The qpopper list archive ending on 19 Jul 2000
Topics covered in this issue include:
1. Re: Can't POP Mail
"Lisa Casey" <lisa at jellico dot com>
Mon, 17 Jul 2000 10:59:21 -0400
2. Re: secure pop3?
"Alessandro de Manzano" <demanzano at playstos dot com>
Mon, 17 Jul 2000 16:57:01 +0200
3. Re: secure pop3?
Kalle Andersson <kalle at sslug dot dk>
Mon, 17 Jul 2000 17:16:28 +0200 (CEST)
4. AW: secure pop3?
"Martin Bene" <mb at sime dot com>
Mon, 17 Jul 2000 17:31:45 +0200
5. Re: secure pop3?
Mick Laver <mlaver at ucsd dot edu>
Mon, 17 Jul 2000 08:36:04 -0700
6. Secure pop...
Kalle Andersson <kalle at sslug dot dk>
Mon, 17 Jul 2000 18:38:36 +0200 (CEST)
7. Re: [Fwd: QPopper behavior with Content-Lenth header.]
Magnus Krafft <Magnus.Krafft at hkv.mil dot se>
Mon, 17 Jul 2000 18:54:08 +0100
8. Re: Secure pop...
Forrest Aldrich <forrie at forrie dot com>
Mon, 17 Jul 2000 13:03:53 -0400
9. Re: Secure pop...
Alexey Melnikov <mel at messagingdirect dot com>
Mon, 17 Jul 2000 11:23:53 -0600
10. Re: Secure pop...
Kalle Andersson <kalle at sslug dot dk>
Mon, 17 Jul 2000 19:39:50 +0200 (CEST)
11. Re: secure pop3?
Ken Hornstein <kenh at cmf.nrl.navy dot mil>
Mon, 17 Jul 2000 13:41:38 -0400
12. Re: [Fwd: QPopper behavior with Content-Lenth header.]
Ken Hornstein <kenh at cmf.nrl.navy dot mil>
Mon, 17 Jul 2000 13:48:07 -0400
13. Re: POP Before SMTP
Joseph S D Yao <jsdy at cospo.osis dot gov>
Mon, 17 Jul 2000 13:24:41 -0400
14. RPM for qpopper, DRAC
"Kenneth Porter" <shiva at well dot com>
Mon, 17 Jul 2000 12:13:21 -0700
15. Re: Secure pop...
"Jack Barnett" <jbarnett at axil.netmate dot com>
Mon, 17 Jul 2000 14:01:24 -0500
16. Re: lost mail. help?
Admin Mailing Lists <mlist at intergrafix dot net>
Mon, 17 Jul 2000 13:23:43 -0400 (EDT)
17. Re: Secure pop...
Forrest Aldrich <forrie at forrie dot com>
Mon, 17 Jul 2000 13:55:18 -0400
18. Re: Secure pop...
Joseph S D Yao <jsdy at cospo.osis dot gov>
Mon, 17 Jul 2000 16:07:08 -0400
19. Re: Secure pop...
Kalle Andersson <kalle at sslug dot dk>
Mon, 17 Jul 2000 23:08:51 +0200 (CEST)
20. Re: Secure pop...
Ben Elliston <bje at redhat dot com>
Tue, 18 Jul 2000 08:19:43 +1000 (EST)
21. Re: Secure pop...
Forrest Aldrich <forrie at forrie dot com>
Mon, 17 Jul 2000 18:26:25 -0400
22. Re: Secure pop...
Forrest Aldrich <forrie at forrie dot com>
Mon, 17 Jul 2000 19:16:24 -0400
23. The dot-lock and quota issue
Dave <scotty at wargames dot org>
Mon, 17 Jul 2000 19:24:05 -0400 (EDT)
24. Re: Secure pop...
Stephen Samuel <samuel at bcgreen dot com>
Mon, 17 Jul 2000 19:04:03 -0700
25. RE: POP Before SMTP
"Ian Scott" <weehughie at home dot com>
Tue, 18 Jul 2000 03:43:27 -0400
26. Re: Secure pop...
"Jack Barnett" <jbarnett at axil.netmate dot com>
Tue, 18 Jul 2000 09:33:52 -0500
27. RE: POP Before SMTP
"Kenneth Porter" <shiva at well dot com>
Tue, 18 Jul 2000 09:42:54 -0700
28. Vpop mail
<fikser at irc.randmeer dot nl>
Tue, 18 Jul 2000 19:37:55 +0200 (CEST)
29. error
MikeS at ldm dot com
Tue, 18 Jul 2000 10:31:31 -0700
30. Re: error
Fergal Daly <fergal at esatclear dot ie>
Tue, 18 Jul 2000 19:05:09 +0100
31. Re: error
"Master" <NetMaster at mailru dot com>
Tue, 18 Jul 2000 21:03:13 +0300
32. Re: error
"Jeremy C. Reed" <reed at wcug.wwu dot edu>
Tue, 18 Jul 2000 11:46:23 -0700 (PDT)
33. Re: Secure pop...
Admin Mailing Lists <mlist at intergrafix dot net>
Tue, 18 Jul 2000 14:59:47 -0400 (EDT)
34. Re: Secure pop...
"Jack Barnett" <jbarnett at axil.netmate dot com>
Tue, 18 Jul 2000 14:28:56 -0500
35. Re: The dot-lock and quota issue
Admin Mailing Lists <mlist at intergrafix dot net>
Tue, 18 Jul 2000 15:15:02 -0400 (EDT)
36. Re: The dot-lock and quota issue
"James Nelson" <james at digit.bloomnet dot com>
Tue, 18 Jul 2000 19:55:06 -0500
37. Re: The dot-lock and quota issue
"Master" <NetMaster at mailru dot com>
Wed, 19 Jul 2000 09:20:15 +0300
38. What makes addresses unbalanced
"ganizani" <ganizani at malawi dot net>
Wed, 19 Jul 2000 09:18:52 +0200
39. Re: What makes addresses unbalanced
Andrew <andrewl at ocean.com dot au>
Wed, 19 Jul 2000 17:33:57 +1000 (EST)
40. RE: The dot-lock and quota issue
"Simon Powell" <simon.powell at interesource dot com>
Wed, 19 Jul 2000 08:58:40 +0100
41. radius and pop before smtp
Jurgen Philippaerts <jph at pop.traumatized dot org>
Wed, 19 Jul 2000 10:40:22 +0200
42. Re: radius and pop before smtp
Ben Elliston <bje at redhat dot com>
Wed, 19 Jul 2000 18:59:27 +1000 (EST)
43. ipop3d -> qpopper
"Tedd Hansen" <tedd.hansen at fastweb dot no>
Wed, 19 Jul 2000 16:32:33 +0200
44. Re: The dot-lock and quota issue
Joseph S D Yao <jsdy at cospo.osis dot gov>
Wed, 19 Jul 2000 11:08:14 -0400
45. Re: What makes addresses unbalanced
Joseph S D Yao <jsdy at cospo.osis dot gov>
Wed, 19 Jul 2000 11:17:47 -0400
46. Re: The dot-lock and quota issue
Mark Wendt <mwendt at intertv dot com>
Wed, 19 Jul 2000 11:25:40 -0400
47. Re: ipop3d -> qpopper
Joseph S D Yao <jsdy at cospo.osis dot gov>
Wed, 19 Jul 2000 11:38:52 -0400
48. Re: [Fwd: QPopper behavior with Content-Lenth header.]
Randall Gellens <randy at qualcomm dot com>
Wed, 19 Jul 2000 09:03:10 -0700
49. Re: The dot-lock and quota issue
Randall Gellens <randy at qualcomm dot com>
Wed, 19 Jul 2000 09:03:40 -0700
50. Re: The dot-lock and quota issue
Randall Gellens <randy at qualcomm dot com>
Wed, 19 Jul 2000 09:03:31 -0700
From: "Lisa Casey" <lisa at jellico dot com>
Subject: Re: Can't POP Mail
Date: Mon, 17 Jul 2000 10:59:21 -0400
Hi,
I just wanted to thank everyone who replied to this E-mail of mine and
suggested that it might be a routing issue. Indeed it was, and with this
advice I was able to locate and solve the problem.
Thanks a lot!
Lisa Casey, Webmaster
Interstate 2000, Inc.
lisa at jellico dot com
webmaster at jellico dot com
> Hi,
> I'm sending this to a couple of FreeBSD lists plus the qpopper
> list in hopes that I might get an answer in a hurry.
> I'm with an ISP. We are running a FreeBSD with Sendmail and
> qpopper box for our mail server. We just changed upstream
> providers.
> We have a remote POP about 200 miles away and made the >changeover to the
new upstream provider there today.
> Since the change, our users in the remote POP cannot connect to >our mail
server. On their end they just get a "Can't connect to host" >error message.
>On my end, when I do a netstat on the freeBSD box I see users with >IP
addresses corresponding to the remote location but they stay in >SYN-RCVD.
I never see them as ESTABLISHED, and their mail >never gets popped.
>I did change /etc/mail/relay-domains to allow relaying from those IP
>addresses (but that's a Sendmail problem, not a qpopper problem). >These
>users can't send mail through the system either.
>What might cause soething like this? Any ideas are appreciated, I'll >look
into anything -- I have customers that are not happy!!
> Please CC lisa at jellico dot com on any responses to make sure I see >them
promptly.
> Thanks,
> Lisa Casey, Webmaster
> Interstate 2000, Inc.
> lisa at jellico dot com
> webmaster at jellico dot com
From: "Alessandro de Manzano" <demanzano at playstos dot com>
Date: Mon, 17 Jul 2000 16:57:01 +0200
Subject: Re: secure pop3?
On Mon, 17 Jul 2000 08:55:32 -0500, Jack Barnett wrote:
>I was wondering, if there is a way to do a secure pop3? For example, like
>an httpd ssl connection but with pop3. so that everything transmitted and
>receivied from the server is encyrpted like ssh?
redirecting the port 110 over a SSH-established session ?
AFAIK is the only way to do a real secure POP3 session.
otherwise something else that make secure the network under POP3 (SSL, maybe IPsec)
bye!
Alessandro de Manzano
System & Network Administrator
Playstos - TIMA SpA
Milano, Italy
tel.: +39-02-3314153
email: demanzano at playstos dot com
Date: Mon, 17 Jul 2000 17:16:28 +0200 (CEST)
From: Kalle Andersson <kalle at sslug dot dk>
Subject: Re: secure pop3?
On Mon, 17 Jul 2000, Jack Barnett wrote:
> > apop?
> >
> > On Mon, 17 Jul 2000, Jack Barnett wrote:
> >
> > > I was wondering, if there is a way to do a secure pop3? For example,
> like
> > > an httpd ssl connection but with pop3. so that everything transmitted
> and
> > > receivied from the server is encyrpted like ssh?
> > >
> > > thanks,
> > > Jack
> > >
>
> Does that encrypt the entire message after the user is authed? Or is the
> user authed the all the messages are sent in clear text?
>
Apop doesn't encrypt anything, it uses a method similiar to standard
unix-login. When you connect you get a <pid.timestamp> string to which you
concatenate your password and hashes it with md5...
This means it's impossible to use that string again for authentication and
it's impossible to _calculate_ the password from that string. What a
hacker can do is to sniff the connection for the <pid.timestamp> string
and test different possible passwords and see if the reulsting md5-sums
matches...
This is what apop does, it does not encrypt the message.
If you're users are technical (which they of course aren't) you can give
them the option to tunnel their pop through ssh for example...
--
Med vänlig hälsning
Kalle Andersson
kalle at sslug dot dk
From: "Martin Bene" <mb at sime dot com>
Subject: AW: secure pop3?
Date: Mon, 17 Jul 2000 17:31:45 +0200
Hi Jack,
> I was wondering, if there is a way to do a secure pop3? For example, like
> an httpd ssl connection but with pop3. so that everything transmitted and
> receivied from the server is encyrpted like ssh?
Use something like sslwrap or stunnel as an SSL wrapper for qpopper; here's
the relevant line from my inetd.conf file
pop3s stream tcp nowait.120 nobody \
/usr/sbin/tcpd /usr/local/sbin/sslwrap -cert \
/usr/local/openssl/certs/arctica.pem -port 110
pop3s is the port defined for pop3 over ssl, (995 if memory serves).
Similarly imaps (993) is defined for imap over ssl.
I got sslwrap from http://www.rickk.com/sslwrap, it also requires SSLeay /
OpenSSL to work.
Bye, Martin
Date: Mon, 17 Jul 2000 08:36:04 -0700
From: Mick Laver <mlaver at ucsd dot edu>
Subject: Re: secure pop3?
Look into stunnel. Here's the readme.
-Mick
stunnel Universal SSL tunnel
Short description
The stunnel program is designed to work as SSL encryption
wrapper between remote client and local (inetd-startable) or
remote server. The concept is that having non-SSL aware dae-
mons running on your system you can easily setup them to
communicate with clients over secure SSL channel.
stunnel can be used to add SSL functionality to commonly
used inetd daemons like POP-2, POP-3 and IMAP servers
without any changes in the programs' code.
Author Michal Trojnara <Michal.Trojnara at centertel dot pl>
SSL support Adam Hernik <adas at infocentrum dot com>
Pawel Krawczyk <kravietz at ceti.com dot pl>
At 4:57 PM +0200 7/17/2000, Alessandro de Manzano wrote:
>On Mon, 17 Jul 2000 08:55:32 -0500, Jack Barnett wrote:
>
>>I was wondering, if there is a way to do a secure pop3? For example, like
>>an httpd ssl connection but with pop3. so that everything transmitted and
>>receivied from the server is encyrpted like ssh?
>
>redirecting the port 110 over a SSH-established session ?
>
>AFAIK is the only way to do a real secure POP3 session.
>
>otherwise something else that make secure the network under POP3
>(SSL, maybe IPsec)
Date: Mon, 17 Jul 2000 18:38:36 +0200 (CEST)
From: Kalle Andersson <kalle at sslug dot dk>
Subject: Secure pop...
Hello!
If you have got access to technical users then the security should be a
tough part, either they can tunnel through something or use ssh to login
to a "pine-shell" or whatever.
What I'd like to know is, what secure methods for popping are available in
todays mail-clients? I'm talking about the usual mail-clients, like
Outlook Express, NS Messanger, Eudora etc.
Same goes for a secure way to send mail, how many clients support SASL
and/or TLS? This is off-topic here but if anyone has got an URL, I'd be
glad to see it =)
--
--
Med vänlig hälsning
Kalle Andersson
kalle at sslug dot dk
Date: Mon, 17 Jul 2000 18:54:08 +0100
From: Magnus Krafft <Magnus.Krafft at hkv.mil dot se>
Subject: Re: [Fwd: QPopper behavior with Content-Lenth header.]
At 12:23 +0200 0-07-17, Carles Xavier Munyoz Baldó wrote:
>Hello,
>I have sent this message to the qpopper at qualcomm dot com e-mail account, but
>I haven't get any answer yet (they must be very busy :)).
Yup! Steady improvements of the qpopper software keeps Randy busy as a bee. =
:-)
>For this reason I have decided forward it to the list.
Good thinking! I'll try my best to give you what little information I have=
and if other people do the same you should be able to get the whole=
picture. :-)
The (SYS V based) Content-Length header is one way to determine boundaries=
between messages in a mailbox. Using (BSD based) "\n\nFrom " is another.=
The Content-Length approach is prone to errors when porting software. For=
example, things like CR/NL contra NL might screw it up for the not so=
careful programmer.
Your local mailbox reader (a POP3 server for example) has to decide wich one=
to use. Avoiding the newer (and sometimes incorrect) Content-Length=
approach gives the most compatible reader since several Unices don't give=
you a Content-Length header.
I doubt that supporting Content-Length headers and "skipping ahead" while=
reading the mbox file to generate UIDL and LIST feedback will give you any=
great improvements in speed. If you think you need it you should consider=
using a database instead of mbox files.
Reading the whole file is at least for me not a problem since POPping the=
file will result in the whole file being read anyway, and thanks to Unix=
superior caching techniques (contra Windows) the mailbox file read (in=
server mode) will often be cached and not read again (at least not in my=
FreeBSD 4.0 machine with lot's of memory and almost no users). This of=
course depends on the amount of memory you have and the number of=
concurrent POPpers and few qpopper administrators can experience this=
luxuary since they use it with tons of users.
>Is this behavior normal with the Content-Length header ?
>If it is, what is the Content-Length header for ?
Hopefully your questions are now answered.
Cheers!
PS. About caching and me being a lame newbie... Please don't read any more=
unless you want to think of me as stupid.
I did some tests a long time where I had this 10 MB file which periodically=
was concatenated to /dev/null. Running it as a shellscript via Cron and=
timing the command every once in a while gave me information if it was=
still in cache or if other actvities needed the memory. (It would be "read"=
a lot faster during night). The tools provided in standard Unix is=
otherwise far more sophisticated to determine if you need more memory, but=
what can I say? The joy of experimenting beats reading manuals, don't you=
agree? ;-)
Date: Mon, 17 Jul 2000 13:03:53 -0400
From: Forrest Aldrich <forrie at forrie dot com>
Subject: Re: Secure pop...
You can use "stunnel" which works on Unix and Windoze to tunnel traffic
over an encrypted channel.
At 06:38 PM 7/17/00 +0200, Kalle Andersson wrote:
>Hello!
>
>If you have got access to technical users then the security should be a
>tough part, either they can tunnel through something or use ssh to login
>to a "pine-shell" or whatever.
>
>What I'd like to know is, what secure methods for popping are available in
>todays mail-clients? I'm talking about the usual mail-clients, like
>Outlook Express, NS Messanger, Eudora etc.
>
>Same goes for a secure way to send mail, how many clients support SASL
>and/or TLS? This is off-topic here but if anyone has got an URL, I'd be
>glad to see it =)
>
>--
>--
>Med vänlig hälsning
>Kalle Andersson
>kalle at sslug dot dk
Date: Mon, 17 Jul 2000 11:23:53 -0600
From: Alexey Melnikov <mel at messagingdirect dot com>
Subject: Re: Secure pop...
All links you need: http://www.sendmail.org/~ca/email/mel/Links.html
Updates are welcome.
Kalle Andersson wrote:
> Hello!
>
> If you have got access to technical users then the security should be a
> tough part, either they can tunnel through something or use ssh to login
> to a "pine-shell" or whatever.
>
> What I'd like to know is, what secure methods for popping are available in
> todays mail-clients? I'm talking about the usual mail-clients, like
> Outlook Express, NS Messanger, Eudora etc.
>
> Same goes for a secure way to send mail, how many clients support SASL
> and/or TLS? This is off-topic here but if anyone has got an URL, I'd be
> glad to see it =)
>
> --
> --
> Med v”nlig h”lsning
> Kalle Andersson
> kalle at sslug dot dk
Date: Mon, 17 Jul 2000 19:39:50 +0200 (CEST)
From: Kalle Andersson <kalle at sslug dot dk>
Subject: Re: Secure pop...
On Mon, 17 Jul 2000, Forrest Aldrich wrote:
> You can use "stunnel" which works on Unix and Windoze to tunnel traffic
> over an encrypted channel.
Well yes, but this requires extra hand-on which most customer won't be
able to handle...
Everything that needs anything that a customer doesn't have is pure
evil in my eyes...
--
Med vänlig hälsning
Kalle Andersson
kalle at sslug dot dk
Subject: Re: secure pop3?
Date: Mon, 17 Jul 2000 13:41:38 -0400
From: Ken Hornstein <kenh at cmf.nrl.navy dot mil>
>I was wondering, if there is a way to do a secure pop3? For example, like
>an httpd ssl connection but with pop3. so that everything transmitted and
>receivied from the server is encyrpted like ssh?
I have a series of patches to qpopper that implement the IETF standard
SASL authentication (which is a framework for different kinds of security
protocols). _Depending_ on the SASL mechanism that is supported by the
clients and servers, this will also get you encryption of the data stream.
I'm using it here in production with clients that also support SASL w/
encryption. Seems to work reasonably well. I know that SSL is also an
option; I tend to think that SASL is a better choice security-wise, but
I know that not everyone feels that way.
--Ken
Subject: Re: [Fwd: QPopper behavior with Content-Lenth header.]
Date: Mon, 17 Jul 2000 13:48:07 -0400
From: Ken Hornstein <kenh at cmf.nrl.navy dot mil>
>I doubt that supporting Content-Length headers and "skipping ahead" while
>reading the mbox file to generate UIDL and LIST feedback will give you any
>great improvements in speed. If you think you need it you should consider
>using a database instead of mbox files.
Actually, you don't get a speed gain _at all_, because you need to return
to the client the number of bytes for each message _with CR/NL as line
terminators_. This means you need to scan each message to determine
how many NLs there are and add in an appropriate number for the number
of CRs there should be.
--Ken
Date: Mon, 17 Jul 2000 13:24:41 -0400
From: Joseph S D Yao <jsdy at cospo.osis dot gov>
Subject: Re: POP Before SMTP
On Sun, Jul 16, 2000 at 01:15:22PM -0400, Ian Scott wrote:
> The problem is that after I have added the modification to pop_pass.c, and
> try to make qpopper, I end up with parsing errors. Is there someone who
> could help out? Is this bit of code outdated for the qpopper 3.0? Or, is
> the patch written wrong?
If you are not familiar with context-diffs, you may not have realized
that the "+" marks at the beginning of certain lines are just to show
what lines are to be added. They must be removed before compiling.
Was that the problem? ;-)
--
Joe Yao jsdy at cospo.osis dot gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
From: "Kenneth Porter" <shiva at well dot com>
Date: Mon, 17 Jul 2000 12:13:21 -0700
Subject: RPM for qpopper, DRAC
RPM's for qpopper and DRAC can be found in the Red Hat contrib
directory on various RH mirrors. A pointer to qpopper RPM's can be
found at <http://rpmfind.net/linux/RPM/qpopper.html>.
An RPM for DRAC can be found at
<http://rpmfind.net/linux/RPM/dracd.html>. The 3.1b3 version of the
qpopper RPM was NOT built to use DRAC. Now that I've created an RPM for
DRAC, my future qpopper RPM's will be built with DRAC support and
require the library from the DRAC package. (Ie. install dracd*.rpm,
then qpopper*.rpm.) Note that this does not automatically add POP
before SMTP to sendmail. You must still edit your sendmail .mc file to
add the additional relay rules to take advantage of the DRAC database.
Add the following to the bottom of your .mc file and recompile it to
add DRAC relaying (not that the lines beginning with R use tabs to
separate columns!):
LOCAL_CONFIG
# dynamic relay authorization control map
Kdrac btree /etc/mail/dracd
LOCAL_RULESETS
SLocal_check_rcpt
# allow recent POP/IMAP mail clients to relay
R$* $: $&{client_addr}
R$+ $: $(drac $1 $: ? $)
R? $@ ?
R$+ $@ $#OK
Ken
mailto:shiva at well dot com
http://www.sewingwitch.com/ken/
http://www.harrybrowne2000.org/
From: "Jack Barnett" <jbarnett at axil.netmate dot com>
Subject: Re: Secure pop...
Date: Mon, 17 Jul 2000 14:01:24 -0500
I got a ton of mail from this and a ton of good stuff out there, didn't know
this much existed!
What is working now is using OpenSSH (solaris) on the server and TTSSH
(windows) on the client side. It was fairly painless to setup and the
redirect works good. ttssh is the first windows ssh client I have seen
(freely avaiable anyways) that does port forwarding. The good thing about
this (from user land) is that it can be used with any standard email client,
the bad (from user land) is you have to log into ssh and keep the window
open while checking email...
I tried sslwrap which looked a little more transpart to the user, but I am
still having some problems getting it compiled on Solaris 7 (sparc).
Just want to send an email and let everyone know that I am gratefull for all
the good ideas.
Thanks again,
Jack
Date: Mon, 17 Jul 2000 13:23:43 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: lost mail. help?
ok, thanx!
-Cygnus
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Sat, 15 Jul 2000, Qpopper Support wrote:
> At 3:42 PM -0400 7/12/00, Admin Mailing Lists wrote:
>
> > > > (216.37.162.33): -ERR Overquota: copying messages back to
> > mailspool (122)
> >>
> >> It sounds like the mail is still in the temp spool, which is
> >> .user.pop in the spool directory, unless you've changed it with
> >> configure flags.
> >
> > nope, not in the configured temp spool directory. i'm in server mode btw
>
> Oops! Turns out there is a bug that can lose mail if the user goes
> over quota during the session, in server mode.
>
> Fixed in 3.1b5. Now, the mail remains in the temp spool, where it
> will be recovered next time.
>
Date: Mon, 17 Jul 2000 13:55:18 -0400
From: Forrest Aldrich <forrie at forrie dot com>
Subject: Re: Secure pop...
Stunnel is free....
At 07:39 PM 7/17/00 +0200, Kalle Andersson wrote:
>On Mon, 17 Jul 2000, Forrest Aldrich wrote:
>
> > You can use "stunnel" which works on Unix and Windoze to tunnel traffic
> > over an encrypted channel.
>
>Well yes, but this requires extra hand-on which most customer won't be
>able to handle...
>
>Everything that needs anything that a customer doesn't have is pure
>evil in my eyes...
>
>--
>Med vänlig hälsning
>Kalle Andersson
>kalle at sslug dot dk
Date: Mon, 17 Jul 2000 16:07:08 -0400
From: Joseph S D Yao <jsdy at cospo.osis dot gov>
Subject: Re: Secure pop...
On Mon, Jul 17, 2000 at 07:39:50PM +0200, Kalle Andersson wrote:
...
> Well yes, but this requires extra hand-on which most customer won't be
> able to handle...
>
> Everything that needs anything that a customer doesn't have is pure
> evil in my eyes...
You mean, for instance, software? Which a computer does not have,
initially.
- operating system
- networking
- word processor
- disk drive
- floppy drive
- CD ROM or DVD drive
- backup hardware
- backup software
- etc.
--
Joe Yao jsdy at cospo.osis dot gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Date: Mon, 17 Jul 2000 23:08:51 +0200 (CEST)
From: Kalle Andersson <kalle at sslug dot dk>
Subject: Re: Secure pop...
On Mon, 17 Jul 2000, Joseph S D Yao wrote:
> On Mon, Jul 17, 2000 at 07:39:50PM +0200, Kalle Andersson wrote:
> ...
> > Well yes, but this requires extra hand-on which most customer won't be
> > able to handle...
> >
> > Everything that needs anything that a customer doesn't have is pure
> > evil in my eyes...
>
> You mean, for instance, software? Which a computer does not have,
> initially.
>
> - operating system
> - networking
> - word processor
> - disk drive
> - floppy drive
> - CD ROM or DVD drive
> - backup hardware
> - backup software
> - etc.
>
>
Yepp, everything that the costumer needs, but doesn't have, to use a
service from us is evil...
Then of course, I won't be responsible for their backup, but I dislike the
fact that they need additional software so much that I'd rather have them
using the unsecure way by using whatever mailclient they're used to, which
often is outlook express..
--
Med vänlig hälsning
Kalle Andersson
kalle at sslug dot dk
Date: Tue, 18 Jul 2000 08:19:43 +1000 (EST)
From: Ben Elliston <bje at redhat dot com>
Subject: Re: Secure pop...
You can use "stunnel" which works on Unix and Windoze to tunnel
traffic over an encrypted channel.
Do any of the existing POP-3 clients (say, on Windows) know how to do POP-3
over SSL?
Ben
Date: Mon, 17 Jul 2000 18:26:25 -0400
From: Forrest Aldrich <forrie at forrie dot com>
Subject: Re: Secure pop...
Well, that's the magic of using a tool like STUNNEL. It's completely
transparent to the application... what you're doing, on the network layer,
is port forwarding POP -> the STUNNEL and on the gateway STUNNEL ->
POP. So, there doesn't need to be any specialized hacks in the client code.
_F
At 08:19 AM 7/18/00 +1000, Ben Elliston wrote:
> You can use "stunnel" which works on Unix and Windoze to tunnel
> traffic over an encrypted channel.
>
>Do any of the existing POP-3 clients (say, on Windows) know how to do POP-3
>over SSL?
>
>Ben
Date: Mon, 17 Jul 2000 19:16:24 -0400
From: Forrest Aldrich <forrie at forrie dot com>
Subject: Re: Secure pop...
The price of security, if you really are concerned about it.
At 09:00 AM 7/18/00 +1000, Ben Elliston wrote:
> Well, that's the magic of using a tool like STUNNEL. It's completely
> transparent to the application... what you're doing, on the network
> layer, is port forwarding POP -> the STUNNEL and on the gateway
> STUNNEL -> POP. So, there doesn't need to be any specialized hacks in
> the client code.
>
>So you're suggesting that Windows clients run it on their end, too?
>That sounds like too much work for the average Windows user. ;-(
>
>Ben
Date: Mon, 17 Jul 2000 19:24:05 -0400 (EDT)
From: Dave <scotty at wargames dot org>
Subject: The dot-lock and quota issue
I've searched through the archive for an answer, and although this
question has came up at least a couple times, I couldn't find a solution.
So I'm gonna give it a shot myself.
After upgrading from QPopper 2.53 to 3.0.2, I've noticed a problem with
quotas and the lock file. Note that I'm not talking about the .pop file,
which can be solved by using --enable-temp-drop-dir. I'm talking about the
actual mailbox lock file, username.lock.
When a user who has been over quota tries to access their mail, they are
denied because the dot-lock cannot be written to with the following error:
in.popperd[18056]: write to newly-created lock file
/usr/spool/mail/username.lock failed: Quota exceeded (122)
in.popperd[18056]: username at 192.168.1.1 (192.168.1.1):
-ERR [SYS/TEMP] maillock error 3: '/usr/spool/mail/username'
My first thought was to have the lock moved to another place, however it
was already noted on this list that this defeats the purpose of the
locking.
So, is there a workaround for this situation? How are other people working
with over quota users? Ideally, I'd like them to still be able to check
their mail and delete messages even if they are over quota.
AFAIK, QPopper 2.53 didn't exhibit this behavior, and worked fine as long
as your temp-drop-dir was a non-quota directory.
I'm running QPopper 3.0.2 on Linux compiled with:
--enable-servermode --enable-specialauth --enable-log-login
--with-log-facility=LOG_LOCAL0 --enable-temp-drop-dir=/var/spool/poptemp
Thanks in advance for any help!
Dave
--
(Semi-RFC Compliant Crappy Sig #13)
Dave | E-Mail | The truth is out
scotty at wargames dot org | scotty-pgp at wargames dot org | there. Drink
BOFH | for PGP Public Key | milk. MOO.
18 92 8E 39 D5 CD 26 60 3B B1 A2 59 4C 3A 76 5F
Date: Mon, 17 Jul 2000 19:04:03 -0700
From: Stephen Samuel <samuel at bcgreen dot com>
Subject: Re: Secure pop...
Kalle Andersson wrote:
>
> Hello!
....
> What I'd like to know is, what secure methods for popping are available in
> todays mail-clients? I'm talking about the usual mail-clients, like
> Outlook Express, NS Messanger, Eudora etc.
using ssh (ttssh I think was suggested as an OS solution) to open
an encrypted pipe allows users to make transparent use of
what is essentially a limited, private VPN.
On a Unix box:
------
#!/bin/bash
ssh -L11110:server.bcgreen.com:110 samuel at server.bcgreen dot com
------
I then setup netscape to pop from localhost:11110 (that's the
actual string I use for netscape).
___
With windows it's a little bit easer since users can listen
on port 110, so you simply setup ssh to forward local:110 to server:110
users would then connect to localhost:110 to pickup POP mail.
If you don't want users to have an actual shell account on the
mail server, you can make it a dummy program that does a sleep 100000
(which would keep the connection open for 27 hours).
cat /usr/local/bin/waiter
#!/bin/bash
sleep 100000
exit 0
--
Stephen Samuel +1(604)876-0426 samuel at bcgreen dot com
http://www.bcgreen.com/~samuel/
The question, for this world, is not "will I die?".
It is, rather, "how will I live?".
From: "Ian Scott" <weehughie at home dot com>
Subject: RE: POP Before SMTP
Date: Tue, 18 Jul 2000 03:43:27 -0400
After several attempts, I did compare the patch with what I found in the
actual file, and figured that maybe the +'s shouldn't have been there, so I
removed them. It still did not work, but perhaps I had made other changes
as well by that time. I will go back and try it again just to see.. but..
I was just advised that this patch was not necessary as this version of
QPopper has support for DRAC built in. So, I went and got DRAC and tried to
install that on the server. I found the instructions that came with the
downloaded file were slightly different than what is on the website however,
and in some places a little confusing. Has anyone here installed DRAC on a
Linux server and wouldn't mind some private correspondance and questions
regarding this? (I am not sure if it would be appropriate for this list or
not).
Thanks for your assistance, Joseph!
> -----Original Message-----
> From: Joseph S D Yao [mailto:jsdy at cospo.osis dot gov]
> Sent: July 17, 2000 1:25 PM
> To: Ian Scott
> Cc: Subscribers of Qpopper
> Subject: Re: POP Before SMTP
>
>
> On Sun, Jul 16, 2000 at 01:15:22PM -0400, Ian Scott wrote:
> > The problem is that after I have added the modification to
> pop_pass.c, and
> > try to make qpopper, I end up with parsing errors. Is there someone who
> > could help out? Is this bit of code outdated for the qpopper
> 3.0? Or, is
> > the patch written wrong?
>
> If you are not familiar with context-diffs, you may not have realized
> that the "+" marks at the beginning of certain lines are just to show
> what lines are to be added. They must be removed before compiling.
>
> Was that the problem? ;-)
>
> --
> Joe Yao jsdy at cospo.osis dot gov -
> Joseph S. D. Yao
> COSPO/OSIS Computer Support EMT-B
> -----------------------------------------------------------------------
> This message is not an official statement of COSPO policies.
>
From: "Jack Barnett" <jbarnett at axil.netmate dot com>
Subject: Re: Secure pop...
Date: Tue, 18 Jul 2000 09:33:52 -0500
> The price of security, if you really are concerned about it.
Just because you or your system/network admin is concerned about security
doesn't mean that your users will be, and even if you users are concerned
with security it is second to there "easy of use".
One thing I have been looking at is stunnel, it is more transpart to the
user, the check one box in outlook and they are done, everything else works
the same. Kinda nice, get better security and users don't even notice
anything "funny" is going on in the back end of there MS point and click
user freindly application :)
> At 09:00 AM 7/18/00 +1000, Ben Elliston wrote:
> > Well, that's the magic of using a tool like STUNNEL. It's completely
> > transparent to the application... what you're doing, on the network
> > layer, is port forwarding POP -> the STUNNEL and on the gateway
> > STUNNEL -> POP. So, there doesn't need to be any specialized hacks
in
> > the client code.
> >
> >So you're suggesting that Windows clients run it on their end, too?
> >That sounds like too much work for the average Windows user. ;-(
> >
> >Ben
>
From: "Kenneth Porter" <shiva at well dot com>
Date: Tue, 18 Jul 2000 09:42:54 -0700
Subject: RE: POP Before SMTP
On Tue, 18 Jul 2000 03:43:27 -0400, Ian Scott wrote:
>I was just advised that this patch was not necessary as this version of
>QPopper has support for DRAC built in. So, I went and got DRAC and tried to
>install that on the server. I found the instructions that came with the
>downloaded file were slightly different than what is on the website however,
>and in some places a little confusing. Has anyone here installed DRAC on a
>Linux server and wouldn't mind some private correspondance and questions
>regarding this?
Where are you having problems? The only tricky bit I found was where it
wanted to install the library, in a subdirectory by itself. I changed
that to put it in /usr/lib. Which Linux are you using? I have a Red Hat
RPM package (see yesterday's posting) that does all the dirty work. You
just need to add the DRAC rules to your sendmail setup and compile
qpopper to use DRAC.
Ken
mailto:shiva at well dot com
http://www.sewingwitch.com/ken/
http://www.harrybrowne2000.org/
Date: Tue, 18 Jul 2000 19:37:55 +0200 (CEST)
From: <fikser at irc.randmeer dot nl>
Subject: Vpop mail
Hello,
I am running one vhost machine... their are different domains pointed to
one
ip adress on that machine.
Now i am running qpopper on that machine and i have one domain that can
receive and send mail.
But now i want the other domains to do the same thing on the same machine.
So i need e.g admin at blah.org admin@test dot org admin at plaap dot org all running on
the same machine. Now i read that qpopper don;t support vhosts, so do i
must
run another mail deamon? or can it be done with sendmail or some other
way?
I appreciate your help very kindly!
F.Edens
admin at irc.randmeer dot nl
From: MikeS at ldm dot com
Subject: error
Date: Tue, 18 Jul 2000 10:31:31 -0700
------_=_NextPart_000_01BFF0DE.031D21B0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01BFF0DE.031D21B0"
------_=_NextPart_001_01BFF0DE.031D21B0
Content-Type: text/plain;
charset="iso-8859-1"
What would be a good starting point for troubleshooting for a problem where
users can send (SMTP) but not receive (qpopper3.02)??
=====
Mike Singleton, CNE
LD McFarland
1640 East Marc St.
Tacoma WA 98421
(800) 426-8430 x365
------_=_NextPart_001_01BFF0DE.031D21B0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; =
charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version =
5.5.2652.35">
<TITLE>error</TITLE>
</HEAD>
<BODY>
<P><FONT FACE=""Verdana"">What would be a good starting point for =
troubleshooting for a problem where users can send (SMTP) but not =
receive (qpopper3.02)??</FONT></P>
<P><FONT FACE="Arial">=A0</FONT>
<BR><FONT FACE="Arial">=====</FONT>
<BR><FONT FACE="Arial">Mike Singleton, CNE</FONT>
<BR><FONT FACE="Arial">LD McFarland</FONT>
<BR><FONT FACE="Arial">1640 East Marc St.</FONT>
<BR><FONT FACE="Arial">Tacoma WA 98421</FONT>
<BR><FONT FACE="Arial">(800) 426-8430 x365</FONT>
</P>
<P><FONT FACE="Arial" SIZE=2 COLOR="#000000"></FONT>
</BODY>
</HTML>
------_=_NextPart_001_01BFF0DE.031D21B0--
------_=_NextPart_000_01BFF0DE.031D21B0
Content-Type: image/gif;
name="TechTool.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="TechTool.gif"
Content-ID: <963593117@18072000-36bf>
R0lGODlhQQByAPcAAAAAADMzM2ZmZpmZmcDAwAAAAAAAAAAAAPB0AQBMAE0AAABNABoAAAAMF1AA
fOxvADcBAACg9m8AcIj7vzCL+7//////yOxvAKxK978AAAAAMxdQACBK978BAAAADBdQALvxQwDY
H1AAAAAAAGYAAAAMF1AArAwAACgYUAABAAAA2B9QAEwAAACsDAAAAABAANgfUAAAAAAAAAAAAAEA
AAAsGVAABAEAAAAAAAAAAAAAKBhQADztbwBsAAgAGgAjAAAAAAAMF1AAYHNAANQCSABPcGVuAAAA
AAAMzxfE7W8ACO9vAMgn97/JF/a/AHBvAFxcQ2hyaXNuZVxjJFxvbGs5XHN0YXRpb24AdGVjaHRv
b2wuZ2lmAADE7W8AJ0v2vwQLXQAAAAAA5xcvAR+AFwE/AT8BKABvAQYAFwAfgBcBzj/PF/8WAAAA
AHhOIwDnAtaNPjfnFwEA9hQgAAIAcApvAAAAAAAAAF4BBI4BRPw5AgCE/QIA/xZgAAAAWgB+IAEA
SoABADABAAAJAH4gan9OIl8DCQAAAH4gOvUAAJp/AAAAAPQKAwCE/QIAABaEjgAADABvADJ+UFIA
BAADAAQBCAAAAAAABAAAAAAAAAAAAABbAQPAAAQwAH4gthcPAzcYDwMAAAAAUQBYAIg5AgAcD6x+
XFxDaHJpc25lXGMkXG9sazlcc3RhdGlvblx0ZWNodG9vbC5naWYAAAAAJkoDAAAEMABiAAAAXQAA
AFwwAQDW/zSAfwNbAV5/JQJ/AwkAAAB+IEr7AADO+wAANxgPA7YXDwNKALDxbwCY8W8ABoIAAOLx
YQAAAGIATABdAEYAA8ACBQAATAIAAAgXUAAcAQAAx4L3vwAATQAkGFAATAIAAAAAAAAIF1AAAABN
AEEAAAAMAE0AAQUAAAAAAABAAAAAgoT3v0EAAACZhPe/AABNAEEAAAAAAAAAAAAAAEEAAACsDAAA
AAAAAPCT978AAE0ALpT3v/SIXoFmAAAAZgAAAKwMAAAFhkMArAwAACH5BAEAAAQALAAAAABBAHIA
QAj/AAkIHCBAoMGDBwEoLIgw4UCFAAY0nDhRAEOEBAlChGhwI0UCAzx+HHmwoESSFxMqlBhA4EYB
AwJsBABzpEwABlOCJDkx5EyFFHHaVBjg5McBRnPyjEmUpNCGP1fybKjz4kKSNyEWzSrUJEeMOnsS
CDsV4cakZr8S+AmT7Fi3SyGefFpR7UikVIuWXSsV6lG7R2siTOm26WC6dA/6bDkyMdWPcicCNdtz
cs6kidEaRHt2M2MBlh2mNapXIGjHAxuihQuyr9+cERvefKxY9dipNxlLpugTdcWdGDVPvMka8dW9
mzWHjBtaskjkZpUrDfoy5UzoYkFKD9oxKgDdLvc+/w+uOoCAAObRn+e6Ub3786DTp4fPXqv89ee3
O2/eGGF9tb4JZ5Rw0F2X02mAlZSaar6JN95+BIoGFnYPNshXbEtlx5pL/BnVYGROHfUbh6g151uC
09VGlUQn9fYdcDsthlSLGCJ13koDtvYScILdZRB4m/EXnmJCEsdbhLc5JeSQIAF54UgM4fUaTyh2
JFuVkAm3IYkh9oYkSlp+mZWSS+6VkW1rDZTbQs8lldWWPDG0oZMkngQTe2kip9ZFUqroH5GujRcR
ewJKReeXdXkXloUqWdjnZmTOFJNmjk2qo6QiDvbXTzOWJuFAk3pHkn7UMWrlYd4hqeVwOhba3nIP
qf/V258YZWdad6ZSNlNRNc3K6oKaJoldSVr5+RJRRM0FY0meDnsho8XeRVaP2HmZJ29YKqYcooki
BqVho1ZW4HGfQlUmZbbB+SR3FOU2FYuqtdgYf55+eO6twELqZ3dOhmQdthj2lNSqFJ1GlmtMjvbr
srxRx6duPk2pEkOeulhrvEYhKBW8SCUrZUgtInVTnydxNXBYlGqrsMQcdnskmsHux253MgvU75eM
jjzzWmHNtvCjC5rq6275cokSvoNxCyLRGGUL1rbvZpvYg+8KONXSRCPorHZMzxvwbtE6+/Wpdzm9
49Y8x3sVyGmdmxW3UBKUqYHPQob11kDvC6PG+o7/RfWwUWYXIURtGapVrir7aXWKjRZk1Vk4Ubtp
lEmRhZaTS/NN4t1t20zb1Y0iS7iELdJ5GgF0Cqv3QS25SDfZo4Jr6+pt79r1keZtuHipMxV2VH2S
KxjvgnZGZRKCvNKk0UIs/gcvcDZinK/rhi2vPGgWIViTxqOrmDfDitXXLLpUiZopeR/d+T35rJvv
I/rDIdxf7ZimfpRwLcl+GbB0aUwo7OGiVbaohyuaBIleMEuOik7DLblFhG5eEdKjoMaw9UFGezoq
XJlUJRF1RYpPBQQh7UCFtgOW6TkGkldwPAiwF9mtOWxjoHIQl76/NQpRY2sN2t4GrXslTIFiM4yj
/5yGtGd554hITKISk7g/CpHrWhCqGoOgY61yde5qM0TO0KzYqLKgJnpRW1KDtpi+VTXwiexrG6Ke
FyzdofFa9sqVChW3KUp56IWjmmPiQIIyIYUmQPJL2uqABh6faEYmaYSNhey3R9b5LYfYSySHfDe7
ohErh3xhGc0+JzkKNk0ozYqYJEXZpMNIEVXlYcqinIMeznRmdfhBD3vuI8sl/kQ+8tkVLlH2ScAQ
xGeJjI+l0oIypemkXph0DMJiwiECWU4xfKLUiczlsPPRzjenu51M+mjA1HGLkW/8oQsB5abPKY41
htyZH3P4qGeqrlSQCRKDMAksqynthAB85JcC1zSw2OGzYIF8mWrgxLl81qksbZni1c5VooBm6XZ4
jCeg6HnBSrZwfqYhYk8eZ8uOevSjAAgIADs=
------_=_NextPart_000_01BFF0DE.031D21B0--
Date: Tue, 18 Jul 2000 19:05:09 +0100
From: Fergal Daly <fergal at esatclear dot ie>
Subject: Re: error
At 18:31 18/07/00, MikeS at ldm dot com wrote:
>What would be a good starting point for troubleshooting for a problem
>where users can send (SMTP) but not receive (qpopper3.02)??
That would depnd on what you mean by "receive". If you mean the mail
bounces back to the sender then it has nothing to do with qpopper, check
the config of you incoming SMTP mail agent (probably sendmail). Also if the
mail is not ending up in the mail spools of the users, the problem is with
your incoming mail setup.
The only case where you need to think about qpopper is if you can see the
mail sitting there on the server in someone's mail file but when the user
checks mail it doesn't come through. In this case you should try a
different mail client or try issuing commands directly to the pop server on
port 110. If you can download the mail using either of these methods, the
problem is with your mail reader. You should also look at your log files to
see what qpopper is saying about these attempts to collect mail, it's
probably logging to /var/log/maillog but that depends on your setup.
If the problem still apears to be qpopper and you still haven't made any
more progress then come back with more details,
Fergal
From: "Master" <NetMaster at mailru dot com>
Subject: Re: error
Date: Tue, 18 Jul 2000 21:03:13 +0300
error A good starting point would be checking /var/log/messages (at
Linux) to see
errors when qpopper trying to start. It assumes that you correctly modified
your inetd.conf file.
----- Original Message -----
From: MikeS at ldm dot com
To: Subscribers of Qpopper
Sent: Tuesday, July 18, 2000 8:31 PM
Subject: error
What would be a good starting point for troubleshooting for a problem where
users can send (SMTP) but not receive (qpopper3.02)??
=====
Mike Singleton, CNE
LD McFarland
1640 East Marc St.
Tacoma WA 98421
(800) 426-8430 x365
Date: Tue, 18 Jul 2000 11:46:23 -0700 (PDT)
From: "Jeremy C. Reed" <reed at wcug.wwu dot edu>
Subject: Re: error
> What would be a good starting point for troubleshooting for a problem where
> users can send (SMTP) but not receive (qpopper3.02)??
Make sure that the mail is really delivered to the mail spool directory.
Send an email to a user on the server that has the POP3 server. Look in
/var/mail or /var/spool/mail to see if the user's mailbox exists. Look at
the MTA logs (maybe /var/log/maillog or /var/log/exim/mainlog) to see if
the mail was even delivered.
What are the error messages when trying to recieve mail via POP3?
Jeremy C. Reed
http://www.reedmedia.net/
http://bsd.reedmedia.net/
Date: Tue, 18 Jul 2000 14:59:47 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: Secure pop...
or you could start tightening up your network first, then think about
encryption. i dont know about you, but most of my pop3 users are
retreiving locally. their computer->dialup server->switch->mail server
If you got:
A) a switch instead of a hub.
B) the switched ports locked down to the MAC addresses they're connected
to.
your chances of anyone sniffing your pop3 mail/passwords are low.
then all you have to worry about is your roaming customers..most of them
install specialized software for roaming anyway, i'm sure they wouldn't
mind installing some sort of SSL/whatever software..or if you had a
web-based system with an SSL certificate even
*shrug*
-Cygnus
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Mon, 17 Jul 2000, Forrest Aldrich wrote:
> The price of security, if you really are concerned about it.
>
>
> At 09:00 AM 7/18/00 +1000, Ben Elliston wrote:
> > Well, that's the magic of using a tool like STUNNEL. It's completely
> > transparent to the application... what you're doing, on the network
> > layer, is port forwarding POP -> the STUNNEL and on the gateway
> > STUNNEL -> POP. So, there doesn't need to be any specialized hacks in
> > the client code.
> >
> >So you're suggesting that Windows clients run it on their end, too?
> >That sounds like too much work for the average Windows user. ;-(
> >
> >Ben
>
>
From: "Jack Barnett" <jbarnett at axil.netmate dot com>
Subject: Re: Secure pop...
Date: Tue, 18 Jul 2000 14:28:56 -0500
> or you could start tightening up your network first, then think about
> encryption. i dont know about you, but most of my pop3 users are
> retreiving locally. their computer->dialup server->switch->mail server
> If you got:
> A) a switch instead of a hub.
> B) the switched ports locked down to the MAC addresses they're connected
> to.
> your chances of anyone sniffing your pop3 mail/passwords are low.
> then all you have to worry about is your roaming customers..most of them
> install specialized software for roaming anyway, i'm sure they wouldn't
> mind installing some sort of SSL/whatever software..or if you had a
> web-based system with an SSL certificate even
>
> *shrug*
>
> -Cygnus
> .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
> Anthony J. Biacco Network Administrator/Engineer
> thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
>
> "Dream as if you'll live forever, live as if you'll die today"
> http://www.asteroid-b612.org http://www.intergrafix.net
> .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
>
That is one thing I have always wondered, why doesn't things like
hotmail.com or excite.com mail have SSL? Probably be a HUGE load on the
servers with a bunch of encrypt/decryption going on for each users...
mail.yahoo.com allows SSL login, but after that, plain text.
Jack
Date: Tue, 18 Jul 2000 15:15:02 -0400 (EDT)
From: Admin Mailing Lists <mlist at intergrafix dot net>
Subject: Re: The dot-lock and quota issue
personally, i put them in the same directory with the pop drops. this
doesn't affect locking because i dont use procmail for local delivery..i
use postfix for my MTA, not sendmail.
So, in short, you can change your MTA and use postfix instead of sendmail
(assuming you're using that with procmail)
It sounds like overkill, but postfix is better and easier in my opinion
http://www.postfix.org in case that's what you decide
-Cygnus
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612 dot org Intergrafix Internet Services
"Dream as if you'll live forever, live as if you'll die today"
http://www.asteroid-b612.org http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Mon, 17 Jul 2000, Dave wrote:
> I've searched through the archive for an answer, and although this
> question has came up at least a couple times, I couldn't find a solution.
> So I'm gonna give it a shot myself.
>
> After upgrading from QPopper 2.53 to 3.0.2, I've noticed a problem with
> quotas and the lock file. Note that I'm not talking about the .pop file,
> which can be solved by using --enable-temp-drop-dir. I'm talking about the
> actual mailbox lock file, username.lock.
>
> When a user who has been over quota tries to access their mail, they are
> denied because the dot-lock cannot be written to with the following error:
>
> in.popperd[18056]: write to newly-created lock file
> /usr/spool/mail/username.lock failed: Quota exceeded (122)
> in.popperd[18056]: username at 192.168.1.1 (192.168.1.1):
> -ERR [SYS/TEMP] maillock error 3: '/usr/spool/mail/username'
>
> My first thought was to have the lock moved to another place, however it
> was already noted on this list that this defeats the purpose of the
> locking.
>
> So, is there a workaround for this situation? How are other people working
> with over quota users? Ideally, I'd like them to still be able to check
> their mail and delete messages even if they are over quota.
>
> AFAIK, QPopper 2.53 didn't exhibit this behavior, and worked fine as long
> as your temp-drop-dir was a non-quota directory.
>
> I'm running QPopper 3.0.2 on Linux compiled with:
>
> --enable-servermode --enable-specialauth --enable-log-login
> --with-log-facility=LOG_LOCAL0 --enable-temp-drop-dir=/var/spool/poptemp
>
> Thanks in advance for any help!
> Dave
>
> --
> (Semi-RFC Compliant Crappy Sig #13)
> Dave | E-Mail | The truth is out
> scotty at wargames dot org | scotty-pgp at wargames dot org | there. Drink
> BOFH | for PGP Public Key | milk. MOO.
>
> 18 92 8E 39 D5 CD 26 60 3B B1 A2 59 4C 3A 76 5F
>
>
From: "James Nelson" <james at digit.bloomnet dot com>
Subject: Re: The dot-lock and quota issue
Date: Tue, 18 Jul 2000 19:55:06 -0500
Not really the place to mention it, but huge exposure to the user
community so without further filler...........
VERY serious holes in Active X support have been found in all Windows
platforms and all MS mail clients, browsers, etc. (95, 98 NT, 2000 OS
browsers Including IE 4.0 and newer-- even IE 5.5, Outlook Express,
97, 98, 2000, and other MS office apps supporting scripting like
access)
If you want to know the details I'd suggest researching it.
----- Original Message -----
From: "Admin Mailing Lists" <mlist at intergrafix dot net>
To: "Dave" <scotty at wargames dot org>
Cc: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Tuesday, July 18, 2000 2:15 PM
Subject: Re: The dot-lock and quota issue
| personally, i put them in the same directory with the pop drops.
this
| doesn't affect locking because i dont use procmail for local
delivery..i
| use postfix for my MTA, not sendmail.
| So, in short, you can change your MTA and use postfix instead of
sendmail
| (assuming you're using that with procmail)
| It sounds like overkill, but postfix is better and easier in my
opinion
| http://www.postfix.org in case that's what you decide
|
| -Cygnus
|
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-
.
| Anthony J. Biacco Network
Administrator/Engineer
| thelittleprince at asteroid-b612 dot org Intergrafix Internet
Services
|
| "Dream as if you'll live forever, live as if you'll die today"
| http://www.asteroid-b612.org
http://www.intergrafix.net
|
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-
.
|
| On Mon, 17 Jul 2000, Dave wrote:
|
| > I've searched through the archive for an answer, and although this
| > question has came up at least a couple times, I couldn't find a
solution.
| > So I'm gonna give it a shot myself.
| >
| > After upgrading from QPopper 2.53 to 3.0.2, I've noticed a problem
with
| > quotas and the lock file. Note that I'm not talking about the .pop
file,
| > which can be solved by using --enable-temp-drop-dir. I'm talking
about the
| > actual mailbox lock file, username.lock.
| >
| > When a user who has been over quota tries to access their mail,
they are
| > denied because the dot-lock cannot be written to with the
following error:
| >
| > in.popperd[18056]: write to newly-created lock file
| > /usr/spool/mail/username.lock failed: Quota exceeded (122)
| > in.popperd[18056]: username at 192.168.1.1 (192.168.1.1):
| > -ERR [SYS/TEMP] maillock error 3: '/usr/spool/mail/username'
| >
| > My first thought was to have the lock moved to another place,
however it
| > was already noted on this list that this defeats the purpose of
the
| > locking.
| >
| > So, is there a workaround for this situation? How are other people
working
| > with over quota users? Ideally, I'd like them to still be able to
check
| > their mail and delete messages even if they are over quota.
| >
| > AFAIK, QPopper 2.53 didn't exhibit this behavior, and worked fine
as long
| > as your temp-drop-dir was a non-quota directory.
| >
| > I'm running QPopper 3.0.2 on Linux compiled with:
| >
| > --enable-servermode --enable-specialauth --enable-log-login
|
> --with-log-facility=LOG_LOCAL0 --enable-temp-drop-dir=/var/spool/pop
temp
| >
| > Thanks in advance for any help!
| > Dave
| >
| > --
| > (Semi-RFC Compliant Crappy Sig #13)
| > Dave | E-Mail | The
truth is out
| > scotty at wargames dot org | scotty-pgp at wargames dot org | there.
Drink
| > BOFH | for PGP Public Key | milk.
MOO.
| >
| > 18 92 8E 39 D5 CD 26 60 3B B1 A2 59 4C 3A 76 5F
| >
| >
|
From: "Master" <NetMaster at mailru dot com>
Subject: Re: The dot-lock and quota issue
Date: Wed, 19 Jul 2000 09:20:15 +0300
Yeah, please research it.
> Not really the place to mention it, but huge exposure to the user
> community so without further filler...........
>
> VERY serious holes in Active X support have been found in all Windows
> platforms and all MS mail clients, browsers, etc. (95, 98 NT, 2000 OS
> browsers Including IE 4.0 and newer-- even IE 5.5, Outlook Express,
> 97, 98, 2000, and other MS office apps supporting scripting like
> access)
>
> If you want to know the details I'd suggest researching it.
>
>
>
> ----- Original Message -----
> From: "Admin Mailing Lists" <mlist at intergrafix dot net>
> To: "Dave" <scotty at wargames dot org>
> Cc: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
> Sent: Tuesday, July 18, 2000 2:15 PM
> Subject: Re: The dot-lock and quota issue
>
>
> | personally, i put them in the same directory with the pop drops.
> this
> | doesn't affect locking because i dont use procmail for local
> delivery..i
> | use postfix for my MTA, not sendmail.
> | So, in short, you can change your MTA and use postfix instead of
> sendmail
> | (assuming you're using that with procmail)
> | It sounds like overkill, but postfix is better and easier in my
> opinion
> | http://www.postfix.org in case that's what you decide
> |
> | -Cygnus
> |
> .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-
> .
> | Anthony J. Biacco Network
> Administrator/Engineer
> | thelittleprince at asteroid-b612 dot org Intergrafix Internet
> Services
> |
> | "Dream as if you'll live forever, live as if you'll die today"
> | http://www.asteroid-b612.org
> http://www.intergrafix.net
> |
> .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-
> .
> |
> | On Mon, 17 Jul 2000, Dave wrote:
> |
> | > I've searched through the archive for an answer, and although this
> | > question has came up at least a couple times, I couldn't find a
> solution.
> | > So I'm gonna give it a shot myself.
> | >
> | > After upgrading from QPopper 2.53 to 3.0.2, I've noticed a problem
> with
> | > quotas and the lock file. Note that I'm not talking about the .pop
> file,
> | > which can be solved by using --enable-temp-drop-dir. I'm talking
> about the
> | > actual mailbox lock file, username.lock.
> | >
> | > When a user who has been over quota tries to access their mail,
> they are
> | > denied because the dot-lock cannot be written to with the
> following error:
> | >
> | > in.popperd[18056]: write to newly-created lock file
> | > /usr/spool/mail/username.lock failed: Quota exceeded (122)
> | > in.popperd[18056]: username at 192.168.1.1 (192.168.1.1):
> | > -ERR [SYS/TEMP] maillock error 3: '/usr/spool/mail/username'
> | >
> | > My first thought was to have the lock moved to another place,
> however it
> | > was already noted on this list that this defeats the purpose of
> the
> | > locking.
> | >
> | > So, is there a workaround for this situation? How are other people
> working
> | > with over quota users? Ideally, I'd like them to still be able to
> check
> | > their mail and delete messages even if they are over quota.
> | >
> | > AFAIK, QPopper 2.53 didn't exhibit this behavior, and worked fine
> as long
> | > as your temp-drop-dir was a non-quota directory.
> | >
> | > I'm running QPopper 3.0.2 on Linux compiled with:
> | >
> | > --enable-servermode --enable-specialauth --enable-log-login
> |
> > --with-log-facility=LOG_LOCAL0 --enable-temp-drop-dir=/var/spool/pop
> temp
> | >
> | > Thanks in advance for any help!
> | > Dave
> | >
> | > --
> | > (Semi-RFC Compliant Crappy Sig #13)
> | > Dave | E-Mail | The
> truth is out
> | > scotty at wargames dot org | scotty-pgp at wargames dot org | there.
> Drink
> | > BOFH | for PGP Public Key | milk.
> MOO.
> | >
> | > 18 92 8E 39 D5 CD 26 60 3B B1 A2 59 4C 3A 76 5F
> | >
> | >
> |
>
From: "ganizani" <ganizani at malawi dot net>
Subject: What makes addresses unbalanced
Date: Wed, 19 Jul 2000 09:18:52 +0200
When I check to postmaster mail I am oftenly receiving this kind of mail.
What causes addresses to be unbalanced. What can I do to solve this.
This is the message I get.
---- Original Message -----
From: Mail Delivery Subsystem <MAILER-DAEMON>
To: <postmaster>
Sent: Tuesday, July 18, 2000 8:28 PM
Subject: Postmaster warning: "mam" <user at mydomain dot net>>... Unbalanced '>'
> The original message was received at Tue, 18 Jul 2000 20:27:41 +0200 (CAT)
> from [196.2.16.241]
> with id e6IIRWR30927
>
> ----- Transcript of session follows -----
> 553 5.0.0 "mam" <user at mydomain dot net>>... Unbalanced '>'
> 553 5.0.0 "mam" <user at mydomain dot net>>... Unbalanced '>'
> 553 5.0.0 "mam" <user at mydomain dot net>>... Unbalanced '>'
>
----------------------------------------------------------------------------
----------------
I believe most of you have some sendmail experience. Please help.
Ganizani Phiri,
Malawi.
Date: Wed, 19 Jul 2000 17:33:57 +1000 (EST)
From: Andrew <andrewl at ocean.com dot au>
Subject: Re: What makes addresses unbalanced
The message, if you look carefully, actually reads "Unbalanced '>' ", and you
should also notice that the email address ends with two '>' instead of one.
It's the same principle as having unmatched (or unbalanced) brackets.
Cheers
Andrew
On Wed, 19 Jul 2000, ganizani wrote:
> When I check to postmaster mail I am oftenly receiving this kind of mail.
> What causes addresses to be unbalanced. What can I do to solve this.
> This is the message I get.
<snip>
> > ----- Transcript of session follows -----
> > 553 5.0.0 "mam" <user at mydomain dot net>>... Unbalanced '>'
> > 553 5.0.0 "mam" <user at mydomain dot net>>... Unbalanced '>'
> > 553 5.0.0 "mam" <user at mydomain dot net>>... Unbalanced '>'
From: "Simon Powell" <simon.powell at interesource dot com>
Subject: RE: The dot-lock and quota issue
Date: Wed, 19 Jul 2000 08:58:40 +0100
ANyone know how the hell I get off this list please??!!??!!??!!??!
-----Original Message-----
From: James Nelson [mailto:james at digit.bloomnet dot com]
Sent: 19 July 2000 01:55
To: Subscribers of Qpopper
Subject: Re: The dot-lock and quota issue
Not really the place to mention it, but huge exposure to the user
community so without further filler...........
VERY serious holes in Active X support have been found in all Windows
platforms and all MS mail clients, browsers, etc. (95, 98 NT, 2000 OS
browsers Including IE 4.0 and newer-- even IE 5.5, Outlook Express,
97, 98, 2000, and other MS office apps supporting scripting like
access)
If you want to know the details I'd suggest researching it.
----- Original Message -----
From: "Admin Mailing Lists" <mlist at intergrafix dot net>
To: "Dave" <scotty at wargames dot org>
Cc: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Tuesday, July 18, 2000 2:15 PM
Subject: Re: The dot-lock and quota issue
| personally, i put them in the same directory with the pop drops.
this
| doesn't affect locking because i dont use procmail for local
delivery..i
| use postfix for my MTA, not sendmail.
| So, in short, you can change your MTA and use postfix instead of
sendmail
| (assuming you're using that with procmail)
| It sounds like overkill, but postfix is better and easier in my
opinion
| http://www.postfix.org in case that's what you decide
|
| -Cygnus
|
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-
.
| Anthony J. Biacco Network
Administrator/Engineer
| thelittleprince at asteroid-b612 dot org Intergrafix Internet
Services
|
| "Dream as if you'll live forever, live as if you'll die today"
| http://www.asteroid-b612.org
http://www.intergrafix.net
|
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-
.
|
| On Mon, 17 Jul 2000, Dave wrote:
|
| > I've searched through the archive for an answer, and although this
| > question has came up at least a couple times, I couldn't find a
solution.
| > So I'm gonna give it a shot myself.
| >
| > After upgrading from QPopper 2.53 to 3.0.2, I've noticed a problem
with
| > quotas and the lock file. Note that I'm not talking about the .pop
file,
| > which can be solved by using --enable-temp-drop-dir. I'm talking
about the
| > actual mailbox lock file, username.lock.
| >
| > When a user who has been over quota tries to access their mail,
they are
| > denied because the dot-lock cannot be written to with the
following error:
| >
| > in.popperd[18056]: write to newly-created lock file
| > /usr/spool/mail/username.lock failed: Quota exceeded (122)
| > in.popperd[18056]: username at 192.168.1.1 (192.168.1.1):
| > -ERR [SYS/TEMP] maillock error 3: '/usr/spool/mail/username'
| >
| > My first thought was to have the lock moved to another place,
however it
| > was already noted on this list that this defeats the purpose of
the
| > locking.
| >
| > So, is there a workaround for this situation? How are other people
working
| > with over quota users? Ideally, I'd like them to still be able to
check
| > their mail and delete messages even if they are over quota.
| >
| > AFAIK, QPopper 2.53 didn't exhibit this behavior, and worked fine
as long
| > as your temp-drop-dir was a non-quota directory.
| >
| > I'm running QPopper 3.0.2 on Linux compiled with:
| >
| > --enable-servermode --enable-specialauth --enable-log-login
|
> --with-log-facility=LOG_LOCAL0 --enable-temp-drop-dir=/var/spool/pop
temp
| >
| > Thanks in advance for any help!
| > Dave
| >
| > --
| > (Semi-RFC Compliant Crappy Sig #13)
| > Dave | E-Mail | The
truth is out
| > scotty at wargames dot org | scotty-pgp at wargames dot org | there.
Drink
| > BOFH | for PGP Public Key | milk.
MOO.
| >
| > 18 92 8E 39 D5 CD 26 60 3B B1 A2 59 4C 3A 76 5F
| >
| >
|
Date: Wed, 19 Jul 2000 10:40:22 +0200
From: Jurgen Philippaerts <jph at pop.traumatized dot org>
Subject: radius and pop before smtp
hi,
currently we are using qpopper 2.53, which has been patched to do
radius authentication and pop before smtp.
the people who have patched this, have left the company some time ago.
so i was wondering, are these patched available, or has anyone done
this for the latest stable version of qpopper ?
since i'm planning to upgrade this machine soon.
if not, some commercial package will have to be accuired to fit our
needs.
any help would be greatly appreciated.
best regards,
Jurgen.
Date: Wed, 19 Jul 2000 18:59:27 +1000 (EST)
From: Ben Elliston <bje at redhat dot com>
Subject: Re: radius and pop before smtp
currently we are using qpopper 2.53, which has been patched to do
radius authentication and pop before smtp.
the people who have patched this, have left the company some time ago.
Do you have the source code? You could diff the source code against the
pristine 2.53 source to generate a patch set, which you could then maintain.
Ben
From: "Tedd Hansen" <tedd.hansen at fastweb dot no>
Subject: ipop3d -> qpopper
Date: Wed, 19 Jul 2000 16:32:33 +0200
I want to change from ipop3d (from the imap pack) to qpopper without making
all the users get all their mail all over again.
I discovered that it includes the "DON'T DELETE THIS MESSAGE -- FOLDER
INTERNAL DATA" mail that ipop3d generates, changes uniqe message ID (UIDL)
and reports different size on all mails (LIST) (About 54 bytes more).
How do can I make the swap without making the mail users download every mail
all over ?
(I've read the README/INSTALL/FAQ and tried to search - maybe I missed
something important somewhere?)
- Tedd
Date: Wed, 19 Jul 2000 11:08:14 -0400
From: Joseph S D Yao <jsdy at cospo.osis dot gov>
Subject: Re: The dot-lock and quota issue
On Wed, Jul 19, 2000 at 09:20:15AM +0300, Master wrote:
> Yeah, please research it.
>
> > Not really the place to mention it, but huge exposure to the user
> > community so without further filler...........
> >
> > VERY serious holes in Active X support have been found in all Windows
> > platforms and all MS mail clients, browsers, etc. (95, 98 NT, 2000 OS
> > browsers Including IE 4.0 and newer-- even IE 5.5, Outlook Express,
> > 97, 98, 2000, and other MS office apps supporting scripting like
> > access)
> >
> > If you want to know the details I'd suggest researching it.
Oh, please. It's not that hard. I suspect he's talking about:
CERT Advisory CA-2000-12 HHCtrl ActiveX Control Allows Local Files to be
Executed
Original release date: June 19, 2000
<URL: http://www.cert.org/advisories/CA-2000-12.html>
among a great many other Microsoft software vulnerabilities.
Anything that uses MS browser functions appears to be vulnerable - even
Eudora. People might be well-advised to use Netscape Messenger [in the
Communicator package] instead.
--
Joe Yao jsdy at cospo.osis dot gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Date: Wed, 19 Jul 2000 11:17:47 -0400
From: Joseph S D Yao <jsdy at cospo.osis dot gov>
Subject: Re: What makes addresses unbalanced
On Wed, Jul 19, 2000 at 09:18:52AM +0200, ganizani wrote:
> When I check to postmaster mail I am oftenly receiving this kind of mail.
> What causes addresses to be unbalanced. What can I do to solve this.
> This is the message I get.
One cause is unbalanced mail clients running on MS Windows. ;->
Another cause that I've seen is a relatively old version of 'sendmail'
running and receiving those huge "cc" lists that people seem to love to
create these days. With insufficient buffer space to hold the whole
virtual line, the older versions of 'sendmail' will just truncate them.
This would result in extra '<'s. But not extra '>'s.
Extra '>'s might be produced by MTA or MUA code that "knows better than
you do", and alters the header lines - a Bad Thing To Do Indeed, but
typical of MS MTAs.
--
Joe Yao jsdy at cospo.osis dot gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Date: Wed, 19 Jul 2000 11:25:40 -0400
From: Mark Wendt <mwendt at intertv dot com>
Subject: Re: The dot-lock and quota issue
At 11:08 AM 7/19/00 -0400, you wrote:
>Oh, please. It's not that hard. I suspect he's talking about:
>
>CERT Advisory CA-2000-12 HHCtrl ActiveX Control Allows Local Files to be
>Executed
>
> Original release date: June 19, 2000
> <URL: http://www.cert.org/advisories/CA-2000-12.html>
>
>among a great many other Microsoft software vulnerabilities.
If anyone is interested, here's the link at SANS:
http://www.sans.org/newlook/resources/win_flaw.htm
>Anything that uses MS browser functions appears to be vulnerable - even
>Eudora. People might be well-advised to use Netscape Messenger [in the
>Communicator package] instead.
It's only a problem if Eudora uses IE to display html content.
>--
>Joe Yao jsdy at cospo.osis dot gov - Joseph S. D. Yao
>COSPO/OSIS Computer Support EMT-B
Mark
Date: Wed, 19 Jul 2000 11:38:52 -0400
From: Joseph S D Yao <jsdy at cospo.osis dot gov>
Subject: Re: ipop3d -> qpopper
On Wed, Jul 19, 2000 at 04:32:33PM +0200, Tedd Hansen wrote:
> I want to change from ipop3d (from the imap pack) to qpopper without making
> all the users get all their mail all over again.
>
> I discovered that it includes the "DON'T DELETE THIS MESSAGE -- FOLDER
> INTERNAL DATA" mail that ipop3d generates, changes uniqe message ID (UIDL)
> and reports different size on all mails (LIST) (About 54 bytes more).
>
> How do can I make the swap without making the mail users download every mail
> all over ?
> (I've read the README/INSTALL/FAQ and tried to search - maybe I missed
> something important somewhere?)
>
> - Tedd
Yes you did - the "--enable-uw-kludge" flag to './configure'.
--
Joe Yao jsdy at cospo.osis dot gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Date: Wed, 19 Jul 2000 09:03:10 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: [Fwd: QPopper behavior with Content-Lenth header.]
At 6:54 PM +0100 7/17/00, Magnus Krafft wrote:
> Your local mailbox reader (a POP3 server for example) has to
> decide wich one to use. Avoiding the newer (and sometimes
> incorrect) Content-Length approach gives the most compatible reader
> since several Unices don't give you a Content-Length header.
Qpopper uses Content-Length on Solaris, but not for skipping ahead,
only for determining if a "From " line is indeed a message separator.
That way the local delivery agent doesn't have to munge "From " to
">From ".
--
---------------------- (randomly-selected tag) ---------------------
Every word is like an unnecessary stain on silence and nothingness.
--Beckett
Date: Wed, 19 Jul 2000 09:03:40 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: The dot-lock and quota issue
At 11:08 AM -0400 7/19/00, Joseph S D Yao wrote:
> Anything that uses MS browser functions appears to be vulnerable - even
> Eudora. People might be well-advised to use Netscape Messenger [in the
> Communicator package] instead.
Eudora has an option to use the MS viewer or not. There's lots of
good reasons to run with it off.
Date: Wed, 19 Jul 2000 09:03:31 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: The dot-lock and quota issue
At 7:24 PM -0400 7/17/00, Dave wrote:
> When a user who has been over quota tries to access their mail, they are
> denied because the dot-lock cannot be written
There's a patch that will be in the next 3.1 beta that should make
this easier.
--
---------------------- (randomly-selected tag) ---------------------
If the code and the comments disagree, then both are probably wrong.
--Norm Schryer