The qpopper list archive ending on 18 Feb 2002
Topics covered in this issue include:
1. Re: Time out when receiving mail
Joerg Hartmann <j.hartmann at des.mediadesign dot de>
Tue, 12 Feb 2002 11:11:26 +0100
2. Re: Time out when receiving mail
Alan Brown <alanb at digistar dot com>
Tue, 12 Feb 2002 05:41:04 -0500 (EST)
3. Re: Time out when receiving mail
Wayne Heming <wheming at hemnet.com dot au>
Tue, 12 Feb 2002 21:27:39 +1100
4. Re: Time out when receiving mail
Joerg Hartmann <j.hartmann at des.mediadesign dot de>
Tue, 12 Feb 2002 12:08:37 +0100
5. Re: Time out when receiving mail
Peter Evans <peter at gol dot com>
Tue, 12 Feb 2002 20:42:23 +0900
6. Re: Time out when receiving mail
Wayne Heming <wheming at hemnet.com dot au>
Tue, 12 Feb 2002 22:25:31 +1100
7. Re: Time out when receiving mail
Alan Brown <alanb at digistar dot com>
Tue, 12 Feb 2002 06:43:07 -0500 (EST)
8. Re: APOP doesn't get the login name
Daniel Senie <dts at senie dot com>
Tue, 12 Feb 2002 09:11:53 -0500
9. Re: Time out when receiving mail
Randall Gellens <randy at qualcomm dot com>
Tue, 12 Feb 2002 12:43:20 -0800
10. Re: Backup, Compression?
Clifton Royston <cliftonr at lava dot net>
Tue, 12 Feb 2002 15:24:44 -1000
11. Re: Backup, Compression?
Alan Brown <alanb at digistar dot com>
Tue, 12 Feb 2002 20:29:25 -0500 (EST)
12. Re: quota exceeded (122)
Clifton Royston <cliftonr at lava dot net>
Tue, 12 Feb 2002 15:35:28 -1000
13. Re: Time out when receiving mail
Wayne Heming <wheming at hemnet.com dot au>
Wed, 13 Feb 2002 12:40:45 +1100
14. Re: qpopper 4.03 corruption?
Clifton Royston <cliftonr at lava dot net>
Tue, 12 Feb 2002 15:41:17 -1000
15. Re: Time out when receiving mail
Clifton Royston <cliftonr at lava dot net>
Tue, 12 Feb 2002 15:46:12 -1000
16. Re: APOP doesn't get the login name
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Tue, 12 Feb 2002 21:23:18 -0800
17. Re: APOP doesn't get the login name
Ted Cabeen <ted at impulse dot net>
Tue, 12 Feb 2002 22:33:15 -0800
18. Prevent brute force attacks to qpopper 4.0.3 ?
rk at johanns-datentechnik dot de
13 Feb 2002 07:06:56 UT
19. Re: Time out when receiving mail
Kenneth Porter <shiva at well dot com>
13 Feb 2002 00:04:08 -0800
20. Re: APOP doesn't get the login name
Kenneth Porter <shiva at well dot com>
13 Feb 2002 00:06:59 -0800
21. Re: Time out when receiving mail
Alan Brown <alanb at digistar dot com>
Wed, 13 Feb 2002 04:03:06 -0500 (EST)
22. Re: APOP doesn't get the login name
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Wed, 13 Feb 2002 09:26:50 -0800
23. Re: Time out when receiving mail
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Wed, 13 Feb 2002 09:33:54 -0800
24. Re: APOP doesn't get the login name
Ken Hornstein <kenh at cmf.nrl.navy dot mil>
Wed, 13 Feb 2002 12:44:49 -0500
25. Re: Time out when receiving mail
Alan Brown <alanb at digistar dot com>
Wed, 13 Feb 2002 12:55:27 -0500 (EST)
26. Re: APOP doesn't get the login name
Ted Cabeen <ted at impulse dot net>
Wed, 13 Feb 2002 09:50:38 -0800
27. Re: Time out when receiving mail
Randall Gellens <randy at qualcomm dot com>
Wed, 13 Feb 2002 12:37:59 -0800
28. Re: Time out when receiving mail
Steve Perrault <sperraul at mnsi dot net>
Wed, 13 Feb 2002 17:01:22 -0500
29. Re: Time out when receiving mail
Clifton Royston <cliftonr at lava dot net>
Wed, 13 Feb 2002 12:11:35 -1000
30. Re: Time out when receiving mail
Kenneth Porter <shiva at well dot com>
13 Feb 2002 20:25:49 -0800
31. Quota policies?
Tim Tyler <tyler at beloit dot edu>
Thu, 14 Feb 2002 14:32:05 -0600
32. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Thu, 14 Feb 2002 17:13:10 -0500 (EST)
33. Re: Quota policies?
Clifton Royston <cliftonr at lava dot net>
Thu, 14 Feb 2002 13:03:46 -1000
34. Re: Prevent brute force attacks to qpopper 4.0.3 ?
Clifton Royston <cliftonr at lava dot net>
Thu, 14 Feb 2002 13:47:34 -1000
35. Re: Quota policies?
Tim Tyler <tyler at beloit dot edu>
Fri, 15 Feb 2002 10:19:06 -0600
36. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Fri, 15 Feb 2002 12:33:16 -0500 (EST)
37. configure on Solaris8?
"Neal Davis" <ndavis at accucareinc dot com>
Fri, 15 Feb 2002 10:29:53 -0800
38. Re: configure on Solaris8?
Ted Cabeen <ted at impulse dot net>
Fri, 15 Feb 2002 10:46:32 -0800
39. Re: Quota policies?
Clifton Royston <cliftonr at lava dot net>
Fri, 15 Feb 2002 09:09:50 -1000
40. Re: Quota policies?
Clifton Royston <cliftonr at lava dot net>
Fri, 15 Feb 2002 09:15:50 -1000
41. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Fri, 15 Feb 2002 14:54:54 -0500 (EST)
42. Re: Quota policies?
Tim Tyler <tyler at beloit dot edu>
Fri, 15 Feb 2002 14:14:44 -0600 (CST)
43. Re: Quota policies?
Clifton Royston <cliftonr at lava dot net>
Fri, 15 Feb 2002 10:47:49 -1000
44. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Fri, 15 Feb 2002 15:49:52 -0500 (EST)
45. Re: Quota policies?
Clifton Royston <cliftonr at lava dot net>
Fri, 15 Feb 2002 10:54:56 -1000
46. Re: Quota policies?
Clifton Royston <cliftonr at lava dot net>
Fri, 15 Feb 2002 10:51:16 -1000
47. Re: Quota policies?
Alan Brown <alanb at digistar dot com>
Fri, 15 Feb 2002 17:39:33 -0500 (EST)
48. RE: configure on Solaris8?
"Neal Davis" <ndavis at accucareinc dot com>
Fri, 15 Feb 2002 14:36:24 -0800
49. Re: configure on Solaris8?
Tracy Pham <tracy at cradle dot com>
Fri, 15 Feb 2002 16:04:14 -0800
50. Re: Quota policies?
Tim Tyler <tyler at beloit dot edu>
Mon, 18 Feb 2002 11:26:43 -0600
From: Joerg Hartmann <j.hartmann at des.mediadesign dot de>
Subject: Re: Time out when receiving mail
Date: Tue, 12 Feb 2002 11:11:26 +0100
On Tuesday, 12. February 2002 10:37, you wrote:
> On Mon, 11 Feb 2002, Randall Gellens wrote:
> > >I can copy the mail file to another user and the problem still
> > > exists.
> >
> > Is everyone using the same email client? What happens if a user
> > experiencing the problem tries to fetch mail with a different client?
>
> Erm....
>
> If you go in on the local spool, does the client have a large message?
>
> Does the client have a short timeout (60 second default is only big
> enough for 100kB or so under most dialup circumstances) ?
>
> etc.
>
> Stop being so eager to blame qpopper, this sounds like a MUA problem.
I have exact this problem from time to time.
But i have no dialup-user, only LAN connections (100Mbit)
Mostly it starts with a big mail around 4 or 5 MByte. As i can reproduce
this problem by copying the problem mailbox to other users an get the
same error from different machines, i think it is a problem of qpopper to.
The clients are mostly outlook [97/98/200].
The only solution i found is to delete the "problem"-mail from the users
mailbox. If this occurs it does not help to set the timeout of the
clients to greater values.
regards
Jörg
--
Joerg Hartmann
mediadesign akademie Phone: +49 340 253 20 23
j.hartmann at des.mediadesign dot de Fax: +49 340 253 20 10
Date: Tue, 12 Feb 2002 05:41:04 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Time out when receiving mail
On Tue, 12 Feb 2002, Joerg Hartmann wrote:
> > Stop being so eager to blame qpopper, this sounds like a MUA problem.
>
> I have exact this problem from time to time.
> But i have no dialup-user, only LAN connections (100Mbit)
> Mostly it starts with a big mail around 4 or 5 MByte.
How long does it take to get the error and what MUA are you using?
Do you know what xfer rate you're actually getting from the server
(hint: it's often way less than what you may think, 50kB/s isn't
uncommon over a busy LAN)
Date: Tue, 12 Feb 2002 21:27:39 +1100
From: Wayne Heming <wheming at hemnet.com dot au>
Subject: Re: Time out when receiving mail
I will try changing the 60 sec. default on Outlook. to the same as Eudora 5
mins.
I thought this was the time for the server to copy the mail file to the
temp drop box and respond to the client. Maybe 60 secs was a little short,
but he file was only 5Mb in size. If it was 50Mb I could understand.
I am not blaming qpopper, I am a big fan of qpopper and haven't had any
problems at all with it. This is just one of those intermittent pain in the
A type problems that I can't put my finger on what is wrong and thought
someone may have seen it before.
Hey it may even be a sendmail problem, I think its definitely a mailbox
corruption type problem.
Wayne
At 04:37 AM 12-02-02 -0500, Alan Brown wrote:
>On Mon, 11 Feb 2002, Randall Gellens wrote:
>
> > >I can copy the mail file to another user and the problem still exists.
> >
> > Is everyone using the same email client? What happens if a user
> > experiencing the problem tries to fetch mail with a different client?
>
>Erm....
>
>If you go in on the local spool, does the client have a large message?
>
>Does the client have a short timeout (60 second default is only big
>enough for 100kB or so under most dialup circumstances) ?
>
>etc.
>
>Stop being so eager to blame qpopper, this sounds like a MUA problem.
>
>AB
From: Joerg Hartmann <j.hartmann at des.mediadesign dot de>
Subject: Re: Time out when receiving mail
Date: Tue, 12 Feb 2002 12:08:37 +0100
On Tuesday, 12. February 2002 11:41, you wrote:
> On Tue, 12 Feb 2002, Joerg Hartmann wrote:
> > I have exact this problem from time to time.
> > But i have no dialup-user, only LAN connections (100Mbit)
> > Mostly it starts with a big mail around 4 or 5 MByte.
>
> How long does it take to get the error and what MUA are you using?
IIRC some 10 .. 20 sec.
The MUA is mostly Outlook [97/98/2000]
> Do you know what xfer rate you're actually getting from the server
> (hint: it's often way less than what you may think, 50kB/s isn't
> uncommon over a busy LAN)
No, dont know the transfer rate. However the mailers (Linux) are not
under havy traffic, as i have only 30 .. 50 user/server.
As i wrote before, i can reproduce the problem by copying the
problem-mailbox to different users, so this mail is requestet from
different machines (even on different network segments).
As the problem wanders with the mailbox i dont think its only a M$
problem. I get this error from time to time on my mailservers (7) around
germany. It startet with qpopper 3.x. Now i am using qpopper 4.x
Even with qpopper in debug mode i could not find the reason why this
occurs sometimes. Most of the time there are I/O Errors when such things
happen to a specific client.
regards
Jörg
--
Joerg Hartmann
mediadesign akademie Phone: +49 340 253 20 23
j.hartmann at des.mediadesign dot de Fax: +49 340 253 20 10
Date: Tue, 12 Feb 2002 20:42:23 +0900
From: Peter Evans <peter at gol dot com>
Subject: Re: Time out when receiving mail
Wayne Heming (wheming at hemnet.com dot au) wrote:
> I will try changing the 60 sec. default on Outlook. to the same as Eudora 5
> mins.
Use SERVERMODE or whatever it is called today. Stops things being copied.
but I think your problems may well be elsewhere.
> Hey it may even be a sendmail problem, I think its definitely a mailbox
> corruption type problem.
corruption is caused by locks not locking what they should.
so you need to check that both MTA and qpopper speak the same language.
P
--
END OF LINE.
Date: Tue, 12 Feb 2002 22:25:31 +1100
From: Wayne Heming <wheming at hemnet.com dot au>
Subject: Re: Time out when receiving mail
I will try changing the 60 sec. default on Outlook. to the same as Eudora 5
mins.
I thought this was the time for the server to copy the mail file to the
temp drop box and respond to the client. Maybe 60 secs was a little short,
but he file was only 5Mb in size. If it was 50Mb I could understand.
I am not blaming qpopper, I am a big fan of qpopper and haven't had any
problems at all with it. This is just one of those intermittent pain in the
A type problems that I can't put my finger on what is wrong and thought
someone may have seen it before.
Hey it may even be a sendmail problem, I think its definitely a mailbox
corruption type problem.
Wayne
At 04:37 AM 12-02-02 -0500, Alan Brown wrote:
>On Mon, 11 Feb 2002, Randall Gellens wrote:
>
> > >I can copy the mail file to another user and the problem still exists.
> >
> > Is everyone using the same email client? What happens if a user
> > experiencing the problem tries to fetch mail with a different client?
>
>Erm....
>
>If you go in on the local spool, does the client have a large message?
>
>Does the client have a short timeout (60 second default is only big
>enough for 100kB or so under most dialup circumstances) ?
>
>etc.
>
>Stop being so eager to blame qpopper, this sounds like a MUA problem.
>
>AB
Date: Tue, 12 Feb 2002 06:43:07 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Time out when receiving mail
On Tue, 12 Feb 2002, Wayne Heming wrote:
> Hey it may even be a sendmail problem, I think its definitely a mailbox
> corruption type problem.
It's unlikely to be sendmail. Even on a corrupted box, procmail appends
things just fine - my experience as an ISP in the early days of qpopper
really badly screwing up if people with eudora 2.* disconnecting
speaking.
AB
Date: Tue, 12 Feb 2002 09:11:53 -0500
From: Daniel Senie <dts at senie dot com>
Subject: Re: APOP doesn't get the login name
At 03:10 AM 2/12/02, Kenneth Porter wrote:
>On Mon, 2002-02-11 at 23:26, Keith Smith wrote:
>
> > traffic. I tried using outlook and outlook express as clients and
> > still the same issue.
>
>Those two clients don't do APOP.
Which is why so few people bother implementing it, most likely. Most
clients do implement TLS now. The TLS handshake happens before
username/password exchange. With it, not only are passwords hidden from
prying eyes, all user data is hidden. It is possible to configure qpopper
to only allow users to log in if they are using TLS.
Dan
-----------------------------------------------------------------
Daniel Senie dts at senie dot com
Amaranth Networks Inc. http://www.amaranth.com
Date: Tue, 12 Feb 2002 12:43:20 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Time out when receiving mail
At 12:08 PM +0100 2/12/02, Joerg Hartmann wrote:
>Even with qpopper in debug mode i could not find the reason why this
>occurs sometimes. Most of the time there are I/O Errors when such things
>happen to a specific client.
Debug mode normally doesn't log the message body (you can get it to
do if you need it), only the headers and the end-of-body. Usually
this is enough. What are the last things Qpopper sends to the
client, what does it write to the log, before the error? What sort
of I/O error is it?
--
Date: Tue, 12 Feb 2002 15:24:44 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Backup, Compression?
On Mon, Jan 28, 2002 at 03:01:42PM -0500, Patrick Boucher wrote:
> Greetings,
>
> In order to make backup of the mail of my users, i ask them to "leave
> msgs on server" when they get their email so, if their computer get
> corrupted they can get their email back.
Not a good idea - that means you will have to hold every mail they
have ever received in your users' main mailboxes.
> But it seems that the email are in clear-text form.
Yes, because they're in a standard mailbox format.
> Is there a way to
> compress the msgs ?
No, because then they won't be in a standard mailbox format.
> Because it is taking alot of space!!
Yes it will. I think you'll probably need to find some alternative
way to back up your users' mail.
If you want to stick with this approach, at the very least you'll
need to add some scripts to run periodically and delete any user emails
older than such-and-such date.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Tue, 12 Feb 2002 20:29:25 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Backup, Compression?
On Tue, 12 Feb 2002, Clifton Royston wrote:
> > Is there a way to
> > compress the msgs ?
>
> No, because then they won't be in a standard mailbox format.
There are compressing FSes, but they have their own foibles.
AB
Date: Tue, 12 Feb 2002 15:35:28 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: quota exceeded (122)
On Wed, Jan 30, 2002 at 09:21:18AM -0600, Dan Yost wrote:
> Hello everyone,
>
> Please forgive me if this question has already been answered, and feel free
> to point me to the appropriate place for that answer--I've searched the
> newsgroups, the web, Qualcomm's site, and just about everywhere else, but
> all I can find is the same *question* with no acceptable *answer*...so here
> it goes.
>
> I'm running Red Hat 7.0 and Qpopper 3.1. I have disk quotas turned on for
> my POP users. Yesterday, I noticed that one user was getting an error
> message in the maillog:
>
> ---snip---
> mypopuser at mydomain.com (x.x.x.x): -ERR [SYS/TEMP] Unable to copy mail
> spool file, quota exceeded (122)
>
>
> This definitely caught my attention because I just finished writing a whole
> utility to send warnings when quota soft limits are breached, and I should
> receive a copy of the warnings. I checked, and sure enough, the soft limit
> was *almost* reached but not yet. After searching the Net, it seems clear
> that this has to do with Qpopper doing a chown while copying the mail spool
> file, and I've learned that soft limit grace periods are [somehow!]
> ignored. Hence, the operation fails immediately instead of initiating a
> grace period. This is definitely unacceptable.
Good guess, but not right. Remember, quota enforcement is happening
"down" in the filesystem kernel level, where qpopper has no insight or
control over what is happening.
The problem is most likely that your hard limit is less than 2x the
soft limit, so when qpopper needs to recopy the file to update it (note
it actually says "copy mail spool file" in the message) there is not
enough space to do so before it runs into the hard limit.
The only solutions I've
> seen put forth are to turn off quotas or put the spool temp files in a
> partition that is not under quota restrictions. This is not entirely
> unreasonable, but it is not possible right now in my setup.
You can fiddle with the quota limits on your mail partition such that
the hard limit is set slightly more than 2x the soft limit, and that
will *sort of* work. I say "sort of", because the user can still end
up running their mailbox up over the soft limit (due to that grace
period) and again end up unable to pop their mail.
The only really good way is to put the temp drop files on a separate
partition with no quotas or with an independent quota from the
mailspool partition. I did that last year as part of our long-delayed
mail quota implementation and it has been working fine.
HTH,
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Wed, 13 Feb 2002 12:40:45 +1100
From: Wayne Heming <wheming at hemnet.com dot au>
Subject: Re: Time out when receiving mail
In my first email
my configure parameters are
configure --enable-popbulldir=/usr/local/popper/bulletin --enable-log-login
--enable-spool-dir=/usr/mail --enable-temp-drop-dir=/home/mail
--enable-keep-temp-drop --enable-servermode
--enable-bulletins=/usr/local/popper/bulletin --enable-timing
I am using servermode.
Here is an error session from yesterday before I removed the mail file
Feb 12 17:45:32.623 2002 [65418] (v4.0.3) POP login by user "lancol" at
(ppp-119.depot.com.au) 202.129.79.119
Feb 12 18:08:46.448 2002
Feb 12 18:08:49.501 2002 [65418] I/O error flushing output to client lancol
at ppp-119.depot.com.au [202.129.79.119]: Operation not permitted (1)
Feb 12 18:08:49.501 2002
Feb 12 18:08:49.501 2002 [65418] lancol at ppp-119.depot.com.au
(202.129.79.119): -ERR SIGHUP or SIGPIPE flagged
Feb 12 18:08:49.501 2002
Feb 12 18:08:49.502 2002 [65418] I/O error flushing output to client lancol
at ppp-119.depot.com.au [202.129.79.119]: Operation not permitted (1)
Feb 12 18:08:49.502 2002
Feb 12 18:08:49.502 2002 [65418] lancol at ppp-119.depot.com.au
(202.129.79.119): -ERR POP hangup from scotty.hemnet.com.au
Feb 12 18:08:49.502 2002
Feb 12 18:08:49.502 2002 [65418] I/O error flushing output to client lancol
at ppp-119.depot.com.au [202.129.79.119]: Operation not permitted (1)
Feb 12 18:08:49.502 2002
Feb 12 18:08:50.492 2002 [65418] I/O error flushing output to client lancol
at ppp-119.depot.com.au [202.129.79.119]: Operation not permitted (1)
Feb 12 18:08:50.492 2002
Feb 12 18:08:50.492 2002 [65418] (v4.0.3) Timing for
lancol at ppp-119.depot.com dot au (error) auth=0 init=0 clean=1
I deleted the file and the user disconnected and reconnected
Feb 12 18:09:47.567 2002 [65491] (v4.0.3) POP login by user "lancol" at
(ppp-93.depot.com.au) 202.129.79.93
Feb 12 18:09:47.567 2002
Feb 12 18:10:20.915 2002 [65491] (v4.0.3) Timing for
lancol at ppp-93.depot.com dot au (normal) auth=0 init=0 clean=1
As you can see it took from 17:45 to 18:08 before the failure (Size of the
file 5 Mb) so it was downloading and then failed.
Wayne
At 08:42 PM 12-02-02 +0900, Peter Evans wrote:
>Wayne Heming (wheming at hemnet.com dot au) wrote:
> > I will try changing the 60 sec. default on Outlook. to the same as
> Eudora 5
> > mins.
>
> Use SERVERMODE or whatever it is called today. Stops things being
> copied.
> but I think your problems may well be elsewhere.
>
> > Hey it may even be a sendmail problem, I think its definitely a mailbox
> > corruption type problem.
>
> corruption is caused by locks not locking what they should.
> so you need to check that both MTA and qpopper speak the same
> language.
>
> P
>
>--
>END OF LINE.
Date: Tue, 12 Feb 2002 15:41:17 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: qpopper 4.03 corruption?
On Wed, Feb 06, 2002 at 11:45:20AM -0600, Tim Tyler wrote:
> Qpopper experts,
> We recently installed qpopper 4.03 back in December. Since then we have
> had 4 occurrances where their mailbox in /var/spool/mail became corrupt for
> some reason. We have configured qpopper to write the temporary pop file to
> a different directory structure (/var/spool/pop). Given that we have 1500
> active users, it seems to be working for the most part. But occassionally
> some users with a quite a few megabytes of email will find that when they
> have their client configured to leave on server, their temporary pop file
> can't get written back to the mailbox file properly. This has only happened
> 4 times now, but it is raising a red flag for me. Something is corrupting
> the mailbox file because if I 'vi' into the mailbox and resave (w!) the
> file, the file becomes approximately 1/10 of its original size. Its as
> though the file thinks its much larger than it really is. This is an
> obvious corruption, but I don't know why. It also appears to be a small
> subset of the temp pop file which remains in the /var/spool/pop directory.
> What might cause the mailbox file to become corrupted when the temp pop
> file tries to write itself back to the mailbox file? Is there a compile
> option that I might consider to minimize corruption?
> Note: we do use a quota, but not all incidences exceeded the quota. Also,
> we never had this problem with the old qpopper 2.0.
There are two likely possibilities:
1) [Less likely] You are running qpopper in server mode and have users
who are also accessing their mailboxes via UW imapd or a local mail
agent like Elm or Pine. This will result in mailbox corruption when
the mail agent accesses it during a server mode session.
2) [More likely] I'd second the opinion that you have some conflicting
locking method; find out what method your mail delivery agent is using
to lock the mail spool file. Normally, with most common mailers such
as sendmail or procmail as delivery agent, it should be a "dot-lock"
file; but whatever the method is, qpopper and your MTA need to be
agreed on it.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Tue, 12 Feb 2002 15:46:12 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Time out when receiving mail
On Tue, Feb 12, 2002 at 07:55:11PM +1100, Wayne Heming wrote:
> I know it happens with Outlook xpress and Eudora Pro 5.1. That is all I
> have tried. I should have explained it a bit better. I copied the mail file
> from one user to another (myself) and I had the same problem. I use Eudora
> and the user was using Outlook express.
>
> Next time it happens I will copy the file and keep it. (should have done
> this before)
There are definitely some mail messages with malformed headers which
will hose the POP connection to many common mail clients. I believe
I've mainly seen it with nested multipart MIME emails where the nesting
was faulty, but also the occasional weirdly formatted spam.
As far as I can tell it's not qpopper's fault, but the mail client -
but it's been really hard to tell, and it *could* be qpopper losing
track of the message boundaries.
We clean up maybe one or two of these per month, per around 10000
user mailboxes.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Tue, 12 Feb 2002 21:23:18 -0800
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: APOP doesn't get the login name
Quoting Daniel Senie (dts at senie dot com):
> At 03:10 AM 2/12/02, Kenneth Porter wrote:
> >On Mon, 2002-02-11 at 23:26, Keith Smith wrote:
> > > traffic. I tried using outlook and outlook express as clients and
> > > still the same issue.
> >
> >Those two clients don't do APOP.
>
> Which is why so few people bother implementing it, most likely. Most
> clients do implement TLS now. The TLS handshake happens before
> username/password exchange. With it, not only are passwords hidden from
> prying eyes, all user data is hidden. It is possible to configure qpopper
> to only allow users to log in if they are using TLS.
APOP and TLS meet SOME of the same gaols, but they are not
close to the same and have different uses.
APOP users a safe password for authentication. The rest of
the session is clear text. Computationally, it's light-weight
and easy to scale.
POP/TLS encodes the whole session using TLS (SSL v3.1). This
is computationally expensive. You can only support so many
sessions at a time with TLS.
I'm not sure I'd want to offer TLS if I were an basic ISP.
APOP, on the other hand, costs me almost nothing to offer.
Outbreak and Outbreak Express and Netscape don't support APOP.
Eudora does (tho it doesn't support the rampant number of viruses
that Outbreak does).
PROPERLY with TLS, I'd exepct to be able to do use SmartCards
or basic CERTs for authentication and get S/MIME as well.
chuck
From: Ted Cabeen <ted at impulse dot net>
Subject: Re: APOP doesn't get the login name
Date: Tue, 12 Feb 2002 22:33:15 -0800
In message <538864731742413354373 at lists.pensive dot org>, Chuck Yerkes writes:
>APOP and TLS meet SOME of the same gaols, but they are not
>close to the same and have different uses.
>
>APOP users a safe password for authentication. The rest of
>the session is clear text. Computationally, it's light-weight
>and easy to scale.
>
I'm not sure I'd want to offer TLS if I were an basic ISP.
>APOP, on the other hand, costs me almost nothing to offer.
Except for the fact that if you do offer APOP, you have to keep clear-text
passwords on the server. That doesn't seem worth the risk to me.
--Ted
From: rk at johanns-datentechnik dot de
Subject: Prevent brute force attacks to qpopper 4.0.3 ?
Date: 13 Feb 2002 07:06:56 UT
Anyone out there who can tell me, if its possible
to limit the attempts to authentificate to popper,
in that way if too many user / pass commands are send
vi telnet port 110, popper kills the connection or refuses
to accept more login retries for this session ?
greets rudi
Subject: Re: Time out when receiving mail
From: Kenneth Porter <shiva at well dot com>
Date: 13 Feb 2002 00:04:08 -0800
On Tue, 2002-02-12 at 17:46, Clifton Royston wrote:
> There are definitely some mail messages with malformed headers which
> will hose the POP connection to many common mail clients. I believe
> I've mainly seen it with nested multipart MIME emails where the nesting
> was faulty, but also the occasional weirdly formatted spam.
I just recently learned that a line starting with "begin " (two spaces)
is interpreted by M$ clients as the start of a uuencode sequence. If
this accidentally occurs at the start of a line, the rest of the message
will disappear as Outlook or OE attempt to intepret the rest as an
attachment.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q265230
Subject: Re: APOP doesn't get the login name
From: Kenneth Porter <shiva at well dot com>
Date: 13 Feb 2002 00:06:59 -0800
On Tue, 2002-02-12 at 21:23, Chuck Yerkes wrote:
> Outbreak and Outbreak Express and Netscape don't support APOP.
> Eudora does (tho it doesn't support the rampant number of viruses
> that Outbreak does).
Other clients supporting APOP include PMMail 2000
(http://www.pmmail2000.com/, for Win32 and OS/2) and Ximian Evolution
(http://www.ximian.com/, open source, Linux, based on Ximian Camel mail
library).
Date: Wed, 13 Feb 2002 04:03:06 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Time out when receiving mail
On 13 Feb 2002, Kenneth Porter wrote:
> I just recently learned that a line starting with "begin " (two spaces)
> is interpreted by M$ clients as the start of a uuencode sequence.
ok, here goes
begin bah. humbug.
And this is a problem for people using non-broken mail clients wfor what
reason? :-)
Date: Wed, 13 Feb 2002 09:26:50 -0800
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: APOP doesn't get the login name
ive.org> <760253716426193485993 at lists.pensive dot org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <760253716426193485993 at lists.pensive dot org>; from ted at impulse dot net on Tue, Feb 12, 2002 at 10:33:15PM -0800
Well, by NOT offering that, getting passwords is as simple
as sniffing the net. And that's just easier to do.
No, at this point a dedicated POP server can be made Secure
Enough (I'd never say Unbreakable). This means, of course,
only administrative access to the machine and doing security
Best Practices. Furthermore, the tokens should not be stored
in plain text by the program somewhere but rather encrypted
in a way that the popper server can get the plain text out of
it. Most of the SASL methods I've looked at do this.
Evil hacker breaks onto the machine, gets a file of shared keys
that is a binary mush. S/he then must break that or find the
keys used from the crypto binary.
Frankly, once on the machine, wiring in a sniffer is less effort.
APOP is enough for ISPs. Esp when the alternative for serving
500 concurrent connections means rolling out several machines
to handle the TLS negotiation.
KPOP anyone?
Quoting Ted Cabeen (ted at impulse dot net):
> In message <538864731742413354373 at lists.pensive dot org>, Chuck Yerkes writes:
> >APOP and TLS meet SOME of the same gaols, but they are not
> >close to the same and have different uses.
> >
> >APOP users a safe password for authentication. The rest of
> >the session is clear text. Computationally, it's light-weight
> >and easy to scale.
> >
> I'm not sure I'd want to offer TLS if I were an basic ISP.
> >APOP, on the other hand, costs me almost nothing to offer.
>
> Except for the fact that if you do offer APOP, you have to keep clear-text
> passwords on the server. That doesn't seem worth the risk to me.
>
> --Ted
Date: Wed, 13 Feb 2002 09:33:54 -0800
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Time out when receiving mail
Quoting Kenneth Porter (shiva at well dot com):
> I just recently learned that a line starting with "begin " (two spaces)
> is interpreted by M$ clients as the start of a uuencode sequence. If
> this accidentally occurs at the start of a line, the rest of the message
> will disappear as Outlook or OE attempt to intepret the rest as an
> attachment.
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q265230
This is actually a year old or so. And amusing.
At least it's not running code. That's sort of a first
for Outbreak.
Here's a thought: Don't use it. Ban it. Forbid it from your
premises. Chevy was forced to recall the Corvair for bad design
(ok, it WAS actually killing people).
Just because it's free doesn't make it worth it. It's broken.
There are alternatives to Outlook and, especially for those
using Exchange, not-using it can save ENOURMOUS amounts of money.
Aside from the estimated costs of $25/user/month for Exchange
(per Gartner), there are the HUGE costs of blocking the monthly
Outlook viruses.
Try, hmmm, Eudora! Try Evolution, Mulberry. Hell, PINE and Mutt
do an admirable job.
Subject: Re: APOP doesn't get the login name
Date: Wed, 13 Feb 2002 12:44:49 -0500
From: Ken Hornstein <kenh at cmf.nrl.navy dot mil>
>KPOP anyone?
You don't really want KPOP (Eudora is the only common client that
supports it, and it looks like they're getting rid of the support for
it). You want to use SASL with the GSSAPI mechanism, which has the
additional advantage of supporting session encryption (which KPOP
doesn't). It's the same protocol used by IMAP and SMTP, so you
can have some code overlap as an MUA writer.
(I need to update my SASL patches for qpopper and send 'em in).
--Ken
Date: Wed, 13 Feb 2002 12:55:27 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Time out when receiving mail
On Wed, 13 Feb 2002, Chuck Yerkes wrote:
> This is actually a year old or so. And amusing.
very, I'm tempted to code it into mailing lists as an intelligence test.
AB
From: Ted Cabeen <ted at impulse dot net>
Subject: Re: APOP doesn't get the login name
Date: Wed, 13 Feb 2002 09:50:38 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <20020213092650.A13677 at snew dot com>, Chuck Yerkes writes:
>Well, by NOT offering that, getting passwords is as simple
>as sniffing the net. And that's just easier to do.
Depends on the net you're sniffing. Most networks are switched, which makes
sniffing more difficult. Still pretty simple, but also more noticeable.
>No, at this point a dedicated POP server can be made Secure
>Enough (I'd never say Unbreakable). This means, of course,
>only administrative access to the machine and doing security
>Best Practices. Furthermore, the tokens should not be stored
>in plain text by the program somewhere but rather encrypted
>in a way that the popper server can get the plain text out of
>it. Most of the SASL methods I've looked at do this.
>
>Evil hacker breaks onto the machine, gets a file of shared keys
>that is a binary mush. S/he then must break that or find the
>keys used from the crypto binary.
If the popper server can get the plain text out of it, the person who has
cracked your box can too. The passwords have to be in memory somewhere or in a
config file somewhere, since the popper binary has to store them somewhere
when the machine is off. This is just security through obscurity. Especially
if you're using open-source SASL routines, finding or writing a cracker
should be trivial.
>Frankly, once on the machine, wiring in a sniffer is less effort.
Yes, but with a sniffer, they get only those accounts that are used, which
makes their intrusions more likely to be noticed. With the complete password
list, they get access to every POP account you have, including those that
haven't been used in years.
When it comes down to it, storing passwords in clear-text worries me more
than having passwords clear on the wire. IMHO, APOP just doesn't seem like
a good solution. It introduces more problems than it solves. TLS/SSL is a
better solution, especially with Moore's law making CPU cycles cheaper every
year.
- --
Ted Cabeen http://www.pobox.com/~secabeen ted at impulse dot net
Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen at pobox dot com
"I have taken all knowledge to be my province." -F. Bacon secabeen at cabeen dot org
"Human kind cannot bear very much reality."-T.S.Eliot cabeen at netcom dot com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE8aqduoayJfLoDSdIRAhscAJ91QQl1ZFJ7O3JEG7XT91yQ3DuelACeKlKf
8fLKwKXqxWFhzHfANxKQiQ0
=emOZ
-----END PGP SIGNATURE-----
Date: Wed, 13 Feb 2002 12:37:59 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Time out when receiving mail
At 12:40 PM +1100 2/13/02, Wayne Heming wrote:
>I deleted the file and the user disconnected and reconnected
If it happens again you may want to save off the file, to see if it
is reproducible. If so, it should be possible to determine where the
problem is.
--
Date: Wed, 13 Feb 2002 17:01:22 -0500
From: Steve Perrault <sperraul at mnsi dot net>
Subject: Re: Time out when receiving mail
At my place, I've noticed strange timeouts when there's carriage returns
jammed in the header. I'll use more to view the file, and it LOOKS fine,
but when I load it into a text editor, I see entries like
Subject: earn^Mmoney n^Mow , where (^M is <CR>)
When the message is there, OE 5 barfs. When it's removed, life is good.
- SteveP
At 12:37 PM 2/13/2002 -0800, you wrote:
>At 12:40 PM +1100 2/13/02, Wayne Heming wrote:
>
>>I deleted the file and the user disconnected and reconnected
>
>If it happens again you may want to save off the file, to see if it is
>reproducible. If so, it should be possible to determine where the problem is.
>--
Date: Wed, 13 Feb 2002 12:11:35 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Time out when receiving mail
On Wed, Feb 13, 2002 at 05:01:22PM -0500, Steve Perrault wrote:
> At my place, I've noticed strange timeouts when there's carriage returns
> jammed in the header. I'll use more to view the file, and it LOOKS fine,
> but when I load it into a text editor, I see entries like
>
> Subject: earn^Mmoney n^Mow , where (^M is <CR>)
>
> When the message is there, OE 5 barfs. When it's removed, life is good.
Funny you mention it, this was just today reported to Bugtraq as an
exploitable bug in OE. OE will treat carriage returns in headers as if
they were newlines; it's exploitable because it means you can put an
entire message including other exploits into something that looks like
an ignored mail header to virus scanners and similar content filters.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Subject: Re: Time out when receiving mail
From: Kenneth Porter <shiva at well dot com>
Date: 13 Feb 2002 20:25:49 -0800
On Wed, 2002-02-13 at 09:33, Chuck Yerkes wrote:
> Here's a thought: Don't use it. Ban it. Forbid it from your
> premises. Chevy was forced to recall the Corvair for bad design
> (ok, it WAS actually killing people).
That's the approach my company takes. We use mostly Netscape with a
smattering of Eudora for Windows users. Even after being acquired by an
all-MS shop, our ex-owners had the power and obvious technical know-how
to stand firm and keep Lookout out.
Of course, that doesn't prevent users from opening malicious
attachments, so I've also installed a procmail "sanitizer" to "defang"
executable attachments by renaming dangerous extensions and stripping
known trojans before delivery.
> Try, hmmm, Eudora! Try Evolution, Mulberry. Hell, PINE and Mutt
> do an admirable job.
Our Linux guys use either Pine or Evolution. I just wish there were a
text version of Evo so that my checks of mail from home wouldn't require
X over ssh, which is pretty slow even with broadband.
Date: Thu, 14 Feb 2002 14:32:05 -0600
From: Tim Tyler <tyler at beloit dot edu>
Subject: Quota policies?
Qpopper experts,
We are running qpopper 4.03 on aix 4.3.3 systems. I am in a quandary about
how to handle setting soft and hard quotas for incoming email for 1500
users and am open to different suggestions. We have set a 10mgb quota on
the mailbox files for each user in /var/spool/mail. If we have the temp
pop files located in /var/spool/mail, then they are unable to retrieve
exisiting email if they hit their quota limit. If we put the temp file in
another filesystem without a quota such as /var/spool/pop, then users can
still retrieve their email, but on occasion an incoming message comes in
while they are popping their email and if they have "leave on server" they
can exceed quota while retrieving. This results in the inability to write
the entire temp file back to /var/spool/mail. Hence, the temp file gets
stuck in the /var/spool/pop directory which has no quota and can grow very
large as new mail appends to it. We could set a quota on /var/spool/pop,
but even that wouldn't allow the ability to write back to /var/spool/mail
if new mail comes in. Any thoughts on this dilema?
Ideally, it would be nice if no new incoming email could get delivered
to /var/spool/mail while in the process of retrieving email (popping). But
this might be a bad idea if it actually gets rejected. Thoughts?
Second question, does qpopper increase the size of the mailbox file
slightly when popping by adding in any headers, etc?
Tim Tyler
Network Engineer - Beloit College
tyler at beloit dot edu
Date: Thu, 14 Feb 2002 17:13:10 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Thu, 14 Feb 2002, Tim Tyler wrote:
> Qpopper experts,
> We are running qpopper 4.03 on aix 4.3.3 systems. I am in a quandary about
> how to handle setting soft and hard quotas for incoming email for 1500
> users and am open to different suggestions.
Set the hard quota to at least twice the soft quota and switch on server
mode if at all posible.
If you can't, set the hard quota at least 3 times the soft quota.
AB
Date: Thu, 14 Feb 2002 13:03:46 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Quota policies?
On Thu, Feb 14, 2002 at 02:32:05PM -0600, Tim Tyler wrote:
> Qpopper experts,
> We are running qpopper 4.03 on aix 4.3.3 systems. I am in a quandary about
> how to handle setting soft and hard quotas for incoming email for 1500
> users and am open to different suggestions. We have set a 10mgb quota on
> the mailbox files for each user in /var/spool/mail. If we have the temp
> pop files located in /var/spool/mail, then they are unable to retrieve
> exisiting email if they hit their quota limit. If we put the temp file in
> another filesystem without a quota such as /var/spool/pop, then users can
> still retrieve their email, but on occasion an incoming message comes in
> while they are popping their email and if they have "leave on server" they
> can exceed quota while retrieving.
Remember that if they have "leave on server" they are likely to end up
exceeding the quota
> This results in the inability to write
> the entire temp file back to /var/spool/mail. Hence, the temp file gets
> stuck in the /var/spool/pop directory which has no quota and can grow very
> large as new mail appends to it. We could set a quota on /var/spool/pop,
> but even that wouldn't allow the ability to write back to /var/spool/mail
> if new mail comes in. Any thoughts on this dilema?
Try this combination:
1) Enable server mode (eliminates some of the multiple copies);
2) Put /var/spool/pop on a separate file system with no quota or a
larger quota; and
3) set a hard quota on /var/spool/mail to at least 2x the soft quota;
4) (Optionally) to compensate for having the hard quota set high, and
prevent them running up to that limit, you could lower the grace period
for the soft quota to a relatively short interval (e.g. < 1 day)
5) (Optionally) implement a script which promptly notifies users
(before the expiration of the grace period!) that they are over quota
and must reduce their mailbox size ASAP.
Be aware that quotas do not make administration completely painless and
automatic. There will still be windows where something can happen at
just the wrong time (mail arriving during the POP session and pushing
the user just over quota) and you will need to manually intervene to
restore functionality for that user.
There will always be users who ignore the quotas until their incoming
mail starts bouncing and they also can't POP it, and then flip out.
It's better to approach quotas as simply reducing, on average, the
amount of system administration and support work you have to do, and
shifting that work from panicky "we're out of disk!" type crises which
affect everyone, to work on user education and support.
> Ideally, it would be nice if no new incoming email could get delivered
> to /var/spool/mail while in the process of retrieving email (popping). But
> this might be a bad idea if it actually gets rejected. Thoughts?
>
> Second question, does qpopper increase the size of the mailbox file
> slightly when popping by adding in any headers, etc?
Yes, actually it does - it inserts X-UIDL headers. There are boundary
cases where this could cause the mailbox to expand over quota.
Quotas are not a panacea, but implementing them did finally eliminate
certain types of crises which we used to have periodically. (E.g. a
mail forwarding loop gets accidentally set up, and someone's mailbox
balloons to 500MB before we can break the loop.)
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Thu, 14 Feb 2002 13:47:34 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Prevent brute force attacks to qpopper 4.0.3 ?
On Wed, Feb 13, 2002 at 07:06:56AM +0000, rk at johanns-datentechnik dot de wrote:
> Anyone out there who can tell me, if its possible
> to limit the attempts to authentificate to popper,
> in that way if too many user / pass commands are send
> vi telnet port 110, popper kills the connection or refuses
> to accept more login retries for this session ?
Qpopper only allows a single user/password attempt per connection, and
provides a fairly long timeout before responding with a error message
on an authentication failure. It responds to any username as if
potentially valid (whether or not it exists) with a password prompt to
avoid leaking info about which accounts really exist. It will also
syslog the message "Possible probe of account xxxxxx." if a connection
quits at the password prompt. However, it does not keep enough history
to detect repeated unsuccessful attempts to login to the same account
via a dictionary attack.
If you invoke qpopper via inetd or xinetd, your version of that program
should allow you additional rate limiting on connections from a single
IP.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Fri, 15 Feb 2002 10:19:06 -0600
From: Tim Tyler <tyler at beloit dot edu>
Subject: Re: Quota policies?
Clifton,
Thanks, most of what you and Alan Brown stated is pretty much how I was
leaning. I think you are correct that the best I can do is to minimize my
problem, but never eliminate it. I had already doubled the hard quota on
one of my servers. I will do it with our student server as well. I also
wrote a script earlier this week to warn users that were in their grace
period about exceeding quota. This will help to some degree.
I can't really go to server mode because we still have shell users. The
idea of going to a lower grace period such as 1 has crossed my mind
before. I couldn't find anywhere in the AIX instructions for how to do
this, but assuming I can, I may give this a try to see if it helps minimize
the problem though it is certain that any time a person is popping their
email, the door is open for more mail to arrive regardless of soft and hard
quota settings.
I would like to comment that quota issues have become increasingly more
difficult to manage with everyone sharing music, graphics, videos, etc. It
would be nice if someday Qpopper were able to implement its own internal
quota system where the sum of the mailbox file (prior to popping) and any
new incoming email cannot exceed a given limit during the popping
process. That way system hard limits wouldn't be thwarted by qpopper so
easily.
Tim
At 01:03 PM 02/14/2002 -1000, Clifton Royston wrote:
>On Thu, Feb 14, 2002 at 02:32:05PM -0600, Tim Tyler wrote:
> > Qpopper experts,
> > We are running qpopper 4.03 on aix 4.3.3 systems. I am in a quandary
> about
> > how to handle setting soft and hard quotas for incoming email for 1500
> > users and am open to different suggestions. We have set a 10mgb quota on
> > the mailbox files for each user in /var/spool/mail. If we have the temp
> > pop files located in /var/spool/mail, then they are unable to retrieve
> > exisiting email if they hit their quota limit. If we put the temp file in
> > another filesystem without a quota such as /var/spool/pop, then users can
> > still retrieve their email, but on occasion an incoming message comes in
> > while they are popping their email and if they have "leave on server" they
> > can exceed quota while retrieving.
>
>Remember that if they have "leave on server" they are likely to end up
>exceeding the quota
>
> > This results in the inability to write
> > the entire temp file back to /var/spool/mail. Hence, the temp file gets
> > stuck in the /var/spool/pop directory which has no quota and can grow very
> > large as new mail appends to it. We could set a quota on /var/spool/pop,
> > but even that wouldn't allow the ability to write back to /var/spool/mail
> > if new mail comes in. Any thoughts on this dilema?
>
>Try this combination:
>
>1) Enable server mode (eliminates some of the multiple copies);
>
>2) Put /var/spool/pop on a separate file system with no quota or a
>larger quota; and
>
>3) set a hard quota on /var/spool/mail to at least 2x the soft quota;
>
>4) (Optionally) to compensate for having the hard quota set high, and
>prevent them running up to that limit, you could lower the grace period
>for the soft quota to a relatively short interval (e.g. < 1 day)
>
>5) (Optionally) implement a script which promptly notifies users
>(before the expiration of the grace period!) that they are over quota
>and must reduce their mailbox size ASAP.
>
>Be aware that quotas do not make administration completely painless and
>automatic. There will still be windows where something can happen at
>just the wrong time (mail arriving during the POP session and pushing
>the user just over quota) and you will need to manually intervene to
>restore functionality for that user.
>
>There will always be users who ignore the quotas until their incoming
>mail starts bouncing and they also can't POP it, and then flip out.
>It's better to approach quotas as simply reducing, on average, the
>amount of system administration and support work you have to do, and
>shifting that work from panicky "we're out of disk!" type crises which
>affect everyone, to work on user education and support.
>
> > Ideally, it would be nice if no new incoming email could get delivered
> > to /var/spool/mail while in the process of retrieving email
> (popping). But
> > this might be a bad idea if it actually gets rejected. Thoughts?
> >
> > Second question, does qpopper increase the size of the mailbox file
> > slightly when popping by adding in any headers, etc?
>
>Yes, actually it does - it inserts X-UIDL headers. There are boundary
>cases where this could cause the mailbox to expand over quota.
>
>Quotas are not a panacea, but implementing them did finally eliminate
>certain types of crises which we used to have periodically. (E.g. a
>mail forwarding loop gets accidentally set up, and someone's mailbox
>balloons to 500MB before we can break the loop.)
> -- Clifton
>
>--
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Tim Tyler
Network Engineer - Beloit College
tyler at beloit dot edu
Date: Fri, 15 Feb 2002 12:33:16 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Fri, 15 Feb 2002, Tim Tyler wrote:
> I can't really go to server mode because we still have shell users.
Actually you can.
Server mode is only needed if there's the possibility that a user may be
accessing the mailbox via shell (pine, elm, imap, etc) and pop3 at the
same time.
Or if they may have 2 concurrent pop sessions (think 1 machine at home
with "leave mail on server" and one at work either leaving it on the
server or clearing the mail)
More appropriate locking would nail this reasonably well, the problem
really is that it is difficult to lock down.
On my (recently deceased) ISP, _all_ users had shells. Only a few ever
used them and only a fraction of those ever used shell _and_ pop3
access, let alone simultaneously.
> I would like to comment that quota issues have become increasingly more
> difficult to manage with everyone sharing music, graphics, videos, etc.
Any half decent quota system _must_ send a warning message when the user
exceeds the soft quota for a period exceeding 1/10 the grace period, or
every time the soft quota is exceeded.
Even in server mode, Qpopper can and will still write drop files -
specifically if users delete _some_ messages and leave others on the
server.
AB
From: "Neal Davis" <ndavis at accucareinc dot com>
Subject: configure on Solaris8?
Date: Fri, 15 Feb 2002 10:29:53 -0800
I just downloaded qpopper4.0.3 on my Sun 250 running solaris8 and tried to
run configure...
configure is returnings the following
loading cache ./cofig.cache
checking whether make sets ${MAKE}... ./configure: make: not found no
checking for gcc... no
checking for cc... no
configure: error: no acceptable cc found in $PATH
I can run gcc and make from root command prompt just fine, I can compile any
*.c file using gcc or run make from any directory?
Has anyone else tried compiling under solaris8? Anyone have any idea whats
going on here?
Neal Davis
Alpine Technology
Spokane, WA.
From: Ted Cabeen <ted at impulse dot net>
Subject: Re: configure on Solaris8?
Date: Fri, 15 Feb 2002 10:46:32 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <514535049161352867975 at lists.pensive dot org>, "Neal Davis" writes:
>I just downloaded qpopper4.0.3 on my Sun 250 running solaris8 and tried to
>run configure...
>
>configure is returnings the following
>loading cache ./cofig.cache
>checking whether make sets ${MAKE}... ./configure: make: not found no
>checking for gcc... no
>checking for cc... no
>configure: error: no acceptable cc found in $PATH
>
>I can run gcc and make from root command prompt just fine, I can compile any
>*.c file using gcc or run make from any directory?
>
>Has anyone else tried compiling under solaris8? Anyone have any idea whats
>going on here?
Look at the configure.log file. It should have the actual error messages
that configure is getting. It's probably a path problem, looking at the
error messages above.
- --
Ted Cabeen http://www.pobox.com/~secabeen ted at impulse dot net
Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen at pobox dot com
"I have taken all knowledge to be my province." -F. Bacon secabeen at cabeen dot org
"Human kind cannot bear very much reality."-T.S.Eliot cabeen at netcom dot com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE8bVeIoayJfLoDSdIRAqSAAJ98/jhkPjn7oSEhBIPF3BEk2N1tiACgsR/n
pvbya3QzaH5kQfs53k2IAHI
=W4mv
-----END PGP SIGNATURE-----
Date: Fri, 15 Feb 2002 09:09:50 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Quota policies?
On Fri, Feb 15, 2002 at 10:19:06AM -0600, Tim Tyler wrote:
> Clifton,
> Thanks, most of what you and Alan Brown stated is pretty much how I was
> leaning. I think you are correct that the best I can do is to minimize my
> problem, but never eliminate it. I had already doubled the hard quota on
> one of my servers. I will do it with our student server as well. I also
> wrote a script earlier this week to warn users that were in their grace
> period about exceeding quota. This will help to some degree.
> I can't really go to server mode because we still have shell users.
So do we. I think you need this patch I wrote against 4.0.3 last
year, which I'm including as an attachment.
It hasn't been incorporated into the main release as of 4.0.3, but
maybe in one of the upcoming ones - what it does is let you manage
server mode on a per-user basis based on what shell is assigned to the
user in /etc/passwd. Thus if you assign /sbin/nologin or /bin/false as
the shell for users who don't actually have shell access, or even if
you assign /bin/sh for users who theoretically have shell access but
never use it, you can specify that to qpopper and have it jump into
server mode for those users after they authenticate.
IMAP interaction with qpopper server mode is still a problem, *but* I
am now well along with debugging a patch that provides interoperability
of qpopper server mode and UW imapd (and pine!), by adding an option
for qpopper to use UW-style mailbox locks on the user's mailspool for
the duration of the POP session. It turned out to be much more work
than I thought, but I now have it running on a test server while I beat
on it and finish debugging some interactions. Still some weeks away
from general release, most likely, but it will get finished because an
important internal project here depends on it working.
> I would like to comment that quota issues have become increasingly more
> difficult to manage with everyone sharing music, graphics, videos, etc. It
> would be nice if someday Qpopper were able to implement its own internal
> quota system where the sum of the mailbox file (prior to popping) and any
> new incoming email cannot exceed a given limit during the popping
> process. That way system hard limits wouldn't be thwarted by qpopper so
> easily.
To niggle a bit, really the problem is that qpopper *can't* thwart
the system hard limits and therefore requires the admin to stretch the
limits for it; and the MTA or mail delivery agent don't know that they
must respect the lower limits.
Nonetheless, these are good comments. A good well-integrated patch
to implement them would of course also be welcome! :-) Otherwise, well,
it'll happen when it happens.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Fri, 15 Feb 2002 09:15:50 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Quota policies?
--sm4nu43k4a2Rpi4c
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Oops, botched including the patch attachment, sorry!
This should be more like it:
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
--sm4nu43k4a2Rpi4c
Content-Type: application/x-patch
Content-Disposition: attachment; filename="qpopper4.0.3-shell-server-mode.patch"
--sm4nu43k4a2Rpi4c--
Date: Fri, 15 Feb 2002 14:54:54 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Fri, 15 Feb 2002, Clifton Royston wrote:
> IMAP interaction with qpopper server mode is still a problem
I believe it would be better to try and get locking working properly so
that if a user is running IMAP sessions or shell mail clients, qpopper
refuses to access the mailbox, just the same as if there are 2 pop3
sessions running.
After that, server mode should be possible to set as default on most
systems.
AB
From: Tim Tyler <tyler at beloit dot edu>
Subject: Re: Quota policies?
Date: Fri, 15 Feb 2002 14:14:44 -0600 (CST)
Clifton, Alan,
Ok, perhaps moving to server mode is a good idea. I have a couple
questions:
1. What is the consequence of elm and popping at the same time? How easy
is it to repair? -note: I agree that it is probably rare that it would
happen simultaneously, but I am sure it eventually will.
2. I presume that in server mode there is no temp file any more. How does
one keep track of the last time a user popped? This is important for me in
finding stagnant accounts.
Thanks for the attachment!
Tim
>
>On Fri, Feb 15, 2002 at 10:19:06AM -0600, Tim Tyler wrote:
>> Clifton,
>> Thanks, most of what you and Alan Brown stated is pretty much how I was
>> leaning. I think you are correct that the best I can do is to minimize my
>> problem, but never eliminate it. I had already doubled the hard quota on
>> one of my servers. I will do it with our student server as well. I also
>> wrote a script earlier this week to warn users that were in their grace
>> period about exceeding quota. This will help to some degree.
>> I can't really go to server mode because we still have shell users.
>
> So do we. I think you need this patch I wrote against 4.0.3 last
>year, which I'm including as an attachment.
>
> It hasn't been incorporated into the main release as of 4.0.3, but
>maybe in one of the upcoming ones - what it does is let you manage
>server mode on a per-user basis based on what shell is assigned to the
>user in /etc/passwd. Thus if you assign /sbin/nologin or /bin/false as
>the shell for users who don't actually have shell access, or even if
>you assign /bin/sh for users who theoretically have shell access but
>never use it, you can specify that to qpopper and have it jump into
>server mode for those users after they authenticate.
>
> IMAP interaction with qpopper server mode is still a problem, *but* I
>am now well along with debugging a patch that provides interoperability
>of qpopper server mode and UW imapd (and pine!), by adding an option
>for qpopper to use UW-style mailbox locks on the user's mailspool for
>the duration of the POP session. It turned out to be much more work
>than I thought, but I now have it running on a test server while I beat
>on it and finish debugging some interactions. Still some weeks away
>from general release, most likely, but it will get finished because an
>important internal project here depends on it working.
>
>
>> I would like to comment that quota issues have become increasingly more
>> difficult to manage with everyone sharing music, graphics, videos, etc. It
>> would be nice if someday Qpopper were able to implement its own internal
>> quota system where the sum of the mailbox file (prior to popping) and any
>> new incoming email cannot exceed a given limit during the popping
>> process. That way system hard limits wouldn't be thwarted by qpopper so
>> easily.
>
> To niggle a bit, really the problem is that qpopper *can't* thwart
>the system hard limits and therefore requires the admin to stretch the
>limits for it; and the MTA or mail delivery agent don't know that they
>must respect the lower limits.
>
> Nonetheless, these are good comments. A good well-integrated patch
>to implement them would of course also be welcome! :-) Otherwise, well,
>it'll happen when it happens.
>
> -- Clifton
>
>--
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
>
--
Tim Tyler
Network Manager - Beloit College
tyler at beloit dot edu
Go Packers! Go Badgers!
1999&2000 Rose Bowl Champions!
Date: Fri, 15 Feb 2002 10:47:49 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Quota policies?
On Fri, Feb 15, 2002 at 02:54:54PM -0500, Alan Brown wrote:
> On Fri, 15 Feb 2002, Clifton Royston wrote:
>
> > IMAP interaction with qpopper server mode is still a problem
>
> I believe it would be better to try and get locking working properly so
> that if a user is running IMAP sessions or shell mail clients, qpopper
> refuses to access the mailbox, just the same as if there are 2 pop3
> sessions running.
That is exactly what I've been working on, off and on, for the last
month. It's in testing and debugging this week. I won't swear it will
work with all shell mail clients, but it will work with UW IMAP and
Pine, and of course with all clients which use UW IMAP to access the
spool.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Fri, 15 Feb 2002 15:49:52 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Fri, 15 Feb 2002, Tim Tyler wrote:
> 1. What is the consequence of elm and popping at the same time? How easy
> is it to repair? -note: I agree that it is probably rare that it would
> happen simultaneously, but I am sure it eventually will.
When it happens, I've only ever seen the first few lines of the mailbox
get corrupted. Usually trimming down to the first "From x@y" does the
trick.
> 2. I presume that in server mode there is no temp file any more. How does
> one keep track of the last time a user popped? This is important for me in
> finding stagnant accounts.
ls -lu show a mail file's atime (last time read). This is more reliable
than looking at temp files on systems where there are shells anyway.
AB
ls -lut /var/spool/mail | head -20 :-)
Date: Fri, 15 Feb 2002 10:54:56 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Quota policies?
On Fri, Feb 15, 2002 at 03:49:52PM -0500, Alan Brown wrote:
> On Fri, 15 Feb 2002, Tim Tyler wrote:
>
> > 1. What is the consequence of elm and popping at the same time? How easy
> > is it to repair? -note: I agree that it is probably rare that it would
> > happen simultaneously, but I am sure it eventually will.
>
> When it happens, I've only ever seen the first few lines of the mailbox
> get corrupted. Usually trimming down to the first "From x@y" does the
> trick.
With pine, at least, I've several times seen message corruption
scattered all the way through the file due to UIDLs getting updated
into "random" places in the headers, and have had to hand-edit it and
scrap large numbers of messages. I tend to assume the worst in this
scenario.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Fri, 15 Feb 2002 10:51:16 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Quota policies?
On Fri, Feb 15, 2002 at 02:14:44PM -0600, Tim Tyler wrote:
> Clifton, Alan,
> Ok, perhaps moving to server mode is a good idea. I have a couple
> questions:
> 1. What is the consequence of elm and popping at the same time? How easy
> is it to repair? -note: I agree that it is probably rare that it would
> happen simultaneously, but I am sure it eventually will.
Bad in server mode; it must be guaranteed to never happen; that's why
I don't ever enable server mode for users who have a real shell.
> 2. I presume that in server mode there is no temp file any more. How does
> one keep track of the last time a user popped? This is important for me in
> finding stagnant accounts.
It still uses the temp file when necessary, but that seems to be only
10-20% of sessions.
Yes, it's an important feature for our tech support too, and
incorporated into some of the status scripts they use. If you enable
the keep-temp-drop parameter, qpopper will keep the temp files around
so you can check their date.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Date: Fri, 15 Feb 2002 17:39:33 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Quota policies?
On Fri, 15 Feb 2002, Clifton Royston wrote:
> > When it happens, I've only ever seen the first few lines of the mailbox
> > get corrupted. Usually trimming down to the first "From x@y" does the
> > trick.
>
> With pine, at least, I've several times seen message corruption
> scattered all the way through the file due to UIDLs getting updated
> into "random" places in the headers, and have had to hand-edit it and
> scrap large numbers of messages. I tend to assume the worst in this
> scenario.
I don't set qpopper to write the UIDLs back to the file, which is
proablby why I've never had it happen.
The cpu cost of recalculating UIDLs on-the-fly is fairly small these
days. If Qpopper has to generate these and write them back, it will
generate a temp file too.
AB
From: "Neal Davis" <ndavis at accucareinc dot com>
Subject: RE: configure on Solaris8?
Date: Fri, 15 Feb 2002 14:36:24 -0800
Well very dumb mistake - thanks to Leonard Hermens for pointing out the
problem! I had set my PATH but forgot to export PATH. So as soon as I did
the export PATH configure ran fine! Thanks to everyone for your quick
responses.
Neal Davis
Alpine Technology
Spokane, WA.
-----Original Message-----
From: Leonard Hermens [mailto:Leonard.Hermens at rcity dot com]
Sent: Friday, February 15, 2002 10:56 AM
To: Neal Davis
Subject: Re: configure on Solaris8?
Hi Neal,
I am located in Spokane. Call my cell phone at 994.9234 if you don't get a
resolution and I'll try to help.
-- Leonard
At 10:29 AM 2/15/2002, you wrote:
>I just downloaded qpopper4.0.3 on my Sun 250 running solaris8 and tried to
>run configure...
>
>configure is returnings the following
>loading cache ./cofig.cache
>checking whether make sets ${MAKE}... ./configure: make: not found no
>checking for gcc... no
>checking for cc... no
>configure: error: no acceptable cc found in $PATH
>
>I can run gcc and make from root command prompt just fine, I can compile
any
>*.c file using gcc or run make from any directory?
>
>Has anyone else tried compiling under solaris8? Anyone have any idea whats
>going on here?
>
>Neal Davis
>Alpine Technology
>Spokane, WA.
Date: Fri, 15 Feb 2002 16:04:14 -0800
From: Tracy Pham <tracy at cradle dot com>
Subject: Re: configure on Solaris8?
Hi,
Can you tell me what are the paramters you used while running the configure?
I just ran "configure" and got no error. However, I got a problem while try
to run "make"
See the error messages below:
"u533-011_root> make
cd ./popper && make all
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_dele.c -o pop_dele.o
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_dropcopy.c -o pop_dropcopy.o
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_get_command.c -o pop_get_command.o
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_get_subcommand.c -o
pop_get_subcommand.o
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_init.c -o pop_init.o
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_last.c -o pop_last.o
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_list.c -o pop_list.o
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_log.c -o pop_log.o
pop_log.c: In function `pop_log':
pop_log.c:179: `__builtin_va_alist' undeclared (first use in this function)
pop_log.c:179: (Each undeclared identifier is reported only once
pop_log.c:179: for each function it appears in.)
*** Error code 1
make: Fatal error: Command failed for target `pop_log.o'
Current working directory /local/qpopper4.0.3/popper
*** Error code 1
make: Fatal error: Command failed for target `popper_server' "
======================
Any ideas what cause the problem and how to fix it. Our gcc version is:
2.7.2.3
Thanks
Tracy Pham
Neal Davis wrote:
> Well very dumb mistake - thanks to Leonard Hermens for pointing out the
> problem! I had set my PATH but forgot to export PATH. So as soon as I did
> the export PATH configure ran fine! Thanks to everyone for your quick
> responses.
>
> Neal Davis
> Alpine Technology
> Spokane, WA.
>
> -----Original Message-----
> From: Leonard Hermens [mailto:Leonard.Hermens at rcity dot com]
> Sent: Friday, February 15, 2002 10:56 AM
> To: Neal Davis
> Subject: Re: configure on Solaris8?
>
> Hi Neal,
>
> I am located in Spokane. Call my cell phone at 994.9234 if you don't get a
> resolution and I'll try to help.
>
> -- Leonard
>
> At 10:29 AM 2/15/2002, you wrote:
> >I just downloaded qpopper4.0.3 on my Sun 250 running solaris8 and tried to
> >run configure...
> >
> >configure is returnings the following
> >loading cache ./cofig.cache
> >checking whether make sets ${MAKE}... ./configure: make: not found no
> >checking for gcc... no
> >checking for cc... no
> >configure: error: no acceptable cc found in $PATH
> >
> >I can run gcc and make from root command prompt just fine, I can compile
> any
> >*.c file using gcc or run make from any directory?
> >
> >Has anyone else tried compiling under solaris8? Anyone have any idea whats
> >going on here?
> >
> >Neal Davis
> >Alpine Technology
> >Spokane, WA.
Date: Mon, 18 Feb 2002 11:26:43 -0600
From: Tim Tyler <tyler at beloit dot edu>
Subject: Re: Quota policies?
Cifton, Alan,
The ls -lut command appears to resolve the need for a temp file. As far
as server mode is concerned, I might try it. The way I see it is that I
will have a consequence either way. I either risk subverted quota systems
filling up filesystems (which has happened twice now) or I risk corrupted
mail boxes due to potential multiple access methods. We use elm instead of
pine. Out of over 1500 users, I think there are very few that use their
shell account. They tend to usually be CS students with a few
exceptions. I could try to use the feature for applying per user basis,
but I really don't know from time to time all the users that might use
their shell account. So it might be better for me to incorporate a warning
into their shell login.
Alternatively, I might give the double to triple hard quota size a
try. This still can be subverted, but it would take longer and probably
result in fewer incidences.
Thanks for all the advice!
Tim
At 10:51 AM 02/15/2002 -1000, Clifton Royston wrote:
>On Fri, Feb 15, 2002 at 02:14:44PM -0600, Tim Tyler wrote:
> > Clifton, Alan,
> > Ok, perhaps moving to server mode is a good idea. I have a couple
> > questions:
> > 1. What is the consequence of elm and popping at the same time? How easy
> > is it to repair? -note: I agree that it is probably rare that it would
> > happen simultaneously, but I am sure it eventually will.
>
> Bad in server mode; it must be guaranteed to never happen; that's why
>I don't ever enable server mode for users who have a real shell.
>
> > 2. I presume that in server mode there is no temp file any more. How
> does
> > one keep track of the last time a user popped? This is important for me in
> > finding stagnant accounts.
>
> It still uses the temp file when necessary, but that seems to be only
>10-20% of sessions.
>
> Yes, it's an important feature for our tech support too, and
>incorporated into some of the status scripts they use. If you enable
>the keep-temp-drop parameter, qpopper will keep the temp files around
>so you can check their date.
>
> -- Clifton
>
>--
> Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava dot net
> WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
Tim Tyler
Network Engineer - Beloit College
tyler at beloit dot edu
Last updated on 18 Feb 2002 by Pensive Mailing List Admin