The qpopper list archive ending on 5 Mar 2002
Topics covered in this issue include:
1. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Mon, 18 Feb 2002 13:20:56 -0500 (EST)
2. setting up qpopper with postfix and mysql
=?ISO-8859-10?Q?René?= Brask =?ISO-8859-10?Q?Sørensen?= <diff at thefuture.adsl dot dk>
Mon, 18 Feb 2002 22:59:27 +0100
3. settup popper under xinetd ?!?
<sc2 at gmx dot at>
Tue, 19 Feb 2002 09:06:36 +0100
4. Re: settup popper under xinetd ?!?
"Alex M" <alex at myzona dot net>
Tue, 19 Feb 2002 00:17:17 -0800
5. Re: Quota policies?
Randall Gellens <randy at qualcomm dot com>
Tue, 19 Feb 2002 17:36:15 -0800
6. Re: Quota policies?
Randall Gellens <randy at qualcomm dot com>
Tue, 19 Feb 2002 17:39:33 -0800
7. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Tue, 19 Feb 2002 20:49:15 -0500 (EST)
8. Re: Quota policies?
Randall Gellens <randy at qualcomm dot com>
Tue, 19 Feb 2002 17:50:50 -0800
9. Re: Quota policies?
Randall Gellens <randy at qualcomm dot com>
Tue, 19 Feb 2002 17:47:06 -0800
10. Re: Quota policies?
Tim Tyler <tyler at beloit dot edu>
Wed, 20 Feb 2002 10:56:26 -0600 (CST)
11. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Wed, 20 Feb 2002 12:45:58 -0500 (EST)
12. What can affect Eudora's use of UIDL?
Leonard Hermens <Leonard.Hermens at rcity dot com>
Wed, 20 Feb 2002 11:24:47 -0800
13. Re: What can affect Eudora's use of UIDL?
Randall Gellens <randy at qualcomm dot com>
Wed, 20 Feb 2002 14:22:31 -0800
14. Re: What can affect Eudora's use of UIDL?
Alan Brown <alanb at digistar dot com>
Wed, 20 Feb 2002 17:30:24 -0500 (EST)
15. authentication failure
=?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Thu, 21 Feb 2002 16:13:59 +0100
16. Problems with qpopper 4.0.3 on IRIX 6.4
Francisco =?iso-8859-1?Q?Morán?= Burgos <fmb at gti.ssr.upm dot es>
Thu, 21 Feb 2002 16:49:22 +0100
17. maillock errors
Chris Sherman <csherman at allegheny dot edu>
Thu, 21 Feb 2002 12:18:49 -0500
18. Re: authentication failure
Randall Gellens <randy at qualcomm dot com>
Thu, 21 Feb 2002 12:24:33 -0800
19. Re: Problems with qpopper 4.0.3 on IRIX 6.4
Randall Gellens <randy at qualcomm dot com>
Thu, 21 Feb 2002 12:27:26 -0800
20. Re: maillock errors
Randall Gellens <randy at qualcomm dot com>
Thu, 21 Feb 2002 12:40:50 -0800
21. How to force use of TLS/SSL
Torbjorn Astlind <torbjorn at dbb.su dot se>
Sat, 23 Feb 2002 11:12:24 +0100
22. Re: How to force use of TLS/SSL
Kenneth Porter <shiva at well dot com>
23 Feb 2002 02:48:11 -0800
23. Re: How to force use of TLS/SSL
Randall Gellens <randy at qualcomm dot com>
Mon, 25 Feb 2002 14:48:33 -0800
24. Script to help in conversion to hashed directories...
Tim Meader <tmeader at cne-odin.gsfc.nasa dot gov>
Mon, 25 Feb 2002 18:50:50 -0500
25. Quit failure with QPoper 4.0.3
"Habib Abassi" <habassi at telephonyatwork dot com>
Tue, 26 Feb 2002 20:13:13 -0800
26. Pop Errors
Chris Heiner <Chris at netdsgns dot com>
Tue, 26 Feb 2002 22:57:24 -0800
27. Re: Pop Errors
Michael Zimmermann <zim at vegaa dot de>
Wed, 27 Feb 2002 09:00:36 +0100
28. qpopper Operation not permitted
"Simon May" <simon at imsl dot es>
Wed, 27 Feb 2002 10:05:18 +0100
29. Re: Quit failure with QPoper 4.0.3
Randall Gellens <randy at qualcomm dot com>
Wed, 27 Feb 2002 18:06:16 -0800
30. Authentication _Failure_
=?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Thu, 28 Feb 2002 02:08:20 +0100
31. Re: qpopper Operation not permitted
Randall Gellens <randy at qualcomm dot com>
Thu, 28 Feb 2002 14:20:12 -0800
32. Re: Authentication _Failure_
Clifton Royston <cliftonr at lava dot net>
Thu, 28 Feb 2002 13:11:52 -1000
33. Re: Authentication _Failure_
=?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Fri, 1 Mar 2002 07:36:09 +0100
34. Re: qpopper Operation not permitted
"Simon May" <simon at imsl dot es>
Fri, 1 Mar 2002 14:00:45 +0100
35. permissions wrong in /var/spool/mail/* after (succesfull) pop ?
rk at johanns-datentechnik dot de
01 Mar 2002 14:40:23 UT
36. Spool older than cache file error
"Dan Schaper" <dschaper at midcom dot com>
Fri, 1 Mar 2002 10:59:33 -0800
37. Re: permissions wrong in /var/spool/mail/* after (succesfull) pop ?
Clifton Royston <cliftonr at lava dot net>
Sat, 2 Mar 2002 16:16:56 -1000
38. 4.0.3 and tcp_wrappers
"J.D. Bronson" <lists at xpec dot com>
Mon, 04 Mar 2002 08:36:13 -0600
39. qpopper not rejecting cleartext passwords.
Eddy L O Jansson <eddy at klopper dot net>
Mon, 04 Mar 2002 16:18:50 +0100
40. Re: 4.0.3 and tcp_wrappers
Clifton Royston <cliftonr at lava dot net>
Mon, 4 Mar 2002 07:04:24 -1000
41. Don't ask for password...
=?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Mon, 4 Mar 2002 23:10:37 +0100
42. Re: 4.0.3 and tcp_wrappers
Daniel Senie <dts at senie dot com>
Mon, 04 Mar 2002 16:34:16 -0500
43. not logging with pam_ldap
lance miller <lance at blackfoot dot net>
Mon, 04 Mar 2002 16:18:07 -0700
44. Re: permissions wrong in /var/spool/mail/* after (succesfull)
Randall Gellens <randy at qualcomm dot com>
Mon, 4 Mar 2002 16:17:03 -0800
45. Re: 4.0.3 and tcp_wrappers
Randall Gellens <randy at qualcomm dot com>
Mon, 4 Mar 2002 16:24:25 -0800
46. Re: qpopper not rejecting cleartext passwords.
Randall Gellens <randy at qualcomm dot com>
Mon, 4 Mar 2002 16:21:12 -0800
47. Re: Spool older than cache file error
Randall Gellens <randy at qualcomm dot com>
Mon, 4 Mar 2002 16:19:13 -0800
48. compile APOP
"Bob Lockie" <bjlockie at rogers dot com>
Mon, 04 Mar 2002 20:52:32 -0500
49. Re: compile APOP
Kenneth Porter <shiva at well dot com>
04 Mar 2002 20:37:35 -0800
50. Re: Spool older than cache file error
Eric Luyten <Eric.Luyten at vub.ac dot be>
Tue, 5 Mar 2002 10:57:12 +0100 (MET)
Date: Mon, 18 Feb 2002 13:20:56 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Mon, 18 Feb 2002, Tim Tyler wrote:
> Cifton, Alan,
> The ls -lut command appears to resolve the need for a temp file.
It also covers users who never pop3.
Set up Qpopper to generate UIDLs on the fly. It adds more overhead but
means it won't write back to the mailbox unless there's disk access
going on.
As a FWIW, my experience with Pine + pop3 is that Pine reports that
another process has accessed the mailbox and toggles read-only.
> Alternatively, I might give the double to triple hard quota size a
> try. This still can be subverted, but it would take longer and probably
> result in fewer incidences.
You _must_ use at least double the soft quota in any case.
The temp file will always be the same size as the main mailbox and you
have to handle worst case - user at, just below soft quota, or possibly
over soft quota but inside the grace period.
AB
Date: Mon, 18 Feb 2002 22:59:27 +0100
From: =?ISO-8859-10?Q?René?= Brask =?ISO-8859-10?Q?Sørensen?= <diff at thefuture.adsl dot dk>
Subject: setting up qpopper with postfix and mysql
Hi
My current setup:
postfix 1.1 patchlevel 3
mysql -3.23.47
qpopper4.0.3 (with no config args, just standard)
Where I use the mysql db to lookup virtuals domains and resolve the
alias and mailbox path.
If I sends mail to virtual_user at foo dot com it's delivert to the mailbox,
but virtual_user can't retrive mail via. pop3
I have added virtual_user to /etc/passwd....
The question. Can I with qpopper make at mysql db where it auth. users ?
Sorry if this is really newbe
Regards René
From: <sc2 at gmx dot at>
Subject: settup popper under xinetd ?!?
Date: Tue, 19 Feb 2002 09:06:36 +0100
hello
i am running popper under xinetd,
so the entry is
servers = path/popper
but the problem is i cant run popper under xinetd with options like -R or
other because xinetd only wants 1 Value to be set , if i write
popper -option -option then X inetd dont starts
any ideas?
thx
From: "Alex M" <alex at myzona dot net>
Subject: Re: settup popper under xinetd ?!?
Date: Tue, 19 Feb 2002 00:17:17 -0800
Hi,
This is my qpopper entry in xinetd:
service pop3
{
flags = REUSE
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/libexec/qpopper
server_args = -s -f /etc/mail/qpopper.conf
}
You should use the flags = REUSE option in order to to be able to issue more
than one option to server_args.
> hello
>
> i am running popper under xinetd,
>
> so the entry is
> servers = path/popper
>
> but the problem is i cant run popper under xinetd with options like -R or
> other because xinetd only wants 1 Value to be set , if i write
> popper -option -option then X inetd dont starts
>
> any ideas?
> thx
>
>
>
Date: Tue, 19 Feb 2002 17:36:15 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Quota policies?
At 10:19 AM -0600 2/15/02, Tim Tyler wrote:
>I can't really go to server mode because we still have shell users.
If you have only a few shell users, you can set server mode on by
default, and off for the shell users only.
>It would be nice if someday Qpopper were able to implement its own
>internal quota system where the sum of the mailbox file (prior to
>popping) and any new incoming email cannot exceed a given limit
>during the popping process.
What would this mechanism do if a user was near quota and new mail
arrived that pushed the size over the limit?
Date: Tue, 19 Feb 2002 17:39:33 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Quota policies?
At 12:33 PM -0500 2/15/02, Alan Brown wrote:
>Server mode is only needed if there's the possibility that a user may be
>accessing the mailbox via shell (pine, elm, imap, etc) and pop3 at the
>same time.
You mean "server mode is only *prevented* if there's the possibility ...."
You make a good point that server mode is not contraindicated solely
because of shell access, but only shell access that mucks with the
spool.
>Or if they may have 2 concurrent pop sessions (think 1 machine at home
>with "leave mail on server" and one at work either leaving it on the
>server or clearing the mail)
Qpopper prevents more than one session by the same user at the same time.
>More appropriate locking would nail this reasonably well, the problem
>really is that it is difficult to lock down.
More appropriate locking in what way?
Date: Tue, 19 Feb 2002 20:49:15 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Tue, 19 Feb 2002, Randall Gellens wrote:
> You mean "server mode is only *prevented* if there's the possibility ...."
er, yes.
> You make a good point that server mode is not contraindicated solely
> because of shell access, but only shell access that mucks with the
> spool.
> >More appropriate locking would nail this reasonably well, the problem
> >really is that it is difficult to lock down.
>
> More appropriate locking in what way?
As with the dual popper session issue, refuse to start if there's a pine
or imap style lock on the mailbox, etc.
AB
Date: Tue, 19 Feb 2002 17:50:50 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Quota policies?
At 11:26 AM -0600 2/18/02, Tim Tyler wrote:
>I really don't know from time to time all the users that might use
>their shell account. So it might be better for me to incorporate a
>warning into their shell login.
Just a thought: you could have the login script write a user options
file to turn off server mode. Maybe together with a script to delete
these files after a day?
Date: Tue, 19 Feb 2002 17:47:06 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Quota policies?
At 2:14 PM -0600 2/15/02, Tim Tyler wrote:
> 2. I presume that in server mode there is no temp file any more.
There still is a temp file, Qpopper uses it for mutual exclusion as
well as a temporary spool location. In server mode it avoids copying
the spool to and from it in many cases (essentially, those where all
messages are deleted, or no messages were deleted and no messages
were read for the first time).
From: Tim Tyler <tyler at beloit dot edu>
Subject: Re: Quota policies?
Date: Wed, 20 Feb 2002 10:56:26 -0600 (CST)
Randall, qpopper,
Well, once again, if server mode occassionally can write to a temp file,
then it seems to me that occassionally I have the same problem that I
currently have without server mode (No?). If server mode never wrote the file out
to a temp file, then the integrity of the system quota could be maintained.
There may be more than one way to accomplish a cure-all:
1. No temp file unless it is merely to duplicate (not zero out the mailbox).
The mailbox must maintain its size until the client directly requests
removal. This way system quotas can be allowed to stop incoming messages
when appropriate.
2. If a temp file is necessary or desired, then system quotas cannot be part
of the solution. Either qpopper or the mta must keep track of the sum of
both the temp file and mailbox as to whether new incoming email is allowed.
The number one thing that screws up the intent of quota system is when new
mail is delivered in the middle of a popping session. Large hard quotas
minimize the problem, but don't remove the problem. The mta is probably a
better candidate for keeping track since it is more aware of what it has to
deliver and check against. But I doubt they are as eager to find a solution
for this.
Tim
>
>At 2:14 PM -0600 2/15/02, Tim Tyler wrote:
>
>> 2. I presume that in server mode there is no temp file any more.
>
>There still is a temp file, Qpopper uses it for mutual exclusion as
>well as a temporary spool location. In server mode it avoids copying
>the spool to and from it in many cases (essentially, those where all
>messages are deleted, or no messages were deleted and no messages
>were read for the first time).
>
--
Tim Tyler
Network Manager - Beloit College
tyler at beloit dot edu
Go Packers! Go Badgers!
1999&2000 Rose Bowl Champions!
Date: Wed, 20 Feb 2002 12:45:58 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Wed, 20 Feb 2002, Tim Tyler wrote:
> Well, once again, if server mode occassionally can write to a temp file,
> then it seems to me that occassionally I have the same problem that I
> currently have without server mode (No?).
No, the poptemp is used as a lockfile, but it's zero bytes unless people
start selectively deleating some mail and leaving others on the server.
AB
Date: Wed, 20 Feb 2002 11:24:47 -0800
From: Leonard Hermens <Leonard.Hermens at rcity dot com>
Subject: What can affect Eudora's use of UIDL?
Hello,
Condition: A couple of Eudora 5.1 users from a pool of about 2000 have
experienced this issue. They have "leave on server" set (for no sensible
reason, but that's beside the point) and have apparently re-downloaded all
of the previously stored messages again. My guess is that something
recently changed on the client end, but I don't know what could cause it to
happen. Very few "leave on server" users have had this happen.
Question: What changes to Eudora, or its configuration could cause this?
Qpopper was configured as:
./configure --enable-servermode --enable-uw-kludge
I understand how the UIDL is calculated in qpopper (we are running 3.1.2),
but I do not know under what conditions the Eudora client could "forget"
that it has already downloaded a message. Where is the UIDL stored on the
client? (Is that even relevant?) What could possibly cause Eudora to change
its behavior with respect to the previously downloaded messages.
I don't yet have any knowledge what, if anything, has changed on the user's
client or computer. But I was wondering if there is a common list of things
to check or know about so that this doesn't happen again.
Thanks for your help.
-- Leonard
Date: Wed, 20 Feb 2002 14:22:31 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: What can affect Eudora's use of UIDL?
Eudora keeps track of the UIDs of messages it knows about in a file,
I think called "lmos.dat". If this file were damaged, corrupted, or
deleted, Eudora would redownload messages.
Also, if the X-UIDL headers in the spool file (on the server) were
stripped, Qpopper would regenerate the UID. Unless no_status is set,
Qpopper includes a random element in the UID generation. Thus, the
same message will get a different UID and hence be redownloaded.
(When no_status is set, Qpopper doesn't include the random number,
and UIDs are repeatable. But there is also a chance of generating
the same UID for different messages, if the headers are identical.)
If a version of Qpopper prior to 3.0 is run with NO_STATUS compiled
in, and the server is subsequently upgraded to 3.0 or later, the UIDs
for the old messages will be different unless Qpopper has
old_style_uids and no_status set.
Date: Wed, 20 Feb 2002 17:30:24 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: What can affect Eudora's use of UIDL?
On Wed, 20 Feb 2002, Randall Gellens wrote:
> Also, if the X-UIDL headers in the spool file (on the server) were
> stripped, Qpopper would regenerate the UID. Unless no_status is set,
> Qpopper includes a random element in the UID generation. Thus, the
> same message will get a different UID and hence be redownloaded.
> (When no_status is set, Qpopper doesn't include the random number,
> and UIDs are repeatable. But there is also a chance of generating
> the same UID for different messages, if the headers are identical.)
From an ISP point of view, having the users download the messages
repeatedly until they delete them is - desireable.
AB
Date: Thu, 21 Feb 2002 16:13:59 +0100
From: =?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Subject: authentication failure
Hi
After I have compiled qpopper with mysql support my users can't get authorized...
I get the following error :
Feb 21 00:28:51 thefuture popper[11692]: diff at obelix.thefutuer.adsl.dk
(10.0.0.3): -ERR [AUTH] Password supplied for "diff@thefuture.adsl dot dk" is
incorrect.
Feb 21 00:28:55 thefuture popper[11692]: diff at obelix.thefutuer.adsl.dk
(10.0.0.3): -ERR POP EOF or I/O Error
and it's not the mysql connection. It works fine. Here is a part of my
mysql-qpopper.conf :
# The table we auth off of
# Defaults to "qpopper"
MysqlAuthTable email
# One of "cleartext", "crypt" or "both"
# Defaults to "cleartext"
MysqlAuthPasswordMethod both
# Field where user username is
# Defaults to "username"
MysqlAuthUsernameField username
MysqlAuthDomainField domain
MysqlAuthDefaultDomain thefuture.adsl.dk
# Field where user password is
# Defaults to "password"
MysqlAuthPasswordField password
# Options to get user UID.
# REQUIRED - MUST specify/uncomment one
MysqlAuthUidField uid
#MysqlAuthUid 65534
#MysqlAuthUidName nobody
# Options to get user GID.
# REQUIRED - MUST specify/uncomment one
MysqlAuthGidField gid
#MysqlAuthGid 100
#MysqlAuthGidName nobody
My configure flags :
./configure --enable-servermode --enable-shy --enable-specialauth
--enable-temp-drop-dir=/var/spool/mail/.pop --disable-check-pw-max
--enable-fast-update --prefix=/usr/local/qpopper --disable-hash-dir-check
--with-mysqllibpath=/usr/local/mysql/lib/mysql
--with-mysqlincludepath=/usr/local/mysql/include/mysql --enable-mysql
--enable-log-login-mysql --with-mysqlconfig=/etc/mysql-popper.conf
And I am using shadow on the server...
Please help Regards René
Date: Thu, 21 Feb 2002 16:49:22 +0100
From: Francisco =?iso-8859-1?Q?Morán?= Burgos <fmb at gti.ssr.upm dot es>
Subject: Problems with qpopper 4.0.3 on IRIX 6.4
Dear all:
Please forgive me if a similar question to mine has already been answered in
this list, but I've just subscribed to it and haven't seen anything alike in
the last files of its archives.
I've been running for years and without problems an old version of the popper
daemon on an SGI with IRIX 6.4, in which I've recently been able to install
qpopper 4.0.3 without any errors (I did get many linker warnings, but that's
certainly not the problem) just like this:
./configure --disable-specialauth
# ./configure --enable-specialauth, which is what a plain ./configure would
# do, wrongly assuming that I use shadow passwords, doesn't help
make install
However, when I run qpopper 4.0.3 as the POP server daemon on that SGI, I
invariably get errors of the kind
User <xxx> not known by system [pop_pass.c:1289]
for any user <xxx> not listed in the file "/etc/passwd" of that SGI, which
has a "+" entry to read the (plain) NIS password map (in IRIX 6.4, there's no
"/etc/nsswitch.conf"). The only workaround seems to be adding users to the
"/etc/passwd" file, but that's not too serious, right? Besides, the "+"
setting works perfectly fine with an older popper daemon running on that SGI,
as I've told you, or with qpopper 4.0.3 running on an HP with HP-UX 10.20,
which acts as an NFS client of the SGI.
Thanks a lot in advance for any help.
F.
Date: Thu, 21 Feb 2002 12:18:49 -0500
From: Chris Sherman <csherman at allegheny dot edu>
Subject: maillock errors
Hello,
I've just recently installed Qpopper 4.03 which has solved a few problems
but now most users receive the following error message serval times per day:
-ERR [SYS/TEMP] maillock error 'Max tries exceeded' (4) on
'/var/spool/mail/username': File exists (17)
Could anyone please help me out as to why I am receiving this message and
how to possibly get rid of it?
I have Qpopper 4.03 running on an AlphaServer 800 5/400 with digital UNIX
4.0f and sendmail 8.9. I have approximately 2500 users reading mail off
this server. qpopper's configure was run with no flags and no
configuration file.
inetd.conf entry:
pop3 stream tcp nowait root /usr/local/lib/popper popper -s
Thanks in advance for any help,
Chris
Date: Thu, 21 Feb 2002 12:24:33 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: authentication failure
Try it without the '--enable-specialauth' (be sure to do a 'make
realclean' first). You usually don't need to specify this; configure
is usually able to figure out if you need it.
If you still have problems, get a debug trace and see what it says:
To enable tracing in Qpopper:
1. Do a 'make clean'
2. Re-run ./configure, adding '--enable-debugging'.
3. Edit the inetd.conf line for Qpopper, adding '-d' or '-t <tracefile-path>'.
4. Send inetd (or xinetd) a HUP signal.
(Steps 3 and 4 are only needed if you use inetd (or xinetd). In
standalone mode, you can add '-d' or '-t <tracefile-path>' to the
command line directly.)
(In either standalone or inetd mode, if you use a configuration file
you can add 'set debug' or 'set tracefile = <tracefile>' to either a
global or user-specific configuration file instead of steps 3 and 4.)
This causes detailed tracing to be written to the syslog or to the
file specified as 'tracefile'.
Date: Thu, 21 Feb 2002 12:27:26 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Problems with qpopper 4.0.3 on IRIX 6.4
At 4:49 PM +0100 2/21/02, Francisco Morán Burgos wrote:
># ./configure --enable-specialauth, which is what a plain ./configure would
># do, wrongly assuming that I use shadow passwords, doesn't help
If you have a case where ./configure does the wrong thing with
'--enable-specialauth' please send details, including the configure
log. It should be fixed.
As to your specific problem, perhaps the linker warnings are a clue;
maybe the wrong library is getting used?
Date: Thu, 21 Feb 2002 12:40:50 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: maillock errors
At 12:18 PM -0500 2/21/02, Chris Sherman wrote:
>Hello,
>
>I've just recently installed Qpopper 4.03 which has solved a few
>problems but now most users receive the following error message
>serval times per day:
>-ERR [SYS/TEMP] maillock error 'Max tries exceeded' (4) on
>'/var/spool/mail/username': File exists (17)
>
>Could anyone please help me out as to why I am receiving this
>message and how to possibly get rid of it?
Probably the spool is locked by another process that is holding it
locked for a relatively long time (maybe large files are being
delivered). One thing that could be done would be to replace the
call on sleep(3) with doze(), which is an internal function that
calls either sleep(3) or usleep(3) if it is available. That would
permit the maximum retries to be upped from 4 to something much
larger, perhaps 10 or 50, and the delay between tries to be made much
shorter and more random. In other words, the same thing that is now
done for the bulletin database.
If you want to try this out, edit common/maillock.c and change the
call on sleep(3) to usleep(3), and change the call on Qmaillock() in
popper/pop_dropcopy.c to pass '50' instead of '2', and in
popper/pop_updt.c to pass '100' instead of '4'.
If this solves the problem for you, please let me know.
Date: Sat, 23 Feb 2002 11:12:24 +0100
From: Torbjorn Astlind <torbjorn at dbb.su dot se>
Subject: How to force use of TLS/SSL
Hello,
I want to open up for users external to our domain to use Eudora 5.1
only with POP-TLS/SSL. I do not want to open up for nonencrypted
POP. All popusers use APOP from within the domain.
Please can someone give me a hint how to achive this.
Do I have to use alternat port and a firewall filter to pass the
alternate port only?
Thanks for any help and advice,
Torbjörn
Subject: Re: How to force use of TLS/SSL
From: Kenneth Porter <shiva at well dot com>
Date: 23 Feb 2002 02:48:11 -0800
On Sat, 2002-02-23 at 02:12, Torbjorn Astlind wrote:
> I want to open up for users external to our domain to use Eudora 5.1
> only with POP-TLS/SSL. I do not want to open up for nonencrypted
> POP. All popusers use APOP from within the domain.
> Please can someone give me a hint how to achive this.
> Do I have to use alternat port and a firewall filter to pass the
> alternate port only?
It all depends on how you start qpopper. If you use xinetd, you can
specify different configurations and command lines for different
interfaces and ports. So you'd run a non-TLS APOP-capable qpopper on
your internal interface at the pop3 port, and a SSL-only qpopper on the
pop3s port on the external interface.
Date: Mon, 25 Feb 2002 14:48:33 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: How to force use of TLS/SSL
At 11:12 AM +0100 2/23/02, Torbjorn Astlind wrote:
>Hello,
>I want to open up for users external to our domain to use Eudora 5.1
>only with POP-TLS/SSL. I do not want to open up for nonencrypted
>POP. All popusers use APOP from within the domain.
>Please can someone give me a hint how to achive this.
>Do I have to use alternat port and a firewall filter to pass the
>alternate port only?
>Thanks for any help and advice,
>Torbjörn
Since Eudora supports STLS, there is no need to use an alternate
port. You can enable both TLS/SSL and APOP in the same Qpopper.
with clear-text-passwords set to TLS, users will have to use either
APOP or TLS to connect.
However, this would permit external users to use APOP instead of TLS.
While this protects passwords, mail contents are still sent in the
clear. To prevent this, you'd need to run two instances of Qpopper,
one for internal users and one for external. The internal one could
support both APOP and TLS (STLS), while the external one should
support TLS (STLS) but not APOP, thus forcing external users to use
TLS.
Date: Mon, 25 Feb 2002 18:50:50 -0500
From: Tim Meader <tmeader at cne-odin.gsfc.nasa dot gov>
Subject: Script to help in conversion to hashed directories...
Hello all. I couldn't find any utility out there to really quickly move all
the current mail spools (we have well over 1500 users per machine) over to
a hashed directory structure (the second type of hash, ie -
"firstletter/secondletter/fullname"), so today I went ahead and wrote this
quick script. Keep in mind that I make no guarantees other than that it
worked great for me and helped out a LOT. Also be sure to stop POP and
sendmail temporarily when you execute this. Hope this helps out some other
people. At the very least it's a starting off point for your own script.
See ya.
-------------------------------------------------------------
#!/usr/local/bin/perl -w
#######################################################################
#
# This is a script to aid in the conversion from flat directories
# for email to hashed (type 2) directories
#
# Tim Meader - 2/25/02
#
#######################################################################
use strict;
#use diagnostics;
use File::Copy;
#####################################
#
# Tests for correct usage
#
#####################################
if(!$ARGV[0])
{
print "Incorrect usage: \"hashconv [current user mailfile
directory]\"\n";
print "Exitting...\n";
exit(1);
}
if(!(-e $ARGV[0]))
{
print "The starting directory you specified does not exist!\n";
print "Exitting...\n";
exit(1);
}
if(!(-d $ARGV[0]))
{
print "The name you entered is not a directory!\n";
print "Exitting...\n";
exit(1);
}
if(-l $ARGV[0])
{
print "The name you entered is a symbolic link. Please enter the
real directory name.\n";
print "Exitting...\n";
exit(1);
}
if($ARGV[0] !~ /\/$/)
{
$ARGV[0] = $ARGV[0]."/";
}
my ($curr_dir) = `pwd`;
chomp $curr_dir;
$curr_dir = $curr_dir."/";
if($ARGV[0] eq $curr_dir)
{
print "DO NOT RUN THIS PROGRAM FROM THE SAME DIRECTORY YOU
SPECIFY!\n";
print "Exitting...\n";
exit(1);
}
######################################
my (@mboxlist) = `ls -1 $ARGV[0]`;
chomp @mboxlist;
foreach (@mboxlist)
{
if(($_ !~ /\/$/) && !(-x $ARGV[0].$_) && ($_ ne $0))
{
my ($first_letter) = substr($_, 0, 1);
my ($second_letter) = substr($_, 1, 1);
if(!(-e $ARGV[0].$first_letter))
{
mkdir $ARGV[0].$first_letter;
chmod 01777, "$ARGV[0]$first_letter";
mkdir $ARGV[0].$first_letter."/".$second_letter;
chmod 01777,
"$ARGV[0]$first_letter"."/"."$second_letter";
system("chown", "-R", "root:mail",
"$ARGV[0]$first_letter");
print "Created FULL path
\"$ARGV[0]$first_letter"."/"."$second_letter\"\n";
move($ARGV[0].$_,
$ARGV[0].$first_letter."/".$second_letter."/".$_);
print "Moved current mail file \"$_\" to
\"$ARGV[0]$first_letter"."/"."$second_letter"."/"."$_\"\n\n";
}
elsif(!(-e $ARGV[0].$first_letter."/".$second_letter))
{
mkdir $ARGV[0].$first_letter."/".$second_letter;
chmod 01777,
"$ARGV[0]$first_letter"."/"."$second_letter";
system("chown", "root:mail",
"$ARGV[0]$first_letter"."/"."$second_letter");
print "Created path
\"$ARGV[0]$first_letter"."/"."$second_letter\"\n";
move($ARGV[0].$_,
$ARGV[0].$first_letter."/".$second_letter."/".$_);
print "Moved current mail file \"$_\" to
\"$ARGV[0]$first_letter"."/"."$second_letter"."/"."$_\"\n\n";
}
elsif(-e $ARGV[0].$first_letter."/".$second_letter."/".$_)
{
open(ORIGMAIL, ">>$ARGV[0]$_");
flock(ORIGMAIL, 2);
open(NEWMAIL,
"<$ARGV[0]$first_letter"."/"."$second_letter"."/"."$_");
flock(NEWMAIL, 2);
foreach my $newmailline (<NEWMAIL>)
{
print ORIGMAIL "$newmailline\n";
}
close(NEWMAIL);
close(ORIGMAIL);
print "File
\"$ARGV[0]$first_letter"."/"."$second_letter"."/"."$_\" catted to
\"$ARGV[0]$_\"\n";
copy($ARGV[0].$_,
$ARGV[0].$first_letter."/".$second_letter."/".$_);
print "Merged file copied!!\n\n";
}
else
{
move($ARGV[0].$_,
$ARGV[0].$first_letter."/".$second_letter."/".$_);
print "ONLY moved current mail file \"$_\" to
\"$ARGV[0]$first_letter"."/"."$second_letter"."/"."$_\"\n\n";
}
}
}
exit(0);
---
Tim Meader
ACS-GSG - (301) 286-8013
tmeader at cne-odin.gsfc.nasa dot gov
Subject: Quit failure with QPoper 4.0.3
Date: Tue, 26 Feb 2002 20:13:13 -0800
From: "Habib Abassi" <habassi at telephonyatwork dot com>
Hi,
I am using QPop version 4.0.3, I have the following issue :
if an email is marked to be deleted and the quit fail the deletion will
take effect, contrary to Microsoft Exchange which will leave the email
in the mailbox.
This is the way how QPoper suppose to work ?
Thanks.
From: Chris Heiner <Chris at netdsgns dot com>
Subject: Pop Errors
Date: Tue, 26 Feb 2002 22:57:24 -0800
How do I eliminate the POP errors that my customers are receiving? It
happens during high traffic usage. Is there a limit to the amount of pop
connection, if so can you please give me instructions on adjusting this
limitation.
Thanks in advance for your reply.
Chris Heiner
Network Designs, Inc
From: Michael Zimmermann <zim at vegaa dot de>
Subject: Re: Pop Errors
Date: Wed, 27 Feb 2002 09:00:36 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At Mittwoch, 27. Februar 2002 07:57 Chris Heiner wrote:
> How do I eliminate the POP errors that my customers are receiving? It
> happens during high traffic usage. Is there a limit to the amount of pop
> connection, if so can you please give me instructions on adjusting this
> limitation.
Probably you are starting qpopper through inetd, is that true?
In that case inetd imposes a default limit of 40 connections
per 60-second interval. A higher limit can be given in the
inetd.conf file with <dot> plus <number> behind the
'nowait', like.
>> pop3 stream tcp nowait.80 root /usr/sbin/tcpd /usr/sbin/popper -s
Don't know how this is expressed with xinetd, should you be usig that,
but there certainly is a similiar way to accomplish the same functionality.
Greetings
Michael
- --
Michael Zimmermann (Vegaa Internet Services)
<zim at vegaa dot de> phone +49 89 6283 7632 hotline +49 163 823 1195
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8fJIk72vu22ltWBERArYOAJ9vbnu/p0WnkPlNP0aKT8DAJQn/kACgg3Rj
K70gtf/4Q7u+jhW+n8AHOYg
=oK9+
-----END PGP SIGNATURE-----
From: "Simon May" <simon at imsl dot es>
Subject: qpopper Operation not permitted
Date: Wed, 27 Feb 2002 10:05:18 +0100
Dear All,
Well I have tried a number of optimization. This has solved some problems
for some users but seems to have created problems for others or I'm just
more aware of problems as I get a lot more debugs in the logs.
Any comments or suggestions would be appreciated .
Last comment, most users are using MS outlook express :-( or Outlook :-((
Error messages
Feb 26 23:10:10 lucyx qpopper[15370]: I/O error writing to client patricia
at 80
.26.106.164 [80.26.106.164]: Operation not permitted (1)
Feb 26 23:10:10 lucyx qpopper[15370]: patricia at 80.26.106.164
(80.26.106.164):
-ERR SIGHUP or SIGPIPE flagged
Feb 26 23:10:10 lucyx qpopper[15370]: I/O error flushing output to client
patric
ia at 80.26.106.164 [80.26.106.164]: Operation not permitted (1)
Feb 26 23:10:10 lucyx qpopper[15370]: patricia at 80.26.106.164
(80.26.106.164):
-ERR POP hangup from lucyx.ocea.es
Feb 26 23:10:10 lucyx qpopper[15370]: I/O error flushing output to client
patric
ia at 80.26.106.164 [80.26.106.164]: Operation not permitted (1)
Feb 26 23:10:10 lucyx qpopper[15370]: Stats: patricia 0 0 1 1011813
80.26.106.16
4 80.26.106.164
Feb 26 23:10:10 lucyx qpopper[15370]: I/O error flushing output to client
patric
ia at 80.26.106.164 [80.26.106.164]: Operation not permitted (1)
start up in inetd.conf
pop3 stream tcp nowait.80 root /usr/local/sbin/popper qpopper -s -R -T
600 -f /etc/qpopper.conf
config in /etc/qpopper.conf
set chunky-writes = never
Kind Regards
Simon May
Network Administrator
Date: Wed, 27 Feb 2002 18:06:16 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Quit failure with QPoper 4.0.3
At 8:13 PM -0800 2/26/02, Habib Abassi wrote:
>if an email is marked to be deleted and the quit fail the deletion
>will take effect, contrary to Microsoft Exchange which will leave
>the email in the mailbox.
>
>This is the way how QPoper suppose to work ?
You can turn this off in Qpopper as a compile-time or run-time
option. See the Administrator's Guide. It's called
"update-on-abort".
Date: Thu, 28 Feb 2002 02:08:20 +0100
From: =?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Subject: Authentication _Failure_
On Thu, Feb 28, 2002 at 01:17:58AM +0100, Rene Brask S0rensen wrote:
> On Thu, Feb 21, 2002 at 12:47:24AM +0100, René Brask Sørensen wrote:
> > Hi
> >
> > After I have compiled qpopper with mysql support my users can't get authorized...
> >
> > I get the following error :
> >
> > Feb 21 00:28:51 thefuture popper[11692]: diff at obelix.thefutuer.adsl.dk
> > (10.0.0.3): -ERR [AUTH] Password supplied for "diff@thefuture.adsl dot dk" is
> > incorrect.
> > Feb 21 00:28:55 thefuture popper[11692]: diff at obelix.thefutuer.adsl.dk
> > (10.0.0.3): -ERR POP EOF or I/O Error
> >
> > and it's not the mysql connection. It works fine. Here is a part of my
> > mysql-qpopper.conf :
> >
> > # The table we auth off of
> > # Defaults to "qpopper"
> > MysqlAuthTable email
> >
> > # One of "cleartext", "crypt" or "both"
> > # Defaults to "cleartext"
> > MysqlAuthPasswordMethod both
> >
> > # Field where user username is
> > # Defaults to "username"
> > MysqlAuthUsernameField username
> >
> > MysqlAuthDomainField domain
> > MysqlAuthDefaultDomain thefuture.adsl.dk
> >
> > # Field where user password is
> > # Defaults to "password"
> > MysqlAuthPasswordField password
> >
> > # Options to get user UID.
> > # REQUIRED - MUST specify/uncomment one
> > MysqlAuthUidField uid
> > #MysqlAuthUid 65534
> > #MysqlAuthUidName nobody
> >
> > # Options to get user GID.
> > # REQUIRED - MUST specify/uncomment one
> > MysqlAuthGidField gid
> > #MysqlAuthGid 100
> > #MysqlAuthGidName nobody
> >
> >
> > My configure flags :
> >
> > ./configure --enable-servermode --enable-shy
> > --enable-temp-drop-dir=/var/spool/mail/.pop --disable-check-pw-max
> > --enable-fast-update --prefix=/usr/local/qpopper --disable-hash-dir-check
> > --with-mysqllibpath=/usr/local/mysql/lib/mysql
> > --with-mysqlincludepath=/usr/local/mysql/include/mysql --enable-mysql
> > --enable-log-login-mysql --with-mysqlconfig=/etc/mysql-popper.conf
> >
> > And I am using shadow on the server...
> >
> > Please help Regards René
> >
Now I tryed without --enable-specialauth but it did'nt sems to have any effect :(
PLEASE ANYONE got a idea ?
Thanks Rene ;)
Date: Thu, 28 Feb 2002 14:20:12 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: qpopper Operation not permitted
At 10:05 AM +0100 2/27/02, Simon May wrote:
>Dear All,
>Well I have tried a number of optimization. This has solved some problems
>for some users but seems to have created problems for others or I'm just
>more aware of problems as I get a lot more debugs in the logs.
>
>Any comments or suggestions would be appreciated .
>Last comment, most users are using MS outlook express :-( or Outlook :-((
>
>Error messages
>Feb 26 23:10:10 lucyx qpopper[15370]: I/O error writing to client patricia
>at 80
>.26.106.164 [80.26.106.164]: Operation not permitted (1)
>Feb 26 23:10:10 lucyx qpopper[15370]: patricia at 80.26.106.164
>(80.26.106.164):
> -ERR SIGHUP or SIGPIPE flagged
These all indicate that the connection with the client aborted. This
could be because the client timed out and disconnected (a problem
that's been reported with Outlook and Outlook Express). It could
also be something else. If you can reproduce it, a packet trace may
be helpful.
Date: Thu, 28 Feb 2002 13:11:52 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Authentication _Failure_
On Thu, Feb 28, 2002 at 02:08:20AM +0100, René Brask Sørensen wrote:
> > > My configure flags :
> > >
> > > ./configure --enable-servermode --enable-shy
> > > --enable-temp-drop-dir=/var/spool/mail/.pop --disable-check-pw-max
> > > --enable-fast-update --prefix=/usr/local/qpopper --disable-hash-dir-check
> > > --with-mysqllibpath=/usr/local/mysql/lib/mysql
> > > --with-mysqlincludepath=/usr/local/mysql/include/mysql --enable-mysql
> > > --enable-log-login-mysql --with-mysqlconfig=/etc/mysql-popper.conf
> > >
> > > And I am using shadow on the server...
> > >
> > > Please help Regards René
> > >
> Now I tryed without --enable-specialauth but it did'nt sems to have any effect :(
>
> PLEASE ANYONE got a idea ?
>
> Thanks Rene ;)
Sorry, but you're really dependent on responses from one of the few
people using the mysql patch. What I don't understand is: are you
using mysql and trying to also use the password file? I thought mysql
was to be used in place of the password file (though I've never looked
at it.)
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Fri, 1 Mar 2002 07:36:09 +0100
From: =?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Subject: Re: Authentication _Failure_
On Thu, Feb 28, 2002 at 01:11:52PM -1000, Clifton Royston wrote:
> On Thu, Feb 28, 2002 at 02:08:20AM +0100, René Brask Sørensen wrote:
> > > > My configure flags :
> > > >
> > > > ./configure --enable-servermode --enable-shy
> > > > --enable-temp-drop-dir=/var/spool/mail/.pop --disable-check-pw-max
> > > > --enable-fast-update --prefix=/usr/local/qpopper --disable-hash-dir-check
> > > > --with-mysqllibpath=/usr/local/mysql/lib/mysql
> > > > --with-mysqlincludepath=/usr/local/mysql/include/mysql --enable-mysql
> > > > --enable-log-login-mysql --with-mysqlconfig=/etc/mysql-popper.conf
> > > >
> > > > And I am using shadow on the server...
> > > >
> > > > Please help Regards René
> > > >
> > Now I tryed without --enable-specialauth but it did'nt sems to have any effect :(
> >
> > PLEASE ANYONE got a idea ?
> >
> > Thanks Rene ;)
>
> Sorry, but you're really dependent on responses from one of the few
> people using the mysql patch. What I don't understand is: are you
> using mysql and trying to also use the password file? I thought mysql
> was to be used in place of the password file (though I've never looked
> at it.)
>
> -- Clifton
>
> --
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Your right... But I just thought that the problem might have something to do with qpopper won't allow the mysql password lookup... But I'll just hope for someone using the patch see this mail :)
René
From: "Simon May" <simon at imsl dot es>
Subject: Re: qpopper Operation not permitted
Date: Fri, 1 Mar 2002 14:00:45 +0100
Dear Randell,
I see that it's possible to get outlook express to log POP3 sessions
I will get one of our clients to do so and see if we can pin down the error.
Interestingly the error is mainly with users using the local telephone
companies ADSL system
and not with users connecting directly with the system. So it does seem a
time out problem.
Thanks for the advice
Simon
> These all indicate that the connection with the client aborted. This
> could be because the client timed out and disconnected (a problem
> that's been reported with Outlook and Outlook Express). It could
> also be something else. If you can reproduce it, a packet trace may
> be helpful.
>
From: rk at johanns-datentechnik dot de
Subject: permissions wrong in /var/spool/mail/* after (succesfull) pop ?
Date: 01 Mar 2002 14:40:23 UT
Hello !
after setting up a new popper 4.03, sometimes the user's mailfiles stored
in /var/spool/mail change permissions and ownership...
instead of rw-,---,---, chown username:disk
the files change to rw-,rw-,--- and chown username:root.
I don't know where to look, as mail is "popped" correctly to the clients.
The problem is not always...
It seems, that new useraccounts (when being created in /var/spool/mail) start up with the wrong permissions/ownerships..
I don't know it is an qpopper issue, but may be someone can help ...
thanks so far
From: "Dan Schaper" <dschaper at midcom dot com>
Subject: Spool older than cache file error
Date: Fri, 1 Mar 2002 10:59:33 -0800
I'm seeing this error in my popper logs, is this a configuration error, or
just a transient self healing error?
__
Thank You
Dan Schaper
Systems Administrator
MIDCOM Corporation
www.midcom.com
714-579-3000
800-444-5443 (Fax)
Date: Sat, 2 Mar 2002 16:16:56 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: permissions wrong in /var/spool/mail/* after (succesfull) pop ?
On Fri, Mar 01, 2002 at 02:40:23PM +0000, rk at johanns-datentechnik dot de wrote:
> after setting up a new popper 4.03, sometimes the user's mailfiles stored
> in /var/spool/mail change permissions and ownership...
>
> instead of rw-,---,---, chown username:disk
> the files change to rw-,rw-,--- and chown username:root.
> I don't know where to look, as mail is "popped" correctly to the clients.
> The problem is not always...
> It seems, that new useraccounts (when being created in /var/spool/mail) start up with the wrong permissions/ownerships..
> I don't know it is an qpopper issue, but may be someone can help ...
It might be a qpopper issue. We've occasionally seen something like
this here - the group of a user's mailbox suddenly shows up as "wheel"
instead of "user", our normal default. It doesn't cause a problem, but
it does show up in our nightly security reports. I haven't yet
reproduced the problem.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 04 Mar 2002 08:36:13 -0600
From: "J.D. Bronson" <lists at xpec dot com>
Subject: 4.0.3 and tcp_wrappers
Does anyone have qpopper 4.0.3 running with tcp_wrappers in STANDALONE mode?
I can get this to work under inetd, but not standalone
and the docs dont seem to indicate whether or not this can be done
or even how.
THANX!
Jeff
From: Eddy L O Jansson <eddy at klopper dot net>
Date: Mon, 04 Mar 2002 16:18:50 +0100
Subject: qpopper not rejecting cleartext passwords.
I've experimented. I've read the FAQ. I've browsed the
manual. I've googled. I've noticed the list-archive isn't
searchable. I give up.
How can I make qpopper reject cleartext passwords except
when in a TLS session?
TLS is working:
Mar 4 16:24:20 nynaeve in.qpopper[24178]: (v4.0.3)
TLSv1/SSLv3 handshake with client at eddy.klopper.net
(192.168.1.4); ew session-id; cipher: RC4-SHA (RC4-SHA SSLv3
Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1), 128 bits
However, it still allows:
root@sarucity:/etc# telnet nynaeve 110
Trying 192.168.1.2...
Connected to nynaeve.klopper.net.
Escape character is '^]'.
+OK Qpopper (version 4.0.3) at nynaeve.klopper.net starting.
USER eddy
+OK Password required for eddy.
PASS mypasswordhere
+OK eddy has 0 visible messages (0 hidden) in 0 octets.
Not good.
My /etc/qpopper.cfg says
set clear-text-password = tls <-- PLEASE OBSERVE!
set tls-support = stls
My /etc/inetd.conf is set up as follows:
pop-3 stream tcp nowait root /usr/sbin/tcpd \
/usr/sbin/in.qpopper -f /etc/qpopper.conf
What gives?
--
"That which does not kill me, simply postpones the
inevitable."
Eddy L O Jansson | http://gazonk.org/~eloj
Date: Mon, 4 Mar 2002 07:04:24 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: 4.0.3 and tcp_wrappers
On Mon, Mar 04, 2002 at 08:36:13AM -0600, J.D. Bronson wrote:
> Does anyone have qpopper 4.0.3 running with tcp_wrappers in STANDALONE mode?
>
> I can get this to work under inetd, but not standalone
> and the docs dont seem to indicate whether or not this can be done
> or even how.
tcp_wrappers itself, *by its design*, can only be used for software
running under inetd or xinetd or a similar application. There are some
persistent daemons which use the TCP wrapper libraries themselves to
get a similar effect but AFAIK qpopper can not do that.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Mon, 4 Mar 2002 23:10:37 +0100
From: =?iso-8859-1?Q?René_Brask_Sørensen?= <diff at thefuture.adsl dot dk>
Subject: Don't ask for password...
Hi
After I applyed a mysql patch to qpopper (from http://www.asteroid-b612.org/software/ ) qpopper don't ask for password at login. And i get the following error :
Mar 4 22:16:06 thefuture /usr/sbin/popper[13104]: rene at port251.ds1-ynoe.adsl.cybercity (xxx.xxx.xxx.xxx): -ERR [AUTH] Password supplied for "rene@realhost dot dk" is incorrect.
Mar 4 22:17:22 thefuture /usr/sbin/popper[13104]: rene at port251.ds1-ynoe.adsl.cybercity (xxx.xxx.xxx.xxx): -ERR POP EOF or I/O Error
PLEASE HELP
Rene
Date: Mon, 04 Mar 2002 16:34:16 -0500
From: Daniel Senie <dts at senie dot com>
Subject: Re: 4.0.3 and tcp_wrappers
At 12:04 PM 3/4/02, Clifton Royston wrote:
>On Mon, Mar 04, 2002 at 08:36:13AM -0600, J.D. Bronson wrote:
> > Does anyone have qpopper 4.0.3 running with tcp_wrappers in STANDALONE
> mode?
> >
> > I can get this to work under inetd, but not standalone
> > and the docs dont seem to indicate whether or not this can be done
> > or even how.
>
>tcp_wrappers itself, *by its design*, can only be used for software
>running under inetd or xinetd or a similar application. There are some
>persistent daemons which use the TCP wrapper libraries themselves to
>get a similar effect but AFAIK qpopper can not do that.
sendmail, for example, uses libwrap to allow it to use TCP Wrappers. I make
use of that on my mail systems. You are correct that qpopper does not
presently contain the code to use libwrap. That's something that COULD be
added, but is not there today.
Dan
-----------------------------------------------------------------
Daniel Senie dts at senie dot com
Amaranth Networks Inc. http://www.amaranth.com
Date: Mon, 04 Mar 2002 16:18:07 -0700
From: lance miller <lance at blackfoot dot net>
Subject: not logging with pam_ldap
OS: Sparc Solaris 8
Version: Qpopper 4.0.3
I am trying to log the activity of my qpopper server to my system logs. So
far I cannot get this to happen. I can authenticate, get my mail, but no
log is kept. Here is my configure variables.
Any help would be great. Thanks in advance.
./configure --with-pam=login --enable-log-login-pam
Here is my syslog.conf file
$ more /etc/syslog.conf
#ident "@(#)syslog.conf 1.5 99/02/03 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1999 by Sun Microsystems, Inc.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug; /var/adm/messages
mail.* /var/log/syslog
kern.err;daemon.err /var/adm/messages
*.emerg /var/adm/messages
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
Here is my log.h file
/*
* Copyright (c) 1998-1999 by Sun Microsystems, Inc.
* All rights reserved.
*/
#ifndef _SYS_LOG_H
#define _SYS_LOG_H
#pragma ident "@(#)log.h 1.16 99/11/24 SMI"
#include <sys/strlog.h>
#include <sys/stream.h>
#ifdef __cplusplus
extern "C" {
#endif
#define LOG_CONSMIN 0 /* /dev/conslog minor */
#define LOG_LOGMIN 5 /* /dev/log clone-open minor */
#define LOG_BACKLOG LOG_LOGMIN /* console backlog queue */
#define LOG_CLONEMIN (LOG_LOGMIN + 1) /* smallest /dev/log clone */
#define LOG_MAX (LOG_CLONEMIN + 16) /* up to 16 /dev/log clones */
#define LOG_MID 44 /* module ID */
#define LOG_MINPS 0 /* min packet size */
#define LOG_MAXPS 1024 /* max packet size */
#define LOG_LOWAT 2048 /* threshold for backenable */
#define LOG_HIWAT 1048576 /* threshold for tossing messages */
#define LOG_MAGIC 0xf00d4109U /* "food for log" - unsent msg magic */
#define LOG_RECENTSIZE 8192 /* queue of most recent messages */
#define LOG_MINFREE 4096 /* message cache low water mark */
#define LOG_MAXFREE 8192 /* message cache high water mark */
typedef struct log log_t;
typedef int (log_filter_t)(log_t *, log_ctl_t *);
struct log {
queue_t *log_q; /* message queue */
log_filter_t *log_wanted; /* message filter */
mblk_t *log_data; /* parameters for filter */
short log_flags; /* message type (e.g. SL_CONSOLE) */
int log_overflow; /* messages lost due to QFULL */
};
#define LOG_MSGSIZE 200
typedef struct log_dump {
uint32_t ld_magic; /* LOG_MAGIC */
uint32_t ld_msgsize; /* MBLKL(mp->b_cont) */
uint32_t ld_csum; /* checksum32(log_ctl) */
uint32_t ld_msum; /* checksum32(message text) */
/*
* log_ctl and message text follow here -- see dump_messages()
*/
} log_dump_t;
#ifdef _KERNEL
extern log_t log_log[LOG_MAX]; /* log device state table */
extern short log_active; /* active types (OR of all log_flags fields) */
extern queue_t *log_consq; /* primary console reader queue */
extern queue_t *log_backlog; /* console backlog queue */
extern queue_t *log_recent; /* recent console message queue */
extern queue_t *log_intrq; /* pending high-level interrupt message
queue */
extern log_filter_t log_error;
extern log_filter_t log_trace;
extern log_filter_t log_console;
extern void log_init(void);
extern void log_enter(void);
extern void log_exit(void);
extern void log_update(log_t *, queue_t *, short, log_filter_t);
extern mblk_t *log_makemsg(int, int, int, int, int, void *, size_t, int);
extern void log_freemsg(mblk_t *);
extern void log_sendmsg(mblk_t *);
extern void log_flushq(queue_t *);
#endif /* _KERNEL */
#ifdef __cplusplus
}
#endif
#endif /* _SYS_LOG_H */
Date: Mon, 4 Mar 2002 16:17:03 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: permissions wrong in /var/spool/mail/* after (succesfull)
Qpopper normally assumes that it is setgid 'mail' and when it creates
a spool file likely sets permissions to be group readable. This is
probably for historical or platform-dependent reasons. There is a
compile-time macro to control this, but I don't think there is a
./configure option or run-time option. If there isn't, there should
be.
Date: Mon, 4 Mar 2002 16:24:25 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0.3 and tcp_wrappers
At 4:34 PM -0500 3/4/02, Daniel Senie wrote:
>You are correct that qpopper does not presently contain the code to
>use libwrap. That's something that COULD be added, but is not there
>today.
This is on the wish/to-do list. Patch contributions are, of course,
always welcome.
Date: Mon, 4 Mar 2002 16:21:12 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: qpopper not rejecting cleartext passwords.
At 4:18 PM +0100 3/4/02, Eddy L O Jansson wrote:
> I've experimented. I've read the FAQ. I've browsed the
>manual. I've googled. I've noticed the list-archive isn't
>searchable. I give up.
>
> How can I make qpopper reject cleartext passwords except
>when in a TLS session?
>
>TLS is working:
>
> Mar 4 16:24:20 nynaeve in.qpopper[24178]: (v4.0.3)
>TLSv1/SSLv3 handshake with client at eddy.klopper.net
>(192.168.1.4); ew session-id; cipher: RC4-SHA (RC4-SHA SSLv3
>Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1), 128 bits
>
>However, it still allows:
>
>root@sarucity:/etc# telnet nynaeve 110
>Trying 192.168.1.2...
>Connected to nynaeve.klopper.net.
>Escape character is '^]'.
>+OK Qpopper (version 4.0.3) at nynaeve.klopper.net starting.
>USER eddy
>+OK Password required for eddy.
>PASS mypasswordhere
>+OK eddy has 0 visible messages (0 hidden) in 0 octets.
>
>Not good.
>
>My /etc/qpopper.cfg says
>
> set clear-text-password = tls <-- PLEASE OBSERVE!
> set tls-support = stls
>
>My /etc/inetd.conf is set up as follows:
>
> pop-3 stream tcp nowait root /usr/sbin/tcpd \
> /usr/sbin/in.qpopper -f /etc/qpopper.conf
>
>What gives?
I'm not sure why your 'set clear-text-password=tls' is not honored.
Can you reproduce this with debug tracing?
To enable tracing in Qpopper:
1. Do a 'make clean'
2. Re-run ./configure, adding '--enable-debugging'.
3. Edit the inetd.conf line for Qpopper, adding '-d' or '-t <tracefile-path>'.
4. Send inetd (or xinetd) a HUP signal.
(Steps 3 and 4 are only needed if you use inetd (or xinetd). In
standalone mode, you can add '-d' or '-t <tracefile-path>' to the
command line directly.)
(In either standalone or inetd mode, if you use a configuration file
you can add 'set debug' or 'set tracefile = <tracefile>' to either a
global or user-specific configuration file instead of steps 3 and 4.)
This causes detailed tracing to be written to the syslog or to the
file specified as 'tracefile'.
--
Date: Mon, 4 Mar 2002 16:19:13 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Spool older than cache file error
At 10:59 AM -0800 3/1/02, Dan Schaper wrote:
>I'm seeing this error in my popper logs, is this a configuration error, or
>just a transient self healing error?
The error means that Qpopper didn't trust the cache file, because it
was modified after the spool. Qpopper will create a new cache, but
the cost is that the cache couldn't be used for that session, forcing
Qpopper to read through the spool. Is there another process touching
the cache files?
From: "Bob Lockie" <bjlockie at rogers dot com>
Date: Mon, 04 Mar 2002 20:52:32 -0500
Subject: compile APOP
I'm trying to compile in APOP.
I can compile the clear text version but trying to compile in APOP gives me the compile error.
Can someone help?
I thought it might be a problem with gdbm but I have it on my RedHat7.2 system.
rpm -q gdbm
gdbm-1.8.0-10
./configure --enable-apop=/d2/usr2/local/qpopper4.0.3/ --enable-popuid=pop
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX pop_user.c -o pop_user.o
pop_user.c: In function `pop_user':
pop_user.c:133: `DBM' undeclared (first use in this function)
pop_user.c:133: (Each undeclared identifier is reported only once
pop_user.c:133: for each function it appears in.)
pop_user.c:133: `db' undeclared (first use in this function)
pop_user.c:135: parse error before `int'
pop_user.c:137: `datum' undeclared (first use in this function)
pop_user.c:177: `user_name_len' undeclared (first use in this function)
pop_user.c:210: `pw' undeclared (first use in this function)
pop_user.c:265: `st' undeclared (first use in this function)
pop_user.c:281: `fid' undeclared (first use in this function)
pop_user.c:308: `key' undeclared (first use in this function)
pop_user.c:321: `value' undeclared (first use in this function)
pop_user.c:324: `i' undeclared (first use in this function)
pop_user.c:328: `bFoundUser' undeclared (first use in this function)
make[1]: *** [pop_user.o] Error 1
make[1]: Leaving directory `/d2/usr2/local/qpopper4.0.3/popper'
make: *** [popper_server] Error 2
Subject: Re: compile APOP
From: Kenneth Porter <shiva at well dot com>
Date: 04 Mar 2002 20:37:35 -0800
On Mon, 2002-03-04 at 17:52, Bob Lockie wrote:
> I'm trying to compile in APOP.
> I can compile the clear text version but trying to compile in APOP gives me the compile error.
> Can someone help?
> I thought it might be a problem with gdbm but I have it on my RedHat7.2 system.
> rpm -q gdbm
> gdbm-1.8.0-10
You need gdbm-devel. Developer sub-packages are typically not installed
as the average user doesn't build software from sources.
Subject: Re: Spool older than cache file error
Date: Tue, 5 Mar 2002 10:57:12 +0100 (MET)
From: Eric Luyten <Eric.Luyten at vub.ac dot be>
> At 10:59 AM -0800 3/1/02, Dan Schaper wrote:
>
> >I'm seeing this error in my popper logs, is this a configuration error, or
> >just a transient self healing error?
>
> The error means that Qpopper didn't trust the cache file, because it
> was modified after the spool. Qpopper will create a new cache, but
> the cost is that the cache couldn't be used for that session, forcing
> Qpopper to read through the spool. Is there another process touching
> the cache files?
Not necessarily.
We are also seeing those 'spool older than cache file' messages.
It invariably happens after a new message arrived for a given user AND
a subsequent succesful POP session, with 'leave messages on server' set.
Example : (anonymized)
10:41:34 popper[9816]: Stats: user 0 0 260 23935643 host ip
10:43:36 popper[12048]: Stats: user 0 0 260 23935643 host ip
10:45:42 popper[14462]: Stats: user 0 0 261 23954722 host ip
10:47:54 popper[16942]: spool older than cache file /var/mail/u/s/.user.cache
10:47:59 popper[16942]: Stats: user 0 0 261 23954734 host ip
It is my guess that the session at 10:45:42 did not succeed at updating
the .cache file although no error message to this effect was logged.
The actual check in popper/pop_cache.c seems robust (and simple) enough.
Eric.
Last updated on 5 Mar 2002 by Pensive Mailing List Admin