The qpopper list archive ending on 9 Aug 2001
Topics covered in this issue include:
1. Re: Closing sessions on hangup...
Randall Gellens <randy at qualcomm dot com>
Wed, 25 Jul 2001 12:53:47 -0700
2. Re: QPop 4.0.3 and clear-text-password
Randall Gellens <randy at qualcomm dot com>
Wed, 25 Jul 2001 17:48:33 -0700
3. Re: Closing sessions on hangup...
"Kenneth Porter" <shiva at well dot com>
Wed, 25 Jul 2001 18:19:57 -0700
4. HELP: gdbm fatal: write error
Jonathan Benson <sysadmin at ocean.com dot au>
Thu, 26 Jul 2001 14:57:32 +1000
5. qpopper reverse lookup
"Palitha Weerakkody" <pweerakkody at globalpacificgroup.com dot au>
Thu, 26 Jul 2001 16:26:19 +1000
6. Re: qpopper reverse lookup
peter.allen at moon-light.co dot uk
Thu, 26 Jul 2001 11:52:02 +0100
7. Re: Closing sessions on hangup...
Daniel Senie <dts at senie dot com>
Thu, 26 Jul 2001 07:11:06 -0400
8. Re: Closing sessions on hangup...
Admin Mailing Lists <mlist at intergrafix dot net>
Thu, 26 Jul 2001 09:31:45 -0400 (EDT)
9. Re: qpopper reverse lookup
Randall Gellens <randy at qualcomm dot com>
Thu, 26 Jul 2001 11:23:01 -0700
10. Qpopper 4.03 and openssl-0.9.6b
John Hord <jhord at ltpmail.gsfc.nasa dot gov>
Thu, 26 Jul 2001 14:45:45 -0400
11. Re: qpopper reverse lookup
Gustavo Viscaino <g_viscaino at yahoo dot com>
Thu, 26 Jul 2001 11:30:25 -0700 (PDT)
12. Re: Closing sessions on hangup...
Clifton Royston <cliftonr at lava dot net>
Thu, 26 Jul 2001 13:03:34 -1000
13. Re: Qpopper 4.03 and openssl-0.9.6b
Randall Gellens <randy at qualcomm dot com>
Thu, 26 Jul 2001 12:46:53 -0700
14. Qpopper 4.03 and MySQL
"Dave Woods" <davewoods at barrysworld dot com>
Fri, 27 Jul 2001 07:37:30 +0100
15. Re: qpopper reverse lookup
Gustavo Viscaino <g_viscaino at yahoo dot com>
Fri, 27 Jul 2001 09:07:17 -0700 (PDT)
16. Re: qpopper reverse lookup
peter.allen at moon-light.co dot uk
Fri, 27 Jul 2001 10:11:16 +0100
17. Re: Qpopper 4.03 and MySQL
Admin Mailing Lists <mlist at intergrafix dot net>
Fri, 27 Jul 2001 23:02:20 -0400 (EDT)
18. Poppassd Problem
"Asstt. System Admin" <mlist at aitlbd dot net>
Sat, 28 Jul 2001 17:48:43 +0600 (GMT)
19. Re: Poppassd Problem
Steven Champeon <schampeo at hesketh dot com>
Sat, 28 Jul 2001 12:56:37 -0400
20. Re: Poppassd Problem
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Mon, 30 Jul 2001 18:14:15 -0700
21. Re: HELP: gdbm fatal: write error
Jonathan Benson <sysadmin at ocean.com dot au>
Tue, 31 Jul 2001 11:55:14 +1000
22. Configuring Qpopper
"Dapid Candra" <dapidc at cbn.net dot id>
Mon, 30 Jul 2001 10:02:30 +0700
23. Re: HELP: gdbm fatal: write error
Pablo Salvador Capo <pscapo at rieder.net dot py>
Tue, 31 Jul 2001 09:15:07 +0000
24. permissions
"Francis, Rick" <Rick.Francis at Transora dot com>
Tue, 31 Jul 2001 14:00:54 -0500
25. Re: permissions
Clifton Royston <cliftonr at lava dot net>
Tue, 31 Jul 2001 09:19:56 -1000
26. Re: permissions
Gregory Hicks <ghicks at cadence dot com>
Tue, 31 Jul 2001 15:26:01 -0700 (PDT)
27. how to get
"Francis, Rick" <Rick.Francis at Transora dot com>
Wed, 1 Aug 2001 09:46:03 -0500
28. how does qpopper work exactly
"Francis, Rick" <Rick.Francis at Transora dot com>
Thu, 2 Aug 2001 09:48:30 -0500
29. Re: how does qpopper work exactly
Admin Mailing Lists <mlist at intergrafix dot net>
Thu, 2 Aug 2001 13:16:12 -0400 (EDT)
30. Re: how does qpopper work exactly
Gerhard Gonter <gonter at maestria.wu-wien.ac dot at>
Thu, 2 Aug 2001 20:17:29 +0200 (MES)
31. Re: how does qpopper work exactly
Admin Mailing Lists <mlist at intergrafix dot net>
Thu, 2 Aug 2001 14:52:34 -0400 (EDT)
32. RE: how does qpopper work exactly
"Francis, Rick" <Rick.Francis at Transora dot com>
Thu, 2 Aug 2001 15:43:48 -0500
33. Re: how does qpopper work exactly
Ken Hornstein <kenh at cmf.nrl.navy dot mil>
Thu, 02 Aug 2001 16:53:43 -0400
34. Re: how does qpopper work exactly
"Alex M" <alex at myzona dot net>
Thu, 2 Aug 2001 14:08:58 -0700
35. Re: how does qpopper work exactly
Lars Nordin <lnordin at noblesys dot com>
Thu, 2 Aug 2001 17:09:49 -0400
36. Is this qpopper?
"Lisa Casey" <lisa at jellico dot com>
Thu, 2 Aug 2001 19:05:58 -0400
37. Re: Is this qpopper?
"Jeremy C. Reed" <reed at wcug.wwu dot edu>
Thu, 2 Aug 2001 16:26:35 -0700 (PDT)
38. Re: how does qpopper work exactly
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Thu, 2 Aug 2001 16:27:11 -0700
39. Re: Is this qpopper?
Clifton Royston <cliftonr at lava dot net>
Thu, 2 Aug 2001 14:20:34 -1000
40. Immediate help integrating Npasswd with Poppassd is needed!!
"Tim Meader" <tmeader at cne-odin.gsfc.nasa dot gov>
Wed, 8 Aug 2001 13:28:02 -0400
41. Qpopper4.0.3 Configuration Error
Ian Wischer <iwischer at caaust.com dot au>
Thu, 9 Aug 2001 11:42:43 +1000
42. Re: Qpopper4.0.3 Configuration Error
Frank Pineau <frank at pineaus dot com>
Wed, 08 Aug 2001 22:12:16 -0400
43. CGI/poppassd - anyone got?
Chuck <chuck+qpopper at yerkes dot com>
Wed, 8 Aug 2001 21:05:47 -0700
44. Re: CGI/poppassd - anyone got?
"Alex M" <alex at myzona dot net>
Wed, 8 Aug 2001 23:08:16 -0700
45. Re: CGI/poppassd - anyone got?
Chuck <chuck+qpopper at yerkes dot com>
Wed, 8 Aug 2001 23:17:42 -0700
46. Re: CGI/poppassd - anyone got?
Steven Champeon <schampeo at hesketh dot com>
Thu, 9 Aug 2001 02:30:08 -0400
47. Re: CGI/poppassd - anyone got?
"Alex M" <alex at myzona dot net>
Wed, 8 Aug 2001 23:18:18 -0700
48. (Fwd) permissions of temp-drop-file .user.pop
"Test-ID Iris" <iris at rumms.uni-mannheim dot de>
Thu, 9 Aug 2001 10:28:00 +0200
49. (Fwd) POP&SSL: "Cert chain not trusted"
"Test-ID Iris" <iris at rumms.uni-mannheim dot de>
Thu, 9 Aug 2001 10:28:31 +0200
50. Distribution lists in QPopper
"Soprano Juan" <qpopper at meridiangs dot com>
Thu, 9 Aug 2001 11:28:20 -0300
Date: Wed, 25 Jul 2001 12:53:47 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Closing sessions on hangup...
At 10:02 AM -0400 7/25/01, Daniel Senie wrote:
> Indeed, looking at the code, and at my error logs, it would
> appear there's a lack of action other than logging. I get
> multiple error messages in the log file for the same error (EPERM
> -- Operation not permitted) when a failure occurs. I suspect this
> relates to to the TCP session being gone.
True, currently Qpopper depends on 'hangup' getting set as a result
of a SIGHUP or SIGPIPE. It should set it for an I/O error as well.
Date: Wed, 25 Jul 2001 17:48:33 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: QPop 4.0.3 and clear-text-password
At 3:16 PM -0700 7/24/01, <marchuk at ee.washington dot edu> wrote:
> Is clear-text-password option not even supported?
The code wasn't properly handling the clear-text-password option
(or the '-p' flag) unless APOP was used. The fix for this will be
in 4.0.4.
From: "Kenneth Porter" <shiva at well dot com>
Date: Wed, 25 Jul 2001 18:19:57 -0700
Subject: Re: Closing sessions on hangup...
On Tue, 24 Jul 2001 11:16:21 -1000, Clifton Royston wrote:
>When we've seen similar problems, it's usually because TCP does *not*
>see that the modem connection has gone away; they may have been
>disconnected, but the old TCP connection is hanging around. I'm not
>sure why the situation you describe would come up.
A normal TCP connection will live forever without any packets. To get a
timeout, you need to turn on "keepalives" after you create the
connection. This forces a packet to be sent periodically, and kills the
connection if the keepalives aren't seen frequently enough. I don't see
any reference to keepalives in the qpopper source code, so unless the
client asks for them, stale connections could have no indication that
would cause qpopper to kill them. OTOH, your OS may provide keepalives
by default. Linux, for instance, can be configured to use keepalives on
all TCP connections using settings in /proc/sys/net/ipv4.
The modem bank should kill any outstanding TCP connections when a modem
disconnects by sending a RST packet (I think) to the other end. But
this won't protect you from a break in the connection somewhere else.
Ken
mailto:shiva at well dot com
http://www.sewingwitch.com/ken/
[If answering a mailing list posting, please don't cc me your reply. I'll take my answer on the list.]
Date: Thu, 26 Jul 2001 14:57:32 +1000
From: Jonathan Benson <sysadmin at ocean.com dot au>
Subject: HELP: gdbm fatal: write error
Hi all
I've JUST encountered this problem after using qpopper 4.0.3 for several weeks
under Redhat 7.1
Recently updated packages:
Sun Jul 8 06:55:37 EST 2001 - xinetd-2.1.8.9pre15-2 -> xinetd-2.3.0-1
Sun Jul 8 06:55:37 EST 2001 - man-1.5i-4 -> man-1.5i2-0
Sun Jul 15 09:43:13 EST 2001 - procmail-3.14-6 -> procmail-3.21-0
Sun Jul 15 09:43:13 EST 2001 - elm-2.5.3-11 -> elm-2.5.5-1
Wed Jul 18 04:46:21 EST 2001 - util-linux-2.10s-12 -> util-linux-2.10s-13
Fri Jul 20 08:19:57 EST 2001 - openssl095a-0.9.5a-1 -> openssl095a-0.9.5a-9
Fri Jul 20 08:19:57 EST 2001 - openssl-0.9.6-3 -> openssl-0.9.6-9
Fri Jul 20 08:19:57 EST 2001 - openssl-perl-0.9.6-3 -> openssl-perl-0.9.6-9
Perhaps one of them is incompatible. First thing I'm going to do is recompile
qpopper and see if that fixes things, but on to the problem...
Some users when logging in generate the above error as follows:
Trying 203.12.234.40...
Connected to mail.ocean.com.au (203.12.234.40).
Escape character is '^]'.
+OK ready
USER asmith
+OK Password required for daviesm.
PASS passwd01
gdbm fatal: write error
Connection closed by foreign host.
Any subsequent login generates the following:
Trying 203.12.234.40...
Connected to mail.ocean.com.au (203.12.234.40).
Escape character is '^]'.
+OK ready
USER asmith
+OK Password required for daviesm.
PASS passwd01
-ERR [SYS/TEMP] maillock error 'Max tries exceeded' (4) on
'/var/mail/daviesm': File exists (17)
+OK Pop server at mail.ocean.com.au signing off.
Connection closed by foreign host.
ANY and all input appreciated. I'm working on this now (first thought is to
disable bulletin support) so may have it fixed or worked around by the time
I get a response but still...
Jon
--
Jonathan Benson
Systems Administrator
Ocean Internet
http://www.ocean.com.au/
Subject: qpopper reverse lookup
Date: Thu, 26 Jul 2001 16:26:19 +1000
From: "Palitha Weerakkody" <pweerakkody at globalpacificgroup.com dot au>
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C115EF.B45CC430
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Hi,
I just need to disable qpopper doing reverse lookup on the ip address of the
client.
Could any boy tell me is this possible on V 2.53, if it is how to do that.
Many thanks
Palitha
------=_NextPart_000_0001_01C115EF.B45CC430
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;
charset=iso-8859-1">
<META content="MSHTML 5.00.2920.0" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001>Hi,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=590221806-26072001>I just
need to
disable qpopper doing reverse lookup on the ip address of the
client.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=590221806-26072001>Could
any boy tell
me is this possible on V 2.53, if it is how to do
that.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=590221806-26072001>Many
thanks</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001>Palitha</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=590221806-26072001></SPAN></FONT> </DIV></BODY></HTML>
------=_NextPart_000_0001_01C115EF.B45CC430--
Date: Thu, 26 Jul 2001 11:52:02 +0100
From: peter.allen at moon-light.co dot uk
Subject: Re: qpopper reverse lookup
Having looked at the man page, it seems that you want to run qpopper with a
-R option to achieve this. Not sure if it works on 2.53, but hopefully
this is at least a pointer.
Obviously you will need to give either the server or inet a HUP for the
change to take effect.
Peter
On Thu, 26 Jul 2001, Palitha Weerakkody wrote:
> Hi,
>
> I just need to disable qpopper doing reverse lookup on the ip address of the
> client.
> Could any boy tell me is this possible on V 2.53, if it is how to do that.
>
> Many thanks
>
> Palitha
Date: Thu, 26 Jul 2001 07:11:06 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: Closing sessions on hangup...
At 09:19 PM 7/25/01, you wrote:
>On Tue, 24 Jul 2001 11:16:21 -1000, Clifton Royston wrote:
>
> >When we've seen similar problems, it's usually because TCP does *not*
> >see that the modem connection has gone away; they may have been
> >disconnected, but the old TCP connection is hanging around. I'm not
> >sure why the situation you describe would come up.
>
>A normal TCP connection will live forever without any packets. To get a
>timeout, you need to turn on "keepalives" after you create the
>connection. This forces a packet to be sent periodically, and kills the
>connection if the keepalives aren't seen frequently enough. I don't see
>any reference to keepalives in the qpopper source code, so unless the
>client asks for them, stale connections could have no indication that
>would cause qpopper to kill them. OTOH, your OS may provide keepalives
>by default. Linux, for instance, can be configured to use keepalives on
>all TCP connections using settings in /proc/sys/net/ipv4.
I've coded this and will give it a try. Good thinking.
>The modem bank should kill any outstanding TCP connections when a modem
>disconnects by sending a RST packet (I think) to the other end. But
>this won't protect you from a break in the connection somewhere else.
Some experiments I did the other day seem to indicate not all dialup
concentrators get this right...
-----------------------------------------------------------------
Daniel Senie dts at senie dot com
Amaranth Networks Inc. http://www.amaranth.com
Date: Thu, 26 Jul 2001 09:31:45 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: Closing sessions on hangup...
my chat server is a good example. it accepts normal TCP
connections from telnet-type programs. Before, i used to use just write()
to the sockets immediately. When I started logging write() errors, I had
literally tons of EPIPE's. So then I started queueing the output in a
buffer, and used select() to check the writeability of the sockets, and
flushed the output when it became so..and now i very rarely will see a
broken pipe on the flush. And I never have the symptom anymore of a
login session hanging around on the server when someone disconnects from
the internet suddenly..like i used to.
Even just checking for EPIPE on write() or fwrite(), whatever's used,
would allow us to know if we should kill the connection.
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Wed, 25 Jul 2001, Kenneth Porter wrote:
> On Tue, 24 Jul 2001 11:16:21 -1000, Clifton Royston wrote:
>
> >When we've seen similar problems, it's usually because TCP does *not*
> >see that the modem connection has gone away; they may have been
> >disconnected, but the old TCP connection is hanging around. I'm not
> >sure why the situation you describe would come up.
>
> A normal TCP connection will live forever without any packets. To get a
> timeout, you need to turn on "keepalives" after you create the
> connection. This forces a packet to be sent periodically, and kills the
> connection if the keepalives aren't seen frequently enough. I don't see
> any reference to keepalives in the qpopper source code, so unless the
> client asks for them, stale connections could have no indication that
> would cause qpopper to kill them. OTOH, your OS may provide keepalives
> by default. Linux, for instance, can be configured to use keepalives on
> all TCP connections using settings in /proc/sys/net/ipv4.
>
> The modem bank should kill any outstanding TCP connections when a modem
> disconnects by sending a RST packet (I think) to the other end. But
> this won't protect you from a break in the connection somewhere else.
>
> Ken
> mailto:shiva at well dot com
> http://www.sewingwitch.com/ken/
> [If answering a mailing list posting, please don't cc me your reply. I'll take my answer on the list.]
>
>
>
Date: Thu, 26 Jul 2001 11:23:01 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: qpopper reverse lookup
At 4:26 PM +1000 7/26/01, Palitha Weerakkody wrote:
> I just need to disable qpopper doing reverse lookup on the ip
> address of the client.
> Could any boy tell me is this possible on V 2.53, if it is how to do that.
Don't use v2.53. Use 4.0.3.
2.53 has a security vulnerability. In addition, the code has been
significantly improved since then.
Date: Thu, 26 Jul 2001 14:45:45 -0400
From: John Hord <jhord at ltpmail.gsfc.nasa dot gov>
Subject: Qpopper 4.03 and openssl-0.9.6b
I am running RH Linux 7.1 (i386)
I am using Qpopper-4.03 and openssl-0.9.6b
If I run popper with the clear-text-password default option (-p 0),
everything works, both regular logins and TLS/SSL logins
But if I use the TLS/SSL only option (-p 4) ... nothing works
the errors message I get in Eudora is
Error while checking mail for <<Dominant>>
TCP/IP Error. -3162; The server is not responding
{37:590}
if I telnet to port 110 on the system, I get
Escape character is '^]'
Usage: /usr/local/sbin/popper (all of the options)
Connection closed by foreign host.
I need to use the -p 4 option to prevent my users from passing their
login information in clear text.
--
Date: Thu, 26 Jul 2001 11:30:25 -0700 (PDT)
From: Gustavo Viscaino <g_viscaino at yahoo dot com>
Subject: Re: qpopper reverse lookup
You'd be better off upgrading to AT LEAST qpopper
3.0.2 (even better to go straight to 4.0.3), because
qpopper 2.53 is vulnerable to a buffer overflow. It
means your server is vulnerable to a simple remote
attack that can give an attacker full control of your
machine. More details in
http://www.eudora.com/qpopper_general/ .
Regards,
Gustavo
--- Palitha Weerakkody
<pweerakkody at globalpacificgroup.com dot au> wrote:
> Hi,
>
> I just need to disable qpopper doing reverse lookup
> on the ip address of the
> client.
> Could any boy tell me is this possible on V 2.53, if
> it is how to do that.
>
> Many thanks
>
> Palitha
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Date: Thu, 26 Jul 2001 13:03:34 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Closing sessions on hangup...
On Thu, Jul 26, 2001 at 07:11:06AM -0400, Daniel Senie wrote:
> At 09:19 PM 7/25/01, you wrote:
> >On Tue, 24 Jul 2001 11:16:21 -1000, Clifton Royston wrote:
> > >When we've seen similar problems, it's usually because TCP does *not*
> > >see that the modem connection has gone away; they may have been
> > >disconnected, but the old TCP connection is hanging around. I'm not
> > >sure why the situation you describe would come up.
> >
> >A normal TCP connection will live forever without any packets. To get a
> >timeout, you need to turn on "keepalives" after you create the
> >connection. This forces a packet to be sent periodically, and kills the
> >connection if the keepalives aren't seen frequently enough. I don't see
> >any reference to keepalives in the qpopper source code, so unless the
> >client asks for them, stale connections could have no indication that
> >would cause qpopper to kill them. OTOH, your OS may provide keepalives
> >by default. Linux, for instance, can be configured to use keepalives on
> >all TCP connections using settings in /proc/sys/net/ipv4.
>
> I've coded this and will give it a try. Good thinking.
This makes a lot of sense. I'd be interested in a copy of that
patch. This, in combination with the other proposed fix (abort on
getting an EPERM failure for a write) sounds like together they would
solve both possible reasons for the problem and give much more reliable
and timely detection of session aborts.
> >The modem bank should kill any outstanding TCP connections when a modem
> >disconnects by sending a RST packet (I think) to the other end. But
> >this won't protect you from a break in the connection somewhere else.
>
> Some experiments I did the other day seem to indicate not all dialup
> concentrators get this right...
I *know* some of them don't; or at least don't get it right all the
time.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Thu, 26 Jul 2001 12:46:53 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Qpopper 4.03 and openssl-0.9.6b
At 2:45 PM -0400 7/26/01, John Hord wrote:
> I am running RH Linux 7.1 (i386)
>
> I am using Qpopper-4.03 and openssl-0.9.6b
>
> If I run popper with the clear-text-password default option (-p
> 0), everything works, both regular logins and TLS/SSL logins
>
> But if I use the TLS/SSL only option (-p 4) ... nothing works
>
> the errors message I get in Eudora is
>
>
> Error while checking mail for <<Dominant>>
> TCP/IP Error. -3162; The server is not responding
> {37:590}
>
>
> if I telnet to port 110 on the system, I get
>
> Escape character is '^]'
> Usage: /usr/local/sbin/popper (all of the options)
> Connection closed by foreign host.
>
>
> I need to use the -p 4 option to prevent my users from passing
> their login information in clear text.
> --
You can't specify '-p 4' on the command line now (the fix for this
will be in 4.0.4). Use "set clear-text-password = TLS" in a
configuration file instead. You need a config file anyway to
specify the other SSL/TLS stuff.
From: "Dave Woods" <davewoods at barrysworld dot com>
Subject: Qpopper 4.03 and MySQL
Date: Fri, 27 Jul 2001 07:37:30 +0100
Hiya
I wish to run qpopper along side exim using MySQL to hold the users for the
both systems, I have succesfuly compiled exim and got this accessing a local
mysql DB for user lookups. When looking for a qpopper / mysql solution I
only found a patch for qpopper version 3.xx, which I believe to have
security flaws? And I'd really rather run the latest version.
I have checked the archive of this list and only found this reference to a
solution:
http://www.pensive.org/mailing_lists/Archives/Qpopper/Archive-2001-06-21.htm
l#[38]
Unforunatley I can't see any mention of the stated software. If I have
missed something or if anyone knows of any patches / solutions I could use I
would be most grateful.
Cheers,
Dave
Date: Fri, 27 Jul 2001 09:07:17 -0700 (PDT)
From: Gustavo Viscaino <g_viscaino at yahoo dot com>
Subject: Re: qpopper reverse lookup
It's amazingly easy (and there are automated scripts
that do that already) to escalate your privileges
after you have shell access with group-id "mail".
People don't usually patch all their local services so
there are many chances of gaining root access. ELEVEN
servers from my former company's customers were hacked
that way. In 3 days.
I don't want to spread panic. :-) It's just that it's
not a mild vulnerability. Version 3.0.2 is MANDATORY
at least, if you want a secure server. AND a reverse
lookup "disable" option. :-)
Sleeping not that peacefully, ;-)
Gustavo
--- peter.allen at moon-light.co dot uk wrote:
>
> This is not quite true and anyone running 2.53
> should not panic (but at
> least sit up).
>
> The Web site actually explains:
>
> "Security Vulnerability
> Some versions of Qpopper are vulnerable to buffer
> overruns. Qpopper 2.41
> and older can be used to obtain root access to your
> system. Qpopper 2.53
> and older may permit an attacker who has access to a
> valid account to
> obtain a shell with group-id 'mail', potentially
> allowing read/write access
> to all mail."
>
> Another benefit of going to Version 3 is that the
> answer to Palitha's
> original question is that you have to upgrade in
> order to use the -R option
> to disable reverse lookups. I now don't believe
> that Version 2 supports
> that, it being new for 3.
>
> Sleep peacefully !
>
> Peter
>
>
> On Thu, 26 Jul 2001 11:30:25 -0700 (PDT), Gustavo
> wrote:
>
> You'd be better off upgrading to AT LEAST qpopper
> 3.0.2 (even better to go straight to 4.0.3), because
> qpopper 2.53 is vulnerable to a buffer overflow. It
> means your server is vulnerable to a simple remote
> attack that can give an attacker full control of
> your
> machine. More details in
> http://www.eudora.com/qpopper_general/ .
>
> Regards,
>
> Gustavo
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Date: Fri, 27 Jul 2001 10:11:16 +0100
From: peter.allen at moon-light.co dot uk
Subject: Re: qpopper reverse lookup
This is not quite true and anyone running 2.53 should not panic (but at
least sit up).
The Web site actually explains:
"Security Vulnerability
Some versions of Qpopper are vulnerable to buffer overruns. Qpopper 2.41
and older can be used to obtain root access to your system. Qpopper 2.53
and older may permit an attacker who has access to a valid account to
obtain a shell with group-id 'mail', potentially allowing read/write access
to all mail."
Another benefit of going to Version 3 is that the answer to Palitha's
original question is that you have to upgrade in order to use the -R option
to disable reverse lookups. I now don't believe that Version 2 supports
that, it being new for 3.
Sleep peacefully !
Peter
On Thu, 26 Jul 2001 11:30:25 -0700 (PDT), Gustavo wrote:
You'd be better off upgrading to AT LEAST qpopper
3.0.2 (even better to go straight to 4.0.3), because
qpopper 2.53 is vulnerable to a buffer overflow. It
means your server is vulnerable to a simple remote
attack that can give an attacker full control of your
machine. More details in
http://www.eudora.com/qpopper_general/ .
Regards,
Gustavo
Date: Fri, 27 Jul 2001 23:02:20 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: Qpopper 4.03 and MySQL
If you're talking about mine (I don't know for sure, i can't get to
pensive.org right now), a few weeks ago i lost my current web page to a
server hard drive failure. THe last backup of my site was a year old, so
that's why the patch doesn't show up on my software page. However, someone
did ask me about it today, so it's now back up there.
Please check the page again.
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Fri, 27 Jul 2001, Dave Woods wrote:
> Hiya
>
> I wish to run qpopper along side exim using MySQL to hold the users for the
> both systems, I have succesfuly compiled exim and got this accessing a local
> mysql DB for user lookups. When looking for a qpopper / mysql solution I
> only found a patch for qpopper version 3.xx, which I believe to have
> security flaws? And I'd really rather run the latest version.
>
> I have checked the archive of this list and only found this reference to a
> solution:
> http://www.pensive.org/mailing_lists/Archives/Qpopper/Archive-2001-06-21.htm
> l#[38]
>
> Unforunatley I can't see any mention of the stated software. If I have
> missed something or if anyone knows of any patches / solutions I could use I
> would be most grateful.
>
> Cheers,
> Dave
>
>
Date: Sat, 28 Jul 2001 17:48:43 +0600 (GMT)
From: "Asstt. System Admin" <mlist at aitlbd dot net>
Subject: Poppassd Problem
Hello everyone,
I am new here trying to solve a silly problem regarding qpopper 4. My users
are very used to keep there passwd within 3-4 characters. But the builtin
poppassd in Qpopper is not taking the password without 6 alfa-numerics. I
changed the value of /etc/default/passwd to MINLENGTH=3, its not working. I
have upgraded my OS from Solaris 7 to Solaris 8 and hence implemented the
new Qpopper.
Can anybody give my any suggestion.
Regards
Zehad
Date: Sat, 28 Jul 2001 12:56:37 -0400
From: Steven Champeon <schampeo at hesketh dot com>
Subject: Re: Poppassd Problem
on Sat, Jul 28, 2001 at 05:48:43PM +0600, Asstt. System Admin wrote:
> Hello everyone,
>
> I am new here trying to solve a silly problem regarding qpopper 4. My users
> are very used to keep there passwd within 3-4 characters. But the builtin
> poppassd in Qpopper is not taking the password without 6 alfa-numerics. I
> changed the value of /etc/default/passwd to MINLENGTH=3, its not working. I
> have upgraded my OS from Solaris 7 to Solaris 8 and hence implemented the
> new Qpopper.
>
> Can anybody give my any suggestion.
Educate your users on the importance of cryptographically strong passwords?
Just a thought.
--
hesketh.com/inc. v: (919) 834-2552 f: (919) 834-2554 w: http://hesketh.com
Date: Mon, 30 Jul 2001 18:14:15 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Poppassd Problem
And what better way than to have a webpage that uses some
password exerciser: "sorry, an all lowercase password is
bad, we recommend at least 1 letter, 1 number, 1 punctuation"
(anyone got such a module written?)
OTOH, cleartext POP makes it all useless. APOP good.
On the third hand, Kerberos takes care of that whole thing.
> > Hello everyone,
> >
> > I am new here trying to solve a silly problem regarding qpopper 4. My users
> > are very used to keep there passwd within 3-4 characters. But the builtin
> > poppassd in Qpopper is not taking the password without 6 alfa-numerics. I
> > changed the value of /etc/default/passwd to MINLENGTH=3, its not working. I
> > have upgraded my OS from Solaris 7 to Solaris 8 and hence implemented the
> > new Qpopper.
> >
> > Can anybody give my any suggestion.
>
> Educate your users on the importance of cryptographically strong passwords?
> Just a thought.
Date: Tue, 31 Jul 2001 11:55:14 +1000
From: Jonathan Benson <sysadmin at ocean.com dot au>
Subject: Re: HELP: gdbm fatal: write error
Jonathan Benson wrote:
> ANY and all input appreciated. I'm working on this now (first thought is to
> disable bulletin support) so may have it fixed or worked around by the time
> I get a response but still...
Well I ended up recompiling without bulletin support (which I did use and would
have prefered to keep) and things seem fine now. Still there would appear to be
an issue with Bulletins and gdbm and if anyone can suggest how to overcome it (I
was thinking of deleting the bulletin database) I would appreciate it.
Jon
--
Jonathan Benson
Systems Administrator
Ocean Internet
http://www.ocean.com.au/
Date: Mon, 30 Jul 2001 10:02:30 +0700
From: "Dapid Candra" <dapidc at cbn.net dot id>
Subject: Configuring Qpopper
Hi,
I need help configuring my qpopper,
I want to enforce these rules:
1. No one can connect using plain text, EXCEPT through SSL (pop3s).
2. Otherwise, use APOP authentication method.
Rule #2 is working, but had problem configuring for #1.
in inetd.conf I use this:
pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -s
-p 1
765 stream tcp nowait root /usr/local/sbin/popper qpopper -s
-p 0
995 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sslwrap
-cert /usr/local/ssl_backup/certs/server.pem -port 765
Thanks,
From: Pablo Salvador Capo <pscapo at rieder.net dot py>
Subject: Re: HELP: gdbm fatal: write error
Date: Tue, 31 Jul 2001 09:15:07 +0000
Hi.
I've got the same problem. I was reading the "Qpopper Administrator Guide"
pdf and it seems to be three possibles workarounds on it.
a) You can run qpopper with the "-B" run-time option. (Doesn`t work for me)
b) You can set the "bulldb-max-retries" run-time option (only from a
configuration file that must be called from inetd.conf). and
c) (the easy one, I think) You can recompile qpopper with the old style
bulletins and use the old .popbull file on the user's home.
Best regards.
On Tuesday 31 July 2001 01:55, you wrote:
> Jonathan Benson wrote:
> > ANY and all input appreciated. I'm working on this now (first thought is
> > to disable bulletin support) so may have it fixed or worked around by the
> > time I get a response but still...
>
> Well I ended up recompiling without bulletin support (which I did use and
> would have prefered to keep) and things seem fine now. Still there would
> appear to be an issue with Bulletins and gdbm and if anyone can suggest how
> to overcome it (I was thinking of deleting the bulletin database) I would
> appreciate it.
>
> Jon
>
> --
> Jonathan Benson
> Systems Administrator
> Ocean Internet
> http://www.ocean.com.au/
--
----------------------------------
Pablo Salvador Capo
Soporte Corporativo - Rieder Internet
Tel.: +595 21 2190514 - Fax: +595 21 2190276
----------------------------------
From: "Francis, Rick" <Rick.Francis at Transora dot com>
Subject: permissions
Date: Tue, 31 Jul 2001 14:00:54 -0500
gosh awful simply, but, on a solaris8, the instructions
say permissions have to be the same as the spool
dir if using a temp drop.
i'm thinkin' /var/spool or /var/spool/mqueue
both are root:bin 755.
by temp drop dir is the same.
i login in and i get this:
-ERR [SYS/TEMP] Failed to create /apps/qp/drop/r/f/.rfrancis.pop iwth uid
1125, gid 6.
Change permissions.
to what?
rf
Date: Tue, 31 Jul 2001 09:19:56 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: permissions
On Tue, Jul 31, 2001 at 02:00:54PM -0500, Francis, Rick wrote:
> gosh awful simply, but, on a solaris8, the instructions
> say permissions have to be the same as the spool
> dir if using a temp drop.
>
> i'm thinkin' /var/spool or /var/spool/mqueue
You probably should be looking at /var/spool/mail or /var/mail as your
model. Neither /var/spool nor /var/spool/mqueue are normally writable
by mere mortals.
> -ERR [SYS/TEMP] Failed to create /apps/qp/drop/r/f/.rfrancis.pop iwth uid
> 1125, gid 6.
> Change permissions.
>
> to what?
To something writable by uid 1125 and gid 6. ;-) I.e. qpopper needs
to be able to write a user's file running as that user.
Actually, there might be another problem once that is dealt with.
Since you've pointed it at this whole separate hierarchy under
/apps/qp/drop, and you're clearly using the username-hash scheme for
directories, you probably need to insure that /apps/qp/drop/r and
/apps/qp/drop/r/f exist too, along with /apps/qp/drop/a,
/apps/qp/drop/a/a, apps/qp/drop/a/b, etc. I wouldn't think qpopper
should be expected to walk back up its file path creating directories
on the fly as it goes.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Tue, 31 Jul 2001 15:26:01 -0700 (PDT)
From: Gregory Hicks <ghicks at cadence dot com>
Subject: Re: permissions
1777
> From: "Francis, Rick" <Rick.Francis at transora dot com>
> To: Subscribers of Qpopper <qpopper at lists.pensive dot org>
> Subject: permissions
> Date: Tue, 31 Jul 2001 14:00:54 -0500
>
> gosh awful simply, but, on a solaris8, the instructions
> say permissions have to be the same as the spool
> dir if using a temp drop.
>
> i'm thinkin' /var/spool or /var/spool/mqueue
>
> both are root:bin 755.
>
> by temp drop dir is the same.
>
> i login in and i get this:
>
> -ERR [SYS/TEMP] Failed to create /apps/qp/drop/r/f/.rfrancis.pop iwth uid
> 1125, gid 6.
> Change permissions.
>
> to what?
>
> rf
---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479
San Jose, CA 95134 | Internet: ghicks at cadence dot com
From: "Francis, Rick" <Rick.Francis at Transora dot com>
Subject: how to get
Date: Wed, 1 Aug 2001 09:46:03 -0500
below is my ./configure options list:
i want to get the hash-spool=2 to work, but i keep getting permissions
problems. an earlier post revealed that maybe qpopper doesn't auto create
the subdirectories under drop. can this be verified?
also, the enable-timing is refused, is this really a feature and what does
it do??
does anyone see anything right, wrong, or an improvement? thanks a lot.
as you can see i commented ssl; i have one group that wants ssl and another
that doesn't, if i compile with ssl,
will both groups be able to still access popper??
rf
./configure --enable-standalone \
--enable-auth-file=/apps/qp/auth_file \
--enable-bulldb=/apps/qp/bulls \
--enable-cache-dir=/apps/qp/cache \
--enable-hash-spool=2 \
--disable-hash-dir-check \
--disable-old-spool-loc \
--enable-log-facility=LOG_LOCAL0 \
--enable-log-login \
--enable-nonauth-file=/apps/qp/nonauth_file \
--enable-popbulldir=/apps/qp/bulls \
--enable-poppassd \
--enable-server-mode \
--enable-shy \
--enable-specialauth \
--enable-temp-drop-dir=/apps/qp/drop \
--enable-debugging \
#--with-openssl=/usr/local/ssl/lib \
--enable-timing \
From: "Francis, Rick" <Rick.Francis at Transora dot com>
Subject: how does qpopper work exactly
Date: Thu, 2 Aug 2001 09:48:30 -0500
really sorry for the lame question...
but i've installed qp and it works great from the command line,
logging in with my userid and password.
the manual says it works best with sendmail. well, on my sol8
box i'm running sendmail just fine.
now how do i put messages in qpopper and send them either
via qp or via sendmail??
also, i have an app that requires pop3, do i just config the app
to point to the pop3 server ip address and begin sending
messages...does qpopper automagically mail them for me??
can anyone provide a detailed description of the integration and
processing of mail by qpopper?
much, much thanks.
rf
Date: Thu, 2 Aug 2001 13:16:12 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: how does qpopper work exactly
On Thu, 2 Aug 2001, Francis, Rick wrote:
> now how do i put messages in qpopper and send them either
> via qp or via sendmail??
>
> also, i have an app that requires pop3, do i just config the app
> to point to the pop3 server ip address and begin sending
> messages...does qpopper automagically mail them for me??
>
qpopper doesn't accept mail for outbound delivery. that's what the MTA,
i.e. sendmail is for. qpopper delivers your mailbox of incoming mail to
whatever your email client is (netscape,outlook,eudora,etc..)
if you want
If you want to send mail OUT anywhere, then point you application to the
server that sendmail is on (SMTP server), at port 25.
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
From: Gerhard Gonter <gonter at maestria.wu-wien.ac dot at>
Subject: Re: how does qpopper work exactly
Date: Thu, 2 Aug 2001 20:17:29 +0200 (MES)
According to Admin Mailing Lists:
> qpopper doesn't accept mail for outbound delivery.
XTND XMIT is no longer supported? That's sad...
+gg
--
Gerhard.Gonter at wu-wien.ac.at Fax: +43/1/31336/702 g dot gonter at ieee dot org
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria
Date: Thu, 2 Aug 2001 14:52:34 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: how does qpopper work exactly
On Thu, 2 Aug 2001, Gerhard Gonter wrote:
> According to Admin Mailing Lists:
> > qpopper doesn't accept mail for outbound delivery.
>
> XTND XMIT is no longer supported? That's sad...
>
no, i'm pretty sure it's still supported. i forgot.
but if he's running sendmail, i can't see any point to sending it through
qpopper, just go direct.
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
From: "Francis, Rick" <Rick.Francis at Transora dot com>
Subject: RE: how does qpopper work exactly
Date: Thu, 2 Aug 2001 15:43:48 -0500
thanks all; but how does qpopper interace with sendmail?
just because qpopper pops mail in the same queue!?!?!
-----Original Message-----
From: Admin Mailing Lists [mailto:mlist at intergrafix dot net]
Sent: Thursday, August 02, 2001 1:53 PM
To: Gerhard Gonter
Cc: Subscribers of Qpopper
Subject: Re: how does qpopper work exactly
On Thu, 2 Aug 2001, Gerhard Gonter wrote:
> According to Admin Mailing Lists:
> > qpopper doesn't accept mail for outbound delivery.
>
> XTND XMIT is no longer supported? That's sad...
>
no, i'm pretty sure it's still supported. i forgot.
but if he's running sendmail, i can't see any point to sending it through
qpopper, just go direct.
-Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Subject: Re: how does qpopper work exactly
Date: Thu, 02 Aug 2001 16:53:43 -0400
From: Ken Hornstein <kenh at cmf.nrl.navy dot mil>
>thanks all; but how does qpopper interace with sendmail?
>just because qpopper pops mail in the same queue!?!?!
I'm not sure what you're asking.
For mail SUBMISSION (XTND XMIT), sending mail via the POP protocol, which
is fairly rare in my experience ... qpopper just calls sendmail and feeds
the message to it; that's how it's injected into the mail system.
For mail RETRIEVAL (the normal stuff you use qpopper/POP for) sendmail
writes received messages into files. These files are called "spool files"
and generally live somewhere in /var, with a filename based on your userid.
(e.g.: /var/mail/kenh). qpopper knows that these files exist and their
format, and manipulates them when it wants to read/delete messages from
your spool file. This part of qpopper has no intrinsic knowledge of
sendmail; sendmail writes spool files, and qpopper reads them.
--Ken
From: "Alex M" <alex at myzona dot net>
Subject: Re: how does qpopper work exactly
Date: Thu, 2 Aug 2001 14:08:58 -0700
> thanks all; but how does qpopper interace with sendmail?
> just because qpopper pops mail in the same queue!?!?!
>
sendmail gets mail for you and stores it in a file, then remotely your mail
client (lets say Outlook) connects to port 110 (qpopper) and retrieves that
mail.
The main role belongs to an MTA (i.e. sendmail), and what basically qpopper
does, is only let the remote mail clients get the mail.
From: Lars Nordin <lnordin at noblesys dot com>
Subject: Re: how does qpopper work exactly
Date: Thu, 2 Aug 2001 17:09:49 -0400
Try this tutorial on e-mail:
http://www.howstuffworks.com/email.htm
On Thursday 02 August 2001 16:43, Francis, Rick wrote:
> thanks all; but how does qpopper interace with sendmail?
> just because qpopper pops mail in the same queue!?!?!
>
> -----Original Message-----
> From: Admin Mailing Lists [mailto:mlist at intergrafix dot net]
> Sent: Thursday, August 02, 2001 1:53 PM
> To: Gerhard Gonter
> Cc: Subscribers of Qpopper
> Subject: Re: how does qpopper work exactly
>
> On Thu, 2 Aug 2001, Gerhard Gonter wrote:
> > According to Admin Mailing Lists:
> > > qpopper doesn't accept mail for outbound delivery.
> >
> > XTND XMIT is no longer supported? That's sad...
>
> no, i'm pretty sure it's still supported. i forgot.
> but if he's running sendmail, i can't see any point to sending it through
> qpopper, just go direct.
>
> -Tony
> ..-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
> Anthony J. Biacco Network Administrator/Engineer
> thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
>
> "Dream as if you'll live forever, live as if you'll die today"
> http://www.asteroid-b612.org http://www.intergrafix.net
> ..-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
From: "Lisa Casey" <lisa at jellico dot com>
Subject: Is this qpopper?
Date: Thu, 2 Aug 2001 19:05:58 -0400
Hi Folks,
I've been using Qpopper on a FreeBSD box for awhile now. I'm using Qpopper 4
and when I telnet into port 110 on my box I see:
+OK Qpopper (version 4.0) at i2000.jellico.net starting.
My company has bought out a smaller ISP and I've inherited their mail server
running on BSD/OS. When I telnet into port 110, I see:
+OK QPOP (version 2.3-krb-IV) at bluegrass.tcnet.net starting.
<7226.996792144>
Is this also Qpopper or is this running a different POP3 server? If it is
Qpopper, do you suppose it is the 2.3.5 version with the security
vulnerabilities? In the log file for this system I have massive numbers of
entries for "cannot find canonical name of server", so I attempted to fix
this by adding the -sR option to POP in inetd.conf. This POP3 server doesn't
like that at all though. When I telnetted into port 110 after that it said
something about R being an illegal option and ended my telnet session. This
is what made me wonder if this is really running Qpopper or some other POP3
server.
Maybe the earlier version of Qpopper doesn't support the R option?
If someone has an idea about all this I'ld appreciate hearing it.
Thanks,
Lisa Casey, Webmaster
Interstate 2000, Inc.
lisa at jellico dot com
webmaster at jellico dot com
Date: Thu, 2 Aug 2001 16:26:35 -0700 (PDT)
From: "Jeremy C. Reed" <reed at wcug.wwu dot edu>
Subject: Re: Is this qpopper?
On Thu, 2 Aug 2001, Lisa Casey wrote:
> My company has bought out a smaller ISP and I've inherited their mail server
> running on BSD/OS. When I telnet into port 110, I see:
>
> +OK QPOP (version 2.3-krb-IV) at bluegrass.tcnet.net starting.
> <7226.996792144>
>
> Is this also Qpopper or is this running a different POP3 server? If it is
This is Qpopper.
> Qpopper, do you suppose it is the 2.3.5 version with the security
> vulnerabilities? In the log file for this system I have massive numbers of
I believe a few of the security vulnerabilities have been fixed by BSDI
(in the originally installed version and/or with BSD/OS mods/patches).
> this by adding the -sR option to POP in inetd.conf. This POP3 server doesn't
> like that at all though. When I telnetted into port 110 after that it said
> something about R being an illegal option and ended my telnet session. This
If I recall correctly, this is the same QPOP I used to use under BSD/OS
3.1. ... oh that was "QPOP (version 2.2-krb-IV)". It was missing a lot of
functionality of the newer qpopper.
You probably should upgrade to a new version.
Jeremy C. Reed
FAQs for ISPs
http://www.isp-faq.com/
Date: Thu, 2 Aug 2001 16:27:11 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: how does qpopper work exactly
Quoting Ken Hornstein (kenh at cmf.nrl.navy dot mil):
> >thanks all; but how does qpopper interace with sendmail?
> >just because qpopper pops mail in the same queue!?!?!
...
> For mail RETRIEVAL (the normal stuff you use qpopper/POP for) sendmail
> writes received messages into files. These files are called "spool files"
> and generally live somewhere in /var, with a filename based on your userid.
> (e.g.: /var/mail/kenh). qpopper knows that these files exist and their
> format, and manipulates them when it wants to read/delete messages from
> your spool file. This part of qpopper has no intrinsic knowledge of
> sendmail; sendmail writes spool files, and qpopper reads them.
More accurately Sendmail gets the message however (smtp?).
Sendmail processes it and passes it to a delivery agent.
This might be /bin/mail or procmail or mail.local or something
like spop.
Typically /bin/mail or mail.local deliver it to /var/mail/$USER
in a System 7 mailbox format - the common mail spool.
qpopper reads that file.
Now, that said, if you teach mail.local to deliver it elsewhere
and qpopper to read it from that file, then you're done.
Sendmail, with the "w" flag on the Local Delivery Agent (LDA),
will do a getpwent() on the username being delivered to. This
short cuts bad names bouncing - quicker to have sendmail catch
it than wait for /bin/mail to reject it.
Other tools, like MH's POP, uses spop to deliver (separates
messages with four ^As) and doesn't have to use the passwd file.
Date: Thu, 2 Aug 2001 14:20:34 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Is this qpopper?
On Thu, Aug 02, 2001 at 07:05:58PM -0400, Lisa Casey wrote:
> +OK QPOP (version 2.3-krb-IV) at bluegrass.tcnet.net starting.
> <7226.996792144>
>
> Is this also Qpopper or is this running a different POP3 server?
Yes, as covered by others.
> Maybe the earlier version of Qpopper doesn't support the R option?
Correct.
> If someone has an idea about all this I'ld appreciate hearing it.
Qpopper 4.0.3 will build just fine on BSD/OS. There should be no
compatibility issues; I recommend building that and installing it ASAP.
One extra bit of advice is to contact BSDI/Wind River and find out if
this server is covered under a maintenance contract; if you're running
any version prior to 4.1 I recommend planning an upgrade, and
purchasing support if necessary. If it's running BSD/OS 3.x in
particular, there will be lots of other old packages with
since-discovered security holes, and anything before version 4.1 is now
unsupported by BSDI. Their support is good, and worth paying for.
HTH,
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
From: "Tim Meader" <tmeader at cne-odin.gsfc.nasa dot gov>
Subject: Immediate help integrating Npasswd with Poppassd is needed!!
Date: Wed, 8 Aug 2001 13:28:02 -0400
Hello all. I have been tasked with switching our passwd agent from the
standard Unix passwd to npasswd. It works great except for the problem that
poppassd is not setup to handle this. Thus any attempt to change your
password remotely through Eudora fails. I have received some code
suggestions from one person that he suggest be changed in poppassd.c, but
his "orginal" lines were not even in poppassd.c which is included with
Qpopper 4.0.3. Any help as to what section of the .c needs to be changed
would be GREATLY appreciated. If not this, then at least some help with
turning on the debug output from poppassd or the trace output, so that I
might see a little more in depth what is going on. I've specified the
trace_name parameter to a log file on my system. Recompiled, and then setup
poppassd to run with the -t option in inetd.conf, yet I still get nothing in
the specified file. Please help. Thanks in advance to any and all replies.
---
Tim Meader
ACS GSG
tmeader at cne-odin.gsfc.nasa dot gov
From: Ian Wischer <iwischer at caaust.com dot au>
Subject: Qpopper4.0.3 Configuration Error
Date: Thu, 9 Aug 2001 11:42:43 +1000
I am attempting to set up Qpopper for the first time.
I was hoping to get a little further through the installation process before running into any difficulties, but alas I am stumped.
Redhat 7 (i386)
Qpopper 4.0.3
I decompressed the qpopper installation files, and moved to the new directory.
when I run ./configure the following error is returned:
checking whether make sets ${MAKE}... no
checking for gcc... no
checking for cc... no
configure: error: no acceptable cc found in $PATH
Can anyone help me out with this one??
Thanks in anticipation,
Ian Wischer
IT Consultant
Pacific Healthcare Australia Pty Limited
Telephone (02) 9431 6200
Mobile 0411 175 456
Email: iwischer at caaust.com dot au
From: Frank Pineau <frank at pineaus dot com>
Subject: Re: Qpopper4.0.3 Configuration Error
Date: Wed, 08 Aug 2001 22:12:16 -0400
On Thu, 9 Aug 2001 11:42:43 +1000, you wrote:
>I am attempting to set up Qpopper for the first time.
>
>I was hoping to get a little further through the installation process
before running into any difficulties, but alas I am stumped.
>
>Redhat 7 (i386)
>Qpopper 4.0.3
>
>I decompressed the qpopper installation files, and moved to the new
directory.
>
>when I run ./configure the following error is returned:
>
>checking whether make sets ${MAKE}... no
>checking for gcc... no
>checking for cc... no
>configure: error: no acceptable cc found in $PATH
>
>Can anyone help me out with this one??
>
You need a C compiler (like GCC for example). When you installed RH, if
you
didn't choose to install the development environments, you'll need to
install a
compiler either by hand or via RPMs.
=46P
--
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
=46rank Pineau ------------>
frank at pineaus.IHATESPAM dot com
http://www.pineaus.com
It is pitch black. You are likely to be eaten by a grue.
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
PGP Public Key:
http://www.pineaus.com/frankpineau.asc
No mail from free e-mail systems such as Hotmail
or Yahoo will be accepted.
Date: Wed, 8 Aug 2001 21:05:47 -0700
From: Chuck <chuck+qpopper at yerkes dot com>
Subject: CGI/poppassd - anyone got?
I'm using APOP. I would love to know if someone has a CGI
script that will let people change their APOP passwords via
web. Anyone want to share?
TIA,
chuck
From: "Alex M" <alex at myzona dot net>
Subject: Re: CGI/poppassd - anyone got?
Date: Wed, 8 Aug 2001 23:08:16 -0700
It is obvious that qpopper uses system accounts, so basically to change the
password, would it be POP, APOP, FTP and etc, you would have to change the
whole user's system password... A CGI script called BRINK is able to do
that, but i was unsuccessful in getting this script to work correctly under
FreeBSD, it messed up the passwords instead of changing them.
Brink's homepage is http://www.brink.cx
Hope this helps.
---
Alex M.
----- Original Message -----
From: "Chuck" <chuck+qpopper at yerkes dot com>
To: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Wednesday, August 08, 2001 9:05 PM
Subject: CGI/poppassd - anyone got?
> I'm using APOP. I would love to know if someone has a CGI
> script that will let people change their APOP passwords via
> web. Anyone want to share?
>
> TIA,
>
> chuck
>
Date: Wed, 8 Aug 2001 23:17:42 -0700
From: Chuck <chuck+qpopper at yerkes dot com>
Subject: Re: CGI/poppassd - anyone got?
Quoting Alex M (alex at myzona dot net):
> It is obvious that qpopper uses system accounts, so basically to change the
> password, would it be POP, APOP, FTP and etc, you would have to change the
> whole user's system password...
It WOULD be obvious that yes, system usernames ARE used.
However, APOP (specifically mentioned) cannot use a crypted passwd
(per the system) and must use a shared token. Thus the use of
popauth(8) to manage the APOP "passwords".
So for password pop, ftp and other system accounts, I'd use
native auth (or LDAP). APOP cannot use this. So I'll wait
for the next reply, thanks.
> A CGI script called BRINK is able to do
I'd found this on freshmeat/google previously (and others). Thanks tho.
> that, but i was unsuccessful in getting this script to work correctly under
> FreeBSD, it messed up the passwords instead of changing them.
> Brink's homepage is http://www.brink.cx
>
> Hope this helps.
> ----- Original Message -----
> From: "Chuck" <chuck+qpopper at yerkes dot com>
> To: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
> Sent: Wednesday, August 08, 2001 9:05 PM
> Subject: CGI/poppassd - anyone got?
>
>
> > I'm using APOP. I would love to know if someone has a CGI
> > script that will let people change their APOP passwords via
> > web. Anyone want to share?
> >
> > TIA,
> >
> > chuck
> >
Date: Thu, 9 Aug 2001 02:30:08 -0400
From: Steven Champeon <schampeo at hesketh dot com>
Subject: Re: CGI/poppassd - anyone got?
on Wed, Aug 08, 2001 at 11:08:16PM -0700, Alex M wrote:
> It is obvious that qpopper uses system accounts, so basically to change the
> password, would it be POP, APOP, FTP and etc, you would have to change the
> whole user's system password...
I'm sorry, but that's false. We're happily using system passwords for
POP-only accounts whose users lack APOP, APOP auth for those who have
APOP, and the ftp server we're using (proftpd) allows you to configure
arbitrary passwd and group files.
Do you even use APOP? Try the manual page for popauth(8).
--
hesketh.com/inc. v: (919) 834-2552 f: (919) 834-2554 w: http://hesketh.com
From: "Alex M" <alex at myzona dot net>
Subject: Re: CGI/poppassd - anyone got?
Date: Wed, 8 Aug 2001 23:18:18 -0700
My opologies, i am not rather familiar with APOP, so I shouldnt have claim
the answers.
I tried :)
----- Original Message -----
From: "Chuck" <chuck+qpopper at yerkes dot com>
To: "Alex M" <alex at myzona dot net>
Cc: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Wednesday, August 08, 2001 11:17 PM
Subject: Re: CGI/poppassd - anyone got?
> Quoting Alex M (alex at myzona dot net):
> > It is obvious that qpopper uses system accounts, so basically to change
the
> > password, would it be POP, APOP, FTP and etc, you would have to change
the
> > whole user's system password...
>
> It WOULD be obvious that yes, system usernames ARE used.
> However, APOP (specifically mentioned) cannot use a crypted passwd
> (per the system) and must use a shared token. Thus the use of
> popauth(8) to manage the APOP "passwords".
>
> So for password pop, ftp and other system accounts, I'd use
> native auth (or LDAP). APOP cannot use this. So I'll wait
> for the next reply, thanks.
>
> > A CGI script called BRINK is able to do
>
> I'd found this on freshmeat/google previously (and others). Thanks tho.
>
> > that, but i was unsuccessful in getting this script to work correctly
under
> > FreeBSD, it messed up the passwords instead of changing them.
> > Brink's homepage is http://www.brink.cx
> >
> > Hope this helps.
>
> > ----- Original Message -----
> > From: "Chuck" <chuck+qpopper at yerkes dot com>
> > To: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
> > Sent: Wednesday, August 08, 2001 9:05 PM
> > Subject: CGI/poppassd - anyone got?
> >
> >
> > > I'm using APOP. I would love to know if someone has a CGI
> > > script that will let people change their APOP passwords via
> > > web. Anyone want to share?
> > >
> > > TIA,
> > >
> > > chuck
> > >
>
From: "Test-ID Iris" <iris at rumms.uni-mannheim dot de>
Date: Thu, 9 Aug 2001 10:28:00 +0200
Subject: (Fwd) permissions of temp-drop-file .user.pop
<color><param>0100,0100,0100</param>I'm running Qpopper 4.0.3 (./configure
<FontFamily><param>Times New Roman</param>--enable-servermode --enable te
mp-drop-
dir=/var/popper --enable-uw-kludge --enable-standalone --with-
openssl=/usr/local/ssl --enable-home-dir-mail –enable-log-facility=L
OCAL1
–disable-old-spool-loc).
Moving /var/popper/.user.pop to INBOX ($HOME/.mail) at the end of a POP-
session changes permissions from 0600 (what I want) to 0660. This causes a
warning from procmail in my syslog-File "Enforcing stricter permissions on
..."
with every incoming mail. There are 15000 users on the server and I would
like to
get 0600-mode for INBOX.
Is there any reason, NOT to change line
"dfd = open ( p->temp_drop, O_RDWR | O_CREAT, 0660 );"
in File pop_dropcopy.c?
TIA and best regards,
Iris
--
Iris Mayer
Mannheim University - Computing Center
email: iris.mayer at rz.uni-mannheim dot de
phone: ++49 621 181 3196 fax: ++49 621 181 3198
From: "Test-ID Iris" <iris at rumms.uni-mannheim dot de>
Date: Thu, 9 Aug 2001 10:28:31 +0200
Subject: (Fwd) POP&SSL: "Cert chain not trusted"
Hello,
I'm running Qpopper 4.0.3 with openssl on 2 Ports (Starttls on Port 110 and
alternate-port 995). Our certificate hierarchy has three levels: root ca - local
ca - server cert. In the file referenced by tls-server-cert-file in the
qpopper-config only the first certificate will be taken and only if the common
name (server PTR) matches. If we place the local ca cert in first and server
cert in second position the qpopper will reject connections , visa versa it will
not hand out the local ca cert to the client (Eudora 5.1) which only knows the
root ca cert -> so the cert chain cannot be closed and is not trusted -> the
client rejects to do the password authentication.
We do not want our users to accept the server cert but only have the root ca
cert which is delivered within the <eudora bin>/rootcerts.p7b file.
Has anyone experienced this or similar problems?
Best regards
Iris
----------------------------------------------------
Iris Mayer
Rechenzentrum der Universitaet Mannheim / Internet-Dienste
email: iris.mayer at rz.uni-mannheim dot de
Tel: ++49 621 181 3196 (Mo-Do 8-13 h)
Fax: ++49 621 181 3198
From: "Soprano Juan" <qpopper at meridiangs dot com>
Subject: Distribution lists in QPopper
Date: Thu, 9 Aug 2001 11:28:20 -0300
This is a multi-part message in MIME format.
------=_NextPart_000_0006_01C120C6.64AC2020
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I wanted to know if I can make a distribution list with QPopper but with
email addresses, not with users like the bulletins, and in the case is
not supported, is there a limit for quantity of recipients in the
email??? thanks
Juan
------=_NextPart_000_0006_01C120C6.64AC2020
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1"
http-equiv=Content-Type>
<META content="MSHTML 5.00.3315.2870" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I wanted to know if I can make a
distribution list
with QPopper but with email addresses, not with users like the
bulletins, and in
the case is not supported, is there a limit for quantity of recipients
in the
email??? thanks</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Juan</FONT></DIV></BODY></HTML>
------=_NextPart_000_0006_01C120C6.64AC2020--
Last updated on 9 Aug 2001 by Pensive Mailing List Admin