The qpopper list archive ending on 31 Mar 2004


Topics covered in this issue include:

  1. pop_user.c: In function `pop_user'
       Dilip M <dilipm at s7solutions dot com>
       Fri, 20 Feb 2004 15:06:29 +0530
  2. Re: -ERR Unknown command: "g". ?
       "Vsevolod (Simon) Ilyushchenko" <simonf at cshl dot edu>
       Fri, 20 Feb 2004 11:51:55 -0500
  3. Re: -ERR Unknown command: "g". ?
       Daniel Senie <dts at senie dot com>
       Fri, 20 Feb 2004 12:04:56 -0500
  4. Re: -ERR Unknown command: "g". ?
       "Vsevolod (Simon) Ilyushchenko" <simonf at cshl dot edu>
       Fri, 20 Feb 2004 13:28:09 -0500
  5. Re: pop_user.c: In function `pop_user'
       Kenneth Porter <shiva at sewingwitch dot com>
       Fri, 20 Feb 2004 16:25:53 -0800
  6. I start qpopper V4.0.3 out of inetd for receiving
       Harald Arnold <listen at arnold dot at>
       26 Feb 2004 21:32:09 +0100
  7. Re: I start qpopper V4.0.3 out of inetd for receiving
       William Buxton <billb at northnet dot net>
       Thu, 26 Feb 2004 15:24:53 -0600
  8. Re: I start qpopper V4.0.3 out of inetd for receiving
       William Buxton <billb at northnet dot net>
       Thu, 26 Feb 2004 15:47:53 -0600
  9. Berkleydb auth
       Mozzi <linux at mostert.nom dot za>
       Fri, 27 Feb 2004 11:02:01 +0200
 10. APOP and POP over SSL for one particular user possible?
       Motonori Shindo <mshindo at mshindo dot net>
       Fri, 27 Feb 2004 23:16:32 +0900 (JST)
 11. changing OUT_BUF_SIZE in popper.h
       Errol Casey <work-usenet at nouce dot net>
       Fri, 27 Feb 2004 11:51:07 -0500
 12. Failed initializing TLS/SSL (qpopper 4.0.5)
       Thomas =?iso-8859-15?q?Carrié?= <thocar at free dot fr>
       Fri, 27 Feb 2004 19:39:30 +0100
 13. Re: Failed initializing TLS/SSL (qpopper 4.0.5)
       Clifton Royston <cliftonr at lava dot net>
       Fri, 27 Feb 2004 09:41:14 -1000
 14. Re: APOP and POP over SSL for one particular user possible?
       Daniel Senie <dts at senie dot com>
       Fri, 27 Feb 2004 16:35:40 -0500
 15. Re: Berkleydb auth
       Chuck Yerkes <chuck+qpopper at yerkes dot com>
       Fri, 27 Feb 2004 16:40:38 -0500
 16. Re: APOP and POP over SSL for one particular user possible?
       Motonori Shindo <mshindo at mshindo dot net>
       Sat, 28 Feb 2004 11:07:08 +0900 (JST)
 17. Re: Failed initializing TLS/SSL (qpopper 4.0.5)
       Thomas =?iso-8859-1?q?Carrié?= <thocar at free dot fr>
       Tue, 2 Mar 2004 22:01:39 +0100
 18. Freedom for everyone
       louis at suffolk.lib.ny dot us
       Sat, 06 Mar 2004 11:28:07 -0800
 19. Permissions
       Mozzi <linux at mostert.nom dot za>
       Wed, 10 Mar 2004 14:31:58 +0200
 20. popper permissions
       Mozzi <linux at mostert.nom dot za>
       Wed, 10 Mar 2004 14:35:08 +0200
 21. Qpopper + Postfix
       g-r-v at ukr dot net
       Thu, 11 Mar 2004 08:36:59 +0200
 22. I/O error
       Mozzi <linux at mostert.nom dot za>
       Mon, 15 Mar 2004 14:19:06 +0200
 23. Re: I/O error
       Daniel Senie <dts at senie dot com>
       Mon, 15 Mar 2004 09:25:26 -0500
 24. Re: I/O error
       "Admins (at) domenca.com" <admins at domenca dot com>
       Mon, 15 Mar 2004 15:42:05 +0100
 25. Re: Permissions
       Chuck Yerkes <chuck+qpopper at yerkes dot com>
       Mon, 15 Mar 2004 15:16:27 -0500
 26. I/O error flushing output to client
       "Muhammad Talha" <talha at worldcall.net dot pk>
       Tue, 16 Mar 2004 10:48:51 +0500
 27. Re: I/O error flushing output to client
       Gerald <gcoon at inch dot com>
       Tue, 16 Mar 2004 10:00:44 -0500 (EST)
 28. RE: I/O error flushing output to client
       "Edward Chase" <echase at studentweb.providence dot edu>
       Tue, 16 Mar 2004 10:24:53 -0500
 29. RE: I/O error flushing output to client
       Gerald <gcoon at inch dot com>
       Tue, 16 Mar 2004 10:44:29 -0500 (EST)
 30. Re: I/O error flushing output to client
       "Muhammad Talha" <talha at worldcall.net dot pk>
       Tue, 16 Mar 2004 20:46:46 +0500
 31. Re: I/O error flushing output to client
       "Lisa Casey" <lisa at jellico dot net>
       Tue, 16 Mar 2004 12:54:21 -0500
 32. Re: I/O error flushing output to client
       Gerald <gcoon at inch dot com>
       Tue, 16 Mar 2004 13:45:47 -0500 (EST)
 33. Re: I/O error flushing output to client
       Chuck Yerkes <chuck+qpopper at yerkes dot com>
       Tue, 16 Mar 2004 16:12:44 -0500
 34. Re: I/O error flushing output to client
       Alan Brown <alanb at digistar dot com>
       Tue, 16 Mar 2004 18:34:05 -0500 (EST)
 35. Re: I/O error flushing output to client
       george <gasjr4wd at mac dot com>
       Tue, 16 Mar 2004 19:08:55 -0500
 36. Authenticating Virtual Domain Users
       Lee Terrell <leet at directcon dot net>
       Tue, 16 Mar 2004 16:41:40 -0800
 37. Re: I/O error flushing output to client
       Chuck Yerkes <chuck+qpopper at yerkes dot com>
       Wed, 17 Mar 2004 01:03:12 -0500
 38. error in mail messages when truing to receive email
       rtbates at patmedia dot net <rtbates at patmedia dot net>
       Wed, 17 Mar 2004 07:51:08 -0500
 39. Re: I/O error flushing output to client
       Alan Brown <alanb at digistar dot com>
       Wed, 17 Mar 2004 08:45:30 -0500 (EST)
 40. Re: I/O error flushing output to client
       george <gasjr4wd at mac dot com>
       Thu, 18 Mar 2004 09:30:12 -0500
 41. Newbie Question
       "Bryan Ladd" <bladd at tapestryhealth dot org>
       Tue, 23 Mar 2004 10:54:46 -0500
 42. Re: Newbie Question
       The Little Prince <thelittleprince at asteroid-b612 dot org>
       Tue, 23 Mar 2004 08:46:48 -0800 (PST)
 43. Maildir
       andrea <adriacom1150 at adriacom dot it>
       Wed, 24 Mar 2004 15:25:46 +0100
 44. qpopper-mysql 0.13 release
       The Little Prince <thelittleprince at asteroid-b612 dot org>
       Wed, 24 Mar 2004 07:13:07 -0800 (PST)
 45. Re: Newbie Question
       Chuck Yerkes <chuck+qpopper at yerkes dot com>
       Wed, 24 Mar 2004 21:12:05 -0500
 46. RE: Newbie Question
       "Alan W. Rateliff, II" <lists at rateliff dot net>
       Wed, 24 Mar 2004 22:02:48 -0500
 47. RE: Newbie Question
       "Bryan Ladd" <bladd at tapestryhealth dot org>
       Thu, 25 Mar 2004 09:29:43 -0500
 48. RE: Newbie Question
       The Little Prince <thelittleprince at asteroid-b612 dot org>
       Thu, 25 Mar 2004 07:43:38 -0800 (PST)
 49. 
       "Eric Grace" <eric.grace at ushostingservice dot net>
       Wed, 31 Mar 2004 11:33:16 -0700 (MST)
 50. RE: drac
       "Matthew Thomas" <mthomas at biocontrolsys dot com>
       Wed, 31 Mar 2004 10:41:17 -0800

Date: Fri, 20 Feb 2004 15:06:29 +0530
Subject: pop_user.c: In function `pop_user'
From: Dilip M <dilipm at s7solutions dot com>

Hi,

I'm having these db rpms installed on redhat-8.0
# rpm -qa|grep db
gdbm-1.8.0-18
db4-devel-4.0.14-14
db4-4.0.14-14

--------
I'm getting these error while trying to build RPM
# ls -l /usr/src/redhat/SOURCES/
total 2244
-rw-r--r--    1 root     root      2281284 Mar 13  2003 qpopper4.0.5.tar.gz
-rw-r--r--    1 root     root         1106 Apr 20  2002 qpopper.init
-rw-r--r--    1 root     root         2416 Mar 16  2003 qpopper.spec
-rw-r--r--    1 root     root          338 Feb 20 14:41 -v
--------------
# rpmbuild -bi qpopper.spec
[..]

         -O2 -march=i386 -mcpu=i686 -DHAVE_CONFIG_H  -DLINUX -DUNIX 
pop_user.c -o pop_user.o
pop_user.c: In function `pop_user':
pop_user.c:140: `DBM' undeclared (first use in this function)
pop_user.c:140: (Each undeclared identifier is reported only once
pop_user.c:140: for each function it appears in.)
pop_user.c:140: `db' undeclared (first use in this function)
pop_user.c:144: `datum' undeclared (first use in this function)
pop_user.c:144: parse error before "key"
pop_user.c:317: `key' undeclared (first use in this function)
pop_user.c:330: `value' undeclared (first use in this function)
make[1]: *** [pop_user.o] Error 1
make[1]: Leaving directory `/usr/src/redhat/BUILD/qpopper4.0.5/popper'
make: *** [popper_server] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.22556 (%build)


Date: Fri, 20 Feb 2004 11:51:55 -0500
From: "Vsevolod (Simon) Ilyushchenko" <simonf at cshl dot edu>
Subject: Re: -ERR Unknown command: "g". ?

>   That is usually the port for POP with SSL or TLS.  Mozilla is
> probably attempting to initiate a secure transaction with TLS and your
> popper is not currently configured to support it.  Check that your
> popper is compiled with OpenSSL, check that you have used the correct
> value of the -l flag and/or set the appropriate options in the config
> file to enable TLS.

Clifton,

Thanks for the reply. I was missing the -l flag, but after I added it, 
nothing changed.

This is the line from inetd.conf:

spop3 stream tcp nowait root /usr/local/sbin/popper popper -d -t 
/tmp/pop.log -f /usr/local/etc/mail/qpopper.config -l 1

These are the relevant lines from the config file:

set tls-support              = stls
set tls-private-key-file     = /home/ilyush/certs/private.key
set tls-server-cert-file     = /home/ilyush/certs/server.crt


This is the contents of the log file:

Feb 20 11:26:33.665 2004 [26618] Set clear-text-password to TLS (2)
Feb 20 11:26:33.665 2004
Feb 20 11:26:33.674 2004 [26618] Set debug to true
Feb 20 11:26:33.674 2004
Feb 20 11:26:33.675 2004 [26618] Set tls-support to STLS (2)
Feb 20 11:26:33.675 2004
Feb 20 11:26:33.676 2004 [26618] Set tls-private-key-file to 
"/home/ilyush/certs/private.key"
Feb 20 11:26:33.676 2004
Feb 20 11:26:33.676 2004 [26618] Set tls-server-cert-file to 
"/home/ilyush/certs/server.crt"
Feb 20 11:26:33.676 2004
Feb 20 11:26:33.683 2004 [26618] Set log-facility to local0 (128)
Feb 20 11:26:33.683 2004
Feb 20 11:26:33.886 2004 [26618] (null) at shaman.cshl.org 
(143.48.3.70): -ERR Unknown command: "g".

Am I missing something obvious?

Thanks,
Simon
-- 

Simon (Vsevolod ILyushchenko)   simonf at cshl dot edu
				http://www.simonf.com

The unknown is honoured, the known is neglected -
                              until all is known.

               The Cú Chulaind myth

Date: Fri, 20 Feb 2004 12:04:56 -0500
From: Daniel Senie <dts at senie dot com>
Subject: Re: -ERR Unknown command: "g". ?

At 11:51 AM 2/20/2004, Vsevolod (Simon) Ilyushchenko wrote:
>>   That is usually the port for POP with SSL or TLS.  Mozilla is
>>probably attempting to initiate a secure transaction with TLS and your
>>popper is not currently configured to support it.  Check that your
>>popper is compiled with OpenSSL, check that you have used the correct
>>value of the -l flag and/or set the appropriate options in the config
>>file to enable TLS.
>
>Clifton,
>
>Thanks for the reply. I was missing the -l flag, but after I added it, 
>nothing changed.
>
>This is the line from inetd.conf:
>
>spop3 stream tcp nowait root /usr/local/sbin/popper popper -d -t 
>/tmp/pop.log -f /usr/local/etc/mail/qpopper.config -l 1
>
>These are the relevant lines from the config file:
>
>set tls-support              = stls

for port 995, you should be using alternate port mode. Use stls on port 110.

>set tls-private-key-file     = /home/ilyush/certs/private.key
>set tls-server-cert-file     = /home/ilyush/certs/server.crt
>
>
>This is the contents of the log file:
>
>Feb 20 11:26:33.665 2004 [26618] Set clear-text-password to TLS (2)
>Feb 20 11:26:33.665 2004
>Feb 20 11:26:33.674 2004 [26618] Set debug to true
>Feb 20 11:26:33.674 2004
>Feb 20 11:26:33.675 2004 [26618] Set tls-support to STLS (2)
>Feb 20 11:26:33.675 2004
>Feb 20 11:26:33.676 2004 [26618] Set tls-private-key-file to 
>"/home/ilyush/certs/private.key"
>Feb 20 11:26:33.676 2004
>Feb 20 11:26:33.676 2004 [26618] Set tls-server-cert-file to 
>"/home/ilyush/certs/server.crt"
>Feb 20 11:26:33.676 2004
>Feb 20 11:26:33.683 2004 [26618] Set log-facility to local0 (128)
>Feb 20 11:26:33.683 2004
>Feb 20 11:26:33.886 2004 [26618] (null) at shaman.cshl.org (143.48.3.70):
 
>-ERR Unknown command: "g".
>
>Am I missing something obvious?

see above.


>Thanks,
>Simon
>--
>
>Simon (Vsevolod ILyushchenko)   simonf at cshl dot edu
>                                 http://www.simonf.com
>
>The unknown is honoured, the known is neglected -
>                              until all is known.
>
>               The Cú Chulaind myth


Date: Fri, 20 Feb 2004 13:28:09 -0500
From: "Vsevolod (Simon) Ilyushchenko" <simonf at cshl dot edu>
Subject: Re: -ERR Unknown command: "g". ?

>> These are the relevant lines from the config file:
>>
>> set tls-support              = stls
> 
> 
> for port 995, you should be using alternate port mode. Use stls on port 
> 110.

Thanks, I've changed it. However, the problem persists:

Feb 20 11:28:33.893 2004
Feb 20 13:26:34.316 2004 [6405] Set clear-text-password to TLS (2)
Feb 20 13:26:34.316 2004
Feb 20 13:26:34.317 2004 [6405] Set debug to true
Feb 20 13:26:34.317 2004
Feb 20 13:26:34.318 2004 [6405] Set tls-support to alternate-port (1)
Feb 20 13:26:34.318 2004
Feb 20 13:26:34.318 2004 [6405] Set tls-private-key-file to 
"/home/ilyush/certs/private.key"
Feb 20 13:26:34.318 2004
Feb 20 13:26:34.318 2004 [6405] Set tls-server-cert-file to 
"/home/ilyush/certs/server.crt"
Feb 20 13:26:34.318 2004
Feb 20 13:26:34.319 2004 [6405] Set log-facility to local0 (128)
Feb 20 13:26:34.319 2004
Feb 20 13:26:34.427 2004 [6405] (null) at shaman.cshl.org (143.48.3.70): 
-ERR Unknown command: "g".


Simon
-- 

Simon (Vsevolod ILyushchenko)   simonf at cshl dot edu
				http://www.simonf.com

The unknown is honoured, the known is neglected -
                              until all is known.

               The Cú Chulaind myth

Date: Fri, 20 Feb 2004 16:25:53 -0800
From: Kenneth Porter <shiva at sewingwitch dot com>
Subject: Re: pop_user.c: In function `pop_user'

--On Friday, February 20, 2004 3:06 PM +0530 Dilip M 
<dilipm at s7solutions dot com> wrote:

># rpmbuild -bi qpopper.spec
> [..]
>
>          -O2 -march=i386 -mcpu=i686 -DHAVE_CONFIG_H  -DLINUX -DUNIX
> pop_user.c -o pop_user.o
> pop_user.c: In function `pop_user':
> pop_user.c:140: `DBM' undeclared (first use in this function)

I haven't tried qpopper with db4. Any indication during the run of 
configure that it didn't find the db headers?



Subject: I start qpopper V4.0.3 out of inetd for receiving
From: Harald Arnold <listen at arnold dot at>
Date: 26 Feb 2004 21:32:09 +0100

I start qpopper V4.0.3 out of inetd for receiving 
mails on PCs:

> pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popper -s

Sometimes (ech month one to two times) I get an 
error cannot connect to POP3 on PCs. For analysing 
this situation I logged in as root on ma mail server
an tried "telnet localhost pop3" an it is true that
I couldn't connect. After restarting "inetd" (rcinet
restart) everything work again fine for many days...

What can I do and what could be the problem ?

Thanks Harald




Date: Thu, 26 Feb 2004 15:24:53 -0600
From: William Buxton <billb at northnet dot net>
Subject: Re: I start qpopper V4.0.3 out of inetd for receiving

At 09:32 PM 2/26/2004 +0100, you wrote:
>I start qpopper V4.0.3 out of inetd for receiving 
>mails on PCs:
>
>> pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popper -s
>
>Sometimes (ech month one to two times) I get an 
>error cannot connect to POP3 on PCs. For analysing 
>this situation I logged in as root on ma mail server
>an tried "telnet localhost pop3" an it is true that
>I couldn't connect. After restarting "inetd" (rcinet
>restart) everything work again fine for many days...
>
>What can I do and what could be the problem ?

People may find this link helpful:


https://listman.redhat.com/archives/redhat-list/1999-June/msg02986.html

"It can happen just because of the rate of incoming mail. It makes inetd
thing that qpopper is failing because inetd is having to wake it up too
often." 

In your case, in your inetd.conf: 

pop3 stream tcp nowait.120 root /usr/sbin/tcpd /usr/sbin/popper -s

"The .120 extension is the "max" parameter and indicates that up to 120
servers may be spawned in a 60 second period. The default is 40. If you
exceed the max, it shuts that service down with the error your seeing."



Thanks,

William C. Buxton II 
Director of Technical Services 
NorthNet - Your Best Direction 
billb at northnet dot net 
920.233.5641



Date: Thu, 26 Feb 2004 15:47:53 -0600
From: William Buxton <billb at northnet dot net>
Subject: Re: I start qpopper V4.0.3 out of inetd for receiving

P.S. In quoting that link for Harald I omitted the comment to restart
inetd. I know its a given, but just in case anyone forgets after they make
the change ;-)



Thanks,

William C. Buxton II 
Director of Technical Services 
NorthNet - Your Best Direction 
billb at northnet dot net 
920.233.5641



From: Mozzi <linux at mostert.nom dot za>
Subject: Berkleydb auth
Date: Fri, 27 Feb 2004 11:02:01 +0200

Hi all

I need to get qpopper to authenticate from berkleydb files. or alternatively 
from another file other than /etc/passwd.


Mozzi



************************************************************
Scanned by @lantic IS Virus Control Service
This message was scanned for viruses and dangerous content.
@lantic Internet Services (Pty) Ltd. - http://www.lantic.net
eScan for Windows-based PCs - http://www.escan.co.za

If you have received a message marked in the subject line 
as [SPAM] please note that according to our MailScanner, 
this message has all the attributes of Unsolicited 
Commercial Email (UCE). If the message has however been 
marked incorrectly, please send a query to abuse at lantic dot net
************************************************************


Date: Fri, 27 Feb 2004 23:16:32 +0900 (JST)
Subject: APOP and POP over SSL for one particular user possible?
From: Motonori Shindo <mshindo at mshindo dot net>

Hi,

I have one question regarding authentication method qpopper
provides. I would like to allow both APOP and POP over SSL to be used
for a particular user but this doesn't look possible with qpopper
4.0.5. I know that it is quite possible to allow APOP for one user and
POP over SSL for another, but it seems like I can't do this for the
"same" user. If APOP is enabled for him/her (i.e. an entry exists in
pop.auth), qpopper always mandates authenticating him/her via APOP
even if clear-text-password parameter is set to 'tls'. The only way I
found to achieve my goal was to set clear-text-password parameter to
'always' for pop3s (995/tcp) (I am using alternate-port
mode). However, this in turn introduces security breach. I think most
users won't connect to the server using 995/tcp without SSL, but
there's no such guarantee. If I'm missing something, please
advise. Thanks.

Regards,



From: Errol Casey <work-usenet at nouce dot net>
Subject: changing OUT_BUF_SIZE in popper.h
Date: Fri, 27 Feb 2004 11:51:07 -0500

Recently, due to performance we have noticed that qpopper writes in
small chunks. In reviewing the code, we observed that the output
buffer is only 512 bytes.

Has anybody on the mailing list, did any tests with increasing this
buffer size to 8192 or 32767 bytes?


From: Thomas =?iso-8859-15?q?Carrié?= <thocar at free dot fr>
Subject: Failed initializing TLS/SSL (qpopper 4.0.5)
Date: Fri, 27 Feb 2004 19:39:30 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I'm trying to setup qpopper SSL (my qpopper works well without)

I have generated my private key and my certificate this way :

#/etc/ssl) openssl req -new -nodes -keyout certs/mail.pem -out certs/mail
=2Epem 
- -days 9999

When I a open a connection to port 110, I have this on server log

Feb 27 19:20:49 mars -s[3844]: Error setting certificate PEM file  
[pop_tls_openssl.c:368]
Feb 27 19:20:49 mars -s[3844]: ...SSL error: error:0200100E:system 
library:fopen:Bad address [pop_tls_openssl.c:368]
Feb 27 19:20:49 mars -s[3844]: ...SSL error: error:20074002:BIO 
routines:FILE_CTRL:system lib [pop_tls_openssl.c:368]
Feb 27 19:20:49 mars -s[3844]: ...SSL error: error:140AD002:SSL 
routines:SSL_CTX_use_certificate_file:system lib [pop_tls_openssl.c:368]
Feb 27 19:20:49 2ic01 -s[3844]: Failed initializing TLS/SSL [popper.c:226
]

It seems that is not defined (pop_tls_openssl.c:368 prints empty 
tls-server-cert-file), but it is ! it is how my config file looks like

set tls-server-cert-file     = /etc/ssl/certs/mail.pem
# set tls-version              = default
set tls-support              = stls
set clear-text-password      = tls
# set tls-private-key-file     
# set tls-passphrase           

) grep pop inetd.conf
pop3            stream  tcp     nowait  root    /usr/sbin/popper -s -l 1

Does anyone has a successfull install of qpopper that doesn't use a tierc
es 
Certifying Authority ? How have you generated your ssl files ?

Thanks for help

- -- 

Thomas Carrié
Identité GPG : 0285ED14

http://www.lebars.org/sec/tcpa-faq.fr.html
http://www.pimientolinux.com/peru2ms/villanueva_to_ms.html
http://petition.eurolinux.org/pr/fr/pr17.html
http://aful.org/publi/articles/gilmore-copy-protection.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFAP47inJNpQgKF7RQRAhh3AKCtbjg4XONbdpXFxBlSyvmJtbefkACeMTQj
n7L/HiGboj8qYl/fuR0gKqQ
=EVjC
-----END PGP SIGNATURE-----


Date: Fri, 27 Feb 2004 09:41:14 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Failed initializing TLS/SSL (qpopper 4.0.5)

On Fri, Feb 27, 2004 at 07:39:30PM +0100, Thomas Carrié wrote:
...
> It seems that is not defined (pop_tls_openssl.c:368 prints empty 
> tls-server-cert-file), but it is ! it is how my config file looks like
> 
> set tls-server-cert-file     = /etc/ssl/certs/mail.pem
> # set tls-version              = default
> set tls-support              = stls
> set clear-text-password      = tls
> # set tls-private-key-file     
> # set tls-passphrase           
> 
> ) grep pop inetd.conf
> pop3            stream  tcp     nowait  root    /usr/sbin/popper -s -l 1

It looks like you're not actually specifying the config file name.  Try
adding 
 -f /path/to/your/config.file
to the inetd.conf command line.  Actually, I think you're also missing
the argv[0] argument ("popper") which all or nearly all inetd versions
require to set the program name, so your "-s" argument is probably
being ignored.  (Remember to HUP inetd.conf after you've updated the
config.)
  -- Clifton

-- 
          Clifton Royston  --  cliftonr at tikitechnologies dot com 
         Tiki Technologies Lead Programmer/Software Architect
Did you ever fly a kite in bed?  Did you ever walk with ten cats on your head?
  Did you ever milk this kind of cow?  Well we can do it.  We know how.
If you never did, you should.  These things are fun, and fun is good.
                                                                 -- Dr. Seuss

Date: Fri, 27 Feb 2004 16:35:40 -0500
From: Daniel Senie <dts at senie dot com>
Subject: Re: APOP and POP over SSL for one particular user possible?

At 09:16 AM 2/27/2004, Motonori Shindo wrote:
>Hi,
>
>I have one question regarding authentication method qpopper
>provides. I would like to allow both APOP and POP over SSL to be used
>for a particular user but this doesn't look possible with qpopper
>4.0.5. I know that it is quite possible to allow APOP for one user and
>POP over SSL for another, but it seems like I can't do this for the
>"same" user. If APOP is enabled for him/her (i.e. an entry exists in
>pop.auth), qpopper always mandates authenticating him/her via APOP
>even if clear-text-password parameter is set to 'tls'. The only way I
>found to achieve my goal was to set clear-text-password parameter to
>'always' for pop3s (995/tcp) (I am using alternate-port
>mode). However, this in turn introduces security breach. I think most
>users won't connect to the server using 995/tcp without SSL, but
>there's no such guarantee. If I'm missing something, please
>advise. Thanks.

When popper is set to alternate port mode, it will not accept commands in 
clear text. Anything you send to port 995 will be expected to be encased in 
TLS. No security hole.


Date: Fri, 27 Feb 2004 16:40:38 -0500
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Berkleydb auth

Quoting Mozzi (linux at mostert.nom dot za):
> Hi all
> 
> I need to get qpopper to authenticate from berkleydb files. or alternatively 
> from another file other than /etc/passwd.

Glad to here it.

Ultrix, I presume.

Date: Sat, 28 Feb 2004 11:07:08 +0900 (JST)
Subject: Re: APOP and POP over SSL for one particular user possible?
From: Motonori Shindo <mshindo at mshindo dot net>

Daniel,

From: Daniel Senie <dts at senie dot com>
Subject: Re: APOP and POP over SSL for one particular user possible?
Date: Fri, 27 Feb 2004 16:35:40 -0500

> >The only way I
> >found to achieve my goal was to set clear-text-password parameter to
> >'always' for pop3s (995/tcp) (I am using alternate-port
> >mode). However, this in turn introduces security breach. I think most
> >users won't connect to the server using 995/tcp without SSL, but
> >there's no such guarantee. 

> When popper is set to alternate port mode, it will not accept commands in 
> clear text. Anything you send to port 995 will be expected to be encased in 
> TLS. No security hole.

Thanks! I confirmed that you're right. Qpopper in alternate-port mode
simply waits for a Client-Hello to be sent from the client to proceed.
Therefore, it looks like there's no concern in using
"clear-text-password = always" under alternate-port mode.

Regards,


From: Thomas =?iso-8859-1?q?Carrié?= <thocar at free dot fr>
Subject: Re: Failed initializing TLS/SSL (qpopper 4.0.5)
Date: Tue, 2 Mar 2004 22:01:39 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le Vendredi 27 Février 2004 20:41, Clifton Royston a écrit :
> On Fri, Feb 27, 2004 at 07:39:30PM +0100, Thomas Carrié wrote:
> ...
>
> > It seems that is not defined (pop_tls_openssl.c:368 prints empty
> > tls-server-cert-file), but it is ! it is how my config file looks lik
e
> >
> > set tls-server-cert-file     = /etc/ssl/certs/mail.pem
> > # set tls-version              = default
> > set tls-support              = stls
> > set clear-text-password      = tls
> > # set tls-private-key-file     
> > # set tls-passphrase           
> >
> > ) grep pop inetd.conf
> > pop3            stream  tcp     nowait  root    /usr/sbin/popper -s -
l 1
>
> It looks like you're not actually specifying the config file name.  Try
> adding
>  -f /path/to/your/config.file

You are are right, -f and qpopper were missing.

However there was a second problem : qpopper doesn't support private key 
and 
auto-signed certificate in the same file. Indeed if you generate files li
ke 
this

/etc/ssl# openssl req -x509 -newkey rsa:1024 -keyout certs/mail.pem -out 
certs/mail.pem -days 9999 -nodes

You will get the following error :

Error setting certificate PEM file /etc/ssl/certs/mail.pem 
=2E..SSL error: error:0906D06C:PEM routines:PEM_read_bio:no start line 
[pop_tls_openssl.c:368]

You have to generate the private key and the auto-signed certificate in 2
 
different files like this

cd /etc/ssl/certs/
openssl req -new -x509 -days 999 -nodes -out rsa.pem -keyout rsa-key.pem
openssl dhparam -out dhparam.pem 1024
ls -l rsa-key.pem
- -rw-------    1 root     root          887 Mar  2 20:49 rsa-key.pem

grep \.pem /etc/qpopper.config
set tls-private-key-file     = /etc/ssl/certs/rsa-key.pem
set tls-server-cert-file     = /etc/ssl/certs/rsa.pem

It works fine.



- -- 

Thomas Carrié
Identité GPG : 0285ED14

http://www.lebars.org/sec/tcpa-faq.fr.html
http://www.pimientolinux.com/peru2ms/villanueva_to_ms.html
http://petition.eurolinux.org/pr/fr/pr17.html
http://aful.org/publi/articles/gilmore-copy-protection.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFARPYznJNpQgKF7RQRAr6FAJ9TryTCS1uLxAKaZMZ196Dwmr1TJwCgkZKx
E12EdY7iIQ8TfHZc4F6w0Jg
=YfYH
-----END PGP SIGNATURE-----


Date: Sat, 06 Mar 2004 11:28:07 -0800
Subject: Freedom for everyone
From: louis at suffolk.lib.ny dot us

----------lcsbuuiyqhgwbmwdfarv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------lcsbuuiyqhgwbmwdfarv
Content-Type: application/octet-stream; name="cdcc.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cada.zip"

----------lcsbuuiyqhgwbmwdfarv--

From: Mozzi <linux at mostert.nom dot za>
Subject: Permissions
Date: Wed, 10 Mar 2004 14:31:58 +0200

Hi all

I get these errors in my maillog
Mar 10 14:30:01 mailserv popper[16361]: [SYS/TEMP] Unable to open temporary 
maildrop '/var/spool/mail/poplock/.rosas.pop': Permission denied (13) 
[pop_dropcopy.c:1489]

What should the permissons on this directory be ?


Mozzi



************************************************************
Scanned by @lantic IS Virus Control Service
This message was scanned for viruses and dangerous content.
@lantic Internet Services (Pty) Ltd. - http://www.lantic.net
eScan for Windows-based PCs - http://www.escan.co.za

If you have received a message marked in the subject line 
as [SPAM] please note that according to our MailScanner, 
this message has all the attributes of Unsolicited 
Commercial Email (UCE). If the message has however been 
marked incorrectly, please send a query to abuse at lantic dot net
************************************************************


From: Mozzi <linux at mostert.nom dot za>
Subject: popper permissions
Date: Wed, 10 Mar 2004 14:35:08 +0200

.pop files are created with these permissions

-rwxrwxrwx    1 rytonle  smmsp           0 Mar 10 14:26 .rytonle.pop	



************************************************************
Scanned by @lantic IS Virus Control Service
This message was scanned for viruses and dangerous content.
@lantic Internet Services (Pty) Ltd. - http://www.lantic.net
eScan for Windows-based PCs - http://www.escan.co.za

If you have received a message marked in the subject line 
as [SPAM] please note that according to our MailScanner, 
this message has all the attributes of Unsolicited 
Commercial Email (UCE). If the message has however been 
marked incorrectly, please send a query to abuse at lantic dot net
************************************************************


Date: Thu, 11 Mar 2004 08:36:59 +0200
From: g-r-v at ukr dot net
Subject: Qpopper + Postfix

Hello,

  Is there a detailed step-by-step guide for a newbie on how to set up
  Qpopper  with Postfix, so that it can serve both the local users and
  also other people on the domain?

-- 
             -=Robert & Beata Golovniov | Lviv, Ukraine=-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mailto:golovniov at interia dot pl?subject=PGP%20Key&Body=Embedded%20key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From: Mozzi <linux at mostert.nom dot za>
Subject: I/O error
Date: Mon, 15 Mar 2004 14:19:06 +0200

Hi all
I keep on getting messages like the on here in my logfile, anyone know what 
causes it?

Mar 15 14:14:38 wbd-mail01 popper[22473]: I/O error flushing output to client 
elmarier at 10.0.0.1 [10.0.0.1]: Operation not permitted (1) [pop_send.c:689]

Stefaans




************************************************************
Scanned by @lantic IS Virus Control Service
This message was scanned for viruses and dangerous content.
@lantic Internet Services (Pty) Ltd. - http://www.lantic.net
eScan for Windows-based PCs - http://www.escan.co.za

If you have received a message marked in the subject line 
as [SPAM] please note that according to our MailScanner, 
this message has all the attributes of Unsolicited 
Commercial Email (UCE). If the message has however been 
marked incorrectly, please send a query to abuse at lantic dot net
************************************************************


Date: Mon, 15 Mar 2004 09:25:26 -0500
From: Daniel Senie <dts at senie dot com>
Subject: Re: I/O error

At 07:19 AM 3/15/2004, Mozzi wrote:
>Hi all
>I keep on getting messages like the on here in my logfile, anyone know what
>causes it?
>
>Mar 15 14:14:38 wbd-mail01 popper[22473]: I/O error flushing output to client
>elmarier at 10.0.0.1 [10.0.0.1]: Operation not permitted (1) [pop_send.c:689]

Client closed the connection, then qpopper tried to write to a TCP Session 
that the kernel had closed as a result of the remote end going away. 


From: "Admins (at) domenca.com" <admins at domenca dot com>
Subject: Re: I/O error
Date: Mon, 15 Mar 2004 15:42:05 +0100

Firewall.

Regards,
Bostjan

On Monday 15 of March 2004 13:19, Mozzi wrote:
> Mozzi <linux at mostert.nom dot za> sporoca:
>
> Hi all
> I keep on getting messages like the on here in my logfile, anyone know what
> causes it?
>
> Mar 15 14:14:38 wbd-mail01 popper[22473]: I/O error flushing output to
> client elmarier at 10.0.0.1 [10.0.0.1]: Operation not permitted (1)
> [pop_send.c:689]
>
> Stefaans
>
>
>
>
> ************************************************************
> Scanned by @lantic IS Virus Control Service
> This message was scanned for viruses and dangerous content.
> @lantic Internet Services (Pty) Ltd. - http://www.lantic.net
> eScan for Windows-based PCs - http://www.escan.co.za
>
> If you have received a message marked in the subject line
> as [SPAM] please note that according to our MailScanner,
> this message has all the attributes of Unsolicited
> Commercial Email (UCE). If the message has however been
> marked incorrectly, please send a query to abuse at lantic dot net
> ************************************************************
>
> =[ admins @ domenca.com - TI d.o.o. ]


Date: Mon, 15 Mar 2004 15:16:27 -0500
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Permissions

Quoting Mozzi (linux at mostert.nom dot za):
> I get these errors in my maillog
> Mar 10 14:30:01 mailserv popper[16361]: [SYS/TEMP] Unable to open temporary 
> maildrop '/var/spool/mail/poplock/.rosas.pop': Permission denied (13) 
> [pop_dropcopy.c:1489]
> 
> What should the permissons on this directory be ?

That would depend on several things, not the least of
which is what your OS is.

Now, I'll presume your running Cywin with qpopper, so...
No.  I won't cause I don't know what cywin would expect.
But one would presume that the qpopper user must have
write perms.

From: "Muhammad Talha" <talha at worldcall.net dot pk>
Subject: I/O error flushing output to client
Date: Tue, 16 Mar 2004 10:48:51 +0500

Dear all

i am facing this problem with some of my clients


Mar 16 09:49:35 mail popper[20769]: I/O error flushing output to client  at
192.168.197.188 [192.168.
197.188]: Operation not permitted (1)

what will the reason of this problem ?


Regards

Talha


Date: Tue, 16 Mar 2004 10:00:44 -0500 (EST)
From: Gerald <gcoon at inch dot com>
Subject: Re: I/O error flushing output to client

On Tue, 16 Mar 2004, Muhammad Talha wrote:

> Mar 16 09:49:35 mail popper[20769]: I/O error flushing output to client  at
> 192.168.197.188 [192.168.
> 197.188]: Operation not permitted (1)
>
> what will the reason of this problem ?

Increase the timeout on your popper. We had some accounts that were pretty
large that would take more than a minute to flush out. With the timeout at
60 seconds that was the error msg it would record.

I think recommended is 10 minutes (600 seconds) and we've got ours set at
5 minutes now.

Gerald

From: "Edward Chase" <echase at studentweb.providence dot edu>
Subject: RE: I/O error flushing output to client
Date: Tue, 16 Mar 2004 10:24:53 -0500

On Tue, 16 Mar 2004, Muhammad Talha wrote:

> Mar 16 09:49:35 mail popper[20769]: I/O error flushing output to 
> client  at 192.168.197.188 [192.168.
> 197.188]: Operation not permitted (1)
>
> what will the reason of this problem ?


From: Gerald [mailto:gcoon at inch dot com] 

Increase the timeout on your popper. We had some accounts that were pretty
large that would take more than a minute to flush out. With the timeout at
60 seconds that was the error msg it would record.

I think recommended is 10 minutes (600 seconds) and we've got ours set at 5
minutes now.

Gerald



Is this a compile time option or run time?


Date: Tue, 16 Mar 2004 10:44:29 -0500 (EST)
From: Gerald <gcoon at inch dot com>
Subject: RE: I/O error flushing output to client

On Tue, 16 Mar 2004, Edward Chase wrote:

> Is this a compile time option or run time?

I'm sure you can modify the default at compile time, but there is a run
time option to set this. You folks do have a copy of the free manual
Qualcomm lets you download right?

Gerald

From: "Muhammad Talha" <talha at worldcall.net dot pk>
Subject: Re: I/O error flushing output to client
Date: Tue, 16 Mar 2004 20:46:46 +0500

> > Mar 16 09:49:35 mail popper[20769]: I/O error flushing output to client
at
> > 192.168.197.188 [192.168.
> > 197.188]: Operation not permitted (1)
> >
> > what will the reason of this problem ?
>
> Increase the timeout on your popper. We had some accounts that were pretty
> large that would take more than a minute to flush out. With the timeout at
> 60 seconds that was the error msg it would record.
>
> I think recommended is 10 minutes (600 seconds) and

Thanks Gerald for your reply

i have increase the timeout value in /etc/xinet.d/pop3 to 600 second

server_args  =  qpopper -s -T 600

Regards

Muhammad Talha






we've got ours set at
> 5 minutes now.
>
> Gerald
>


From: "Lisa Casey" <lisa at jellico dot net>
Subject: Re: I/O error flushing output to client
Date: Tue, 16 Mar 2004 12:54:21 -0500

Hi,

Dumb question here maybe, but I'ld appreciate some help. Our mail server
used to be running on FreeBSD which has a /etc/init.d file. We have moved it
to a Redhat 7.2 server. I cannot find the file on this box where I would
change qpopper's timeout. There is no /etc/init.d or /etc/servers.

Thanks,

Lisa Casey

> Increase the timeout on your popper. We had some accounts that were pretty
> large that would take more than a minute to flush out. With the timeout at
> 60 seconds that was the error msg it would record.
>
> I think recommended is 10 minutes (600 seconds) and we've got ours set at
> 5 minutes now.
>
> Gerald
>


Date: Tue, 16 Mar 2004 13:45:47 -0500 (EST)
From: Gerald <gcoon at inch dot com>
Subject: Re: I/O error flushing output to client

On Tue, 16 Mar 2004, Lisa Casey wrote:

> Dumb question here maybe, but I'ld appreciate some help. Our mail server
> used to be running on FreeBSD which has a /etc/init.d file. We have moved it
> to a Redhat 7.2 server. I cannot find the file on this box where I would
> change qpopper's timeout. There is no /etc/init.d or /etc/servers.

Hi Lisa,

You wouldn't perhaps be referring to inetd.conf in /etc ?

FreeBSD rc scripts are in /usr/local/etc/rc.d/ and have been for a while.
Redhat (people haven't phased it out yet?) uses xinetd.conf and some other
scripts in /etc/xinetd.d as well I believe.


Date: Tue, 16 Mar 2004 16:12:44 -0500
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: I/O error flushing output to client

Quoting Lisa Casey (lisa at jellico dot net):
> Dumb question here maybe, but I'ld appreciate some help. Our mail server
> used to be running on FreeBSD which has a /etc/init.d file. We have moved it
Nope.  Look for it.  Perhaps inetd.conf.  Perhaps you had it start
as a daemon.  It depends which.


> to a Redhat 7.2 server. I cannot find the file on this box where I would
And that server has been patched in the last week or two for the latest
kernel problems?

Why 7.2? (when 9.0 has been out forever).  RedHat AS 2.0 is old and
is based on 7.2.  7.2 is from 2000 or so.

Pity about the downgrade from FreeBSD.

> change qpopper's timeout. There is no /etc/init.d or /etc/servers.

In redhat, inetd is done by vixie's "xinetd".  I forget for 7.2,
but redhat tends to use a file per service and puts them in
/etc/xinet.d/

No idea what /etc/servers would be.  Never heard of it in 4 BSDs, 
Solaris, or 4 other unixes I touch.

Date: Tue, 16 Mar 2004 18:34:05 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: I/O error flushing output to client

On Tue, 16 Mar 2004, Chuck Yerkes wrote:

> Why 7.2? (when 9.0 has been out forever).  RedHat AS 2.0 is old and
> is based on 7.2.  7.2 is from 2000 or so.

Probably the same reason we use 7.2 at $orkplace - we have a
standardised desktop distribution and not enough hours available to
assess the impact of changing it drastically.

(We're going to have to, as a lot of newer hardware simply isn't supported)


Date: Tue, 16 Mar 2004 19:08:55 -0500
Subject: Re: I/O error flushing output to client
From: george <gasjr4wd at mac dot com>

On 3/16/04 6:34 PM, "Alan Brown" <alanb at digistar dot com> wrote:

> On Tue, 16 Mar 2004, Chuck Yerkes wrote:
> 
>> Why 7.2? (when 9.0 has been out forever).  RedHat AS 2.0 is old and
>> is based on 7.2.  7.2 is from 2000 or so.
> 
> Probably the same reason we use 7.2 at $orkplace - we have a
> standardised desktop distribution and not enough hours available to
> assess the impact of changing it drastically.
> 
> (We're going to have to, as a lot of newer hardware simply isn't supported)
> 

Gota spin in-

If the tool works, why change for the sake of change?

We just bought SuSE 9.0.
Our other SuSE box is 7.* PPC
    apple 8550 -still kickin

(Hardware change - [drive space & ram] from 8550)


-- 

Thanks,
George


"...Linux, MS-DOS, and Windows XP"
(also known as the Good, the Bad, and the Ugly)




Date: Tue, 16 Mar 2004 16:41:40 -0800
From: Lee Terrell <leet at directcon dot net>
Subject: Authenticating Virtual Domain Users

Hi All,

It's been awhile since I've seen an active post on authenticating virtual
domain users, so I was curious about what implementations are being used
currently by fellow qpopper users.

Specifically I'm interested in successes people have had using MySQL or LDAP
as authentication alternatives for standard password file auth.  We've always
used the model where virtual customers use their actual server name for POP
login.

jim at domain dot com	userjim

POP login username = 'userjim'

I've followed some threads in the past that explored some of the available
patches for alternatives that allowed virtual users to authenticate with their
virtual name on a server, but I haven't seen anything in the recent past
unless I missed something, so I was wondering what development is still being
done for these alternative patches and if people are successfully using them
in live environments or if they have mainly been selected for personal server
use.

I appreciate the feedback.

Regards,
Lee Terrell

Date: Wed, 17 Mar 2004 01:03:12 -0500
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: I/O error flushing output to client

Quoting george (gasjr4wd at mac dot com):
> On 3/16/04 6:34 PM, "Alan Brown" <alanb at digistar dot com> wrote:
> 
> > On Tue, 16 Mar 2004, Chuck Yerkes wrote:
> > 
> >> Why 7.2? (when 9.0 has been out forever).  RedHat AS 2.0 is old and
> >> is based on 7.2.  7.2 is from 2000 or so.
> > 
> > Probably the same reason we use 7.2 at $orkplace - we have a
> > standardised desktop distribution and not enough hours available to
> > assess the impact of changing it drastically.
> > 
> > (We're going to have to, as a lot of newer hardware simply isn't supported)
> > 
> Gota spin in-
> If the tool works, why change for the sake of change?

Security updates, performance improvements, management improvements, support,
better tools.

Change for the sake of change is bad.
Stagnation for the sake of avoiding change is also bad.

> We just bought SuSE 9.0.
> Our other SuSE box is 7.* PPC
>     apple 8550 -still kickin
> (Hardware change - [drive space & ram] from 8550)

Yeah, I still have a working and running Apple //+ and Sun 3 here.
The SPARC 10 is running a new OpenBSD, the Pentium/90 is running
FreeBSD 5.2.1; the Athlon/900 is running Redhat 9.

Unsecure software is a danger to all of us.  If your company
gets screwed, well that's not my problem.  When your server
attacks MINE, then it's my problem.  And you don't want the
feeling I had a dozen years ago when I got a call from CERT
at the company I'd just started at telling us that a couple
sites had been attacked from our computer (our big server that
could NOT be easily rebuilt).

From: rtbates at patmedia dot net <rtbates at patmedia dot net>
Subject: error in mail messages when truing to receive email
Date: Wed, 17 Mar 2004 07:51:08 -0500

I am using FreeBSD 4.9, Postfix 2.0.18 and QPopper 4.0.5 with sasl and 
openssl

I keep seeing the following error

Mar 17 07:34:28 mail qpopper[43130]: bates at BatesiBook.myplace.com 
(172.18.1.139): -ERR [SYS/TEMP] POP authentication DB not available 
(user bates): No such file or directory (2)


after a timeout it then allows me to receive email....


What does this message mean?
What file or directory is it looking for?
How do I fix it?

Thanks in advance
Rich Bates


Date: Wed, 17 Mar 2004 08:45:30 -0500 (EST)
From: Alan Brown <alanb at digistar dot com>
Subject: Re: I/O error flushing output to client

On Wed, 17 Mar 2004, Chuck Yerkes wrote:

> Change for the sake of change is bad.
> Stagnation for the sake of avoiding change is also bad.

If it makes you feel better, we firewall _all_ outbound as well as
inbound connections and there is up-to-the-hour AV/spam running in both
directions on the network mail bastion server.

That's something forced on us by all the stupid windoze users, but it
provides protection against any rogue boxes of any flavour OS.

On top of the firewalling, excessive attempts to go past the firewall on
unauthorised ports result in immediate lockout of the relevant
switchport and that requires manual intervention to restore.


Date: Thu, 18 Mar 2004 09:30:12 -0500
Subject: Re: I/O error flushing output to client
From: george <gasjr4wd at mac dot com>

On 3/17/04 1:03 AM, "Chuck Yerkes" <chuck+qpopper at yerkes dot com> wrote:

> Quoting george (gasjr4wd at mac dot com):
>> On 3/16/04 6:34 PM, "Alan Brown" <alanb at digistar dot com> wrote:
>> 
>>> On Tue, 16 Mar 2004, Chuck Yerkes wrote:
>>> 
>>>> Why 7.2? (when 9.0 has been out forever).  RedHat AS 2.0 is old and
>>>> is based on 7.2.  7.2 is from 2000 or so.
>>> 
>>> Probably the same reason we use 7.2 at $orkplace - we have a
>>> standardised desktop distribution and not enough hours available to
>>> assess the impact of changing it drastically.
>>> 
>>> (We're going to have to, as a lot of newer hardware simply isn't supported)
>>> 
>> Gota spin in-
>> If the tool works, why change for the sake of change?
> 
> Security updates, performance improvements, management improvements, support,
> better tools.
> 
Tried and true systems that have no problems should not be updated just to
update and "find" new security holes. I agree if a box has issues, the first
thing would be to update. No question. But, no problems = no reason.
Most people know their own systems. Nowadays most people are stretched so
thin it's very nice to not be updating-changing all the time and just to sit
back and watch the "little lights blink" with the knowledge you know what's
going on.

> Change for the sake of change is bad.
> Stagnation for the sake of avoiding change is also bad.
> 
>> We just bought SuSE 9.0.
>> Our other SuSE box is 7.* PPC
>>     apple 8550 -still kickin
>> (Hardware change - [drive space & ram] from 8550)
> 
> Yeah, I still have a working and running Apple //+ and Sun 3 here.
> The SPARC 10 is running a new OpenBSD, the Pentium/90 is running
> FreeBSD 5.2.1; the Athlon/900 is running Redhat 9.
> 
We have a few Cobalt boxes, ASIP, OSXS, Yellowdog, Snap, etc. here.
(No, we are not brand loyal.)

All are behind firewalls. (in and out)

Some are only for fileservers, some for backup, etc. Most are not running
the latest and greatest. We like it that way for a few reasons.


> Unsecure software is a danger to all of us.  If your company
> gets screwed, well that's not my problem.  When your server
> attacks MINE, then it's my problem.  And you don't want the
> feeling I had a dozen years ago when I got a call from CERT
> at the company I'd just started at telling us that a couple
> sites had been attacked from our computer (our big server that
> could NOT be easily rebuilt).
> 
Everyone's situation is different.

To automatically jump on someone for not running what you consider
acceptable OS versions do not make people what to chime in or ask questions.

Our best, most stable, longest running, easiest server by far?
Home/Billing office office still has ASIP 6.3.3 running 9.2.
Oh, that one is not behind a firewall. Never been, from 5.0.
Am I afraid? Nope. It's very well tried and true, and very EOL.



End topic.


-- 

Thanks,
George


"...Linux, MS-DOS, and Windows XP"
(also known as the Good, the Bad, and the Ugly)




From: "Bryan Ladd" <bladd at tapestryhealth dot org>
Subject: Newbie Question
Date: Tue, 23 Mar 2004 10:54:46 -0500

Hello, I'm rather new to administering a Mail server, I'm running Exim 3.35
and qpopper v4.04 on Debian Woody 2.4.20  My question is in my syslog, I
keep getting this canonical error when anyone on my 13 subnets checks thier
email with outlook or outlook express.  Is there a way I can turn off the
canonical lookup for something like 192.168.0/24.0/24?  Is this even a
problem other than filling up the syslog?  Am I even thinking in the right
direction?

Mar 22 15:27:43 mydomain in.qpopper[28862]: connect from 192.168.12.124
Mar 22 15:27:43 mydomain in.qpopper[28862]: (v4.0.4) Unable to get canonical
name of client 192.168.12.124: Unknown host (1) [pop_init.c:1075]
Mar 22 15:27:48 mydomain in.qpopper[28862]: (v4.0.4) POP login by user
"jones" at (192.168.12.124) 192.168.12.124 [pop_log.c:244]

Bryan Ladd
Tapestry Health Systems
cell: 413.222.0291
desk: 413.586.2016 x 108



Date: Tue, 23 Mar 2004 08:46:48 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: Re: Newbie Question

On Tue, 23 Mar 2004, Bryan Ladd wrote:

> Hello, I'm rather new to administering a Mail server, I'm running Exim 3.35
> and qpopper v4.04 on Debian Woody 2.4.20  My question is in my syslog, I
> keep getting this canonical error when anyone on my 13 subnets checks thier
> email with outlook or outlook express.  Is there a way I can turn off the
> canonical lookup for something like 192.168.0/24.0/24?  Is this even a
> problem other than filling up the syslog?  Am I even thinking in the right
> direction?
> 

-R  on the command line or  reverse-lookup = false  in the config file.
Page 25 and 36 of the qpopper admin guide.

ideally though, you should be doing reverse DNS for all your blocks.


--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco                            Network Administrator/Engineer
thelittleprince at asteroid-b612.org              http://www.asteroid-b612 dot org

     "It's not easy bein' green..there's so many colors I'd rather be"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.


Subject: Maildir
From: andrea <adriacom1150 at adriacom dot it>
Date: Wed, 24 Mar 2004 15:25:46 +0100

Hi , 

is my first thime that I write here , 

I'm writing to know if it is possible to set qpopper and the Maildir
format for the users .
If yes , how parameter I have to pass to ./configure ???

Thank you 

p.s. 

sorry for my english I'm italian




Date: Wed, 24 Mar 2004 07:13:07 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: qpopper-mysql 0.13 release

My latest qpopper-mysql patch is now available for download at:
http://asteroid-b612.org/software/#qpopper

Changes in this release are listed below.
Changes in this release will NOT be backported to a 4.0.3/4.0.4 patch.

qpopper-mysql is a patch to qpopper 4.0.x adding support for mysql
authentication, virtual domains, and Maildir-style mailboxes.

Changes from 0.12 to 0.13:
---------------------------
MAILDIR
 1.  Fixed a bug where the message list would be empty if we encountered
     a message file with a size of 0. We skip the file now.
 2.  Introduced functions maildir_get_flags(), maildir_put_flags(),
     and maildir_has_flags() to read, set, and check for maildir
     status flags in message filenames. This lets the LAST command
     work with a Maildir drop, for clients that won't get message
     status from UIDLs.
     We currently only use and set the 'S' flag, but will keep other 
     retrieved flags intact. --disable-status will be honored to not 
     set the 'S' flag.
 3.  If we encounter a Maildir/ message with no body, we make sure to 
     reset the inheader flag, so the next message doesn't show as 
     corrupted. Some MTAs do not add a blank line (\n) onto their Maildir/ 
     format messages, which triggers this.
MYSQL
 1.  Increased the size of the password field in the example mysql table
     structure from 32 to 64.
 2.  Added a note to the README.MYSQL file, that states the 
     mysql-popper.conf file should NOT be specified on the command line 
     with -f.


--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco                            Network Administrator/Engineer
thelittleprince at asteroid-b612.org              http://www.asteroid-b612 dot org

     "It's not easy bein' green..there's so many colors I'd rather be"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.


Date: Wed, 24 Mar 2004 21:12:05 -0500
From: Chuck Yerkes <chuck+qpopper at yerkes dot com>
Subject: Re: Newbie Question

Quoting Bryan Ladd (bladd at tapestryhealth dot org):
> Hello, I'm rather new to administering a Mail server, I'm running Exim 3.35
> and qpopper v4.04 on Debian Woody 2.4.20  My question is in my syslog, I
> keep getting this canonical error when anyone on my 13 subnets checks thier
> email with outlook or outlook express.  Is there a way I can turn off the
> canonical lookup for something like 192.168.0/24.0/24?  Is this even a
> problem other than filling up the syslog?  Am I even thinking in the right
> direction?
> 
> Mar 22 15:27:43 mydomain in.qpopper[28862]: connect from 192.168.12.124
> Mar 22 15:27:43 mydomain in.qpopper[28862]: (v4.0.4) Unable to get canonical
> name of client 192.168.12.124: Unknown host (1) [pop_init.c:1075]
> Mar 22 15:27:48 mydomain in.qpopper[28862]: (v4.0.4) POP login by user
> "jones" at (192.168.12.124) 192.168.12.124 [pop_log.c:244]
> 
> Bryan Ladd
> Tapestry Health Systems
> cell: 413.222.0291
> desk: 413.586.2016 x 108

Chant with me:

If it has an IP address, then your DNS will have an entry both forward
and backward.


Ok, no rhymes or anything, but over and over and over, I run into
clients who DON'T do this and they work around it all over the place.
You MUST spend the effort.
Either you'll spend the effort and do it right, or you'll spend the
effort working around it.

If it has an IP address, then it has forward and reverse DNS.

Make your DNS admin write it 100 times on the blackboard.
Sing it at her down the hall.
Paint it in whiteboard marker on her windshield.

And life will be good.

Otherwise, you choose the dark side of DNS and your life will suck
for all time there.

From: "Alan W. Rateliff, II" <lists at rateliff dot net>
Subject: RE: Newbie Question
Date: Wed, 24 Mar 2004 22:02:48 -0500

> -----Original Message-----
> From: Chuck Yerkes [mailto:chuck+qpopper at yerkes dot com] 
> Sent: Wednesday, March 24, 2004 9:12 PM
> To: Subscribers of Qpopper
> Subject: Re: Newbie Question

> If it has an IP address, then it has forward and reverse DNS.
> 
> Make your DNS admin write it 100 times on the blackboard.
> Sing it at her down the hall.
> Paint it in whiteboard marker on her windshield.

Bellsouth would do well to have this tatooed on the foreheads of its
engineers.  I have dealt with them on numerous ocassions about their Miami
customer IPs.  The response each time has been the same, they don't have to
and I can't make them, and if Bellsouth customers have problems with
providers who do rDNS checks then they can choose new providers.  The
consensus within is that BELLSOUTH already has the customers, and the
customer has little recourse, since the average customer won't leave them
over something this "trivial."

> Otherwise, you choose the dark side of DNS and your life will suck
> for all time there.

I enjoyed telling BellSouth and Earthlink that if AOL can follow accepted
standards, then so can they. :)

-- 
       Alan W. Rateliff, II        :       RATELIFF.NET
 Independent Technology Consultant :    alan2 at rateliff dot net
      (Office) 850/350-0260        :  (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]

 


From: "Bryan Ladd" <bladd at tapestryhealth dot org>
Subject: RE: Newbie Question
Date: Thu, 25 Mar 2004 09:29:43 -0500

>If it has an IP address, then your DNS will have an entry both forward
>and backward.

I don't quite understand, you are saying I need to put all of my local
computers in my DNS record?!?  As I said I'm a bit new to working with this
mail server.  I have no users who are outside of my local network (accepting
2 with laptops), it seems that my mail server shouldn't care where they are
comming from, as long as it lives in a 192.168.0/24.0/24.

but who knows, this is rather new to me.  is there such a thing as a guide
on how to run a good (secure) mail/web server?

bryan


-----Original Message-----
From: Chuck Yerkes [mailto:chuck+qpopper at yerkes dot com]
Sent: Wednesday, March 24, 2004 9:12 PM
To: Subscribers of Qpopper
Subject: Re: Newbie Question


Quoting Bryan Ladd (bladd at tapestryhealth dot org):
> Hello, I'm rather new to administering a Mail server, I'm running Exim
3.35
> and qpopper v4.04 on Debian Woody 2.4.20  My question is in my syslog, I
> keep getting this canonical error when anyone on my 13 subnets checks
thier
> email with outlook or outlook express.  Is there a way I can turn off the
> canonical lookup for something like 192.168.0/24.0/24?  Is this even a
> problem other than filling up the syslog?  Am I even thinking in the right
> direction?
>
> Mar 22 15:27:43 mydomain in.qpopper[28862]: connect from 192.168.12.124
> Mar 22 15:27:43 mydomain in.qpopper[28862]: (v4.0.4) Unable to get
canonical
> name of client 192.168.12.124: Unknown host (1) [pop_init.c:1075]
> Mar 22 15:27:48 mydomain in.qpopper[28862]: (v4.0.4) POP login by user
> "jones" at (192.168.12.124) 192.168.12.124 [pop_log.c:244]
>
> Bryan Ladd
> Tapestry Health Systems
> cell: 413.222.0291
> desk: 413.586.2016 x 108

Chant with me:

If it has an IP address, then your DNS will have an entry both forward
and backward.


Ok, no rhymes or anything, but over and over and over, I run into
clients who DON'T do this and they work around it all over the place.
You MUST spend the effort.
Either you'll spend the effort and do it right, or you'll spend the
effort working around it.

If it has an IP address, then it has forward and reverse DNS.

Make your DNS admin write it 100 times on the blackboard.
Sing it at her down the hall.
Paint it in whiteboard marker on her windshield.

And life will be good.

Otherwise, you choose the dark side of DNS and your life will suck
for all time there.




Date: Thu, 25 Mar 2004 07:43:38 -0800 (PST)
From: The Little Prince <thelittleprince at asteroid-b612 dot org>
Subject: RE: Newbie Question

On Thu, 25 Mar 2004, Bryan Ladd wrote:

> >If it has an IP address, then your DNS will have an entry both forward
> >and backward.
> 
> I don't quite understand, you are saying I need to put all of my local
> computers in my DNS record?!?  As I said I'm a bit new to working with this

yes. every ip should have a forward and reverse DNS record. whether it's a 
public or private address.

> mail server.  I have no users who are outside of my local network (accepting
> 2 with laptops), it seems that my mail server shouldn't care where they are
> comming from, as long as it lives in a 192.168.0/24.0/24.
> 

it's not that it cares much (other than the resolution timeout), but it's 
just GOOD SENSE. it starts with doing no reverse DNS for private blocks, 
then before you know it, it's a habit, and then you're doing it for public 
blocks, and then some luser puts a contract out on your life, and then, 
you're dead. do you really want your tombstone to read,
 "Here lies bryan..because of a lack of PTR records"

--Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco                            Network Administrator/Engineer
thelittleprince at asteroid-b612.org              http://www.asteroid-b612 dot org

     "It's not easy bein' green..there's so many colors I'd rather be"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.

> 
> 
> -----Original Message-----
> From: Chuck Yerkes [mailto:chuck+qpopper at yerkes dot com]
> Sent: Wednesday, March 24, 2004 9:12 PM
> To: Subscribers of Qpopper
> Subject: Re: Newbie Question
> 
> 
> Quoting Bryan Ladd (bladd at tapestryhealth dot org):
> > Hello, I'm rather new to administering a Mail server, I'm running Exim
> 3.35
> > and qpopper v4.04 on Debian Woody 2.4.20  My question is in my syslog, I
> > keep getting this canonical error when anyone on my 13 subnets checks
> thier
> > email with outlook or outlook express.  Is there a way I can turn off the
> > canonical lookup for something like 192.168.0/24.0/24?  Is this even a
> > problem other than filling up the syslog?  Am I even thinking in the right
> > direction?
> >
> > Mar 22 15:27:43 mydomain in.qpopper[28862]: connect from 192.168.12.124
> > Mar 22 15:27:43 mydomain in.qpopper[28862]: (v4.0.4) Unable to get
> canonical
> > name of client 192.168.12.124: Unknown host (1) [pop_init.c:1075]
> > Mar 22 15:27:48 mydomain in.qpopper[28862]: (v4.0.4) POP login by user
> > "jones" at (192.168.12.124) 192.168.12.124 [pop_log.c:244]
> >
> > Bryan Ladd
> > Tapestry Health Systems
> > cell: 413.222.0291
> > desk: 413.586.2016 x 108
> 
> Chant with me:
> 
> If it has an IP address, then your DNS will have an entry both forward
> and backward.
> 
> 
> Ok, no rhymes or anything, but over and over and over, I run into
> clients who DON'T do this and they work around it all over the place.
> You MUST spend the effort.
> Either you'll spend the effort and do it right, or you'll spend the
> effort working around it.
> 
> If it has an IP address, then it has forward and reverse DNS.
> 
> Make your DNS admin write it 100 times on the blackboard.
> Sing it at her down the hall.
> Paint it in whiteboard marker on her windshield.
> 
> And life will be good.
> 
> Otherwise, you choose the dark side of DNS and your life will suck
> for all time there.
> 
> 
> 
> 

-- 
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco                            Network Administrator/Engineer
thelittleprince at asteroid-b612.org              http://www.asteroid-b612 dot org

     "It's not easy bein' green..there's so many colors I'd rather be"
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.


Date: Wed, 31 Mar 2004 11:33:16 -0700 (MST)
Subject: 
From: "Eric Grace" <eric.grace at ushostingservice dot net>

Hello,

Wondering if anyone can help me with the following ./configure problem I'm
experiencing with qpopper.

Solaris 2.8
QPopper4.05
DRAC
Berkely DB  db-4.2.52.NC

I'm running into the following problem when I configure.

./configure --with-drac
---
checking for dracauth in -ldrac... no
Can't use DRAC: dracauth not found in -ldrac

I have drac installed in /usr/local/sbin

LD_LIRARY_PATH=/usr/local/sbin:/local/lib:/usr/lib:/usr/openwin/lib

can anyone help with this?



From: "Matthew Thomas" <mthomas at biocontrolsys dot com>
Subject: RE: drac
Date: Wed, 31 Mar 2004 10:41:17 -0800

I think there was a problem in the configure script that caused the type of
error you are having. Looking back in the archives someone said:

>    * From: Ryan J. Rady
>    * Subject: Re: Can't use DRAC: dracauth not found in -ldrac
>    * Date: Tue, 07 Jan 2003 15:23:33 -0800 

>Thanks for giving me where to start.  another user sent me some more info
about what was wrong >and I fixed it with this.  
>line 3960 of the configure script has LIBS="-ldrac $LIBS" and I changed it
to LIBS="-ldrac -lnsl $LIBS"   and it compiled and works great.  thanks for
all the help!!


I hope that helps, but just a guess on my part.  That was with 4.04, don't
know if they changed it with 4.05

-Matt


> -----Original Message-----
> From: Eric Grace [mailto:eric.grace at ushostingservice dot net] 
> Sent: Wednesday, March 31, 2004 10:33 AM
> To: Subscribers of Qpopper
> Subject: 
> 
> 
> Hello,
> 
> Wondering if anyone can help me with the following 
> ./configure problem I'm experiencing with qpopper.
> 
> Solaris 2.8
> QPopper4.05
> DRAC
> Berkely DB  db-4.2.52.NC
> 
> I'm running into the following problem when I configure.
> 
> ./configure --with-drac
> ---
> checking for dracauth in -ldrac... no
> Can't use DRAC: dracauth not found in -ldrac
> 
> I have drac installed in /usr/local/sbin
> 
> LD_LIRARY_PATH=/usr/local/sbin:/local/lib:/usr/lib:/usr/openwin/lib
> 
> can anyone help with this?
> 
> 


Last updated on 31 Mar 2004 by Pensive Mailing List Admin