The qpopper list archive ending on 12 Jun 2001
Topics covered in this issue include:
1. Re: File Locking
Homer Wilson Smith <homer at lightlink dot com>
Wed, 6 Jun 2001 20:20:30 -0400 (EDT)
2. Re: Operation not permitted
rollingblackout <thang at unixcircle dot com>
Wed, 06 Jun 2001 20:22:19 -0700
3. Re: Operation not permitted
Clifton Royston <cliftonr at lava dot net>
Wed, 6 Jun 2001 17:34:53 -1000
4. Re: Certificate on multi-homed server
"Kenneth Porter" <shiva at well dot com>
Wed, 06 Jun 2001 21:59:34 -0700
5. Re: File Locking
Randall Gellens <randy at qualcomm dot com>
Wed, 6 Jun 2001 22:53:42 -0700
6. Re: File Locking
"Queticon@verizon dot net" <res087jh at verizon dot net>
Thu, 7 Jun 2001 02:12:21 -0400
7. Re: File Locking
"Kenneth Porter" <shiva at well dot com>
Thu, 07 Jun 2001 02:01:50 -0700
8. Re: File Locking
Homer Wilson Smith <homer at lightlink dot com>
Thu, 7 Jun 2001 11:11:46 -0400 (EDT)
9. Re: File Locking
Clifton Royston <cliftonr at lava dot net>
Thu, 7 Jun 2001 08:11:33 -1000
10. Re: File Locking
Clifton Royston <cliftonr at lava dot net>
Thu, 7 Jun 2001 08:20:42 -1000
11. Re: File Locking
Randall Gellens <randy at qualcomm dot com>
Thu, 7 Jun 2001 12:53:24 -0700
12. Re: File Locking
Homer Wilson Smith <homer at lightlink dot com>
Thu, 7 Jun 2001 16:52:14 -0400 (EDT)
13. Re: File Locking
Homer Wilson Smith <homer at lightlink dot com>
Thu, 7 Jun 2001 18:24:43 -0400 (EDT)
14. test
Jarek Kaczmarczyk <jarek at interpress dot pl>
Fri, 8 Jun 2001 12:24:01 +0200
15. qpopper.log does not work
Jarek Kaczmarczyk <jarek at interpress dot pl>
Fri, 8 Jun 2001 12:33:55 +0200
16. reverse-lookup in 4.0.3
Joerg Hartmann <J.Hartmann at des.mediadesign dot de>
Fri, 8 Jun 2001 14:48:08 +0200
17. Re: qpopper.log does not work
Steven Champeon <schampeo at hesketh dot com>
Fri, 8 Jun 2001 10:51:15 -0400
18. Qpopper I/O Error
"Stephen Conway" <sconway at wlnet dot com>
Fri, 8 Jun 2001 11:15:03 -0400
19. Converting GDBM /etc/pop.auth problems...
David Friedlander <dpf at blazar.gsfc.nasa dot gov>
Fri, 8 Jun 2001 11:32:54 -0400
20. Re: qpopper.log does not work
Randall Gellens <randy at qualcomm dot com>
Fri, 8 Jun 2001 10:13:11 -0700
21. Re: Qpopper I/O Error
Randall Gellens <randy at qualcomm dot com>
Fri, 8 Jun 2001 10:14:58 -0700
22. Re: reverse-lookup in 4.0.3
Clifton Royston <cliftonr at lava dot net>
Fri, 8 Jun 2001 07:23:42 -1000
23. Re: reverse-lookup in 4.0.3
"Michael Kolos" <michael at colba dot net>
Fri, 8 Jun 2001 13:52:48 -0400
24. Re: Converting GDBM /etc/pop.auth problems...
"Kenneth Porter" <shiva at well dot com>
Fri, 08 Jun 2001 16:21:05 -0700
25. Changes in how keep-temp-drop works
Clifton Royston <cliftonr at lava dot net>
Fri, 8 Jun 2001 16:10:13 -1000
26. PAM problems
"Nhan NGO DINH (OCIC Missionary Service)" <nngodinh at ocic dot org>
Sat, 09 Jun 2001 16:38:50 +0200
27. Re: Changes in how keep-temp-drop works
Butch Kemper <kemper at tstar dot net>
Sat, 09 Jun 2001 11:19:18 -0500
28. Re: Changes in how keep-temp-drop works
Jeff Earickson <jaearick at colby dot edu>
Mon, 11 Jun 2001 09:18:59 -0400 (EDT)
29. RE: Checking for expired passwords by Qpopper
"Mir Ahmed Ali Shajee" <shajee at kfupm.edu dot sa>
Mon, 11 Jun 2001 17:23:08 +0300
30. 4.0 question confirmation
Admin Mailing Lists <mlist at intergrafix dot net>
Mon, 11 Jun 2001 11:39:31 -0400 (EDT)
31. Re: 4.0 question confirmation
Clifton Royston <cliftonr at lava dot net>
Mon, 11 Jun 2001 06:55:22 -1000
32. Re: PAM problems
Randall Gellens <randy at qualcomm dot com>
Mon, 11 Jun 2001 10:21:29 -0700
33. Re: 4.0 question confirmation
Randall Gellens <randy at qualcomm dot com>
Mon, 11 Jun 2001 10:19:47 -0700
34. Re: Changes in how keep-temp-drop works
Randall Gellens <randy at qualcomm dot com>
Mon, 11 Jun 2001 10:23:19 -0700
35. Re: Changes in how keep-temp-drop works
Clifton Royston <cliftonr at lava dot net>
Mon, 11 Jun 2001 08:14:28 -1000
36. Re: Checking for expired passwords by Qpopper
Clifton Royston <cliftonr at lava dot net>
Mon, 11 Jun 2001 08:18:59 -1000
37. Re: PAM problems
"Nhan NGO DINH (OCIC Missionary Service)" <nngodinh at ocic dot org>
Mon, 11 Jun 2001 21:03:19 +0200
38. Re: Changes in how keep-temp-drop works
Randall Gellens <randy at qualcomm dot com>
Mon, 11 Jun 2001 14:42:33 -0700
39. Re: Changes in how keep-temp-drop works
Clifton Royston <cliftonr at lava dot net>
Mon, 11 Jun 2001 12:07:46 -1000
40. Re: Changes in how keep-temp-drop works
Randall Gellens <randy at qualcomm dot com>
Mon, 11 Jun 2001 15:53:50 -0700
41. Re: Changes in how keep-temp-drop works
Clifton Royston <cliftonr at lava dot net>
Mon, 11 Jun 2001 14:37:31 -1000
42. dummy UID
"Nhan NGO DINH (OCIC Missionary Service)" <nngodinh at ocic dot org>
Tue, 12 Jun 2001 15:52:57 +0200
43. Re: 4.0 question confirmation
Admin Mailing Lists <mlist at intergrafix dot net>
Tue, 12 Jun 2001 10:29:55 -0400 (EDT)
44. Re: PAM problems
Admin Mailing Lists <mlist at intergrafix dot net>
Tue, 12 Jun 2001 10:40:30 -0400 (EDT)
45. Re: 4.0 question confirmation
Randall Gellens <randy at qualcomm dot com>
Tue, 12 Jun 2001 09:40:54 -0700
46. Re: Changes in how keep-temp-drop works
Randall Gellens <randy at qualcomm dot com>
Tue, 12 Jun 2001 09:45:54 -0700
47. Re: 4.0 question confirmation
Admin Mailing Lists <mlist at intergrafix dot net>
Tue, 12 Jun 2001 13:39:57 -0400 (EDT)
48. Re: Changes in how keep-temp-drop works
Clifton Royston <cliftonr at lava dot net>
Tue, 12 Jun 2001 09:01:24 -1000
49. Re: 4.0 question confirmation
Randall Gellens <randy at qualcomm dot com>
Tue, 12 Jun 2001 12:34:27 -0700
50. poppasd.c runtime problem on AIX 4.3.2
"Christopher Crowley" <ccrowley at tulane dot edu>
Tue, 12 Jun 2001 15:45:35 -0500
Date: Wed, 6 Jun 2001 20:20:30 -0400 (EDT)
From: Homer Wilson Smith <homer at lightlink dot com>
Subject: Re: File Locking
> After looking into things here, I would recommend invoking the
> procmail "lockfile" utility. That way you are guaranteed you will use
> the same mechanism as procmail at least.
OK! But is qpopper 'guaranteed' to use the same method of
locking as procmail!
:)
Homer
Date: Wed, 06 Jun 2001 20:22:19 -0700
From: rollingblackout <thang at unixcircle dot com>
Subject: Re: Operation not permitted
Does that mean my users had successfully retrieved their emails?
Regards,
Clifton Royston wrote:
>
> On Tue, Jun 05, 2001 at 10:36:21PM -0700, rollingblackout wrote:
> > greetings,
> >
> > just upgrade to 4.0.3 and got lot of this in the logfile
> >
> > /usr/sbin/popper[19536]: I/O error flushing output to client
> > user_login_name at
> > a.b.c.d [a.b.c.d]: Operation not permitted (1)
>
> I believe 4.x is more verbose about logging errors; from our logs, these
> errors all seem to happen after a client disconnects from the POP
> session unexpectedly, and hence appear to be benign.
> -- Clifton
>
> --
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Wed, 6 Jun 2001 17:34:53 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Operation not permitted
On Wed, Jun 06, 2001 at 08:22:19PM -0700, rollingblackout wrote:
> Does that mean my users had successfully retrieved their emails?
> Regards,
Maybe or maybe not.
I think it means they disconnected without qpopper recognizing the
session was over, and definitely without it receiving the "QUIT"
command.
This might have been after successfully retrieving their emails, or
might not. Sorry that's not more help.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
From: "Kenneth Porter" <shiva at well dot com>
Date: Wed, 06 Jun 2001 21:59:34 -0700
Subject: Re: Certificate on multi-homed server
On Wed, 6 Jun 2001 15:16:59 -0400, Scott McDermott wrote:
>The answer is yes, you need a separate cert per interface. Bind qpopper
>with different conf files which specify different certs, to the
>different interfaces. xinetd makes this easy. We have the same issue
>here. You just need to use the `bind' statement and make sure you
>specify different `id's for them since the service name is no longer
>enough.
Ok, got that working. I put all 3 service blocks in the same spop3
file. I used ID's like "spop3-eth0". I found that the bind directive
requires an interface address, not an interface name.
Is there any way to deal with cnames on the interfaces? I'm running
more than one service on the box and have cnames for the services (eg.
pop3, smtp, ns). Some users use one name, some another. It looks like
Eudora doesn't canonicalize the name it connects with, and if it uses
an alias, then there will be yet another certificate hostname mismatch
error. Should clients be canonicalizing hostnames? (Is there an easier
way to get to Eudora's Cert Manager without drilling down into the
Check Mail settings?)
BTW, those wanting to create self-signed test certs for their server, I
figured out how to do this with OpenSSL: You should have a directory
/usr/share/ssl/certs containing a Makefile. This Makefile has the rules
on how to create sample SSL files, including self-signed certs. To
create a new Qpopper cert, just cd to that directory, type "make
/tmp/qpopper.pem", and answer the questions identifying your server.
(Country, state/province, city, organization, section, hostname, and
email.) I use postmaster@servername for the email address.
Ken
mailto:shiva at well dot com
http://www.sewingwitch.com/ken/
[If answering a mailing list posting, please don't cc me your reply. I'll take my answer on the list.]
Date: Wed, 6 Jun 2001 22:53:42 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: File Locking
At 5:26 PM -0400 6/6/01, Homer Wilson Smith wrote:
> Is there a white paper on file locking and how it works, including
> techniques of use, particularly dotlocking and flock/fcntl?
There may be, but in a nutshell, dot-locking is the most common
method used for mail spools. Qpopper always uses dot-locking as well
as either flock() or fcntl().
From: "Queticon@verizon dot net" <res087jh at verizon dot net>
Subject: Re: File Locking
Date: Thu, 7 Jun 2001 02:12:21 -0400
I would really love off this list.....since there is not unsubscribe link at
the bottom of the emails
----- Original Message -----
From: "Randall Gellens" <randy at qualcomm dot com>
To: "Homer Wilson Smith" <homer at lightlink dot com>; "Max Parke"
<mhp at lightlink dot com>
Cc: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Thursday, June 07, 2001 1:53 AM
Subject: Re: File Locking
> At 5:26 PM -0400 6/6/01, Homer Wilson Smith wrote:
>
> > Is there a white paper on file locking and how it works, including
> > techniques of use, particularly dotlocking and flock/fcntl?
>
> There may be, but in a nutshell, dot-locking is the most common
> method used for mail spools. Qpopper always uses dot-locking as well
> as either flock() or fcntl().
>
From: "Kenneth Porter" <shiva at well dot com>
Date: Thu, 07 Jun 2001 02:01:50 -0700
Subject: Re: File Locking
On Thu, 7 Jun 2001 02:12:21 -0400, Queticon at verizon dot net wrote:
>I would really love off this list.....since there is not unsubscribe link at
>the bottom of the emails
That's because the unsubscribe links are in the headers:
>List-Unsubscribe: <mailto:qpopper-request at lists.pensive dot org?body=unsubscribe>
On lists that put the unsubscribe info in the footer (like those run by
Yahoo Groups), I often see threads with tons of quoted footers at the
bottom, from people too lazy or ignorant to trim them.
>X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Lookout Express is pretty lame because it makes it so hard to see the
raw headers, but open the Properties for a list message and select the
Details tab to see them. You'll see the info for unsubscribing
yourself.
(Randall, does Eudora provide any nice feature for extracting the
unsubscribe header for easy access?)
You should always save the welcome message from any list you join.
Stick them all in a separate folder like "List Admin" so you don't lose
them when cleaning out a list folder.
Ken
mailto:shiva at well dot com
http://www.sewingwitch.com/ken/
[If answering a mailing list posting, please don't cc me your reply. I'll take my answer on the list.]
Date: Thu, 7 Jun 2001 11:11:46 -0400 (EDT)
From: Homer Wilson Smith <homer at lightlink dot com>
Subject: Re: File Locking
> > Is there a white paper on file locking and how it works, including
> > techniques of use, particularly dotlocking and flock/fcntl?
>
> There may be, but in a nutshell, dot-locking is the most common
> method used for mail spools. Qpopper always uses dot-locking as well
> as either flock() or fcntl().
Thanks Randall. I am following your advice to upgrade from
procmail 3.13.1 and qpopper 2.52.
I would like to upgrade the procmail first as it is the easiest,
to procmail 3.15.1
I was taken aback by the new procmails use of username.lock in
/var/spool/mail to lock mailboxes. Will this be a problem with the
locking used by qpopper 2.52 which I believe is .username.lock in the
/var/spool/poplock directory?
Homer
Date: Thu, 7 Jun 2001 08:11:33 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: File Locking
On Thu, Jun 07, 2001 at 11:11:46AM -0400, Homer Wilson Smith wrote:
> > > Is there a white paper on file locking and how it works, including
> > > techniques of use, particularly dotlocking and flock/fcntl?
> >
> > There may be, but in a nutshell, dot-locking is the most common
> > method used for mail spools. Qpopper always uses dot-locking as well
> > as either flock() or fcntl().
>
> Thanks Randall. I am following your advice to upgrade from
> procmail 3.13.1 and qpopper 2.52.
>
> I would like to upgrade the procmail first as it is the easiest,
> to procmail 3.15.1
>
> I was taken aback by the new procmails use of username.lock in
> /var/spool/mail to lock mailboxes. Will this be a problem with the
> locking used by qpopper 2.52 which I believe is .username.lock in the
> /var/spool/poplock directory?
IIRC, that serves a different purpose, specifically preventing
multiple popper processes from running simultaneously. The
/var/mail/username.lock or /var/spool/mail/username.lock file is used
to prevent concurrent updates to the mailspool by popper and some other
process such as mail delivery. The latter is the shared locking
mechanism that Randall and I referred to.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Thu, 7 Jun 2001 08:20:42 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: File Locking
On Wed, Jun 06, 2001 at 08:20:30PM -0400, Homer Wilson Smith wrote:
> > After looking into things here, I would recommend invoking the
> > procmail "lockfile" utility. That way you are guaranteed you will use
> > the same mechanism as procmail at least.
>
> OK! But is qpopper 'guaranteed' to use the same method of
> locking as procmail!
Yes. It's also the same method of locking that any correctly built
mail client should be using.
However in server mode, as discussed, qpopper will only lock at the
beginning and end of the session, while first grabbing and later
updating the spool file. It is therefore possible to get a valid lock
in the middle of the POP session, perform operations on the spool while
keeping it locked, write your updates back, unlock, and still end up
with a corrupted spool when qpopper terminates - if the operations you
performed were anything other than appending to the end of it. That's
why server mode needs to be appropriately restricted.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Thu, 7 Jun 2001 12:53:24 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: File Locking
The dot-lock file is created by appending ".lock" to the name of
the file being locked. The dot-lock file must be in the same
directory as the file being locked.
Qpopper uses an additional file, ".user.pop" as a mutual-exclusion
lock to prevent more than one POP session at the same time. No
other process should use this file. The file also serves
double-duty as the temp spool, when needed.
Date: Thu, 7 Jun 2001 16:52:14 -0400 (EDT)
From: Homer Wilson Smith <homer at lightlink dot com>
Subject: Re: File Locking
> IIRC, that serves a different purpose, specifically preventing
> multiple popper processes from running simultaneously. The
> /var/mail/username.lock or /var/spool/mail/username.lock file is used
> to prevent concurrent updates to the mailspool by popper and some other
> process such as mail delivery. The latter is the shared locking
> mechanism that Randall and I referred to.
OK!. So then I should be safe upgrading to
procmail 3.15.1 using user.lock in /var/spool/mail, while still
running qpopper 2.5.2? That will give me more time to
study the 4.0.3 manual etc.
Homer
Date: Thu, 7 Jun 2001 18:24:43 -0400 (EDT)
From: Homer Wilson Smith <homer at lightlink dot com>
Subject: Re: File Locking
>
> However in server mode, as discussed, qpopper will only lock at the
> beginning and end of the session, while first grabbing and later
> updating the spool file. It is therefore possible to get a valid lock
> in the middle of the POP session, perform operations on the spool while
> keeping it locked, write your updates back, unlock, and still end up
> with a corrupted spool when qpopper terminates - if the operations you
> performed were anything other than appending to the end of it. That's
> why server mode needs to be appropriately restricted.
OK, but if the machine is limited to qpopper reading mail and
procmail delivering mail, then we have the conditions you require, no?
Homer
From: Jarek Kaczmarczyk <jarek at interpress dot pl>
Subject: test
Date: Fri, 8 Jun 2001 12:24:01 +0200
am I?
From: Jarek Kaczmarczyk <jarek at interpress dot pl>
Subject: qpopper.log does not work
Date: Fri, 8 Jun 2001 12:33:55 +0200
Hi,
I am quite newbie - pls help me to solve the problem.
On my server there is qpopper 4.0 installed. It works OK,
but there is no qpopper.log file in my /var/log directory.
Why? What should I do while compiling the program to get
qpopper.log working?
Pls give me a step by step instruction.
Best regards
Jarek
From: Joerg Hartmann <J.Hartmann at des.mediadesign dot de>
Subject: reverse-lookup in 4.0.3
Date: Fri, 8 Jun 2001 14:48:08 +0200
Hallo ,
i have used popper 3.12 for some time now without the reverse lookups of
client IP Adresses. This works fine ...
Now i changed to 4.0.3 with set reverse-lookup = false
im my config file and i started popper with the option
-f /etc/mail/qpopper.cfg (my config file).
But when i read the logs all the lines have dns-names logged.
Jun 8 14:34:58 mail /usr/sbin/popper[14444]: Stats: rniemann 0 0 0 0
dus-kiste 192.168.120.26 [pop_updt.c:296]
Does anyone know whats wrong here ?
regards
Joerg
--
Joerg Hartmann
mediadesign akademie
Phone +49 340 253 2023 Fax +49 340 253 2010
J.Hartmann at des.mediadesign dot de
Date: Fri, 8 Jun 2001 10:51:15 -0400
From: Steven Champeon <schampeo at hesketh dot com>
Subject: Re: qpopper.log does not work
on Fri, Jun 08, 2001 at 12:33:55PM +0200, Jarek Kaczmarczyk wrote:
> On my server there is qpopper 4.0 installed. It works OK,
> but there is no qpopper.log file in my /var/log directory.
That's right.
> Why? What should I do while compiling the program to get
> qpopper.log working?
qpopper uses syslog's LOG_MAIL facility. Look in /var/log/maillog.
> Pls give me a step by step instruction.
1) it's a syslog issue, not really a qpopper issue
2) man syslog.conf
3) vi syslog.conf
4) kill -HUP `pidof syslog`
If that doesn't work, repeat 2-4. Or, you could run qpopper with a trace
file if you really want too much output. If traces aren't working for you,
recompile after running configure with --enable-debugging (in addition to
whatever other args you used the last time).
If that still doesn't work, take a look at pop_log.c and modify to suit.
Steve
--
hesketh.com/inc. v: (919) 834-2552 f: (919) 834-2554 w: http://hesketh.com
From: "Stephen Conway" <sconway at wlnet dot com>
Subject: Qpopper I/O Error
Date: Fri, 8 Jun 2001 11:15:03 -0400
Hello.
I am having a problem with one of my servers running qpopper 3.0.2. The
problem is that when picking up mail with an MDaemon server, from time to
time the server crashes, as it is reading the first message in the mailbox.
The result in the maillog is an entry with "I/O error, EOF" I have also
seen this happening with an Exchange server picking up mail from a pop mail
box as well. After checking the mailbox in question I noticed that there
are x-uidl fields inte header with some strange characters in them. Does
anyone have any idea what's the problem here?
Any help is appreciated.
Steve Conway
World-Link Communications
Date: Fri, 8 Jun 2001 11:32:54 -0400
From: David Friedlander <dpf at blazar.gsfc.nasa dot gov>
Subject: Converting GDBM /etc/pop.auth problems...
Hello,
I having trouble migrating a qpopper server from a Solaris machine to a
Linux machine. Specifically, I run APOP as the preferred authentication
on this server, and need to move the /etc/pop.auth file to the Linux
machine. (I would prefer not to force 180+ users to get new passwords.)
If I merely copy the pop.auth file to the new machine and set permissions
up properly, I am unable to read the database:
% ls -l /etc/pop.auth /usr/local/sbin/popauth
-rw------- 1 pop pop 15178 Jun 7 13:53 /etc/pop.auth
-rwsr-xr-x 1 pop pop 26620 Jun 4 17:55 /usr/local/sbin/popauth
% popauth -list ALL
popauth: unable to open POP authentication DB /etc/pop.auth:
Success (0) [1020]
Now, looking at the source code (and hacking it a bit to find which of the
six occurrences of the error message it was), I find that it is dying at line
1019 of popper/popauth.c (qpopper version 4.0.3) :
#ifdef GDBM
db = gdbm_open ( auth_file, 512, GDBM_READER, 0, 0 );
if ( db == NULL)
adios ( HERE, "unable to open POP authentication DB %s:\n\t%s (%i) [%i]",
auth_file, strerror(errno), errno, __LINE__ );
If I do "popauth -init" then everything works fine. However I am
specifically trying to avoid that initialization!
Now, since I am going from a big-endian Sun to a little-endian Intel box,
I figured I might have byte-swapping issues to deal with. But it appears
to be a but more subtle than that. Indeed the first few bytes at the very
beginning of the file (a GDBM header of some sort, I assume) are swapped:
Solaris: Linux:
13579ace ce9a5713
that is,
(13)(57)(9a)(ce) (ce)(9a)(57(13)
However, when one gets to the parts of the file where the username and
password are stored, things are not byte swapped at all. One can see the
ASCII representation of the username followed by the encoded password, and
it is the same on both platforms. (I am examining this with "xdump", a sample
program from the 1st edition Llama Book (Learning Perl), which formats the
data in a way similar to combining "od -c" and "od -b".)
MY QUESTION:
Has anyone done this sort of migration or does anyone have advice or
sample code? Thanks very much in advance.
David
P.S. Last year I migrated from SunOS to Solaris for which I had to put
together a small perl script to convert from an NDBM file to a GDBM file
for the /etc/pop.auth file. It worked fine and I did not have to recreate
the APOP database. Now, that did not cross computer architecture
boundaries, but it does show that at least some conversions are possible.
P.P.S. My apologies if this has already been covered, but the list archive
does not appear to be searchable.
+---------------------------------------------------------------------------+
| David Friedlander / SSAI / Code 664 dpf at egret.gsfc.nasa dot gov |
| Principal System Administrator http://lheawww.gsfc.nasa.gov/~dpf |
| Laboratory for High Energy Astrophysics (LHEA) |
| NASA/ Goddard Space Flight Center, Greenbelt, MD 20771 (301) 286-1129 |
+---------------------------------------------------------------------------+
Date: Fri, 8 Jun 2001 10:13:11 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: qpopper.log does not work
See the Administrator's Guide. You can change the log facility used
by Qpopper if you like. Whichever facility is being used needs to be
configured in syslog.conf. You specify which messages are logged,
and to which file.
Date: Fri, 8 Jun 2001 10:14:58 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Qpopper I/O Error
At 11:15 AM -0400 6/8/01, Stephen Conway wrote:
> x-uidl fields inte header with some strange characters in them
This is normal. See the FAQ:
<http://www.eudora.com/qpopper/faq.html#3.0.uidl>.
Date: Fri, 8 Jun 2001 07:23:42 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: reverse-lookup in 4.0.3
On Fri, Jun 08, 2001 at 02:48:08PM +0200, Joerg Hartmann wrote:
> Hallo ,
>
> i have used popper 3.12 for some time now without the reverse lookups of
> client IP Adresses. This works fine ...
>
> Now i changed to 4.0.3 with set reverse-lookup = false
> im my config file and i started popper with the option
> -f /etc/mail/qpopper.cfg (my config file).
Try -R on the command line which does work for me; your syntax looks
correct, so I don't know what the problem is.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
From: "Michael Kolos" <michael at colba dot net>
Subject: Re: reverse-lookup in 4.0.3
Date: Fri, 8 Jun 2001 13:52:48 -0400
The logic is a bit backwards.
If you put
set reverse-lookup=true
in your config file, it will NOT do a reverse DNS lookup..
Basically the name doesn't go with the true/false. It should either be the
way you have said or reverse-lookup-disable, but it is not.
Michael Kolos
Administrateur de Réseaux
Network Administrator
ColbaNet Inc
----- Original Message -----
From: "Joerg Hartmann" <J.Hartmann at des.mediadesign dot de>
To: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Friday, June 08, 2001 8:48 AM
Subject: reverse-lookup in 4.0.3
> Hallo ,
>
> i have used popper 3.12 for some time now without the reverse lookups of
> client IP Adresses. This works fine ...
>
> Now i changed to 4.0.3 with set reverse-lookup = false
> im my config file and i started popper with the option
> -f /etc/mail/qpopper.cfg (my config file).
>
> But when i read the logs all the lines have dns-names logged.
>
> Jun 8 14:34:58 mail /usr/sbin/popper[14444]: Stats: rniemann 0 0 0 0
> dus-kiste 192.168.120.26 [pop_updt.c:296]
>
> Does anyone know whats wrong here ?
>
> regards
> Joerg
> --
> Joerg Hartmann
> mediadesign akademie
> Phone +49 340 253 2023 Fax +49 340 253 2010
> J.Hartmann at des.mediadesign dot de
>
Michael Kolos
Administrateur de Réseaux
Network Administrator
ColbaNet Inc
From: "Kenneth Porter" <shiva at well dot com>
Date: Fri, 08 Jun 2001 16:21:05 -0700
Subject: Re: Converting GDBM /etc/pop.auth problems...
On Fri, 8 Jun 2001 11:32:54 -0400, David Friedlander wrote:
>P.S. Last year I migrated from SunOS to Solaris for which I had to put
>together a small perl script to convert from an NDBM file to a GDBM file
>for the /etc/pop.auth file. It worked fine and I did not have to recreate
>the APOP database. Now, that did not cross computer architecture
>boundaries, but it does show that at least some conversions are possible.
My approach would be to write a small utility to read out the contents
of the DB on the Solaris box, dump it to a text file, and then another
mirror utility to recreate the DB on the Linux box. Sounds like you may
have Perl support for that so you don't even need to code any C.
Ken
mailto:shiva at well dot com
http://www.sewingwitch.com/ken/
[If answering a mailing list posting, please don't cc me your reply. I'll take my answer on the list.]
Date: Fri, 8 Jun 2001 16:10:13 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Changes in how keep-temp-drop works
As far as I'm aware, the only purpose for the keep-temp-drop config
variable (or --enable-keep-temp-drop) which keeps the 0-length POP
session temp file around, is to have a "cheap" way to check when a user
last checked their mail via POP. That's what's cited as the motive for
the option in the Administator's guide (PDF): "Some sites like to
retain it to determine the last time a user has accessed his or her
mail."
However, with server mode under qpopper 4.x, while the option is
still supported, it's no longer directly useful for that: the POP temp
file doesn't seem to get created or touched unless the spool file has
been modified since the last POP check. This means that unless the
user has received new mail, any POP check they do will not be reflected
in the time, so it's much less useful.
In particular, our support department uses this to help determine if
customers are able to check their mail and where their problem may lie.
Scanning through the POP log is fairly resource-intensive and slow,
especially if you have to go back to rotated log files from preceding
weeks.
So, I'm considering a fix that if "keep-temp-drop" was set, would
simply "touch" the (empty) temp file each time a POP connection was
made, to set the date. That shouldn't be too expensive and should
solve the problem.
Does anyone else use this option? If so, feedback?
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sat, 09 Jun 2001 16:38:50 +0200
From: "Nhan NGO DINH (OCIC Missionary Service)" <nngodinh at ocic dot org>
Subject: PAM problems
Hi all,
I'm trying to setup a server that uses the same authentication mechanism
for ppp incoming calls and POP3. I'm using Qpopper with PAM support and the
pam_mysql.so module.
The problem is that when I request access to a mailbox via POP3 if the user
exists both in the mysql database and in the password (/etc/passwd)
database, everything works, but if not it doesn't let me enter, saying in
syslog that the "user is not know to the system".
I've looked at the Qpopper sources and I've seen that when the program
processes the "USER" POP3 command it doesn't query the PAM interface but
directly it uses the getpwnam() function (so it takes care of /etc/passwd).
It seems to be something wrong, but may be I'm wrong.
Can anyone tell me more about that?
Thx.
---------
Nhan NGO DINH
Date: Sat, 09 Jun 2001 11:19:18 -0500
From: Butch Kemper <kemper at tstar dot net>
Subject: Re: Changes in how keep-temp-drop works
I like the proposal because we use the temp file to know when the user last
accessed their mail.
Butch
At 09:10 PM 6/8/01, you wrote:
> As far as I'm aware, the only purpose for the keep-temp-drop config
>variable (or --enable-keep-temp-drop) which keeps the 0-length POP
>session temp file around, is to have a "cheap" way to check when a user
>last checked their mail via POP. That's what's cited as the motive for
>the option in the Administator's guide (PDF): "Some sites like to
>retain it to determine the last time a user has accessed his or her
>mail."
>
> However, with server mode under qpopper 4.x, while the option is
>still supported, it's no longer directly useful for that: the POP temp
>file doesn't seem to get created or touched unless the spool file has
>been modified since the last POP check. This means that unless the
>user has received new mail, any POP check they do will not be reflected
>in the time, so it's much less useful.
>
> In particular, our support department uses this to help determine if
>customers are able to check their mail and where their problem may lie.
>Scanning through the POP log is fairly resource-intensive and slow,
>especially if you have to go back to rotated log files from preceding
>weeks.
>
> So, I'm considering a fix that if "keep-temp-drop" was set, would
>simply "touch" the (empty) temp file each time a POP connection was
>made, to set the date. That shouldn't be too expensive and should
>solve the problem.
>
> Does anyone else use this option? If so, feedback?
>
> -- Clifton
>
>--
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
TSTAR Internet, Inc | Making the Net Work
Marble Falls, TX | Serving Blanco, Burnet,
830-693-6967 | Llano, and Mason Counties
Date: Mon, 11 Jun 2001 09:18:59 -0400 (EDT)
From: Jeff Earickson <jaearick at colby dot edu>
Subject: Re: Changes in how keep-temp-drop works
Hi,
While I have not upgraded to 4.x yet, I use the .pop file for the
same reason -- to look for unused accounts. If 4.x isn't touching this
file with the keep-temp-drop option then I consider this a bug...
--- Jeff Earickson
On Fri, 8 Jun 2001, Clifton Royston wrote:
> Date: Fri, 8 Jun 2001 16:10:13 -1000
> From: Clifton Royston <cliftonr at lava dot net>
> To: Subscribers of Qpopper <qpopper at lists.pensive dot org>
> Subject: Changes in how keep-temp-drop works
>
> As far as I'm aware, the only purpose for the keep-temp-drop config
> variable (or --enable-keep-temp-drop) which keeps the 0-length POP
> session temp file around, is to have a "cheap" way to check when a user
> last checked their mail via POP. That's what's cited as the motive for
> the option in the Administator's guide (PDF): "Some sites like to
> retain it to determine the last time a user has accessed his or her
> mail."
>
> However, with server mode under qpopper 4.x, while the option is
> still supported, it's no longer directly useful for that: the POP temp
> file doesn't seem to get created or touched unless the spool file has
> been modified since the last POP check. This means that unless the
> user has received new mail, any POP check they do will not be reflected
> in the time, so it's much less useful.
>
> In particular, our support department uses this to help determine if
> customers are able to check their mail and where their problem may lie.
> Scanning through the POP log is fairly resource-intensive and slow,
> especially if you have to go back to rotated log files from preceding
> weeks.
>
> So, I'm considering a fix that if "keep-temp-drop" was set, would
> simply "touch" the (empty) temp file each time a POP connection was
> made, to set the date. That shouldn't be too expensive and should
> solve the problem.
>
> Does anyone else use this option? If so, feedback?
>
> -- Clifton
>
> --
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
>
From: "Mir Ahmed Ali Shajee" <shajee at kfupm.edu dot sa>
Subject: RE: Checking for expired passwords by Qpopper
Date: Mon, 11 Jun 2001 17:23:08 +0300
Thank you Roy for your help ...However, It still doesn't work on any of the
two servers I tested.
Here is the problem:
The POP server with almost all other features is working fine except the
check for Expired passwords... and users with expired passwords can still
download their emails.
Can you please tell me which compiler you used for qpopper compilation... or
any other point that may be considered.
Thank you.
Sincerely,
Shajee
-----Original Message-----
From: Roy [mailto:garlic at garlic dot com]
Sent: Wednesday, June 06, 2001 6:40 PM
To: Mir Ahmed Ali Shajee
Cc: Subscribers of Qpopper
Subject: Re: Checking for expired passwords by Qpopper
I just tested 4.0.3 here on my AIX 4.3 system and it worked
Mir Ahmed Ali Shajee wrote:
> Hi Experts,
> I have recently compiled the qpopper on AIX 4.3.3 and am facing a little
> problem: The default option to check expired passwords is not working and
> users with expired passwords can still use POP.
> Any help in this regards is appreciated. Thank you all for your time and
> support.
> Thanks again,
> shajee
Date: Mon, 11 Jun 2001 11:39:31 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: 4.0 question confirmation
so then even if you use server mode with fast-update, you have to put the
pop temp directory on the same partition? just confirming, as i couldn't
find this note in the Documentation Manual. I'm assuming it's because you
can't do renames/moves across filesystems?
lastly, can someone explain in detail the use of --disable-old-spool-loc?
I know what the manual says, but I still don't quite understand what is
considered "old".
It SEEMS that it means a .pop file from a previous session. So if you
enabled --disable-old-spool-loc, it wouldn't generate pop lock busy errors
if a .pop file existed for the user? (since it's not checking for them?)
Thanx,
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Wed, 30 May 2001, Clifton Royston wrote:
> On Wed, May 30, 2001 at 01:44:13PM -0400, rick pim wrote:
> > 4.x has a variety of performance improvements over v3. i'd like to
> > implement as many of them as are safe in our situation. on our
> > systems, users have shell accounts. "most" users who use POP don't use
> > the shell access at all, let alone for mail. of those that do, "most"
> > don't use shell access and POP at the same time. our biggest system
> > has 15-20k users and about 100k pop connections per day.
>
> This sounds quite similar to our configuration that I just posted
> about. In our case, just implemented, v4 + server-mode (selectively) +
> fast-update was a tremendous performance increase.
>
>
> > the most obvious performance wins are server mode and fast-update.
> > fast-update is listed in the manual as potentially breaking biff.
> > if this is the worst problem then, given our setup, i'm more than willing
> > to enable it. are there any other consequences to using fast-update?
>
> There are two gotchas here, which I got after a week or two of puzzling
> through things.
>
> 1) fast-update *only* ever applies if you are using server mode. I had
> to read the code to understand this; I couldn't find a note to that
> effect in the documentation that I could see. (Read the comments at
> the the header of pop_updt.c, and then grep for the fast update
> variable if you want to confirm this.) So first worry about making
> server mode safe to use, and if you do then you will pretty certainly
> find fast-update safe.
>
> 2) fast-update requires the poptemp (pop drop) files to be located on
> the same partition as the corresponding mail spool files. If you have
> previously located them on a separate partition (as we had) for greater
> performance copying mailboxes to the poptemp files in non-server mode,
> you will need to reorganize the location of your poptemp directory; in
> our case because /var/mail is its own partition, we created a separate
> directory under /var/mail for poptemp files. Again, I had to read the
> code to get clear on this. Server mode still will recopy the spool
> file under some circumstances to merge changes made by the pop session
> with independent changes during it, e.g. new mail arriving. In
> fast-update mode, it then relinks the recopied file on place of the
> spool instead of copying it again.
>
> I may try to write some proposed verbiage about both these points for
> the documentation because it really confused me when I was trying to
> set it up.
>
>
> > the same holds for server mode: in a sitation like this, there are
> > potential issues with server mode, but the documentation doesn't
> > detail them. exactly how serious _are_ they? what's the worst case?
> > is it something serious (lost mail, vanishing mailboxes) or just
> > cosmetic?
>
> Server mode is the biggest win, because it prevents qpopper from
> recopying the *entire* mailbox on every single POP session.
>
> In *theory* and in the worst case, I think that in server mode lost
> mail could result in some combination of circumstances, like a user
> reading mail with a carelessly implemented shell mail client, plus
> using POP at the same time, plus mail arrives during the POP session.
> I haven't read a definitive statement about this, and I might be overly
> pessimistic, but popper is written to be extremely conservative about
> these possibilities in non server mode. In server mode it is still
> careful about its spool handling but less conservative in its
> assumptions, basically assuming that the only way the spool will get
> updated while popping is by new mail arriving.
>
> I think your best course is to find some way to segregate users who may
> actually *use* their shell from those who are certain not to log in and
> run shell programs, and automatically enable server mode for all of the
> latter. That's what we did and as of day 2 it's going very well. One
> of v4's big advantages is that it has several facilities to do this,
> based on the group a user is in or based on individual qpopper.options
> files. Then if you have server-mode applying only to non-shell users,
> fast-update is also safe for all of them. If you can put all your
> shell users in certain groups, or all non-shell users in certain
> groups, you're set. I ended up coding our own based on our
> circumstances, where we set it based on the assigned login shell - if
> they have a dummy shell of /usr/local/bin/no_shell or /sbin/nologin,
> qpopper goes into server mode.
>
>
> > other performance wins in v4 would be nice to hear comments on.
>
> In combination with the above features, the UIDL cache file is a huge
> win. As long as no new mail has come in for a given user, they can POP
> it every 2 minutes with absolutely 0 performance impact, even if they
> have a huge mailbox, because all qpopper needs to do is check the time
> stamp on the files and then read the (tiny) UIDL cache file.
>
> Same as with v3, turning off reverse lookups is a big win as always for
> most servers.
>
> If you have 15-20K users, if you can get other mail programs to comply
> with it (clients, etc.) then you might consider the mailhash algorithms
> to cut down on directory lookup times. This is minor compared to the
> other improvements, though.
>
> One last meta-issue is that if you write some scripts to analyse your
> POP logs, you will probably find that, unless you have very strict mail
> quotas, a dozen or so users out of your 15K are generating most of the
> load on your mail server through having big mailboxes, leaving their
> mail on the server, and checking them frequently. If you deal with
> them administratively, you can significantly reduce your load. Log the
> "Stats" and "Timing" lines, total the fields by user, and look for
> users whose numbers stand out.
>
> Good luck!
> -- Clifton
>
> --
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
>
Date: Mon, 11 Jun 2001 06:55:22 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: 4.0 question confirmation
On Mon, Jun 11, 2001 at 11:39:31AM -0400, Admin Mailing Lists wrote:
>
> so then even if you use server mode with fast-update, you have to put the
> pop temp directory on the same partition? just confirming, as i couldn't
> find this note in the Documentation Manual. I'm assuming it's because you
> can't do renames/moves across filesystems?
Exactly, that's what I had to figure out. (If you don't, the
fast-update will give you an error message on every pop session when it
goes into the update phase.)
> lastly, can someone explain in detail the use of --disable-old-spool-loc?
Haven't looked at that option, sorry.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 11 Jun 2001 10:21:29 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: PAM problems
At 4:38 PM +0200 6/9/01, Nhan NGO DINH (OCIC Missionary Service) wrote:
> I've looked at the Qpopper sources and I've seen that when the
> program processes the "USER" POP3 command it doesn't query the PAM
> interface but directly it uses the getpwnam() function (so it takes
> care of /etc/passwd).
>
> It seems to be something wrong, but may be I'm wrong.
> Can anyone tell me more about that?
Qpopper uses the pwnam entry for the user to know which user owns the
spool, which groups the user is a member of, what the home directory
is (if home directory options are used), etc.
Date: Mon, 11 Jun 2001 10:19:47 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0 question confirmation
At 11:39 AM -0400 6/11/01, Admin Mailing Lists wrote:
> so then even if you use server mode with fast-update, you have to put the
> pop temp directory on the same partition? just confirming, as i couldn't
> find this note in the Documentation Manual. I'm assuming it's because you
> can't do renames/moves across filesystems?
Correct.
>
> lastly, can someone explain in detail the use of --disable-old-spool-loc?
> I know what the manual says, but I still don't quite understand what is
> considered "old".
> It SEEMS that it means a .pop file from a previous session. So if you
> enabled --disable-old-spool-loc, it wouldn't generate pop lock busy errors
> if a .pop file existed for the user? (since it's not checking for them?)
This option tells Qpopper not to check for old .user.pop files in the
spool directory. It only has meaning if the temp directory has been
changed to be something different from the spool directory or if
hash-spool is set. When that's the case, normally (just to be safe),
Qpopper checks for old .user.pop files in both the "old" location
(the spool directory) and the "new" location. If you know there
aren't any leftover old spool files in the spool directory, you can
turn off the extra check.
Date: Mon, 11 Jun 2001 10:23:19 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Changes in how keep-temp-drop works
At 4:10 PM -1000 6/8/01, Clifton Royston wrote:
> However, with server mode under qpopper 4.x, while the option is
> still supported, it's no longer directly useful for that: the POP temp
> file doesn't seem to get created or touched unless the spool file has
> been modified since the last POP check.
If so, this is a bug. The .user.pop file is also used as a
mutual-exclusion lock to prevent more than one POP session at the
same time.
Date: Mon, 11 Jun 2001 08:14:28 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Changes in how keep-temp-drop works
On Mon, Jun 11, 2001 at 10:23:19AM -0700, Randall Gellens wrote:
> At 4:10 PM -1000 6/8/01, Clifton Royston wrote:
> > However, with server mode under qpopper 4.x, while the option is
> > still supported, it's no longer directly useful for that: the POP temp
> > file doesn't seem to get created or touched unless the spool file has
> > been modified since the last POP check.
>
> If so, this is a bug. The .user.pop file is also used as a
> mutual-exclusion lock to prevent more than one POP session at the
> same time.
How does that work together with keeping it permanently around as a
zero-length file?
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 11 Jun 2001 08:18:59 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Checking for expired passwords by Qpopper
On Mon, Jun 11, 2001 at 05:23:08PM +0300, Mir Ahmed Ali Shajee wrote:
> Thank you Roy for your help ...However, It still doesn't work on any of the
> two servers I tested.
> Here is the problem:
> The POP server with almost all other features is working fine except the
> check for Expired passwords... and users with expired passwords can still
> download their emails.
> Can you please tell me which compiler you used for qpopper compilation... or
> any other point that may be considered.
> Thank you.
> Sincerely,
> Shajee
>
> -----Original Message-----
> From: Roy [mailto:garlic at garlic dot com]
> Sent: Wednesday, June 06, 2001 6:40 PM
> To: Mir Ahmed Ali Shajee
> Cc: Subscribers of Qpopper
> Subject: Re: Checking for expired passwords by Qpopper
>
> I just tested 4.0.3 here on my AIX 4.3 system and it worked
Maybe compare the configure options you used?
I'm not that familiar with AIX, but for expired password checks, you
might need to use --enable-specialauth when you run configure.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 11 Jun 2001 21:03:19 +0200
From: "Nhan NGO DINH (OCIC Missionary Service)" <nngodinh at ocic dot org>
Subject: Re: PAM problems
At 10.21 11/06/01 -0700, you wrote:
>At 4:38 PM +0200 6/9/01, Nhan NGO DINH (OCIC Missionary Service) wrote:
>
>> I've looked at the Qpopper sources and I've seen that when the program
>> processes the "USER" POP3 command it doesn't query the PAM interface but
>> directly it uses the getpwnam() function (so it takes care of /etc/passwd).
>>
>> It seems to be something wrong, but may be I'm wrong.
>> Can anyone tell me more about that?
>
>Qpopper uses the pwnam entry for the user to know which user owns the
>spool, which groups the user is a member of, what the home directory is
>(if home directory options are used), etc.
To make qpopper rely only on PAM, I've modified sources to assign to the
passwd struct any dummy data required to open the mailbox (for instance
setting pw_uid to BLOCK_UID + 1, and pw_name to p->user).
I can do that because I don't need any data from /etc/passwd (I really
don't care about user groups since I use only data in my custom MySQL users
table): I realize that usually it's not like that.
May be - it's just my opinion - that would be useful to have an option that
allows users to configure --disable-... this type of pwnam query. That
would allow to check against an external password database without having
passwd entries for each user.
Thx.
---
Nhan NGO DINH
Date: Mon, 11 Jun 2001 14:42:33 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Changes in how keep-temp-drop works
At 8:14 AM -1000 6/11/01, Clifton Royston wrote:
> > If so, this is a bug. The .user.pop file is also used as a
>> mutual-exclusion lock to prevent more than one POP session at the
>> same time.
>
> How does that work together with keeping it permanently around as a
> zero-length file?
Qpopper locks it with flock() or fcntl(). The presence of the file
doesn't mean a session is active, because it's possible for a
Qpopper process to die (especially 2.x) or be killed, which would
leave the .user.pop file behind in any case.
Date: Mon, 11 Jun 2001 12:07:46 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Changes in how keep-temp-drop works
On Mon, Jun 11, 2001 at 02:42:33PM -0700, Randall Gellens wrote:
> At 8:14 AM -1000 6/11/01, Clifton Royston wrote:
> > > If so, this is a bug. The .user.pop file is also used as a
> >> mutual-exclusion lock to prevent more than one POP session at the
> >> same time.
> >
> > How does that work together with keeping it permanently around as a
> > zero-length file?
>
> Qpopper locks it with flock() or fcntl().
OK, that makes more sense now.
> The presence of the file
> doesn't mean a session is active, because it's possible for a
> Qpopper process to die (especially 2.x) or be killed, which would
> leave the .user.pop file behind in any case.
I think then that the bug might be the assumption that flock() or
fcntl() by themselves will affect the file change time - which is what
our scripts look at - or that something else in the process of things
will touch the file. I've been trying to read pop_dropcopy.c and
pop_updt.c, and it looks like success on some logic paths will result
in the p->hold file pointer (which is where the .user.pop file ends up
in server mode) never being written into, just fclosed at the end of
the session.
I'm not quite sure of the best place to fix it, though.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 11 Jun 2001 15:53:50 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Changes in how keep-temp-drop works
At 12:07 PM -1000 6/11/01, Clifton Royston wrote:
> I think then that the bug might be the assumption that flock() or
> fcntl() by themselves will affect the file change time - which is what
> our scripts look at - or that something else in the process of things
> will touch the file. I've been trying to read pop_dropcopy.c and
> pop_updt.c, and it looks like success on some logic paths will result
> in the p->hold file pointer (which is where the .user.pop file ends up
> in server mode) never being written into, just fclosed at the end of
> the session.
It sounds like the bug is that the file isn't touch()ed when
keep-temp-drop is set, which is the only case where it matters. This
is very different from the file not being created or locked. It's
still a bug, just much less serious.
>
> I'm not quite sure of the best place to fix it, though.
The code in that area can be tricky. Probably the thing to do is
touch() the file just after flock(), but that's off the top of my
head, without looking at the code. I think we have our own touch()
routine, but I'd have to check.
Date: Mon, 11 Jun 2001 14:37:31 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Changes in how keep-temp-drop works
On Mon, Jun 11, 2001 at 03:53:50PM -0700, Randall Gellens wrote:
> It sounds like the bug is that the file isn't touch()ed when
> keep-temp-drop is set, which is the only case where it matters. This
> is very different from the file not being created or locked. It's
> still a bug, just much less serious.
I thought that was what I had said, but I looked back at my original
message, and saw I had written that it wasn't "created or touched",
which includes two totally different cases. Now I understand why you
were taking issue with my statement!
Yes, the only issue is that it is not being touched. I think I must
have been distracted while editing that paragraph.
> > I'm not quite sure of the best place to fix it, though.
>
> The code in that area can be tricky.
I'll say - makes my head spin, and I read it carefully last year when
installing 3.x.
> Probably the thing to do is
> touch() the file just after flock(), but that's off the top of my
> head, without looking at the code. I think we have our own touch()
> routine, but I'd have to check.
If it always has to be locked, then that's probably the safest place
to do it. I may try that out here and see if it fixes things while
waiting for an update.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Tue, 12 Jun 2001 15:52:57 +0200
From: "Nhan NGO DINH (OCIC Missionary Service)" <nngodinh at ocic dot org>
Subject: dummy UID
Hi all,
I need that qpopper (4.0.3) opens mailboxes without retrieving the UID
value from /etc/passwd (while authentication information are retrieved
through PAM). I've made a patch that seems to work. All you need is to
chown/chgrp mailboxes with the UID/GID specified in the patch.
=== cut ===
---
popper.h Sat Jun 2 04:24:36
2001
+++ popper.h Tue Jun 12 21:21:07
2001
@@ -248,6 +248,15 @@
# define BLOCK_UID 10 /* UID's <= this value
are not allowed to access email */
#endif /* BLOCK_UID */
+#ifdef USE_PAM
+# ifndef DUMMY_UID
+# define DUMMY_UID 1000 /* UID/GID that
will open every mailbox */
+# define DUMMY_GID 500
+# define DUMMY_DIR "/tmp"
+# define DUMMY_SH
"/bin/false"
+# endif /* DUMMY_UID */
+#endif /* USE_PAM */
+
#define DIG_SIZE 16
typedef struct
_pop_tls
pop_tls;
/* defined in pop_tls.h */
--- pop_user.c Sat Jun 2 08:21:14
2001
+++ pop_user.c Tue Jun 12 21:21:04 2001
@@ -203,6 +203,15 @@
strlcpy ( p->authid, p->user,
sizeof(p->authid) ); /* userid is also authentication id
*/
#endif /* SCRAM */
+#ifdef DUMMY_UID
+ p->pw.pw_name = strdup(p->user);
+ p->pw.pw_passwd = "";
+ p->pw.pw_uid = DUMMY_UID;
+ p->pw.pw_gid = DUMMY_GID;
+ p->pw.pw_gecos = "";
+ p->pw.pw_dir = DUMMY_DIR;
+ p->pw.pw_shell = DUMMY_SH;
+#else
/*
* Cache passwd struct for use later; this
memory gets freed at the end
* of the session.
@@ -214,6 +223,7 @@
DEBUG_LOG2 ( p,
"home (%d): '%s'",
strlen(p->pw.pw_dir), p->pw.pw_dir );
}
+#endif
#ifdef SCRAM_ONLY
return ( pop_auth_fail ( p, POP_FAILURE, HERE,
=== cut ===
Bye.
Nhan NGO DINH
OCIC Missionary Service
OCICNet System Administrator
e-mail: nngodinh at ocic.org, admin@rome.ocicnet dot net
http://www.ocic.org/missions
(OCIC Missionary Service Web Site)
http://www.ocicnet.net (OCICNet Web Site)
Date: Tue, 12 Jun 2001 10:29:55 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: 4.0 question confirmation
On Mon, 11 Jun 2001, Randall Gellens wrote:
>
> This option tells Qpopper not to check for old .user.pop files in the
> spool directory. It only has meaning if the temp directory has been
> changed to be something different from the spool directory or if
> hash-spool is set. When that's the case, normally (just to be safe),
> Qpopper checks for old .user.pop files in both the "old" location
> (the spool directory) and the "new" location. If you know there
> aren't any leftover old spool files in the spool directory, you can
> turn off the extra check.
>
i think i see..the old location being important IF, in a previous compiled
popper, the temp dir equaled the spool dir.
but if you have had a seperate temp directory for a while now, you can
safely set the --disable-old-spool-loc option
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Date: Tue, 12 Jun 2001 10:40:30 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: PAM problems
>
> May be - it's just my opinion - that would be useful to have an option that
> allows users to configure --disable-... this type of pwnam query. That
> would allow to check against an external password database without having
> passwd entries for each user.
>
hence the long-time wish for mysql support
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Date: Tue, 12 Jun 2001 09:40:54 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0 question confirmation
At 10:29 AM -0400 6/12/01, Admin Mailing Lists wrote:
> i think i see..the old location being important IF, in a previous compiled
> popper, the temp dir equaled the spool dir.
> but if you have had a seperate temp directory for a while now, you can
> safely set the --disable-old-spool-loc option
Actually, I was too broad in my explanation. It only matters if you
use hashed spool or home-directory. Simply changing the temp
location doesn't matter.
Date: Tue, 12 Jun 2001 09:45:54 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Changes in how keep-temp-drop works
At 2:37 PM -1000 6/11/01, Clifton Royston wrote:
> If it always has to be locked, then that's probably the safest place
> to do it. I may try that out here and see if it fixes things while
> waiting for an update.
The other place to do it, which would be somewhat more efficient, is
in pop_updt.c when we decide that the session is in server mode, and
all messages are deleted, or spool isn't dirty.
Date: Tue, 12 Jun 2001 13:39:57 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: 4.0 question confirmation
:) ok, i'm now confused again *waits for you to slap him upside the
head*
ok, i do have hashed spools and a different temp dir location, so then
it's safe for me to enable this option?
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Tue, 12 Jun 2001, Randall Gellens wrote:
> At 10:29 AM -0400 6/12/01, Admin Mailing Lists wrote:
>
> > i think i see..the old location being important IF, in a previous compiled
> > popper, the temp dir equaled the spool dir.
> > but if you have had a seperate temp directory for a while now, you can
> > safely set the --disable-old-spool-loc option
>
> Actually, I was too broad in my explanation. It only matters if you
> use hashed spool or home-directory. Simply changing the temp
> location doesn't matter.
>
Date: Tue, 12 Jun 2001 09:01:24 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Changes in how keep-temp-drop works
10638877398 at lists.pensive.org> <p05100301b74bf77fd392 at [192 dot 168 dot 1 dot 5]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0us
In-Reply-To: <p05100301b74bf77fd392 at [192.168.1 dot 5]>; from randy at qualcomm dot com on Tue, Jun 12, 2001 at 09:45:54AM -0700
On Tue, Jun 12, 2001 at 09:45:54AM -0700, Randall Gellens wrote:
> At 2:37 PM -1000 6/11/01, Clifton Royston wrote:
>
> > If it always has to be locked, then that's probably the safest place
> > to do it. I may try that out here and see if it fixes things while
> > waiting for an update.
>
> The other place to do it, which would be somewhat more efficient, is
> in pop_updt.c when we decide that the session is in server mode, and
> all messages are deleted, or spool isn't dirty.
I like your first idea better, because this last depends on the
possible logic paths through the code never changing, and they are
likely to with future optimizations (which is probably how this stopped
working in the first place.) Doing the "touch" up front, only if the
bKeep_Temp_Drop boolean is set, should be relatively inexpensive; in
the cases where it ends up being redundant it's likely to also be
insignificant relative to the other actual disk updates that need to be
done.
If I can get time today, I'll try to work on coding this shortly.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Tue, 12 Jun 2001 12:34:27 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0 question confirmation
At 1:39 PM -0400 6/12/01, Admin Mailing Lists wrote:
> ok, i'm now confused again
It can be confusing.
If you use hashed spools or home directory mail, then the setting
of check-old-spool-loc makes a difference. If you use neither,
then the setting is ignored.
When check-old-spool-loc is true (the default) and hashed spool or
home dir mail is in use, then Qpopper checks for old .user.pop
files in the base spool directory, ignoring hashing and home dir,
in addition to the usual check in the usual place.
The option lets you turn this extra check off, to speed things up.
From: "Christopher Crowley" <ccrowley at tulane dot edu>
Subject: poppasd.c runtime problem on AIX 4.3.2
Date: Tue, 12 Jun 2001 15:45:35 -0500
Poppassd.c:
I can compile it on AIX 4.3.2,
but an error occurs when I run it. The execl ('/bin/passwd', $user, char
*(0)) generates an error message:
'3004-709 Error changing password for "ccrowle".'
The user xxxx, pass xxxx dialogue works fine. It is just this password
changing dialogue that is choking. Any insight would be useful.
Thanks.
Chris
- - -- - -- - --
Debug output
- - ---- -- ----
Stage 2.
Reading from 'passwd'
Changing password for "ccrowle"
Read 48 bytes
read: '3004-709 Error changing password for "ccrowle".'
'3004-709 Error changing password for "ccrowle".'=='Error changing password
for *
changing password for *'??
'3004-709 Error changing password for "ccrowle".'=='new password:'??
Last updated on 12 Jun 2001 by Pensive Mailing List Admin