The qpopper list archive ending on 3 Oct 2001
Topics covered in this issue include:
1. Re: I lose email when our server crashes due to lack of
Randall Gellens <randy at qualcomm dot com>
Tue, 25 Sep 2001 17:30:17 -0700
3. POP3 and disk I/O
Muhammad SaDaT Anwar <sadi at super.net dot pk>
Wed, 26 Sep 2001 19:06:53 +0500
4. Re: POP3 and disk I/O
"Joel B. Laing" <joel at scripps dot edu>
Wed, 26 Sep 2001 10:34:38 -0700
5. Re: POP3 and disk I/O
Muhammad SaDaTAnwar <sadi at super.net dot pk>
Wed, 26 Sep 2001 23:40:12 +0500
6. Re: POP3 and disk I/O
Randall Gellens <randy at qualcomm dot com>
Wed, 26 Sep 2001 11:51:37 -0700
7. Re: POP3 and disk I/O
"Joel B. Laing" <joel at scripps dot edu>
Wed, 26 Sep 2001 12:24:33 -0700
8. Re: POP3 and disk I/O
Muhammad SaDaTAnwar <sadi at super.net dot pk>
Thu, 27 Sep 2001 01:27:43 +0500
8. 'Extended' server mode?
Jonathan Lang <lang at castlefur dot com>
Thu, 27 Sep 2001 00:43:03 -0700 (PDT)
9. ip-check
hypnose at t-online dot de (guenter wessling)
Wed, 26 Sep 2001 22:13:25 +0200
10. mailbox deleted in /var/spool/mail
Muhammad SaDaT Anwar <sadi at super.net dot pk>
Thu, 27 Sep 2001 15:53:43 +0500
11. tls/ssl clients
"Ishai Parasol" <ishai-qpop at mail dot com>
Thu, 27 Sep 2001 20:32:27 +0800
12. Re: tls/ssl clients
Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Thu, 27 Sep 2001 15:23:06 +0000
13. Re: tls/ssl clients
Daniel Senie <dts at senie dot com>
Thu, 27 Sep 2001 09:31:12 -0400
14. Re: ip-check
Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Thu, 27 Sep 2001 16:08:40 +0000
15. Re: tls/ssl clients
The Doctor <doctor at doctor.nl2k.ab dot ca>
Thu, 27 Sep 2001 08:25:09 -0600
16. Re: ip-check
Gustavo Viscaino <g_viscaino at yahoo dot com>
Thu, 27 Sep 2001 08:28:27 -0700 (PDT)
17. Installation woes
"Vosburgh, Brian P, CTR, WHS/BB" <bvosburgh at whs dot mil>
Thu, 27 Sep 2001 12:44:49 -0400
18. ssl setting support
"Ishai Parasol" <ishai-qpop at mail dot com>
Fri, 28 Sep 2001 01:01:27 +0800
19. ssl setting support
"Ishai parasol" <ishai-qpop at mail dot com>
Thu, 27 Sep 2001 18:50:00 +0200
20. Re: ip-check
Clifton Royston <cliftonr at lava dot net>
Thu, 27 Sep 2001 08:48:33 -1000
21. Re: ip-check
Gustavo Viscaino <g_viscaino at yahoo dot com>
Thu, 27 Sep 2001 13:00:42 -0700 (PDT)
22. Re: 'Extended' server mode?
Randall Gellens <randy at qualcomm dot com>
Thu, 27 Sep 2001 17:19:13 -0700
23. Re: Installation woes
Randall Gellens <randy at qualcomm dot com>
Thu, 27 Sep 2001 17:23:53 -0700
24. Incomplete Mails
"Andreas Micklich" <Andreas.Micklich at wus.bfav dot de>
Fri, 28 Sep 2001 10:17:09 +0200
25. ip-check again / sorry
hypnose at t-online dot de (guenter wessling)
Thu, 27 Sep 2001 22:07:20 +0200
26. something wrong with the list ?
hypnose at t-online dot de (guenter wessling)
Sat, 29 Sep 2001 11:27:07 +0200
27. Flushing Output errors
Forrest Aldrich <forrie at forrie dot com>
Fri, 28 Sep 2001 15:37:47 -0400
28. Re: something wrong with the list ?
"Ishai parasol" <ishai-qpop at mail dot com>
Sat, 29 Sep 2001 11:41:02 +0200
29. Re: Incomplete Mails
Peter Evans <peter at gol dot com>
Sat, 29 Sep 2001 19:30:56 +0900
30. Re: something wrong with the list ?
Listmaster <listmaster at lists.pensive dot org>
Sat, 29 Sep 2001 09:46:51 -0700
31. "Unable to get canonical name of client" message
"Rafael Gomez" <rgomez at c-com.net dot ve>
Mon, 1 Oct 2001 11:54:29 -0400
32. Re: "Unable to get canonical name of client" message
"Ishai parasol" <ishai-qpop at mail dot com>
Mon, 1 Oct 2001 18:25:18 +0200
33. Re: ip-check again / sorry
Randall Gellens <randy at qualcomm dot com>
Mon, 1 Oct 2001 09:37:30 -0700
34. Re: Flushing Output errors
Randall Gellens <randy at qualcomm dot com>
Mon, 1 Oct 2001 09:40:32 -0700
35. Re: Incomplete Mails
Randall Gellens <randy at qualcomm dot com>
Mon, 1 Oct 2001 09:34:37 -0700
36. Has anyone gotten qpopper TLS with Outlook?
"Leonard C." <leonard at ssl.berkeley dot edu>
Mon, 1 Oct 2001 23:17:47 -0700
37. qpopper & PAM
"Stavros Patiniotis" <sp at esc.net dot au>
Tue, 2 Oct 2001 17:15:07 +0930
38. Where can I learn something about DRAC (sorry, out of topic) ?
Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Tue, 2 Oct 2001 12:54:35 +0000
39. Re: Where can I learn something about DRAC (sorry, out of topic) ?
Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Tue, 2 Oct 2001 13:24:33 +0000
40. ssl & outlook 2000
"Attingo - Nicolas Ehrschwendner" <office at attingo dot com>
Tue, 2 Oct 2001 14:04:46 +0200
41. broken pipe errors and I/O errors
"Doryce E . Moore" <demoore at ccsalpha3.nrl.navy dot mil>
Tue, 2 Oct 2001 08:08:01 -0400
42. Cant POP
"Ayaz Anjum" <ayaz at omnix dot com>
Tue, 2 Oct 2001 17:33:01 -0000
43. Re: Cant POP
peter.allen at moon-light.co dot uk
Tue, 02 Oct 2001 16:08:34 +0100
44. I/O error
Fred Heynen <fred at virgoplus dot com>
Tue, 02 Oct 2001 18:42:13 +0200
45. Re: Cant POP
Butch Kemper <kemper at tstar dot net>
Tue, 02 Oct 2001 12:14:32 -0500
46. Re: Has anyone gotten qpopper TLS with Outlook?
Randall Gellens <randy at qualcomm dot com>
Tue, 2 Oct 2001 11:03:09 -0700
47. Re: Has anyone gotten qpopper TLS with Outlook?
Daniel Senie <dts at senie dot com>
Tue, 02 Oct 2001 15:50:27 -0400
48. Re: ssl setting support
Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Wed, 3 Oct 2001 15:26:05 +0000
49. Attn: xinetd users
"Kenneth Porter" <shiva at well dot com>
Wed, 03 Oct 2001 12:28:11 -0700
50. SYS/TEMP: Unable to open Bulletin database
"Justin Ainsworth" <jda at sunset dot net>
Wed, 3 Oct 2001 12:23:07 -0700
Date: Tue, 25 Sep 2001 17:30:17 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: I lose email when our server crashes due to lack of
At 5:20 PM -0700 9/25/01, Gregory Hicks wrote:
>Good call Randall... Were these in place for popper v3.0.2?
Yes, these have been there as long as I can recall. Years and years.
I'm concerned that you've lost mail, but from looking at the code I
don't see it happening per your theory. There may be something else
going on. I'd strongly suggest upgrading to Qpopper 4.0.3 anyway,
since it has fixed some bugs.
>
>Regards,
>Gregory Hicks
>
>> Date: Tue, 25 Sep 2001 15:32:36 -0700
>> To: "Dan Harkless" <qpopper at dilvish.speed dot net>, Subscribers of Qpopper
><qpopper at lists.pensive dot org>
>> From: Randall Gellens <randy at qualcomm dot com>
>> Subject: Re: I lose email when our server crashes due to lack of O_EXCL use
>>
>> At 8:31 PM -0700 9/24/01, Dan Harkless wrote:
>>
>> >It looks to me like what's happening is that my scripts do a POP3 connect
>> >(which I do more often than anyone else, explaining why only _I_ have
>> >noticed mail loss), my spool is emptied out of /var/mail/<user> into
>> >/var/mail/.<user>.pop, the machine crashes, and then after the machine's
>> >back up again, my spool is zero-length and the temp_drop is overwritten by
>> >the first check.
>> >
>> >I didn't pore through the code exhaustively, but I couldn't find any code
>> >that would prevent this. Shouldn't there be code that would check for the
>> >pre-existence of the temp_drop file and merge its messages back into the
>> >spool before doing anything else??
>>
>> There is such code, and has been for as long as I can recall. I've
>> hit it many times in testing.
>>
>> An popper/pop_dropcopy.c:1532, we revert to non-server mode if the
>> temp drop isn't empty:
>>
>> /*
>> * If the temporary popdrop is not empty, revert to regular mode.
>> */
>> if ( mybuf.st_size != 0 )
>> p->server_mode = 0;
>>
>>
>> Then at line 1604 we deal with any left-over mail in the temp drop:
>>
>> if ( mybuf.st_size != 0 ) { /* Mostly this is for regular mode. */
>> DEBUG_LOG2 ( p, "Temp drop %s not empty (%u octets)",
>> p->temp_drop, (unsigned) mybuf.st_size );
>> if ( init_dropinfo ( p, p->temp_drop, p->drop, time(0) ) !
>POP_SUCCESS ) {
>> /* Occurs on temp_drop corruption */
>> flock ( dfd, LOCK_UN );
>> close ( dfd );
>> return ( POP_FAILURE );
>> }
>>
>> At this point, the file pointer is at the end of the temp drop,
>> following any left-over mail. We then lock the spool, append mail
>> from it to the temp drop (after any left-over mail), zero the spool,
>> and work out of the temp drop.
>>
>>
>> >As I understand things, the only way to prevent any possibility of
>> >overwriting an existing temp_drop file would be to do it atomically, with
>> >O_EXCL specified along with O_CREAT on the open() call.
>>
>> I'm not sure why O_EXCL is needed. Qpopper always locks the temp
>> drop before doing anything, to make sure only one Qpopper process is
>> active for the user. It then checks if the file is non-empty, and
>> processes any left-over mail.
>>
>> --
>
>---------------------------------------------------------------------
>Gregory Hicks | Principal Systems Engineer
>Cadence Design Systems | Direct: 408.576.3609
>555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479
>San Jose, CA 95134 | Internet: ghicks at cadence dot com
>
>Tired of BSODs, My Computer, and Code Red?
>http://www.sun.com/solaris/binaries/
--
Date: Wed, 26 Sep 2001 19:06:53 +0500
From: Muhammad SaDaT Anwar <sadi at super.net dot pk>
Subject: POP3 and disk I/O
Dear All!
Greetings!!
Just a quick question:
What is the relation between number of users popping their e-mails and
the disk I/O?
Cheers!
Sadi
Date: Wed, 26 Sep 2001 10:34:38 -0700
From: "Joel B. Laing" <joel at scripps dot edu>
Subject: Re: POP3 and disk I/O
Muhammad SaDaT Anwar wrote:
>
> Dear All!
> Greetings!!
> Just a quick question:
> What is the relation between number of users popping their e-mails and
> the disk I/O?
>
> Cheers!
> Sadi
Disk performance is probably the most common bottleneck on a pop server.
Using fast drives and/or striping across multiple controllers, or using
fast hardware RAID are good ideas. You should run your favorite
monitoring tool (sar etc...) to check disk activity during heavy load.
If the disks are often at 100% busy, then you have I/O problems.
The type of filesystem also affects performance on large spool
directories. Especially if you're using UFS, or ext2, ( non-journaled
type filesystems ) you should consider hashing the spool directories
into multiple spools. These spools could be spread across multiple
disks/controllers. UFS takes a performance hit searching for files in
large directories.
Running server mode will greatly cut down on I/O. Check the INSTALL file
for details before you decide to use server mode. You should also
consider using a seperate drive/controller for the poptemp files. This
helps spread out I/O.
Lots of ram also helps.
-Joel
Date: Wed, 26 Sep 2001 23:40:12 +0500
From: Muhammad SaDaTAnwar <sadi at super.net dot pk>
Subject: Re: POP3 and disk I/O
This is a multi-part message in MIME format.
--------------6EACAF96265C4E76E2492CBB
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Thanks alot dear Joel B. Laing.
Is there any numerical relationship in finding out the disk I/O versus the
number of users accessing their e-mails, consider there is nothing else running
which might take disk resources?
Best Wishes
Sadi
"Joel B. Laing" wrote:
> Muhammad SaDaT Anwar wrote:
> >
> > Dear All!
> > Greetings!!
> > Just a quick question:
> > What is the relation between number of users popping their e-mails and
> > the disk I/O?
> >
> > Cheers!
> > Sadi
>
> Disk performance is probably the most common bottleneck on a pop server.
> Using fast drives and/or striping across multiple controllers, or using
> fast hardware RAID are good ideas. You should run your favorite
> monitoring tool (sar etc...) to check disk activity during heavy load.
> If the disks are often at 100% busy, then you have I/O problems.
>
> The type of filesystem also affects performance on large spool
> directories. Especially if you're using UFS, or ext2, ( non-journaled
> type filesystems ) you should consider hashing the spool directories
> into multiple spools. These spools could be spread across multiple
> disks/controllers. UFS takes a performance hit searching for files in
> large directories.
>
> Running server mode will greatly cut down on I/O. Check the INSTALL file
> for details before you decide to use server mode. You should also
> consider using a seperate drive/controller for the poptemp files. This
> helps spread out I/O.
>
> Lots of ram also helps.
>
> -Joel
--------------6EACAF96265C4E76E2492CBB
Content-Type: text/x-vcard; charset=us-ascii;
name="sadi.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Muhammad SaDaTAnwar
Content-Disposition: attachment;
filename="sadi.vcf"
begin:vcard
n:SaDaT;Muhammad Anwar
tel;fax:1-561-7600172
tel;home:92-21-4983197
tel;work:92-21-5879733
x-mozilla-html:FALSE
url:http://sadisuper.freehosting.net
org:Supernet PDS Limited;Internet Technologies
adr:;;E-14 Hassan Square Gulshan-e-Iqbal Block 13-A University Road.;Karachi;Sind;75300;Pakistan
version:2.1
email;internet:sadi at super.net dot pk
title:Systems Engineer Internet/Store & Forward Fax
note;quoted-printable:My Web site = http://sadisuper.freehosting.net ******=0D=0AAOLScreenName=sadisuper ****** =0D=0AYahooMessangerID=sadisuper
Date: Wed, 26 Sep 2001 11:51:37 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: POP3 and disk I/O
At 10:34 AM -0700 9/26/01, Joel B. Laing wrote:
>Running server mode will greatly cut down on I/O.
Especially in Qpopper 4.0.3, which caches the table of contents and
thus avoids reading the spool if no new mail arrived since the
previous mail check (bulletins are OK). It's *much* faster for users
who keep mail on the server.
> Check the INSTALL file
>for details before you decide to use server mode.
The INSTALL file has been replaced by the Guide.pdf file, which is
also available at <http://www.eudora.com/qpopper/documentation.html>
--
Date: Wed, 26 Sep 2001 12:24:33 -0700
From: "Joel B. Laing" <joel at scripps dot edu>
Subject: Re: POP3 and disk I/O
Muhammad SaDaTAnwar wrote:
>
> Thanks alot dear Joel B. Laing.
> Is there any numerical relationship in finding out the disk I/O versus the
> number of users accessing their e-mails, consider there is nothing else running
> which might take disk resources?
Not that I can think of. There are too many variables to consider. Do
people leave mail on the server? How large are the spool files? How
often do the users access mail?
To give you an idea, my system hosts about 2000 users. We get around
45,000 transactions daily. Average spool file size is around 3
megabytes.
/var/mail is striped and mirrored across 4 10,000 rpm drives and two
controllers (single ended ~40 mbs transfer). Poptemp is on a single
10,000 rpm drive. We do not use server mode as many users run pine.
Qpopper 3.1.2.
This setup hums along nicely.
-Joel
Date: Thu, 27 Sep 2001 01:27:43 +0500
From: Muhammad SaDaTAnwar <sadi at super.net dot pk>
Subject: Re: POP3 and disk I/O
--------------06616AEA5A71D11E2076F46B
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Thats really helpful.
Yes the users leave messages on server, some mailboxes are 20 MB of size. Any ways,
my server hosts 15,000 users, and transactions are what I'll detect next time i m in
my office.
/var/spool/mail and poptemp are on different HDDs both on the same controller.
Some poptemps as I saw happen to be around 20 MB, well thats sometimes and not
always, and on average it is 3 MB.
We being ISP, no user runs pine, they are all internet users, connecting through
access servers.
Your system configuration suggest I should take serious actions on my server to
optimize it. Using RAID and some better and more powerful machine. Currently it is
Compaq Proliant 1600 and 256 MB RAM.
Warm Regards
Sadi
"Joel B. Laing" wrote:
> Muhammad SaDaTAnwar wrote:
> >
> > Thanks alot dear Joel B. Laing.
> > Is there any numerical relationship in finding out the disk I/O versus the
> > number of users accessing their e-mails, consider there is nothing else running
> > which might take disk resources?
>
> Not that I can think of. There are too many variables to consider. Do
> people leave mail on the server? How large are the spool files? How
> often do the users access mail?
>
> To give you an idea, my system hosts about 2000 users. We get around
> 45,000 transactions daily. Average spool file size is around 3
> megabytes.
>
> /var/mail is striped and mirrored across 4 10,000 rpm drives and two
> controllers (single ended ~40 mbs transfer). Poptemp is on a single
> 10,000 rpm drive. We do not use server mode as many users run pine.
> Qpopper 3.1.2.
>
> This setup hums along nicely.
>
> -Joel
--------------06616AEA5A71D11E2076F46B
Content-Type: text/x-vcard; charset=us-ascii;
name="sadi.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Muhammad SaDaTAnwar
Content-Disposition: attachment;
filename="sadi.vcf"
begin:vcard
n:SaDaT;Muhammad Anwar
tel;fax:1-561-7600172
tel;home:92-21-4983197
tel;work:92-21-5879733
x-mozilla-html:FALSE
url:http://sadisuper.freehosting.net
org:Supernet PDS Limited;Internet Technologies
adr:;;E-14 Hassan Square Gulshan-e-Iqbal Block 13-A University Road.;Karachi;Sind;75300;Pakistan
version:2.1
email;internet:sadi at super.net dot pk
title:Systems Engineer Internet/Store & Forward Fax
note;quoted-printable:My Web site = http://sadisuper.freehosting.net ******=0D=0AAOLScreenName=sadisuper ****** =0D=0AYahooMessangerID=sadisuper
Date: Thu, 27 Sep 2001 00:43:03 -0700 (PDT)
From: Jonathan Lang <lang at castlefur dot com>
Subject: 'Extended' server mode?
I've found that server mode, while nice, is quite lacking - my users, for
various reasons, tend to like to leave their email on the server for x days
- resulting in a couple messages being regularly deleted - but a large mail
spool. Startup is vastly improved, but shutdown can be quite slow.
Additionally, when the user receives mail, on the next POP access, qpopper
adds the X-UIDL header (if update-status-headers is disabled, and
server-mode is enabled, will qpopper keep track of the UIDLs in the cache
file, or will it need to regenerate them every time? The docs indicate this
will trigger it to re-read everything it needs to regenerate the header -
back to our original problem)
I came up with an idea to work around this, and was wondering if anyone
has coded a patch to do this:
Completely seperate out any changes qpopper would make - instead of the
current (minimal) caching qpopper does, cache the X-UIDL, Message-ID, and
status of the message (along with the info needed to locate and verify
messages, of course)
On startup, qpopper does some quick tests to verify that the spool has
only been appended to, and if so, reads in any additions, generates the
X-UIDL and Status header information, but upon exit, instead of modifying
the spool - it records this data to the cache file. Only qpopper will see
this, but ... that should be okay.
Additionally, instead of deleting a message right away - this allows us to
mark a message as deleted, and then set a threshold (number of deleted
messages or size of deleted messages) and the actual purge will not be
accomplished until that threshold is reached.
Benefit is that qpopper will ONLY need to scan new messages on startup
(ala current server mode) and on exit, will ONLY need to make a change *if*
a message is deleted (and, if enabled, the threshold is met) In all other
cases, qpopper will only update the cache file.
This means startup and shutdown would both be very first for almost all
connections - not just the (rare) case where *no* new mail has arrived *and*
no old mail was deleted. Atleast in my experience - the only current
benefit for server mode is startup time.
*IF* qpopper finds on startup that something has mucked with the spool
file - if dumps all but the status, x-uidl and message-id data from the
cache file, and scans the mailspool. Then, when scanning the spool, it uses
the message-id field to cross-reference existing entries in the cache - thus
enabling it to keep track of status/x-uidl, even if the spool has been
mucked with. It'd be 'safe' to use this *and* a standard mail client,
although you would lose some/much of the benefit.
Anyways, original question - does anyone know of such a patch currently
available? This is well within my skills to code up, but not within my
availability. I figure, with this done right, the average user wouldn't be
able to tell the difference between this, and a true database for the
backend - while retaining full mbox compatability.
I rambled. ;-)
Date: Wed, 26 Sep 2001 22:13:25 +0200
From: hypnose at t-online dot de (guenter wessling)
Subject: ip-check
Hi, all.
Quite some time ago, the list discussed the idea of popper checking the
IP-Adress of the user asking for mail.
Of course, this only would work with fixed IP.
Has there been any evolution on this topic since ?
(Sorry, if I missed something.)
guenter
guenter wessling (hypnose at t-online dot de)
Date: Thu, 27 Sep 2001 15:53:43 +0500
From: Muhammad SaDaT Anwar <sadi at super.net dot pk>
Subject: mailbox deleted in /var/spool/mail
Dear All,
Greetings!
I need to know if there is anything wrong with my server when there are
16,000 users in passwd and out of which 6,000 user's mailbox is deleted
on its own? Am I doing something wrong? The users for this deleted
mailboxes are valid and entries are present in passwd and shadow files.
Remember :
We have our own MIS system which gives the customer services' personnel
an option to delete all the mails in the users' folder "/dev/null/" is
done through that CGI.
Kind Regards
Sadi
From: "Ishai Parasol" <ishai-qpop at mail dot com>
Date: Thu, 27 Sep 2001 20:32:27 +0800
Subject: tls/ssl clients
Hi
I would like to know if Outlook Express clients support the tls/ssl encryption option of qpopper_4.0.3 ?
TIA,
Ishai.
--
_______________________________________________
Have you downloaded the latest calling software from Net2Phone? Click here to get it now!
http://www.net2phone.com/cgi-bin/adforward.cgi?p_key=NH211JK&url=http://commcenter.net2phone.com/
From: Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Date: Thu, 27 Sep 2001 15:23:06 +0000
Subject: Re: tls/ssl clients
> Hi
>
> I would like to know if Outlook Express clients support the tls/ssl
> encryption option of qpopper_4.0.3 ?
>
> TIA,
> Ishai.
It's no option of qpopper_4.0.3 it's a standard (RFC 2246).
Microsoft Outlook 2000 support this standard.
Outlook Express ..., I don't know.
If you got it - it's very easy to find out ...
- oliver
Date: Thu, 27 Sep 2001 09:31:12 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: tls/ssl clients
At 11:23 AM 9/27/01, Oliver Egginger wrote:
> > Hi
> >
> > I would like to know if Outlook Express clients support the tls/ssl
> > encryption option of qpopper_4.0.3 ?
> >
> > TIA,
> > Ishai.
>
>It's no option of qpopper_4.0.3 it's a standard (RFC 2246).
>Microsoft Outlook 2000 support this standard.
>Outlook Express ..., I don't know.
>If you got it - it's very easy to find out ...
Outlook Express does support TLS
-----------------------------------------------------------------
Daniel Senie dts at senie dot com
Amaranth Networks Inc. http://www.amaranth.com
From: Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Date: Thu, 27 Sep 2001 16:08:40 +0000
Subject: Re: ip-check
Nachricht vom Mittwoch 26 September 2001 20:13:
> Hi, all.
> Quite some time ago, the list discussed the idea of popper checking the
> IP-Adress of the user asking for mail.
> Of course, this only would work with fixed IP.
>
> Has there been any evolution on this topic since ?
> (Sorry, if I missed something.)
>
> guenter
> guenter wessling (hypnose at t-online dot de)
Whats the problem in using the tcp-wrapper ?
- oliver
Date: Thu, 27 Sep 2001 08:25:09 -0600
From: The Doctor <doctor at doctor.nl2k.ab dot ca>
Subject: Re: tls/ssl clients
On Thu, Sep 27, 2001 at 08:32:27PM +0800, Ishai Parasol wrote:
> Hi
>
> I would like to know if Outlook Express clients support the tls/ssl encryption option of qpopper_4.0.3 ?
>
> TIA,
> Ishai.
> --
>
> _______________________________________________
>
> Have you downloaded the latest calling software from Net2Phone? Click here to get it now!
>
>
>
> http://www.net2phone.com/cgi-bin/adforward.cgi?p_key=NH211JK&url=http://commcenter.net2phone.com/
>
>
>
>
Yes, just get your users to go to Tools->Accounts->Mail->Select Account->Advanced
And that should do it.
Date: Thu, 27 Sep 2001 08:28:27 -0700 (PDT)
From: Gustavo Viscaino <g_viscaino at yahoo dot com>
Subject: Re: ip-check
I think he means tying the username to a specific IP
addresses. Tcp wrappers wouldn't help much in here I
guess.
Gustavo Viscaino
--- Oliver Egginger
<Oliver.Egginger at dvz.fh-giessen dot de> wrote:
> Nachricht vom Mittwoch 26 September 2001 20:13:
> > Hi, all.
> > Quite some time ago, the list discussed the idea
> of popper checking the
> > IP-Adress of the user asking for mail.
> > Of course, this only would work with fixed IP.
> >
> > Has there been any evolution on this topic since ?
> > (Sorry, if I missed something.)
> >
> > guenter
> > guenter wessling (hypnose at t-online dot de)
>
>
> Whats the problem in using the tcp-wrapper ?
>
>
> - oliver
__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com
From: "Vosburgh, Brian P, CTR, WHS/BB" <bvosburgh at whs dot mil>
Subject: Installation woes
Date: Thu, 27 Sep 2001 12:44:49 -0400
I've got the service running, netstat -an | grep 110 shows that the box is
listening, I can telnet to port 110 but I can't get qpopper to authenticate
passwords. I've been running ipop3 with no problems. I ran ./configure
with the pam option but no dice... Any ideas?
Brian Vosburgh
WHS Network Engineering
614-3547 or 614-4888
Cell: 703-867-2317
"Efficiency is intelligent laziness"
- David Dunham
From: "Ishai Parasol" <ishai-qpop at mail dot com>
Date: Fri, 28 Sep 2001 01:01:27 +0800
Subject: ssl setting support
Hi
I have installed QP4.0.3 with ssl enabled and I'm trying to make the keys,
following the instructions in the user manual. My problem is that I don't
understand what to do next after creating the cert.pem file. what I did was:
openssl req -new -nodes -out -req.pem -keyout /etc/mail/certs/cert.pem
But here the manual tells me to send the certificate signing request
(req.pem) to my certificate authority signing and I should get back a signed
request.
Can someone please explain me what excatly should I do here, where to send
what ?
Thanks a lot,
Ishai.
--
_______________________________________________
Have you downloaded the latest calling software from Net2Phone? Click here to get it now!
http://www.net2phone.com/cgi-bin/adforward.cgi?p_key=NH211JK&url=http://commcenter.net2phone.com/
From: "Ishai parasol" <ishai-qpop at mail dot com>
Subject: ssl setting support
Date: Thu, 27 Sep 2001 18:50:00 +0200
Hi
I have installed QP4.0.3 with ssl enabled and I'm trying to make the keys,
following the instructions in the user manual. My problem is that I don't
understand what to do next after creating the cert.pem file. what I did was:
openssl req -new -nodes -out -req.pem - keyout /etc/mail/certs/cert.pem
But here the manual tells me to send the certificate signing request
(req.pem) to my certificate authority signing and I should get back a signed
request.
Can someone please explain me what excatly should I do here, where to send
what ?
Thanks a lot,
Ishai.
Date: Thu, 27 Sep 2001 08:48:33 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: ip-check
On Wed, Sep 26, 2001 at 10:13:25PM +0200, guenter wessling wrote:
> Hi, all.
> Quite some time ago, the list discussed the idea of popper checking the
> IP-Adress of the user asking for mail.
> Of course, this only would work with fixed IP.
I think the general reaction was that this would render the POP
protocol much less useful. Most people do not necessarily always read
their email from the identical machine.
> Has there been any evolution on this topic since ?
I don't think anyone was interested enough to implement it.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Thu, 27 Sep 2001 13:00:42 -0700 (PDT)
From: Gustavo Viscaino <g_viscaino at yahoo dot com>
Subject: Re: ip-check
To be honest, I think it would be a nice option, as
some of my users already showed interest in it (and
it's easy to think of situations where it would be
useful). Of course, not as a "default" feature. Only
as an option. Qpopper 4 is a huge step towards this
goal since you can configure pretty much everything at
run-time (and many options can be applied to some
users only, so the overall model wouldn't have to be
changed).
But it's not really a priority for me, though. :)
Gustavo Viscaino
--- Clifton Royston <cliftonr at lava dot net> wrote:
> On Wed, Sep 26, 2001 at 10:13:25PM +0200, guenter
> wessling wrote:
> > Hi, all.
> > Quite some time ago, the list discussed the idea
> of popper checking the
> > IP-Adress of the user asking for mail.
> > Of course, this only would work with fixed IP.
>
> I think the general reaction was that this would
> render the POP
> protocol much less useful. Most people do not
> necessarily always read
> their email from the identical machine.
>
>
> > Has there been any evolution on this topic since ?
>
> I don't think anyone was interested enough to
> implement it.
>
> -- Clifton
>
> --
> Clifton Royston -- LavaNet Systems Architect --
> cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG"
> - Eddie Aikau
__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com
Date: Thu, 27 Sep 2001 17:19:13 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 'Extended' server mode?
At 12:43 AM -0700 9/27/01, Jonathan Lang wrote:
> I've found that server mode, while nice, is quite lacking - my users, for
>various reasons, tend to like to leave their email on the server for x days
>- resulting in a couple messages being regularly deleted - but a large mail
>spool. Startup is vastly improved, but shutdown can be quite slow.
>Additionally, when the user receives mail, on the next POP access, qpopper
>adds the X-UIDL header (if update-status-headers is disabled, and
>server-mode is enabled, will qpopper keep track of the UIDLs in the cache
>file, or will it need to regenerate them every time? The docs indicate this
>will trigger it to re-read everything it needs to regenerate the header -
>back to our original problem)
The UID is cached, along with status, index, and some other stuff.
>
> I came up with an idea to work around this, and was wondering if anyone
>has coded a patch to do this:
>
> Completely seperate out any changes qpopper would make - instead of the
>current (minimal) caching qpopper does, cache the X-UIDL, Message-ID, and
>status of the message (along with the info needed to locate and verify
>messages, of course)
>
> On startup, qpopper does some quick tests to verify that the spool has
>only been appended to, and if so, reads in any additions, generates the
>X-UIDL and Status header information, but upon exit, instead of modifying
>the spool - it records this data to the cache file. Only qpopper will see
>this, but ... that should be okay.
>
> Additionally, instead of deleting a message right away - this allows us to
>mark a message as deleted, and then set a threshold (number of deleted
>messages or size of deleted messages) and the actual purge will not be
>accomplished until that threshold is reached.
>
> Benefit is that qpopper will ONLY need to scan new messages on startup
>(ala current server mode) and on exit, will ONLY need to make a change *if*
>a message is deleted (and, if enabled, the threshold is met) In all other
>cases, qpopper will only update the cache file.
>
> This means startup and shutdown would both be very first for almost all
>connections - not just the (rare) case where *no* new mail has arrived *and*
>no old mail was deleted. Atleast in my experience - the only current
>benefit for server mode is startup time.
>
> *IF* qpopper finds on startup that something has mucked with the spool
>file - if dumps all but the status, x-uidl and message-id data from the
>cache file, and scans the mailspool. Then, when scanning the spool, it uses
>the message-id field to cross-reference existing entries in the cache - thus
>enabling it to keep track of status/x-uidl, even if the spool has been
>mucked with. It'd be 'safe' to use this *and* a standard mail client,
>although you would lose some/much of the benefit.
>
> Anyways, original question - does anyone know of such a patch currently
>available? This is well within my skills to code up, but not within my
>availability. I figure, with this done right, the average user wouldn't be
>able to tell the difference between this, and a true database for the
>backend - while retaining full mbox compatability.
There's a lot more that could be done, and yours is a good
suggestion. The issue in implementing ideas such as this (and even
the caching that was done for 4.0) is taking the time to be sure
everything is done in a fail-safe way. Losing or corrupting data is
the worst offense, in my book.
--
Date: Thu, 27 Sep 2001 17:23:53 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Installation woes
At 12:44 PM -0400 9/27/01, Brian P, CTR, WHS/BB Vosburgh wrote:
>I've got the service running, netstat -an | grep 110 shows that the box is
>listening, I can telnet to port 110 but I can't get qpopper to authenticate
>passwords. I've been running ipop3 with no problems. I ran ./configure
>with the pam option but no dice... Any ideas?
>
>Brian Vosburgh
>WHS Network Engineering
>614-3547 or 614-4888
>Cell: 703-867-2317
>
>"Efficiency is intelligent laziness"
>- David Dunham
Try turning on tracing:
--
To enable tracing in Qpopper:
1. Do a 'make clean'
2. Re-run ./configure, adding '--enable-debugging'.
3. Edit the inetd.conf line for Qpopper, adding '-d' or '-t tracefile'.
4. Send inetd a HUP signal.
This causes detailed tracing to be written to the syslog (if you used
'-d') or to the file specified as 'tracefile'.
From: "Andreas Micklich" <Andreas.Micklich at wus.bfav dot de>
Subject: Incomplete Mails
Date: Fri, 28 Sep 2001 10:17:09 +0200
Hi all,
I'm using qpopper 4.0 with sendmail 8.8.8 under TrueUnix64 4.0F and I have
problems with large mails ( > 1 MB).
The problem is follows:
Sendmail is delivering such a large mail in the mailbox of the user
(/var/spool/mail). Before sendmail is finishing,
qpopper begins to read out the mailbox, so that the user gets only the first
part of the mail.
After qpopper ends with the deleting of that mail, sendmail writes the rest
of the mail in the mailbox.
Now the mailbox contains text without a mail header and after the user wants
download mail again,
qpopper ends with the error "No From Lines"
(-ERR [SYS/PERM] Unable to process From lines (envelopes), change
recognition modes or check for corrupted mail drop.)
What can I do? Qpopper runs in the server mode and I thought, than I do not
have such a problem. But it is not so.
Can anyone help me?
Best regards
Andreas Micklich
Federal Research Centre for
Virus Diseases of Animals
Institute of Epidemiology
Seestrasse 55
D-16869 Wusterhausen
Tel: + 49 33979/80-180
Fax: + 49 33979/80-200
E-Mail: Andreas.Micklich at wus.bfav dot de
WWW: http://www.bfav.de
Date: Thu, 27 Sep 2001 22:07:20 +0200
From: hypnose at t-online dot de (guenter wessling)
Subject: ip-check again / sorry
Hi again.
Gustavo was right:
>I think he means tying the username to a specific IP
>addresses. Tcp wrappers wouldn't help much in here I
>guess.
Something like: "is userx at my dot domain logged in with the correct IP-address ?"
Clifton:
>Most people do not necessarily always read
>their email from the identical machine.
That would not be necessary, cause the IP of the mashine is not of interest.
Just the IP the user is restricted to while connected.
Anyways I have to admit that my question was rather for them people from
sendmail department....
My problem was and is that "userx" can login and send mail as "usery".
No verification.
Mail-sending does not require a password.
Sorry, folks.
Thanks for the fast replies -
to Steve: I will test DRAC. Sounds good.
guenter
guenter wessling (hypnose at t-online dot de)
Date: Sat, 29 Sep 2001 11:27:07 +0200
From: hypnose at t-online dot de (guenter wessling)
Subject: something wrong with the list ?
Hi.
This is a question of list management:
Since dy before yesterday, I receive all popper-list-messages twice,
and my own was delayed with
>The original message was received at Fri, 28 Sep 2001 05:57:05 -0700 (PDT)
>from mailout03.sul.t-online.com [194.25.134.81]
>
> ----- The following addresses had transient non-fatal errors -----
><qpopper at lists.pensive dot org>
>
Delay was due to my provider, but the "doubling" also ?
Anyone else has this problem ?
Additionally I received some strange "propaganda messages" lately (out of
topic from the list, of course). The messages came to me through qpopper-list.
As nobody uttered comments: did you not receive the spam ?
Whom do I have to contact then ?
Thanks
guenter
guenter wessling (hypnose at t-online dot de)
Date: Fri, 28 Sep 2001 15:37:47 -0400
From: Forrest Aldrich <forrie at forrie dot com>
Subject: Flushing Output errors
We're seeing a LOT of these types of errors lately:
Sep 28 14:50:18 machine popper[39052]: I/O error flushing output to client
someuser at nas-3-198.boston.domain.net [216.67.3.198]: Operation not
permitted (1)
enough to believe there is some problem going on. I know for a fact that
this isn't isolated to just an Outlook (Lookout!) client, some are using
Eudora.
What could be causing this? The machine is on a 100mbit link, but our
office accesses it via a T1 (which isn't that congested).
_F
From: "Ishai parasol" <ishai-qpop at mail dot com>
Subject: Re: something wrong with the list ?
Date: Sat, 29 Sep 2001 11:41:02 +0200
Hi
I get the messages twice too (not all of them). And I got some anti-semitic
mail from the list - which is probably the spam message that you mentioned.
Ishai.
----- Original Message -----
From: "guenter wessling" <hypnose at t-online dot de>
To: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Saturday, September 29, 2001 11:27 AM
Subject: something wrong with the list ?
> Hi.
> This is a question of list management:
>
> Since dy before yesterday, I receive all popper-list-messages twice,
> and my own was delayed with
>
> >The original message was received at Fri, 28 Sep 2001 05:57:05 -0700
(PDT)
> >from mailout03.sul.t-online.com [194.25.134.81]
> >
> > ----- The following addresses had transient non-fatal errors -----
> ><qpopper at lists.pensive dot org>
> >
>
> Delay was due to my provider, but the "doubling" also ?
> Anyone else has this problem ?
>
> Additionally I received some strange "propaganda messages" lately (out of
> topic from the list, of course). The messages came to me through
qpopper-list.
> As nobody uttered comments: did you not receive the spam ?
>
> Whom do I have to contact then ?
>
> Thanks
>
> guenter
> guenter wessling (hypnose at t-online dot de)
>
Date: Sat, 29 Sep 2001 19:30:56 +0900
From: Peter Evans <peter at gol dot com>
Subject: Re: Incomplete Mails
Andreas Micklich (Andreas.Micklich at wus.bfav dot de) wrote:
> I'm using qpopper 4.0 with sendmail 8.8.8 under TrueUnix64 4.0F and I have
> problems with large mails ( > 1 MB).
That sendmail is an antique, upgrade it soon.
> The problem is follows:
> Sendmail is delivering such a large mail in the mailbox of the user
> (/var/spool/mail). Before sendmail is finishing,
> qpopper begins to read out the mailbox, so that the user gets only the first
> part of the mail.
This is a failure of locking, qpopper is supposed to be able to see
that sendmail has the lock.
1 - fix that
2 - upgrade sendmail and limit the size of incoming mails.
> After qpopper ends with the deleting of that mail, sendmail writes the rest
> of the mail in the mailbox.
> Now the mailbox contains text without a mail header and after the user wants
> download mail again,
> qpopper ends with the error "No From Lines"
> (-ERR [SYS/PERM] Unable to process From lines (envelopes), change
> recognition modes or check for corrupted mail drop.)
definitely locking. time to RTFM.
> What can I do? Qpopper runs in the server mode and I thought, than I do not
> have such a problem. But it is not so.
SERVERMODE
NOSTATUS
NOUPDATEONABORT
are the ones we use, max message size of 5mb and about 30klusers.
--
New Snibbo! Combined Breakfast Cereal and Washing-Up Liquid!
Date: Sat, 29 Sep 2001 09:46:51 -0700
From: Listmaster <listmaster at lists.pensive dot org>
Subject: Re: something wrong with the list ?
At 11:27 AM +0200 9/29/01, guenter wessling wrote:
> Hi.
> This is a question of list management:
>
> Since dy before yesterday, I receive all popper-list-messages twice,
> and my own was delayed with
>
>>The original message was received at Fri, 28 Sep 2001 05:57:05 -0700 (PDT)
>>from mailout03.sul.t-online.com [194.25.134.81]
>>
>> ----- The following addresses had transient non-fatal errors -----
>><qpopper at lists.pensive dot org>
>>
>
> Delay was due to my provider, but the "doubling" also ?
> Anyone else has this problem ?
>
> Additionally I received some strange "propaganda messages" lately (out of
> topic from the list, of course). The messages came to me through
> qpopper-list.
> As nobody uttered comments: did you not receive the spam ?
>
> Whom do I have to contact then ?
>
> Thanks
>
> guenter
> guenter wessling (hypnose at t-online dot de)
I'm really sorry that the spam was sent through the list. It was
sent by someone who took the time to subscribe and answer the
mail-back, which is the front-line protection against spam (there are
also some filters). Of course the account that sent it was
immediately unsubscribed.
Pensive.org's mail server experienced hardware problems yesterday,
which accounted for the delay warning you got, and may explain
duplicates (if there were only a few).
From: "Rafael Gomez" <rgomez at c-com.net dot ve>
Subject: "Unable to get canonical name of client" message
Date: Mon, 1 Oct 2001 11:54:29 -0400
I¥m trying to take the meesage "Unable to get canonical name of client" off.
I have been looking in the qpopper documentation
unsuccessfuly.
CFan any of you help me pout with this?
Thanks
Rafael GÛmez
rgomez at c-com.net dot ve
From: "Ishai parasol" <ishai-qpop at mail dot com>
Subject: Re: "Unable to get canonical name of client" message
Date: Mon, 1 Oct 2001 18:25:18 +0200
Hi
You should add -R to your command line options in the standalone situation
or in the /etc/inetd.conf. It's important to add it as the first option (if
you use more than one).
Example (from the inetd.conf file): pop-3 stream tcp nowait root
/usr/local/sbin/popper qpopper -R -D -l1 -s -f /etc/mail/pop/qpopper.config
It should do the work.
Good Luck,
Ishai.
----- Original Message -----
From: "Rafael Gomez" <rgomez at c-com.net dot ve>
To: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Monday, October 01, 2001 5:54 PM
Subject: "Unable to get canonical name of client" message
> I¥m trying to take the meesage "Unable to get canonical name of client"
off.
> I have been looking in the qpopper documentation
> unsuccessfuly.
>
> CFan any of you help me pout with this?
>
> Thanks
>
> Rafael GÛmez
> rgomez at c-com.net dot ve
>
>
>
>
Date: Mon, 1 Oct 2001 09:37:30 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: ip-check again / sorry
At 10:07 PM +0200 9/27/01, guenter wessling wrote:
> Mail-sending does not require a password.
I believe you can require this in current versions of sendmail.
From what you said it occurs to me that you may want to have sendmail
operate on both SMTP and Submit ports; require that SMTP be for
inbound local mail only; require that All Submission port
transactions be authenticated; all users have mail client which
supports SMTP AUTH and be configured to use Submission port.
Date: Mon, 1 Oct 2001 09:40:32 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Flushing Output errors
At 3:37 PM -0400 9/28/01, Forrest Aldrich wrote:
> We're seeing a LOT of these types of errors lately:
>
> Sep 28 14:50:18 machine popper[39052]: I/O error flushing output to
> client someuser at nas-3-198.boston.domain.net [216.67.3.198]:
> Operation not permitted (1)
>
> enough to believe there is some problem going on. I know for a
> fact that this isn't isolated to just an Outlook (Lookout!) client,
> some are using Eudora.
>
> What could be causing this? The machine is on a 100mbit link, but
> our office accesses it via a T1 (which isn't that congested).
>
>
> _F
You can try playing with the chunky-writes setting and see if that
helps. If not, I'd suggest Qpopper tracing or packet sniffing.
Date: Mon, 1 Oct 2001 09:34:37 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Incomplete Mails
At 10:17 AM +0200 9/28/01, Andreas Micklich wrote:
> What can I do? Qpopper runs in the server mode and I thought, than I do not
> have such a problem. But it is not so.
This is a locking issue; it has nothing to do with server mode. I'd
suggest upgrading sendmail and making sure that the delivery agent is
using dot-locking and/or flock().
From: "Leonard C." <leonard at ssl.berkeley dot edu>
Subject: Has anyone gotten qpopper TLS with Outlook?
Date: Mon, 1 Oct 2001 23:17:47 -0700
I'm trying to get qpopper's TLS set up so that clients can check their mail
over a SSL tunnel. Unfortunately, only Eudora clients currently work at this
time. When Outlook's enable SSL box is checked, Outlook reports the server
suddenly reset the TCP connection and qpopper reports:
Sep 27 12:28:00.751 2001 [6091] Set tls-support to STLS (2)
Sep 27 12:28:00.751 2001
Sep 27 12:28:00.754 2001 [6091] Set tls-server-cert-file to
"/usr/local/etc/qpopper/certs/cert.pem"
Sep 27 12:28:00.754 2001
Sep 27 12:28:00.821 2001 [6091] (null) at xxx (xx.xx.xx.xx): -ERR POP EOF or
I/O Error
Sep 27 12:28:00.821 2001
Sep 27 12:28:00.822 2001 [6091] I/O error flushing output to client at xxx
[xx.xx.xx.xx]: Operation not permitted (1)
Sep 27 12:28:00.822 2001
Sep 27 12:28:00.822 2001 [6091] I/O error flushing output to client at
xxx[xx.xx.xx.xx]: Operation not permitted (1)
Sep 27 12:28:00.822 2001
Does anybody have any idea what's going on? I know others have used stunnel
before, but I'd like to minimize the amount of new software on this box.
Also, it puzzles me that Eudora clients connect fine, but Outlook seems to
be having some major problems...
Has anybody been able to get this particular setup to work?
Thanks,
Leonard
From: "Stavros Patiniotis" <sp at esc.net dot au>
Subject: qpopper & PAM
Date: Tue, 2 Oct 2001 17:15:07 +0930
Hello,
I cannot get the PAM authentication to work, running the latest
qpopper and FreeBSD.
Before I start posting details to the list, can someone point me to
any references online about this?
Thanks.
From: Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Date: Tue, 2 Oct 2001 12:54:35 +0000
Subject: Where can I learn something about DRAC (sorry, out of topic) ?
Hello,
Sorry for posting this, but I searched via SearchEngine -
found nothing usefull.
in the moment I am implement a "POP-Authentification before SMTP"-functionality
on our SMTP/Pop-Server.
I am playing around with login logs and I belief I could handle it this way.
But I read somthing about DRAC in the qpopper usermanual ...
Where can I found good Information on it ?
Where can I get such a DRAC-library ?
It's DRAC better than the tricky log-messages implementation,
decribed at
http://www.spam.cl.cam.ac.uk/spam/tools/smPbS.html
?
- Oliver
From: Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Date: Tue, 2 Oct 2001 13:24:33 +0000
Subject: Re: Where can I learn something about DRAC (sorry, out of topic) ?
3 seconds after posting this, I found what I'am
searching for ...
;-)
http://mail.cc.umanitoba.ca/drac/
regards
Oliver
From: "Attingo - Nicolas Ehrschwendner" <office at attingo dot com>
Subject: ssl & outlook 2000
Date: Tue, 2 Oct 2001 14:04:46 +0200
hi,
i am using Qpopper version 4.0.3 (standalone),
openssl OpenSSL 0.9.6a 5 Apr 2001
configure options:
./configure --with-openssl=/usr/bin/openssl --enable-specialauth --enable-lo
g-login
--prefix=/usr --enable-standalone --enable-debugging
running with: popper ....:995 -f /etc/mail/pop/qpopper.config
qpopper.config:
set tls-support = alternate-port
set clear-text-password = ssl
set server-mode
set debug
set tls-server-cert-file = /etc/mail/certs/cert.pem
using stunnel -c -r ....:995 is working fine
using outlook 2000 with ssl enabled results in:
Oct 2 14:01:27 attingo popper[25920]: Set debug to true [pop_config.c:1167]
Oct 2 14:01:27 attingo popper[25920]: ...read line 5 (51): set
tls-server-cert-file = /etc/mail/certs/cert.pem [pop_config.c:1315]
Oct 2 14:01:27 attingo popper[25920]: Set tls-server-cert-file to
"/etc/mail/certs/cert.pem" [pop_config.c:1211]
Oct 2 14:01:27 attingo popper[25920]: Finished processing config file
'/etc/mail/pop/qpopper.config'; rslt=1 [pop_config.c:1463]
Oct 2 14:01:27 attingo popper[25920]: (v4.0.3) Servicing request from "..."
at ... [pop_init.c:1153]
Oct 2 14:01:27 attingo popper[25920]: before TLS; tls_support==1
[popper.c:172]
Oct 2 14:01:27 attingo popper[25920]: ...Initializing OpenSSL library
[pop_tls_openssl.c:224]
Oct 2 14:01:27 attingo popper[25920]: ...have /dev/urandom; skipping PRNG
seeding [pop_tls_openssl.c:282]
Oct 2 14:01:27 attingo popper[25920]: ...setting method to
SSLv23_server_method [pop_tls_openssl.c:306]
Oct 2 14:01:27 attingo popper[25920]: ...allocating OpenSSL context
[pop_tls_openssl.c:336]
Oct 2 14:01:27 attingo popper[25920]: ...setting certificate file
/etc/mail/certs/cert.pem [pop_tls_openssl.c:347]
Oct 2 14:01:27 attingo popper[25920]: ...private key file not set; assuming
private key is in cert (/etc/mail/certs/cert.pem) [pop_tls_openssl.c:364]
Oct 2 14:01:27 attingo popper[25920]: ...setting private key file
/etc/mail/certs/cert.pem [pop_tls_openssl.c:368]
Oct 2 14:01:27 attingo popper[25920]: ...verifying private key against
certificate [pop_tls_openssl.c:381]
Oct 2 14:01:27 attingo popper[25920]: ...(tls_cipher_list not specified)
[pop_tls_openssl.c:408]
Oct 2 14:01:27 attingo popper[25920]: ...allocating OpenSSL connection
[pop_tls_openssl.c:419]
Oct 2 14:01:27 attingo popper[25920]: ...setting input (0) and output (0)
file descriptors [pop_tls_openssl.c:430]
Oct 2 14:01:27 attingo popper[25920]: ...successfully completed OpenSSL
initialization [pop_tls_openssl.c:449]
Oct 2 14:01:27 attingo popper[25920]: TLS Init [popper.c:193]
Oct 2 14:01:27 attingo popper[25920]: Attempting OpenSSL handshake
[pop_tls_openssl.c:498]
Oct 2 14:01:27 attingo popper[25920]: tls accept returned 0
[pop_tls_openssl.c:501]
Oct 2 14:01:27 attingo popper[25920]: SSL_get_error says SSL_ERROR_SYSCALL
(5) [pop_tls_openssl.c:508]
Oct 2 14:01:27 attingo popper[25920]: TLS handshake Error
[pop_tls_openssl.c:541]
Oct 2 14:01:27 attingo popper[25920]: TLS/SSL Handshake failed: -1
[popper.c:204]
can someone help me ?!
thank you,
nicolas
+ - - - - - - - - - - - - -
+ attingo(r)
+ electronic data processing
+ nicolas ehrschwendner
+ email: office at attingo dot com
+ www: http://www.system.at/
+ pgp 0x43163E36, fingerprint
+ DE8E DC65 BF1D 76A5 3E2D
+ 7DE6 629D 4D9A 4316 3E36
+ - - - - - - - - - - - - - - - - -
Date: Tue, 2 Oct 2001 08:08:01 -0400
From: "Doryce E . Moore" <demoore at ccsalpha3.nrl.navy dot mil>
Subject: broken pipe errors and I/O errors
I am running Qpopper4.03 with Kerberos. Suddenly when people try to
retrieve mail I am getting a lot of I/O errors such as:
I/O error flushing output to client [IP address] Broken pipe (32)
-ERR POP EOF or I/O Error
-ERR [SYS/TEMP] maillock error 'Max tries exceeded' (4) on
'/var/spool/mail/username
This is the configure file used to build Qpopper:
/usr/local/qpopper4.0.3/configure --enable-servermode
--enable-bulletins=/var/spool/bulls --enable-specialauth
--enable-temp-drop-dir=/var/spool/poptemp --enable-keep-temp-drop
--with-kerberos5=/usr/krb5 --enable-any-kerberos-principal
--enable-kuserok
I am getting similar errors with version 3.1 which runs on a
different port than the kerberized popper.
This is also causing pop lock busy messages.
--
Doryce E. Moore, Center for Computational Science
System Support Group
doryce.moore at nrl.navy dot mil
(202) 767-5853 (office/voice mail)
(202) 404-7402 (fax)
From: "Ayaz Anjum" <ayaz at omnix dot com>
Subject: Cant POP
Date: Tue, 2 Oct 2001 17:33:01 -0000
Hi
I am using qpopper 4.0.3 with Sendmail 8.9.3 running on Solaris 8. some
of the clients Popping mail from Out Side the Contry Are not Able to POP
Mails with Windows giving error Messages Unexpected Error. There are
some ISPs from where clietns are unable to POP there mails
Its very urgent so solve the problem, looking for your reply
Ayaz
Date: Tue, 02 Oct 2001 16:08:34 +0100
From: peter.allen at moon-light.co dot uk
Subject: Re: Cant POP
Could you pls give us more information as to exactly why they can't pop and
what the error message are ? Also are there any restrictions on either
your tcp wrappers (/etc/hosts.allow and /etc/hosts.deny) or a firewall that
may be responsible ?
Broadly speaking where in the world your IP number is should not have a
bearing.
Peter
At 17:33 02/10/01 +0000, Ayaz Anjum wrote:
>Hi
>I am using qpopper 4.0.3 with Sendmail 8.9.3 running on Solaris 8. some of
>the clients Popping mail from Out Side the Contry Are not Able to POP
>Mails with Windows giving error Messages Unexpected Error. There are some
>ISPs from where clietns are unable to POP there mails
>
>Its very urgent so solve the problem, looking for your reply
>
>Ayaz
Date: Tue, 02 Oct 2001 18:42:13 +0200
From: Fred Heynen <fred at virgoplus dot com>
Subject: I/O error
Can you help me, I have the following error :
I/O error flushing output to client LOGIN at IP_ADRESS: Operation not
permitted (1)
Thanks
Fred
Date: Tue, 02 Oct 2001 12:14:32 -0500
From: Butch Kemper <kemper at tstar dot net>
Subject: Re: Cant POP
Check the tcpwrapper and qpopper log files to see if any error messages are
present.
Most likely there is a DNS problem at your customer's end and the error
messages will fully explain what is happening. I see this all the time where
Butch
At 12:33 PM 10/2/01, you wrote:
>Hi
>I am using qpopper 4.0.3 with Sendmail 8.9.3 running on Solaris 8. some of
>the clients Popping mail from Out Side the Contry Are not Able to POP
>Mails with Windows giving error Messages Unexpected Error. There are some
>ISPs from where clietns are unable to POP there mails
>
>Its very urgent so solve the problem, looking for your reply
>
>Ayaz
TSTAR Internet, Inc | Making the Net Work
Marble Falls, TX | Serving Blanco, Burnet,
830-693-6967 | Llano, and Mason Counties
Date: Tue, 2 Oct 2001 11:03:09 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Has anyone gotten qpopper TLS with Outlook?
At 11:17 PM -0700 10/1/01, Leonard C. wrote:
>
> I'm trying to get qpopper's TLS set up so that clients can check their mail
> over a SSL tunnel. Unfortunately, only Eudora clients currently work at this
> time. When Outlook's enable SSL box is checked, Outlook reports the server
> suddenly reset the TCP connection and qpopper reports:
>
> Sep 27 12:28:00.751 2001 [6091] Set tls-support to STLS (2)
> Sep 27 12:28:00.751 2001
> Sep 27 12:28:00.754 2001 [6091] Set tls-server-cert-file to
> "/usr/local/etc/qpopper/certs/cert.pem"
> Sep 27 12:28:00.754 2001
> Sep 27 12:28:00.821 2001 [6091] (null) at xxx (xx.xx.xx.xx): -ERR POP EOF or
> I/O Error
My guess is that Outlook (or at least your version of it) doesn't
support STLS. That's unfortunate, but you can get around it. You'll
need to have two instances of Qpopper, one on the normal POP3 port
which supports STLS (as you've already done), and one of the SPOP3
port that supports alternate-port SSL. The Administrative Guide
tells how to do this with three configuration files (to avoid
duplicating the common stuff).
Date: Tue, 02 Oct 2001 15:50:27 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: Has anyone gotten qpopper TLS with Outlook?
At 02:03 PM 10/2/01, Randall Gellens wrote:
>At 11:17 PM -0700 10/1/01, Leonard C. wrote:
>
>>
>> I'm trying to get qpopper's TLS set up so that clients can check their mail
>> over a SSL tunnel. Unfortunately, only Eudora clients currently work at
>> this
>> time. When Outlook's enable SSL box is checked, Outlook reports the server
>> suddenly reset the TCP connection and qpopper reports:
>>
>> Sep 27 12:28:00.751 2001 [6091] Set tls-support to STLS (2)
>> Sep 27 12:28:00.751 2001
>> Sep 27 12:28:00.754 2001 [6091] Set tls-server-cert-file to
>> "/usr/local/etc/qpopper/certs/cert.pem"
>> Sep 27 12:28:00.754 2001
>> Sep 27 12:28:00.821 2001 [6091] (null) at xxx (xx.xx.xx.xx): -ERR POP
>> EOF or
>> I/O Error
>
>My guess is that Outlook (or at least your version of it) doesn't support
>STLS.
From my testing, I can confirm that Outlook does a terrible job of
implementing STLS. For POP, they seem not to do it at all, and for SMTP,
they only understand STLS if you've got the SMTP Port set to 25. If you try
to set to 587 (Submission), they fail to handle STLS. Wierd...
> That's unfortunate, but you can get around it. You'll need to have two
> instances of Qpopper, one on the normal POP3 port which supports STLS (as
> you've already done), and one of the SPOP3 port that supports
> alternate-port SSL. The Administrative Guide tells how to do this with
> three configuration files (to avoid duplicating the common stuff).
This is how I've set up my world... two entries for popper in inetd.conf
(or equivalent), and two config files. Works fine. I haven't found a good
solution for Sendmail/Outlook TLS interaction, other than using stunnel to
light another unused port.
-----------------------------------------------------------------
Daniel Senie dts at senie dot com
Amaranth Networks Inc. http://www.amaranth.com
From: Oliver Egginger <Oliver.Egginger at dvz.fh-giessen dot de>
Date: Wed, 3 Oct 2001 15:26:05 +0000
Subject: Re: ssl setting support
> Can someone please explain me what excatly should I do here, where to send
> what ?
Forget it ...
You are mainly interested in encrypting, I suppose.
Create a self signed Certificate.
Command:
openssl req -x509 -newkey rsa:1024 -keyout file1 -out file2 -days 9999 -nodes
- oliver
From: "Kenneth Porter" <shiva at well dot com>
Date: Wed, 03 Oct 2001 12:28:11 -0700
Subject: Attn: xinetd users
FYI:
Just got this security advisory from Red Hat on the xinetd daemon:
http://www.redhat.com/support/errata/RHSA-2001-109.html
If you use xinetd under any platform, you should upgrade to the new
version to avoid the issues described in the advisory.
Ken
mailto:shiva at well dot com
http://www.sewingwitch.com/ken/
[If answering a mailing list posting, please don't cc me your reply. I'll take my answer on the list.]
From: "Justin Ainsworth" <jda at sunset dot net>
Subject: SYS/TEMP: Unable to open Bulletin database
Date: Wed, 3 Oct 2001 12:23:07 -0700
Oct 3 11:11:47 diamond /usr/local/sbin/popper[30335]: jda at
209.142.14.11 (209.142.14.11): -ERR [SYS/TEMP] Unable to open Bulletin
database; contact your administrator
Occasionally I get this error. It appears to be happening randomly,
and for no apparent reason.
I am running Qpopper 4.0.3, compiled with the following options:
./configure
--silent
--enable-bulletins=/etc/bulletins
--enable-bulldb=/etc/bulletins
--enable-temp-drop-dir=/tmp/mspool
--enable-cache-dir=/tmp/mcache
--enable-spool-dir=/var/spool/mail
--with-pam=qpopper
--enable-trim-domain
--enable-downcase-user
--disable-reverse-lookup
--enable-timeout 0
--enable-statistics
--enable-fast-update
--enable-standalone
--enable-servermode
--disable-old-uidl
--enable-optimizations
--disable-debugging
--disable-low-debug
--enable-log-facility=LOG_LOCAL0
Any help you can give would be very appreciated.
.~.
/v\
-- // \\
JA /( )\
^`~`^
L I N U X
[-----------------------------------------------------------]
Justin Ainsworth Systems Administrator &
PHONE: (530) 879-5660x108 Technical Support Supervisor
FAX: (530) 879-5676 Sunset Net LLC
WEB: http://www.sunset.net 1915 Mangrove Ave
EMAIL: jda at sunset dot net Chico, CA 95926
[-----------------------------------------------------------]
Last updated on 3 Oct 2001 by Pensive Mailing List Admin