The qpopper list archive ending on 19 Mar 2002
Topics covered in this issue include:
1.
"Hans Schimek" <office at schimek dot net>
Fri, 15 Mar 2002 07:31:42 +0100
2. Undefined symbol "_net_write"
karl vossen <karl.vossen at pandora dot be>
Fri, 15 Mar 2002 16:05:08 +0100
3. Problems with Solaris 8 and Qpopper - multiple versions
"ListServ" <rbarnes-list at blazenet dot net>
Fri, 15 Mar 2002 10:14:57 -0500
4. Re: Problems with Solaris 8 and Qpopper - multiple versions
Kenneth Porter <shiva at well dot com>
15 Mar 2002 08:05:56 -0800
5. Qpopper not working - please help
"Neil R Porter" <neil at iamanidiot dot com>
Fri, 15 Mar 2002 16:16:53 -0000
6. Re: Problems with Solaris 8 and Qpopper - multiple versions
Randall Gellens <randy at qualcomm dot com>
Fri, 15 Mar 2002 14:38:25 -0800
7. Re: Problems with Solaris 8 and Qpopper - multiple versions
A.Barker at ucl.ac dot uk
Fri, 15 Mar 2002 21:16:16 +0000
8. Re: Problems with Solaris 8 and Qpopper - multiple versions
Clifton Royston <cliftonr at lava dot net>
Fri, 15 Mar 2002 09:02:13 -1000
9. Re: Undefined symbol "_net_write"
Clifton Royston <cliftonr at lava dot net>
Fri, 15 Mar 2002 08:17:15 -1000
10. Re: Undefined symbol "_net_write"
karl vossen <karl.vossen at pandora dot be>
Sat, 16 Mar 2002 11:29:24 +0100
11. BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Alan Brown <alanb at digistar dot com>
Sat, 16 Mar 2002 08:30:50 -0500 (EST)
12. Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Kenneth Porter <shiva at well dot com>
16 Mar 2002 06:34:14 -0800
13. Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Michael Zimmermann <zim at vegaa dot de>
Sat, 16 Mar 2002 16:06:55 +0100
14. Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Clifton Royston <cliftonr at lava dot net>
Sat, 16 Mar 2002 09:05:55 -1000
15. Re: Qpopper not working - please help
Clifton Royston <cliftonr at lava dot net>
Sat, 16 Mar 2002 09:15:43 -1000
16. Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Gregory Hicks <ghicks at cadence dot com>
Sat, 16 Mar 2002 12:51:19 -0800 (PST)
17. Re: Server mode and IMAP/WebMail
Clifton Royston <cliftonr at lava dot net>
Sat, 16 Mar 2002 14:53:03 -1000
18. Newbie question
"Chris" <yahoogroups at xymox1 dot com>
Sat, 16 Mar 2002 21:01:40 -0700
19. Re: Newbie question
Randall Gellens <randy at qualcomm dot com>
Sat, 16 Mar 2002 22:11:25 -0800
20. Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Randall Gellens <randy at qualcomm dot com>
Sat, 16 Mar 2002 22:07:10 -0800
21. RE: Newbie question
Randall Gellens <randy at qualcomm dot com>
Sat, 16 Mar 2002 23:08:40 -0800
22. Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Alan Brown <alanb at digistar dot com>
Sun, 17 Mar 2002 06:50:56 -0500 (EST)
23. Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Anders Johansson <andjoh at cicada.linux-site dot net>
Sun, 17 Mar 2002 12:59:20 +0100
24. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Michael Zimmermann <zim at vegaa dot de>
Sun, 17 Mar 2002 21:18:40 +0100
25. qpopper woudn't start: Socket operation on non-socket
"Bernd Prager" <bprager at iamerica dot net>
Sun, 17 Mar 2002 17:04:53 -0500
26. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Clifton Royston <cliftonr at lava dot net>
Sun, 17 Mar 2002 12:20:28 -1000
27. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Clifton Royston <cliftonr at lava dot net>
Sun, 17 Mar 2002 12:45:10 -1000
28. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Michael Zimmermann <zim at vegaa dot de>
Mon, 18 Mar 2002 00:20:00 +0100
29. Possible patch for buffer problem
Clifton Royston <cliftonr at lava dot net>
Sun, 17 Mar 2002 13:22:12 -1000
30. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Clifton Royston <cliftonr at lava dot net>
Sun, 17 Mar 2002 13:33:53 -1000
31. Additional patch - should help "bulletproofing"
Clifton Royston <cliftonr at lava dot net>
Sun, 17 Mar 2002 14:18:12 -1000
32. Re: Undefined symbol "_net_write"
Clifton Royston <cliftonr at lava dot net>
Sun, 17 Mar 2002 16:40:26 -1000
33. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Kenneth Porter <shiva at well dot com>
18 Mar 2002 08:03:50 -0800
34. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Oliver Fleischmann <ogf at bnv-bamberg dot de>
Mon, 18 Mar 2002 17:45:25 +0100 (MET)
35. Re: Additional patch - should help "bulletproofing"
Kenneth Porter <shiva at well dot com>
18 Mar 2002 08:50:05 -0800
36. RE: BUGTRAQ: Bug in QPopper (All Versions?)
Drew Weaver <drew.weaver at thenap dot com>
Mon, 18 Mar 2002 11:56:28 -0500
37. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Clifton Royston <cliftonr at lava dot net>
Mon, 18 Mar 2002 08:26:02 -1000
38. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Patrick Guillot <pguillot at paanjaru dot com>
Mon, 18 Mar 2002 21:26:02 +0100
39. Re: Problems with Solaris 8 and Qpopper - multiple versions
"Christopher Crowley" <ccrowley at tulane dot edu>
Mon, 18 Mar 2002 15:44:32 -0600
40. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Randall Gellens <randy at qualcomm dot com>
Mon, 18 Mar 2002 20:10:20 -0600
41. SIGPIPE errors with Qpopper 4.0.3.
Ted Cabeen <ted at impulse dot net>
Mon, 18 Mar 2002 21:51:07 -0800
42. The "tls-support" option cannot be used because a required compile-time option was not set.
"Bernd Prager" <bernd at prager dot ws>
Tue, 19 Mar 2002 01:11:10 -0500
43. So close I can smell it! - please help
"Neil R Porter" <neil at iamanidiot dot com>
Tue, 19 Mar 2002 15:30:42 -0000
44. So close I can smell it! - please help
"Neil R Porter" <neil at iamanidiot dot com>
Tue, 19 Mar 2002 09:37:08 -0000
45. Re: So close I can smell it! - please help
Ted Cabeen <ted at impulse dot net>
Tue, 19 Mar 2002 09:07:53 -0800
46. Re: SIGPIPE errors with Qpopper 4.0.3.
Chis Payne <cpayne at pr.uoguelph dot ca>
Tue, 19 Mar 2002 12:37:48 -0500
47. Re: So close I can smell it! - please help
Clifton Royston <cliftonr at lava dot net>
Tue, 19 Mar 2002 12:22:05 -1000
48. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Randall Gellens <randy at qualcomm dot com>
Tue, 19 Mar 2002 18:04:48 -0600
49. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Randall Gellens <randy at qualcomm dot com>
Tue, 19 Mar 2002 23:19:01 -0600
50. Re: BUGTRAQ: Bug in QPopper (All Versions?)
Clifton Royston <cliftonr at lava dot net>
Tue, 19 Mar 2002 20:36:31 -1000
From: "Hans Schimek" <office at schimek dot net>
Subject:
Date: Fri, 15 Mar 2002 07:31:42 +0100
This is a multi-part message in MIME format.
------=_NextPart_000_001D_01C1CBF3.752672B0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
unsubscribe
------=_NextPart_000_001D_01C1CBF3.752672B0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;
charset=US-ASCII">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2713.1100" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN
class=697333106-15032002>unsubscribe</SPAN></FONT></DIV></BODY></HTML>
------=_NextPart_000_001D_01C1CBF3.752672B0--
Date: Fri, 15 Mar 2002 16:05:08 +0100
From: karl vossen <karl.vossen at pandora dot be>
Subject: Undefined symbol "_net_write"
hi all,
i'm new to this list and to qpopper in general.
as I couldnt find any related problem in the archives, here's my problem:
freshly built and installed qpopper on netbsd/mac68k from the
packagesource and all went fine; added the line to inetd.conf and all.
when i tried to retrieve some testmail with eudora on the mac, it
complained that the server wouldnt respond.
so, as stated in the faq, i tried to telnet pop3 with this as an answer:
/usr/libexec/ld.so: Undefined symbol "_net_write" in
qpopper:/usr/lib/libkrb.so.4.0
que?
i dont even have a clue about the nature of this problem.
show me the path...
greets,
karl.
--
From: "ListServ" <rbarnes-list at blazenet dot net>
Subject: Problems with Solaris 8 and Qpopper - multiple versions
Date: Fri, 15 Mar 2002 10:14:57 -0500
I work for an ISP, and we have several thousand email accounts. My
currently POP server is running Solaris 2.5.1 and Qpopper 3.1.2. Other than
the fact that the box is getting older, and drive space is becoming limited,
the box is running fine.
I'm attempting to upgrade my POP server to a new box (bigger) running
Solaris 8. I've configured the box, and thought everything was working
great. I put the new box in service yesterday morning, and at first
everything was humming along great -- this was in the early morning hours,
when utilization was low. As it got closer to peak time (8am) things
started to worsen and worsen quickly.
The POP service took longer and longer to respond. Load average on the box
wasn't high, CPU utilization wasn't high either. However, doing a "df -k"
command I noticed that my swap space was shrinking dramatically. I have 1GB
of swap space setup (I also have 1GB of RAM), and I was down to less have
400MB of swap space. I then discovered that I had over 1500 active popper
sessions running on the box at same time "ps -ef|grep popper|wc -l" My
current POP server is lucky if it ever sees 100 concurrent sessions... big
difference. This was using QPopper 4.0.3.
I also noticed that there were several popper sessions that were currently
running that were actually myself checking mail on the box (7 sessions to be
exact), and I had closed my mail program by this time. There were other
multiple sessions too from other users.
my entry in the inetd.conf file looks like this:
pop3 stream tcp nowait.600 root /usr/local/lib/popper popper -R
the .600 is there because the default of 40 instances per second just wasn't
enough, and 100 didn't seem to help, 150 didn't help... 600 worked, and
still is.
Thinking perhaps the version of qpopper was the problem, I then installed
version 3.1.2 (this is the version I'm currently running). Same problem. I
then went to sunfreeware.com to get a pre-compiled version (thinking I was
doing something wrong other than "./configure;make" I noticed a note on the
site saying there were reports of problems with Solaris 8 and qpopper
(didn't specify what problems though).
To summarize Solaris 8 and Qpopper (versions 3.0.2, 3.1.2, and 4.0.3) seem
to have an issue where the pop sessions take an extremely long time to
finish and close. Upping the nowait.[max num] parameter helps because it
allows more popper sessions to be created in a 60 second window, but that's
not fixing the problem, and ultimately not doing me any good.
Searching through the archives of this list group, and doing google searches
hasn't netted anything yet. If anyone has any suggestions, please let me
know.
Subject: Re: Problems with Solaris 8 and Qpopper - multiple versions
From: Kenneth Porter <shiva at well dot com>
Date: 15 Mar 2002 08:05:56 -0800
On Fri, 2002-03-15 at 07:14, ListServ wrote:
> To summarize Solaris 8 and Qpopper (versions 3.0.2, 3.1.2, and 4.0.3) seem
> to have an issue where the pop sessions take an extremely long time to
> finish and close. Upping the nowait.[max num] parameter helps because it
> allows more popper sessions to be created in a 60 second window, but that's
> not fixing the problem, and ultimately not doing me any good.
Have you run ps or netstat to see what qpopper is doing after a client
disconnects? Have you tried enabling tracing to see where it's hung up?
From: "Neil R Porter" <neil at iamanidiot dot com>
Subject: Qpopper not working - please help
Date: Fri, 15 Mar 2002 16:16:53 -0000
Hi all
I have Mandrake 8.1 running with postfix and qpopper (both installed
straight using rpms). I can send email from a remote machine email
client but when I reply back back to the server it gets returned with
the error shown at the bottom of this email. So I'm guessing qpopper
isn't setup properly. Please help if you can I am at my wit's end.
I have the following in xinetd.conf
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
<><><><><><><><><><><><><><>
and in /etc/xinet.d/pop3 i have
# qpopper config file for xinetd
service pop3
{
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.qpopper
server_args = in.qpopper -s
log_on_failure += HOST
log_on_success += HOST
}
<><><><><><><><><><><><><><>
and in /etc/services there is included the line
pop3 110/tcp Post Office Protocol - Version 3
pop3 110/udp Post Office Protocol - Version 3
<><><><><><><><><><><><><><>
I get the following messaged returned to me :(
<><><><><><><><><><><><><><>
----- The following addresses had permanent fatal errors -----
<neil at nrpmedia dot net>
(reason: 554 <neil at mydomain dot net>: Recipient address rejected: Relay
access denied)
----- Transcript of session follows -----
... while talking to mydomain.net.:
>>> RCPT To:<neil at mydomain dot net>
<<< 554 <neil at mydomain dot net>: Recipient address rejected: Relay access
denied 554 5.0.0 Service unavailable
<><><><><><><><><><><><><><>
Thanks for any help
Neil
Date: Fri, 15 Mar 2002 14:38:25 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Problems with Solaris 8 and Qpopper - multiple versions
At 10:14 AM -0500 3/15/02, ListServ wrote:
>I also noticed that there were several popper sessions that were currently
>running that were actually myself checking mail on the box (7 sessions to be
>exact), and I had closed my mail program by this time. There were other
>multiple sessions too from other users.
What does a truss(1) on the processes show?
Qpopper has a mutual-exclusion file to prevent simultaneous sessions.
For that to fail something must be seriously wrong.
Subject: Re: Problems with Solaris 8 and Qpopper - multiple versions
From: A.Barker at ucl.ac dot uk
Date: Fri, 15 Mar 2002 21:16:16 +0000
>I work for an ISP, and we have several thousand email accounts. My
>currently POP server is running Solaris 2.5.1 and Qpopper 3.1.2. Other than
>the fact that the box is getting older, and drive space is becoming limited,
>the box is running fine.
>
>I'm attempting to upgrade my POP server to a new box (bigger) running
>Solaris 8. I've configured the box, and thought everything was working
>great. I put the new box in service yesterday morning, and at first
>everything was humming along great -- this was in the early morning hours,
>when utilization was low. As it got closer to peak time (8am) things
>started to worsen and worsen quickly.
We also have this problem, and it is clearly a Solaris 8 problem, as we
have two identical machines, one Solaris 2.6, one Solaris 8, both
running the same version of Qpopper, and both with the same load, as we
use DNS and round-robin to share the load. We run a simple Perl program
to simulate a POP session and time the response, and the response for
the Solaris 8 system under load is sometimes much worse, by an order of
magnitude, than the Solaris 2.6 system. We currently have an open call
with Sun about this, but they want us to apply the latest patches first,
which we hope to do next week. Do you use NFS ? We have a single mail spool
which is NFS mounted, and wonder if there is a concurrency problem with
NFS or file locking.
Adrian Barker, Information Systems
University College London, Gower Street, London WC1E 6BT
External phone: (+44) 020 7679 2795, Fax (+44) 20 7388 5406
Internal phone: x 32795
Email: A.Barker at ucl.ac dot uk
Date: Fri, 15 Mar 2002 09:02:13 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Problems with Solaris 8 and Qpopper - multiple versions
On Fri, Mar 15, 2002 at 10:14:57AM -0500, ListServ wrote:
...
> I'm attempting to upgrade my POP server to a new box (bigger) running
> Solaris 8. I've configured the box, and thought everything was working
> great. I put the new box in service yesterday morning, and at first
> everything was humming along great -- this was in the early morning hours,
> when utilization was low. As it got closer to peak time (8am) things
> started to worsen and worsen quickly.
>
> The POP service took longer and longer to respond. Load average on the box
> wasn't high, CPU utilization wasn't high either. However, doing a "df -k"
> command I noticed that my swap space was shrinking dramatically. I have 1GB
> of swap space setup (I also have 1GB of RAM), and I was down to less have
> 400MB of swap space. I then discovered that I had over 1500 active popper
> sessions running on the box at same time "ps -ef|grep popper|wc -l" My
> current POP server is lucky if it ever sees 100 concurrent sessions... big
> difference. This was using QPopper 4.0.3.
...
Ouch. Sounds pretty nightmarish.
It sounds like there is some problem with signal or socket handling, or
with the combination of the two, such that qpopper never sees the
incoming connection go away. That might mean it would fail to
terminate unless it sees a "QUIT" from the client, though I would
expect it to time out and terminate anyway in that case.
There are many clients which don't send a "QUIT" message. For these
clients you *should* be seeing log messages like:
... I/O error flushing output to client xxxxxxx at xx.yy.zz.ww [xx.yy.zz.ww]:
Operation not permitted (1)
... xxxxxxx at xx.yy.zz.ww (xx.yy.zz.ww): -ERR POP hangup from server.example.com
or
... xxxxxxx at xx.yy.zz.ww (xx.yy.zz.ww): -ERR POP EOF or I/O Error
If you *never* see these messages, it's probably a serious problem,
because it means that qpopper never sees from the OS that a client has
gone away on it.
> I also noticed that there were several popper sessions that were currently
> running that were actually myself checking mail on the box (7 sessions to be
> exact), and I had closed my mail program by this time. There were other
> multiple sessions too from other users.
It shouldn't be able to start a second session unless the first session
is *nearly* completely terminated - temp file closed, etc. It sounds
to me like some bug in Solaris is causing it to hang when it is trying
to terminate. Maybe Solaris is blocking on writes to a closed/vanished
socket, instead of terminating the write with an error?
> my entry in the inetd.conf file looks like this:
> pop3 stream tcp nowait.600 root /usr/local/lib/popper popper -R
>
> the .600 is there because the default of 40 instances per second just wasn't
> enough, and 100 didn't seem to help, 150 didn't help... 600 worked, and
> still is.
This normally needs to be fixed for busy systems, but doesn't sound like
it relates.
> To summarize Solaris 8 and Qpopper (versions 3.0.2, 3.1.2, and 4.0.3) seem
> to have an issue where the pop sessions take an extremely long time to
> finish and close. Upping the nowait.[max num] parameter helps because it
> allows more popper sessions to be created in a 60 second window, but that's
> not fixing the problem, and ultimately not doing me any good.
Maybe the OS is not detecting the TCP connections as vanished, and is
therefore keeping the processes hanging around, blocked on their final
writes to it. Try checking the timeouts for TCP-related issues on
Solaris 8 and your previous server, with sysctl or the Solaris
equivalent. I have no access to a Solaris system, and no time to
troubleshoot this even if I did, but I know there are other Solaris
users on the list.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Fri, 15 Mar 2002 08:17:15 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Undefined symbol "_net_write"
On Fri, Mar 15, 2002 at 04:05:08PM +0100, karl vossen wrote:
> freshly built and installed qpopper on netbsd/mac68k from the
> packagesource and all went fine; added the line to inetd.conf and all.
> when i tried to retrieve some testmail with eudora on the mac, it
> complained that the server wouldnt respond.
> so, as stated in the faq, i tried to telnet pop3 with this as an answer:
> /usr/libexec/ld.so: Undefined symbol "_net_write" in
> qpopper:/usr/lib/libkrb.so.4.0
> que?
> i dont even have a clue about the nature of this problem.
> show me the path...
If I recall correctly (though I'm not a NetBSD guy) libkrb should be
Kerberos, so you've somehow built in support for Kerberos
authentication into qpopper, dynamically linked in. Then the Kerberos
library is missing some other reference it needs, probably from some
other dynamic library. If you don't need Kerberos, I'd go back to the
"configure" step of building the package and look at the options you
used, and maybe change the authentication configure options to not use
it. If you do need Kerberos, you need to figure out why it's not
finding this _net_write module.
Running "ldd -r" both on the qpopper binary and the Kerberos library
may help you figure out the library dependencies.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sat, 16 Mar 2002 11:29:24 +0100
From: karl vossen <karl.vossen at pandora dot be>
Subject: Re: Undefined symbol "_net_write"
hi,
i still get:
/usr/libexec/ld.so: Undefined symbol "_net_write" in
qpopper:/usr/lib/libkrb.so.4.0
when trying to telnet pop3
>Clifton:
>If I recall correctly (though I'm not a NetBSD guy) libkrb should be
>Kerberos, so you've somehow built in support for Kerberos
>authentication into qpopper, dynamically linked in. Then the Kerberos
>library is missing some other reference it needs, probably from some
>other dynamic library. If you don't need Kerberos, I'd go back to the
>"configure" step of building the package and look at the options you
>used,
thats what I did, without the error going away, so I found :
CONFIGURE_ARGS= --libexecdir=/usr/pkg/libexec
--sysconfdir=/usr/pkg/etc --enable-apop=/etc/apop.auth
--with-popuid=pop --enable-log-facility=LOG_LOCAL1
--disable-update-abort --without-gdbm
--with-openssl=/usr/pkgsrc/mail/qpopper/work/.buildlink
--host=m68k--netbsd --prefix=/usr/pkg
apparently, no Kerberos support;
so i went on to the following tip:
>Running "ldd -r" both on the qpopper binary and the Kerberos library
>may help you figure out the library dependencies.
ldd /usr/pkg/libexec/qpopper
/usr/pkg/libexec/qpopper:
-lresolv.1 => /usr/lib/libresolv.so.1.0 (0x4040000)
-lkrb.4 => /usr/lib/libkrb.so.4.0 (0x4049000)
-lcrypt.0 => /usr/lib/libcrypt.so.0.0 (0x405d000)
-lssl.1 => /usr/lib/libssl.so.1.0 (0x4063000)
-lcrypto.0 => /usr/lib/libcrypto.so.0.2 (0x408d000)
-lc.12 => /usr/lib/libc.so.12.62.1 (0x4140000)
and hey! its still there!
?????????????????????????
karl.
--
Date: Sat, 16 Mar 2002 08:30:50 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
I haven't seen this reported here
---------- Forwarded message ----------
Date: 15 Mar 2002 01:51:10 -0000
From: Dustin Childers <dustin at acm dot org>
To: bugtraq at securityfocus dot com
Subject: Bug in QPopper (All Versions?)
Description:
When sending a string that has 2048+ characters in
it, the
in.qpopper or popper process will begin to use
massive
amounts of CPU and will not stop until it is manually
killed.
Versions Affected:
I tested this on 4.0.1 and 4.0.3.
4.0.2 is probably vulnerable also.
Older versions may also be vulnerable. I haven't
tested those.
This works locally and remotely.
Patch Information:
I attempted to patch this but I was not successful. I
found
that the most reasonable place for this would be the
msg_buf
in popper/main.c or msg_buf in
password/poppassd.c.
Dustin E. Childers
Security Administrator
http://www.digitux.net/
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
From: Kenneth Porter <shiva at well dot com>
Date: 16 Mar 2002 06:34:14 -0800
On Sat, 2002-03-16 at 05:30, Alan Brown wrote:
>
> I haven't seen this reported here
Here's the website so Randall can look it up quickly:
http://online.securityfocus.com/archive/1
The message was posted on 3/15.
While looking at the code, I see that there are 3 routines (msg,
err_dump, and err_msg) that all share the same logic for populating
msg_buf from a vararg list. Seems like the common code should be
factored out to avoid copy-and-paste bugs.
From: Michael Zimmermann <zim at vegaa dot de>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Date: Sat, 16 Mar 2002 16:06:55 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Had some busy night on this.
Up to now I could NOT reproduce the bug with qpopper-4.0.3.
on a x86 linux (kernel 2.4.10).
Anybody got more luck, and/or might care to send me a proof
of concept? (off-list please, until Eudora had a chance to answer)
Greetings
Michael
- --
Michael Zimmermann (Vegaa Safety and Security for Internet Services)
<zim at vegaa dot de> phone +49 89 6283 7632 hotline +49 163 823 1195
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8k1+P72vu22ltWBERAnb/AJ4/uDOADTsZRqcUO2HLAO0bVLLO3wCZAR4r
A85iB7UvS5POy4MEnl5zWRg
=vBxT
-----END PGP SIGNATURE-----
Date: Sat, 16 Mar 2002 09:05:55 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
On Sat, Mar 16, 2002 at 08:30:50AM -0500, Alan Brown wrote:
> I haven't seen this reported here
I've corresponded briefly with the author and tried to reproduce it.
I can't see the problem as described on any of my BSD/OS systems, e.g.
when pasting a string of 2560 'a's at the initial prompt ('user'
command input state.) qpopper reports a -ERR error message and, yes,
fails to exit promptly as it should, but unlike the problem description
it takes 0.0% CPU and terminates normally when the socket connection is
broken by disconnecting.
I think it must be an OS-dependent problem, though there clearly is a
bug there in its not cutting off the client promptly after the error.
-- Clifton
> ---------- Forwarded message ----------
> Date: 15 Mar 2002 01:51:10 -0000
> From: Dustin Childers <dustin at acm dot org>
> To: bugtraq at securityfocus dot com
> Subject: Bug in QPopper (All Versions?)
>
>
> Description:
> When sending a string that has 2048+ characters in
> it, the
> in.qpopper or popper process will begin to use
> massive
> amounts of CPU and will not stop until it is manually
> killed.
>
> Versions Affected:
> I tested this on 4.0.1 and 4.0.3.
> 4.0.2 is probably vulnerable also.
> Older versions may also be vulnerable. I haven't
> tested those.
>
> This works locally and remotely.
>
> Patch Information:
> I attempted to patch this but I was not successful. I
> found
> that the most reasonable place for this would be the
> msg_buf
> in popper/main.c or msg_buf in
> password/poppassd.c.
>
> Dustin E. Childers
> Security Administrator
> http://www.digitux.net/
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sat, 16 Mar 2002 09:15:43 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Qpopper not working - please help
On Fri, Mar 15, 2002 at 04:16:53PM -0000, Neil R Porter wrote:
> Hi all
>
> I have Mandrake 8.1 running with postfix and qpopper (both installed
> straight using rpms). I can send email from a remote machine email
> client but when I reply back back to the server it gets returned with
> the error shown at the bottom of this email. So I'm guessing qpopper
> isn't setup properly. Please help if you can I am at my wit's end.
This has nothing to do with qpopper. Qpopper doesn't send mail, it
delivers it to your client. It looks like you've misconfigured postfix
so it doesn't accept mail to your domain. Read the postfix docs on
getting started - you can't generally install it and run it without at
least setting the domain name and network you want it to handle mail
for.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sat, 16 Mar 2002 12:51:19 -0800 (PST)
From: Gregory Hicks <ghicks at cadence dot com>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
> Date: Sat, 16 Mar 2002 09:05:55 -1000
> From: Clifton Royston <cliftonr at lava dot net>
>
> On Sat, Mar 16, 2002 at 08:30:50AM -0500, Alan Brown wrote:
> > I haven't seen this reported here
>
> I've corresponded briefly with the author and tried to reproduce it.
>
> I can't see the problem as described on any of my BSD/OS systems, e.g.
> when pasting a string of 2560 'a's at the initial prompt ('user'
> command input state.) qpopper reports a -ERR error message and, yes,
> fails to exit promptly as it should, but unlike the problem
description
> it takes 0.0% CPU and terminates normally when the socket connection
is
> broken by disconnecting.
>
> I think it must be an OS-dependent problem, though there clearly is a
> bug there in its not cutting off the client promptly after the error.
Dustin said that he had only tested on RedHat 7.2 ...
> -- Clifton
>
> > ---------- Forwarded message ----------
> > Date: 15 Mar 2002 01:51:10 -0000
> > From: Dustin Childers <dustin at acm dot org>
> > To: bugtraq at securityfocus dot com
> > Subject: Bug in QPopper (All Versions?)
> >
> >
> > Description:
> > When sending a string that has 2048+ characters in
> > it, the
> > in.qpopper or popper process will begin to use
> > massive
> > amounts of CPU and will not stop until it is manually
> > killed.
> >
> > Versions Affected:
> > I tested this on 4.0.1 and 4.0.3.
> > 4.0.2 is probably vulnerable also.
> > Older versions may also be vulnerable. I haven't
> > tested those.
> >
> > This works locally and remotely.
> >
> > Patch Information:
> > I attempted to patch this but I was not successful. I
> > found
> > that the most reasonable place for this would be the
> > msg_buf
> > in popper/main.c or msg_buf in
> > password/poppassd.c.
> >
> > Dustin E. Childers
> > Security Administrator
> > http://www.digitux.net/
>
> --
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479
San Jose, CA 95134 | Internet: ghicks at cadence dot com
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
"The trouble with doing anything right the first time is that nobody
appreciates how difficult it was."
When a team of dedicated individuals makes a commitment to act as
one... the sky's the limit.
Date: Sat, 16 Mar 2002 14:53:03 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Server mode and IMAP/WebMail
On Thu, Mar 14, 2002 at 12:24:45PM -0800, Dan Schaper wrote:
> I've seen Clifton's patch for Server mode/shell access protection, but how
> about Server mode and IMAP or Server mode and WebMail access to the spool?
> Potential corruption?
Yes, with a high likelihood.
I'm working on releasing a patch which addresses this via making
qpopper lock-compatible with UW-IMAPD.
My life in the form of my day job has intervened and slowed this down;
the code works but isn't yet fit to integrate into the main release
(and a belated code walkthrough here turned up at least one bug and
several recommended rewrites.)
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sat, 16 Mar 2002 21:01:40 -0700
From: "Chris" <yahoogroups at xymox1 dot com>
Subject: Newbie question
Ok, so....
I downloaded and got running 4.0.3. All went well. Im on OpenBSD using
OpenSSL.
Configured for OpenSSL and moved certs and did all the configuring.
Using Eudora TLS/SSL work without any problems at all.
HOWEVER then came Outlook XP. Setting to "use SSL" and port 110 results
in lots of garbage in the Qpopper log file and clearly Qpopper doesn't
talk with Outlook (What a surprize !!!)
What's the secret here.
If the answer is "alternate-port" can someone give me a clear
explanation of how to do this, as I am quite certain that the qpopper 4
PDF manual is not correct, you have do to way more then simply add
"alternate-port". For example what do I do in Xinetd for that port ?.
Then again mabey Outlook XP just wont work with Qpopper and TLS/SSL...
I need Outlook to work SSL with Qpopper so please refrain from telling
me to use Eudora :) YES I realize its much better.
Date: Sat, 16 Mar 2002 22:11:25 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Newbie question
You want to have an inetd entry for each port, so one for pop3 and
one for pop3s. Give each a different config file in inetd. Each is
just a two-line file: set tls to stls or alternate-port, and process
the main config file. The main config file sets up the certs and any
other options.
Date: Sat, 16 Mar 2002 22:07:10 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
So far I haven't been able to reproduce this on any of the OSes I've
tried. We're setting up the RedHat version that this was reported
against and will try it on that.
Date: Sat, 16 Mar 2002 23:08:40 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: RE: Newbie question
At 11:27 PM -0700 3/16/02, Chris Stephens wrote:
> So your saying Outlook XP will recognize Qpopper on 995 ?
Yes.
> And all will be good ?.
Well, no, not all. You'll still be using Outlook :-(
> Separately your saying start two and configure one for 995 ?
Yes, that's it. Configure one for STLS on 110 and the other for
alternate-port on 995. Then users with standards-compliant mail
clients who know how to do STLS will be happy, and those with clients
that insist on alternate-port will also work.
Date: Sun, 17 Mar 2002 06:50:56 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
On Sat, 16 Mar 2002, Randall Gellens wrote:
> So far I haven't been able to reproduce this on any of the OSes I've
> tried. We're setting up the RedHat version that this was reported
> against and will try it on that.
So you can confirm that no attempt was made to contact you about this
prior to disclosure on Bugtraq?
From: Anders Johansson <andjoh at cicada.linux-site dot net>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?) (fwd)
Date: Sun, 17 Mar 2002 12:59:20 +0100
On Sunday 17 March 2002 07.07, Randall Gellens wrote:
> So far I haven't been able to reproduce this on any of the OSes I've
> tried. We're setting up the RedHat version that this was reported
> against and will try it on that.
Were you able to reproduce my bugreport? Could it be the same problem in
action?
From: Michael Zimmermann <zim at vegaa dot de>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
Date: Sun, 17 Mar 2002 21:18:40 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As it's now allready on the air, you all may want to have a look at
Dustin Childers info about the bug (including a patch)
http://www.digitux.net/security/advisories.html?id=34&display=info
My advice is it, to update NOW. The error gives an all too easy DOS.
Ahem, and of course SuSE is also vulnerable, if qpopper is used.
I reproduced the error on a SuSE 7.3 with qpopper 4.0.3.
Don't know about the older versions, but as I see it, the error is a classical
program-bug and therefore independant on the OS used (but perhaps
very old qpopper versions may not be affected - check your source).
Greetings
- --
Michael Zimmermann (Vegaa Safety and Security for Internet Services)
<zim at vegaa dot de> phone +49 89 6283 7632 hotline +49 163 823 1195
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8lPog72vu22ltWBERAtxsAJ0dfgc9pUmnRA1tjis44sX+2L7V7gCfR44o
Ot2R6f+Y80bWoPWbpgcQG5g
=T466
-----END PGP SIGNATURE-----
From: "Bernd Prager" <bprager at iamerica dot net>
Subject: qpopper woudn't start: Socket operation on non-socket
Date: Sun, 17 Mar 2002 17:04:53 -0500
Hi everybody,
I compiled qpopper4.0.3 on RedHat 7.2. successfully.
When I try to start it complains:
"[19927] Unable to obtain socket and address of client: Socket operation on
non-socket (88) [pop_init.c:1029]"
I tried it as service and standalone.
A pop3 entry is in my services:
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
And a pop3 file is in my xinet.d/ directory:
service pop3
{
socket_type =stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/popper
server_args = -c -p0 -s -f /etc/popper.config
only_from = 0.0.0.0/0
instances =30
log_on_success += USERID
log_on_failure += USERID
nice = -2
port = 110
}
Can anybody help me to get this working?
Thanks a lot,
-- Bernd
Date: Sun, 17 Mar 2002 12:20:28 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
On Sun, Mar 17, 2002 at 09:18:40PM +0100, Michael Zimmermann wrote:
> As it's now allready on the air, you all may want to have a look at
> Dustin Childers info about the bug (including a patch)
>
> http://www.digitux.net/security/advisories.html?id=34&display=info
>
> My advice is it, to update NOW. The error gives an all too easy DOS.
>
> Ahem, and of course SuSE is also vulnerable, if qpopper is used.
> I reproduced the error on a SuSE 7.3 with qpopper 4.0.3.
> Don't know about the older versions, but as I see it, the error is a classical
> program-bug and therefore independant on the OS used (but perhaps
> very old qpopper versions may not be affected - check your source).
While there is definitely a bug, and an embarrassing one at that, I
believe the DOS effect is OS-dependent, and have commented on this to
the initial reporter, Dustin Childers. I'd be tempted to think the bug
is dependent on the Linux kernel, except that he lists it as
reproducible in Solaris 7 and FreeBSD 4.4. Apparently however he's not
listing systems where it can not be reproduced?
I have been unable to reproduce the problem on BSD/OS 4.0.1 or 4.1, the
systems where I'm already running qpopper - yes, there's an error, and
the process fails to time out and forcibly close the connection, but it
is taking 0.0% CPU and goes away immediately when the socket to the
client goes away. There's no visible impact on system performance. It
sounds like some of the qpopper developers are still trying to
reproduce the DOS effect on other operating systems.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sun, 17 Mar 2002 12:45:10 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
On Sun, Mar 17, 2002 at 09:18:40PM +0100, Michael Zimmermann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As it's now allready on the air, you all may want to have a look at
> Dustin Childers info about the bug (including a patch)
>
> http://www.digitux.net/security/advisories.html?id=34&display=info
>
> My advice is it, to update NOW. The error gives an all too easy DOS.
A further heads-up - I am not an expert on this part of the popper
code, but looking at where that patch goes in context, the fix does
*not* look right, and it looks to me like it could break this whole
area under other boundary conditions. There's already logic in the
code to read and discard data that overflows the buffer, though for
some reason it's not working in this case; and I think the supplied
patch might break it further, possibly triggering a SEGFAULT on the
line where that "break" ends up if debugging is enabled. I would not
blindly trust it.
(If anything, I think that "break" needs to become a "next" if there
was simply no data to read at that point, along with some extra checks
for possible system call errors.)
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
From: Michael Zimmermann <zim at vegaa dot de>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
Date: Mon, 18 Mar 2002 00:20:00 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At Sonntag, 17. März 2002 23:20 Clifton Royston wrote:
> While there is definitely a bug, and an embarrassing one at that, I
> believe the DOS effect is OS-dependent, and have commented on this to
> the initial reporter, Dustin Childers. I'd be tempted to think the bug
> is dependent on the Linux kernel, except that he lists it as
> reproducible in Solaris 7 and FreeBSD 4.4. Apparently however he's not
> listing systems where it can not be reproduced?
Hi Clifton,
There is a difference between not beeing able to reproduce an error
and claiming it's non-existance.
> I have been unable to reproduce the problem on BSD/OS 4.0.1 or 4.1, the
> systems where I'm already running qpopper - [...]
I'm sorry, I don't have access to an BSD system
to verify or deny that conclusion of yours.
But there's no harm in patching the error, hmmm?
Patch is on http://www.digitux.net/qpopper.patch
My POP server is secured regarding this error
- - I can sleep.
Good night
- --
Michael Zimmermann (Vegaa Safety and Security for Internet Services)
<zim at vegaa dot de> phone +49 89 6283 7632 hotline +49 163 823 1195
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8lSSg72vu22ltWBERAo01AJ9NXTpSUaB5HE+YfBg7AGdEnYs0iACcCd76
EFv/20PYofYj3K0XQukHUdw
=QF9T
-----END PGP SIGNATURE-----
Date: Sun, 17 Mar 2002 13:22:12 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Possible patch for buffer problem
Does someone with a system who can reproduce the problem want to try
out this patch? I believe it may be more correct than the currently posted
one at <http://www.digitux.net/qpopper.patch>
Line numbers might not quite match the stock qpopper when applied
with "patch" because I have been doing other development work on this
version.
This seems to produce more correct behavior on my systems, but as I
can't reproduce the hang-and-eat-CPU behavior, I can't tell if it
totally addresses the problem.
-- Clifton
*** popper.c 2002/02/26 21:32:58 1.1
--- popper.c 2002/03/17 23:00:20
***************
*** 499,512 ****
int keep = 0;
char *q = NULL;
_DEBUG_LOG0 ( pPOP, "...buffer full; discarding bytes" );
while ( TRUE ) {
if ( pPOP->tls_started )
len = pop_tls_read ( pPOP->tls_context, junk, sizeof(junk) );
else
len = read ( pPOP->input_fd, junk, sizeof(junk) );
! if ( len <= 0 )
! break;
q = strchr ( junk, '\n' );
if ( q == NULL ) {
disc += len;
--- 499,533 ----
int keep = 0;
char *q = NULL;
+ /*
+ * Make sure junk is initialized, just as a matter of policy.
+ */
+ memset( junk, 0, sizeof(junk) );
+
_DEBUG_LOG0 ( pPOP, "...buffer full; discarding bytes" );
while ( TRUE ) {
if ( pPOP->tls_started )
len = pop_tls_read ( pPOP->tls_context, junk, sizeof(junk) );
else
len = read ( pPOP->input_fd, junk, sizeof(junk) );
! if ( len <= 0 ) {
! if ( errno == EAGAIN || errno == EINTR )
! /*
! * There may still be some data
! */
! continue;
! else {
! /*
! * EOF or some other error - assume EOF.
! * Setup to return the junk before we started discarding
! */
! bcopy ( pPOP->pcInStart,
! str,
! MIN ( size, p - pPOP->pcInStart ) );
! *(str + size - 1) = '\0';
! break;
! }
! }
q = strchr ( junk, '\n' );
if ( q == NULL ) {
disc += len;
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sun, 17 Mar 2002 13:33:53 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
On Mon, Mar 18, 2002 at 12:20:00AM +0100, Michael Zimmermann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At Sonntag, 17. März 2002 23:20 Clifton Royston wrote:
> > While there is definitely a bug, and an embarrassing one at that, I
> > believe the DOS effect is OS-dependent, and have commented on this to
> > the initial reporter, Dustin Childers. I'd be tempted to think the bug
> > is dependent on the Linux kernel, except that he lists it as
> > reproducible in Solaris 7 and FreeBSD 4.4. Apparently however he's not
> > listing systems where it can not be reproduced?
>
> Hi Clifton,
>
> There is a difference between not beeing able to reproduce an error
> and claiming it's non-existance.
>
> > I have been unable to reproduce the problem on BSD/OS 4.0.1 or 4.1, the
> > systems where I'm already running qpopper - [...]
>
> I'm sorry, I don't have access to an BSD system
> to verify or deny that conclusion of yours.
> But there's no harm in patching the error, hmmm?
Potentially there is a *very* substantial risk of harm in patching
with untrusted code.
I don't think this patch is malicious or harmful, and after looking
at it, I don't *think* its error creates a further exploitable
vulnerability, though I could be wrong. But I'm now fairly sure it's
not correct, and I am sure one could write a very similar and plausible
looking little patch of a few lines that would open up a full-scale
buffer-overrun root exploit vulnerability.
> Patch is on http://www.digitux.net/qpopper.patch
>
> My POP server is secured regarding this error
> - - I can sleep.
>
> Good night
Pleasant dreams... ;-)
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sun, 17 Mar 2002 14:18:12 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Additional patch - should help "bulletproofing"
Now that I've seen the exploit, I am sure the following patch is
highly relevant. I was hoping to get this rolled into the next qpopper
release, but was not in a big hurry. I had thought it had little
practical impact but I think it relates directly to the "spinning"
behavior, which interacts with OS behavior on repeated reads of a
closed file handle.
I had to hand-edit this patch to take out some changes irrelevant to
the current problem, so the line numbers may be peculiar. Just apply
it as best you can even if the offsets look wrong.
-- Clifton
diff -c -r qpopper4.0.3-base/popper/popper.c qpopper4.0.3/popper/popper.c
*** qpopper4.0.3-base/popper/popper.c Fri Jun 1 16:24:36 2001
--- qpopper4.0.3/popper/popper.c Tue Feb 26 11:32:58 2002
***************
*** 556,568 ****
tgetline ( char *str, int size, POP *p, int timeout )
{
int ring();
!
! (void) signal ( SIGALRM, VOIDSTAR ring );
alarm ( timeout );
if ( setjmp ( env ) ) {
str = NULL;
! pop_log ( p, POP_NOTICE, HERE, "(v%s) Timeout (%d secs) during "
"nw read from %s at %s (%s)",
VERSION, timeout, p->user, p->client, p->ipaddr );
}
--- 579,598 ----
tgetline ( char *str, int size, POP *p, int timeout )
{
int ring();
+ int disconnected();
! signal ( SIGALRM, VOIDSTAR ring );
! signal ( SIGHUP, VOIDSTAR disconnected );
! signal ( SIGPIPE, VOIDSTAR disconnected );
alarm ( timeout );
if ( setjmp ( env ) ) {
str = NULL;
! if ( hangup )
! pop_log ( p, POP_NOTICE, HERE, "(v%s) Hangup/disconnect during "
! "nw read from %s at %s (%s)",
! VERSION, p->user, p->client, p->ipaddr );
! else
! pop_log ( p, POP_NOTICE, HERE, "(v%s) Timeout (%d secs) during "
"nw read from %s at %s (%s)",
VERSION, timeout, p->user, p->client, p->ipaddr );
}
***************
*** 570,575 ****
--- 600,607 ----
str = getline ( str, size, p );
alarm ( 0 );
signal ( SIGALRM, SIG_DFL );
+ signal ( SIGHUP, VOIDSTAR catchSIGHUP );
+ signal ( SIGPIPE, VOIDSTAR catchSIGHUP );
return ( str );
}
***************
*** 582,587 ****
--- 614,627 ----
return POP_FAILURE;
}
+ int
+ disconnected ( SIGPARAM )
+ {
+ hangup = TRUE ;
+ longjmp ( env, 1 );
+ return POP_FAILURE;
+ }
+
#ifdef STRNCASECMP
/*
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Sun, 17 Mar 2002 16:40:26 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Undefined symbol "_net_write"
On Sat, Mar 16, 2002 at 11:29:24AM +0100, karl vossen wrote:
> hi,
> i still get:
> /usr/libexec/ld.so: Undefined symbol "_net_write" in
> qpopper:/usr/lib/libkrb.so.4.0
> when trying to telnet pop3
Three suggestions:
One - read the configure output and see if you can figure out where it
decides you want Kerberos.
Two - make clean and try configure --enable-specialauth, though
normally it's not needed.
Three - if that doesn't fly, make clean again and try configure
--with-pam=pop3 if your system is using PAM (pluggable authentication
modules.)
If that doesn't fly I have no idea and you need to consult a NetBSD
guru.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
From: Kenneth Porter <shiva at well dot com>
Date: 18 Mar 2002 08:03:50 -0800
On Sun, 2002-03-17 at 12:18, Michael Zimmermann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As it's now allready on the air, you all may want to have a look at
> Dustin Childers info about the bug (including a patch)
>
> http://www.digitux.net/security/advisories.html?id=34&display=info
Anyone else having trouble connecting? I'm getting connection refused,
from two different paths (one via uu.net, the other via attbi.com).
Date: Mon, 18 Mar 2002 17:45:25 +0100 (MET)
From: Oliver Fleischmann <ogf at bnv-bamberg dot de>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
On 18 Mar 2002, Kenneth Porter wrote:
> On Sun, 2002-03-17 at 12:18, Michael Zimmermann wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > As it's now allready on the air, you all may want to have a look at
> > Dustin Childers info about the bug (including a patch)
> >
> > http://www.digitux.net/security/advisories.html?id=34&display=info
>
> Anyone else having trouble connecting? I'm getting connection refused,
> from two different paths (one via uu.net, the other via attbi.com).
Me too, but last night it worked ;-)
Oliver
Subject: Re: Additional patch - should help "bulletproofing"
From: Kenneth Porter <shiva at well dot com>
Date: 18 Mar 2002 08:50:05 -0800
On Sun, 2002-03-17 at 16:18, Clifton Royston wrote:
> Now that I've seen the exploit, I am sure the following patch is
> highly relevant.
I've cut a new RPM with your two patches and installed it on my servers.
An SRPM is also available.
http://www.sewingwitch.com/ken/SRPMS/
Look for qpopper-4.0.4-0.1.1.*.rpm.
From: Drew Weaver <drew.weaver at thenap dot com>
Subject: RE: BUGTRAQ: Bug in QPopper (All Versions?)
Date: Mon, 18 Mar 2002 11:56:28 -0500
I hope the people who maintain qpopper will rls a maintenance version with
this patch already applied to it.
Thanks,
-Drew
-----Original Message-----
From: Kenneth Porter [mailto:shiva at well dot com]
Sent: Monday, March 18, 2002 11:04 AM
To: Subscribers of Qpopper
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
On Sun, 2002-03-17 at 12:18, Michael Zimmermann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As it's now allready on the air, you all may want to have a look at
> Dustin Childers info about the bug (including a patch)
>
> http://www.digitux.net/security/advisories.html?id=34&display=info
Anyone else having trouble connecting? I'm getting connection refused, from
two different paths (one via uu.net, the other via attbi.com).
Date: Mon, 18 Mar 2002 08:26:02 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
On Mon, Mar 18, 2002 at 08:03:50AM -0800, Kenneth Porter wrote:
> On Sun, 2002-03-17 at 12:18, Michael Zimmermann wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > As it's now allready on the air, you all may want to have a look at
> > Dustin Childers info about the bug (including a patch)
> >
> > http://www.digitux.net/security/advisories.html?id=34&display=info
>
> Anyone else having trouble connecting? I'm getting connection refused,
> from two different paths (one via uu.net, the other via attbi.com).
It's definitely down this morning, while it was fine yesterday.
Maybe it's been slash-dotted.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
"What do we need to make our world come alive?
What does it take to make it sing?
While we're waiting for the next one to arrive..." - Sisters of Mercy
Date: Mon, 18 Mar 2002 21:26:02 +0100
From: Patrick Guillot <pguillot at paanjaru dot com>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
Hi all,
> > > As it's now allready on the air, you all may want to have a look at
> > > Dustin Childers info about the bug (including a patch)
> > >
> > > http://www.digitux.net/security/advisories.html?id=34&display=info
> >
> > Anyone else having trouble connecting? I'm getting connection refused,
> > from two different paths (one via uu.net, the other via attbi.com).
> It's definitely down this morning, while it was fine yesterday.
> Maybe it's been slash-dotted.
What is Qualcomm's point of view about this :
- difficult to reproduce bug;
- available patch.
Randy ?
As this is my first post in here, let me thank for the nice
application that Qpopper is, and for the always interesting
support I have been able to read here.
Patrick
--
Patrick Guillot mailto:pguillot at paanjaru dot com - +33 (0)6 08 41 11 54
Online Development - Paanjaru http://www.paanjaru.com
Riding the Shockwave in cyberspace, for now ... and ever
From: "Christopher Crowley" <ccrowley at tulane dot edu>
Subject: Re: Problems with Solaris 8 and Qpopper - multiple versions
Date: Mon, 18 Mar 2002 15:44:32 -0600
Rbarnes -
One thing to note. I had symptoms of connections not closing like you
describe some time ago. The problem was due to a configuration error in the
qpopper.config file. The reason I mention this is that I beat my head
looking for a problem with qpopper that was due to my error in the config
file. I am not saying the syntax that you are using through inetd.conf is
incorrect, or that your config file is wrong. But I do suggest double
checking your configuration, because I experienced the exact same problem.
Once I set the config file straight, Qpopper worked much better. There are
some messages in the archive on this list to this effect.
Regarding the other Solaris 8 specific problems people are reporting. This
is Interesting. We have been experiencing reasonably good Qpopper
performance ( 3.0.2 ) on Solaris 8 since our upgrade from 2.6 in January.
However, we are seeing substantial slowness for our IMAP users. ( We use
UW-IMAP -- can't wait for that patch providing compatible locking, Clifton.
I clean up lots of invalid mailbox headers. ) The CPU idle time is 0% most
of the day. Our disks are always very busy, but don't seem to be the bottle
neck. I am very interested in learning about Sun's response. We have a
trouble ticket open with them too. We have applied patches, and rebooted
the server the last two weekends in an attempt to eliminate the problem. But
this has not been effective yet. We have a user base of about 15,000 users.
I hope that some more light is shed on this issue in the near future.
Christopher Crowley
TIS Network Services
Tulane University
ccrowley at tulane dot edu
504.314.2535
PGP Key ID: 0x7CF18FDB
----- Original Message -----
From: <A.Barker at ucl.ac dot uk>
To: "ListServ" <rbarnes-list at blazenet dot net>
Cc: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Friday, March 15, 2002 3:16 PM
Subject: Re: Problems with Solaris 8 and Qpopper - multiple versions
>
>
> >I work for an ISP, and we have several thousand email accounts. My
> >currently POP server is running Solaris 2.5.1 and Qpopper 3.1.2. Other
than
> >the fact that the box is getting older, and drive space is becoming
limited,
> >the box is running fine.
> >
> >I'm attempting to upgrade my POP server to a new box (bigger) running
> >Solaris 8. I've configured the box, and thought everything was working
> >great. I put the new box in service yesterday morning, and at first
> >everything was humming along great -- this was in the early morning
hours,
> >when utilization was low. As it got closer to peak time (8am) things
> >started to worsen and worsen quickly.
>
> We also have this problem, and it is clearly a Solaris 8 problem, as we
> have two identical machines, one Solaris 2.6, one Solaris 8, both
> running the same version of Qpopper, and both with the same load, as we
> use DNS and round-robin to share the load. We run a simple Perl program
> to simulate a POP session and time the response, and the response for
> the Solaris 8 system under load is sometimes much worse, by an order of
> magnitude, than the Solaris 2.6 system. We currently have an open call
> with Sun about this, but they want us to apply the latest patches first,
> which we hope to do next week. Do you use NFS ? We have a single mail
spool
> which is NFS mounted, and wonder if there is a concurrency problem with
> NFS or file locking.
>
>
>
> Adrian Barker, Information Systems
> University College London, Gower Street, London WC1E 6BT
> External phone: (+44) 020 7679 2795, Fax (+44) 20 7388 5406
> Internal phone: x 32795
> Email: A.Barker at ucl.ac dot uk
>
Date: Mon, 18 Mar 2002 20:10:20 -0600
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
At 9:26 PM +0100 3/18/02, Patrick Guillot wrote:
> What is Qualcomm's point of view about this :
> - difficult to reproduce bug;
> - available patch.
>
> Randy ?
I can't speak for Qualcomm, but I've been able to reproduce the
looping bug. I can't get it to consume any CPU, but it's clear there
is a bug here and I'm looking into the best fix. I don't want to
endorse any patch until I've spent more time investigating, but the
beauty of open-source is that you don't have to wait for me. (I'm
out of town at the moment, but do have some network connectivity.)
> As this is my first post in here, let me thank for the nice
> application that Qpopper is, and for the always interesting
> support I have been able to read here.
Thanks for the kind words.
From: Ted Cabeen <ted at impulse dot net>
Subject: SIGPIPE errors with Qpopper 4.0.3.
Date: Mon, 18 Mar 2002 21:51:07 -0800
I've been running qpopper 4.0.3 for months now with little to no problems.
However, a couple of hours ago we started have significant problems with
POP sessions hanging during the middle of a download. When I look at the
log file, I see lots of error messages like the following:
Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.impulse.net [207.154.0.0]: Operation not permitted (1)
Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: USERNAME at IP.dia.impulse.net (207.154.0.0): -ERR SIGHUP or SIGPIPE flagged
Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.dia.impulse.net [207.154.0.0]: Operation not permitted (1)
Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: USERNAME at IP.dia.impulse.net (207.154.0.0): -ERR POP hangup from red.impulse.net
Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.dia.impulse.net [207.154.0.0]: Operation not permitted (1)
Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: Stats: USERNAME 0 0 7 114185 IP.dia.impulse.net 207.154.0.0
Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.dia.impulse.net [207.154.0.0]: Operation not permitted (1)
Over the last week, we'd usually see ~20-30 of these messages each day.
However, we've seen over 200 of these errors today. I tried a trace on the
qpopper server running on an alternate port in with --enable-low-debug
compiled in and got the following messages (IPs and usernames have been
masked for privacy):
Mar 18 20:41:39.320 2002 [75954] Opened trace file "/tmp/qpopper.debug" as 4
Mar 18 20:41:39.320 2002
Mar 18 20:41:39.320 2002 [75954] opened stream socket; sockfd = 6
Mar 18 20:41:39.320 2002
Mar 18 20:41:39.320 2002 [75954] set stream socket options; sockfd = 6
Mar 18 20:41:39.320 2002
Mar 18 20:41:39.320 2002 [75954] did bind on stream socket; sockfd = 6
Mar 18 20:41:39.320 2002
Mar 18 20:41:39.320 2002 [75954] popper: Server: listening on 0.0.0.0:8765
Mar 18 20:41:39.320 2002
Mar 18 20:41:39.320 2002 [75954] listening using socket fd 6
Mar 18 20:41:39.320 2002
Mar 18 20:41:39.320 2002 [75954] set fd 6 non-blocking (0x6)
Mar 18 20:41:39.320 2002
Mar 18 20:55:51.969 2002 [75954] accept=7; sockfd=6; clilen=16; cli_addr 7.154.0.0:3010
Mar 18 20:55:51.969 2002
Mar 18 20:55:51.986 2002 [75954] new connection; fd=7
Mar 18 20:55:51.986 2002
Mar 18 20:55:51.986 2002 [75954] newsockfd (7) flags: 0x6
Mar 18 20:55:51.986 2002
Mar 18 20:55:51.986 2002 [75954] set fd 7 blocking (0x2)
Mar 18 20:55:51.986 2002
Mar 18 20:55:51.997 2002 [75954] Set downcase-user to true
Mar 18 20:55:51.997 2002
Mar 18 20:55:51.997 2002 [75954] Set fast-update to true
Mar 18 20:55:51.997 2002
Mar 18 20:55:51.997 2002 [75954] Set reverse-lookup to false
Mar 18 20:55:51.997 2002
Mar 18 20:55:51.997 2002 [75954] Set mail-command to "/usr/sbin/sendmail"
Mar 18 20:55:51.997 2002
Mar 18 20:55:51.998 2002 [75954] Set statistics to true
Mar 18 20:55:51.998 2002
Mar 18 20:55:51.998 2002 [75954] Set user-options to true
Mar 18 20:55:51.998 2002
Mar 18 20:55:52.420 2002 [75954] (v4.0.3_DEBUG) POP login by user "USERNAME" at (* _DEBUG *) * _DEBUG *
Mar 18 20:55:52.420 2002
Mar 18 20:55:52.721 2002 [75954] ...FillMangleInfo; commandline(10)
ugar.cane
Mar 18 20:55:52.721 2002
Mar 18 20:58:39.126 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
Mar 18 20:58:39.126 2002
Mar 18 20:58:39.126 2002 [75954] USERNAME at localhost: -ERR SIGHUP or SIGPIPE flagged
Mar 18 20:58:39.126 2002
Mar 18 20:58:39.126 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
Mar 18 20:58:39.126 2002
Mar 18 20:58:39.126 2002 [75954] USERNAME at localhost: -ERR POP hangup from DEBUG
Mar 18 20:58:39.126 2002
Mar 18 20:58:39.126 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
Mar 18 20:58:39.126 2002
Mar 18 20:58:39.126 2002 [75954] Stats: USERNAME 0 0 10 439419 * _DEBUG * * _DEBUG *
Mar 18 20:58:39.126 2002
Mar 18 20:58:39.127 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
Mar 18 20:58:39.127 2002
Mar 18 20:58:39.127 2002 [75954] exiting after Qpopper returned
Mar 18 20:58:39.127 2002
Any thoughts? The debug log seems rather empty. Did I miss a
command line argument? I used
./qpopper -t -f <path to normal config file>
If necessary, I can rerun the debugging run again, but not until
the morning, when I can get a holf of a user who knows enough to
change his POP port.
I'd appreciate any input you all have. Thanks.
--Ted Cabeen
From: "Bernd Prager" <bernd at prager dot ws>
Subject: The "tls-support" option cannot be used because a required compile-time option was not set.
Date: Tue, 19 Mar 2002 01:11:10 -0500
Hi everybody,
I would appreciate some help in setting up qpopperin using SSL.
I'm using RedHat7.0 kernel 2.4.7-10, qpopper4.0.3, cyrus-sasl-1.5.27
and openssl-0.9.6b-8. I configured qpopper with
./configure --with-openssl --enable-specialauth --enable-timing
and it compiled without warning or errors.
I genererated the /etc/mail/certs/cert.pem file and changed popper.config to
set tls-support = stls
set tls-server-cert-file = /etc/mail/certs/cert.pem
and edit the /etc/xinet.d/pop3s file to
service pop3s
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/stunnel
server_args = pop3s -l /usr/sbin/popper -- -R -s -t /var/log/pop3s -f
/etc/popper.config
log_on_success += USERID
log_on_failure += USERID
nice
}
When I try to access it I get the error message:
Mar 19 01:04:19 myhost popper[18561]: The "tls-support" option cannot be
used because a required compile-time option was not set. See the
Administrator's Guide for more information (line 79 of config file
/etc/popper.config) [pop_config.c:1408]
I doesn't even write the logfile and doesn't give me further error messages
either.
Can anybody give me a hint what I'm doing wrong or what I have to do to nail
the problem down?
Thanks,
-- Bernd
From: "Neil R Porter" <neil at iamanidiot dot com>
Subject: So close I can smell it! - please help
Date: Tue, 19 Mar 2002 15:30:42 -0000
Hi All
I'm running Linux Mandrake 8.1 and installed qpopper and drac from rpms
(4.0.3 and 1.10 respectively).
I have postfix running and it quite happily accepts mail for me and
spools it to /var/spool/mail/neil. Also, I can remotely use outlook
setup to pop it and here is where the problem starts. Even though I
have sent a test email to myself and can even read it using emacs (so
it's there!), when I pop it using outlook from another machine it
doesn't throw any errors back or anything, it just acts as though there
are no new messages - so, qpopper seems to be working to some extent
(indeed, when I 'stop' it then outlook fails, so...)
So, my thoughts are that perhaps qpopper is working nicely but is
looking in the wrong place for the mail.
My question is then, if this is the case, how can I (post install)
define the spool path. I've tried to do this using the pop3 config file
within xinetd.d folder that gets 'included' into the xinetd.conf along
with qpopper.config (I am running qpopper through xinetd btw).
here is the pop3 text which is as it was originally installed apart from
the config-file = /etc/qpopper.config
(pop3)<><><><><><><><><><><><><>
# qpopper config file for xinetd
service pop3
{
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.qpopper
server_args = in.qpopper -s
config-file = /etc/qpopper.config
log_on_failure += HOST
log_on_success += HOST
}
<><><><><><><><><><><><><><><>
and
(snippet from /etc/qpopper.config)<><><><><><><><><><><><><>
# Set this to the full path to the mail spool directory.
#
# The default is determined at compile time.
#
set spool-dir = /var/spool/mail
<><><><><><><><><><><><><><><>
So, have I used the correct way to try to get qpopper to user the
qpopper.config and secondly, if so, why is it ignoring it? If indeed
this is the problem.
Thanks for any help you can give this poor soul who just wants it to
work now (one week's playing is enough now, gawd!).
Neil
From: "Neil R Porter" <neil at iamanidiot dot com>
Subject: So close I can smell it! - please help
Date: Tue, 19 Mar 2002 09:37:08 -0000
Hi All
I'm running Linux Mandrake 8.1 and installed qpopper and drac from rpms
(4.0.3 and 1.10 respectively).
I have postfix running and it quite happily accepts mail for me and
spools it to /var/spool/mail/neil. Also, I can remotely use outlook
setup to pop it and here is where the problem starts. Even though I
have sent a test email to myself and can even read it using emacs (so
it's there!), when I pop it using outlook from another machine it
doesn't throw any errors back or anything, it just acts as though there
are no new messages - so, qpopper seems to be working to some extent
(indeed, when I 'stop' it then outlook fails, so...)
So, my thoughts are that perhaps qpopper is working nicely but is
looking in the wrong place for the mail.
My question is then, if this is the case, how can I (post install)
define the spool path. I've tried to do this using the pop3 config file
within xinetd.d folder that gets 'included' into the xinetd.conf along
with qpopper.config (I am running qpopper through xinetd btw).
here is the pop3 text which is as it was originally installed apart from
the config-file = /etc/qpopper.config
(pop3)<><><><><><><><><><><><><>
# qpopper config file for xinetd
service pop3
{
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.qpopper
server_args = in.qpopper -s
config-file = /etc/qpopper.config
log_on_failure += HOST
log_on_success += HOST
}
<><><><><><><><><><><><><><><>
and
(snippet from /etc/qpopper.config)<><><><><><><><><><><><><>
# Set this to the full path to the mail spool directory.
#
# The default is determined at compile time.
#
set spool-dir = /var/spool/mail
<><><><><><><><><><><><><><><>
So, have I used the correct way to try to get qpopper to user the
qpopper.config and secondly, if so, why is it ignoring it? If indeed
this is the problem.
Thanks for any help you can give this poor soul who just wants it to
work now (one week's playing is enough now, gawd!).
Neil
From: Ted Cabeen <ted at impulse dot net>
Subject: Re: So close I can smell it! - please help
Date: Tue, 19 Mar 2002 09:07:53 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <364337126378627333239 at lists.pensive dot org>, "Neil R Porter" writes:
>Hi All
>So, my thoughts are that perhaps qpopper is working nicely but is
>looking in the wrong place for the mail.
>
>here is the pop3 text which is as it was originally installed apart from
>the config-file = /etc/qpopper.config
I don't know what the config-file option in xinetd does (I have little
experience with xinetd), but if you have a configuration file you want to
use with qpopper, you need to add '-f <path to config file>' arguments to the
command line. The xinetd server_args variable will probably do this in
xinetd, but it may not be the best way. Check the xinetd more email.
- --
Ted Cabeen http://www.pobox.com/~secabeen ted at impulse dot net
Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen at pobox dot com
"I have taken all knowledge to be my province." -F. Bacon secabeen at cabeen dot org
"Human kind cannot bear very much reality."-T.S.Eliot cabeen at netcom dot com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE8l3BpoayJfLoDSdIRAjk9AJ9/B08IR77YcVTsV4GWbutRXzzfvgCfcjfb
NUcTYMqN9zhwkquiw4i2vUs
=2Bql
-----END PGP SIGNATURE-----
Date: Tue, 19 Mar 2002 12:37:48 -0500
From: Chis Payne <cpayne at pr.uoguelph dot ca>
Subject: Re: SIGPIPE errors with Qpopper 4.0.3.
I have seen this same condition arrise on our server since upgrading
from Qpopper 3.x.x to 4.0.3.
It happens mainly with mail messages with attachments, and affects
both our OS/2 PMMAIL and Windows Pegasus Mail clients. The Pegasus
mail clients have their TCPIP timeout set to 120sec and it seems
to help, but the OS/2 clients are not able to have a timeout set.
If anyone has a suggestion, please let us know.
- Chris Payne
Ted Cabeen wrote:
>
> I've been running qpopper 4.0.3 for months now with little to no problems.
> However, a couple of hours ago we started have significant problems with
> POP sessions hanging during the middle of a download. When I look at the
> log file, I see lots of error messages like the following:
>
> Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.impulse.net [207.154.0.0]: Operation not permitted (1)
> Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: USERNAME at IP.dia.impulse.net (207.154.0.0): -ERR SIGHUP or SIGPIPE flagged
> Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.dia.impulse.net [207.154.0.0]: Operation not permitted (1)
> Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: USERNAME at IP.dia.impulse.net (207.154.0.0): -ERR POP hangup from red.impulse.net
> Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.dia.impulse.net [207.154.0.0]: Operation not permitted (1)
> Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: Stats: USERNAME 0 0 7 114185 IP.dia.impulse.net 207.154.0.0
> Mar 18 21:35:45 red /usr/local/libexec/qpopper[5913]: I/O error flushing output to client USERNAME at IP.dia.impulse.net [207.154.0.0]: Operation not permitted (1)
>
> Over the last week, we'd usually see ~20-30 of these messages each day.
> However, we've seen over 200 of these errors today. I tried a trace on the
> qpopper server running on an alternate port in with --enable-low-debug
> compiled in and got the following messages (IPs and usernames have been
> masked for privacy):
>
> Mar 18 20:41:39.320 2002 [75954] Opened trace file "/tmp/qpopper.debug" as 4
> Mar 18 20:41:39.320 2002
> Mar 18 20:41:39.320 2002 [75954] opened stream socket; sockfd = 6
> Mar 18 20:41:39.320 2002
> Mar 18 20:41:39.320 2002 [75954] set stream socket options; sockfd = 6
> Mar 18 20:41:39.320 2002
> Mar 18 20:41:39.320 2002 [75954] did bind on stream socket; sockfd = 6
> Mar 18 20:41:39.320 2002
> Mar 18 20:41:39.320 2002 [75954] popper: Server: listening on 0.0.0.0:8765
>
> Mar 18 20:41:39.320 2002
> Mar 18 20:41:39.320 2002 [75954] listening using socket fd 6
> Mar 18 20:41:39.320 2002
> Mar 18 20:41:39.320 2002 [75954] set fd 6 non-blocking (0x6)
> Mar 18 20:41:39.320 2002
> Mar 18 20:55:51.969 2002 [75954] accept=7; sockfd=6; clilen=16; cli_addr 7.154.0.0:3010
>
> Mar 18 20:55:51.969 2002
> Mar 18 20:55:51.986 2002 [75954] new connection; fd=7
> Mar 18 20:55:51.986 2002
> Mar 18 20:55:51.986 2002 [75954] newsockfd (7) flags: 0x6
> Mar 18 20:55:51.986 2002
> Mar 18 20:55:51.986 2002 [75954] set fd 7 blocking (0x2)
> Mar 18 20:55:51.986 2002
> Mar 18 20:55:51.997 2002 [75954] Set downcase-user to true
> Mar 18 20:55:51.997 2002
> Mar 18 20:55:51.997 2002 [75954] Set fast-update to true
> Mar 18 20:55:51.997 2002
> Mar 18 20:55:51.997 2002 [75954] Set reverse-lookup to false
> Mar 18 20:55:51.997 2002
> Mar 18 20:55:51.997 2002 [75954] Set mail-command to "/usr/sbin/sendmail"
> Mar 18 20:55:51.997 2002
> Mar 18 20:55:51.998 2002 [75954] Set statistics to true
> Mar 18 20:55:51.998 2002
> Mar 18 20:55:51.998 2002 [75954] Set user-options to true
> Mar 18 20:55:51.998 2002
> Mar 18 20:55:52.420 2002 [75954] (v4.0.3_DEBUG) POP login by user "USERNAME" at (* _DEBUG *) * _DEBUG *
> Mar 18 20:55:52.420 2002
> Mar 18 20:55:52.721 2002 [75954] ...FillMangleInfo; commandline(10)
> ugar.cane
> Mar 18 20:55:52.721 2002
> Mar 18 20:58:39.126 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
> Mar 18 20:58:39.126 2002
> Mar 18 20:58:39.126 2002 [75954] USERNAME at localhost: -ERR SIGHUP or SIGPIPE flagged
> Mar 18 20:58:39.126 2002
> Mar 18 20:58:39.126 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
> Mar 18 20:58:39.126 2002
> Mar 18 20:58:39.126 2002 [75954] USERNAME at localhost: -ERR POP hangup from DEBUG
> Mar 18 20:58:39.126 2002
> Mar 18 20:58:39.126 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
> Mar 18 20:58:39.126 2002
> Mar 18 20:58:39.126 2002 [75954] Stats: USERNAME 0 0 10 439419 * _DEBUG * * _DEBUG *
> Mar 18 20:58:39.126 2002
> Mar 18 20:58:39.127 2002 [75954] I/O error flushing output to client USERNAME at * _DEBUG * [* _DEBUG *]: Operation not permitted (1)
> Mar 18 20:58:39.127 2002
> Mar 18 20:58:39.127 2002 [75954] exiting after Qpopper returned
> Mar 18 20:58:39.127 2002
>
> Any thoughts? The debug log seems rather empty. Did I miss a
> command line argument? I used
> ./qpopper -t -f <path to normal config file>
>
> If necessary, I can rerun the debugging run again, but not until
> the morning, when I can get a holf of a user who knows enough to
> change his POP port.
>
> I'd appreciate any input you all have. Thanks.
>
> --Ted Cabeen
Date: Tue, 19 Mar 2002 12:22:05 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: So close I can smell it! - please help
On Tue, Mar 19, 2002 at 09:37:08AM -0000, Neil R Porter wrote:
> (pop3)<><><><><><><><><><><><><>
> # qpopper config file for xinetd
> service pop3
> {
> flags = REUSE NAMEINARGS
> socket_type = stream
> protocol = tcp
> wait = no
> user = root
> server = /usr/sbin/in.qpopper
> server_args = in.qpopper -s
> config-file = /etc/qpopper.config
...
I don't think that line actually does anything, and I don't know where
you got that syntax from. Here's a working snippet of xinetd.conf
configuration.
service pop
{
flags = REUSE
socket_type = stream
protocol = tcp
wait = no
user = root
groups = yes
server = /usr/local/libexec/popper
server_args = -s -R -T 300 -f /usr/local/etc/pop.options
# cut off popper if load goes above this value
max_load = 100
# only allow this many simultaneous popper connections
instances = 100
}
Note that I use the "-f" flag to set the popper config file. I also
disable reverse lookups and set timeouts to 5 minutes; I recommend you
do that somewhere too (though you can just as well do it in your config
file.)
> (snippet from /etc/qpopper.config)<><><><><><><><><><><><><>
> # Set this to the full path to the mail spool directory.
> #
> # The default is determined at compile time.
> #
> set spool-dir = /var/spool/mail
> <><><><><><><><><><><><><><><>
>
> So, have I used the correct way to try to get qpopper to user the
> qpopper.config
No.
> and secondly, if so, why is it ignoring it? If indeed
> this is the problem.
That's most likely your problem. Fix that and see if the rest falls
into place.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
"What do we need to make our world come alive?
What does it take to make us sing?
While we're waiting for the next one to arrive..." - Sisters of Mercy
Date: Tue, 19 Mar 2002 18:04:48 -0600
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
This appears to be an edge condition; it does not occur with 2148
characters, for example. (Which explains why my buffer-overrun test
utility didn't see any problem.) When the input buffer fills up with
junk and no CRLF in sight, Qpopper goes attempts to read and discard
network input until either it stops or it sees a CRLF.
Unfortunately, if the buffer is exactly full (an even multiple of
2048), it does a read with length=0, which of course returns with a 0
result. The code then loops, asking for and receiving zero bytes.
I'm working on a fix.
Date: Tue, 19 Mar 2002 23:19:01 -0600
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
At 6:04 PM -0600 3/19/02, Randall Gellens wrote:
> This appears to be an edge condition; it does not occur with 2148
> characters, for example. (Which explains why my buffer-overrun
> test utility didn't see any problem.) When the input buffer fills
> up with junk and no CRLF in sight, Qpopper goes attempts to read
> and discard network input until either it stops or it sees a CRLF.
> Unfortunately, if the buffer is exactly full (an even multiple of
> 2048), it does a read with length=0, which of course returns with a
> 0 result. The code then loops, asking for and receiving zero
> bytes. I'm working on a fix.
The cause isn't as simple as that, sorry (which I realized as soon as
I sent the message). It doesn't loop for me on some systems (such as
OpenBSD 2.9) with inputs that aren't an even multiple of 2048. It
also doesn't loop for me at all (with any size input) on some systems
(such as Darwin/MacOS X).
Date: Tue, 19 Mar 2002 20:36:31 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: BUGTRAQ: Bug in QPopper (All Versions?)
On Tue, Mar 19, 2002 at 11:19:01PM -0600, Randall Gellens wrote:
> At 6:04 PM -0600 3/19/02, Randall Gellens wrote:
> > This appears to be an edge condition; it does not occur with 2148
> > characters, for example. (Which explains why my buffer-overrun
> > test utility didn't see any problem.) When the input buffer fills
> > up with junk and no CRLF in sight, Qpopper goes attempts to read
> > and discard network input until either it stops or it sees a CRLF.
> > Unfortunately, if the buffer is exactly full (an even multiple of
> > 2048), it does a read with length=0, which of course returns with a
> > 0 result. The code then loops, asking for and receiving zero
> > bytes. I'm working on a fix.
>
> The cause isn't as simple as that, sorry (which I realized as soon as
> I sent the message). It doesn't loop for me on some systems (such as
> OpenBSD 2.9) with inputs that aren't an even multiple of 2048. It
> also doesn't loop for me at all (with any size input) on some systems
> (such as Darwin/MacOS X).
I assume you've been given details on the exploit, right?
I don't remember all the details, but I think there is a subtle
difference in how *BSD-derived Unixes handle reads on file handles
after EOF is reached, vs. how SysV-flavored Unixes do it, and that may
be triggering the bug (or maximizing its impact, at least) on some
systems. Note that because this is an undefined situation in that it's
an invalid action by the caller, its behavior is probably unspecified
by POSIX and similar standards and hence different systems are free to
behave differently.
However, I think it's pretty certain that the "break;" for length <
0 in that inner loop in getline() is breaking to the wrong place,
because it looks to me like it is not guaranteed to exit the routine if
the read returns 0 bytes *or* returns a -1 for error.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
"What do we need to make our world come alive?
What does it take to make us sing?
While we're waiting for the next one to arrive..." - Sisters of Mercy
Last updated on 19 Mar 2002 by Pensive Mailing List Admin