The qpopper list archive ending on 30 May 2002
Topics covered in this issue include:
1. Re: RedHat 7.2 / Qpopper 404
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Wed, 22 May 2002 13:59:52 +0200
2. Re: RedHat 7.2 / Qpopper 404
Drew <drew at patash.com dot au>
Wed, 22 May 2002 21:23:23 +1000
3. Re: RedHat 7.2 / Qpopper 404
Drew <drew at patash.com dot au>
Wed, 22 May 2002 22:33:24 +1000
4. Re: RedHat 7.2 / Qpopper 404
Drew <drew at patash.com dot au>
Wed, 22 May 2002 22:39:46 +1000
5. Re: RedHat 7.2 / Qpopper 404
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Wed, 22 May 2002 14:47:03 +0200
6. new box, first qpopper install
Jason Davis <jason.davis at regalcinemedia dot com>
Wed, 22 May 2002 12:17:48 -0600
7. Qpopper-Outlook-Sendmail
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Thu, 23 May 2002 11:43:56 +0200
8. Re: Qpopper-Outlook-Sendmail
peter.allen at moon-light.co dot uk
Thu, 23 May 2002 11:13:39 +0100
9. Re: Qpopper-Outlook-Sendmail
Kenneth Porter <shiva at well dot com>
23 May 2002 03:36:13 -0700
10. Re: Qpopper-Outlook-Sendmail
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Thu, 23 May 2002 13:46:35 +0200
11. RE: Configuring Qpopper with SSL and APOP
"Michael Caplan" <michael at social-ecology dot org>
Thu, 23 May 2002 08:28:35 -0400
12. Re: Qpopper-Outlook-Sendmail
Chip Old <fold at bcpl dot net>
Thu, 23 May 2002 08:45:18 -0400 (EDT)
13. Re: Configuring Qpopper with SSL and APOP
Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Thu, 23 May 2002 15:55:36 +0200
14. Re: Configuring Qpopper with SSL and APOP
Daniel Senie <dts at senie dot com>
Thu, 23 May 2002 10:11:58 -0400
15. Re: Configuring Qpopper with SSL and APOP
Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Thu, 23 May 2002 16:21:38 +0200
16. RE: outlook got duplicate emails after upgrade
Jason Jin <jason at dataprompt dot com>
Thu, 23 May 2002 11:19:24 -0400 (EDT)
17. Re: new box, first qpopper install
Randall Gellens <randy at qualcomm dot com>
Thu, 23 May 2002 16:40:01 -0700
18. RE: Configuring Qpopper with SSL and APOP
Randall Gellens <randy at qualcomm dot com>
Thu, 23 May 2002 16:44:08 -0700
19. [Fwd: Re: Qpopper-Outlook-Sendmail]
Kenneth Porter <shiva at well dot com>
23 May 2002 19:06:41 -0700
20. RE: new box, first qpopper install
Jason Davis <jason.davis at regalcinemedia dot com>
Thu, 23 May 2002 20:10:24 -0600
21. Re: Configuring Qpopper with SSL and APOP
Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Fri, 24 May 2002 10:10:01 +0200
22. transparent PAM?
Matthias Keller <matti at keller dot com>
Fri, 24 May 2002 10:47:40 +0200
23. RE: Configuring Qpopper with SSL and APOP
"Michael Caplan" <michael at social-ecology dot org>
Fri, 24 May 2002 05:33:34 -0400
24. Re: Configuring Qpopper with SSL and APOP
Randall Gellens <randy at qualcomm dot com>
Fri, 24 May 2002 12:27:38 -0700
25. Re: Outlook got duplicate emails after upgrade
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Fri, 24 May 2002 13:30:16 -0700
26. Re: [Fwd: Re: Qpopper-Outlook-Sendmail]
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Fri, 24 May 2002 13:32:33 -0700
27. Question regarding authentication under SSL
"Michael Caplan" <michael at social-ecology dot org>
Fri, 24 May 2002 19:05:49 -0400
28. RE: Configuring Qpopper with SSL and APOP
Randall Gellens <randy at qualcomm dot com>
Fri, 24 May 2002 16:32:25 -0700
29. Re: Question regarding authentication under SSL
Randall Gellens <randy at qualcomm dot com>
Fri, 24 May 2002 16:35:16 -0700
30. Re: self-signed certs w/ POP3/SSL outlook express 6.0 and netscape 6.2.2
Brian C Hill <bchill at bch dot net>
Sun, 26 May 2002 12:30:00 -0700
31. POP with auth file
Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Mon, 27 May 2002 13:24:22 +0200
32. Blocking group
"Vitor de Matos Carvalho" <vitor at softinfo.com dot br>
Mon, 27 May 2002 14:32:53 -0300
33. Re: Blocking group
peter.allen at moon-light.co dot uk
Mon, 27 May 2002 19:06:50 +0100
34. Re: self-signed certs w/ POP3/SSL outlook express 6.0 and netscape 6.2.2
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Mon, 27 May 2002 14:01:00 -0700
35. Mail into /var/spool/$SUBDIR/user
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Mon, 27 May 2002 14:08:56 -0700
36. Re: Mail into /var/spool/$SUBDIR/user
James Sneeringer <james+qpopper at vincentsystems dot com>
Mon, 27 May 2002 20:07:03 -0500
37. Re: Blocking group
Alan Brown <alanb at digistar dot com>
Tue, 28 May 2002 04:13:04 -0400 (EDT)
38. Re: Mail into /var/spool/$SUBDIR/user
Alan Brown <alanb at digistar dot com>
Tue, 28 May 2002 04:38:04 -0400 (EDT)
39. Re: Blocking group
peter.allen at moon-light.co dot uk
Tue, 28 May 2002 10:26:03 +0100
40. Re: Blocking group
Alan Brown <alanb at digistar dot com>
Tue, 28 May 2002 06:27:58 -0400 (EDT)
41. Re: Blocking group
peter.allen at moon-light.co dot uk
Tue, 28 May 2002 11:33:32 +0100
42. Re: Spool older than cache file error
Eric Luyten <Eric.Luyten at vub.ac dot be>
Wed, 29 May 2002 13:50:46 +0200 (MET DST)
43. Re: Spool older than cache file error
Alan Brown <alanb at digistar dot com>
Wed, 29 May 2002 08:08:20 -0400 (EDT)
44. 30 Seconds to Authenticate -- And all I got was this lousy T-Shirt
Paul Oliver <paul at paultastic dot com>
29 May 2002 07:58:15 -0500
45. Errors With POP Polling
"Michael Caplan" <michael at social-ecology dot org>
Wed, 29 May 2002 09:50:23 -0400
46. Re: 30 Seconds to Authenticate -- And all I got was this lousy T-Shirt
Paul Oliver <paul at paultastic dot com>
Wed, 29 May 2002 09:14:39 -0500
47. Re: Spool older than cache file error
Randall Gellens <randy at qualcomm dot com>
Wed, 29 May 2002 11:34:17 -0700
48. Multiple pop boxes ?
"James Wilson" <tau at j2w.co dot uk>
Thu, 30 May 2002 10:35:39 +0100 (BST)
49. Webmail using qpopper. Imap option.
"Roman" <roman at izhal dot com>
Thu, 30 May 2002 08:16:32 -0300 (ART)
50. Re: Webmail using qpopper. Imap option.
Drew <drew at patash.com dot au>
Thu, 30 May 2002 21:52:18 +1000
Subject: Re: RedHat 7.2 / Qpopper 404
From: Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Date: Wed, 22 May 2002 13:59:52 +0200
Now it's working, I just had to correct my typing at the line
server = /usr/local/sbin/qpopper
to
server = /usr/local/sbin/popper
Thank's for you're help.
Best Regards
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Leif Tolfsen
Elkem ASA Shared Services
ITS Operations
Phone :+47 3801 7131 /+47 906 62 424
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Date: Wed, 22 May 2002 21:23:23 +1000
From: Drew <drew at patash.com dot au>
Subject: Re: RedHat 7.2 / Qpopper 404
--------------7D2961FC3BA814A7663E5AED
Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353"
Content-Transfer-Encoding: 7bit
Redhat 7.2 uses xinetd, config files are in /etc/xinetd.d you will need to create a file like this. You can cal it something like ipop3. Then you need to run the command
chkconfig --level 345 ipop3 on and /sbin/services xinetd restart.
Ypu should also read the man page on xinetd and xinetd.conf
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service pop3
{
disable = no
socket_type = stream
protocol = tcp
port = 110
wait = no
flags = NAMEINARGS
user = root
server = /usr/sbin/popper
server_args = qpopper -s
}
Andrew
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> Hi
> When I installed qpopper on Redhat7.2 I couldn't find /etc/inetd.conf ?
> Anyone know where to pu the line that's read
>
> pop stream tcp nowait ............................ ?
>
> mvh
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Leif Tolfsen
> Elkem ASA Shared Services
> ITS Operations
> Phone :+47 3801 7131 /+47 906 62 424
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------7D2961FC3BA814A7663E5AED
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Redhat 7.2 uses xinetd, config files are in /etc/xinetd.d you will need
to create a file like this. You can cal it something like ipop3. Then you
need to run the command <b>chkconfig --level 345 ipop3 on</b> and <b>/sbin/services
xinetd restart.</b><b></b>
<p>Ypu should also read the man page on xinetd and xinetd.conf
<p># default: on
<br># description: The telnet server serves telnet sessions; it uses \
<br># unencrypted username/password
pairs for authentication.
<br>service pop3
<br>{
<br> disable = no
<br> socket_type
= stream
<br> protocol
= tcp
<br> port
= 110
<br> wait
= no
<br> flags
= NAMEINARGS
<br> user
= root
<br> server
= /usr/sbin/popper
<br> server_args
= qpopper -s
<br>}
<br>
<p>Andrew
<p>Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
<blockquote TYPE=CITE>Hi
<br>When I installed qpopper on Redhat7.2 I couldn't find /etc/inetd.conf
?
<br>Anyone know where to pu the line that's read
<p>pop stream tcp nowait ............................
?
<p>mvh
<br>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<p>Leif Tolfsen
<br>Elkem ASA Shared Services
<br>ITS Operations
<br>Phone :+47 3801 7131 /+47 906 62 424
<br>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------</blockquote>
</html>
--------------7D2961FC3BA814A7663E5AED--
Date: Wed, 22 May 2002 22:33:24 +1000
From: Drew <drew at patash.com dot au>
Subject: Re: RedHat 7.2 / Qpopper 404
You will need to run
chkconfig --level 345 pop3 on
to switch pop3 on the run levels 3 4 and 5 and then
/sbin/services xinetd restart
to restart xinetd
You can also run
chkconfig --list pop3
Should come back with on
You may need to add a line to hosts.allow, although I didn't and its working.
Andrew
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> Thank's for all the respond.
>
> I made this file pop3 in the xinetd.d :
>
> #popper config file for xinetd
> service pop-3
> {
> disable = no
> socket_type = stream
> protocol = tcp
> port = 110
> wait = no
> flags = NAMEINARGS
> user = root
> server = /usr/local/sbin/qpopper
> server_args = qpopper -s
>
> Then i restarted ran service xinetd restart
>
> When I ran netstat -l I couldn't see the service ?
>
> Couldn't run telnet localhost pop, connection refused, then I know the 110
> port isn't running
>
> mvh
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Leif Tolfsen
> Elkem ASA Shared Services
> ITS Operations
> Phone :+47 3801 7131 /+47 906 62 424
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> Drew
> <drew at patash.c To: Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
> om.au> cc: Subscribers of Qpopper <qpopper at lists.pensive dot org>
> Subject: Re: RedHat 7.2 / Qpopper 404
> 22.05.02 13:23
> Please respond
> to drew
>
>
>
> Redhat 7.2 uses xinetd, config files are in /etc/xinetd.d you will need to
> create a file like this. You can cal it something like ipop3. Then you need
> to run the command chkconfig --level 345 ipop3 on and /sbin/services xinetd
> restart.
>
> Ypu should also read the man page on xinetd and xinetd.conf
>
> # default: on
> # description: The telnet server serves telnet sessions; it uses \
> # unencrypted username/password pairs for authentication.
> service pop3
> {
> disable = no
> socket_type = stream
> protocol = tcp
> port = 110
> wait = no
> flags = NAMEINARGS
> user = root
> server = /usr/sbin/popper
> server_args = qpopper -s
> }
>
> Andrew
>
> Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote: Hi
> When I installed qpopper on Redhat7.2 I couldn't find /etc/inetd.conf ?
> Anyone know where to pu the line that's read
>
> pop stream tcp nowait ............................ ?
>
> mvh
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Leif Tolfsen
> Elkem ASA Shared Services
> ITS Operations
> Phone :+47 3801 7131 /+47 906 62 424
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Date: Wed, 22 May 2002 22:39:46 +1000
From: Drew <drew at patash.com dot au>
Subject: Re: RedHat 7.2 / Qpopper 404
I've just notice, unless you have renamed the daemon this line needs to be
server = /usr/local/sbin/popper
as popper is what its name is, you are best to check and make sure popper is in the /usr/local/sbin directory as well.
Andrew
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> Thank's for all the respond.
>
> I made this file pop3 in the xinetd.d :
>
> #popper config file for xinetd
> service pop-3
> {
> disable = no
> socket_type = stream
> protocol = tcp
> port = 110
> wait = no
> flags = NAMEINARGS
> user = root
> server = /usr/local/sbin/qpopper
> server_args = qpopper -s
>
> Then i restarted ran service xinetd restart
>
> When I ran netstat -l I couldn't see the service ?
>
> Couldn't run telnet localhost pop, connection refused, then I know the 110
> port isn't running
>
> mvh
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Leif Tolfsen
> Elkem ASA Shared Services
> ITS Operations
> Phone :+47 3801 7131 /+47 906 62 424
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> Drew
> <drew at patash.c To: Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
> om.au> cc: Subscribers of Qpopper <qpopper at lists.pensive dot org>
> Subject: Re: RedHat 7.2 / Qpopper 404
> 22.05.02 13:23
> Please respond
> to drew
>
>
>
> Redhat 7.2 uses xinetd, config files are in /etc/xinetd.d you will need to
> create a file like this. You can cal it something like ipop3. Then you need
> to run the command chkconfig --level 345 ipop3 on and /sbin/services xinetd
> restart.
>
> Ypu should also read the man page on xinetd and xinetd.conf
>
> # default: on
> # description: The telnet server serves telnet sessions; it uses \
> # unencrypted username/password pairs for authentication.
> service pop3
> {
> disable = no
> socket_type = stream
> protocol = tcp
> port = 110
> wait = no
> flags = NAMEINARGS
> user = root
> server = /usr/sbin/popper
> server_args = qpopper -s
> }
>
> Andrew
>
> Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote: Hi
> When I installed qpopper on Redhat7.2 I couldn't find /etc/inetd.conf ?
> Anyone know where to pu the line that's read
>
> pop stream tcp nowait ............................ ?
>
> mvh
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Leif Tolfsen
> Elkem ASA Shared Services
> ITS Operations
> Phone :+47 3801 7131 /+47 906 62 424
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Subject: Re: RedHat 7.2 / Qpopper 404
From: Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Date: Wed, 22 May 2002 14:47:03 +0200
You're right, my typo is good.
It's working fine now.... jepp
mvh
-----------------------------------------------------------------------
-----------------------------------------------------------------------
------------------------------
Leif Tolfsen
Elkem ASA Shared Services
ITS Operations
Phone :+47 3801 7131 /+47 906 62 424
-----------------------------------------------------------------------
-----------------------------------------------------------------------
------------------------------
Drew
<drew at patash dot c To: Leif_Tolfsen/ERE/EUR/E
LKEM at elkem dot no
om.au> cc: Subscribers of Qpopper
<qpopper at lists.pensive dot org>
Subject: Re: RedHat 7.2 /
Qpopper 404
22.05.02 14:39
Please respond
to drew
I've just notice, unless you have renamed the daemon this line needs to
be
server = /usr/local/sbin/popper
as popper is what its name is, you are best to check and make sure popp
er
is in the /usr/local/sbin directory as well.
Andrew
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> Thank's for all the respond.
>
> I made this file pop3 in the xinetd.d :
>
> #popper config file for xinetd
> service pop-3
> {
> disable = no
> socket_type = stream
> protocol = tcp
> port = 110
> wait = no
> flags = NAMEINARGS
> user = root
> server = /usr/local/sbin/qpopper
> server_args = qpopper -s
>
> Then i restarted ran service xinetd restart
>
> When I ran netstat -l I couldn't see the service ?
>
> Couldn't run telnet localhost pop, connection refused, then I know th
e
110
> port isn't running
>
> mvh
>
-----------------------------------------------------------------------
-----------------------------------------------------------------------
------------------------------
>
> Leif Tolfsen
> Elkem ASA Shared Services
> ITS Operations
> Phone :+47 3801 7131 /+47 906 62 424
>
-----------------------------------------------------------------------
-----------------------------------------------------------------------
------------------------------
>
>
> Drew
> <drew at patash dot c To:
Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
> om.au> cc: Subscribers of Qpopp
er
<qpopper at lists.pensive dot org>
> Subject: Re: RedHat 7.2
/
Qpopper 404
> 22.05.02 13:23
> Please respond
> to drew
>
>
>
> Redhat 7.2 uses xinetd, config files are in /etc/xinetd.d you will ne
ed
to
> create a file like this. You can cal it something like ipop3. Then yo
u
need
> to run the command chkconfig --level 345 ipop3 on and /sbin/services
xinetd
> restart.
>
> Ypu should also read the man page on xinetd and xinetd.conf
>
> # default: on
> # description: The telnet server serves telnet sessions; it uses \
> #=A0=A0=A0=A0=A0=A0 unencrypted username/password pairs for authentic
ation.
> service pop3
> {
> =A0=A0=A0=A0=A0=A0=A0 disable = no
> =A0=A0=A0=A0=A0=A0=A0 socket_type=A0=A0=A0=A0 = stream
> =A0=A0=A0=A0=A0=A0=A0 protocol=A0=A0=A0=A0=A0=A0=A0 = tcp
> =A0=A0=A0=A0=A0=A0=A0 port=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = 110
> =A0=A0=A0=A0=A0=A0=A0 wait=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = no
> =A0=A0=A0=A0=A0=A0=A0 flags=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = NAMEINA
RGS
> =A0=A0=A0=A0=A0=A0=A0 user=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = root
> =A0=A0=A0=A0=A0=A0=A0 server=A0=A0=A0=A0=A0=A0=A0=A0=A0 = /usr/sbin
/popper
> =A0=A0=A0=A0=A0=A0=A0 server_args=A0=A0=A0=A0 = qpopper -s
> }
>
> Andrew
>
> Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote: Hi
> When I installed qpopper on Redhat7.2 I couldn't find /etc/inetd.conf
?
> Anyone know where to pu the line that's read
>
> pop stream tcp nowait ............................=A0=A0=A0 ?
>
> mvh
>
-----------------------------------------------------------------------
-----------------------------------------------------------------------
------------------------------
>
> Leif Tolfsen
> Elkem ASA Shared Services
> ITS Operations
> Phone :+47 3801 7131 /+47 906 62 424
>
-----------------------------------------------------------------------
-----------------------------------------------------------------------
------------------------------
From: Jason Davis <jason.davis at regalcinemedia dot com>
Subject: new box, first qpopper install
Date: Wed, 22 May 2002 12:17:48 -0600
Finally I have my dream of installing and configuring a system from the
ground up... but it's not going well :)
The ./configure runs now, that I have made some links to programs not in the
$PATH and installed gcc.... but the make is not finishing. Below is the out
put of make... is it possible to tell what I am doing wrong? Is there some
thing done to every sun box during an expert's setup that I am missing...
remember I forgot to install gcc until after trying to run ./configure....
# make
cd ./popper && make all
gcc -c -I.. -I.. -I. \
-I../mmangle -I../common \
-g -O2 -fpcc-struct-return -DHAVE_CONFIG_H -DSOLARIS2 -DGNU_PASS
-DNO_GETLINE -DCONTENT_LENGTH=1 -DUNIX pop_init.c -o pop_init.o
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1721: error: unknown opcode
".subsection"
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1721: error: statement syntax
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1729: error: unknown opcode
".previous"
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1729: error: statement syntax
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1730: error: unknown opcode
".subsection"
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1730: error: statement syntax
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1788: error: unknown opcode
".previous"
/usr/ccs/bin/as: "/var/tmp/cc9VTCz9.s", line 1788: error: statement syntax
*** Error code 1
make: Fatal error: Command failed for target `pop_init.o' Current working
directory /export/spare/home/jd/utl/qpopper4.0.4/popper
*** Error code 1
make: Fatal error: Command failed for target `popper_server'
thanks
--jd
Subject: Qpopper-Outlook-Sendmail
From: Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Date: Thu, 23 May 2002 11:43:56 +0200
Qpopper works fine since yeasterday, I configured Outlook Express to fetch
mail from my redhat7.2, that works fine, but when I tried to send mail
from outlook trough Redhat it stops, sendmail (8.11) wouldn't relay mail
from my 192.168.0.10 machine.
In etc/mail/access I have put in 192.168.0.10 RELAY
When I start pine on Redhat it work's fine I send and receive, but not from
Outlook.
Anyone had the same problem ?
I have to mahine behind a firewall, one Win2000 (with outlook) and one
Redhat7.2 (www, sendmail, qpopper)
Best Regards
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Leif Tolfsen
Elkem ASA Shared Services
ITS Operations&Administration
Phone :+47 3801 7131 /+47 906 62 424
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Date: Thu, 23 May 2002 11:13:39 +0100
From: peter.allen at moon-light.co dot uk
Subject: Re: Qpopper-Outlook-Sendmail
I think that you need to gather a little more information from your RedHat
server, and especially how it is talking with the W2000 box.
What do its logs say when you try to send mail through it?
Is relaying working OK now?
Is it running a firewall itself, and if so will this accept incoming
connections from your W2000 PC?
In case Outlook is causing the problem, you could always quickly install
Eudora and see how that is.
Happy hunting
Peter
At 11:43 23/05/02 +0200, Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
>Qpopper works fine since yeasterday, I configured Outlook Express to fetch
>mail from my redhat7.2, that works fine, but when I tried to send mail
>from outlook trough Redhat it stops, sendmail (8.11) wouldn't relay mail
>from my 192.168.0.10 machine.
>
>In etc/mail/access I have put in 192.168.0.10 RELAY
>
>When I start pine on Redhat it work's fine I send and receive, but not from
>Outlook.
>
>Anyone had the same problem ?
>
>
> I have to mahine behind a firewall, one Win2000 (with outlook) and one
>Redhat7.2 (www, sendmail, qpopper)
>
>Best Regards
>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>Leif Tolfsen
>Elkem ASA Shared Services
>ITS Operations&Administration
>Phone :+47 3801 7131 /+47 906 62 424
>----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Subject: Re: Qpopper-Outlook-Sendmail
From: Kenneth Porter <shiva at well dot com>
Date: 23 May 2002 03:36:13 -0700
On Thu, 2002-05-23 at 02:43, Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> Qpopper works fine since yeasterday, I configured Outlook Express to fetch
> mail from my redhat7.2, that works fine, but when I tried to send mail
> from outlook trough Redhat it stops, sendmail (8.11) wouldn't relay mail
> from my 192.168.0.10 machine.
See the Red Hat release notes and the /etc/mail/sendmail.mc file.
Subject: Re: Qpopper-Outlook-Sendmail
From: Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no
Date: Thu, 23 May 2002 13:46:35 +0200
makemap hash /etc/mail/access < /etc/mail/access
This was the solution :-)
mvh
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Leif Tolfsen
Elkem ASA Shared Services
ITS Operations
Phone :+47 3801 7131 /+47 906 62 424
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Kenneth Porter
<shiva at well.co To: Subscribers of Qpopper <qpopper at lists dot pensive dot org>
m> cc:
Subject: Re: Qpopper-Outlook-Sendmail
23.05.02 12:36
On Thu, 2002-05-23 at 02:43, Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> Qpopper works fine since yeasterday, I configured Outlook Express to
fetch
> mail from my redhat7.2, that works fine, but when I tried to send mail
> from outlook trough Redhat it stops, sendmail (8.11) wouldn't relay mail
> from my 192.168.0.10 machine.
See the Red Hat release notes and the /etc/mail/sendmail.mc file.
From: "Michael Caplan" <michael at social-ecology dot org>
Subject: RE: Configuring Qpopper with SSL and APOP
Date: Thu, 23 May 2002 08:28:35 -0400
I am still working through an install of qpopper that runs either APOP or
SSL. I am having a few problems, and can't find the answers I need in the
mailing list archive. I was hoping folks on the list can shed some light.
The goal that we are seeking is APOP authentication on port 110, and TLS/SSL
authentication on 995. I have been successful with configuring Qpopper with
APOP and TSL/SSL (I can connect with Eudora with APOP authentication and
TSL/SSL), but I can not get the two to work exclusively.
When connecting with Outlook (which only supports TSL/SSL, the pop.log
reports the following:
May 23 05:17:28.295 2002 [8680] (v4.0.4) TLSv1/SSLv3 handshake with client
at x.x.x.x (x.x.x.x); new session-id; cipher: RC4-MD5 (RC4-MD5 SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=MD5 ), 128 bits
May 23 05:17:28.295 2002
May 23 05:17:28.695 2002 [8680] ise at x.x.x.x (x.x.x.x): -ERR [AUTH] You
must use stronger authentication such as AUTH or APOP to connect to this
server
May 23 05:17:28.695 2002
May 23 05:17:28.820 2002 [8680] I/O Error
May 23 05:17:28.820 2002
May 23 05:17:28.872 2002 [8680] ise at x.x.x.x (x.x.x.x): -ERR POP EOF or
I/O Error
May 23 05:17:28.872 2002
May 23 05:17:28.873 2002 [8680] TLS shutdown Error
Any ideas? Below are some of my configs:
Thanks, Michael
Qpopper make:
./configure --enable-apop=/usr/local/etc/qpopper/pop.auth --enable-nonauth-
file=/usr/local/etc/qpopper/popusers --with-apopuid=pop --without-gdbm --ena
ble-keep-temp-drop --with-openssl=/usr --prefix=/usr/local/
Inetd.conf:
pop3 stream tcp nowait root /usr/local/libexec/qpopper
qpopper -d -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log
pop3s stream tcp nowait root /usr/local/libexec/qpopper
qpopper -d -p 2 -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log
pop.options:
set debug
set tls-private-key-file = '/etc/mail/certs/key.pem'
set tls-server-cert-file = '/etc/mail/certs/cert.pem'
set tls-support = stls
set log-facility = local0
set tls-support = alternate-port
set clear-text-password = tls
set chunky-writes = tls
Date: Thu, 23 May 2002 08:45:18 -0400 (EDT)
From: Chip Old <fold at bcpl dot net>
Subject: Re: Qpopper-Outlook-Sendmail
On Thu, 23 May 2002, Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote to...:
> Qpopper works fine since yeasterday, I configured Outlook Express to
> fetch mail from my redhat7.2, that works fine, but when I tried to send
> mail from outlook trough Redhat it stops, sendmail (8.11) wouldn't relay
> mail from my 192.168.0.10 machine.
>
> In etc/mail/access I have put in 192.168.0.10 RELAY
>
> When I start pine on Redhat it work's fine I send and receive, but not
> from Outlook.
Did you run makemap after adding that to /etc/mail/access?
Another way to do it is to add the IP address to /etc/mail/relay-domains,
then kill -HUP {sendmail_pid}.
--
Chip Old (Francis E. Old) E-Mail: fold at bcpl dot net
Manager, BCPL Network Services Phone: 410-887-6180
Manager, BCPL.NET Internet Services FAX: 410-887-2091
Baltimore County Public Library
320 York Road
Towson, MD 21204 USA
From: Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Subject: Re: Configuring Qpopper with SSL and APOP
Date: Thu, 23 May 2002 15:55:36 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le Jeudi 23 Mai 2002 14:28, Michael Caplan a écrit :
> I am still working through an install of qpopper that runs either APOP or
> SSL. I am having a few problems, and can't find the answers I need in the
> mailing list archive. I was hoping folks on the list can shed some light.
>
> The goal that we are seeking is APOP authentication on port 110, and
> TLS/SSL authentication on 995. I have been successful with configuring
> Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP
> authentication and TSL/SSL), but I can not get the two to work exclusively.
Hello,
I have the same pb. I cannot use APOP/SSL and APOP only. Qpopper documentation
says that SSL and normal connection can use the same port. Anyone manage to
get SSL and no-SSL on the same port ?
With set tls-support = stls, i only have normal connection.
With set tls-support = alternate-port, i only have ssl connection...
- --
Sebastien
____________________________________
Ce qui manque aux orateurs en profondeur, ils vous le donnent en longueur.
Montesquieu, Mes pensées
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE87PTYuEQdRawm7bcRAkxkAKCMAf33zSOSFxQbO5xhsOGN7rfFrQCeIrSh
o3b0jBt/cUhbuNu1G+H1V2c
=8gYt
-----END PGP SIGNATURE-----
Date: Thu, 23 May 2002 10:11:58 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: Configuring Qpopper with SSL and APOP
At 09:55 AM 5/23/02, Sebastien Renard wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Le Jeudi 23 Mai 2002 14:28, Michael Caplan a écrit :
> > I am still working through an install of qpopper that runs either APOP
or
> > SSL. I am having a few problems, and can't find the answers I need in
the
> > mailing list archive. I was hoping folks on the list can shed some
light.
> >
> > The goal that we are seeking is APOP authentication on port 110, and
> > TLS/SSL authentication on 995. I have been successful with configuring
> > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP
> > authentication and TSL/SSL), but I can not get the two to work
exclusively.
>
>Hello,
>
>I have the same pb. I cannot use APOP/SSL and APOP only. Qpopper
>documentation
>says that SSL and normal connection can use the same port. Anyone manage
to
>get SSL and no-SSL on the same port ?
Let me preface this by saying I don't use APOP.
>With set tls-support = stls, i only have normal connection.
We use this setup, on port 110, and client mail programs which understand
STARTTLS work perfectly.
>With set tls-support = alternate-port, i only have ssl connection...
We use this setup on port 995, for dumb mail clients that don't understand
STARTTLS (Microsoft, are your ears burning?) and that works perfectly.
>- --
>Sebastien
>____________________________________
>Ce qui manque aux orateurs en profondeur, ils vous le donnent en longueur.
>Montesquieu, Mes pensées
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.7 (GNU/Linux)
>
>iD8DBQE87PTYuEQdRawm7bcRAkxkAKCMAf33zSOSFxQbO5xhsOGN7rfFrQCeIrSh
>o3b0jBt/cUhbuNu1G+H1V2c
>=8gYt
>-----END PGP SIGNATURE-----
-----------------------------------------------------------------
Daniel Senie dts at senie dot com
Amaranth Networks Inc. http://www.amaranth.com
From: Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Subject: Re: Configuring Qpopper with SSL and APOP
Date: Thu, 23 May 2002 16:21:38 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le Jeudi 23 Mai 2002 16:11, Daniel Senie a écrit :
> >With set tls-support = stls, i only have normal connection.
>
> We use this setup, on port 110, and client mail programs which understand
> STARTTLS work perfectly.
>
> >With set tls-support = alternate-port, i only have ssl connection...
>
> We use this setup on port 995, for dumb mail clients that don't understand
> STARTTLS (Microsoft, are your ears burning?) and that works perfectly.
Well, I use kmail, which support ssl and tls.
With Qpopper tls never work, i can only use ssl (ssl v3 is equivalent to tls
v1 no ?). Maybe this is the pb ? I compile qpopper with openssl 0.9.6.
- --
Sebastien
____________________________________
Linux est obsolète. Andrew Tanenbaum
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE87PrzuEQdRawm7bcRAqOxAJ4qRO8yyRBJ9t4gOc5CzhjhXGIvlwCfa3NR
A6T9kc6P6ylPQKg/KPUksj8
=KDb+
-----END PGP SIGNATURE-----
From: Jason Jin <jason at dataprompt dot com>
Subject: RE: outlook got duplicate emails after upgrade
Date: Thu, 23 May 2002 11:19:24 -0400 (EDT)
I have our pop3 server upgrade from 2.x to 4.0.3 on solaris 2.6 lately,
unfortunately some outlook client will get duplicate messages afterwards,,if
it was configured to "leave message on the server" after download.
Reading through the previous posting on web seem indicated this is a i
outlook issue,with regarding how the UIDL was handled. Howerver,
I'm wondering is there anything known solution or work around without
upgrading all the outlook clients.
Your advice and comments would be greatly appreciated.
TIA,
jason ,
Date: Thu, 23 May 2002 16:40:01 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: new box, first qpopper install
At 12:17 PM -0600 5/22/02, Jason Davis wrote:
> remember I forgot to install gcc until after trying to run ./configure...
Then you need to re-run ./configure, after doing a 'make realclean'
to make sure there is no leftover configuration information. Or just
delete 'config.log' and 'config.status' and config.cache'.
Date: Thu, 23 May 2002 16:44:08 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: RE: Configuring Qpopper with SSL and APOP
At 8:28 AM -0400 5/23/02, Michael Caplan wrote:
> The goal that we are seeking is APOP authentication on port 110, and TLS/SSL
> authentication on 995. I have been successful with configuring Qpopper with
> APOP and TSL/SSL (I can connect with Eudora with APOP authentication and
> TSL/SSL), but I can not get the two to work exclusively.
In the Qpopper running on port 110, set clear-text-password to never.
In the Qpopper running on 995, set tls to alternate-port.
Subject: [Fwd: Re: Qpopper-Outlook-Sendmail]
From: Kenneth Porter <shiva at well dot com>
Date: 23 May 2002 19:06:41 -0700
This was mistakenly sent to me, not the list.
I believe the default RH7 sendmail configuration (/etc/mail/sendmail.mc)
does not listen on external interfaces.
-----Forwarded Message-----
From: Sebastian Lagemann <lagemann at st-oneline dot net>
To: Kenneth Porter <shiva at well dot com>
Subject: Re: Qpopper-Outlook-Sendmail
Date: 23 May 2002 13:27:15 +0200
Am Donnerstag, 23. Mai 2002 12:36 schrieben Sie:
> On Thu, 2002-05-23 at 02:43, Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> > Qpopper works fine since yeasterday, I configured Outlook Express to
> > fetch mail from my redhat7.2, that works fine, but when I tried to send
> > mail from outlook trough Redhat it stops, sendmail (8.11) wouldn't relay
> > mail from my 192.168.0.10 machine.
>
> See the Red Hat release notes and the /etc/mail/sendmail.mc file.
There are two ways, to resolve this problem.
The first one:
Edit /etc/mail/allow and add there your e-Mail adress. Then you have to
run the program /usr/sbin/makemap (makemap hash /etc/mail/allow.db
</etc/mail/allow). This will allow you to send e-Mails only from your e-mail
adress.
Second one:
Edit /etc/mail/LocalIP (if doesn't exist, create it) and add there your first
class C network ip (192.168.0). This will allow you to send e-Mails from
every pc with ip adress 192.168.0.x
You have to restartet the sendmail daemon, to apply the changes.
Regards,
Sebastian Lagemann
--
*** ST-oneline InterNet Service Provider GmbH, Hovesaatstr. 6 ***
* D-48432 Rheine, Tel. +49 5971 808255, Fax: +49 5971 8082579 *
*** eMail: lagemann at st-oneline.net WEB: http://www.st-oneline dot net ***
From: Jason Davis <jason.davis at regalcinemedia dot com>
Subject: RE: new box, first qpopper install
Date: Thu, 23 May 2002 20:10:24 -0600
After forgetting about gcc I had run a make realclean... And have run the
./configure again... And still get to where I am.
Thank you... I think Brian C. Hill might be onto some thing,
>>> Your gcc says it is built to use gnu as
(--with-as=/usr/local/bin/as), but the gcc in this scenario is running
>>> /usr/ccs/bin/as (the Sun as). Maybe you have 2 versions of
>>> gcc floating around? Anyway, that looks suspicious to me.
So I am going to look at that.
Thank you both for looking at this (and any one else who might be)
--jd
-----Original Message-----
From: Randall Gellens [mailto:randy at qualcomm dot com]
Sent: Thursday, May 23, 2002 5:40 PM
To: Jason Davis; Subscribers of Qpopper
Subject: Re: new box, first qpopper install
At 12:17 PM -0600 5/22/02, Jason Davis wrote:
> remember I forgot to install gcc until after trying to run
> ./configure...
Then you need to re-run ./configure, after doing a 'make realclean'
to make sure there is no leftover configuration information. Or just
delete 'config.log' and 'config.status' and config.cache'.
From: Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Subject: Re: Configuring Qpopper with SSL and APOP
Date: Fri, 24 May 2002 10:10:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le Vendredi 24 Mai 2002 01:44, Randall Gellens a écrit :
> At 8:28 AM -0400 5/23/02, Michael Caplan wrote:
> > The goal that we are seeking is APOP authentication on port 110, and
> > TLS/SSL authentication on 995. I have been successful with configuring
> > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP
> > authentication and TSL/SSL), but I can not get the two to work
> > exclusively.
>
> In the Qpopper running on port 110, set clear-text-password to never.
> In the Qpopper running on 995, set tls to alternate-port.
There's two qpopper running ? With two entries in inetd.conf ?
- --
Sebastien
____________________________________
Là où l'on brûle des livre, on finira par brûler des hommes.
Heinrich Heine ( 1797-1856 )
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE87fVduEQdRawm7bcRAjcGAKCqYkPd2lHf7McKNTk00D3F4Caz1gCfRvkW
y9zA5XMzNNdZUOa+/VusLm8
=GgQK
-----END PGP SIGNATURE-----
Date: Fri, 24 May 2002 10:47:40 +0200
From: Matthias Keller <matti at keller dot com>
Subject: transparent PAM?
Hi
I'm very new to popper; I just set up sendmail and qpopper (newest
release 4) on my SuSE linux and after some hours of trying I brought it
to do what I want it to...
I enabled PAM for authentication and my additional request was to only
allow specific groups to POP since I want to limit everything on my box
to just those users who really need it....
After some readings of PAM-Docs I wrote my own /etc/pam.d/pop3:
account requisite /lib/security/pam_unix.so no_warn
auth requisite /lib/security/pam_unix.so no_warn
auth requisite /lib/security/pam_listfile.so \
onerr=fail item=group sense=allow
file=/etc/mail/qpopper.groups.allow
password requisite /lib/security/pam_unix.so use_authtok md5 no_warn
session requisite /lib/security/pam_unix.so no_warn
This does exactly what I want, BUT I hate those ugly PAM-Errors getting
to the POP3-Client when there's no success!
What I'd like to have:
valid user, valid password, user is allowed to login:
as it is now, PAM says nothing, user is logged in with a short message
from qpopper
invalid user OR invalid password (user not allowed to login):
now: PAM gives to DIFFERENT errors when trying to login with a blocked
but existing user and when trying to login with a nonexisting user (I
dont want this enumeration possibility).
what i'd like: QPOPPER gives an error like "Access denied" or some
other general deny-warning and there's NO line like:
-ERR [AUTH] PAM authentication failed for user "mindblow.ch":
Authentication failure (7)
(blocked user or allowed user with wrong pass)
-ERR [AUTH] Password supplied for "kasldkd" is incorrect.
(nonexistent user)
Any idea how this could be done? Perhaps it's also a PAM Issue but I now
only understand the very basics of PAM so I didn't find any further
options....
Thanks a lot!!
Matt
From: "Michael Caplan" <michael at social-ecology dot org>
Subject: RE: Configuring Qpopper with SSL and APOP
Date: Fri, 24 May 2002 05:33:34 -0400
I reconfigured Qpopper with just OpenSSL support and I'm still getting the
following error when connecting with Outlook:
-ERR [AUTH] You must use stronger authentication such as AUTH or APOP to
connect to this server
inetd.conf looks like this:
pop3 stream tcp nowait root /usr/local/libexec/qpopper
qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log
pop3s stream tcp nowait root /usr/local/libexec/qpopper
qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log
and pop.options:
set debug
set tls-private-key-file = '/etc/mail/certs/key.pem'
set tls-server-cert-file = '/etc/mail/certs/cert.pem'
set tls-support = stls
set log-facility = local0
set tls-support = alternate-port
set clear-text-password = tls
set chunky-writes = tls
Shouldn't this do the trick?
Thanks,
Michael
-----Original Message-----
From: Randall Gellens [mailto:randy at qualcomm dot com]
Sent: Thursday, May 23, 2002 7:44 PM
To: Michael Caplan; Subscribers of Qpopper
Subject: RE: Configuring Qpopper with SSL and APOP
At 8:28 AM -0400 5/23/02, Michael Caplan wrote:
> The goal that we are seeking is APOP authentication on port 110, and
TLS/SSL
> authentication on 995. I have been successful with configuring Qpopper
with
> APOP and TSL/SSL (I can connect with Eudora with APOP authentication and
> TSL/SSL), but I can not get the two to work exclusively.
In the Qpopper running on port 110, set clear-text-password to never.
In the Qpopper running on 995, set tls to alternate-port.
Date: Fri, 24 May 2002 12:27:38 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Configuring Qpopper with SSL and APOP
At 10:10 AM +0200 5/24/02, Sebastien Renard wrote:
> > At 8:28 AM -0400 5/23/02, Michael Caplan wrote:
>> > The goal that we are seeking is APOP authentication on port 110, and
>> > TLS/SSL authentication on 995. I have been successful with configuring
>> > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP
>> > authentication and TSL/SSL), but I can not get the two to work
>> > exclusively.
>>
> > In the Qpopper running on port 110, set clear-text-password to never.
>> In the Qpopper running on 995, set tls to alternate-port.
>
> There's two qpopper running ? With two entries in inetd.conf ?
You need one instance of Qpopper per port. You configure each to
behave as you want.
Date: Fri, 24 May 2002 13:30:16 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Outlook got duplicate emails after upgrade
Quoting Jason Jin (jason at dataprompt dot com):
> I have our pop3 server upgrade from 2.x to 4.0.3 on solaris 2.6 lately,
Now, about Solaris 2.8 or the soon to come out Solaris 2.9....
> unfortunately some outlook client will get duplicate messages afterwards,,if
> it was configured to "leave message on the server" after download.
>
> Reading through the previous posting on web seem indicated this is a i
> outlook issue,with regarding how the UIDL was handled. Howerver,
> I'm wondering is there anything known solution or work around without
> upgrading all the outlook clients.
The simple answer:
If you are not running up to date Outbreak^WOutLook clients, then you
have security risks. If Outlook is more than a couple months old,
then you are easily vulnerable to attack by messages that are out
there. You need to upgrade them anyhow.
If it's a corp environment where it's appropriate to leave messages
on server, then perhaps IMAP is the better answer. QPopper gets
slow when you are fighting large System 7 mailboxes (deleting message
2 requires a full rewrite of the box on quit) - over and over.
Other options: Don't leave the damn mail on server when using
such a broken client as Outlook.
Date: Fri, 24 May 2002 13:32:33 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: [Fwd: Re: Qpopper-Outlook-Sendmail]
Um, wrong answers for 2002. Proper sendmail (8.11 and 8.12) use
/etc/mail/access. Sendmail.org documents is a lot. Sendmail.com even
sells a product that manages sendmail and its config files.
The LocalIP files are out of date and icky.
Best to ask relay questions of a Sendmail list or comp.mail.sendmail
Quoting Kenneth Porter (shiva at well dot com):
> This was mistakenly sent to me, not the list.
>
> I believe the default RH7 sendmail configuration (/etc/mail/sendmail.mc)
> does not listen on external interfaces.
>
> -----Forwarded Message-----
>
> From: Sebastian Lagemann <lagemann at st-oneline dot net>
> To: Kenneth Porter <shiva at well dot com>
> Subject: Re: Qpopper-Outlook-Sendmail
> Date: 23 May 2002 13:27:15 +0200
>
> Am Donnerstag, 23. Mai 2002 12:36 schrieben Sie:
> > On Thu, 2002-05-23 at 02:43, Leif_Tolfsen/ERE/EUR/ELKEM at elkem dot no wrote:
> > > Qpopper works fine since yeasterday, I configured Outlook Express to
> > > fetch mail from my redhat7.2, that works fine, but when I tried to send
> > > mail from outlook trough Redhat it stops, sendmail (8.11) wouldn't relay
> > > mail from my 192.168.0.10 machine.
> >
> > See the Red Hat release notes and the /etc/mail/sendmail.mc file.
>
> There are two ways, to resolve this problem.
> The first one:
> Edit /etc/mail/allow and add there your e-Mail adress. Then you have to
> run the program /usr/sbin/makemap (makemap hash /etc/mail/allow.db
> </etc/mail/allow). This will allow you to send e-Mails only from your e-mail
> adress.
>
> Second one:
> Edit /etc/mail/LocalIP (if doesn't exist, create it) and add there your first
> class C network ip (192.168.0). This will allow you to send e-Mails from
> every pc with ip adress 192.168.0.x
>
> You have to restartet the sendmail daemon, to apply the changes.
>
> Regards,
>
> Sebastian Lagemann
>
> --
>
> *** ST-oneline InterNet Service Provider GmbH, Hovesaatstr. 6 ***
> * D-48432 Rheine, Tel. +49 5971 808255, Fax: +49 5971 8082579 *
> *** eMail: lagemann at st-oneline.net WEB: http://www.st-oneline dot net ***
>
>
From: "Michael Caplan" <michael at social-ecology dot org>
Subject: Question regarding authentication under SSL
Date: Fri, 24 May 2002 19:05:49 -0400
I finally managed to get qpopper running with SSL on 995 with the following
options:
set debug
set tls-private-key-file = '/etc/mail/certs/key.pem'
set tls-server-cert-file = '/etc/mail/certs/cert.pem'
set tls-support = alternate-port
set clear-text-password = always
Can someone clarify how authentication work with this setup? Specifically,
is a secure connection first negotiated, and then password authentication
takes place? Or is password authentication happening over a plain connection
before SSL creates its layer?
I don't want to be sending clear text passwords over the net if I can avoid
it. With the above config, clear-text-password = always does not look to
re-assuring even though tsl support is on.
Thanks,
Michael
-----Original Message-----
From: Randall Gellens [mailto:randy at qualcomm dot com]
Sent: Friday, May 24, 2002 3:28 PM
To: Sebastien Renard; Michael Caplan; Subscribers of Qpopper
Subject: Re: Configuring Qpopper with SSL and APOP
At 10:10 AM +0200 5/24/02, Sebastien Renard wrote:
> > At 8:28 AM -0400 5/23/02, Michael Caplan wrote:
>> > The goal that we are seeking is APOP authentication on port 110, and
>> > TLS/SSL authentication on 995. I have been successful with
configuring
>> > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP
>> > authentication and TSL/SSL), but I can not get the two to work
>> > exclusively.
>>
> > In the Qpopper running on port 110, set clear-text-password to never.
>> In the Qpopper running on 995, set tls to alternate-port.
>
> There's two qpopper running ? With two entries in inetd.conf ?
You need one instance of Qpopper per port. You configure each to
behave as you want.
Date: Fri, 24 May 2002 16:32:25 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: RE: Configuring Qpopper with SSL and APOP
At 5:33 AM -0400 5/24/02, Michael Caplan wrote:
> I reconfigured Qpopper with just OpenSSL support and I'm still getting the
> following error when connecting with Outlook:
>
> -ERR [AUTH] You must use stronger authentication such as AUTH or APOP to
> connect to this server
>
> inetd.conf looks like this:
>
> pop3 stream tcp nowait root /usr/local/libexec/qpopper
> qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log
> pop3s stream tcp nowait root /usr/local/libexec/qpopper
> qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log
>
> and pop.options:
>
> set debug
> set tls-private-key-file = '/etc/mail/certs/key.pem'
> set tls-server-cert-file = '/etc/mail/certs/cert.pem'
> set tls-support = stls
> set log-facility = local0
> set tls-support = alternate-port
> set clear-text-password = tls
> set chunky-writes = tls
>
> Shouldn't this do the trick?
>
> Thanks,
>
> Michael
Looks to me like the problem is that you've set tls support to stls,
which I think Outlook still doesn't support. Try enabling
alternate-port (*sigh*) on the Qpopper on port 995. Outlook should
use that instead of port 110, which can be used by smarter clients.
>
> -----Original Message-----
> From: Randall Gellens [mailto:randy at qualcomm dot com]
> Sent: Thursday, May 23, 2002 7:44 PM
> To: Michael Caplan; Subscribers of Qpopper
> Subject: RE: Configuring Qpopper with SSL and APOP
>
>
> At 8:28 AM -0400 5/23/02, Michael Caplan wrote:
>
>> The goal that we are seeking is APOP authentication on port 110, and
> TLS/SSL
>> authentication on 995. I have been successful with configuring Qpopper
> with
>> APOP and TSL/SSL (I can connect with Eudora with APOP authentication and
>> TSL/SSL), but I can not get the two to work exclusively.
>
> In the Qpopper running on port 110, set clear-text-password to never.
> In the Qpopper running on 995, set tls to alternate-port.
Date: Fri, 24 May 2002 16:35:16 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Question regarding authentication under SSL
At 7:05 PM -0400 5/24/02, Michael Caplan wrote:
> set clear-text-password = always
>
> Can someone clarify how authentication work with this setup? Specifically,
> is a secure connection first negotiated, and then password authentication
> takes place? Or is password authentication happening over a plain connection
> before SSL creates its layer?
>
> I don't want to be sending clear text passwords over the net if I can avoid
> it. With the above config, clear-text-password = always does not look to
> re-assuring even though tsl support is on.
That's right. You want clear-text-password to be tls, although,
since you have tls set to alternate-port, all connections must
negotiate tls, so the clear-text-password setting doesn't matter and
you're OK as is.
Date: Sun, 26 May 2002 12:30:00 -0700
From: Brian C Hill <bchill at bch dot net>
Subject: Re: self-signed certs w/ POP3/SSL outlook express 6.0 and netscape 6.2.2
I finally figured out the problem with both Netscape and OE by
reviewing Mark D. Baushke steps:
http://www.mail-archive.com/openssl-users at openssl.org/msg24931 dot html
It seems that the CA must sign itself first before it can be
used to sign other certs. Doing that fixed both the Netscape and the OE
problems (though the exact commands I used were a little different).
Now I can use self-signed certs without a lot grief for my
users.
Brian
=====================================================================
On Thu, May 02, 2002 at 11:18:36AM -0700, Brian C Hill wrote:
> Hello,
>
> Since I cannot find an answer to this particular problem
> anywhere (after looking of looking at easily more than 100 web site
> refs), I figure I must be doing something very obviously wrong. I have
> found a lot discussion, but nothing that has worked.
>
> I used the following procedure from qualcomm to generate a
> self-signed cert to use with qpopper 4.0.3:
>
> ## make CA
> # make private key
> openssl genrsa -des3 -out ca.key 1024
> # make public key (cert)
> openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> ## make private/pub key (cert)
> openssl req -new -nodes -out req.pem -keyout cert.pem
> ## sign cert with CA cert
> openssl x509 -req -CA ca.crt -CAkey ca.key \
> -days 365 -in req.pem -out signed-req.pem -CAcreateserial
> cat signed-req.pem >> cert.pem
> # set perms
> chmod 600 cert.pem
> chown root:0 cert.pem
>
> OE 5 had no problem with this at all.
>
> This works with OE 6, but no matter how I import the
> certificate, I cannot get OE to shut up about the cert not being
> verifiable. I assume that I should be importing the CA cert that I
> generated into the root store. Is that not right? I saw one reference
> to problems with the name being a CNAME, which mine is, but that seems
> suspicious.
>
> Netscape 6.2.2 says that the connection was refused but
> qpopper's syslog entries clearly show a connection. The real problem
> seems to be that Netscape doesn't like the certificate. I 'restoring'
> the cert into the Netscape, but it doesn't like it. The syslog output:
>
> May 2 11:12:05 host.domain.tld /usr/pkg/qpopper/sbin/popper[15111]: [ID 702911 local3.notice] OpenSSL error during handshake
> May 2 11:12:05 host.domain.tld /usr/pkg/qpopper/sbin/popper[15111]: [ID 702911 local3.notice] ...SSL error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> May 2 11:12:05 host.domain.tld /usr/pkg/qpopper/sbin/popper[15111]: [ID 702911 local3.notice] TLS/SSL Handshake failed: -1
>
> I have not tried this personally with Eudora, but one user said
> it worked and I am not surprised since Eudora and qpopper both come
> from qualcomm.
>
> I have to guess my steps leave out something obvious...
>
> I will be happy to give out the name to anyone who wants to
> play with it, but I don't want it to show up in archives.
>
> Thanks for help.
>
> Brian
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users at openssl dot org
> Automated List Manager majordomo at openssl dot org
--
_____________________________________________________________________
/ Brian C. Hill bchill at bch.net http://brian.bch dot net \
| Unix Specialist BCH Technical Services http://www.bch.net |
From: Sebastien Renard <Sebastien.Renard at digitalfox.homeip dot net>
Subject: POP with auth file
Date: Mon, 27 May 2002 13:24:22 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
My users are in pop.auth file used with APOP. I would like to swith to classic
POP and SSL. Can I still use this pop.auth file to authentificate my users ?
I do not want to create system users, I would like to keep this pop.auth
file.
Thanks for any idea about that.
- --
Sebastien
____________________________________
Ce qui ne nous tue pas nous rend plus fort.
Friedrich Nietzsche
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE88hdnuEQdRawm7bcRAlnpAKCj9lmedAQCNhPo9NpFLyXSdYlD0wCfXBWh
ysjd3umh5CYJzmklPWnPvTY
=c69g
-----END PGP SIGNATURE-----
From: "Vitor de Matos Carvalho" <vitor at softinfo.com dot br>
Subject: Blocking group
Date: Mon, 27 May 2002 14:32:53 -0300
Has as to block the users of the group ftponly to make login in qpopper?
Vitor de Matos Carvalho
System Network Administrator - Softinfo Network
FreeBSD - The Power To Serve
Date: Mon, 27 May 2002 19:06:50 +0100
From: peter.allen at moon-light.co dot uk
Subject: Re: Blocking group
Well I suppose that if a) no mail gets delivered to them anyhow and b) they
don't have a mailbox or queue, they won't get very far.
Beyond that the only methods I (naively?) am aware of are access control
ones, based on where they are trying to connect from.
What is the concern? If you fear malicious users, then access control is
going to be better because by the time they can connect, but would be
denied based on not having a proper user name and password, you have
arguably opened up your PoP3 server more than you wanted to. (Although
potentially "noisy", they can try to bruce force if given access.)
Can you arrange for your ftponly users to have a different range of IP
numbers than others and then not allow them to connect to the PoP3 server
with tcp wrappers and / or firewall ?
HTH
Peter
At 14:32 27/05/02 -0300, Vitor de Matos Carvalho wrote:
>Has as to block the users of the group ftponly to make login in qpopper?
>
>
> Vitor de Matos Carvalho
> System Network Administrator - Softinfo Network
> FreeBSD - The Power To Serve
Date: Mon, 27 May 2002 14:01:00 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: self-signed certs w/ POP3/SSL outlook express 6.0 and netscape 6.2.2
Does this also affect/fix the problems I've seen with self-signed
CERTs with Eudora and with Mulberry?
Quoting Brian C Hill (bchill at bch dot net):
> I finally figured out the problem with both Netscape and OE by
> reviewing Mark D. Baushke steps:
>
> http://www.mail-archive.com/openssl-users at openssl.org/msg24931 dot html
>
> It seems that the CA must sign itself first before it can be
> used to sign other certs. Doing that fixed both the Netscape and the OE
> problems (though the exact commands I used were a little different).
>
> Now I can use self-signed certs without a lot grief for my
> users.
>
> Brian
> =====================================================================
> On Thu, May 02, 2002 at 11:18:36AM -0700, Brian C Hill wrote:
> > Hello,
> >
> > Since I cannot find an answer to this particular problem
> > anywhere (after looking of looking at easily more than 100 web site
> > refs), I figure I must be doing something very obviously wrong. I have
> > found a lot discussion, but nothing that has worked.
> >
> > I used the following procedure from qualcomm to generate a
> > self-signed cert to use with qpopper 4.0.3:
> >
> > ## make CA
> > # make private key
> > openssl genrsa -des3 -out ca.key 1024
> > # make public key (cert)
> > openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> > ## make private/pub key (cert)
> > openssl req -new -nodes -out req.pem -keyout cert.pem
> > ## sign cert with CA cert
> > openssl x509 -req -CA ca.crt -CAkey ca.key \
> > -days 365 -in req.pem -out signed-req.pem -CAcreateserial
> > cat signed-req.pem >> cert.pem
> > # set perms
> > chmod 600 cert.pem
> > chown root:0 cert.pem
> >
> > OE 5 had no problem with this at all.
> >
> > This works with OE 6, but no matter how I import the
> > certificate, I cannot get OE to shut up about the cert not being
> > verifiable. I assume that I should be importing the CA cert that I
> > generated into the root store. Is that not right? I saw one reference
> > to problems with the name being a CNAME, which mine is, but that seems
> > suspicious.
> >
> > Netscape 6.2.2 says that the connection was refused but
> > qpopper's syslog entries clearly show a connection. The real problem
> > seems to be that Netscape doesn't like the certificate. I 'restoring'
> > the cert into the Netscape, but it doesn't like it. The syslog output:
> >
> > May 2 11:12:05 host.domain.tld /usr/pkg/qpopper/sbin/popper[15111]: [ID 702911 local3.notice] OpenSSL error during handshake
> > May 2 11:12:05 host.domain.tld /usr/pkg/qpopper/sbin/popper[15111]: [ID 702911 local3.notice] ...SSL error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> > May 2 11:12:05 host.domain.tld /usr/pkg/qpopper/sbin/popper[15111]: [ID 702911 local3.notice] TLS/SSL Handshake failed: -1
> >
> > I have not tried this personally with Eudora, but one user said
> > it worked and I am not surprised since Eudora and qpopper both come
> > from qualcomm.
> >
> > I have to guess my steps leave out something obvious...
> >
> > I will be happy to give out the name to anyone who wants to
> > play with it, but I don't want it to show up in archives.
> >
> > Thanks for help.
> >
> > Brian
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users at openssl dot org
> > Automated List Manager majordomo at openssl dot org
>
> --
> _____________________________________________________________________
> / Brian C. Hill bchill at bch.net http://brian.bch dot net \
> | Unix Specialist BCH Technical Services http://www.bch.net |
Date: Mon, 27 May 2002 14:08:56 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Mail into /var/spool/$SUBDIR/user
Looking to make a couple changes to qpopper for myself (and will
share if it works).
1) As mail comes in, I'd like to be lookup the username into a
make (ldap eventually, but .db for now) to get where her spool
is. So "lisa" would return either /var/spool/$COMPANY/lisa"
or, for better security, just "$COMPANY/lisa" ($COMPANY would
just be the company she is with).
Goal: This lets me separate users by some logical groupings, cause I'm
hosting a few people.
Eventually, perhaps a $PREFIX based on which interface they attach to...
2) Replace the getpw*() calls with a "popper_getpwent()" which will
first to a real getpw*(), then will call my own. So if the user
doesn't exist in /etc/passwd but I have them in /etc/popper.passwd
it WILL work. (LDAP also a goal).
Goal: Let me have pop-only users that don't have "real" accounts.
Machine has no PAM, so that's out, unfo (NetBSD and OpenBSD).
Questions:
Has anyone already done either of these? I'd rather reuse work
and spend the effort tuning it than writing from scratch.
chuck
Date: Mon, 27 May 2002 20:07:03 -0500
From: James Sneeringer <james+qpopper at vincentsystems dot com>
Subject: Re: Mail into /var/spool/$SUBDIR/user
On Mon, May 27, 2002 at 02:08:56PM -0700, Chuck Yerkes wrote:
| 1) As mail comes in, I'd like to be lookup the username into a
| make (ldap eventually, but .db for now) to get where her spool
| is. So "lisa" would return either /var/spool/$COMPANY/lisa"
| or, for better security, just "$COMPANY/lisa" ($COMPANY would
| just be the company she is with).
|
| Goal: This lets me separate users by some logical groupings, cause I'm
| hosting a few people.
| Eventually, perhaps a $PREFIX based on which interface they attach to...
Assuming you have IP addresses to spare, you could do this by making
Qpopper listen on multiple addresses, and have each instance load its
own config file that defines spool-dir as needed. For example:
192.168.0.1 -> load /etc/pop-company1.conf -> set spool-dir = "company1"
192.168.0.2 -> load /etc/pop-company2.conf -> set spool-dir = "company2"
| 2) Replace the getpw*() calls with a "popper_getpwent()" which will
| first to a real getpw*(), then will call my own. So if the user
| doesn't exist in /etc/passwd but I have them in /etc/popper.passwd
| it WILL work. (LDAP also a goal).
| Goal: Let me have pop-only users that don't have "real" accounts.
| Machine has no PAM, so that's out, unfo (NetBSD and OpenBSD).
This would be quite useful. However, you'll still need some magic to
make your MTA deliver to a spool for a non-existent user.
-James
Date: Tue, 28 May 2002 04:13:04 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Blocking group
On Mon, 27 May 2002 peter.allen at moon-light.co dot uk wrote:
> Well I suppose that if a) no mail gets delivered to them anyhow and b) they
> don't have a mailbox or queue, they won't get very far.
Don't give ftp only users a valid shell. Qpopper by default won't allow
logins if the shell isn't in /etc/shells
Because my users are only allowed pine (with everything locked down), I
had to add this to the shells file.
AB
Date: Tue, 28 May 2002 04:38:04 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Mail into /var/spool/$SUBDIR/user
On Mon, 27 May 2002, James Sneeringer wrote:
The functionality described exists in QMail's popper. You might want to
investigate that one.
Date: Tue, 28 May 2002 10:26:03 +0100
From: peter.allen at moon-light.co dot uk
Subject: Re: Blocking group
At 04:13 28/05/02 -0400, Alan Brown wrote:
>Don't give ftp only users a valid shell. Qpopper by default won't allow
>logins if the shell isn't in /etc/shells
Interesting theory.
All my users have a /dev/null "shell" which is _not_ in /etc/shells and
even though I haven't done anything special when compiling qpopper, they
can pop for mail with no problems...
Do you mean that no shell at all should be specified when adding those users?
Regards
Peter
Date: Tue, 28 May 2002 06:27:58 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Blocking group
On Tue, 28 May 2002 peter.allen at moon-light.co dot uk wrote:
> All my users have a /dev/null "shell" which is _not_ in /etc/shells and
> even though I haven't done anything special when compiling qpopper, they
> can pop for mail with no problems...
>
> Do you mean that no shell at all should be specified when adding those users?
No, I mean specifying a shell which isn't in /etc/shells
This is in the documentation and the FAQ.
Did you compile without the shellcheck?
AB
Date: Tue, 28 May 2002 11:33:32 +0100
From: peter.allen at moon-light.co dot uk
Subject: Re: Blocking group
At 06:27 28/05/02 -0400, Alan Brown wrote:
> > Do you mean that no shell at all should be specified when adding those
> users?
>
>No, I mean specifying a shell which isn't in /etc/shells
>
>This is in the documentation and the FAQ.
>
>Did you compile without the shellcheck?
Ah yes - that's it, which is why I was puzzling as to the default
installation not allowing those with no shell to be able to pop.
Thanks for the info.
Peter
Subject: Re: Spool older than cache file error
Date: Wed, 29 May 2002 13:50:46 +0200 (MET DST)
From: Eric Luyten <Eric.Luyten at vub.ac dot be>
> At 10:57 AM +0100 3/5/02, Eric Luyten wrote:
>
> >It invariably happens after a new message arrived for a given user AND
> >a subsequent succesful POP session, with 'leave messages on server' set.
[Randall G., on 5 Mar 2002]
> Can you reproduce this with debug tracing?
Easier said than done. At most one percent of our 20,000+ users
is "experiencing" the problem once, maybe twice a day.
Enabling debug on all POP3 user access is obviously not possible.
Anyway, with close to three hundred thousand accesses per day
and a few dozens of Gigabytes currently being read/written at
full throttle, I have a few other things on my plate right now.
Eric Luyten, Computing Centre VUB/ULB.
Date: Wed, 29 May 2002 08:08:20 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Spool older than cache file error
On Wed, 29 May 2002, Eric Luyten wrote:
> Easier said than done. At most one percent of our 20,000+ users
> is "experiencing" the problem once, maybe twice a day.
> Enabling debug on all POP3 user access is obviously not possible.
If my experience is any guide it only happens to a small subset of users
and repeatedly happens to them.
The hard part is finding one willing to act as a guinea pig on a
separate port for debugging.
AB
Subject: 30 Seconds to Authenticate -- And all I got was this lousy T-Shirt
From: Paul Oliver <paul at paultastic dot com>
Date: 29 May 2002 07:58:15 -0500
I'm using Qpopper 4.0.4 compiled with --enable-debugging only.
My question (with the details to follow) are:
1) Why is qpopper sending auth/IDENT requests (port 113) back to any
client that tries to connect?
2) How do I disable that in the program itself, i.e. not put a firewall
around qpopper to block port 113 requests? Or, how do I speed up the
authentication process?
If I'm outside the server network, there are 30 seconds after the
connection is established before I see:
+OK Qpopper (version 4.0.4) at mail.server.com starting.
On the client side I see no traffic from qpopper for 30 seconds after
the TCP Handshake is completed.
I ran ethereal on the server side and I saw that qpopper was sending
ident (port 113) (maybe every 10 seconds or so?) requests back to these
connections.
I looked at the source code and I saw this:
pop_init.c (lines 1173-1175)
DEBUG_LOG3 ( p, "(v%s) Servicing request from \"%s\" at %s",
VERSION, p->client, p->ipaddr );
return ( kerb_authenticate ( p, &cs ) );
Is kerb_authenticate to blame for the 30 second delay?
And the reason I looked there is because my log file with debugging
turned on looks like this:
May 29 00:18:01 mail popper[19902]: Debugging turned on (-d)
[pop_init.c:711]
May 29 00:18:01 mail popper[19902]: (v4.0.4) Servicing request from
"68.13.1.118" at 68.13.1.118 [pop_init.c:1173]
^^^^^^^^^^^^^^^^^
May 29 00:18:01 mail popper[19902]: before TLS; tls_support==0
[popper.c:180]
May 29 00:18:01 mail popper[19902]: Skipped TLS Init [popper.c:205]
May 29 00:18:01 mail popper[19902]: (v4.0.4) Intro [popper.c:247]
May 29 00:18:01 mail popper[19902]: +OK Qpopper (version 4.0.4) at
mail.isecuretrac.com starting. [popper.c:260]
^^^^^^^^^^^^
May 29 00:18:01 mail popper[19902]: Qpopper ready for input from (null)
at 68.13.1.118 [68.13.1.118] [popper.c:292]
May 29 00:18:01 mail popper[19902]: Received (12): "USER poliver"
[pop_get_command.c:105]
May 29 00:18:01 mail popper[19902]: home (13): '/home/poliver'
[pop_user.c:217]
May 29 00:18:01 mail popper[19902]: +OK Password required for poliver.
[pop_user.c:431]
Thanks for reading this.
Paul
--
--Paul-Oliver------ http://www.paultastic.com -------- paultastic.com -
Linux 2.4.18 #2 SMP Tue Apr 30 01:35:38 CDT 2002
7:43am up 29 days, 6:00, 8 users, load average: 0.09, 0.06, 0.01
-----------------------------------------------------------------------
Consider the daffodil. And while you're doing that, I'll be over here,
looking through your stuff.
From: "Michael Caplan" <michael at social-ecology dot org>
Subject: Errors With POP Polling
Date: Wed, 29 May 2002 09:50:23 -0400
Hi,
Thanks to the great feedback from folks on this list, I was able to finalize
an install of Qpopper 4.04 with TSL/SSL support. Since then, all is well,
except one of my users is experiencing a critical problem. I hope folks on
the list can help me decipher it.
One of my users is using Outlook Express as his client. After connecting to
Qpopper and starting message d/l, the connection is promptly dropped after
the first or second email is transferred. As far as I can tell, this is not
due to the network connection.
May 28 11:22:10.641 2002 [13776] (v4.0.4) TLSv1/SSLv3 handshake with client
at x.x.x.x (x.x.x.x); new
session-id; cipher: EXP1024-RC4-SHA (EXP1024-RC4-SHA SSLv3 Kx=RSA(1024)
Au=RSA Enc=RC4(56) Mac=SHA1 export), 56 bits
May 28 11:22:31.949 2002 [13776] I/O Error
May 28 11:22:31.949 2002 [13776] Error writing to client
May 28 11:22:31.949 2002 [13776] cuba at x.x.x.x (x.x.x.x): -ERR SIGHUP or
SIGPIPE flagged
May 28 11:22:31.949 2002 [13776] OpenSSL Error during write
May 28 11:22:31.949 2002 [13776] ...SSL error: error:1409F07F:SSL
routines:SSL3_WRITE_PENDING:bad write retry
May 28 11:22:31.949 2002 [13776] Error writing to client
May 28 11:22:31.949 2002 [13776] cuba at x.x.x.x (x.x.x.x): -ERR POP hangup
from flag.blackened.net
May 28 11:22:31.949 2002 [13776] OpenSSL Error during write
May 28 11:22:31.949 2002 [13776] ...SSL error: error:1409F07F:SSL
routines:SSL3_WRITE_PENDING:bad write retry
May 28 11:22:31.949 2002 [13776] Error writing to client
May 28 11:22:31.949 2002 [13776] Stats: cuba 0 0 36 2720737 x.x.x.x x.x.x.x
May 28 11:22:32.092 2002 [13776] OpenSSL Error during write
May 28 11:22:32.092 2002 [13776] ...SSL error: error:1409F07F:SSL
routines:SSL3_WRITE_PENDING:bad write retry
May 28 11:22:32.092 2002 [13776] Error writing to client
May 28 11:22:32.092 2002 [13776] TLS shutdown Error
A similar error was reported by Shane Williams in an email to the list in
Dec. 2001
(http://www.pensive.org/Mailing_Lists/Archives/Qpopper/Archive-2001-12-20.ht
ml#[20]), although how it was resolved was not.
Any suggestions?
Thanks,
Michael
set debug
set tls-private-key-file = '/etc/mail/certs/key.pem'
set tls-server-cert-file = '/etc/mail/certs/cert.pem'
set tls-support = alternate-port
set clear-text-password = always
Date: Wed, 29 May 2002 09:14:39 -0500
From: Paul Oliver <paul at paultastic dot com>
Subject: Re: 30 Seconds to Authenticate -- And all I got was this lousy T-Shirt
On 5/29/2002 9:02 AM, Kenneth Porter wrote:
> On Wed, 2002-05-29 at 05:58, Paul Oliver wrote:
>
>
>>1) Why is qpopper sending auth/IDENT requests (port 113) back to any
>> client that tries to connect?
>
>
> You don't say how you're starting qpopper. Qpopper doesn't do IDENT
> queries, but it's common for inetd or xinetd to do this with the default
> setup. You need to look at the configuration of those to see how to
> disable it.
Thanks Kenneth and Sebastien, that's what it was.
I was using xinetd and to change it for qpopper the file looks like:
service pop3
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/popper
server_args = qpopper -s -R
# log_on_success += USERID DURATION
log_on_success = DURATION HOST PID
# log_on_failure += USERID
log_on_failure = HOST
nice = 10
}
the commented out lines are the originals, below them are what
I changed it to.
Thanks everyone, I was at wit's end. :)
--
----------------------------------------------------------------------
Paul Oliver http://www.paultastic.com paul at paultastic dot com
----------------------------------------------------------------------
Why do the caterpillar and the ant have to be enemies? One eats
leaves, and the other eats caterpillars. Oh, I see now.
Date: Wed, 29 May 2002 11:34:17 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Spool older than cache file error
At 8:08 AM -0400 5/29/02, Alan Brown wrote:
> On Wed, 29 May 2002, Eric Luyten wrote:
>
>> Easier said than done. At most one percent of our 20,000+ users
>> is "experiencing" the problem once, maybe twice a day.
>> Enabling debug on all POP3 user access is obviously not possible.
>
> If my experience is any guide it only happens to a small subset of users
> and repeatedly happens to them.
>
> The hard part is finding one willing to act as a guinea pig on a
> separate port for debugging.
You should be able to set debugging for only those users experiencing
the problem, by creating a configuration file for that user.
The session before the one that generates the error may be interesting as well.
From: "James Wilson" <tau at j2w.co dot uk>
Subject: Multiple pop boxes ?
Date: Thu, 30 May 2002 10:35:39 +0100 (BST)
Hi ppl,
I have a setup running qmail to deliver mail into the users home
directory, and am using dot-qmail files to dump it in a selection
of different files ($HOME/Mail/inbox-a, $HOM/Mail/inbox-b etc...)
I don't want to start creating multiple users in /etc/passwd in
order to allow multiple pop boxes per user, I'd quite like the
ability to setup usernames and passwords that qpopper would use
in order to access the mail, assuming it can't be validated from
the /etc/passwd file.
I have compiled with:
./configure --with-pam=pop3 --enable-home-dir-mail=Mail/inbox
And am wondering if there is any patch available which uses SQL
or flat files to specify additional username/passwords, which
would be able to access these more specific inboxes in a real
users home directory. I guess what I want is a sort of secondary
authentication system if PAM fails, and in that case, a lookup
to find out in what real user the fake pop users inbox resides,
and then a realtime version of the --enable-home-dir-mail compile
switch above to specify the exact mailbox format filename to use.
Any help very much appreciated...
Thanks,
James.
Date: Thu, 30 May 2002 08:16:32 -0300 (ART)
Subject: Webmail using qpopper. Imap option.
From: "Roman" <roman at izhal dot com>
Hi all,
I'm using qpopper 3.1.2 on Linux and now I'd like to set up a Webmail
system. I have two main options:
a) set up an imap server and then use a webmail system that uses imap
protocol
b) find a webmail which uses directly pop3
My goals are:
- webmail being robust and _secure_ (i mean, sufficiently tested looking for
sec holes, etc)
- minimum number or no collisions between attempts to read mail for the
same user (for instance, using pop3 and webmail at the same time). Any idea
to optimize this? I suppose it will be impossible to use both systems at the
same time but at least I don't want pop gets too much time locked due to a
webmail access, and things like that.
My questions (unordered ;-)):
- which method is the best for that? a) or b) (imap or pop3)
- in case of choose imap, which (free) imap server (for Unix) would you use?
- which webmail system would you use? I've seen the following:
http://www.squirrelmail.org/
and looks great. It requires imap.
- will I have any "collision" problem between qpopper and imap?
- any tip&tricks for configure this (some timeout options fine tuning, etc)
I'm sure many of you have implemented such a system, so I'd like you to
give me some feedback and ideas.
Kind regards,
--R
Date: Thu, 30 May 2002 21:52:18 +1000
From: Drew <drew at patash.com dot au>
Subject: Re: Webmail using qpopper. Imap option.
You should look at http://www.basilix.org/ it is a webmail package using php
and imap you can also use ssl with imap as well.
Andrew
Roman wrote:
> Hi all,
>
> I'm using qpopper 3.1.2 on Linux and now I'd like to set up a Webmail
> system. I have two main options:
> a) set up an imap server and then use a webmail system that uses imap
> protocol
> b) find a webmail which uses directly pop3
>
> My goals are:
> - webmail being robust and _secure_ (i mean, sufficiently tested looking for
> sec holes, etc)
> - minimum number or no collisions between attempts to read mail for the
> same user (for instance, using pop3 and webmail at the same time). Any idea
> to optimize this? I suppose it will be impossible to use both systems at the
> same time but at least I don't want pop gets too much time locked due to a
> webmail access, and things like that.
>
> My questions (unordered ;-)):
> - which method is the best for that? a) or b) (imap or pop3)
> - in case of choose imap, which (free) imap server (for Unix) would you use?
> - which webmail system would you use? I've seen the following:
> http://www.squirrelmail.org/
> and looks great. It requires imap.
> - will I have any "collision" problem between qpopper and imap?
> - any tip&tricks for configure this (some timeout options fine tuning, etc)
>
> I'm sure many of you have implemented such a system, so I'd like you to
> give me some feedback and ideas.
>
> Kind regards,
> --R
Last updated on 30 May 2002 by Pensive Mailing List Admin