The qpopper list archive ending on 26 Sep 2002
Topics covered in this issue include:
1. Re: SSL_write problems
Randall Gellens <randy at qualcomm dot com>
Tue, 17 Sep 2002 16:43:16 -0700
2. Re: Qpopper / Sendmail / Webmail ???
Wayne Heming <wheming at hemnet.com dot au>
Wed, 18 Sep 2002 09:47:48 +1000
3. Re: Bug in rejection of STLS ?
Randall Gellens <randy at qualcomm dot com>
Tue, 17 Sep 2002 17:12:08 -0700
4. Re: qpopper stuck in ssl mode
Randall Gellens <randy at qualcomm dot com>
Tue, 17 Sep 2002 17:41:02 -0700
5. Re: poppassd TLS/SSL option "-l"
Randall Gellens <randy at qualcomm dot com>
Tue, 17 Sep 2002 16:28:48 -0700
6. Re: 4.0.5b1 + OpenSSL 0.9.6f still not work?
Randall Gellens <randy at qualcomm dot com>
Tue, 17 Sep 2002 17:38:51 -0700
7. Re: Secure vs. non-secure qpopper
Randall Gellens <randy at qualcomm dot com>
Tue, 17 Sep 2002 17:30:48 -0700
8. Re: Qpopper / Sendmail / Webmail ???
listuser at neo.pittstate dot edu
Wed, 18 Sep 2002 16:26:47 -0500 (CDT)
9. Re: Qpopper / Sendmail / Webmail ???
Wayne Heming <wheming at hemnet.com dot au>
Thu, 19 Sep 2002 09:37:33 +1000
10. Re: Qpopper / Sendmail / Webmail ???
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Wed, 18 Sep 2002 18:04:38 -0700
11. Re: Secure vs. non-secure qpopper
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Wed, 18 Sep 2002 18:11:33 -0700
12. Re: Linking error poppassd, authenticat. order?
Randall Gellens <randy at qualcomm dot com>
Wed, 18 Sep 2002 18:10:28 -0700
13. I Need help with a Strange Problem !
=?iso-8859-1?Q?Damián_Lezama?= <dlezama at comercialnet.com dot uy>
Thu, 19 Sep 2002 03:01:38 -0300
14. Scripts for analying POP3 usage
Kenneth Porter <shiva at well dot com>
19 Sep 2002 06:32:53 -0700
15. stale lock files
Jannetta S Lewis <jannetta at henning dot org>
Thu, 19 Sep 2002 13:39:19 +0000 (GMT)
16. Kerberos support
John Rudd <jrudd at cats.ucsc dot edu>
Thu, 19 Sep 2002 08:47:36 -0700
17. Re: Scripts for analying POP3 usage
Alan Brown <alanb at digistar dot com>
Thu, 19 Sep 2002 12:19:06 -0400 (EDT)
18. Re: Scripts for analying POP3 usage
Kenneth Porter <shiva at well dot com>
19 Sep 2002 09:39:36 -0700
19. Re: Scripts for analying POP3 usage
Chip Old <fold at bcpl dot net>
Thu, 19 Sep 2002 13:42:23 -0400 (EDT)
20. Re: Scripts for analying POP3 usage
Gregory Hicks <ghicks at cadence dot com>
Thu, 19 Sep 2002 11:06:01 -0700 (PDT)
21. Re: Scripts for analying POP3 usage
Chip Old <fold at bcpl dot net>
Thu, 19 Sep 2002 14:58:28 -0400 (EDT)
22. Re: Scripts for analying POP3 usage
Alan Brown <alanb at digistar dot com>
Thu, 19 Sep 2002 15:20:58 -0400 (EDT)
23. RE: Scripts for analying POP3 usage
"Justin Ainsworth" <jda at sunset dot net>
Thu, 19 Sep 2002 12:47:29 -0700
24. Re: stale lock files
Simon Byrnand <simon at igrin.co dot nz>
Fri, 20 Sep 2002 09:31:25 +1200
25. Re: stale lock files
Simon Byrnand <simon at igrin.co dot nz>
Fri, 20 Sep 2002 09:56:40 +1200
26. Re: stale lock files
Alan Brown <alanb at digistar dot com>
Thu, 19 Sep 2002 18:07:01 -0400 (EDT)
27. Re: stale lock files
Alan Brown <alanb at digistar dot com>
Thu, 19 Sep 2002 17:38:49 -0400 (EDT)
28. Re: stale lock files
Simon Byrnand <simon at igrin.co dot nz>
Fri, 20 Sep 2002 10:36:03 +1200
29. Re: I Need help with a Strange Problem !
Jeff West <J.West at astronautics dot com>
Fri, 20 Sep 2002 07:48:19 -0500
30. .lock.username, delete and it deletes all of users mail??
Drew Weaver <drew.weaver at thenap dot com>
Fri, 20 Sep 2002 14:14:53 -0400
31. Re: 4.0.5b1 + OpenSSL 0.9.6g still not work?
Randall Gellens <randy at qualcomm dot com>
Fri, 20 Sep 2002 12:28:17 -0700
32. Re: 4.0.5b1 + OpenSSL 0.9.6g still not work?
Randall Gellens <randy at qualcomm dot com>
Fri, 20 Sep 2002 12:30:08 -0700
33. Re: .lock.username, delete and it deletes all of users mail??
Joseph S D Yao <jsdy at center.osis dot gov>
Fri, 20 Sep 2002 16:03:05 -0400
34. Re: 4.0.5b1 + OpenSSL 0.9.6g still not work?
Randall Gellens <randy at qualcomm dot com>
Fri, 20 Sep 2002 12:27:09 -0700
35. Re: PGP and policy (Re: Alternatives to SSL and crypto
Randall Gellens <randy at qualcomm dot com>
Fri, 20 Sep 2002 13:58:39 -0700
36. Re: Bulletin From error
Randall Gellens <randy at qualcomm dot com>
Fri, 20 Sep 2002 14:00:26 -0700
37. Re: SSL bug: Solution! (It's a Eudora bug, with a qpopper
Randall Gellens <randy at qualcomm dot com>
Fri, 20 Sep 2002 13:55:25 -0700
38. qpopper stls annoyance
John Rudd <jrudd at cats.ucsc dot edu>
Fri, 20 Sep 2002 13:15:21 -0700
39. Re: Scripts for analying POP3 usage
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Fri, 20 Sep 2002 14:52:01 -0700
40. Re: Scripts for analying POP3 usage
Chip Old <fold at bcpl dot net>
Fri, 20 Sep 2002 20:29:47 -0400 (EDT)
41. Re: Scripts for analying POP3 usage
Alan Brown <alanb at digistar dot com>
Sat, 21 Sep 2002 12:34:58 -0400 (EDT)
42. Re: Bulletin From error
"Andi Reisenhofer" <guru.andy at aon dot at>
Sat, 21 Sep 2002 19:24:38 +0200
43. Re: qpopper stls annoyance
Simon Byrnand <simon at igrin.co dot nz>
Mon, 23 Sep 2002 09:38:39 +1200
44. connect to pop3 crashes with message....
Konstantin Chaus <chaus at ssu.samara dot ru>
Mon, 23 Sep 2002 17:55:10 +0500
45. Re: connect to pop3 crashes with message....
Anthony Fleisher <fleisher at mind dot net>
Mon, 23 Sep 2002 11:32:55 -0700 (PDT)
46. Re: qpopper stls annoyance
Randall Gellens <randy at qualcomm dot com>
Mon, 23 Sep 2002 18:07:46 -0700
47. installation problem - HELP
"Randy Ouellette" <randy at garanenterprises dot com>
Thu, 26 Sep 2002 10:44:49 -0400
48. Re: installation problem - HELP
"Andi Reisenhofer" <guru.andy at aon dot at>
Thu, 26 Sep 2002 21:30:16 +0200
49. Re: installation problem - HELP
Simon Byrnand <simon at igrin.co dot nz>
Fri, 27 Sep 2002 09:38:39 +1200
50. problem with statistics logging
Piotr Kubiak <admin at dialcom.com dot pl>
Fri, 27 Sep 2002 08:55:29 +0200
Date: Tue, 17 Sep 2002 16:43:16 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: SSL_write problems
At 1:04 PM +0100 9/2/02, Trey A Mujakporue wrote:
> When downloading files with SSL enabled, we get this error in the logs
> This is not a chunky write problem as my qpopper configuration file is made
> up of the following
>
> set tls-support = alternate-port
> set tls-server-cert-file = /etc/mail/certs/cert.pem
> set chunky-writes = always
There really isn't a "chunky write problem" but it is true that if
your network is already congested, having chunky-writes set to any
value other than "never" could exacerbate the situation and lead to
timeouts. The way to check this is to try setting chunky-writes to
never, or, better yet, run a packet trace of a failing session.
> After looking through the archives, i found this
>
> When SSL_write is called again after another function, SSL_ERROR_WANT_...,
> it must get exactly the same buffer because parts of the buffer contents may
> already have been encrypted and wait in interal buffers while others may not
> yet have been looked at. What's really important is that buffer *contents*
> stay the same, but as a sanity check to avoid application bugs the OpenSSL
> library checks whether the buffer *address* is not changed. This check can
> be disabled by setting SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER for that SSL
> object, using SSL_set_mode (or SSL_CTX_set_mode
> on the SSL_CTX before SSL_new is called).
I don't think this is the situation here.
Date: Wed, 18 Sep 2002 09:47:48 +1000
From: Wayne Heming <wheming at hemnet.com dot au>
Subject: Re: Qpopper / Sendmail / Webmail ???
I just installed neomail http://neomail.sourceforge.net/
Its works fine with limited extra tools, perl, DB, CGI. and FREE. and
doesn't require IMAP.
very simple to install.
Not sure of max users etc, didn't really go into that.
Wayne
At 03:17 PM 17/09/02 -0400, Alan Brown wrote:
>On Tue, 17 Sep 2002, Frank Pineau wrote:
>
> > IMP (http://www.horde.org) supports POP3 and IMAP. Frankly, if you're
> doing
> > webmail, IMAP is nicer anyway.
>
>Having run both, I strongly agree. :-)
Date: Tue, 17 Sep 2002 17:12:08 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Bug in rejection of STLS ?
At 10:41 AM +1200 9/3/02, Simon Byrnand wrote:
> Problem: When that 3rd party attempts a POP3 connection to our server, it
> first tries issuing the 'STLS' command. Despite the fact that STLS support
> is not even compiled into QPopper, it recognises the command and responds
> with "ERR - command not enabled", (which is fine) and then closes the
> connection. (Which is not fine)
>
> Closing the connection when a command which support of is not compiled in
> seems wrong to me.
Correct; this Qpopper must not do.
> This makes it impossible for the client to probe for
> STLS and then fall back to a normal connection.
False; the client should issue the CAPA command and see if the server
supports STLS.
> In order to prove this I
> commented the stls line out of the state table in pop_get_command.c thus:
>
> { auth1, "epop", 0, 0, pop_epop, {auth1, auth1} },
> // { auth1, "stls", 0, 0, pop_stls, {halt, auth1} },
> { auth1, "user", 1, 1, pop_user, {auth1, auth2} },
> { auth1, "capa", 0, 0, pop_capa, {auth1, auth1} },
>
> and found that the 3rd party that is probing the STLS command gets an ERR
> message, and then continues to use normal POP3 methods and succeeds.
> Without my change, the connection always gets dumped. (Obviously my change
> is a hack, but it was just a way of testing my theory)
>
> The question is, is QPopper in the wrong ?
Yes, this is a bug and should be fixed.
> Or is the client trying to probe
> STLS in the wrong ?
Yes, the client is wrong and should issue CAPA and see if STLS is supported.
> Or is this just one of those ill defined grey areas of
> interoperability that crops up from time to time.
It's a case of both sides being wrong. If either of the sides did
the correct thing, there would be no visible problem, but with both
sides being incorrect, there is.
>
> It seems to me that if STLS support is not compiled in at all, then the
> STLS command shouldn't be recognised at all, and just return an ERR command
> not recognised, which could probably be done by putting an ifdef around the
> line I commented out, similar to the ones for RPOP and APOP.
True, but it's nicer from an operational point of view to know that
your TLS session is failing because you forgot to compile in support.
>
> But if STLS support is compiled in, but it is DISABLED, then it should
> report that the command is disabled, as it does now, but IMO it should
> *NOT* then drop the connection. I'm guessing, but it looks like that could
> be done by changing the halt to auth1 in the line I commented out, but
> without understanding the code a lot better I wouldn't like to do that.
Yes, changing the 'halt' to 'auth1' would avoid the problem. It
seems to be trying to turn a TLS timeout into a fatal error, even
though there is also an attempt to make a failed TLS negotiation not
be fatal, as the comment in popper/pop_extend.c says. The command
table doesn't have a way to say "go into halt state if the command
failed for this one reason, but stay in the same state if it failed
for this other reason."
I can fix it within popper/pop_extend.c I think, by separating the
pop_stls return value from the message sent to the client.
Date: Tue, 17 Sep 2002 17:41:02 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: qpopper stuck in ssl mode
At 11:51 PM -0700 9/5/02, jbailo at manus dot com wrote:
> was running qpopper v3 on sun solaris
>
> installed qpopper v4 to run in inetd
>
> would only accept ssl enabled login...clear text not accepted
>
> rolled back to v3, which used to accept clear text, but now only accepts ssl.
>
> how to reenable clear text login on v3 ?
>
>
Clear text passwords are enabled by default. You don't need to drop
back to 3 for this; I'd recommend staying with 4. Check your
configure options and any run-time configuration files. If you're
still having problems, get a debug trace and see what it says.
To enable tracing in Qpopper:
1. Do a 'make clean'
2. Re-run ./configure, adding '--enable-debugging'.
3. Edit the inetd.conf line for Qpopper, adding '-d' or '-t <tracefile-path>'.
4. Send inetd (or xinetd) a HUP signal.
(Steps 3 and 4 are only needed if you use inetd (or xinetd). In
standalone mode, you can add '-d' or '-t <tracefile-path>' to the
command line directly.)
(In either standalone or inetd mode, if you use a configuration file
you can add 'set debug' or 'set tracefile = <tracefile>' to either a
global or user-specific configuration file instead of steps 3 and 4.)
This causes detailed tracing to be written to the syslog or to the
file specified as 'tracefile'.
--
Date: Tue, 17 Sep 2002 16:28:48 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: poppassd TLS/SSL option "-l"
At 9:59 AM -0400 8/28/02, Tom Carpenter wrote:
> The man pages
> for poppassd notes that "-l 0|1|2" is a command line option.
I think it's premature. The password/poppassd.c file parses for the
'-l' command but then spits out an error that it isn't implemented
yet.
You could always use stunnel or something in the meantime.
Date: Tue, 17 Sep 2002 17:38:51 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0.5b1 + OpenSSL 0.9.6f still not work?
At 1:41 AM -0500 9/6/02, SkyDeep wrote:
> I have this same problem with the latest version of Open SSL. Has
> ANYONE gotten SSL to function with Qpopper or is this feature
> simply listed but not working?
If you're using 4.0.5b1, did you try setting the 'tls-workarounds'
option, or, if you prefer, setting 'tls-options' to '0x00000800' (to
set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)? See the
samples/qpopper.config file for examples.
Date: Tue, 17 Sep 2002 17:30:48 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Secure vs. non-secure qpopper
At 4:52 PM -0600 9/5/02, S Spigarelli wrote:
> I am using Outlook Express
> (maybe someone can refer me a better Windows mailchecker)
There are plenty of better ones to choose from. Personally, I'm fond
of Eudora.
> and it will start
> downloading some messages and at times it will hit a certain message and the
> server will return that the client has done something bad, and the client
> will say that the issue was caused by the server causing problems. Are
> there known issues with the 4.04 version of qpopper with Outlook Express
> using SSL/TLS? I can change the server to the non-secure version, and this
> change downloads the messages just fine. Also, I can download almost every
> message using the secure version but certain messages cause problems.
>
> Any ideas? Anyone else have issues like this? Is it Outlook Express or is
> it qpopper?
Try using a different client and see if the problem goes away. You
can try Eudora, Mozilla, etc. (You could even try openssl, the
command-line tool that comes with OpenSSL. For example, 'openssl
s_client -connect host:port', then 'user username' and 'pass
password', then 'list' to see all the message numbers, then 'retr 1',
'retr 2', etc.)
You can also try getting a debug trace.
From: listuser at neo.pittstate dot edu
Date: Wed, 18 Sep 2002 16:26:47 -0500 (CDT)
Subject: Re: Qpopper / Sendmail / Webmail ???
I like it too BUT it is no longer being developed. Due to an IP
restriction with Ernie's (the author) employer, he felt it was neccessary
to cease development until the situation changes. It also reads from your
passwd/shadow files. Last I checked it can't use NIS, RADIUS, TACACS,
LDAP, or PAM. You can however easily hack it up and add things like
mouseovers (what I added), default signatures, etc... OpenWebmail is a
fork of Neomail and is pretty nice too. I don't know about auth options
though.
Like I said, I like Neomail. That's what we're using now. However we're
switching to something else for auth needs primarily. I don't really have
a grasp on how CPU intensive it is. We have users with large mail spools
that hurt us when the POP their spools. I don't notice when they use
webmail though.
HTH
Justin
On Wed, 18 Sep 2002, Wayne Heming wrote:
> I just installed neomail http://neomail.sourceforge.net/
>
> Its works fine with limited extra tools, perl, DB, CGI. and FREE. and
> doesn't require IMAP.
>
> very simple to install.
>
> Not sure of max users etc, didn't really go into that.
>
> Wayne
>
> At 03:17 PM 17/09/02 -0400, Alan Brown wrote:
> >On Tue, 17 Sep 2002, Frank Pineau wrote:
> >
> > > IMP (http://www.horde.org) supports POP3 and IMAP. Frankly, if you're
> > doing
> > > webmail, IMAP is nicer anyway.
> >
> >Having run both, I strongly agree. :-)
>
>
Date: Thu, 19 Sep 2002 09:37:33 +1000
From: Wayne Heming <wheming at hemnet.com dot au>
Subject: Re: Qpopper / Sendmail / Webmail ???
There is a patch for MySql and PAM authorisation and the general public is
providing some patches.
I added a patch for Digest CGI. I even add CGIWRAP to get over suid issues.
I can't see it to hard to add Radius or LDAP, but anyway this is a popper
list not the neomail list.
Wayne
At 04:26 PM 18/09/02 -0500, listuser at neo.pittstate dot edu wrote:
>I like it too BUT it is no longer being developed. Due to an IP
>restriction with Ernie's (the author) employer, he felt it was neccessary
>to cease development until the situation changes. It also reads from your
>passwd/shadow files. Last I checked it can't use NIS, RADIUS, TACACS,
>LDAP, or PAM. You can however easily hack it up and add things like
>mouseovers (what I added), default signatures, etc... OpenWebmail is a
>fork of Neomail and is pretty nice too. I don't know about auth options
>though.
>
>Like I said, I like Neomail. That's what we're using now. However we're
>switching to something else for auth needs primarily. I don't really have
>a grasp on how CPU intensive it is. We have users with large mail spools
>that hurt us when the POP their spools. I don't notice when they use
>webmail though.
>
>HTH
> Justin
>
>
>
>On Wed, 18 Sep 2002, Wayne Heming wrote:
>
> > I just installed neomail http://neomail.sourceforge.net/
> >
> > Its works fine with limited extra tools, perl, DB, CGI. and FREE. and
> > doesn't require IMAP.
> >
> > very simple to install.
> >
> > Not sure of max users etc, didn't really go into that.
> >
> > Wayne
> >
> > At 03:17 PM 17/09/02 -0400, Alan Brown wrote:
> > >On Tue, 17 Sep 2002, Frank Pineau wrote:
> > >
> > > > IMP (http://www.horde.org) supports POP3 and IMAP. Frankly, if you're
> > > doing
> > > > webmail, IMAP is nicer anyway.
> > >
> > >Having run both, I strongly agree. :-)
> >
> >
Date: Wed, 18 Sep 2002 18:04:38 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Qpopper / Sendmail / Webmail ???
Quoting Jeremy Schwartz (jeremy at 123yourweb dot com):
> I have successfully installed Sendmail and Qpopper on a MacOSX G4. I have a
> question regarding webmail.
>
> Is it possible? Do I need additional tools?
Well, you need a webmail program :) Maybe apache.
The issue with POP and webmail are mainly that:
1) people like having FOLDERS which POP can't support in any
resonable way
2) people will keep mail on the server. System 7 mailboxes
don't do very well with 1000 messages in them. QPopper
struggles when you delete message 400 from that mailbox.
(almost full copy of the mailbox).
IMAP does better per 1, and good IMAP servers (Cyrus, Sendmail's
IMAP, others) keep 1 message/file. Deleting message 400 is a simple
unlink.
If you are running webmail for 20,000 - 100k people, then other issues arise.
Date: Wed, 18 Sep 2002 18:11:33 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Secure vs. non-secure qpopper
At 4:52 PM -0600 9/5/02, S Spigarelli wrote:
> I am using Outlook Express
> (maybe someone can refer me a better Windows mailchecker)
...
> and it will start
> downloading some messages and at times it will hit a certain message and the
> server will return that the client has done something bad, and the client
> will say that the issue was caused by the server causing problems. Are
> there known issues with the 4.04 version of qpopper with Outlook Express
> using SSL/TLS? I can change the server to the non-secure version, and this
> change downloads the messages just fine. Also, I can download almost every
> message using the secure version but certain messages cause problems.
>
> Any ideas? Anyone else have issues like this? Is it Outlook Express or is
> it qpopper?
There are 6 different versions of Outlook and Outlook Express. They
ALL exhibit different behaviours, they ALL are really good at finding
(and executing) code; therefore virus magnets. None of them behave
100% correctly.
A very, very large bank BANNED it and, when someone insisted on using
it anyhow and infected the file server with Yet Another Outlook Virus,
got his ass hauled out of the building by security.
Try another client and see if the problem doesn't go away.
Eudora and Mozilla are free. As is PC-Pine, and several dozen
other clients.
Date: Wed, 18 Sep 2002 18:10:28 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Linking error poppassd, authenticat. order?
At 9:39 PM +0200 9/9/02, Andi Reisenhofer wrote:
> 1) Compiling/linking poppassd gives me errors:
>
> cd ../password && make all
> make[2]: Entering directory `/usr/local/src/qpopper4.0.4/password'
> gcc -o poppassd auth_user.o poppassd.o -ldl -lpam \
> ../common/libcommon.a
> poppassd.o: In function `chkPass':
> /usr/local/src/qpopper4.0.4/password/poppassd.c:1197: undefined reference to
> `auth_user'
> collect2: ld returned 1 exit status
> make[2]: *** [poppassd] Error 1
> make[2]: Leaving directory `/usr/local/src/qpopper4.0.4/password'
> make[1]: *** [poppassd] Error 2
> make[1]: Leaving directory `/usr/local/src/qpopper4.0.4/popper'
> make: *** [popper_server] Error 2
Try doing a 'make realclean' and then re-run ./configure, but omit
the '--enable-specialauth' you added before. You usually don't need
to specify this; ./configure generally figures out if it is needed;
specifying it when it isn't needed can cause the error you are seeing.
> 2) Do I need the the poppassd daemon running to get apop auth. working?
No, the two are entirely separate. In fact, poppassd won't even
change the apop password (it could be hacked to do so, but you would
really want to run it under TLS).
> 3) How is the order how qpopper uses the auth. methods or must
> I configure that with ./configure script or with the qpoppers -f option in
> a config
> file.
>
> e.g. what should I configure if I wanted to use apop and/or pam (ldap) as
> auth
> method. or can I use always on method at once e.g. apop or pam (ldap).
You don't configure this in Qpopper. If a user has an APOP password,
Qpopper requires the user to authenticate using APOP and not any
other mechanism.
> 4) I assume SSL (--with-openssl) can be used for all auth options.
Yes, it's independent of authentication.
From: =?iso-8859-1?Q?Damián_Lezama?= <dlezama at comercialnet.com dot uy>
Subject: I Need help with a Strange Problem !
Date: Thu, 19 Sep 2002 03:01:38 -0300
I've been using qpopper without any trouble for some time. Yesterday some
users downloaded their mails with outlook and got messages with no subject,
no body, and an attachment called ATTXXXXX.TXT (where X's are numbers).
Mail
was deleted from server and I don't know how (if it's possible) to recover
this messages.
If anybody knows what could have happend or (I don't have much hope about
the next) there is a way of recovering those messages, I would thank him a
lot for helping me. I want to prevent this from repeating in the future.
Thanks in advance.
Damián Lezama
Subject: Scripts for analying POP3 usage
From: Kenneth Porter <shiva at well dot com>
Date: 19 Sep 2002 06:32:53 -0700
Has anyone a script for analyzing usage?
I want to scan my logs for users who leave mail on the server and for
mailboxes that haven't been popped in some period of time, or those that
have never been popped. I figure this can be done by grepping all the
Stats lines from the maillog file and doing some processing on them,
comparing them to the list of files in the spool directory.
Date: Thu, 19 Sep 2002 13:39:19 +0000 (GMT)
From: Jannetta S Lewis <jannetta at henning dot org>
Subject: stale lock files
Does anybody perhaps have a script that I can run as a cronjob for
removing stale .user.pop files. I am forever battling to get my email down
just to realise that the .user.pop file was left behind when a previoud
download was interrupted.
===============================================================
Jannetta S Lewis
email: jannetta at henning dot org
home page: http://bright-ideas.keystroke.info
===============================================================
Date: Thu, 19 Sep 2002 08:47:36 -0700
From: John Rudd <jrudd at cats.ucsc dot edu>
Subject: Kerberos support
[I tried to send this yesterday, but it doesn't seem to have actually
reached the list ... hopefully it'll go through this time]
I recently upgraded from qpopper 3.1 to 4.0.4. We use qpopper in a few
different configs, and one of them requires kerberos support. So I
entered
the same configure* args I had used in 3.1, and then ran make. Here's
the
errors I got:
Undefined first referenced
symbol in file
krb_mk_priv
/usr/local/lib/libkrb5util.a(compat_recv.o)
krb_net_write
/usr/local/lib/libkrb5util.a(compat_recv.o)
krb_net_read
/usr/local/lib/libkrb5util.a(compat_recv.o)
krb_rd_req
/usr/local/lib/libkrb5util.a(compat_recv.o)
I don't know if it matters that our krb5 installation uses krb4 compat
mode,
so maybe these functions would have been in libkrb5util if we were a
pure
krb5 site ... but they aren't for us. So I had to go in to
popper/Makefile
and modify the "LIBS" line to include both -lkrb5 and -l krb4
(note: changing the KERBEROS_LIBS line had no effect, you must change
the
LIBS line)
It then compiled just fine. Though, we haven't tested the binary yet.
I'm mostly sending this in case it's a bug in the kerberos support that
needs
to be fixed, and to hear if anyone else had similar problems (this is my
first
message on the qpopper mailing list).
* our configure args:
./configure --with-bulletins=/var/spool/bulls --with-new-bulls=5 \
--enable-home-dir-mail=mailspool
--enable-temp-drop-dir=/var/spool/poptmp \
--with-log-facility=LOG_LOCAL1 --disable-check-pw-max \
--disable-old-spool-loc --with-kerberos5=/usr/local --enable-kuserok
\
--enable-ksockinst --enable-standalone
John Rudd
Senior Unix Systems Administrator
Computing and Technology Services (CATS)
University of California, Santa Cruz
Date: Thu, 19 Sep 2002 12:19:06 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Scripts for analying POP3 usage
On 19 Sep 2002, Kenneth Porter wrote:
> I want to scan my logs for users who leave mail on the server and for
> mailboxes that haven't been popped in some period of time, or those that
> have never been popped.
find -atime is probably a better tool for this.
> I figure this can be done by grepping all the
> Stats lines from the maillog file and doing some processing on them,
> comparing them to the list of files in the spool directory.
A non-accessed mail file will have an old atime stamp, even if there's
been new mail, so tracking these is fairly easy..
AB
Subject: Re: Scripts for analying POP3 usage
From: Kenneth Porter <shiva at well dot com>
Date: 19 Sep 2002 09:39:36 -0700
On Thu, 2002-09-19 at 09:19, Alan Brown wrote:
> A non-accessed mail file will have an old atime stamp, even if there's
> been new mail, so tracking these is fairly easy..
Alas, that won't work for me. My nightly backup job does a "restore -C"
to verify the backup, and that will update the atime on all the files on
the system.
Date: Thu, 19 Sep 2002 13:42:23 -0400 (EDT)
From: Chip Old <fold at bcpl dot net>
Subject: Re: Scripts for analying POP3 usage
On Thu, 19 Sep 2002, Alan Brown wrote to Kenneth Porter:
> find -atime is probably a better tool for this.
> [snip]
> A non-accessed mail file will have an old atime stamp, even if there's
> been new mail, so tracking these is fairly easy..
We run this early every morning as a cron job, on the theory that anyone
who hasn't accessed his/her mail in 30 days isn't interested in e-mail:
find /var/mail -atime +30 -print -exec rm {} \;
The "-print" output causes cron to e-mail a list of the deleted mailboxes
to root.
--
Chip Old (Francis E. Old) E-Mail: fold at bcpl dot net
Manager, BCPL Network Services Phone: 410-887-6180
Manager, BCPL.NET Internet Services FAX: 410-887-2091
320 York Road
Towson, MD 21204 USA
Date: Thu, 19 Sep 2002 11:06:01 -0700 (PDT)
From: Gregory Hicks <ghicks at cadence dot com>
Subject: Re: Scripts for analying POP3 usage
> Date: Thu, 19 Sep 2002 13:42:23 -0400 (EDT)
> From: Chip Old <fold at bcpl dot net>
>
> On Thu, 19 Sep 2002, Alan Brown wrote to Kenneth Porter:
>
> > find -atime is probably a better tool for this.
> > [snip]
> > A non-accessed mail file will have an old atime stamp, even if there's
> > been new mail, so tracking these is fairly easy..
>
> We run this early every morning as a cron job, on the theory that anyone
> who hasn't accessed his/her mail in 30 days isn't interested in e-mail:
>
> find /var/mail -atime +30 -print -exec rm {} \;
>
> The "-print" output causes cron to e-mail a list of the deleted mailboxes
> to root.
Sometime ago, someone supplied a pointer to 'preenmail'. That allows
you to specify a date 30, 60, 90, whatever days ago and to delete all
mail older than that date.
I found the package after some searching although I am sure the
archives still have a pointer... At least, I *think* I have the
package. What I have is about 25K uuencoded...
Regards,
gregory Hicks
>
> --
> Chip Old (Francis E. Old) E-Mail: fold at bcpl dot net
> Manager, BCPL Network Services Phone: 410-887-6180
> Manager, BCPL.NET Internet Services FAX: 410-887-2091
> 320 York Road
> Towson, MD 21204 USA
>
-------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400
San Jose, CA 95134 | Internet: ghicks at cadence dot com
"The trouble with doing anything right the first time is that nobody
appreciates how difficult it was."
When a team of dedicated individuals makes a commitment to act as
one... the sky's the limit.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
You can have it done good, fast, or cheap -- pick any two.
Date: Thu, 19 Sep 2002 14:58:28 -0400 (EDT)
From: Chip Old <fold at bcpl dot net>
Subject: Re: Scripts for analying POP3 usage
On Thu, 19 Sep 2002, Gregory Hicks wrote to fold at bcpl dot net and...:
> > From: Chip Old <fold at bcpl dot net>
> >
> > We run this early every morning as a cron job, on the theory that anyone
> > who hasn't accessed his/her mail in 30 days isn't interested in e-mail:
> >
> > find /var/mail -atime +30 -print -exec rm {} \;
>
> Sometime ago, someone supplied a pointer to 'preenmail'. That allows
> you to specify a date 30, 60, 90, whatever days ago and to delete all
> mail older than that date.
That doesn't do the same thing. It deletes individual messages that are
over some number of days old. The "find" command above deletes the entire
mailbox if it hasn't been accessed in over 30 days. We need this because
we have a large number of customers who for various reasons use Hotmail
and other non-local e-mail accounts, and never read their mail on our
system.
--
Chip Old (Francis E. Old) E-Mail: fold at bcpl dot net
Manager, BCPL Network Services Phone: 410-887-6180
Manager, BCPL.NET Internet Services FAX: 410-887-2091
Baltimore County Public Library
320 York Road
Towson, MD 21204 USA
Date: Thu, 19 Sep 2002 15:20:58 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Scripts for analying POP3 usage
On Thu, 19 Sep 2002, Gregory Hicks wrote:
> Sometime ago, someone supplied a pointer to 'preenmail'. That allows
> you to specify a date 30, 60, 90, whatever days ago and to delete all
> mail older than that date.
The problem with doing that is that it also finds mail the user has left
on server, so if you're wanting to track dead/abandoned accounts it
causes problems of its own by updating the folder stamp. It's primarily
intended as a way of enforcing serverside (don't store) storage
policies.
As far as the backup program mentioned by another poster goes, there
should be a flag to not tweak atime/mtime/ctime stamps on files being
backed up.
As per usual, there are a dozen different ways of killing this cat, all
with their own advantages and disadvantages. Thankfully we're not all at
each others' throats about how to do this. :-)
AB
From: "Justin Ainsworth" <jda at sunset dot net>
Subject: RE: Scripts for analying POP3 usage
Date: Thu, 19 Sep 2002 12:47:29 -0700
Here is a perl script that I wrote a while back that keeps track of how
many days it has been since a user has checked there mail. This could
be useful for what you are trying to do. You will need to change the
variable $file to be a file that can be created on your system. This
script is designed to run nightly, after the popper.log has been
rotated. You can then process the $file whenever you want to delete
mailboxes that haven't been used after a certain period of time.
[--snip--]
#!/usr/local/bin/perl
########################################################################
##
##
## For Sunset Net LLC
##
## Program Name: last_pop.pl
## Programmer: Justin Ainsworth (justin at justinainsworth dot com)
## Date: May 24, 2001 @ 10:50pm
##
##**********************************************************************
**
##
## Filename: last_pop.pl
## Description: Generates a list of users who didn't pop there
## mail yesterday.
##
## ChangeLog:
##
########################################################################
##
use strict;
my $DEBUG = 0;
my %LAST;
my %USERS;
my %SYSTEM_ACCOUNTS;
my $file
"/usr/local/bin/sunset-scripts/maintenance/non_popping_users";
# Get a list of all CURRENT users
my @TMP = `cat /etc/passwd | /usr/bin/cut -d: -f 1`;
chomp(@TMP);
foreach my $line (@TMP){
$USERS{$line} = 1;
}
@TMP = `cat /etc/systemaccounts`;
chomp(@TMP);
foreach my $line (@TMP){
$SYSTEM_ACCOUNTS{$line} = 1;
}
# Find out how long it has been since they last popped there mail
if( -f $file){
open(LOG,$file);
my @TMP = <LOG>;
chomp(@TMP);
close(LOG);
foreach my $line (@TMP){
my($user,$num_days) = split(/:/,$line);
if($USERS{$user}){
$LAST{$user} = $num_days;
}
}
}
foreach my $key (keys(%USERS)){
if(!$LAST{$key}){
$LAST{$key} = 0;
}
}
# Increment everyone up one day
foreach my $key (keys(%LAST)){
if(-f "/usr/cust/$key/.forward"){
} elsif ( -f "/usr/cust/$key/.procmailrc" ){
} else {
$LAST{$key} = $LAST{$key} + 1;
}
}
my @TMP = `/bin/gunzip -c /var/log/popper.log.1.gz | /bin/grep -v
127.0.0.1 | /usr/bin/cut -d' ' -f 7 | /bin/sort | /usr/bin/uniq`;
chomp(@TMP);
# Everyone who checked mail yesterday get set to 0
foreach my $line (@TMP){
$LAST{$line} = 0;
if($DEBUG){
print "$line\n";
}
}
# All system accounts get set to 0
foreach my $key (keys %SYSTEM_ACCOUNTS){
$LAST{$key} = 0;
}
if($DEBUG){
foreach my $key (sort(keys %LAST)){
print "$key:$LAST{$key}\n";
}
}
open(FILE,">$file");
foreach my $key (sort(keys(%LAST))){
if($LAST{$key} != 0){
print FILE "$key:$LAST{$key}\n";
}
}
close(FILE);
[--Snip--]
.~.
/v\
-- // \\
JA /( )\
^`~`^
L I N U X
[-----------------------------------------------------------]
Justin Ainsworth Systems Administrator
PHONE: (530) 879-5660x108 Sunset Net LLC
FAX: (530) 879-5676 1915 Mangrove Ave
WEB: http://www.sunset.net Chico, CA 95926
EMAIL: jda at sunset dot net
[-----------------------------------------------------------]
> -----Original Message-----
> From: Alan Brown [mailto:alanb at digistar dot com]
> Sent: Thursday, September 19, 2002 12:21 PM
> To: Gregory Hicks
> Cc: fold at bcpl.net; qpopper at lists dot pensive dot org
> Subject: Re: Scripts for analying POP3 usage
>
>
> On Thu, 19 Sep 2002, Gregory Hicks wrote:
>
> > Sometime ago, someone supplied a pointer to 'preenmail'.
> That allows
> > you to specify a date 30, 60, 90, whatever days ago and to
> delete all
> > mail older than that date.
>
> The problem with doing that is that it also finds mail the
> user has left on server, so if you're wanting to track
> dead/abandoned accounts it causes problems of its own by
> updating the folder stamp. It's primarily intended as a way
> of enforcing serverside (don't store) storage policies.
>
> As far as the backup program mentioned by another poster
> goes, there should be a flag to not tweak atime/mtime/ctime
> stamps on files being backed up.
>
>
> As per usual, there are a dozen different ways of killing
> this cat, all with their own advantages and disadvantages.
> Thankfully we're not all at each others' throats about how to
> do this. :-)
>
> AB
>
>
>
Date: Fri, 20 Sep 2002 09:31:25 +1200
From: Simon Byrnand <simon at igrin.co dot nz>
Subject: Re: stale lock files
At 13:39 19/09/02 +0000, Jannetta S Lewis wrote:
>Does anybody perhaps have a script that I can run as a cronjob for
>removing stale .user.pop files. I am forever battling to get my email down
>just to realise that the .user.pop file was left behind when a previoud
>download was interrupted.
You should never have to manually delete a .pop file - if you do, something
is seriously wrong.
Interrupting a download will not cause a stale .pop file - after qpopper
realises the connection is lost (which could take up to 10 minutes or so
depending on your OS's tcp timeout and retry settings) it will exit and the
.pop file is removed.
The only way a stale .pop file would be left behind indefinately is if the
popper process itself crashed, or was forcibly (-9) killed, or the
operating system crashed.
And you do realise that the .pop file contains all the messages that were
in the users mailbox at the time they were popping it, and that forcibly
deleting it (especially if the popper process that created it is still
alive) is a sure way to lose/corrupt messages...
Regards,
Simon
Date: Fri, 20 Sep 2002 09:56:40 +1200
From: Simon Byrnand <simon at igrin.co dot nz>
Subject: Re: stale lock files
At 17:38 19/09/02 -0400, Alan Brown wrote:
>On Fri, 20 Sep 2002, Simon Byrnand wrote:
>
>> The only way a stale .pop file would be left behind indefinately is if the
>> popper process itself crashed, or was forcibly (-9) killed, or the
>> operating system crashed.
>
>Or Qpopper flags are set to leave them behind. They're another way of
>seeing whan a user last popped.
Would that prevent new sessions from logging on later though ? And if so,
what would be the point ?
It sounds like in his case the stale .pop files are preventing him from
logging in again, so I doubt thats the case here.
It needs to be established whether they're really stale, or whether the
popper process is just taking a long time to exit after a session is lost.
I found that it could take anywhere from 5 to 15 minutes for a session to
time out if the user "dissapeared" completely (eg modem hangup)
In my case (Linux 2.2.21) I found the following settings eased the problem
a great deal:
echo 3 >/proc/sys/net/ipv4/tcp_retries1
echo 5 >/proc/sys/net/ipv4/tcp_retries2
The default settings were 7 and 15 respectively. Now a disapearing client
causes qpopper to timeout usally between about 2 and 3 minutes. (And
doesn't seem to negatively impact other programs.... since it is a global
tcp setting...)
Regards,
Simon
Date: Thu, 19 Sep 2002 18:07:01 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: stale lock files
On Fri, 20 Sep 2002, Simon Byrnand wrote:
> >Or Qpopper flags are set to leave them behind. They're another way of
> >seeing whan a user last popped.
>
> Would that prevent new sessions from logging on later though ?
No.
> And if so,
> what would be the point ?
Later sessions will only be blocked in the face of user.pop files if the
process ID referenced stille exists.
> It sounds like in his case the stale .pop files are preventing him from
> logging in again, so I doubt thats the case here.
>
> It needs to be established whether they're really stale, or whether the
> popper process is just taking a long time to exit after a session is lost.
Yes it does. Every time I've gone through this I've found there's a pop
session left hanging
> I found that it could take anywhere from 5 to 15 minutes for a session to
> time out if the user "dissapeared" completely (eg modem hangup)
You can tune this at startup. Check the -T flag.
Date: Thu, 19 Sep 2002 17:38:49 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: stale lock files
On Fri, 20 Sep 2002, Simon Byrnand wrote:
> The only way a stale .pop file would be left behind indefinately is if the
> popper process itself crashed, or was forcibly (-9) killed, or the
> operating system crashed.
Or Qpopper flags are set to leave them behind. They're another way of
seeing whan a user last popped.
Date: Fri, 20 Sep 2002 10:36:03 +1200
From: Simon Byrnand <simon at igrin.co dot nz>
Subject: Re: stale lock files
At 18:07 19/09/02 -0400, Alan Brown wrote:
>On Fri, 20 Sep 2002, Simon Byrnand wrote:
>
>> >Or Qpopper flags are set to leave them behind. They're another way of
>> >seeing whan a user last popped.
>>
>> Would that prevent new sessions from logging on later though ?
>
>No.
>
>> And if so,
>> what would be the point ?
>
>Later sessions will only be blocked in the face of user.pop files if the
>process ID referenced stille exists.
Ah ok.
>
>> It sounds like in his case the stale .pop files are preventing him from
>> logging in again, so I doubt thats the case here.
>>
>> It needs to be established whether they're really stale, or whether the
>> popper process is just taking a long time to exit after a session is lost.
>
>Yes it does. Every time I've gone through this I've found there's a pop
>session left hanging
>
>> I found that it could take anywhere from 5 to 15 minutes for a session to
>> time out if the user "dissapeared" completely (eg modem hangup)
>
>You can tune this at startup. Check the -T flag.
Err, nope.
Been there, done that :)
-T only controls the command timeout for Qpopper - in other words how long
it will wait for a new command from the client, when it is not in the
middle of processing a command. (For example sending the body of a message)
If the user is in the middle of downloading a large message and their modem
gets disconnected, what happens is the outgoing TCP queue for that
connection fills up to the maximum very quickly (typically 64KB) and
qpopper gets put to sleep waiting for the queue to clear a bit.
Because the user has gone, the queue is never drained, and qpopper doesn't
get a chance to run. The -T option has NO effect here. (Trust me, I've tried)
Qpopper is at the mercy of the TCP timeouts of the OS - eventually the OS
will decide that the TCP session is dead, and wakes qpopper up and breaks
the connection. You'll see something like -ERR SIGHUP or SIGPIPE flagged in
the log file.
The only thing that controls how long this timeout takes is the TCP timeout
settings in the OS.
Regards,
Simon
Date: Fri, 20 Sep 2002 07:48:19 -0500
From: Jeff West <J.West at astronautics dot com>
Subject: Re: I Need help with a Strange Problem !
Consider this problem may reside on the client side. Possibly a
virus. Possibly corrupt Outlook mailboxe(s) or index file (the Outlook
Express index file is called FOLDERS.DBX, not sure what Outlook calls
it). What does your pop log say about these users checking their mail?
At 9/19/2002 01:01 AM, you wrote:
> I've been using qpopper without any trouble for some time. Yesterday some
> users downloaded their mails with outlook and got messages with no
subject,
> no body, and an attachment called ATTXXXXX.TXT (where X's are numbers).
>Mail
> was deleted from server and I don't know how (if it's possible) to
recover
> this messages.
>
> If anybody knows what could have happend or (I don't have much hope about
> the next) there is a way of recovering those messages, I would thank him
a
> lot for helping me. I want to prevent this from repeating in the future.
>
> Thanks in advance.
>
> Damián Lezama
From: Drew Weaver <drew.weaver at thenap dot com>
Subject: .lock.username, delete and it deletes all of users mail??
Date: Fri, 20 Sep 2002 14:14:53 -0400
Is this normal? This is the first time its happened to me, a user had a
'constant' poplock, so I deleted the .lock file, and the /var/mail/user
account is now at 0.
I've done this a bunch of times and this has never happened.
Any ideas?
-Drew
Date: Fri, 20 Sep 2002 12:28:17 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0.5b1 + OpenSSL 0.9.6g still not work?
At 3:16 PM -0500 9/11/02, Scott Johnson wrote:
> What changed in openssl that broke 4.0.4 w/Eudora?
A new security counter-measure. You can disable it by setting
SL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
Date: Fri, 20 Sep 2002 12:30:08 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0.5b1 + OpenSSL 0.9.6g still not work?
At 5:11 PM -0400 9/11/02, Gary Schrock wrote:
> Ok, after some searching on usenet, it appears that the problem is
> in eudora, where it has problems with the recent openssl stuff. It
> appears that it can be worked around with the patch in this
> message:
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=51198D.6050802%40gnarst.net
>
> Seems to work to me, not sure what side effects that patch might
> have, so use at your own risk.
Applying the patch is the same as running 4.0.5b and setting the
option to enable all OpenSSL workarounds. You can be more
conservative by running 4.0.5b and only setting
SL_OP_DONT_INSERT_EMPTY_FRAGMENTS, which sets only the one specific
workaround needed to interoperate with currently deployed versions of
Eudora.
Date: Fri, 20 Sep 2002 16:03:05 -0400
From: Joseph S D Yao <jsdy at center.osis dot gov>
Subject: Re: .lock.username, delete and it deletes all of users mail??
On Fri, Sep 20, 2002 at 02:14:53PM -0400, Drew Weaver wrote:
> Is this normal? This is the first time its happened to me, a user had a
> 'constant' poplock, so I deleted the .lock file, and the /var/mail/user
> account is now at 0.
>
> I've done this a bunch of times and this has never happened.
>
> Any ideas?
>
> -Drew
I'm afraid that this is normal; your actions were understandable but
not correct.
Qpopper apparently creates and locks the .user.lock file, then locks
the mail file ["user"], copies all existing mail into the .mail.lock
file, and unlocks the "user" file. That way, while the POP user is
playing around with his or her mailbox, new mail can arrive in the
"user" mailbox file.
When this happens, I first make sure that there is not still a
'popper' process running with that person's UID. Often, MSW will leave
a port open to the POP server! If so, the user has to shut things down
[including sometimes logging out or re-booting] until the 'popper'
process goes away. Then, the user should be able to go back in and get
his or her e-mail.
In the case that there is no 'popper' process running, and the
.user.lock file still exists, then you should prepend the contents of
the .user.lock file to the "user" mailbox file. One way to do this is
to 'cat .user.lock user > /tmp/some-other-file' and then copy the new
file back over the "user" mailbox file. Be sure not to over-write any
incoming mail!
Hope this helps.
Also hope you had some backups. ;-)
--
Joe Yao jsdy at center.osis dot gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
Date: Fri, 20 Sep 2002 12:27:09 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: 4.0.5b1 + OpenSSL 0.9.6g still not work?
At 3:08 PM -0500 9/11/02, Scott Johnson wrote:
> I'm trying to stay away from beta-level software at my installation.
Understandable, but in this case 4.0.5bx has very few changes (feel
free to run a diff and check them out). The main change is the
ability to set the OpenSSL options to enable work-arounds.
> The tls-options setting that Brian mentioned below definitely
> doesn't work with 4.0.4:
>
> Unrecognized option; scanning "tls-options" at line 9 of config
> file /etc/popper.conf
Right, that's the main change in 4.0.5: the ability to set these options.
> So does qpopper just not work with the more recent versions of OpenSSL?
Qpopper does, but there is an interoperability problem with Eudora's
TLS/SSL library and a new security counter-measure introduced in
recent OpenSSL versions. The new Qpopper tls-options setting allows
you to turn this off, and have things work again. Once a version of
Eudora is available that works with OpenSSL without setting the
work-around, you can remove it from the config file.
Date: Fri, 20 Sep 2002 13:58:39 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: PGP and policy (Re: Alternatives to SSL and crypto
At 12:31 PM -0400 9/14/02, Alan Brown wrote:
> There are an awful lot of network admins out there who aren't much
> brighter than a turnip....
There's a Steve Dorner quote along those lines: "A server is only as
secure as its dumbest administrator."
Date: Fri, 20 Sep 2002 14:00:26 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Bulletin From error
At 7:13 PM +0200 9/14/02, Andi Reisenhofer wrote:
> I try to use Bulletins from a bulletins dir and get the following messages
> Sep 14 18:59:00.875 2002 [2733] Bulletin 00001.bulletins does not start with
> a valid "From " separator [pop_bull.c:732]
Try sending the desired bulletin text to yourself (or to a test
account) and then copy the full text from the spool.
Date: Fri, 20 Sep 2002 13:55:25 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: SSL bug: Solution! (It's a Eudora bug, with a qpopper
At 9:44 PM -0700 9/11/02, Kenneth Porter wrote:
> I'm pasting the patch inline. The patch was posted to the Eudora
> newsgroup by Brendan Bank (brendans-nomail at gnarst dot net).
Applying the patch is the same as running 4.0.5b and setting the
SSL_OP_ALL option.
> I looked at the man page for SSL_CTX_set_options and it looks like
> SSL_OP_ALL turns on all client bug workarounds. That suggests that
> Eudora has one or more of the mentioned bugs. The fact that the new
> OpenSSL breaks qpopper/Eudora suggests that the old OpenSSL had at least
> the relevant workaround on by default and the new one defaults to
> workarounds off.
>
> Maybe Randall can work with the Eudora folk to narrow down which client
> bug is the issue, so we don't have to enable all the workarounds.
You don't have to enable all workarounds. You can run 4.0.5b and set
SL_OP_DONT_INSERT_EMPTY_FRAGMENTS (as shown in the
samples/qpopper.config file).
Date: Fri, 20 Sep 2002 13:15:21 -0700
Subject: qpopper stls annoyance
From: John Rudd <jrudd at cats.ucsc dot edu>
1) If I compile openssl support in qpopper 4.0.4, it works if I run it on
port 995 (ie. "alternate port" and not "stls"), and mostly works if I run
it on port 110 ... except that a very few of our Eudora clients complain
and refuse to connect on port 110. (most of our Eudora clients are just
fine, though, and all of our other POP clients work perfectly)
2) If I disable SSL on port 110, then I get an odd behavior. The "stls"
command generates an error that stls isn't enabled (I expect that), and
then it disconnects the session (not at all what I expect). I don't know
if clients will react well to that (ie. reconnect and not try stls again).
3) If I reconfigure/recompile without SSL support, I get a completely
unacceptable situation: it behaves exactly the same as though I had
disabled stls in the config file. That's completely wrong. If I don't
enable SSL support in the configure/compile steps, then it should act like
an older pop3 server that simply doesn't recognize the command (and, I'll
note, under qpopper 3.1, if you generate the stls command, it simply says
its an unrecognized command).
Ideally, case #3 should create a popper that treats the stls command in the
exact same manner that qpopper 3.1 did. It would be nice if case #2 did
the same thing (I wouldn't have to have multiple binaries, just multiple
config files). It would also be nice to know if Eudora handles the stls
error in case #2 gracefully (so far, Eudora is always our main "problem
child" when it comes to handling things gracefully ... it didn't work with
qpopper3.1+stunnel, for example, unlike every decent pop client).
Does anyone have a solution or work around for this? Other than "only use
qpopper4.0.4 on the SPOP port, and keep using qpopper3.1 on the POP3 port"
, which is our current plan. Does anyone know how various POP clients deal
with the behavior of case #2 when they want stls, but get rejected and
disconnected? Do they sucessfully retry without stls, or do they leave the
user out to dry?
Date: Fri, 20 Sep 2002 14:52:01 -0700
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Scripts for analying POP3 usage
Quoting Chip Old (fold at bcpl dot net):
> On Thu, 19 Sep 2002, Alan Brown wrote to Kenneth Porter:
>
> > find -atime is probably a better tool for this.
> > [snip]
> > A non-accessed mail file will have an old atime stamp, even if there's
> > been new mail, so tracking these is fairly easy..
>
> We run this early every morning as a cron job, on the theory that anyone
> who hasn't accessed his/her mail in 30 days isn't interested in e-mail:
>
> find /var/mail -atime +30 -print -exec rm {} \;
Um, except that if they GET a message, that atime is updated.
No, better is to look at the .$user.pop to see when they last logged in.
or a simple log parsing script that sees a user and sticks
that username in a hash with the time. At the end, it prints
out the hash with the time (which will be the last access
time).
Date: Fri, 20 Sep 2002 20:29:47 -0400 (EDT)
From: Chip Old <fold at bcpl dot net>
Subject: Re: Scripts for analying POP3 usage
On Fri, 20 Sep 2002, Chuck Yerkes wrote to Chip Old:
> Quoting Chip Old (fold at bcpl dot net):
> > We run this early every morning as a cron job, on the theory that
> > anyone who hasn't accessed his/her mail in 30 days isn't interested in
> > e-mail:
> >
> > find /var/mail -atime +30 -print -exec rm {} \;
>
> Um, except that if they GET a message, that atime is updated.
Um, no it isn't. mtime is, but atime is not. atime is updated only when
the mailbox is read, not when it is written to.
> No, better is to look at the .$user.pop to see when they last logged in.
That assumes you don't delete .user.pop after a session ends. That isn't
always practical.
> or a simple log parsing script that sees a user and sticks that username
> in a hash with the time. At the end, it prints out the hash with the
> time (which will be the last access time).
Yes, that would work. But why go to that trouble? When the goal is to
delete mailboxes that haven't been accessed by their owners in over 30
days, "find /var/mail -atime +30 -print -exec rm {} \;" works perfectly.
--
Chip Old (Francis E. Old) E-Mail: fold at bcpl dot net
Manager, BCPL Network Services Phone: 410-887-6180
Manager, BCPL.NET Internet Services FAX: 410-887-2091
320 York Road
Towson, MD 21204 USA
Date: Sat, 21 Sep 2002 12:34:58 -0400 (EDT)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Scripts for analying POP3 usage
On Fri, 20 Sep 2002, Chuck Yerkes wrote:
> > find /var/mail -atime +30 -print -exec rm {} \;
>
> Um, except that if they GET a message, that atime is updated.
No, the mtime is updated. The atime isn't.
> No, better is to look at the .$user.pop to see when they last logged in.
Assuming you're keeping $user.pop files
k
From: "Andi Reisenhofer" <guru.andy at aon dot at>
Subject: Re: Bulletin From error
Date: Sat, 21 Sep 2002 19:24:38 +0200
Hallo Randall,
Many thanks.
I did what you advised and than it worked thanks.
Gr. Andreas
> At 7:13 PM +0200 9/14/02, Andi Reisenhofer wrote:
>
> > I try to use Bulletins from a bulletins dir and get the following
messages
>
>
> > Sep 14 18:59:00.875 2002 [2733] Bulletin 00001.bulletins does not start
with
> > a valid "From " separator [pop_bull.c:732]
>
> Try sending the desired bulletin text to yourself (or to a test
> account) and then copy the full text from the spool.
>
Date: Mon, 23 Sep 2002 09:38:39 +1200
From: Simon Byrnand <simon at igrin.co dot nz>
Subject: Re: qpopper stls annoyance
At 13:15 20/09/02 -0700, John Rudd wrote:
>1) If I compile openssl support in qpopper 4.0.4, it works if I run it on
>port 995 (ie. "alternate port" and not "stls"), and mostly works if I run
>it on port 110 ... except that a very few of our Eudora clients complain
>and refuse to connect on port 110. (most of our Eudora clients are just
>fine, though, and all of our other POP clients work perfectly)
>
>2) If I disable SSL on port 110, then I get an odd behavior. The "stls"
>command generates an error that stls isn't enabled (I expect that), and
>then it disconnects the session (not at all what I expect). I don't know
>if clients will react well to that (ie. reconnect and not try stls again).
>
>3) If I reconfigure/recompile without SSL support, I get a completely
>unacceptable situation: it behaves exactly the same as though I had
>disabled stls in the config file. That's completely wrong. If I don't
>enable SSL support in the configure/compile steps, then it should act like
>an older pop3 server that simply doesn't recognize the command (and, I'll
>note, under qpopper 3.1, if you generate the stls command, it simply says
>its an unrecognized command).
>
>
>Ideally, case #3 should create a popper that treats the stls command in the
>exact same manner that qpopper 3.1 did. It would be nice if case #2 did
>the same thing (I wouldn't have to have multiple binaries, just multiple
>config files). It would also be nice to know if Eudora handles the stls
>error in case #2 gracefully (so far, Eudora is always our main "problem
>child" when it comes to handling things gracefully ... it didn't work with
>qpopper3.1+stunnel, for example, unlike every decent pop client).
>
>Does anyone have a solution or work around for this? Other than "only use
>qpopper4.0.4 on the SPOP port, and keep using qpopper3.1 on the POP3 port"
>, which is our current plan. Does anyone know how various POP clients deal
>with the behavior of case #2 when they want stls, but get rejected and
>disconnected? Do they sucessfully retry without stls, or do they leave the
>user out to dry?
Uh oh,
Groundhog day :)
Please check the archive for recent messages from me (there aren't many)
and Randell Gallens reply.
The STLS command causing a disconnection when STLS is not compiled in is a
bug that I ran into and worked around. Randell replied that yes it was a
bug, so I presume at some point in the beta series of 4.0.5b it will get
fixed.
Regards,
Simon
Date: Mon, 23 Sep 2002 17:55:10 +0500
From: Konstantin Chaus <chaus at ssu.samara dot ru>
Subject: connect to pop3 crashes with message....
Hello, All!
I installed the latest release of qpopper on Freebsd-4.6-release.
Made all instruction sets and recieved info that everything is OK.
But when I trito connect with
telnet localhost 110
I recieve something like this:
=
Sep 23 17:35:41 mail inetd[181]: refused connection from
localhost.my.domain, service qpopper (tcp)
=
Sendmail is operating quite ok. But what is with qpopper?
Thank in advance for your answers!
Date: Mon, 23 Sep 2002 11:32:55 -0700 (PDT)
From: Anthony Fleisher <fleisher at mind dot net>
Subject: Re: connect to pop3 crashes with message....
On Mon, 23 Sep 2002, Konstantin Chaus wrote:
> Hello, All!
>
> I installed the latest release of qpopper on Freebsd-4.6-release.
> Made all instruction sets and recieved info that everything is OK.
> But when I trito connect with
> telnet localhost 110
>
> I recieve something like this:
> =
> Sep 23 17:35:41 mail inetd[181]: refused connection from
> localhost.my.domain, service qpopper (tcp)
> =
>
> Sendmail is operating quite ok. But what is with qpopper?
> Thank in advance for your answers!
>
This looks like an issue with tcpwrappers. Make sure you have allowed
access to the qpopper service in /etc/hosts.allow.
--
Anthony Fleisher <fleisher at mind dot net>
Network Administrator
Internet Ventures Oregon
InfoStructure
Ashland, Oregon
Voice: (541)482-8324 Fax: (541)488-7599
Date: Mon, 23 Sep 2002 18:07:46 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: qpopper stls annoyance
At 9:38 AM +1200 9/23/02, Simon Byrnand wrote:
> The STLS command causing a disconnection when STLS is not compiled in is a
> bug that I ran into and worked around. Randell replied that yes it was a
> bug, so I presume at some point in the beta series of 4.0.5b it will get
> fixed.
It'll be in the next beta.
From: "Randy Ouellette" <randy at garanenterprises dot com>
Subject: installation problem - HELP
Date: Thu, 26 Sep 2002 10:44:49 -0400
RedHat6.2
kernel2.2.19
qpopper3.0.2
when I run the make command I get the following message. I've tried
installing the newer versions of qpopper and I always get the same
message. I can't seem to find any information regarding this error
message. Any help would be greatly appreciated.
In file included from /usr/include/bits/sigcontext.h:28,
from /usr/include/signal.h:300,
from popper.c:43:
/usr/include/asm/sigcontext.h:1: unterminated string or character
constant
/usr/include/asm/sigcontext.h:1: possible real start of unterminated
constant
make[1]: *** [popper.o] Error 1
make[1]: Leaving directory `/home/*****/qpopper3.0.2/popper'
make: *** [popper_server] Error 2
Randy
From: "Andi Reisenhofer" <guru.andy at aon dot at>
Subject: Re: installation problem - HELP
Date: Thu, 26 Sep 2002 21:30:16 +0200
Hallo Randy,
> RedHat6.2
Seems to be old?
Current is 7.3 or.
> kernel2.2.19
> qpopper3.0.2
Also old versions?
> when I run the make command I get the following message. I've tried
> installing the newer versions of qpopper and I always get the same
> message. I can't seem to find any information regarding this error
> message. Any help would be greatly appreciated.
>
> In file included from /usr/include/bits/sigcontext.h:28,
> from /usr/include/signal.h:300,
> from popper.c:43:
> /usr/include/asm/sigcontext.h:1: unterminated string or character
> constant
> /usr/include/asm/sigcontext.h:1: possible real start of unterminated
> constant
Look into this header file (> /usr/include/asm/sigcontext.h) if it is
damaged,
if so I can send you if you want.
I compiled qpopper 4.0.4 successfully on MDK8.2.
If you want this binary I can send it too but not sure if it will run
successf.
under RH6.2
Which configure option did you apply?
Can you show the content of configure.log
hth,
reg,
Andreas
Date: Fri, 27 Sep 2002 09:38:39 +1200
From: Simon Byrnand <simon at igrin.co dot nz>
Subject: Re: installation problem - HELP
At 10:44 26/09/02 -0400, Randy Ouellette wrote:
>RedHat6.2
Using that here too. (But with a number of updates)
>kernel2.2.19
And that. (Well, 2.2.20, almost the same ;-)
>qpopper3.0.2
Why such an old version ? Is there some reason you can't use 4.0.4 ?
I'd suggest you first of all check that your kernel headers are properly
installed. Also forget about 3.0.2, and go straight to 4.0.4. If you still
have trouble after that, let us know.
Regards,
Simon
Date: Fri, 27 Sep 2002 08:55:29 +0200
From: Piotr Kubiak <admin at dialcom.com dot pl>
Subject: problem with statistics logging
qpopper4.0.4
redhat 7.2 (kernel 2.4.19)
xinetd 2.3.3
qpopper compiled with:
./configure --enable-servermode --enable-bulletins=/var/spool/bulls
--enable-new-bulls=0 --enable-specialauth --enable-shy
--enable-temp-drop-dir=/var/spool/poptemp
--enable-cache-dir=/var/spool/popcache --with-log-facility=LOG_LOCAL1
--enable-uw-kludge --enable-nonauth-file=/etc/qpopper-noauth
--disable-chunky-writes --with-drac=/usr/src/drac-1.11
xinetd.d/pop3:
service pop3
{
disable = no
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/popper
server_args = -s
port = 110
}
the problem is that popper logs only errors
for instance: -ERR [AUTH] Access is blocked for UIDs below 10
after succesful login there's no sign of it in the logs
the same popper compiled the same way and run on machine with
inetd (not xinetd) logs sussesful logins
any ideas?
thanks
Piotr Kubiak
pozdrawiam
------------
P i o t r K u b i a k
a d m i n @ d i a l c o m . p l
Last updated on 26 Sep 2002 by Pensive Mailing List Admin