (Bart Tuts)