The qpopper list archive ending on 5 Jun 2001
Topics covered in this issue include:
1. Qpopper 4.0.3 **** Fixes Buffer Overflow ****
Qpopper Support <qpopper at qualcomm dot com>
Fri, 1 Jun 2001 23:28:20 -0700
2. qopper doesnt recognize my mail file
Quaylar <cherok at innocent dot com>
Sat, 02 Jun 2001 12:19:15 +0200
3. Re: qopper doesnt recognize my mail file
Eric Krichbaum <eric at telicsolutions dot net>
Sat, 02 Jun 2001 09:56:38 -0400
4. Re: qopper doesnt recognize my mail file
Michael Brennen <mbrennen at fni dot com>
Sat, 2 Jun 2001 12:19:24 -0500 (CDT)
5. Re: qopper doesnt recognize my mail file
Quaylar <cherok at innocent dot com>
Sat, 02 Jun 2001 20:55:08 +0200
6. Re: qopper doesnt recognize my mail file
Clifton Royston <cliftonr at lava dot net>
Sat, 2 Jun 2001 09:36:57 -1000
7. Re: qopper doesnt recognize my mail file
Quaylar <cherok at innocent dot com>
Sat, 02 Jun 2001 22:12:47 +0200
8. Dual port popper
The Doctor <doctor at doctor.nl2k.ab dot ca>
Sat, 2 Jun 2001 17:27:33 -0600
9. TLS/SSL
"Eduardo E. Silva" <esilva at silvex dot com>
Sun, 03 Jun 2001 04:18:27 -0700
10. Re: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
Darcy Boese <possum at fnord.niagara dot com>
Sun, 3 Jun 2001 10:23:45 -0400
11. Re: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
Jacques Distler <distler at golem.ph.utexas dot edu>
Sun, 3 Jun 2001 10:26:25 -0700
12. More TLS/SSL info
"Eduardo E. Silva" <esilva at silvex dot com>
Sun, 03 Jun 2001 11:39:31 -0700
13. Re: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
Randall Gellens <randy at pensive dot org>
Sun, 3 Jun 2001 17:58:35 -0700
14. Upgrading 3.1 -> 4.0.3 .pop file locations
peter at netlink.com dot au
Mon, 4 Jun 2001 11:29:07 +1000 (EST)
15. noop has null function
"John MacKenzie - Elehost" <john at elehost dot com>
Mon, 4 Jun 2001 09:21:25 -0400
16. From lines
Quaylar <cherok at innocent dot com>
Mon, 04 Jun 2001 15:49:24 +0200
17. Re: From lines
Homer Wilson Smith <homer at lightlink dot com>
Mon, 4 Jun 2001 12:42:20 -0400 (EDT)
18. Questions about the Hostname change.
Mark on GCI Server <mweisman at gci dot net>
Mon, 04 Jun 2001 08:44:12 -0800
19. qmail
"Dan Trainor" <dan at concept-factory dot com>
Mon, 4 Jun 2001 10:14:19 -0700
20. Re: Questions about the Hostname change.
Clifton Royston <cliftonr at lava dot net>
Mon, 4 Jun 2001 07:16:11 -1000
21. Re: From lines
Clifton Royston <cliftonr at lava dot net>
Mon, 4 Jun 2001 08:08:20 -1000
22. Re: qmail
Scott McDermott <mcdermot at questra dot com>
Mon, 4 Jun 2001 13:34:46 -0400
23. Re: Dual port popper
Scott McDermott <mcdermot at questra dot com>
Mon, 4 Jun 2001 13:57:30 -0400
24. Re: From lines
Homer Wilson Smith <homer at lightlink dot com>
Mon, 4 Jun 2001 14:20:21 -0400 (EDT)
25. Re: From lines
Homer Wilson Smith <homer at lightlink dot com>
Mon, 4 Jun 2001 14:19:36 -0400 (EDT)
26. Re: Dual port popper
"Christopher Crowley" <ccrowley at tulane dot edu>
Mon, 4 Jun 2001 14:14:32 -0500
27. Re: Dual port popper
The Doctor <doctor at doctor.nl2k.ab dot ca>
Mon, 4 Jun 2001 13:36:52 -0600
28. Re: From lines
Clifton Royston <cliftonr at lava dot net>
Mon, 4 Jun 2001 08:40:24 -1000
29. Re: Dual port popper
Scott McDermott <mcdermot at questra dot com>
Mon, 4 Jun 2001 17:46:01 -0400
30. Re: noop has null function
Clifton Royston <cliftonr at lava dot net>
Mon, 4 Jun 2001 12:15:46 -1000
31. Re: Dual port popper
Scott McDermott <mcdermot at questra dot com>
Mon, 4 Jun 2001 17:43:37 -0400
32. Re: From lines
Scott McDermott <mcdermot at questra dot com>
Mon, 4 Jun 2001 17:47:57 -0400
33. Re: From lines
Clifton Royston <cliftonr at lava dot net>
Mon, 4 Jun 2001 14:30:27 -1000
34. Re: Dual port popper
The Doctor <doctor at doctor.nl2k.ab dot ca>
Mon, 4 Jun 2001 18:56:29 -0600
35. Upgrading 3.1 -> 4.0.3 other stuff
peter at netlink.com dot au
Tue, 5 Jun 2001 11:11:14 +1000 (EST)
36. Re: Upgrading 3.1 -> 4.0.3 other stuff
Clifton Royston <cliftonr at lava dot net>
Mon, 4 Jun 2001 16:53:35 -1000
37. Re: Upgrading 3.1 -> 4.0.3 other stuff
peter at netlink.com dot au
Tue, 5 Jun 2001 13:09:32 +1000 (EST)
38. Re: Dual port popper
The Doctor <doctor at doctor.nl2k.ab dot ca>
Mon, 4 Jun 2001 21:41:42 -0600
39. Old Qpopper versions (was : Qpopper 4.0.3 **** Fixes Buffer Overflow
Eric Luyten <Eric.Luyten at vub.ac dot be>
Tue, 5 Jun 2001 10:06:26 +0200 (MET DST)
40. Problems with qpopper process that never terminates
<qpopper at mango dot zw>
Tue, 5 Jun 2001 13:16:22 +0200 (CAT)
41. Version check of qpopper?? (and a follow up question)
"Colin J. Raven" <cjraven at ddf-lab dot com>
Tue, 5 Jun 2001 09:37:02 -0400
42. Qpopper with disk quotas
Rob Cameron <rcameron at advnetworks dot com>
Tue, 5 Jun 2001 09:41:21 -0400
43. Re: Qpopper with disk quotas
simakin <root at simakin.spb dot ru>
Tue, 5 Jun 2001 17:15:53 +0400
44. Re: Qpopper with disk quotas
Peter Evans <peter at gol dot com>
Tue, 5 Jun 2001 23:14:02 +0900
45. qpopper error when starting
Rick Goyette <goyette at downbelow.pns.anl dot gov>
Tue, 05 Jun 2001 10:37:12 -0500
46. Re: Dual port popper
Scott McDermott <mcdermot at questra dot com>
Tue, 5 Jun 2001 12:29:55 -0400
47. Re: From lines
Scott McDermott <mcdermot at questra dot com>
Tue, 5 Jun 2001 12:39:49 -0400
48. Re: Dual port popper
The Doctor <doctor at doctor.nl2k.ab dot ca>
Tue, 5 Jun 2001 11:06:31 -0600
49. Re: Version check of qpopper?? (and a follow up question)
Jim Holland <qpopper at mango dot zw>
Tue, 5 Jun 2001 19:26:04 +0200 (CAT)
50. Re: Dual port popper
"Joel B. Laing" <joel at scripps dot edu>
Tue, 05 Jun 2001 11:20:07 -0400
Date: Fri, 1 Jun 2001 23:28:20 -0700
From: Qpopper Support <qpopper at qualcomm dot com>
Subject: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
Qpopper 4.0.3 is available at
<ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.
**** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 --
PLEASE UPGRADE IMMEDIATELY ***
Changes from 4.0.2 to 4.0.3:
----------------------------
1. Don't call SSL_shutdown unless we tried to negotiate an
SSL session. (As suggested by Kenneth Porter.)
2. Fix buffer overflow (reported by Gustavo Viscaino).
3. Fixed empty password treated as empty command (patch
submitted by Michael Smith and others).
4. Added patch by Carles Xavier Munyoz to fix erroneous
scanning for \n in getline().
5. Fix from Arvin Schnell for warnings on 64-bit systems.
6. Added patch by Clifton Royston to change error message
for nonauthfile and authfile tests.
7. Added 'uw-kludge' as synonym for 'uw-kluge'.
Date: Sat, 02 Jun 2001 12:19:15 +0200
From: Quaylar <cherok at innocent dot com>
Subject: qopper doesnt recognize my mail file
hi all,
fortunately i was able to solve the md5 password encryption problem with
the new version 4.0.3.
but when i try to check mail now i always get :
user at client.localdomain (192.168.0.2): -ERR [SYS/PERM] Unable to pro
cess From lines (envelopes), change recognition modes or check for
corrupted mail drop. [pop_dropcopy.c:837]
after entering my password.
i checked /var/spool/mail/user and saw my mails in following format :
first a few header lines which started with "Received:"
then the "From:" line
then subject, mime and content-type.
my mails are fetched via fetchmail and handled over to procmail (i didnt
specify an recipes).
it seems that the mails are somehow altered before they get stored in the
mail file.
can anyone provide any help regarding this ?
greetings
--quay
Date: Sat, 02 Jun 2001 09:56:38 -0400
From: Eric Krichbaum <eric at telicsolutions dot net>
Subject: Re: qopper doesnt recognize my mail file
We've been seeing this a lot also. Randomly (it seems) we get a customer's
maildrop with no or a partial header and then the rest of the mail. Since
it's at the beginning of the file, they can't pop their mail. I disabled
chunky writes but it didn't seem to make a difference yet. We're trying to
compile more data on clients etc to track it down but no luck yet.
Eric
At 12:19 PM 6/2/2001 +0200, Quaylar wrote:
>hi all,
>
>
>fortunately i was able to solve the md5 password encryption problem with
>the new version 4.0.3.
>but when i try to check mail now i always get :
>
> user at client.localdomain (192.168.0.2): -ERR [SYS/PERM] Unable to pro
>cess From lines (envelopes), change recognition modes or check for
>corrupted mail drop. [pop_dropcopy.c:837]
>
>after entering my password.
>
>i checked /var/spool/mail/user and saw my mails in following format :
>
>first a few header lines which started with "Received:"
>then the "From:" line
>then subject, mime and content-type.
>
>my mails are fetched via fetchmail and handled over to procmail (i didnt
>specify an recipes).
>it seems that the mails are somehow altered before they get stored in the
>mail file.
>
>can anyone provide any help regarding this ?
>
>greetings
>
>--quay
--------------------------------------------------------------------------------------------------
New software available at http://www.telicsolutions.net/soft
If you have ICQ you can message me at ICQ#:9736582
Eric Krichbaum, MCSE, MCP+IS, ASE, CCNA, A+, CNA, developer
--------------------------------------------------------------------------------------------------
Date: Sat, 2 Jun 2001 12:19:24 -0500 (CDT)
From: Michael Brennen <mbrennen at fni dot com>
Subject: Re: qopper doesnt recognize my mail file
I've seen this myself, and it is the reason that I am not presently
running qpopper. I think it may be something in the VALID macro in
the source (grep for it) but have not had time to debug it further,
given that I have working alternatives and that other things need
more immediate attention. I posted a fairly detailed post to the
list with debug steps taken; it was unanswered, except for a couple
of private 'me toos'.
-- Michael
On Sat, 2 Jun 2001, Quaylar wrote:
> user at client.localdomain (192.168.0.2): -ERR [SYS/PERM] Unable
> to pro cess From lines (envelopes), change recognition modes or
> check for corrupted mail drop. [pop_dropcopy.c:837]
Date: Sat, 02 Jun 2001 20:55:08 +0200
From: Quaylar <cherok at innocent dot com>
Subject: Re: qopper doesnt recognize my mail file
At 12:19 02.06.2001 -0500, you wrote:
>I've seen this myself, and it is the reason that I am not presently
>running qpopper. I think it may be something in the VALID macro in
>the source (grep for it) but have not had time to debug it further,
>given that I have working alternatives and that other things need
>more immediate attention. I posted a fairly detailed post to the
list with debug steps taken; it was unanswered, except for a couple
of private 'me toos'.
-- Michael
argh...that really sucks, i was already really glad since the new version
4.0.3 was able to use my shadow and md5 passwords - which 4.0.2 wasnt.
on my search via deja i found a few threads concerning this same (!)
problem already in version 2.x !
some of the guys suggested to set SIMPLE_FROM = TRUE in popper.h
so i grepped all files in the source for this expression to no avail.
maybe it has now another name.....but despite this.....why do some people
have this problem and others not ?
if it has to do with qpopper.......ALL should have this problem, shouldnt
they ?
or is it maybe procmail screwing up the headers ?
--quay
Date: Sat, 2 Jun 2001 09:36:57 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: qopper doesnt recognize my mail file
On Sat, Jun 02, 2001 at 12:19:15PM +0200, Quaylar wrote:
> i checked /var/spool/mail/user and saw my mails in following format :
>
> first a few header lines which started with "Received:"
> then the "From:" line
> then subject, mime and content-type.
>
> my mails are fetched via fetchmail and handled over to procmail (i didnt
> specify an recipes).
> it seems that the mails are somehow altered before they get stored in the
> mail file.
>
> can anyone provide any help regarding this ?
It sounds like the headers really are corrupted, because in mbox
format the very first thing, no matter what, should always be the
"From " line (not "From:", but the pre-header line with no colon)
followed by the regular headers. (If you meant that was also there,
then I've misinterpreted.)
It could be a procmail problem, but we haven't seen it here, having
run popper versions from 2.x (mostly 2.53) through 3.x and now 4.0.x,
and using procmail as the local delivery agent for years. We do
very occasionally get user mailboxes that can't be popped successfully,
but it usually involves very large and/or malformed MIME attachments.
A couple thoughts to check:
1) Try a test of wiping a mailbox and fetching a fresh copy from the
remote server with fetchmail + procmail, and see if it has the right
stuff into it before qpopper touches it. Again, should be something
like this:
From example.com!foo June 1 2001 12:34
[headers, likely including Received:, From:, To:, etc.]
[body, following one blank line]
2) Are you running qpopper in server mode? If so, try turning it off,
because one symptom of the corrupted file I wrote about the other day
was that it began with fragments of some mangled headers. Maybe
something else is trying to write your spool file at the same time it's
getting popped.
3) How do you have procmail configured to lock the file? Maybe
procmail and qpopper are not using the same locking mechanism. This
could cause the problem above even if not in server mode.
4) Has procmail has been configured to deliver to some other mailbox
format? That would be odd, but might be possible (though I haven't
looked to see if procmail actually supports that.)
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sat, 02 Jun 2001 22:12:47 +0200
From: Quaylar <cherok at innocent dot com>
Subject: Re: qopper doesnt recognize my mail file
>
>
> It sounds like the headers really are corrupted, because in mbox
>format the very first thing, no matter what, should always be the
>"From " line (not "From:", but the pre-header line with no colon)
>followed by the regular headers. (If you meant that was also there,
>then I've misinterpreted.)
hmm......i dont know whether its mbox format or not.....the mails are
stored in /var/spool/mail/user
no.....that was not also there.......there was ONLY the "From: "
> It could be a procmail problem, but we haven't seen it here, having
>run popper versions from 2.x (mostly 2.53) through 3.x and now 4.0.x,
>and using procmail as the local delivery agent for years. We do
>very occasionally get user mailboxes that can't be popped successfully,
>but it usually involves very large and/or malformed MIME attachments.
>
>A couple thoughts to check:
>
>1) Try a test of wiping a mailbox and fetching a fresh copy from the
>remote server with fetchmail + procmail, and see if it has the right
>stuff into it before qpopper touches it. Again, should be something
>like this:
>
> >From example.com!foo June 1 2001 12:34
>[headers, likely including Received:, From:, To:, etc.]
>
>[body, following one blank line]
well, no.....before qpopper touches my mailbox (if it does !)
there are FIRST:
the "Received :" headers
THEN the "From: " header
then "Subject: "
and so on....
qpopper doesnt touch the mailbox at all......it doesnt alter anything...
>2) Are you running qpopper in server mode? If so, try turning it off,
>because one symptom of the corrupted file I wrote about the other day
>was that it began with fragments of some mangled headers. Maybe
>something else is trying to write your spool file at the same time it's
>getting popped.
i am running qpopper via inetd......
>3) How do you have procmail configured to lock the file? Maybe
>procmail and qpopper are not using the same locking mechanism. This
>could cause the problem above even if not in server mode.
hmm...i didnt specify anything in procmail regarding locking......i just
started it in my fetchmailrc via "mda /usr/bin/procmail"
>4) Has procmail has been configured to deliver to some other mailbox
>format? That would be odd, but might be possible (though I haven't
>looked to see if procmail actually supports that.)
no.....as i said.....no other configuration......and the man page says that
it will deliver to standard unix mailbox format per default...
> -- Clifton
--quay
>--
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
------------------------------
-Quaylar-
Icq# 30932448
cherok at innocent dot com
<! Knowledge is power >
For confidental email plz encrypt with PGP
Date: Sat, 2 Jun 2001 17:27:33 -0600
From: The Doctor <doctor at doctor.nl2k.ab dot ca>
Subject: Dual port popper
queston:
Using Qpopper 4.0.3 how can one set up qpopper to listen on
ports 110 (unsecure) and 995 (secure)
I have compiled all the certs and is ready to go, but even all the
Qualcomm pages cannot seem to answer this.
Does anyone have this set up successfully?
Date: Sun, 03 Jun 2001 04:18:27 -0700
From: "Eduardo E. Silva" <esilva at silvex dot com>
Subject: TLS/SSL
This is a cryptographically signed message in MIME format.
--------------ms22A984F414630C910CC7D213
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Can anybody make sense of these messages ? Running RedHat 7.0 with
latest and greatest patches. Using Sendmail 8.11.4 ,bind 8.2.4 and
qpopper 4.0.3
Jun 3 04:09:27 ns1 popper[12819]: Finished processing config file
'/etc/mail/pop/qpopper.conf'; rslt=1 [pop_config.c:1463]
Jun 3 04:09:27 ns1 popper[12819]: (v4.0.3) Servicing request from
"172.16.100.202" at 172.16.100.202 [pop_init.c:1153]
Jun 3 04:09:27 ns1 popper[12819]: before TLS; tls_support==2
[popper.c:172]
Jun 3 04:09:27 ns1 popper[12819]: ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Jun 3 04:09:27 ns1 popper[12819]: ...have /dev/urandom; skipping PRNG
seeding [pop_tls_openssl.c:282]
Jun 3 04:09:27 ns1 popper[12819]: ...setting method to
SSLv23_server_method [pop_tls_openssl.c:306]
Jun 3 04:09:27 ns1 popper[12819]: ...allocating OpenSSL context
[pop_tls_openssl.c:336]
Jun 3 04:09:27 ns1 popper[12819]: ...setting certificate file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:347]
Jun 3 04:09:27 ns1 popper[12819]: Error setting certificate PEM file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:352]
Jun 3 04:09:27 ns1 popper[12819]: ...SSL error: error:0906D06C:PEM
routines:PEM_read_bio:no start line [pop_tls_openssl.c:352]
Jun 3 04:09:27 ns1 popper[12819]: ...SSL error: error:140AD009:SSL
routines:SSL_CTX_use_certificate_file:missing asn1 eos
[pop_tls_openssl.c:352]
Jun 3 04:09:27 ns1 popper[12819]: Failed initializing TLS/SSL
[popper.c:190]
-Ed
--------------ms22A984F414630C910CC7D213
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
--------------ms22A984F414630C910CC7D213--
Date: Sun, 3 Jun 2001 10:23:45 -0400
From: Darcy Boese <possum at fnord.niagara dot com>
Subject: Re: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
This announcement makes no mention of older qpopper versions 2.x and 3.x,
both of are still in wide use on the Internet. Qualcomm has also seen fit
to remove all older versions of 4.x from their archive (this has also
taken effect at all their mirror sites), so I cannot compare the differences
in the older version with the current one to see if the same code existed
in 2.x or 3.x.
Can anybody tell me with certainty that the buffer overflow is NOT in
either 2.x or 3.x?
> Qpopper 4.0.3 is available at
> <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.
>
>
> **** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 --
> PLEASE UPGRADE IMMEDIATELY ***
>
>
> Changes from 4.0.2 to 4.0.3:
> ----------------------------
> 1. Don't call SSL_shutdown unless we tried to negotiate an
> SSL session. (As suggested by Kenneth Porter.)
> 2. Fix buffer overflow (reported by Gustavo Viscaino).
> 3. Fixed empty password treated as empty command (patch
> submitted by Michael Smith and others).
> 4. Added patch by Carles Xavier Munyoz to fix erroneous
> scanning for \n in getline().
> 5. Fix from Arvin Schnell for warnings on 64-bit systems.
> 6. Added patch by Clifton Royston to change error message
> for nonauthfile and authfile tests.
> 7. Added 'uw-kludge' as synonym for 'uw-kluge'.
Date: Sun, 3 Jun 2001 10:26:25 -0700
From: Jacques Distler <distler at golem.ph.utexas dot edu>
Subject: Re: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
-----BEGIN PGP SIGNED MESSAGE-----
Darcy Boese <possum at fnord.niagara dot com> wrote:
>This announcement makes no mention of older qpopper versions 2.x and 3.x,
>both of are still in wide use on the Internet. Qualcomm has also seen fit
>to remove all older versions of 4.x from their archive (this has also
>taken effect at all their mirror sites), so I cannot compare the differences
>in the older version with the current one to see if the same code existed
>in 2.x or 3.x.
That's maddening.
They should stick the older versions of qpopper in an "attic" directory
with a "WARNING_DO_NOT _USE" file. Incredibly useful for debugging
(and not just
when there are security issues).
>Can anybody tell me with certainty that the buffer overflow is NOT in
>either 2.x or 3.x?
2.x ALREADY has serious (exploitable!) buffer overflows. If it's
being used on the internet, the user probably has bigger problems to
worry about than whether there are some additional (*possibly*
exploitable) buffer overflows.
3.x which is (and should be) in wide deployment is another story.
Unfortunately, Qualcomm has not yet seen fit to comment on the status of 3.x.
>> Qpopper 4.0.3 is available at
>> <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.
>>
>>
>> **** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 --
>> PLEASE UPGRADE IMMEDIATELY ***
-----BEGIN PGP SIGNATURE-----
Version: PGP
Comment: Public Key - http://golem.ph.utexas.edu/~distler/distler.asc
iQCVAwUBOxpzVaIBi34rsX+ZAQH0ewP/dM0fnSTFVVc338mPKZupRroFG/BxGL0G
cknzTIphzsGlrNeCiCCwMQD0Pegg9NdmHz52+AF9DJ6UeDe6+aSKV8rRKFEuPJT/
ewWl4Ya8nrFo81SUZB4TGAy+v9axBrDvFRfa132+ET7o89/Wj+7WEuvUiEZgZMKX
SI9x7AN3CHg
=l2Y8
-----END PGP SIGNATURE-----
Date: Sun, 03 Jun 2001 11:39:31 -0700
From: "Eduardo E. Silva" <esilva at silvex dot com>
Subject: More TLS/SSL info
This is a cryptographically signed message in MIME format.
--------------msA7E9F92C24AF58F40E2F99F7
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
>From outlook express:
A secure connection to the server could not be established. Account:
'silvex.com', Server: 'silvex.com', Protocol: POP3, Port: 995,
Secure(SSL): Yes, Error Number: 0x800CCC1A
from /var/log/maillog
Jun 3 11:29:49 ns1 popper[21464]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:49 ns1 popper[21464]: Will generate stats records (-s)
[pop_init.c:825]
Jun 3 11:29:49 ns1 popper[21464]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:49 ns1 popper[21464]: Avoiding reverse lookups (-R)
[pop_init.c:820]
Jun 3 11:29:49 ns1 popper[21464]: tls-support=2 (-l) [pop_init.c:781]
Jun 3 11:29:49 ns1 popper[21464]: Processing config file
'/etc/mail/pop/qpopper.conf'; CallTime=1 [pop_config.c:1279]
Jun 3 11:29:49 ns1 popper[21464]: ...read line 1 (22): set tls-support
= stls [pop_config.c:1315]
Jun 3 11:29:49 ns1 popper[21464]: Set tls-support to STLS (2)
[pop_config.c:1195]
Jun 3 11:29:49 ns1 popper[21464]: ...read line 2 (49): set
tls-server-cert-file = /etc/mail/pop/cert.pem [pop_config.c:1315]
Jun 3 11:29:49 ns1 popper[21464]: Set tls-server-cert-file to
"/etc/mail/pop/cert.pem" [pop_config.c:1211]
Jun 3 11:29:49 ns1 popper[21464]: ...read line 3 (0):
[pop_config.c:1315]
Jun 3 11:29:49 ns1 popper[21464]: ...read line 4 (16): set debug = true
[pop_config.c:1315]
Jun 3 11:29:49 ns1 popper[21464]: Set debug to true [pop_config.c:1167]
Jun 3 11:29:50 ns1 popper[21464]: ...read line 5 (0):
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21464]: ...read line 6 (21): set tls-version
= all [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21464]: Set tls-version to SSLv23 (4)
[pop_config.c:1195]
Jun 3 11:29:50 ns1 popper[21464]: Finished processing config file
'/etc/mail/pop/qpopper.conf'; rslt=1 [pop_config.c:1463]
Jun 3 11:29:50 ns1 popper[21464]: (v4.0.3) Servicing request from
"172.16.100.202" at 172.16.100.202 [pop_init.c:1153]
Jun 3 11:29:50 ns1 popper[21464]: before TLS; tls_support==2
[popper.c:172]
Jun 3 11:29:50 ns1 popper[21464]: ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Jun 3 11:29:50 ns1 popper[21464]: ...have /dev/urandom; skipping PRNG
seeding [pop_tls_openssl.c:282]
Jun 3 11:29:50 ns1 popper[21464]: ...setting method to
SSLv23_server_method [pop_tls_openssl.c:306]
Jun 3 11:29:50 ns1 popper[21464]: ...allocating OpenSSL context
[pop_tls_openssl.c:336]
Jun 3 11:29:50 ns1 popper[21464]: ...setting certificate file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:347]
Jun 3 11:29:50 ns1 popper[21464]: ...private key file not set; assuming
private key is in cert (/etc/mail/pop/cert.pem) [pop_tls_openssl.c:364]
Jun 3 11:29:50 ns1 popper[21464]: ...setting private key file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:368]
Jun 3 11:29:50 ns1 popper[21464]: ...verifying private key against
certificate [pop_tls_openssl.c:381]
Jun 3 11:29:50 ns1 popper[21464]: ...(tls_cipher_list not specified)
[pop_tls_openssl.c:408]
Jun 3 11:29:50 ns1 popper[21464]: ...allocating OpenSSL connection
[pop_tls_openssl.c:419]
Jun 3 11:29:50 ns1 popper[21464]: ...setting input (0) and output (0)
file descriptors [pop_tls_openssl.c:430]
Jun 3 11:29:50 ns1 popper[21464]: ...successfully completed OpenSSL
initialization [pop_tls_openssl.c:449]
Jun 3 11:29:50 ns1 popper[21464]: TLS Init [popper.c:193]
Jun 3 11:29:50 ns1 popper[21464]: (v4.0.3) Intro [popper.c:238]
Jun 3 11:29:50 ns1 popper[21464]: +OK Qpopper (version 4.0.3) at
ns1.XXXXX.com starting. [popper.c:251]
Jun 3 11:29:50 ns1 popper[21464]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21464]: Received (5): "\200a^A^C^A"
[pop_get_command.c:105]
Jun 3 11:29:50 ns1 popper[21464]: (null) at 172.16.100.202
(172.16.100.202): -ERR Unknown command: "\200a^A^C^A".
[pop_get_command.c:152]
Jun 3 11:29:50 ns1 popper[21464]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21464]: (null) at 172.16.100.202
(172.16.100.202): -ERR POP EOF or I/O Error [popper.c:794]
Jun 3 11:29:50 ns1 popper[21464]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21464]: +OK Pop server at ns1.XXXXX.com
signing off. [popper.c:351]
Jun 3 11:29:50 ns1 popper[21464]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21464]: pTLS->m_pPOP->tls_started == false
[pop_tls_openssl.c:807]
Jun 3 11:29:50 ns1 popper[21464]: freeing m_OpenSSLconn
[pop_tls_openssl.c:811]
Jun 3 11:29:50 ns1 popper[21464]: freeing m_OpenSSLctx
[pop_tls_openssl.c:817]
Jun 3 11:29:50 ns1 popper[21464]: openssl_shutdown returning 0
[pop_tls_openssl.c:822]
Jun 3 11:29:50 ns1 popper[21464]: (v4.0.3) Ending request from "" at
(172.16.100.202) 172.16.100.202 [popper.c:369]
Jun 3 11:29:50 ns1 popper[21465]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:50 ns1 popper[21465]: Will generate stats records (-s)
[pop_init.c:825]
Jun 3 11:29:50 ns1 popper[21465]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:50 ns1 popper[21465]: Avoiding reverse lookups (-R)
[pop_init.c:820]
Jun 3 11:29:50 ns1 popper[21465]: tls-support=2 (-l) [pop_init.c:781]
Jun 3 11:29:50 ns1 popper[21465]: Processing config file
'/etc/mail/pop/qpopper.conf'; CallTime=1 [pop_config.c:1279]
Jun 3 11:29:50 ns1 popper[21465]: ...read line 1 (22): set tls-support
= stls [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21465]: Set tls-support to STLS (2)
[pop_config.c:1195]
Jun 3 11:29:50 ns1 popper[21465]: ...read line 2 (49): set
tls-server-cert-file = /etc/mail/pop/cert.pem [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21465]: Set tls-server-cert-file to
"/etc/mail/pop/cert.pem" [pop_config.c:1211]
Jun 3 11:29:50 ns1 popper[21465]: ...read line 3 (0):
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21465]: ...read line 4 (16): set debug = true
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21465]: Set debug to true [pop_config.c:1167]
Jun 3 11:29:50 ns1 popper[21465]: ...read line 5 (0):
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21465]: ...read line 6 (21): set tls-version
= all [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21465]: Set tls-version to SSLv23 (4)
[pop_config.c:1195]
Jun 3 11:29:50 ns1 popper[21465]: Finished processing config file
'/etc/mail/pop/qpopper.conf'; rslt=1 [pop_config.c:1463]
Jun 3 11:29:50 ns1 popper[21465]: (v4.0.3) Servicing request from
"172.16.100.202" at 172.16.100.202 [pop_init.c:1153]
Jun 3 11:29:50 ns1 popper[21465]: before TLS; tls_support==2
[popper.c:172]
Jun 3 11:29:50 ns1 popper[21465]: ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Jun 3 11:29:50 ns1 popper[21465]: ...have /dev/urandom; skipping PRNG
seeding [pop_tls_openssl.c:282]
Jun 3 11:29:50 ns1 popper[21465]: ...setting method to
SSLv23_server_method [pop_tls_openssl.c:306]
Jun 3 11:29:50 ns1 popper[21465]: ...allocating OpenSSL context
[pop_tls_openssl.c:336]
Jun 3 11:29:50 ns1 popper[21465]: ...setting certificate file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:347]
Jun 3 11:29:50 ns1 popper[21465]: ...private key file not set; assuming
private key is in cert (/etc/mail/pop/cert.pem) [pop_tls_openssl.c:364]
Jun 3 11:29:50 ns1 popper[21465]: ...setting private key file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:368]
Jun 3 11:29:50 ns1 popper[21465]: ...verifying private key against
certificate [pop_tls_openssl.c:381]
Jun 3 11:29:50 ns1 popper[21465]: ...(tls_cipher_list not specified)
[pop_tls_openssl.c:408]
Jun 3 11:29:50 ns1 popper[21465]: ...allocating OpenSSL connection
[pop_tls_openssl.c:419]
Jun 3 11:29:50 ns1 popper[21465]: ...setting input (0) and output (0)
file descriptors [pop_tls_openssl.c:430]
Jun 3 11:29:50 ns1 popper[21465]: ...successfully completed OpenSSL
initialization [pop_tls_openssl.c:449]
Jun 3 11:29:50 ns1 popper[21465]: TLS Init [popper.c:193]
Jun 3 11:29:50 ns1 popper[21465]: (v4.0.3) Intro [popper.c:238]
Jun 3 11:29:50 ns1 popper[21465]: +OK Qpopper (version 4.0.3) at
ns1.XXXXX.com starting. [popper.c:251]
Jun 3 11:29:50 ns1 popper[21465]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21466]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:50 ns1 popper[21465]: Received (5): "\200b^A\200^A"
[pop_get_command.c:105]
Jun 3 11:29:50 ns1 popper[21465]: (null) at 172.16.100.202
(172.16.100.202): -ERR Unknown command: "\200b^A\200^A".
[pop_get_command.c:152]
Jun 3 11:29:50 ns1 popper[21465]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21465]: (null) at 172.16.100.202
(172.16.100.202): -ERR POP EOF or I/O Error [popper.c:794]
Jun 3 11:29:50 ns1 popper[21465]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21465]: +OK Pop server at ns1.XXXXX.com
signing off. [popper.c:351]
Jun 3 11:29:50 ns1 popper[21465]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21465]: pTLS->m_pPOP->tls_started == false
[pop_tls_openssl.c:807]
Jun 3 11:29:50 ns1 popper[21465]: freeing m_OpenSSLconn
[pop_tls_openssl.c:811]
Jun 3 11:29:50 ns1 popper[21465]: freeing m_OpenSSLctx
[pop_tls_openssl.c:817]
Jun 3 11:29:50 ns1 popper[21465]: openssl_shutdown returning 0
[pop_tls_openssl.c:822]
Jun 3 11:29:50 ns1 popper[21465]: (v4.0.3) Ending request from "" at
(172.16.100.202) 172.16.100.202 [popper.c:369]
Jun 3 11:29:50 ns1 popper[21466]: Will generate stats records (-s)
[pop_init.c:825]
Jun 3 11:29:50 ns1 popper[21466]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:50 ns1 popper[21466]: Avoiding reverse lookups (-R)
[pop_init.c:820]
Jun 3 11:29:50 ns1 popper[21466]: tls-support=2 (-l) [pop_init.c:781]
Jun 3 11:29:50 ns1 popper[21466]: Processing config file
'/etc/mail/pop/qpopper.conf'; CallTime=1 [pop_config.c:1279]
Jun 3 11:29:50 ns1 popper[21466]: ...read line 1 (22): set tls-support
= stls [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21466]: Set tls-support to STLS (2)
[pop_config.c:1195]
Jun 3 11:29:50 ns1 popper[21466]: ...read line 2 (49): set
tls-server-cert-file = /etc/mail/pop/cert.pem [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21466]: Set tls-server-cert-file to
"/etc/mail/pop/cert.pem" [pop_config.c:1211]
Jun 3 11:29:50 ns1 popper[21466]: ...read line 3 (0):
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21466]: ...read line 4 (16): set debug = true
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21466]: Set debug to true [pop_config.c:1167]
Jun 3 11:29:50 ns1 popper[21466]: ...read line 5 (0):
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21466]: ...read line 6 (21): set tls-version
= all [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21466]: Set tls-version to SSLv23 (4)
[pop_config.c:1195]
Jun 3 11:29:50 ns1 popper[21466]: Finished processing config file
'/etc/mail/pop/qpopper.conf'; rslt=1 [pop_config.c:1463]
Jun 3 11:29:50 ns1 popper[21466]: (v4.0.3) Servicing request from
"172.16.100.202" at 172.16.100.202 [pop_init.c:1153]
Jun 3 11:29:50 ns1 popper[21466]: before TLS; tls_support==2
[popper.c:172]
Jun 3 11:29:50 ns1 popper[21466]: ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Jun 3 11:29:50 ns1 popper[21466]: ...have /dev/urandom; skipping PRNG
seeding [pop_tls_openssl.c:282]
Jun 3 11:29:50 ns1 popper[21466]: ...setting method to
SSLv23_server_method [pop_tls_openssl.c:306]
Jun 3 11:29:50 ns1 popper[21466]: ...allocating OpenSSL context
[pop_tls_openssl.c:336]
Jun 3 11:29:50 ns1 popper[21466]: ...setting certificate file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:347]
Jun 3 11:29:50 ns1 popper[21466]: ...private key file not set; assuming
private key is in cert (/etc/mail/pop/cert.pem) [pop_tls_openssl.c:364]
Jun 3 11:29:50 ns1 popper[21466]: ...setting private key file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:368]
Jun 3 11:29:50 ns1 popper[21466]: ...verifying private key against
certificate [pop_tls_openssl.c:381]
Jun 3 11:29:50 ns1 popper[21466]: ...(tls_cipher_list not specified)
[pop_tls_openssl.c:408]
Jun 3 11:29:50 ns1 popper[21466]: ...allocating OpenSSL connection
[pop_tls_openssl.c:419]
Jun 3 11:29:50 ns1 popper[21466]: ...setting input (0) and output (0)
file descriptors [pop_tls_openssl.c:430]
Jun 3 11:29:50 ns1 popper[21466]: ...successfully completed OpenSSL
initialization [pop_tls_openssl.c:449]
Jun 3 11:29:50 ns1 popper[21466]: TLS Init [popper.c:193]
Jun 3 11:29:50 ns1 popper[21466]: (v4.0.3) Intro [popper.c:238]
Jun 3 11:29:50 ns1 popper[21466]: +OK Qpopper (version 4.0.3) at
ns1.XXXXX.com starting. [popper.c:251]
Jun 3 11:29:50 ns1 popper[21466]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21467]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:50 ns1 popper[21467]: Will generate stats records (-s)
[pop_init.c:825]
Jun 3 11:29:50 ns1 popper[21467]: Debugging turned on (-d)
[pop_init.c:708]
Jun 3 11:29:50 ns1 popper[21467]: Avoiding reverse lookups (-R)
[pop_init.c:820]
Jun 3 11:29:50 ns1 popper[21467]: tls-support=2 (-l) [pop_init.c:781]
Jun 3 11:29:50 ns1 popper[21467]: Processing config file
'/etc/mail/pop/qpopper.conf'; CallTime=1 [pop_config.c:1279]
Jun 3 11:29:50 ns1 popper[21467]: ...read line 1 (22): set tls-support
= stls [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21467]: Set tls-support to STLS (2)
[pop_config.c:1195]
Jun 3 11:29:50 ns1 popper[21467]: ...read line 2 (49): set
tls-server-cert-file = /etc/mail/pop/cert.pem [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21467]: Set tls-server-cert-file to
"/etc/mail/pop/cert.pem" [pop_config.c:1211]
Jun 3 11:29:50 ns1 popper[21467]: ...read line 3 (0):
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21467]: ...read line 4 (16): set debug = true
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21467]: Set debug to true [pop_config.c:1167]
Jun 3 11:29:50 ns1 popper[21467]: ...read line 5 (0):
[pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21467]: ...read line 6 (21): set tls-version
= all [pop_config.c:1315]
Jun 3 11:29:50 ns1 popper[21467]: Set tls-version to SSLv23 (4)
[pop_config.c:1195]
Jun 3 11:29:50 ns1 popper[21467]: Finished processing config file
'/etc/mail/pop/qpopper.conf'; rslt=1 [pop_config.c:1463]
Jun 3 11:29:50 ns1 popper[21466]: Received (2): "^V^C"
[pop_get_command.c:105]
Jun 3 11:29:50 ns1 popper[21466]: (null) at 172.16.100.202
(172.16.100.202): -ERR Unknown command: "^V^C". [pop_get_command.c:152]
Jun 3 11:29:50 ns1 popper[21466]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21466]: Received (26):
"œƒ\222^TrÚ^Aqn”•»•Hw^[\216^E,’t®©i:" [pop_get_command.c:105]
Jun 3 11:29:50 ns1 popper[21466]: (null) at 172.16.100.202
(172.16.100.202): -ERR Unknown command:
"œƒ\222^TrÚ^Aqn”•»•hw^[\216^E,’t®©i:". [pop_get_command.c:152]
Jun 3 11:29:50 ns1 popper[21466]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21466]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21467]: (v4.0.3) Servicing request from
"172.16.100.202" at 172.16.100.202 [pop_init.c:1153]
Jun 3 11:29:50 ns1 popper[21466]: (null) at 172.16.100.202
(172.16.100.202): -ERR POP EOF or I/O Error [popper.c:794]
Jun 3 11:29:50 ns1 popper[21467]: before TLS; tls_support==2
[popper.c:172]
Jun 3 11:29:50 ns1 popper[21466]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21467]: ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Jun 3 11:29:50 ns1 popper[21466]: +OK Pop server at ns1.XXXXX.com
signing off. [popper.c:351]
Jun 3 11:29:50 ns1 popper[21466]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21466]: pTLS->m_pPOP->tls_started == false
[pop_tls_openssl.c:807]
Jun 3 11:29:50 ns1 popper[21466]: freeing m_OpenSSLconn
[pop_tls_openssl.c:811]
Jun 3 11:29:50 ns1 popper[21466]: freeing m_OpenSSLctx
[pop_tls_openssl.c:817]
Jun 3 11:29:50 ns1 popper[21466]: openssl_shutdown returning 0
[pop_tls_openssl.c:822]
Jun 3 11:29:50 ns1 popper[21466]: (v4.0.3) Ending request from "" at
(172.16.100.202) 172.16.100.202 [popper.c:369]
Jun 3 11:29:50 ns1 popper[21467]: ...have /dev/urandom; skipping PRNG
seeding [pop_tls_openssl.c:282]
Jun 3 11:29:50 ns1 popper[21467]: ...setting method to
SSLv23_server_method [pop_tls_openssl.c:306]
Jun 3 11:29:50 ns1 popper[21467]: ...allocating OpenSSL context
[pop_tls_openssl.c:336]
Jun 3 11:29:50 ns1 popper[21467]: ...setting certificate file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:347]
Jun 3 11:29:50 ns1 popper[21467]: ...private key file not set; assuming
private key is in cert (/etc/mail/pop/cert.pem) [pop_tls_openssl.c:364]
Jun 3 11:29:50 ns1 popper[21467]: ...setting private key file
/etc/mail/pop/cert.pem [pop_tls_openssl.c:368]
Jun 3 11:29:50 ns1 popper[21467]: ...verifying private key against
certificate [pop_tls_openssl.c:381]
Jun 3 11:29:50 ns1 popper[21467]: ...(tls_cipher_list not specified)
[pop_tls_openssl.c:408]
Jun 3 11:29:50 ns1 popper[21467]: ...allocating OpenSSL connection
[pop_tls_openssl.c:419]
Jun 3 11:29:50 ns1 popper[21467]: ...setting input (0) and output (0)
file descriptors [pop_tls_openssl.c:430]
Jun 3 11:29:50 ns1 popper[21467]: ...successfully completed OpenSSL
initialization [pop_tls_openssl.c:449]
Jun 3 11:29:50 ns1 popper[21467]: TLS Init [popper.c:193]
Jun 3 11:29:50 ns1 popper[21467]: (v4.0.3) Intro [popper.c:238]
Jun 3 11:29:50 ns1 popper[21467]: +OK Qpopper (version 4.0.3) at
ns1.XXXXX.com starting. [popper.c:251]
Jun 3 11:29:50 ns1 popper[21467]: Qpopper ready for input from (null)
at 172.16.100.202 [172.16.100.202] [popper.c:285]
Jun 3 11:29:50 ns1 popper[21467]: (null) at 172.16.100.202
(172.16.100.202): -ERR POP EOF or I/O Error [popper.c:794]
Jun 3 11:29:50 ns1 popper[21467]: +OK Pop server at ns1.XXXXX.com
signing off. [popper.c:351]
Jun 3 11:29:50 ns1 popper[21467]: I/O error flushing output to client
at 172.16.100.202 [172.16.100.202]: Operation not permitted (1)
[pop_send.c:685]
Jun 3 11:29:50 ns1 popper[21467]: pTLS->m_pPOP->tls_started == false
[pop_tls_openssl.c:807]
Jun 3 11:29:50 ns1 popper[21467]: freeing m_OpenSSLconn
[pop_tls_openssl.c:811]
Jun 3 11:29:50 ns1 popper[21467]: freeing m_OpenSSLctx
[pop_tls_openssl.c:817]
Jun 3 11:29:50 ns1 popper[21467]: openssl_shutdown returning 0
[pop_tls_openssl.c:822]
Jun 3 11:29:50 ns1 popper[21467]: (v4.0.3) Ending request from "" at
(172.16.100.202) 172.16.100.202 [popper.c:369]
What am I doing wrong?
-Ed
--------------msA7E9F92C24AF58F40E2F99F7
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
--------------msA7E9F92C24AF58F40E2F99F7--
Date: Sun, 3 Jun 2001 17:58:35 -0700
From: Randall Gellens <randy at pensive dot org>
Subject: Re: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
At 10:26 AM -0700 6/3/01, Jacques Distler wrote:
> 2.x ALREADY has serious (exploitable!) buffer overflows. If it's
> being used on the internet, the user probably has bigger problems to
> worry about than whether there are some additional (*possibly*
> exploitable) buffer overflows.
2.x SHOULD NOT be used. Period.
>
> 3.x which is (and should be) in wide deployment is another story.
> Unfortunately, Qualcomm has not yet seen fit to comment on the status of 3.x.
3.x does not have the problem. The bug was introduced into an
earlier version of 4.0.
(I have a utility which tests all commands for buffer overflows.
Unfortunately, when it was modified to handle TLS/SSL commands, a bug
was introduced into it so that, while it detected the problem in 4.0,
it failed to say so.)
--
Randall Gellens Randy at Pensive dot Org
---------------------- (randomly-selected tag) ---------------------
Hofstadter's Law:
It always takes longer than you expect, even when you take
Hofstadter's Law into account.
From: peter at netlink.com dot au
Subject: Upgrading 3.1 -> 4.0.3 .pop file locations
Date: Mon, 4 Jun 2001 11:29:07 +1000 (EST)
Hi,
I have just tried to upgrade to 4.0.3 after having successfully run
with 3.1 for some time. (The whole install process worked perfectly, btw).
The main reason for the upgrade (apart from wanting to be on the current
code stream) is that we want to be able to use options like server-mode
configurable by group and by individual user...
(We are constantly looking for ways to improve server performance under
load).
We use qmail as the mta and chose to use the default ~user/Mailbox format
- thereby keeping each users mailbox in their own directory.
The problem I have immediately found is that qpopper no longer keeps
the .user.pop (temporary) file in the user directory. The file, when
used is now found in /var/spool/mail.
Does anyone know if the old behaviour (ie. version 3.1) can be re-instated?
Configure options:
./configure --enable-group-bulls --enable-nonauth-file=/etc/qpopper/nonauth --d
isable-old-spool-loc --disable-check-pw-max --with-log-facility=LOG_LOCAL1 --ena
ble-home-dir-mail=Mailbox --enable-specialauth --enable-bulletins=/var/spool/bul
ls
Runtime flags used are just "-sR -T120"
(Note: these are the identical options and flags used with 3.1).
btw, Congrats to the developers and other contributors to qpopper for the
many useful features - is support for qmail's maildir format on the cards?
(It might make pop-over-nfs a practical reality).
Regards and TIA, Peter Vaskess
Netlink Connect, Australia
From: "John MacKenzie - Elehost" <john at elehost dot com>
Subject: noop has null function
Date: Mon, 4 Jun 2001 09:21:25 -0400
Hi There,
was searching the FAQ but could not find my answer,
what does this error mean:
noop has null function
just started appearing after we upgraded to 4.02.
Thanks for any help
John
Date: Mon, 04 Jun 2001 15:49:24 +0200
From: Quaylar <cherok at innocent dot com>
Subject: From lines
To all out there suffering the "cannot process from lines" error
i configured procmail to be started with "/usr/bin/procmail -Y -f %F"
whereas the %F will regenerate a leading "From " line.
this solved the problem, at least for me.
greetings
--quay
Date: Mon, 4 Jun 2001 12:42:20 -0400 (EDT)
From: Homer Wilson Smith <homer at lightlink dot com>
Subject: Re: From lines
Since most of the from line errors result from corrupted
mailboxes, where the TOP of the mailbox is missing part
of the mail or has added blank lines, will this make sure
that that first message will have a From line even if half
the message is gone?
------------------------------------------------------------------------
Homer Wilson Smith Clean Air, Clear Water, Art Matrix - Lightlink
(607) 277-0959 A Green Earth and Peace. Internet Access, Ithaca NY
homer at lightlink.com Is that too much to ask? http://www.lightlink dot com
On Mon, 4 Jun 2001, Quaylar wrote:
> To all out there suffering the "cannot process from lines" error
>
> i configured procmail to be started with "/usr/bin/procmail -Y -f %F"
> whereas the %F will regenerate a leading "From " line.
> this solved the problem, at least for me.
>
> greetings
>
> --quay
>
Date: Mon, 04 Jun 2001 08:44:12 -0800
Subject: Questions about the Hostname change.
From: Mark on GCI Server <mweisman at gci dot net>
-----BEGIN PGP SIGNED MESSAGE-----
Hey all,
I've got a question regarding a hostname change on a RedHat linux
running Qpopper mail server. Everything was working until I changed
the hostname under new naming conventions, and now I see several
messages in the sendmail queue, however they are not reaching the
user in Qpopper. Any suggestions would be greatly appreciated.
- --
In Christ,
Mark
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQEVAwUBOxu605s1pKSvXMx9AQEJ7Qf/XibHTIXx7nkFpCzFPu5IKhq+k6Na0zJ7
Cjsj5VbTqkvYEcXRIPYb04r+2Achp79zUKS2pm3jeLmemTCXOyfJcNQHRSapi9Rm
Pyaqn14rzSVLEMnAVgrzFGszmIdXsKoAZ1gDkh8HZK6toSUu7le3Z76hxD8wbiur
LDnZvvMKKbggii9RrRiTweeya45FQaUG35opSBAFwlmEHGtk8IRpsCrfBebNtICm
ZlbLBA678NsQEXZqXCmHtgd8wufG2evCdk6P48oYzHef0lKQRH3u9vsnfvH2hPsh
asgwOLQQrrysJcj8fsB2jIdm+8wkBKOmsAMZPOiARxwhN1brj4c5iA=
=LqKA
-----END PGP SIGNATURE-----
From: "Dan Trainor" <dan at concept-factory dot com>
Subject: qmail
Date: Mon, 4 Jun 2001 10:14:19 -0700
Hello all.
Right now I use sendmail with qpopper. I'm thinking about moving to
qmail+qpopper. Has anyone sucessfully used qpopper with qmail? I don't see
why not.. but I'm just being cautious.
Thanks
- Dan Trainor
- Systems Administrator
- Concept Factory, LLC.
- www.concept-factory.com
- dan at concept-factory dot com
Date: Mon, 4 Jun 2001 07:16:11 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Questions about the Hostname change.
On Mon, Jun 04, 2001 at 08:44:12AM -0800, Mark on GCI Server wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hey all,
> I've got a question regarding a hostname change on a RedHat linux
> running Qpopper mail server. Everything was working until I changed
> the hostname under new naming conventions, and now I see several
> messages in the sendmail queue, however they are not reaching the
> user in Qpopper. Any suggestions would be greatly appreciated.
>
> - --
> In Christ,
> Mark
This is a sendmail question not a qpopper question; however, my guess
would be (having seen things like this in the past) that most likely
the messages are set to be delivered to the old hostname and the mail
server no longer knows how to reach the old name, its former self.
If so, you probably need to check the sendmail configuration to tell it
the old name is an alias for the new name, and then they should get
delivered. If that's not the problem, it probably means that sendmail
needs to be reconfigured to locally deliver mail to the new name; in
either case, consult a good FAQ or source for sendmail support.
Good luck,
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 4 Jun 2001 08:08:20 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: From lines
On Mon, Jun 04, 2001 at 12:42:20PM -0400, Homer Wilson Smith wrote:
> Since most of the from line errors result from corrupted
> mailboxes, where the TOP of the mailbox is missing part
> of the mail or has added blank lines, will this make sure
> that that first message will have a From line even if half
> the message is gone?
This is the solution to a different problem, due to how procmail was
being used to deliver mail. If your mailboxes are getting corrupted as
you describe, you really need to find the source of that problem and
address that. (First place to start - turn off server mode; second
place - figure out if your programs are all using the same lock
mechanism.)
If you're just asking for a "quick-and-dirty" way to repair a single
mailbox which got corrupted... you'd have to try it, but I think
formail will also object to the corrupted mailbox. I've found vi (or
emacs, name your poison) to be the best way to fix it.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 4 Jun 2001 13:34:46 -0400
From: Scott McDermott <mcdermot at questra dot com>
Subject: Re: qmail
Dan Trainor on Mon 4/06 10:14 -0700:
> Right now I use sendmail with qpopper. I'm thinking about moving to
> qmail+qpopper. Has anyone sucessfully used qpopper with qmail? I
> don't see why not.. but I'm just being cautious.
We've been using it for years, but with mbox format and procmail for
MDA...works great. I find that there's just too many tools that work
with mbox to use maildir.
Date: Mon, 4 Jun 2001 13:57:30 -0400
From: Scott McDermott <mcdermot at questra dot com>
Subject: Re: Dual port popper
The Doctor on Sat 2/06 17:27 -0600:
> Using Qpopper 4.0.3 how can one set up qpopper to listen on ports 110
> (unsecure) and 995 (secure)
That depends...do you want TLS to be available on 110 as well as 995, or
simple unencrypted POP on 110 and TLS on 995 ?
In either case though, it's simply a matter of setting up your inetd to
give a different configuration file (if you need to even do that) on the
command line of the server bound to each port. IOW you would have two
qpopper specifications in your inetd configuration file, with the same
stuff but a different configuration file given and port number to bind
to.
Date: Mon, 4 Jun 2001 14:20:21 -0400 (EDT)
From: Homer Wilson Smith <homer at lightlink dot com>
Subject: Re: From lines
Using perl5.x what is the proper way to lock a mailbox so that popper
nor procmail won't touch it and there is no chance of a race condition?
Thanks Homer
Date: Mon, 4 Jun 2001 14:19:36 -0400 (EDT)
From: Homer Wilson Smith <homer at lightlink dot com>
Subject: Re: From lines
> On Mon, Jun 04, 2001 at 12:42:20PM -0400, Homer Wilson Smith wrote:
> > Since most of the from line errors result from corrupted
> > mailboxes, where the TOP of the mailbox is missing part
> > of the mail or has added blank lines, will this make sure
> > that that first message will have a From line even if half
> > the message is gone?
>
> This is the solution to a different problem, due to how procmail was
> being used to deliver mail. If your mailboxes are getting corrupted as
> you describe, you really need to find the source of that problem and
> address that. (First place to start - turn off server mode; second
> place - figure out if your programs are all using the same lock
> mechanism.)
OK. We are running server mode because copy mode is just
too slow.
However we are running qpopper 2.52 and procmail 1.13.1 both
of which I understand are old. Linux 2.0.38
We have never gotten corrupted mail within the mailbox,
it is always at the top of the mailbox, first mail in it. Most
usually it is a single blank line that merely needs to be erased.
But sometimes for a large binary it just starts in the middle
of the binary and we have to delete it.
I imagine if the From line was missing in the middle
of the mailbox that we would never really know as the end user
would simply get two pieces of mail in one.
Users are not running shell just some popper client, often
reading mail every 10 minutes. They get a large binary and wham
it goes in bad and they can't get their mail from there on out.
It happens about once a month on 2500 users.
I been thinking of how to kludge this with a monitor on the popper
log files, it sees the "can't read from lines" message and goes and fixes
the mail file itself as best it can.
I know I should upgrade to 4.03, but the number of bugs
being reported here is scary. This is a production system and
we need mail to work perfectly. :) No insult at all intended,
I LOVE popper and procmail and linux and everyone who has helped
bring all this about, I am but a worm in the scheme of things. But
my customers none the less hate mail problems. Since this is the
ONLY problem we are having, I would rather kludge a fix rather than
upgrade to a whole new unknown bad of tricks.
Thanks Homer
From: "Christopher Crowley" <ccrowley at tulane dot edu>
Subject: Re: Dual port popper
Date: Mon, 4 Jun 2001 14:14:32 -0500
Subject: Dual port popper
> queston:
>
> Using Qpopper 4.0.3 how can one set up qpopper to listen on
> ports 110 (unsecure) and 995 (secure)
>
> I have compiled all the certs and is ready to go, but even all the
> Qualcomm pages cannot seem to answer this.
>
> Does anyone have this set up successfully?
>
>
I am trying to setup this configuration as well. The Openssl client can
connect, but I run into this error from the Pop logs when I try to connect
via Outlook Express on Windows 2000 I fail. However, using OE on Win NT 4.0
I receive a message that says:
"The server you are connected to is using a certificate that does not match
its internet address. Do you want to continue?" I have no way of viewing
this certificate during the Outlook Express authentication process.
The openssl client authenticates just fine.
I will include some log info, hoping that it is useful and not overly
confusing.
POPlog
---------------
Windows 2000 failure:
- - - - - - - - - -- - -- -
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: (v4.0.3) TLSv1/SSLv3
handshake with client at dhcp-119-238.tulane.edu (129.81.119.238); new
session-id; cipher: EXP1024-RC4-SHA (EXP1024-RC4-SHA SSLv3 Kx=RSA(1024)
Au=RSA Enc=RC4(56) Mac=SHA1 export), 56 bits
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: OpenSSL Error during
read
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: ...SSL error:
error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: (null) at
dhcp-119-238.tulane.edu (129.81.119.238): -ERR POP EOF or I/O Error
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: OpenSSL Error during
write
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: ...SSL error:
error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: Error writing to
client
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: I/O Error
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6335]: Error writing to
client
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6340]: TLS handshake Error
Jun 4 14:03:01 majestic
/export/home/root/src/qpopper4.0.3/popper/popper[6340]: TLS/SSL Handshake
failed: -1
- - - - - -
End POPlog
-----------------------
-----------------------
OpenSSL s_client transcript
----------------------------
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=US/ST=Louisiana/L=New Orleans/O=Tulane
University/OU=TIS/CN=majestic.tcs.tulane.edu
verify error:num :unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Louisiana/L=New Orleans/O=Tulane
University/OU=TIS/CN=majestic.tcs.tulane.edu
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Louisiana/L=New Orleans/O=Tulane
University/OU=TIS/CN=majestic.tcs.tulane.edu
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=US/ST=Louisiana/L=New Orleans/O=Tulane
University/OU=TIS/CN=majestic.tcs.tulane.edu
i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International
Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
LTD.(c)97 VeriSign
-----BEGIN CERTIFICATE-----
MIIFUzCCBLygAwIBAgIQR1Z3EbQ1JJKV6WjFgrYSNDANBgkqhkiG9w0BAQQFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
MDEwMTAwMDAwMDBaFw0wMTEwMTEyMzU5NTlaMIGDMQswCQYDVQQGEwJVUzESMBAG
A1UECBMJTG91aXNpYW5hMRQwEgYDVQQHFAtOZXcgT3JsZWFuczEaMBgGA1UEChQR
VHVsYW5lIFVuaXZlcnNpdHkxDDAKBgNVBAsUA1RJUzEgMB4GA1UEAxQXbWFqZXN0
aWMudGNzLnR1bGFuZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANUP
kVCjbULqy26fEVgTVSatM1nMxVqLqvx8M7VKFwk2b8T0HYNfhBvi9bKBc0iD5nfG
iwfEmh2EYr++Mfb1lBGQUo6g9BBoA5K87tHPsWa1Nvc+m/m7XSVjAzixT+/ggr0k
ym30xduGmZCztz5NJ1ll9LOdZ/LCLek1Oa99lvVzAgMBAAGjggKNMIICiTAJBgNV
HRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5
FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwg
YW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWdu
IENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFi
bGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBh
dCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlT
aWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0
MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5
NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBX
QVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxg
hkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVy
aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEEBAMCBkAwFAYD
VR0lBA0wCwYJYIZIAYb4QgQBMDAGCmCGSAGG+EUBBgcEIhYgMzE3OGM0Mzc0NzI1
MjM3NTdmYTE1MTZiNmQ1Nzc1YzEwDQYJKoZIhvcNAQEEBQADgYEAvKQJueHBpBfk
QTw4+/5qVN0+2zv1RfrJANA3douAej2KbS+qJ7vgcmqEarfuvm+nmaH1Emt4QI9s
3yue1oYYentfTDStQ6gY5+HbUrySwIvZSbWig2eQv58AIPYOnNBCBcttzzyE1W2L
Hi5d4HqsZxEGh8B6g/VD9WdtgjhXNZg
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Louisiana/L=New Orleans/O=Tulane
University/OU=TIS/CN=majestic.tcs.tulane.edu
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International
Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
LTD.(c)97 VeriSign
---
No client certificate CA names sent
---
SSL handshake has read 1521 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID:
1272E5E8E68AE5A5A2D8EC5128136047D67399637D41842723CED51D3A8F0A43
Session-ID-ctx:
Master-Key:
000C47D61FDCFF7E600EA05B0077D9794AF7D2B08B55BF9F710F9C39093376A37E92A4D65884
B43332116FEEAB82C6BA
Key-Arg : None
Start Time: 991677492
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
+OK Qpopper (version 4.0.3) at majestic starting.
- - - - - -
End OpenSSL Client Transcript
---------------------------------
---------------------------------
Date: Mon, 4 Jun 2001 13:36:52 -0600
From: The Doctor <doctor at doctor.nl2k.ab dot ca>
Subject: Re: Dual port popper
On Mon, Jun 04, 2001 at 01:57:30PM -0400, Scott McDermott wrote:
>
> The Doctor on Sat 2/06 17:27 -0600:
> > Using Qpopper 4.0.3 how can one set up qpopper to listen on ports 110
> > (unsecure) and 995 (secure)
>
> That depends...do you want TLS to be available on 110 as well as 995, or
> simple unencrypted POP on 110 and TLS on 995 ?
>
> In either case though, it's simply a matter of setting up your inetd to
> give a different configuration file (if you need to even do that) on the
> command line of the server bound to each port. IOW you would have two
> qpopper specifications in your inetd configuration file, with the same
> stuff but a different configuration file given and port number to bind
> to.
The latter on a standalone server.
Date: Mon, 4 Jun 2001 08:40:24 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: From lines
On Mon, Jun 04, 2001 at 02:19:36PM -0400, Homer Wilson Smith wrote:
> However we are running qpopper 2.52 and procmail 1.13.1 both
> of which I understand are old. Linux 2.0.38
qpopper 2.52 is way old, and you should definitely upgrade. There are
serious bugs in there, I believe including buffer overflows on your
system.
I can't advise too much on procmail versions, but we have been running
3.14 for about a year with no problems.
> We have never gotten corrupted mail within the mailbox,
> it is always at the top of the mailbox, first mail in it. Most
> usually it is a single blank line that merely needs to be erased.
> But sometimes for a large binary it just starts in the middle
> of the binary and we have to delete it.
...
> Users are not running shell just some popper client, often
> reading mail every 10 minutes. They get a large binary and wham
> it goes in bad and they can't get their mail from there on out.
> It happens about once a month on 2500 users.
>
> I been thinking of how to kludge this with a monitor on the popper
> log files, it sees the "can't read from lines" message and goes and fixes
> the mail file itself as best it can.
>
> I know I should upgrade to 4.03, but the number of bugs
> being reported here is scary.
Yes, but none of the bugs here are on the scale of mail being corrupted
like this, except when doing concurrrent shell access to the spool. If
you don't want to upgrade to 4.0.3, then at least go to qpopper 3.12.
> This is a production system and
> we need mail to work perfectly. :)
Sure, I understand that. If it's any comfort, we did extensive testing
here before upgrading from 3.x to 4.0.2, including having our tech
support group spend several days doing our own compatibility testing on
19 combinations of popular clients and access methods, including
covering PC, Mac, and Webmail clients, and dial-up and LAN access;
these got tested on empty, 10MB, and 110MB mailboxes, and each
combination got tested both with the "leave mail on server" and
"download everything" type configurations. The only bugs that came up
during this (besides the human error of editing the mailbox without
locking it) were fixed in 4.0.3, and the only one that really affected
users was the relatively obscure one of empty passwords on certain
clients causing a timeout.
We're not at all casual about mail either.
> No insult at all intended,
> I LOVE popper and procmail and linux and everyone who has helped
> bring all this about, I am but a worm in the scheme of things. But
> my customers none the less hate mail problems. Since this is the
> ONLY problem we are having, I would rather kludge a fix rather than
> upgrade to a whole new unknown bad of tricks.
IMHO, what you've got is a bigger problem than anything you will see
with either 4.0.3 or 3.12; and if you're running in server mode and
concerned about performance, you definitely want to go to 4.x. Your
hard disks will love you.
-- Clifton, zealous convert
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 4 Jun 2001 17:46:01 -0400
From: Scott McDermott <mcdermot at questra dot com>
Subject: Re: Dual port popper
Christopher Crowley on Mon 4/06 14:14 -0500:
> "The server you are connected to is using a certificate that does not
> match its internet address. Do you want to continue?" I have no way
> of viewing this certificate during the Outlook Express authentication
> process.
This probably means the CN field in the certificate doesn't match the
PTR record of the machine you're connected to (and possibly also the A
record). Maybe you are using CNAMEs. You can't do that with X.509 very
well.
Date: Mon, 4 Jun 2001 12:15:46 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: noop has null function
On Mon, Jun 04, 2001 at 09:21:25AM -0400, John MacKenzie - Elehost wrote:
> what does this error mean:
>
> noop has null function
>
> just started appearing after we upgraded to 4.02.
With a client that sends a "noop" command periodically (probably to
avoid being timed out) there will be lots of these log entries. It is
harmless, apart from taking up diskspace in the log.
This is a very minor bug which I didn't get around to looking into
until today, so the fix is not in 4.0.3.
In 4.x, if the state table returns a null function pointer as the
function to execute for a command, the error message "(cmd) has null
function" gets logged on the assumption that this indicates a problem
with the program. However, since at least 3.0, the "noop" command has
been supported, and the state table entry for it has apparently always
returned a null pointer as an indicator that there is nothing to do for
it.
I think the correct fix is to instead define a noop() function which
does nothing, and have the state table for the noop command return a
pointer to noop(). I'll try to send a patch in soon.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 4 Jun 2001 17:43:37 -0400
From: Scott McDermott <mcdermot at questra dot com>
Subject: Re: Dual port popper
The Doctor on Mon 4/06 13:36 -0600:
> > > Using Qpopper 4.0.3 how can one set up qpopper to listen on ports
> > > 110 (unsecure) and 995 (secure)
> >
> > That depends...do you want TLS to be available on 110 as well as
> > 995, or simple unencrypted POP on 110 and TLS on 995 ?
> >
> > In either case though, it's simply a matter of setting up your inetd
>
> The latter on a standalone server.
Just run two servers then...one bound to one port, and another bound to
the other...am I missing something here?
Date: Mon, 4 Jun 2001 17:47:57 -0400
From: Scott McDermott <mcdermot at questra dot com>
Subject: Re: From lines
Homer Wilson Smith on Mon 4/06 14:20 -0400:
> Using perl5.x what is the proper way to lock a mailbox so that
> popper nor procmail won't touch it and there is no chance of a
> race condition?
probably the fcntl() equivalent. But keep in mind that all bets are off
if you're running server mode because they unlock in the middle of the
session.
Date: Mon, 4 Jun 2001 14:30:27 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: From lines
On Mon, Jun 04, 2001 at 05:47:57PM -0400, Scott McDermott wrote:
> Homer Wilson Smith on Mon 4/06 14:20 -0400:
> > Using perl5.x what is the proper way to lock a mailbox so that
> > popper nor procmail won't touch it and there is no chance of a
> > race condition?
>
> probably the fcntl() equivalent.
Answers may vary depending on your UNIX flavor, and the type of volume
you are dealing with. On some system it's still "dot-lock", or IIRC
fcntl or flock() may be implemented as a "dot-lock". I believe part of
the procmail configure/install (though it's been a while since I ran
it) is a utility which tests a specified volume on your system and
determines the best locking method to use on your system. I would go
with what it says.
Procmail also generates a standalone utility, "lockfile" (man 1
lockfile) which can be executed for locking. We use this for some
cron-driven scripts here, as part of more complex mutual exclusion
shell code.
> But keep in mind that all bets are off
> if you're running server mode because they unlock in the middle of the
> session.
So you simply need to make sure, first, that a server mode pop session
isn't already running for that file and that one can't start.
I think the proper procedure looks something like this:
disable pop login for account (e.g. via the qpopper 4 nonauth-file
mechanism or by changing account password)
while ( check if qpopper is running for that account ) {
wait;
}
/* pop process completed OK */
while (attempt to lock mailbox fails) {
wait;
}
/* got the lock */
update file;
unlock mailbox;
re-enable pop login.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 4 Jun 2001 18:56:29 -0600
From: The Doctor <doctor at doctor.nl2k.ab dot ca>
Subject: Re: Dual port popper
On Mon, Jun 04, 2001 at 05:43:37PM -0400, Scott McDermott wrote:
>
> The Doctor on Mon 4/06 13:36 -0600:
> > > > Using Qpopper 4.0.3 how can one set up qpopper to listen on ports
> > > > 110 (unsecure) and 995 (secure)
> > >
> > > That depends...do you want TLS to be available on 110 as well as
> > > 995, or simple unencrypted POP on 110 and TLS on 995 ?
> > >
> > > In either case though, it's simply a matter of setting up your inetd
> >
> > The latter on a standalone server.
>
> Just run two servers then...one bound to one port, and another bound to
> the other...am I missing something here?
So I should run /path/to/popper and /path/to/popper with options then?
From: peter at netlink.com dot au
Subject: Upgrading 3.1 -> 4.0.3 other stuff
Date: Tue, 5 Jun 2001 11:11:14 +1000 (EST)
Hi again,
Further to my email a few days ago regarding the location that qpopper
places the temp files...
1. Until I find a better solution I have used config file commands
to place the temporary files into a specified directory:
set cache-dir = /var/tmp/.pop
set temp-dir = /var/tmp/.pop
We now have thousands of .user.cache files in this directory so
I would still like to know if the behaviour can be changed!
2. The various server mode commands don't seem to work as expected
Can someone tell me if I am missing something or is it a bug please?
These commands in the qpopper config file DO work:
set server-mode = true
set group-no-server-mode = staff
set group-no-server-mode = users
set group-no-server-mode = ftponly
(ie. all users get server mode except staff, users, ftponly)
These commands DO NOT work:
set server-mode = false
set group-server-mode = ppp
(ie. all users, regardless of group get non-server mode, and yes the
group is valid and I have tried others)
Regards and thanks, Peter Vaskess
>
> I have just tried to upgrade to 4.0.3 after having successfully run
> with 3.1 for some time. (The whole install process worked perfectly, btw).
> The main reason for the upgrade (apart from wanting to be on the current
> code stream) is that we want to be able to use options like server-mode
> configurable by group and by individual user...
> (We are constantly looking for ways to improve server performance under
> load).
>
> We use qmail as the mta and chose to use the default ~user/Mailbox format
> - thereby keeping each users mailbox in their own directory.
> The problem I have immediately found is that qpopper no longer keeps
> the .user.pop (temporary) file in the user directory. The file, when
> used is now found in /var/spool/mail.
>
> Does anyone know if the old behaviour (ie. version 3.1) can be re-instated?
>
> Configure options:
> ./configure --enable-group-bulls --enable-nonauth-file=/etc/qpopper/nonauth --d
> isable-old-spool-loc --disable-check-pw-max --with-log-facility=LOG_LOCAL1 --ena
> ble-home-dir-mail=Mailbox --enable-specialauth --enable-bulletins=/var/spool/bul
> ls
> Runtime flags used are just "-sR -T120"
> (Note: these are the identical options and flags used with 3.1).
>
> btw, Congrats to the developers and other contributors to qpopper for the
> many useful features - is support for qmail's maildir format on the cards?
> (It might make pop-over-nfs a practical reality).
>
> Regards and TIA, Peter Vaskess
> Netlink Connect, Australia
>
Date: Mon, 4 Jun 2001 16:53:35 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Upgrading 3.1 -> 4.0.3 other stuff
On Tue, Jun 05, 2001 at 11:11:14AM +1000, peter at netlink.com dot au wrote:
> Hi again,
>
> Further to my email a few days ago regarding the location that qpopper
> places the temp files...
>
> 1. Until I find a better solution I have used config file commands
> to place the temporary files into a specified directory:
> set cache-dir = /var/tmp/.pop
> set temp-dir = /var/tmp/.pop
> We now have thousands of .user.cache files in this directory so
> I would still like to know if the behaviour can be changed!
I don't see any configuration option to put them into the user home
directories, if that's what you want. You may have to write your own
patch for this; I think it's reasonable to restore that capability to
4.x, e.g. to make these files default to the user's home dir if you
configure that as the mailbox location.
> 2. The various server mode commands don't seem to work as expected
> Can someone tell me if I am missing something or is it a bug please?
> These commands in the qpopper config file DO work:
> set server-mode = true
> set group-no-server-mode = staff
> set group-no-server-mode = users
> set group-no-server-mode = ftponly
> (ie. all users get server mode except staff, users, ftponly)
Are you saying these commands *append* groups to the list? That
doesn't seem right. Or were you saying that any one at a time of these
group-no-server-mode commands work correctly?
> These commands DO NOT work:
> set server-mode = false
> set group-server-mode = ppp
> (ie. all users, regardless of group get non-server mode, and yes the
> group is valid and I have tried others)
With this combination of settings, try recompiling it with enable-debug
and running it with -d (or using the -t tracefile option), test a
single connection for a user in group ppp, and see what gets logged.
Hopefully that should give you enough info to troubleshoot it.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
From: peter at netlink.com dot au
Subject: Re: Upgrading 3.1 -> 4.0.3 other stuff
Date: Tue, 5 Jun 2001 13:09:32 +1000 (EST)
Hi Clifton,
Thanks for the reply.
> >
> > 1. Until I find a better solution I have used config file commands
> > to place the temporary files into a specified directory:
> > set cache-dir = /var/tmp/.pop
> > set temp-dir = /var/tmp/.pop
> > We now have thousands of .user.cache files in this directory so
> > I would still like to know if the behaviour can be changed!
>
> I don't see any configuration option to put them into the user home
> directories, if that's what you want. You may have to write your own
> patch for this; I think it's reasonable to restore that capability to
> 4.x, e.g. to make these files default to the user's home dir if you
> configure that as the mailbox location.
Thanks - I thought maybe I was missing something...
> > 2. The various server mode commands don't seem to work as expected
> > Can someone tell me if I am missing something or is it a bug please?
> > These commands in the qpopper config file DO work:
> > set server-mode = true
> > set group-no-server-mode = staff
> > set group-no-server-mode = users
> > set group-no-server-mode = ftponly
> > (ie. all users get server mode except staff, users, ftponly)
>
> Are you saying these commands *append* groups to the list? That
> doesn't seem right. Or were you saying that any one at a time of these
> group-no-server-mode commands work correctly?
It works for all. Everyone (eg. users in the group 'ppp') get server mode
except those in groups 'staff', 'users' and 'ftponly' - that is, whilst a pop
connection is made a copy of the mailbox exists called .user.pop and the
original mailbox is empty.
> > These commands DO NOT work:
> > set server-mode = false
> > set group-server-mode = ppp
> > (ie. all users, regardless of group get non-server mode, and yes the
> > group is valid and I have tried others)
>
> With this combination of settings, try recompiling it with enable-debug
> and running it with -d (or using the -t tracefile option), test a
> single connection for a user in group ppp, and see what gets logged.
> Hopefully that should give you enough info to troubleshoot it.
Thanks - I will try debug...
Regards, Peter
Date: Mon, 4 Jun 2001 21:41:42 -0600
From: The Doctor <doctor at doctor.nl2k.ab dot ca>
Subject: Re: Dual port popper
On Mon, Jun 04, 2001 at 06:56:29PM -0600, The Doctor wrote:
>
> On Mon, Jun 04, 2001 at 05:43:37PM -0400, Scott McDermott wrote:
> >
> > The Doctor on Mon 4/06 13:36 -0600:
> > > > > Using Qpopper 4.0.3 how can one set up qpopper to listen on ports
> > > > > 110 (unsecure) and 995 (secure)
> > > >
> > > > That depends...do you want TLS to be available on 110 as well as
> > > > 995, or simple unencrypted POP on 110 and TLS on 995 ?
> > > >
> > > > In either case though, it's simply a matter of setting up your inetd
> > >
> > > The latter on a standalone server.
> >
> > Just run two servers then...one bound to one port, and another bound to
> > the other...am I missing something here?
>
>
> So I should run /path/to/popper and /path/to/popper with options then?
Also, How do I setup the configuration files?
Subject: Old Qpopper versions (was : Qpopper 4.0.3 **** Fixes Buffer Overflow
Date: Tue, 5 Jun 2001 10:06:26 +0200 (MET DST)
From: Eric Luyten <Eric.Luyten at vub.ac dot be>
> > ... Qualcomm has also seen fit
> >to remove all older versions of 4.x from their archive (this has also
> >taken effect at all their mirror sites), so I cannot compare the differences
> >in the older version with the current one to see if the same code existed
> >in 2.x or 3.x.
>
> That's maddening.
>
> They should stick the older versions of qpopper in an "attic" directory
Actually, that "attic" directory is called "old" and contains the
source code to versions 2.53, 3.0, 3.0.1, 3.0.2, 3.1 and 3.1.2
Where have you guys been looking ???
(ftp://ftp.qualcomm.com/eudora/servers/unix/popper/old/)
Eric Luyten, Computing Centre VUB/ULB.
Date: Tue, 5 Jun 2001 13:16:22 +0200 (CAT)
From: <qpopper at mango dot zw>
Subject: Problems with qpopper process that never terminates
Hi
I am using qpopper 3.0.2 in non-server mode and have read the following
faq:
If my users cancel during a long download, the .lock file and the
.user.pop file, along with the Qpopper process, hang around.
As the size of the spool file increases (more and larger messages
left on the server), the time required to start and stop the POP
session will go up, especially if Server Mode is not used. If you
check the spool directory just after a session ends, you may see
the lock file and the temporary spool still there, and the Qpopper
process still active. Do not kill the process, as it is updating
the spool. You should make sure to run the latest version of
Qpopper. You may want to review the options which affect
performance.
However on rare occasions (eg once per week) a qpopper process will hang
around indefinitely. I have seen such processes and the corresponding
.user.pop file hang around overnight. What is the solution? Will
upgrading to the latest version solve this particular problem?
At the moment I ignore the advice about not killing the process, append
any new mail from "user" to the .user.pop file manually, rename it to
"user", then kill the process.
Regards
Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service
From: "Colin J. Raven" <cjraven at ddf-lab dot com>
Subject: Version check of qpopper?? (and a follow up question)
Date: Tue, 5 Jun 2001 09:37:02 -0400
Hi Gang!
Just joined the list, not new to Linux but not a guru either!
I want to determine what version of qpopper I'm running.
As a follow-up question, if my version of qpopper is a low one, must I
sequentially upgrade through each version level? or, (if it's 2.53 for
example) can I jump straight to 4.0? Is 4.0 stable and generally
well-regarded??
I'd willingly RTFM (and always do before asking a question).....BUT
Regrettably man pages for qpopper aren't on my system. I have *no* idea
why this might be!!...honestly...they're not there...see!
[09:33:32 cjraven@kenmore]$ man qpopper
No manual entry for qpopper
[09:33:40 cjraven@kenmore]$
The system is a Cobalt Qube2 which apparently runs a (severely) modified
RH5.2 distro.
Help from anyone would be greatly appreciated.
TIA,
-Colin
--
Colin J. Raven
Regards,
-Colin
--
Colin J. Raven
From: Rob Cameron <rcameron at advnetworks dot com>
Subject: Qpopper with disk quotas
Date: Tue, 5 Jun 2001 09:41:21 -0400
I am having this problem with qpopper and disk quotas. I am running solaris
7 and I have a / and a /var partition. The /var partition has disk quotas
enabled. Qpopper works really well for several days but after that I get
the error "user does not have permission to create .user.pop file" No user
can pop and my test user has no mail in the directory and it still cannot
pop. If I turn off quotas it works instantly. The /var/mail directory has
1777 permissions. Does any one have any ideas?
Rob Cameron
Date: Tue, 5 Jun 2001 17:15:53 +0400
From: simakin <root at simakin.spb dot ru>
Subject: Re: Qpopper with disk quotas
Hello Rob,
Sounds like --enable-temp-drop-dir=/somethere/without/quotas/enabled
If you enable quotas on spool dir and mailbox is near limit it is not
room for qpopper to write temp file.
From manual:
..............
--enable-temp-drop-dir=path
Specify an alternate directory for
temporary mail drop files. The default
is the spool directory.
..............
2) When qpopper runs, it moves your mailspool to a
temporary location (.user.pop). The default location
is the mail spool directory. /tmp is an
alternative but is considered to be a security risk. A
system reboot usually clears the temporary .user.pop
files. For performance reasons, a sysadmin who has
1000+ users can create a separate spool directory for
qpopper files; /usr/spool/poptemp is preferable. You
can do this by using the --enable-temp-drop-dir flag
when running ./configure. Permissions should be the
same as your mailspool with the same owner and group.
Tuesday, June 05, 2001, 5:41:21 PM, you wrote:
RC> I am having this problem with qpopper and disk quotas. I am running solaris
RC> 7 and I have a / and a /var partition. The /var partition has disk quotas
RC> enabled. Qpopper works really well for several days but after that I get
RC> the error "user does not have permission to create .user.pop file" No user
RC> can pop and my test user has no mail in the directory and it still cannot
RC> pop. If I turn off quotas it works instantly. The /var/mail directory has
RC> 1777 permissions. Does any one have any ideas?
RC> Rob Cameron
--
Best regards,
simakin mailto:root at simakin.spb dot ru
Date: Tue, 5 Jun 2001 23:14:02 +0900
From: Peter Evans <peter at gol dot com>
Subject: Re: Qpopper with disk quotas
Rob Cameron (rcameron at advnetworks dot com) wrote:
> I am having this problem with qpopper and disk quotas. I am running solaris
> 7 and I have a / and a /var partition. The /var partition has disk quotas
> enabled. Qpopper works really well for several days but after that I get
> the error "user does not have permission to create .user.pop file" No user
> can pop and my test user has no mail in the directory and it still cannot
> pop. If I turn off quotas it works instantly. The /var/mail directory has
> 1777 permissions. Does any one have any ideas?
repquota -a
should answer your question adequately.
if you make your hard limit just a shade over twice your soft
limit then in theory, it should work. But there's no substitute
for having your lusers remove their mail from the server.
P
----*
--
Remember The 5 K's. Don't forget to make your feng go schwee~
Subject: qpopper error when starting
Date: Tue, 05 Jun 2001 10:37:12 -0500
From: Rick Goyette <goyette at downbelow.pns.anl dot gov>
I am testing qpopper with ssl/tls support. qpopper seems to start on the
server but I get the error:
Jun 5 10:30:51 downbelow popper[13163]: (null) at voyager.pns.anl.gov
(146.139.156.47): -ERR Unknown command: "^V^C".
Jun 5 10:32:51 downbelow popper[13163]: (v4.0.3) Timeout (120 secs) duri
ng nw
read from at voyager.pns.anl.gov (146.139.156.47)
Jun 5 10:32:51 downbelow popper[13163]: (null) at voyager.pns.anl.gov
(146.139.156.47): -ERR POP timeout from downbelow.pns.anl.gov
which is sometimes also
Jun 5 10:34:14 downbelow popper[13170]: (null) at voyager.pns.anl.gov
(146.139.156.47): -ERR Unknown command: "^V^C".
Jun 5 10:34:14 downbelow popper[13170]: (null) at voyager.pns.anl.gov
(146.139.156.47): -ERR Unknown command: "3wôÖó0ybx³".
Jun 5 10:36:14 downbelow popper[13170]: (v4.0.3) Timeout (120 secs) duri
ng nw
read from at voyager.pns.anl.gov (146.139.156.47)
Jun 5 10:36:14 downbelow popper[13170]: (null) at voyager.pns.anl.gov
(146.139.156.47): -ERR POP timeout from downbelow.pns.anl.gov
Jun 5 10:36:14 downbelow popper[13170]: (v4.0.3) Timing for
@voyager.pns.anl.gov (error) auth=0 init=0 clean=0
Can anyone help.
Date: Tue, 5 Jun 2001 12:29:55 -0400
From: Scott McDermott <mcdermot at questra dot com>
Subject: Re: Dual port popper
ive.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <290755204779641840228 at lists.pensive.org>; from doctor at doctor dot nl2k dot ab dot ca on Mon, Jun 04, 2001 at 09:41:42PM -0600
The Doctor on Mon 4/06 21:41 -0600:
> > > Just run two servers then...one bound to one port, and another
> > > bound to the other...am I missing something here?
> >
> > So I should run /path/to/popper and /path/to/popper with options
> > then?
Huh? Yes, you invoke two of them...specify different configuration files
for each if you need to.
> Also, How do I setup the configuration files?
with a text editor ?
Date: Tue, 5 Jun 2001 12:39:49 -0400
From: Scott McDermott <mcdermot at questra dot com>
Subject: Re: From lines
Clifton Royston on Mon 4/06 14:30 -1000:
> > > Using perl5.x what is the proper way to lock a mailbox so that
> > > popper nor procmail won't touch it and there is no chance of a
> > > race condition?
> >
> > probably the fcntl() equivalent.
>
> Answers may vary depending on your UNIX flavor, and the type of volume
> you are dealing with. On some system it's still "dot-lock", or IIRC
> fcntl or flock() may be implemented as a "dot-lock".
If you find a system that actually implements fcntl(2) as a dotlock, I
will be completely amazed. They'll either not implement it, or they
will implement as an advisory kernel lock like it should be. Usually
either fcntl() or flock() is just an interface for the other, I believe.
If you have programs that are using dotlocks, upgrade...
> > But keep in mind that all bets are off if you're running server mode
> > because they unlock in the middle of the session.
>
> So you simply need to make sure, first, that a server mode pop session
> isn't already running for that file and that one can't start.
Or you can disable server mode, or you can modify the qpopper source to
surround the whole POP session with a lock instead of just the beginning
and end -- as we've done here -- and still get the advantages of server
mode without worrying about spool corruption. If your MDA and MTA can
properly handle temporary delivery errors (caused by the lock being in
place during a delivery attempt) this is your best option.
Date: Tue, 5 Jun 2001 11:06:31 -0600
From: The Doctor <doctor at doctor.nl2k.ab dot ca>
Subject: Re: Dual port popper
<998355623919085517609 at lists.pensive dot org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <998355623919085517609 at lists.pensive dot org>; from mcdermot at questra dot com on Tue, Jun 05, 2001 at 12:29:55PM -0400
On Tue, Jun 05, 2001 at 12:29:55PM -0400, Scott McDermott wrote:
>
>
> ive.org>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> X-Mailer: Mutt 1.0.1i
> In-Reply-To: <290755204779641840228 at lists.pensive.org>; from doctor at doctor dot nl2k dot ab dot ca on Mon, Jun 04, 2001 at 09:41:42PM -0600
>
> The Doctor on Mon 4/06 21:41 -0600:
> > > > Just run two servers then...one bound to one port, and another
> > > > bound to the other...am I missing something here?
> > >
> > > So I should run /path/to/popper and /path/to/popper with options
> > > then?
>
> Huh? Yes, you invoke two of them...specify different configuration files
> for each if you need to.
>
> > Also, How do I setup the configuration files?
>
> with a text editor ?
So with a text editor, what do I enter?
Date: Tue, 5 Jun 2001 19:26:04 +0200 (CAT)
From: Jim Holland <qpopper at mango dot zw>
Subject: Re: Version check of qpopper?? (and a follow up question)
Hi
On 5 Jun 2001, Colin J. Raven wrote:
> I want to determine what version of qpopper I'm running.
Just use the command:
telnet hostname 110
and that should connect to the qpopper service on hostname and tell you
the version it is running.
I await replies from others on the issue you raise concerning upgrading,
as I may have to do that myself.
Regards
Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service
Date: Tue, 05 Jun 2001 11:20:07 -0400
From: "Joel B. Laing" <joel at scripps dot edu>
Subject: Re: Dual port popper
The Doctor wrote:
>
> queston:
>
> Using Qpopper 4.0.3 how can one set up qpopper to listen on
> ports 110 (unsecure) and 995 (secure)
>
> I have compiled all the certs and is ready to go, but even all the
> Qualcomm pages cannot seem to answer this.
>
> Does anyone have this set up successfully?
Yup, works fine, you just need to modify inetd.conf and services. Have
separate config files in etc (apop.conf and popper.conf) for the
different behaviors. You should also look at your firewall rules if
applicable.
For example,
inetd.conf:
apop stream tcp nowait root /usr/local/etc/apop apop -f
/etc/apop.conf
pop3 stream tcp nowait root /usr/local/etc/popper
popper -f /etc/popper.conf
services:
apop 995/tcp # Apop
pop3 110/tcp # Popper
Read the INSTALL file for the config options. Sorta depends on exactly
what you are trying to accomplish. You probably want the "non secure"
popper to accept both clear text passwords and apop, and the "secure"
one to only authenticate via apop. Also, if you port forward 110 to 995
at the firewall, you can prevent users from having to reconfigure their
clients.
Hope this helps,
Joel
Last updated on 5 Jun 2001 by Pensive Mailing List Admin