The qpopper list archive ending on 12 Aug 2005


Topics covered in this issue include:

  1. Re: Invalid cross-device link
       David Champion <dgc at uchicago dot edu>
       Wed, 25 May 2005 14:28:07 -0500
  2. Re: Invalid cross-device link
       Clifton Royston <cliftonr at lava dot net>
       Wed, 25 May 2005 10:24:57 -1000
  3. Re: Invalid cross-device link
       Ken A <ka at pacific dot net>
       Wed, 25 May 2005 13:40:48 -0700
  4. Re: Invalid cross-device link
       Ken A <ka at pacific dot net>
       Wed, 25 May 2005 14:47:39 -0700
  5. Re: Invalid cross-device link
       Clifton Royston <cliftonr at lava dot net>
       Wed, 25 May 2005 14:59:21 -1000
  6. Re: Invalid cross-device link
       Joe Maimon <jmaimon at ttec dot com>
       Thu, 26 May 2005 06:26:42 -0400
  7. Re: Invalid cross-device link
       Ken A <ka at pacific dot net>
       Thu, 26 May 2005 10:39:11 -0700
  8. I/O flushing output to client...Operation not permitted?
       Netlink Tech <tech at netlinkcom dot com>
       Thu, 26 May 2005 14:45:25 -0500 (CDT)
  9. Re: I/O flushing output to client...Operation not permitted?
       Clifton Royston <cliftonr at lava dot net>
       Thu, 26 May 2005 10:39:54 -1000
 10. Re: Invalid cross-device link
       Clifton Royston <cliftonr at lava dot net>
       Thu, 26 May 2005 11:16:08 -1000
 11. Re: Invalid cross-device link
       Clifton Royston <cliftonr at lava dot net>
       Thu, 26 May 2005 11:18:22 -1000
 12. Re: I/O flushing output to client...Operation not permitted?
       Daniel Senie <dts at senie dot com>
       Thu, 26 May 2005 17:53:40 -0400
 13. Re: Invalid cross-device link
       Daniel Senie <dts at senie dot com>
       Thu, 26 May 2005 18:23:27 -0400
 14. Re: Invalid cross-device link
       Joe Maimon <jmaimon at ttec dot com>
       Thu, 26 May 2005 21:40:51 -0400
 15. Re: Invalid cross-device link
       Joe Maimon <jmaimon at ttec dot com>
       Thu, 26 May 2005 22:56:06 -0400
 16. Re: Invalid cross-device link
       Ken A <ka at pacific dot net>
       Fri, 27 May 2005 08:06:42 -0700
 17. Re: Invalid cross-device link
       Joe Maimon <jmaimon at ttec dot com>
       Fri, 27 May 2005 11:26:10 -0400
 18. Re: Invalid cross-device link
       David Champion <dgc at uchicago dot edu>
       Fri, 27 May 2005 10:26:28 -0500
 19. Re: Invalid cross-device link
       Ken A <ka at pacific dot net>
       Fri, 27 May 2005 09:58:48 -0700
 20. Re: Invalid cross-device link
       Daniel Senie <dts at senie dot com>
       Fri, 27 May 2005 12:22:19 -0400
 21. Re: Invalid cross-device link
       David Champion <dgc at uchicago dot edu>
       Fri, 27 May 2005 17:24:43 -0500
 22. Re: Invalid cross-device link
       Ken A <ka at pacific dot net>
       Fri, 27 May 2005 16:54:34 -0700
 23. Re: Invalid cross-device link
       Joe Maimon <jmaimon at ttec dot com>
       Mon, 30 May 2005 12:33:50 -0400
 24. Re: Invalid cross-device link
       Ken A <ka at pacific dot net>
       Tue, 31 May 2005 09:32:28 -0700
 25. Re: Invalid cross-device link
       Joe Maimon <jmaimon at ttec dot com>
       Wed, 01 Jun 2005 01:26:02 -0400
 26. Capturing "entered" passwords.
       "Drew Weaver" <drew dot weaver at thenap dot com>
       Thu, 2 Jun 2005 13:43:21 -0400
 27. Re: Capturing "entered" passwords.
       Randall Gellens <randy at qualcomm dot com>
       Sat, 4 Jun 2005 20:07:38 -0700
 28. Re: Capturing "entered" passwords.
       Ken A <ka at pacific dot net>
       Mon, 06 Jun 2005 09:30:36 -0700
 29. Is it possible to use qpopper with ssh?
       Jean-Bernard dot ADDOR at ras dot eu dot org
       Thu, 16 Jun 2005 16:10:32 -0400
 30. RE: Is it possible to use qpopper with ssh?
       "Alan W dot  Rateliff, II" <lists at rateliff dot net>
       Thu, 16 Jun 2005 23:24:50 -0400
 31. Re: Is it possible to use qpopper with ssh?
       Daniel Senie <dts at senie dot com>
       Fri, 17 Jun 2005 08:09:48 -0400
 32. Re: Is it possible to use qpopper with ssh?
       Ken A <ka at pacific dot net>
       Fri, 17 Jun 2005 07:56:59 -0700
 33. Re: Is it possible to use qpopper with ssh?
       Jean-Bernard dot ADDOR at ras dot eu dot org
       Fri, 17 Jun 2005 08:49:32 -0400
 34. Re: Is it possible to use qpopper with ssh?
       Jean-Bernard dot ADDOR at ras dot eu dot org
       Fri, 17 Jun 2005 14:57:55 -0400
 35. Re: Is it possible to use qpopper with ssh?
       Jean-Bernard dot ADDOR at ras dot eu dot org
       Fri, 17 Jun 2005 15:27:32 -0400
 36. Re: Is it possible to use qpopper with ssh?
       Ken A <ka at pacific dot net>
       Fri, 17 Jun 2005 13:21:12 -0700
 37. Re: Invalid cross-device link
       Randall Gellens <randy at qualcomm dot com>
       Fri, 17 Jun 2005 15:28:16 -0700
 38. Re: Invalid cross-device link
       Randall Gellens <randy at qualcomm dot com>
       Fri, 17 Jun 2005 17:08:01 -0700
 39. Re: Is it possible to use qpopper with ssh?
       Jean-Bernard dot ADDOR at ras dot eu dot org
       Mon, 20 Jun 2005 22:57:35 -0400
 40. I/O error in SSL.
       Roy <garlic at garlic dot com>
       Sat, 23 Jul 2005 18:20:43 -0700
 41. incoming mail port 110 and 25?
       jeep at rahul dot net (Jeff Lacki)
       Sat, 30 Jul 2005 17:15:32 -0700 (PDT)
 42. Re: incoming mail port 110 and 25?
       Gregory Hicks <ghicks at cadence dot com>
       Sat, 30 Jul 2005 19:05:15 -0700 (PDT)
 43. Re: incoming mail port 110 and 25?
       Chip Old <fold at bcpl dot net>
       Sat, 30 Jul 2005 22:48:36 -0400 (EDT)
 44. port 25 and port 110 - got it
       jeep at rahul dot net (Jeff Lacki)
       Sat, 30 Jul 2005 19:51:43 -0700 (PDT)
 45. Re: PAM Authentication - For the record
       Randall Gellens <randy at qualcomm dot com>
       Wed, 3 Aug 2005 09:37:13 -0700
 46. remove
       Luciana Regina Lemos <luciana at model dot iag dot usp dot br>
       Wed, 3 Aug 2005 15:01:15 -0300 (BRT)
 47. Qpopper 4.1a2 available
       Randall Gellens <randy at qualcomm dot com>
       Wed, 3 Aug 2005 09:43:16 -0700
 48. qpopper 4.0.8 + mysql
       Martin Kellermann <Kellermann at sk-datentechnik dot com>
       Fri, 12 Aug 2005 17:59:25 +0200
 49. Re: qpopper 4.0.8 + mysql
       Daniel Senie <dts at senie dot com>
       Fri, 12 Aug 2005 12:44:35 -0400
 50. Re: qpopper 4.0.8 + mysql
       Ken A <ka at pacific dot net>
       Fri, 12 Aug 2005 15:36:03 -0700

Date: Wed, 25 May 2005 14:28:07 -0500
From: David Champion <dgc at uchicago dot edu>
Subject: Re: Invalid cross-device link

* On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
*	"Ken A" <ka@pacific.net> wrote:
> 
> But, if I put the temp drop on the same filesystem as the mail spool, 
> users can't check mail when they hit their hard quota. :-(
> 
> I'd like to have the temp drop on a different partition so quotas work, 
> but still use fast-update, since I'd like to keep disk i/o down as much 
> as possible. I'd appreciate any ideas.

Quotas have always been a problem for us.  There have been enough issues
that we basically couldn't't use filesystem-based quotas, and that's
one of the inspirations for the "happymail" extensions we developed.
It's not a direct answer to you situation, but it obliquely provides a
workaround for I/O issues, if not to storage constraints.

http://home.uchicago.edu/~dgc/sw/qpopper/index.html

Disclaimer: we don't really use this anymore, as we've been hauled
kicking and screaming by upper management into carefree turnkey mail
appliance blissful all day long land.  So I don't know how well this
works with current qpoppers -- it was developed on 4.0.5, and I don't
really maintain it anymore, since I can't defend that to mgmt and have
enough other projects for my free time.  (If anyone who uses it is
interested in taking over, please let me know.)

-- 
 -D.    dgc@uchicago.edu        NSIT    University of Chicago

Date: Wed, 25 May 2005 10:24:57 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Invalid cross-device link

On Wed, May 25, 2005 at 10:51:58AM -0700, Ken A wrote:
> I'm running the latest qpopper on FC3 with user quotas turned on.
> 
> With fast-update on, I see "Invalid cross-device link (18) 
> [pop_updt.c:770]" in the logs. I know this is normal for fast-update 
> when the spool and temp drop are on different partitions because of the 
> way rename works.
> 
> But, if I put the temp drop on the same filesystem as the mail spool, 
> users can't check mail when they hit their hard quota. :-(
> 
> I'd like to have the temp drop on a different partition so quotas work, 
> but still use fast-update, since I'd like to keep disk i/o down as much 
> as possible. I'd appreciate any ideas.

  This is inherently impossible due to issues with the Unix quota model
and filesystems.  "fast-update" is a simple relink, i.e. rename, to
replace the spool when the ideal case is hit; that is how it can do
essentially no I/O at this step.  Obviously this can only happen when
the two files exist on the same filesystem (indeed, in any OS I know
of, not just UNIX.)
  
  However, it's not possible in the UNIX model to have a user quota
that applies only to a portion of a filesystem, or to "all files except
...".  That sharply limits the usefulness of hard quotas if you have
the spool and the temp drop on the same filesystem, as you say.

  Finally, it would be a severe security risk if qpopper were to hold
superuser privileges until the end of the session, when they would be
needed if one were to juggle file ownership at that point (e.g. by
making the tempdrop file qpopper-owned and group writable until it were
swapped into place with the user's spool.)

  AFAIK, nobody's come up with a better way to juggle files that would
reconcile these issues.

  -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
                                            -- 'Whip-Smart', Liz Phair

Date: Wed, 25 May 2005 13:40:48 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Invalid cross-device link

David Champion wrote:
> * On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
> *	"Ken A" <ka@pacific.net> wrote:
> 
>>But, if I put the temp drop on the same filesystem as the mail spool, 
>>users can't check mail when they hit their hard quota. :-(
>>
>>I'd like to have the temp drop on a different partition so quotas work, 
>>but still use fast-update, since I'd like to keep disk i/o down as much 
>>as possible. I'd appreciate any ideas.
> 
> 
> Quotas have always been a problem for us.  There have been enough issues
> that we basically couldn't't use filesystem-based quotas, and that's
> one of the inspirations for the "happymail" extensions we developed.
> It's not a direct answer to you situation, but it obliquely provides a
> workaround for I/O issues, if not to storage constraints.
> 
> http://home.uchicago.edu/~dgc/sw/qpopper/index.html
> 
> Disclaimer: we don't really use this anymore, as we've been hauled
> kicking and screaming by upper management into carefree turnkey mail
> appliance blissful all day long land.  So I don't know how well this
> works with current qpoppers -- it was developed on 4.0.5, and I don't
> really maintain it anymore, since I can't defend that to mgmt and have
> enough other projects for my free time.  (If anyone who uses it is
> interested in taking over, please let me know.)
> 

Wow. That's very cool. I've been looking for a way to stop those 'check
every 1 minute' pop users. I think our support dept would be overwhelmed
with calls if users got "Please wait at least x minutes between checks".
I'd rather it just returned a fake "no new messages" response for x
minutes.

Thanks,
Ken Anderson
Pacific.Net


Date: Wed, 25 May 2005 14:47:39 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Invalid cross-device link



Clifton Royston wrote:
> On Wed, May 25, 2005 at 10:51:58AM -0700, Ken A wrote:
> 
>>I'm running the latest qpopper on FC3 with user quotas turned on.
>>
>>With fast-update on, I see "Invalid cross-device link (18) 
>>[pop_updt.c:770]" in the logs. I know this is normal for fast-update 
>>when the spool and temp drop are on different partitions because of the 
>>way rename works.
>>
>>But, if I put the temp drop on the same filesystem as the mail spool, 
>>users can't check mail when they hit their hard quota. :-(
>>
>>I'd like to have the temp drop on a different partition so quotas work, 
>>but still use fast-update, since I'd like to keep disk i/o down as much 
>>as possible. I'd appreciate any ideas.
> 
> 
>   This is inherently impossible due to issues with the Unix quota model
> and filesystems.  "fast-update" is a simple relink, i.e. rename, to
> replace the spool when the ideal case is hit; that is how it can do
> essentially no I/O at this step.  Obviously this can only happen when
> the two files exist on the same filesystem (indeed, in any OS I know
> of, not just UNIX.)
>   
>   However, it's not possible in the UNIX model to have a user quota
> that applies only to a portion of a filesystem, or to "all files except
> ...".  That sharply limits the usefulness of hard quotas if you have
> the spool and the temp drop on the same filesystem, as you say.
> 
>   Finally, it would be a severe security risk if qpopper were to hold
> superuser privileges until the end of the session, when they would be
> needed if one were to juggle file ownership at that point (e.g. by
> making the tempdrop file qpopper-owned and group writable until it were
> swapped into place with the user's spool.)
> 
>   AFAIK, nobody's come up with a better way to juggle files that would
> reconcile these issues.
> 
>   -- Clifton
> 

I think found a way to work around this, at least with linux kernel 2.4 
and up. The fix is to put the temp drop on a different partition so the 
quota system doesn't see it, and then use the vfs feature "mount --bind" 
to remount the temp drop filesystem as part of the /var/spool 
filesystem. ie: mount --bind /var/tempdrop /var/spool/tempdrop

This allows qpopper to rename files using fast-update, and since the 
quota system is looking at the underlying filesystem, it ignores files 
in the temp drop directory.

I'm not sure if this is intended behavior for quotas or not, so it may 
change if the quota system changes, but it certainly makes the using the 
quota system more 'flexible'. Please let me know if you see any problems 
with this approach.

Thanks,
Ken Anderson
Pacific.Net

Date: Wed, 25 May 2005 14:59:21 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Invalid cross-device link

On Wed, May 25, 2005 at 02:47:39PM -0700, Ken A wrote:
> Clifton Royston wrote:
> >On Wed, May 25, 2005 at 10:51:58AM -0700, Ken A wrote:
> >>I'm running the latest qpopper on FC3 with user quotas turned on.
> >>
> >>With fast-update on, I see "Invalid cross-device link (18) 
> >>[pop_updt.c:770]" in the logs. I know this is normal for fast-update 
> >>when the spool and temp drop are on different partitions because of the 
> >>way rename works.
> >>
> >>But, if I put the temp drop on the same filesystem as the mail spool, 
> >>users can't check mail when they hit their hard quota. :-(
> >>
> >>I'd like to have the temp drop on a different partition so quotas work, 
> >>but still use fast-update, since I'd like to keep disk i/o down as much 
> >>as possible. I'd appreciate any ideas.
> >
> >  This is inherently impossible due to issues with the Unix quota model
> >and filesystems.  "fast-update" is a simple relink, i.e. rename, to
> >replace the spool when the ideal case is hit; that is how it can do
> >essentially no I/O at this step.  Obviously this can only happen when
> >the two files exist on the same filesystem (indeed, in any OS I know
> >of, not just UNIX.)
> >  
> >  However, it's not possible in the UNIX model to have a user quota
> >that applies only to a portion of a filesystem, or to "all files except
> >...".  That sharply limits the usefulness of hard quotas if you have
> >the spool and the temp drop on the same filesystem, as you say.
> >
...
> I think found a way to work around this, at least with linux kernel 2.4 
> and up. The fix is to put the temp drop on a different partition so the 
> quota system doesn't see it, and then use the vfs feature "mount --bind" 
> to remount the temp drop filesystem as part of the /var/spool 
> filesystem. ie: mount --bind /var/tempdrop /var/spool/tempdrop
> 
> This allows qpopper to rename files using fast-update, and since the 
> quota system is looking at the underlying filesystem, it ignores files 
> in the temp drop directory.

  Wow.  I guess I never thought of trying something like that; I've got
to think about how that would work.  Other OSes may have something
similar available via unionfs mounts or the like, so it might be
feasible to do in other OSes.

> I'm not sure if this is intended behavior for quotas or not, so it may 
> change if the quota system changes, but it certainly makes the using the 
> quota system more 'flexible'. Please let me know if you see any problems 
> with this approach.

  I just talked to a more Linux-oriented friend who thinks this might
simply result in the same file copy happening, but hidden from you
because it's been pushed down into the kernel level where vfs resides. 
He's not sure, though.  Before concluding that this really had the
effect you want, I would try turning on detailed timing info; you might
find that the "relink" is now taking approximately as much time as the
file copy used to, because it's now actually doing a file copy.

  I'll be interested to hear the results.

  -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
                                            -- 'Whip-Smart', Liz Phair

Date: Thu, 26 May 2005 06:26:42 -0400
From: Joe Maimon <jmaimon at ttec dot com>
Subject: Re: Invalid cross-device link

David Champion wrote:
> * On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
> *	"Ken A" <ka@pacific.net> wrote:
> 
<snip>
> 
> Disclaimer: we don't really use this anymore, as we've been hauled
> kicking and screaming by upper management into carefree turnkey mail
> appliance blissful all day long land.  So I don't know how well this
> works with current qpoppers -- it was developed on 4.0.5, and I don't
> really maintain it anymore, since I can't defend that to mgmt and have
> enough other projects for my free time.  (If anyone who uses it is
> interested in taking over, please let me know.)
> 

I use it (patched) and I host patches for it.
Works EXCELLENT for quite some time.

I havent tested the patches with latest version yet....

http://www.jmaimon.com/qpopper


Date: Thu, 26 May 2005 10:39:11 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Invalid cross-device link

Clifton Royston wrote:
> On Wed, May 25, 2005 at 02:47:39PM -0700, Ken A wrote:
> 
>>Clifton Royston wrote:
>>
>>>On Wed, May 25, 2005 at 10:51:58AM -0700, Ken A wrote:
>>>
>>>>I'm running the latest qpopper on FC3 with user quotas turned on.
>>>>
>>>>With fast-update on, I see "Invalid cross-device link (18) 
>>>>[pop_updt.c:770]" in the logs. I know this is normal for fast-update 
>>>>when the spool and temp drop are on different partitions because of the 
>>>>way rename works.
>>>>
>>>>But, if I put the temp drop on the same filesystem as the mail spool, 
>>>>users can't check mail when they hit their hard quota. :-(
>>>>
>>>>I'd like to have the temp drop on a different partition so quotas work, 
>>>>but still use fast-update, since I'd like to keep disk i/o down as much 
>>>>as possible. I'd appreciate any ideas.
>>>
>>> This is inherently impossible due to issues with the Unix quota model
>>>and filesystems.  "fast-update" is a simple relink, i.e. rename, to
>>>replace the spool when the ideal case is hit; that is how it can do
>>>essentially no I/O at this step.  Obviously this can only happen when
>>>the two files exist on the same filesystem (indeed, in any OS I know
>>>of, not just UNIX.)
>>> 
>>> However, it's not possible in the UNIX model to have a user quota
>>>that applies only to a portion of a filesystem, or to "all files except
>>>...".  That sharply limits the usefulness of hard quotas if you have
>>>the spool and the temp drop on the same filesystem, as you say.
>>>
> 
> ...
> 
>>I think found a way to work around this, at least with linux kernel 2.4 
>>and up. The fix is to put the temp drop on a different partition so the 
>>quota system doesn't see it, and then use the vfs feature "mount --bind" 
>>to remount the temp drop filesystem as part of the /var/spool 
>>filesystem. ie: mount --bind /var/tempdrop /var/spool/tempdrop
>>
>>This allows qpopper to rename files using fast-update, and since the 
>>quota system is looking at the underlying filesystem, it ignores files 
>>in the temp drop directory.
> 
> 
>   Wow.  I guess I never thought of trying something like that; I've got
> to think about how that would work.  Other OSes may have something
> similar available via unionfs mounts or the like, so it might be
> feasible to do in other OSes.
> 
> 
>>I'm not sure if this is intended behavior for quotas or not, so it may 
>>change if the quota system changes, but it certainly makes the using the 
>>quota system more 'flexible'. Please let me know if you see any problems 
>>with this approach.
> 
> 
>   I just talked to a more Linux-oriented friend who thinks this might
> simply result in the same file copy happening, but hidden from you
> because it's been pushed down into the kernel level where vfs resides. 
> He's not sure, though.  Before concluding that this really had the
> effect you want, I would try turning on detailed timing info; you might
> find that the "relink" is now taking approximately as much time as the
> file copy used to, because it's now actually doing a file copy.
> --
>   I'll be interested to hear the results.

Qpopper's --enable-timing only resolves to seconds afaik, so I did some 
testing copying a large file with perl's Time::HiRes, and system("mv"). 
I'm assuming mv uses relink() just like qpopper. (not much of a C 
programmer here!)

Apparently, the mount --bind option doesn't really give any advantage
over leaving the temp-drop on a different partition. :-(

Time to copy on same partition: 0.147061
Time to move on same partition: 0.001959
Time to move to with bound partition: 0.150901
Time to move across partitions: 0.151158

Thanks,
Ken Anderson
Pacific.net

>   -- Clifton
> 



Date: Thu, 26 May 2005 14:45:25 -0500 (CDT)
From: Netlink Tech <tech at netlinkcom dot com>
Subject: I/O flushing output to client...Operation not permitted?

Hello,

I know this has been discussed before, but I still have not found a way to 
remedy this problem.
Users on slow connections with large/lots of messages end up having 
problems retrieving their messages. The following entry is logged.
(xxxx in place of host/username, etc. for privacy)

--------
May 26 09:43:58 xxxx popper[9100]: I/O error flushing output to client
xxxx at xxxx [xxx.xxx.xxx.xxx]: Operation not permitted (1) 
[pop_send.c:689]
--------

90%+ of the users are using Outlook Express...most of the remainder are 
using Outlook...some Eudora, Netscape Mail, or Mac versions.
  
My setup:

RedHat Linux 9.0
Dual Intel(R) Xeon(TM) CPU 2.40GHz (hyperthreading...Linux sees as 4 CPUs)
2GB RAM, 2GB swap.

Attached devices:
Host: scsi0 Channel: 00 Id: 00 Lun: 00
  Vendor: Promise  Model: 2+0 Stripe/RAID0 Rev: 1.10
  Type:   Direct-Access                    ANSI SCSI revision: 02

Qpopper version 4.0.5 (standalone)
Current configure options:
 ./configure --enable-poppassd --enable-shy --enable-chunky-writes=1 
--enable-hash-spool=2 --enable-temp-drop-dir=/var/spool/maildrop --enab
le-standalone --enable-debugging 

/var/spool/maildrop is in a different partition than /var/spool/mail

Started at boot (rc.local) with
/usr/local/sbin/popper 110 -scC -T 600

The server does not appear to have performance problems because of popper, 
but users that get these errors get frustrated. Sometimes they can wait a 
few minutes and retry and it works...sometimes we have to remove large 
messages from their mailbox.

I have tried a couple of other POP3 daemons (cucipop, popa3d), but I 
haven't found one that works well, uses hash mail dirs, doesn't give the 
users duplicate messages if they use pine as well as Outlook*, etc.

I would gladly provide additional information about my setup and this 
problem if it would help get me pointed in the direction of solving this 
problem.

Thanks!
Curt


Date: Thu, 26 May 2005 10:39:54 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: I/O flushing output to client...Operation not permitted?

On Thu, May 26, 2005 at 02:45:25PM -0500, Netlink Tech wrote:
> I know this has been discussed before, but I still have not found a way to 
> remedy this problem.
> Users on slow connections with large/lots of messages end up having 
> problems retrieving their messages. The following entry is logged.

  As stated in all the previous discussions, this indicates a problem
with the client causing the client to disconnect.  It has to be fixed
at the *client* side.

  Your comment "slow connections with large/lots of messages" points to
the client timing out and disconnecting, for which you'll need to
change timeouts in the client.  Outlook and Outlook Express are indeed
notorious culprits.

...
> The server does not appear to have performance problems because of popper, 
> but users that get these errors get frustrated. Sometimes they can wait a 
> few minutes and retry and it works...sometimes we have to remove large 
> messages from their mailbox.

  Again, this last points strongly to the client failing to handle the
messages.  (I've seen cases of large messages or normal-sized messages
with odd MIME structure which would crash or stall Outlook Express
everytime it tried to read them, and just had to be deleted before the
user could retrieve mail again.)

  -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
                                            -- 'Whip-Smart', Liz Phair

Date: Thu, 26 May 2005 11:16:08 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Invalid cross-device link

On Thu, May 26, 2005 at 10:39:11AM -0700, Ken A wrote:
> Clifton Royston wrote:
> >On Wed, May 25, 2005 at 02:47:39PM -0700, Ken A wrote:
...
> >>I think found a way to work around this, at least with linux kernel 2.4 
> >>and up. The fix is to put the temp drop on a different partition so the 
> >>quota system doesn't see it, and then use the vfs feature "mount --bind" 
> >>to remount the temp drop filesystem as part of the /var/spool 
> >>filesystem. ie: mount --bind /var/tempdrop /var/spool/tempdrop
> >>
> >>This allows qpopper to rename files using fast-update, and since the 
> >>quota system is looking at the underlying filesystem, it ignores files 
> >>in the temp drop directory.
...
> >  I just talked to a more Linux-oriented friend who thinks this might
> >simply result in the same file copy happening, but hidden from you
> >because it's been pushed down into the kernel level where vfs resides. 
> >He's not sure, though.  Before concluding that this really had the
> >effect you want, I would try turning on detailed timing info; you might
> >find that the "relink" is now taking approximately as much time as the
> >file copy used to, because it's now actually doing a file copy.
> >  I'll be interested to hear the results.
> 
> Qpopper's --enable-timing only resolves to seconds afaik, so I did some 
> testing copying a large file with perl's Time::HiRes, and system("mv"). 
> I'm assuming mv uses relink() just like qpopper. (not much of a C 
> programmer here!)
> 
> Apparently, the mount --bind option doesn't really give any advantage
> over leaving the temp-drop on a different partition. :-(
> 
> Time to copy on same partition: 0.147061
> Time to move on same partition: 0.001959
> Time to move to with bound partition: 0.150901
> Time to move across partitions: 0.151158

  Oh well, TANSTAAFL, I guess.  I was really hoping you were on to
something here, but logic was telling me it couldn't be that good. :-/

  Thanks for the followup!

  -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
                                            -- 'Whip-Smart', Liz Phair

Date: Thu, 26 May 2005 11:18:22 -1000
From: Clifton Royston <cliftonr at lava dot net>
Subject: Re: Invalid cross-device link

On Thu, May 26, 2005 at 06:26:42AM -0400, Joe Maimon wrote:
> David Champion wrote:
> >* On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
> >*	"Ken A" <ka@pacific.net> wrote:
> <snip>
> >
> >Disclaimer: we don't really use this anymore, as we've been hauled
> >kicking and screaming by upper management into carefree turnkey mail
> >appliance blissful all day long land.  So I don't know how well this
> >works with current qpoppers -- it was developed on 4.0.5, and I don't
> >really maintain it anymore, since I can't defend that to mgmt and have
> >enough other projects for my free time.  (If anyone who uses it is
> >interested in taking over, please let me know.)
> 
> I use it (patched) and I host patches for it.
> Works EXCELLENT for quite some time.

  This is the "Happymail" patch we're talking about here, right?  

  If so, it pretty much solved all our mailserver load headaches.  The
bigger the mailbox, the less often they are allowed to check it; this
makes the load on the server virtually flat.

  I also enthusiastically endorse it.
  -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
                                            -- 'Whip-Smart', Liz Phair

Date: Thu, 26 May 2005 17:53:40 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: I/O flushing output to client...Operation not permitted?

At 04:39 PM 5/26/2005, Clifton Royston wrote:
>On Thu, May 26, 2005 at 02:45:25PM -0500, Netlink Tech wrote:
> > I know this has been discussed before, but I still have not found a way to
> > remedy this problem.
> > Users on slow connections with large/lots of messages end up having
> > problems retrieving their messages. The following entry is logged.
>
>   As stated in all the previous discussions, this indicates a problem
>with the client causing the client to disconnect.  It has to be fixed
>at the *client* side.
>
>   Your comment "slow connections with large/lots of messages" points to
>the client timing out and disconnecting, for which you'll need to
>change timeouts in the client.  Outlook and Outlook Express are indeed
>notorious culprits.

Indeed, I think we should change the message that qpopper emits to say "It 
appears the client disconnected the TCP session."

>...
> > The server does not appear to have performance problems because of popper,
> > but users that get these errors get frustrated. Sometimes they can wait a
> > few minutes and retry and it works...sometimes we have to remove large
> > messages from their mailbox.
>
>   Again, this last points strongly to the client failing to handle the
>messages.  (I've seen cases of large messages or normal-sized messages
>with odd MIME structure which would crash or stall Outlook Express
>everytime it tried to read them, and just had to be deleted before the
>user could retrieve mail again.)

I'd also encourage checking of antivirus package presence. Most of the AV 
packages insert themselves as proxies and try to run the POP session 
themselves. In the course of things, they manage to work really badly. It's 
really too bad, too, as apparently the mail client programs all have API 
interfaces into which the AV programs could plug. Doing so would permit the 
mail client to handle the POP and SMTP protocols (including encryption, 
etc.) and let the AV folks do virus scanning. Why not have each do what it 
was designed for?



Date: Thu, 26 May 2005 18:23:27 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: Invalid cross-device link

At 05:18 PM 5/26/2005, Clifton Royston wrote:
>On Thu, May 26, 2005 at 06:26:42AM -0400, Joe Maimon wrote:
> > David Champion wrote:
> > >* On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
> > >*    "Ken A" <ka@pacific.net> wrote:
> > <snip>
> > >
> > >Disclaimer: we don't really use this anymore, as we've been hauled
> > >kicking and screaming by upper management into carefree turnkey mail
> > >appliance blissful all day long land.  So I don't know how well this
> > >works with current qpoppers -- it was developed on 4.0.5, and I don't
> > >really maintain it anymore, since I can't defend that to mgmt and have
> > >enough other projects for my free time.  (If anyone who uses it is
> > >interested in taking over, please let me know.)
> >
> > I use it (patched) and I host patches for it.
> > Works EXCELLENT for quite some time.
>
>   This is the "Happymail" patch we're talking about here, right?
>
>   If so, it pretty much solved all our mailserver load headaches.  The
>bigger the mailbox, the less often they are allowed to check it; this
>makes the load on the server virtually flat.
>
>   I also enthusiastically endorse it.
>

Are these features that would make sense to consider integrating into the 
qpopper code base and configuring with options?




Date: Thu, 26 May 2005 21:40:51 -0400
From: Joe Maimon <jmaimon at ttec dot com>
Subject: Re: Invalid cross-device link



Daniel Senie wrote:
> At 05:18 PM 5/26/2005, Clifton Royston wrote:
> 
>> On Thu, May 26, 2005 at 06:26:42AM -0400, Joe Maimon wrote:
>> > David Champion wrote:
>> > >* On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
>> > >*    "Ken A" <ka@pacific.net> wrote:
>> > <snip>
>> > >
>> > >Disclaimer: we don't really use this anymore, as we've been hauled
>> > >kicking and screaming by upper management into carefree turnkey mail
>> > >appliance blissful all day long land.  So I don't know how well this
>> > >works with current qpoppers -- it was developed on 4.0.5, and I don't
>> > >really maintain it anymore, since I can't defend that to mgmt and have
>> > >enough other projects for my free time.  (If anyone who uses it is
>> > >interested in taking over, please let me know.)
>> >
>> > I use it (patched) and I host patches for it.
>> > Works EXCELLENT for quite some time.
>>
>>   This is the "Happymail" patch we're talking about here, right?
>>
>>   If so, it pretty much solved all our mailserver load headaches.  The
>> bigger the mailbox, the less often they are allowed to check it; this
>> makes the load on the server virtually flat.
>>
>>   I also enthusiastically endorse it.
>>
> 
> Are these features that would make sense to consider integrating into 
> the qpopper code base and configuring with options?
> 
> 

I would vote for rate limiting by user,ip relevant to mailbox size to be 
a standard feature, whether it is by use of this aproach or any other.




Date: Thu, 26 May 2005 22:56:06 -0400
From: Joe Maimon <jmaimon at ttec dot com>
Subject: Re: Invalid cross-device link



Joe Maimon wrote:
> David Champion wrote:
> 
>> * On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
>> *    "Ken A" <ka@pacific.net> wrote:
>>
> <snip>
> 
>>
>> Disclaimer: we don't really use this anymore, as we've been hauled
>> kicking and screaming by upper management into carefree turnkey mail
>> appliance blissful all day long land.  So I don't know how well this
>> works with current qpoppers -- it was developed on 4.0.5, and I don't
>> really maintain it anymore, since I can't defend that to mgmt and have
>> enough other projects for my free time.  (If anyone who uses it is
>> interested in taking over, please let me know.)
>>
> 
> I use it (patched) and I host patches for it.
> Works EXCELLENT for quite some time.
> 
> I havent tested the patches with latest version yet....
> 
> http://www.jmaimon.com/qpopper
> 
> 
(
the above was supposed to read like this:
I use a patched happymail patch
)

There are now 4.0.8 versions of the patches at

http://www.jmaimon.com/qpopper
http://www.jmaimon.com/qpopper/patches

Any and all feedback welcome.

Date: Fri, 27 May 2005 08:06:42 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Invalid cross-device link

ive.org>
In-Reply-To: <534204074930414934716@lists.pensive.org>
X-Enigmail-Version: 0.90.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



Joe Maimon wrote:
> 
> 
> Daniel Senie wrote:
> 
>> At 05:18 PM 5/26/2005, Clifton Royston wrote:
>>
>>> On Thu, May 26, 2005 at 06:26:42AM -0400, Joe Maimon wrote:
>>> > David Champion wrote:
>>> > >* On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
>>> > >*    "Ken A" <ka@pacific.net> wrote:
>>> > <snip>
>>> > >
>>> > >Disclaimer: we don't really use this anymore, as we've been hauled
>>> > >kicking and screaming by upper management into carefree turnkey mail
>>> > >appliance blissful all day long land.  So I don't know how well this
>>> > >works with current qpoppers -- it was developed on 4.0.5, and I don't
>>> > >really maintain it anymore, since I can't defend that to mgmt and 
>>> have
>>> > >enough other projects for my free time.  (If anyone who uses it is
>>> > >interested in taking over, please let me know.)
>>> >
>>> > I use it (patched) and I host patches for it.
>>> > Works EXCELLENT for quite some time.
>>>
>>>   This is the "Happymail" patch we're talking about here, right?
>>>
>>>   If so, it pretty much solved all our mailserver load headaches.  The
>>> bigger the mailbox, the less often they are allowed to check it; this
>>> makes the load on the server virtually flat.
>>>
>>>   I also enthusiastically endorse it.
>>>
>>
>> Are these features that would make sense to consider integrating into 
>> the qpopper code base and configuring with options?
>>
>>
> 
> I would vote for rate limiting by user,ip relevant to mailbox size to be 
> a standard feature, whether it is by use of this aproach or any other.
> 
> 

I would also like to see some way to limit users (per user) to a number 
of pop3 checks per minute, but without generating support calls because 
of an error message. It would be better to simply return "no new 
messages on server" for x minutes if possible (still with no i/o). I'm 
not at all sure how difficult that change would be to implement.

Short of that, I'd definitely like to see the HappyMail patch put into 
the main codebase.

Ken Anderson
Pacific.Net


Date: Fri, 27 May 2005 11:26:10 -0400
From: Joe Maimon <jmaimon at ttec dot com>
Subject: Re: Invalid cross-device link

 <531998420009172981473@lists.pensive.org>
In-Reply-To: <531998420009172981473@lists.pensive.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



Ken A wrote:
> 
<snip>
> of an error message. It would be better to simply return "no new 
> messages on server" for x minutes if possible (still with no i/o). I'm 
> not at all sure how difficult that change would be to implement.

This is an interesting idea.

> 
> Short of that, I'd definitely like to see the HappyMail patch put into 
> the main codebase.
> 
> Ken Anderson
> Pacific.Net
> 
> 

Date: Fri, 27 May 2005 10:26:28 -0500
From: David Champion <dgc at uchicago dot edu>
Subject: Re: Invalid cross-device link

ive.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <531998420009172981473@lists.pensive.org>
X-Comment: no
User-Agent: Mutt/1.5.8i
X-Decanonizer: decanon-milter version 0.2005.05.10
	for j4RFQS1W022264 from localhost [127.0.0.1]
	at 1117207588: Fri May 27 15:26:28 2005 [0.165s]

[Daniel Senie:]
>> Are these features that would make sense to consider integrating into        
>> the qpopper code base and configuring with options?                          

I think so (perhaps obviously).  We used the patch for about three years
between developing it and being switched over to a mail appliance for
most of our users.  It's still in production here for a small subset of
users, though.

The happymail features are all configurable with config file and/or
command-line options, and they are completely inactive if you don't set
those options.  It might be worth a compile-time option in configure.in,
but only (to my thinking) to detect whether the system supports System V
shared memory.


* On 2005.05.27, in <531998420009172981473@lists.pensive.org>,
*	"Ken A" <ka@pacific.net> wrote:
> 
> I would also like to see some way to limit users (per user) to a number 
> of pop3 checks per minute, but without generating support calls because 
> of an error message. It would be better to simply return "no new 
> messages on server" for x minutes if possible (still with no i/o). I'm 
> not at all sure how difficult that change would be to implement.

This can be a runtime option.


> Short of that, I'd definitely like to see the HappyMail patch put into 
> the main codebase.

I know I've said this before, but I'll look soon at the pending requests
on happymail and at Joe's patches, and put together an updated,
integrated patch suitable for inclusion in the core code base.  If
nothing else, it'll be a better basis for a new maintainer, and a more
respectable handoff on my part. :)

-- 
 -D.    dgc@uchicago.edu        NSIT    University of Chicago

Date: Fri, 27 May 2005 09:58:48 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Invalid cross-device link



David Champion wrote:
> [Daniel Senie:]
> 
>>>Are these features that would make sense to consider integrating into        
>>>the qpopper code base and configuring with options?                          
> 
> 
> I think so (perhaps obviously).  We used the patch for about three years
> between developing it and being switched over to a mail appliance for
> most of our users.  It's still in production here for a small subset of
> users, though.
> 
> The happymail features are all configurable with config file and/or
> command-line options, and they are completely inactive if you don't set
> those options.  It might be worth a compile-time option in configure.in,
> but only (to my thinking) to detect whether the system supports System V
> shared memory.
> 
> 
> * On 2005.05.27, in <531998420009172981473@lists.pensive.org>,
> *	"Ken A" <ka@pacific.net> wrote:
> 
>>I would also like to see some way to limit users (per user) to a number 
>>of pop3 checks per minute, but without generating support calls because 
>>of an error message. It would be better to simply return "no new 
>>messages on server" for x minutes if possible (still with no i/o). I'm 
>>not at all sure how difficult that change would be to implement.
> 
> 
> This can be a runtime option.
> 

That would be ideal. We frequently have hundreds of 50-60MB mailboxes 
that are checked every 1 minute. Simply reducing that to every 5 
minutes, without generating support calls would make a huge difference.

Thanks,
Ken Anderson
Pacific.Net


> 
>>Short of that, I'd definitely like to see the HappyMail patch put into 
>>the main codebase.
> 
> 
> I know I've said this before, but I'll look soon at the pending requests
> on happymail and at Joe's patches, and put together an updated,
> integrated patch suitable for inclusion in the core code base.  If
> nothing else, it'll be a better basis for a new maintainer, and a more
> respectable handoff on my part. :)
> 

Date: Fri, 27 May 2005 12:22:19 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: Invalid cross-device link

At 11:06 AM 5/27/2005, Ken A wrote:

>ive.org>
>In-Reply-To: <534204074930414934716@lists.pensive.org>
>X-Enigmail-Version: 0.90.0.0
>X-Enigmail-Supports: pgp-inline, pgp-mime
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>Content-Transfer-Encoding: 7bit
>
>
>
>Joe Maimon wrote:
> >
> >
> > Daniel Senie wrote:
> >
> >> At 05:18 PM 5/26/2005, Clifton Royston wrote:
> >>
> >>> On Thu, May 26, 2005 at 06:26:42AM -0400, Joe Maimon wrote:
> >>> > David Champion wrote:
> >>> > >* On 2005.05.25, in <354389691742339378962@lists.pensive.org>,
> >>> > >*    "Ken A" <ka@pacific.net> wrote:
> >>> > <snip>
> >>> > >
> >>> > >Disclaimer: we don't really use this anymore, as we've been hauled
> >>> > >kicking and screaming by upper management into carefree turnkey mail
> >>> > >appliance blissful all day long land.  So I don't know how well this
> >>> > >works with current qpoppers -- it was developed on 4.0.5, and I don't
> >>> > >really maintain it anymore, since I can't defend that to mgmt and
> >>> have
> >>> > >enough other projects for my free time.  (If anyone who uses it is
> >>> > >interested in taking over, please let me know.)
> >>> >
> >>> > I use it (patched) and I host patches for it.
> >>> > Works EXCELLENT for quite some time.
> >>>
> >>>   This is the "Happymail" patch we're talking about here, right?
> >>>
> >>>   If so, it pretty much solved all our mailserver load headaches.  The
> >>> bigger the mailbox, the less often they are allowed to check it; this
> >>> makes the load on the server virtually flat.
> >>>
> >>>   I also enthusiastically endorse it.
> >>>
> >>
> >> Are these features that would make sense to consider integrating into
> >> the qpopper code base and configuring with options?
> >>
> >>
> >
> > I would vote for rate limiting by user,ip relevant to mailbox size to be
> > a standard feature, whether it is by use of this aproach or any other.
> >
> >
>
>I would also like to see some way to limit users (per user) to a number
>of pop3 checks per minute, but without generating support calls because
>of an error message. It would be better to simply return "no new
>messages on server" for x minutes if possible (still with no i/o). I'm
>not at all sure how difficult that change would be to implement.

Yes, this would be my preference too. We get enough support calls from 
people who reboot their computer during a download and then can't get back 
in while the server waits to time out their TCP session. Don't need more 
from this case. Returning a "thanks, no new messages" would be perfect. And 
yes, it'd have to happen without actually reading the mailbox. Guess a 
"last checked time" database would be needed.


>Short of that, I'd definitely like to see the HappyMail patch put into
>the main codebase.
>
>Ken Anderson
>Pacific.Net


Date: Fri, 27 May 2005 17:24:43 -0500
From: David Champion <dgc at uchicago dot edu>
Subject: Re: Invalid cross-device link

ive.org> <655601729930773826546@lists.pensive.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <655601729930773826546@lists.pensive.org>
X-Comment: no
User-Agent: Mutt/1.5.8i
X-Decanonizer: current version 0.2005.05.10
	for j4RMOhww016410 from localhost [127.0.0.1]
	at 1117232684: Fri May 27 22:24:44 2005 [0.172s]

* On 2005.05.27, in <655601729930773826546@lists.pensive.org>,
*	"Daniel Senie" <dts@senie.com> wrote:
>
> yes, it'd have to happen without actually reading the mailbox. Guess a 
> "last checked time" database would be needed.

That's actually the point of the patch.  It adjusts a user's allowable
check frequency based on his or her individual usage, and remembers the
last check time for each user separately.

The only thing in this that's not done is allowing the response message
to be configured.  And that's necessary; I won't change it evenly to "No
new messages" across the board.  The original proof of concept patch did
that, and our support center objected that they'd get calls from people
who got "no new messages" and then a big flood of new messages on the
next check.  They *wanted* an error response.

I'll make it a runtime option.

-- 
 -D.    dgc@uchicago.edu        NSIT    University of Chicago

Date: Fri, 27 May 2005 16:54:34 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Invalid cross-device link

 <375767834187370490141@lists.pensive.org>
In-Reply-To: <375767834187370490141@lists.pensive.org>
X-Enigmail-Version: 0.90.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



David Champion wrote:
> ive.org> <655601729930773826546@lists.pensive.org>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> In-Reply-To: <655601729930773826546@lists.pensive.org>
> X-Comment: no
> User-Agent: Mutt/1.5.8i
> X-Decanonizer: current version 0.2005.05.10
> 	for j4RMOhww016410 from localhost [127.0.0.1]
> 	at 1117232684: Fri May 27 22:24:44 2005 [0.172s]
> 
> * On 2005.05.27, in <655601729930773826546@lists.pensive.org>,
> *	"Daniel Senie" <dts@senie.com> wrote:
> 
>>yes, it'd have to happen without actually reading the mailbox. Guess a 
>>"last checked time" database would be needed.
> 
> 
> That's actually the point of the patch.  It adjusts a user's allowable
> check frequency based on his or her individual usage, and remembers the
> last check time for each user separately.
> 
> The only thing in this that's not done is allowing the response message
> to be configured.  And that's necessary; I won't change it evenly to "No
> new messages" across the board.  The original proof of concept patch did
> that, and our support center objected that they'd get calls from people
> who got "no new messages" and then a big flood of new messages on the
> next check.  They *wanted* an error response.
> 
> I'll make it a runtime option.
> 

Thank you! I think the 'no new messages' is probably preferable if you 
intend to set happymail-base to a low value. There should be no big 
flood of mail in this case. Where rate limiting could result in larger 
delays for mail, then the error message is probably preferable. Making 
it a runtime option is perfect way to allow for both configurations of 
HappyMail.

Ken Anderson
Pacific.Net

Date: Mon, 30 May 2005 12:33:50 -0400
From: Joe Maimon <jmaimon at ttec dot com>
Subject: Re: Invalid cross-device link

 <531998420009172981473@lists.pensive.org>
In-Reply-To: <531998420009172981473@lists.pensive.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



Ken A wrote:
<snip>
> 
> Joe Maimon wrote:
> 
>>
>>Daniel Senie wrote:
>>
>>
>>>At 05:18 PM 5/26/2005, Clifton Royston wrote:
>>>
>>>
>>>>On Thu, May 26, 2005 at 06:26:42AM -0400, Joe Maimon wrote:
<snip>
>>>>
<snip>
>>
>>
> 
> 
> I would also like to see some way to limit users (per user) to a number 
> of pop3 checks per minute, but without generating support calls because 
> of an error message. It would be better to simply return "no new 
> messages on server" for x minutes if possible (still with no i/o). I'm 
> not at all sure how difficult that change would be to implement.
> 
> Short of that, I'd definitely like to see the HappyMail patch put into 
> the main codebase.
> 
> Ken Anderson
> Pacific.Net
> 
> 
I have posted a minimally tested patch to the happymail patch which does 
exactly that.

http://www.jmaimon.com/qpopper/#happy-pl8-jmpl5

Basically the patch causes popper to return early from pop_dropcopy() 
and from pop_updt() before any IO is done.



Date: Tue, 31 May 2005 09:32:28 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Invalid cross-device link

 <531998420009172981473@lists.pensive.org> <429B406E.50800@ttec.com>
In-Reply-To: <429B406E.50800@ttec.com>
X-Enigmail-Version: 0.90.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



Joe Maimon wrote:
> 
> 
> Ken A wrote:
> <snip>
> 
>>
>> Joe Maimon wrote:
>>
>>>
>>> Daniel Senie wrote:
>>>
>>>
>>>> At 05:18 PM 5/26/2005, Clifton Royston wrote:
>>>>
>>>>
>>>>> On Thu, May 26, 2005 at 06:26:42AM -0400, Joe Maimon wrote:
> 
> <snip>
> 
>>>>>
> <snip>
> 
>>>
>>>
>>
>>
>> I would also like to see some way to limit users (per user) to a 
>> number of pop3 checks per minute, but without generating support calls 
>> because of an error message. It would be better to simply return "no 
>> new messages on server" for x minutes if possible (still with no i/o). 
>> I'm not at all sure how difficult that change would be to implement.
>>
>> Short of that, I'd definitely like to see the HappyMail patch put into 
>> the main codebase.
>>
>> Ken Anderson
>> Pacific.Net
>>
>>
> I have posted a minimally tested patch to the happymail patch which does 
> exactly that.
> 
> http://www.jmaimon.com/qpopper/#happy-pl8-jmpl5
> 
> Basically the patch causes popper to return early from pop_dropcopy() 
> and from pop_updt() before any IO is done.
> 
> 

There seem to be some issues with this patch. It stalls the pop3 session 
after getting the password for about 15 seconds, then says 'no new 
messages in the MUA (tested with thunderbird & command line).

Thanks,
Ken A


> 

Date: Wed, 01 Jun 2005 01:26:02 -0400
From: Joe Maimon <jmaimon at ttec dot com>
Subject: Re: Invalid cross-device link

 <637048168641534072087@lists.pensive.org>
In-Reply-To: <637048168641534072087@lists.pensive.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



Ken A wrote:
<snip>
> 
> There seem to be some issues with this patch. It stalls the pop3 session 
> after getting the password for about 15 seconds, then says 'no new 
> messages in the MUA (tested with thunderbird & command line).
> 
> Thanks,
> Ken A
> 
> 
New version posted.

http://www.jmaimon.com/qpopper/patches/happymail-sleep-seconds.pl5b.408.patch
http://www.jmaimon.com/qpopper/


Thanks for the report.

Subject: Capturing "entered" passwords.
Date: Thu, 2 Jun 2005 13:43:21 -0400
From: "Drew Weaver" <drew dot weaver at thenap dot com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5679A.91736CD4
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

            In FreeRadius there is a mechanism to capture what passwords
the users enter in order to troubleshoot their connectivity. (you can
set it to log successful authentications, unsuccessful authentications,
or both) and it will actually log what password the client is sending to
the server. This is useful for multiple reasons. Is there any way to do
this in qpopper?

 

Thanks,

-Drew

 


------_=_NextPart_001_01C5679A.91736CD4
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o="urn:schemas-microsoft-com:office:office" 
xmlns:w="urn:schemas-microsoft-com:office:word" 
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; 
charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span 
style='font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; In FreeRadius there is a mechanism to capture
what passwords the users enter in order to troubleshoot their 
connectivity.
(you can set it to log successful authentications, unsuccessful
authentications, or both) and it will actually log what password the 
client is
sending to the server. This is useful for multiple reasons. Is there any 
way to
do this in qpopper?<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span 
style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span 
style='font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span 
style='font-size:10.0pt;
font-family:Arial'>-Drew<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span 
style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>

------_=_NextPart_001_01C5679A.91736CD4--

Date: Sat, 4 Jun 2005 20:07:38 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Capturing "entered" passwords.

At 1:43 PM -0400 6/2/05, Drew Weaver wrote:

>              In FreeRadius there is a mechanism to capture what 
> passwords the users enter in order to troubleshoot their 
> connectivity. (you can set it to log successful authentications, 
> unsuccessful authentications, or both) and it will actually log 
> what password the client is sending to the server. This is useful 
> for multiple reasons. Is there any way to do this in qpopper?

Useful, but also a security risk, and also for multiple reasons.

The only way to get Qpopper to log passwords would be to comment out 
the line that replaces the password with "xxxxxxxxx" before logging, 
then recompile.


-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly-selected tag: ---------------
Once a job is fouled up, anything done to improve it only makes
it worse.

Date: Mon, 06 Jun 2005 09:30:36 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Capturing "entered" passwords.

Randall Gellens wrote:
> At 1:43 PM -0400 6/2/05, Drew Weaver wrote:
> 
>>              In FreeRadius there is a mechanism to capture what 
>> passwords the users enter in order to troubleshoot their connectivity. 
>> (you can set it to log successful authentications, unsuccessful 
>> authentications, or both) and it will actually log what password the 
>> client is sending to the server. This is useful for multiple reasons. 
>> Is there any way to do this in qpopper?
> 
> 
> Useful, but also a security risk, and also for multiple reasons.
> 
> The only way to get Qpopper to log passwords would be to comment out the 
> line that replaces the password with "xxxxxxxxx" before logging, then 
> recompile.
> 

Safer to `ngrep -l -q -w 'USER|PASS' port 110` for a few seconds IF 
these are unencrypted sessions.

Ken A
Pacific.Net

Date: Thu, 16 Jun 2005 16:10:32 -0400
From: Jean-Bernard dot ADDOR at ras dot eu dot org
Subject: Is it possible to use qpopper with ssh?

Hello,

Is it possible to use qpopper through a ssh connection ? Like:

ssh my.pop.server.net /usr/sbin/in.qpopper

I made a try and I have the impression I have to start with USER and PASS commands, even if I am alredy loged throught ssh, which is in itself not a big problem. The problem I noticed is with the PASS command qpopper complains about accessing the password
 file and die and the connection is broken.

Any suggestion ? Can I do that with qpopper or do I need to compile another popd, which one ?

Have a nice day,

	Jean-Bernard

From: "Alan W dot  Rateliff, II" <lists at rateliff dot net>
Subject: RE: Is it possible to use qpopper with ssh?
Date: Thu, 16 Jun 2005 23:24:50 -0400

> -----Original Message-----
> From: Jean-Bernard.ADDOR@ras.eu.org 
> [mailto:Jean-Bernard.ADDOR@ras.eu.org] 
> Sent: Thursday, June 16, 2005 4:11 PM
> To: Subscribers of Qpopper
> Subject: Is it possible to use qpopper with ssh?
> 
> Hello,
> 
> Is it possible to use qpopper through a ssh connection ? Like:
> 
> ssh my.pop.server.net /usr/sbin/in.qpopper
> 
> I made a try and I have the impression I have to start with 
> USER and PASS commands, even if I am alredy loged throught 
> ssh, which is in itself not a big problem. The problem I 
> noticed is with the PASS command qpopper complains about 
> accessing the password
>  file and die and the connection is broken.

I'm not quite sute what you're trying to accomplish, and I have a couple of
theories on why this fails.  Why not just create a tunnel through SSH to
access a QPopper running in inetd or as a stand-alone server on the far end?

-- 
       Alan W. Rateliff, II        :       RATELIFF.NET
 Independent Technology Consultant :    alan2@rateliff.net
      (Office) 850/350-0260        :  (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]

 


Date: Fri, 17 Jun 2005 08:09:48 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: Is it possible to use qpopper with ssh?

At 04:10 PM 6/16/2005, Jean-Bernard.ADDOR@ras.eu.org wrote:
>Hello,
>
>Is it possible to use qpopper through a ssh connection ? Like:
>
>ssh my.pop.server.net /usr/sbin/in.qpopper
>
>I made a try and I have the impression I have to start with USER and PASS 
>commands, even if I am alredy loged throught ssh, which is in itself not a 
>big problem. The problem I noticed is with the PASS command qpopper 
>complains about accessing the password
>  file and die and the connection is broken.
>
>Any suggestion ? Can I do that with qpopper or do I need to compile 
>another popd, which one ?

You're configuring a tunnel using SSH for the POP traffic. The POP server 
software (qpopper) doesn't have any special knowledge of this. To it, the 
POP session is originating on the end of the SSH tunnel nearest to it. So 
qpopper would still need username and password.

This is as it should be anyway, I would think. Consider that you might have 
multiple POP accounts active on a mail server that you check from your 
laptop. You could use SSH to establish a tunnel to transport the POP 
traffic, then check email for the multiple accounts. POP server would need 
the username and password for each anyway.

Also consider that in some server configurations, the login name space used 
by SSH and the mailbox name space used by qpopper might be independent of 
one another.

Dan 


Date: Fri, 17 Jun 2005 07:56:59 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Is it possible to use qpopper with ssh?

Jean-Bernard.ADDOR@ras.eu.org wrote:
> Hello,
> 
> Is it possible to use qpopper through a ssh connection ? Like:
> 
> ssh my.pop.server.net /usr/sbin/in.qpopper

no. using ssh that way doesn't give you the ability to run interactive 
commands on the remote host. It would be the same for any daemon that 
required an interactive session; sendmail, telnet, etc..

If you really wanted to do this, you could create a perl script that 
uses Mail::Pop3 to send the contents of a mailbox back using a single 
command line like:
"ssh my.pop.server.net /usr/local/bin/getmymail.pl $user $pass $function"
Function could be something like 'delete 1' or 'list all', etc..
You could store the passwords on the qpopper server or pass them on the 
command line - either way is insecure! The script would have to handle 
all possible responses from qpopper.
Not sure why this would ever be a good idea...

Ken

> I made a try and I have the impression I have to start with USER and PASS commands, even if I am alredy loged throught ssh, which is in itself not a big problem. The problem I noticed is with the PASS command qpopper complains about accessing the pas
rd
>  file and die and the connection is broken.
> 
> Any suggestion ? Can I do that with qpopper or do I need to compile another popd, which one ?
> 
> Have a nice day,
> 
> 	Jean-Bernard
> 
> 

Date: Fri, 17 Jun 2005 08:49:32 -0400
From: Jean-Bernard dot ADDOR at ras dot eu dot org
Subject: Re: Is it possible to use qpopper with ssh?

Hello,

Thanks for your reply. I am using a modem connection and the sylpheed client. As many modem users working offline, I make a lot of short modem connections. At the time, my client supports any command for sending. This was probably done to use the local "s
endmail" command on unix systems, but I often use it to send to remote sendmail server where I have shell access. Do do it I just replaced the "sendmail" command by "ssh remote.server.org sendmail --some-options". This allows for compression which may be 
interesting for long text messages over a slow modem connexion. As the "ssh" command is inside the configuration of the client, there is no need to establish a ssh tunnel after each modem connection, you just start the modem and send through the regular c
ommand of the client.

At some point I remembered that the "pine" client could be configured to use a "ssh remote.server.org /usr/lib/rpopd" command to access a pop (or imap) server. Then I asked me if this approach could work with Qpopper, because I have an mail account on a s
erver which uses Qpopper, and to which I can ssh. As suggested a tunnel would allow me to use compression, but I would have to start it manually after each modem connection, the "ssh" command would be configured into the client and would reduce the number
 of manipulations at each connection.

Have a nice day,

	Jean-Bernard

On Thu, 16 Jun 2005 23:24:50 -0400
"Alan W. Rateliff, II" <lists@rateliff.net> wrote:

> > -----Original Message-----
> > From: Jean-Bernard.ADDOR@ras.eu.org 
> > [mailto:Jean-Bernard.ADDOR@ras.eu.org] 
> > Sent: Thursday, June 16, 2005 4:11 PM
> > To: Subscribers of Qpopper
> > Subject: Is it possible to use qpopper with ssh?
> > 
> > Hello,
> > 
> > Is it possible to use qpopper through a ssh connection ? Like:
> > 
> > ssh my.pop.server.net /usr/sbin/in.qpopper
> > 
> > I made a try and I have the impression I have to start with 
> > USER and PASS commands, even if I am alredy loged throught 
> > ssh, which is in itself not a big problem. The problem I 
> > noticed is with the PASS command qpopper complains about 
> > accessing the password
> >  file and die and the connection is broken.
> 
> I'm not quite sute what you're trying to accomplish, and I have a couple of
> theories on why this fails.  Why not just create a tunnel through SSH to
> access a QPopper running in inetd or as a stand-alone server on the far end?
> 
> -- 
>        Alan W. Rateliff, II        :       RATELIFF.NET
>  Independent Technology Consultant :    alan2@rateliff.net
>       (Office) 850/350-0260        :  (Mobile) 850/559-0100
> -------------------------------------------------------------
> [System Administration][IT Consulting][Computer Sales/Repair]
> 
>  
> 

Date: Fri, 17 Jun 2005 14:57:55 -0400
From: Jean-Bernard dot ADDOR at ras dot eu dot org
Subject: Re: Is it possible to use qpopper with ssh?

Hello,

Thanks for your reply. I am may be a bit too lazy to establish a ssh tunnel at each modem connection, but I am convinced I would find how to make it. That is a good suggestion. I was far to think about different username and password for ssh and pop, in m
y case that is all the same, that is a different situation. Both situations may need different configurations. I would prefer a command to use on the remote server than a tunnel. May be I could find a script to do it, I would prefere to use the same code 
as the regular pop internet server, that would make it esier for the clients. The major problem is that then I start /usr/sbin/in.qpopper through ssh it run with my user permission, not root, so it cannot access the password file.

Have a nice day,

	Jean-Bernard

On Fri, 17 Jun 2005 08:09:48 -0400
Daniel Senie <dts@senie.com> wrote:

> At 04:10 PM 6/16/2005, Jean-Bernard.ADDOR@ras.eu.org wrote:
> >Hello,
> >
> >Is it possible to use qpopper through a ssh connection ? Like:
> >
> >ssh my.pop.server.net /usr/sbin/in.qpopper
> >
> >I made a try and I have the impression I have to start with USER and PASS 
> >commands, even if I am alredy loged throught ssh, which is in itself not a 
> >big problem. The problem I noticed is with the PASS command qpopper 
> >complains about accessing the password
> >  file and die and the connection is broken.
> >
> >Any suggestion ? Can I do that with qpopper or do I need to compile 
> >another popd, which one ?
> 
> You're configuring a tunnel using SSH for the POP traffic. The POP server 
> software (qpopper) doesn't have any special knowledge of this. To it, the 
> POP session is originating on the end of the SSH tunnel nearest to it. So 
> qpopper would still need username and password.
> 
> This is as it should be anyway, I would think. Consider that you might have 
> multiple POP accounts active on a mail server that you check from your 
> laptop. You could use SSH to establish a tunnel to transport the POP 
> traffic, then check email for the multiple accounts. POP server would need 
> the username and password for each anyway.
> 
> Also consider that in some server configurations, the login name space used 
> by SSH and the mailbox name space used by qpopper might be independent of 
> one another.
> 
> Dan 
> 

Date: Fri, 17 Jun 2005 15:27:32 -0400
From: Jean-Bernard dot ADDOR at ras dot eu dot org
Subject: Re: Is it possible to use qpopper with ssh?

On Fri, 17 Jun 2005 07:56:59 -0700
Ken A <ka@pacific.net> wrote:

> 
> 
> Jean-Bernard.ADDOR@ras.eu.org wrote:
> > Hello,
> > 
> > Is it possible to use qpopper through a ssh connection ? Like:
> > 
> > ssh my.pop.server.net /usr/sbin/in.qpopper
> 
> no. using ssh that way doesn't give you the ability to run interactive 
> commands on the remote host. It would be the same for any daemon that 
> required an interactive session; sendmail, telnet, etc..

I give a more detailed sample of what I did at the end of the message.

> If you really wanted to do this, you could create a perl script that 
> uses Mail::Pop3 to send the contents of a mailbox back using a single 
> command line like:
> "ssh my.pop.server.net /usr/local/bin/getmymail.pl $user $pass $function"
> Function could be something like 'delete 1' or 'list all', etc..
> You could store the passwords on the qpopper server or pass them on the 
> command line - either way is insecure! The script would have to handle 
> all possible responses from qpopper.
> Not sure why this would ever be a good idea...
> 
> Ken

That is a good suggestion, maybe the script allready exists (if you know one such thing, tell it to me, please!) and maybe they are ways to solve the security issues. I would just have prefered to use directly qpopper to do it, just to be sure it have abs
olutly the good behavior for clients.

Have a nice day,

	Jean-Bernard

Example (useless) of qpopper successfully used through a ssh connection

truite:~> ssh ernesto /usr/sbin/in.qpopper
*****@ernesto's password: 
+OK Qpopper (version 4.0.4) at ernesto.ras.eu.org starting.  <13254.1119033758@ernesto.ras.eu.org>
CAPA
+OK Capability list follows
TOP
USER
LOGIN-DELAY 0
EXPIRE 0
UIDL
RESP-CODES
AUTH-RESP-CODE
X-MANGLE
X-MACRO
X-LOCALTIME Fri, 17 Jun 2005 20:42:44 +0200
IMPLEMENTATION Qpopper-version-4.0.4
.
EXIT
-ERR Unknown command: "exit".
QUIT
+OK Pop server at ernesto.ras.eu.org signing off.


Example of qpopper used through a ssh connection: the PASS problem!

truite:~> ssh ernesto /usr/sbin/in.qpopper
*****@ernesto's password: 
+OK Qpopper (version 4.0.4) at ernesto.ras.eu.org starting.  <13461.1119033809@ernesto.ras.eu.org>
USER *****
+OK Password required for *****.
PASS *****
-ERR [AUTH] PAM authentication failed for user "*****": Authentication service cannot retrieve authentication info. (9)
+OK Pop server at ernesto.ras.eu.org signing off.


Example of sendmail used on a remote server using a ssh connection

truite:~> ssh ernesto /usr/sbin/sendmail Jean-Bernard.ADDOR
*****@ernesto's password: 
test ssh

Here I used ctrl-D to terminate the connection, the message has been delivered.

Date: Fri, 17 Jun 2005 13:21:12 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: Is it possible to use qpopper with ssh?



Jean-Bernard.ADDOR@ras.eu.org wrote:
> On Fri, 17 Jun 2005 07:56:59 -0700
> Ken A <ka@pacific.net> wrote:
> 
> 
>>
>>Jean-Bernard.ADDOR@ras.eu.org wrote:
>>
>>>Hello,
>>>
>>>Is it possible to use qpopper through a ssh connection ? Like:
>>>
>>>ssh my.pop.server.net /usr/sbin/in.qpopper
>>
>>no. using ssh that way doesn't give you the ability to run interactive 
>>commands on the remote host. It would be the same for any daemon that 
>>required an interactive session; sendmail, telnet, etc..
> 
> 
> I give a more detailed sample of what I did at the end of the message.


Well, you are correct. I had not tried it, just assumed it wouldn't 
work. Duh.. So how about "ssh my.pop.server.net telnet localhost 110"
Works for me.
Ken


> 
>>If you really wanted to do this, you could create a perl script that 
>>uses Mail::Pop3 to send the contents of a mailbox back using a single 
>>command line like:
>>"ssh my.pop.server.net /usr/local/bin/getmymail.pl $user $pass $function"
>>Function could be something like 'delete 1' or 'list all', etc..
>>You could store the passwords on the qpopper server or pass them on the 
>>command line - either way is insecure! The script would have to handle 
>>all possible responses from qpopper.
>>Not sure why this would ever be a good idea...
>>
>>Ken
> 
> 
> That is a good suggestion, maybe the script allready exists (if you know one such thing, tell it to me, please!) and maybe they are ways to solve the security issues. I would just have prefered to use directly qpopper to do it, just to be sure it hav
bsolutly the good behavior for clients.
> 
> Have a nice day,
> 
> 	Jean-Bernard
> 
> Example (useless) of qpopper successfully used through a ssh connection
> 
> truite:~> ssh ernesto /usr/sbin/in.qpopper
> *****@ernesto's password: 
> +OK Qpopper (version 4.0.4) at ernesto.ras.eu.org starting.  <13254.1119033758@ernesto.ras.eu.org>
> CAPA
> +OK Capability list follows
> TOP
> USER
> LOGIN-DELAY 0
> EXPIRE 0
> UIDL
> RESP-CODES
> AUTH-RESP-CODE
> X-MANGLE
> X-MACRO
> X-LOCALTIME Fri, 17 Jun 2005 20:42:44 +0200
> IMPLEMENTATION Qpopper-version-4.0.4
> .
> EXIT
> -ERR Unknown command: "exit".
> QUIT
> +OK Pop server at ernesto.ras.eu.org signing off.
> 
> 
> Example of qpopper used through a ssh connection: the PASS problem!
> 
> truite:~> ssh ernesto /usr/sbin/in.qpopper
> *****@ernesto's password: 
> +OK Qpopper (version 4.0.4) at ernesto.ras.eu.org starting.  <13461.1119033809@ernesto.ras.eu.org>
> USER *****
> +OK Password required for *****.
> PASS *****
> -ERR [AUTH] PAM authentication failed for user "*****": Authentication service cannot retrieve authentication info. (9)
> +OK Pop server at ernesto.ras.eu.org signing off.
> 
> 
> Example of sendmail used on a remote server using a ssh connection
> 
> truite:~> ssh ernesto /usr/sbin/sendmail Jean-Bernard.ADDOR
> *****@ernesto's password: 
> test ssh
> 
> Here I used ctrl-D to terminate the connection, the message has been delivered.
> 
> 

Date: Fri, 17 Jun 2005 15:28:16 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Invalid cross-device link

The patch seems interesting.  I do have a few questions:

(1) Have you tried enabling cache files?  That eliminates processing 
the spool if no new mail has arrived since the prior mail check, 
which cuts way down on I/O.

(2) A logical extension for cache files is to not throw them out just 
because new mail has arrived, but instead process only the new mail 
and append to the cache.  That should be a big win with users who 
have large spools.  I haven't had the time to make this change, but 
if someone else wanted to, that would be terrific.

(3) Qpopper does have some rudimentary hooks for telling clients the 
minimum mail check interval, but it doesn't enforce it.  This could 
be extended to enforce the limit, perhaps in conjunction with the 
keep-temp-drop option (which keeps the temp drop around so that the 
user's last mail check can be easily determined at any time).

(4) Keep in mind that returning an [AUTH] error should only be done 
if the user's credentials are bad, since it tells the clients to 
throw out the saved password and ask the user to retype it.

(5) I'm puzzled by the desire to return a 'no new messages' error. 
Many clients authenticate and then issue LIST and UIDL.  Is the 
intent to cache these responses and return them without actually 
checking?  Or is the intent to return empty values for each, thus 
telling the client that all mail on the server has been deleted, only 
to have it reappear later?  I'm probably missing something very 
obvious here, so please forgive me.

(6) If the happymail patch were to be intended to be incorporated 
into the standard distribution, I'd like to see it make much less use 
of #ifdef, and use boolean or other option checks instead.  I think 
it makes the code much more maintainable, especially where lots of 
options can get independently selected.  It would also need to run on 
all OS flavors, of course.
-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly-selected tag: ---------------
Finagle's Second Law:
    No matter what the anticipated result, there will always be
    someone eager to (a) misinterpret it, (b) fake it, or (c)
    believe it happened according to his own pet theory.

Date: Fri, 17 Jun 2005 17:08:01 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: Invalid cross-device link

The patch seems interesting.  I do have a few questions:

(1) Have you tried enabling cache files?  That eliminates processing 
the spool if no new mail has arrived since the prior mail check, 
which cuts way down on I/O.

(2) A logical extension for cache files is to not throw them out just 
because new mail has arrived, but instead process only the new mail 
and append to the cache.  That should be a big win with users who 
have large spools.  I haven't had the time to make this change, but 
if someone else wanted to, that would be terrific.

(3) Qpopper does have some rudimentary hooks for telling clients the 
minimum mail check interval, but it doesn't enforce it.  This could 
be extended to enforce the limit, perhaps in conjunction with the 
keep-temp-drop option (which keeps the temp drop around so that the 
user's last mail check can be easily determined at any time).

(4) Keep in mind that returning an [AUTH] error should only be done 
if the user's credentials are bad, since it tells the clients to 
throw out the saved password and ask the user to retype it.

(5) I'm puzzled by the desire to return a 'no new messages' error. 
Many clients authenticate and then issue LIST and UIDL.  Is the 
intent to cache these responses and return them without actually 
checking?  Or is the intent to return empty values for each, thus 
telling the client that all mail on the server has been deleted, only 
to have it reappear later?  I'm probably missing something very 
obvious here, so please forgive me.

(6) If the happymail patch were to be intended to be incorporated 
into the standard distribution, I'd like to see it make much less use 
of #ifdef, and use boolean or other option checks instead.  I think 
it makes the code much more maintainable, especially where lots of 
options can get independently selected.  It would also need to run on 
all OS flavors, of course.
-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly-selected tag: ---------------
Finagle's Second Law:
    No matter what the anticipated result, there will always be
    someone eager to (a) misinterpret it, (b) fake it, or (c)
    believe it happened according to his own pet theory.

Date: Mon, 20 Jun 2005 22:57:35 -0400
From: Jean-Bernard dot ADDOR at ras dot eu dot org
Subject: Re: Is it possible to use qpopper with ssh?

Hello,

Thank you very much, works fine for me too. Is it vulnerable to make a non-ssl connection from the pop server to itself? If needed I could use "ssh my.pop.server.net telnet -z ssl localhost 995".

Have a nice day,

	Jean-Bernard

On Fri, 17 Jun 2005 13:21:12 -0700
Ken A <ka@pacific.net> wrote:

> So how about "ssh my.pop.server.net telnet localhost 110"
> Works for me.
> Ken

Date: Sat, 23 Jul 2005 18:20:43 -0700
From: Roy <garlic at garlic dot com>
Subject: I/O error in SSL.

My round tuit finally arrived so I am trying to build 4.0.8 with TLS/SSL 
support.  I have it build successfully and tested it on my test system.  
So I moved it to the production system and just started the port 995 
version.  If SSL is enabled (-l 2) then I get

I/O Error
Error writing to client

when attempting to download any messages.  If I turn off SSL (no -l) 
then messages download successfully.

Anyone have any ideas on the problem?

Roy

Subject: incoming mail port 110 and 25?
Date: Sat, 30 Jul 2005 17:15:32 -0700 (PDT)
From: jeep at rahul dot net (Jeff Lacki)

Hi, Im new to qpopper.  Im running 4.0.8 on a fedora 3 box.
After figuring most things out I think I have it working,
to the extent that when I email from my off-site ISP to my
fedora box, the incoming email seems to hit port 25, not
110 (as I have it configured to do via xinetd etc).

I thought 110 was the 'standard' pop port?  Can someone
explain this or point me to some docs?

Thanks,
Jeff


Date: Sat, 30 Jul 2005 19:05:15 -0700 (PDT)
From: Gregory Hicks <ghicks at cadence dot com>
Subject: Re: incoming mail port 110 and 25?

> To: Subscribers of Qpopper <qpopper@lists.pensive.org>
> Subject: incoming mail port 110 and 25?
> Date: Sat, 30 Jul 2005 17:15:32 -0700 (PDT)
> From: jeep@rahul.net (Jeff Lacki)
> 
> Hi, Im new to qpopper.  Im running 4.0.8 on a fedora 3 box.
> After figuring most things out I think I have it working,
> to the extent that when I email from my off-site ISP to my
> fedora box, the incoming email seems to hit port 25, not
> 110 (as I have it configured to do via xinetd etc).
> 
> I thought 110 was the 'standard' pop port?  Can someone
> explain this or point me to some docs?

Incoming mail goes to port 25.  Mail destined to go to a MAIL CLIENT 
goes out port 110.  Port 25: server, Port 110 Client.

> 
> Thanks,
> Jeff
> 

---------------------------------------------------------------------
Gregory Hicks                           | Principal Systems Engineer
Cadence Design Systems                  | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1             | Fax:      408.894.3479
San Jose, CA 95134                      | Internet: ghicks@cadence.com

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton


Date: Sat, 30 Jul 2005 22:48:36 -0400 (EDT)
From: Chip Old <fold at bcpl dot net>
Subject: Re: incoming mail port 110 and 25?

On Sat, 30 Jul 2005 17:15 -0700, Jeff Lacki wrote:

> Hi, Im new to qpopper.  Im running 4.0.8 on a fedora 3 box. After 
> figuring most things out I think I have it working, to the extent that 
> when I email from my off-site ISP to my fedora box, the incoming email 
> seems to hit port 25, not 110 (as I have it configured to do via xinetd 
> etc).
>
> I thought 110 was the 'standard' pop port?  Can someone explain this or 
> point me to some docs?

When you send mail to the machine on which your POP3 server is running it 
is the SMTP server software on port 25 that receives it, not the POP3 
server on port 110.  The POP3 server on port 110 is only responsible for 
taking mail from the mail spool and uploading it to a POP3 client on your 
PC (or whatever).  It doesn't receive mail from POP3 clients or from other 
mail servers, nor does it deliver mail to other mail servers.  That is the 
responsibility of the SMTP server on port 25.

-- 
Chip Old (Francis E. Old)             E-Mail:  fold@bcpl.net
BCPL Network Administrator            Phone:   410-887-6180
BCPL.NET Internet Services Manager    FAX:     410-887-2091
320 York Road
Towson, MD 21204-5179  US

Subject: port 25 and port 110 - got it
Date: Sat, 30 Jul 2005 19:51:43 -0700 (PDT)
From: jeep at rahul dot net (Jeff Lacki)


Thanks for all the help.  I get whats going on now. :)

As it turns out I really dont even need qpopper.
Im just going to forward messages via postfix's
virtual_alias table instead.

Thanks again!
Jeff


Date: Wed, 3 Aug 2005 09:37:13 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Re: PAM Authentication - For the record
Re: PAM Authentication - For the record
At 3:01 PM -0500 5/19/05, James Medley wrote:

Hello All: Earlier today I sent the email shown below and thanks to Daniel's advise of comparing the pam.d/pop3 file with other pam.d files, I found a solution. The file qpopper4.0.7/doc/mac said...

Now you need an entry in /etc/pam.d/ for pop3.  Copy the sample pam
configuration file from the 'samples' directory to the '/etc/pam.d'
directory by entering the following commands.  Or skip these commands
and use 'make install' do it for you.
 sudo sh -c 'umask 0077; cp samples/qpopper.pam /etc/pam.d/pop3'

This did not work.

What specific errors did you get?  What did the Qpopper debug trace show?


 I instead copied the file pam.d/imap (which already included pop3) and added the word 'login' on the top line so it reads....

# pop3, imap, smtp, login : auth account password session
auth       required       pam_nologin.so
auth       sufficient     pam_securityserver.so
auth       sufficient     pam_unix.so
auth       required       pam_deny.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_uwtmp.so

I'm glad to say qpopper4.0.7 is up and running on an iMac G5, OS 10.4. Thanks to all, Jim


At 9:00 AM -0500 5/19/05, James Medley wrote:
Hello All: I have installed Qpopper4.0.7 (enable-standalone) on an iMac G5 (OS 10.4). I followed the instructions giving in doc/mac and am having a problem with PAM authentication. I can start qpopper and give my user name but when trying my password I get; PAM authentication failed for user "jmedley" : Authentication failure (7) +OK Pop server at bmt-002.tamu.edu signing off.
Connection closed by foreign host. It acts as if I am using the wrong password. How do I setup users and passwords for qpopper? In the past I just use system prefs 'accounts'. Thanks for the help, Jim

--


-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly-selected tag: ---------------
There are some micro-organisms that exhibit characteristics of
both plants and animals.  When exposed to light they undergo
photosynthesis; and when the lights go out, they turn into
animals.  But then again, don't we all?

Date: Wed, 3 Aug 2005 15:01:15 -0300 (BRT)
From: Luciana Regina Lemos <luciana at model dot iag dot usp dot br>
Subject: remove


Date: Wed, 3 Aug 2005 09:43:16 -0700
From: Randall Gellens <randy at qualcomm dot com>
Subject: Qpopper 4.1a2 available

Qpopper 4.1a2 is available at 
<ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta>.

The full list of changes from one release to the next is on the FTP 
site, at 
<ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/Changes>.

Note that this is an alpha release, and contains all code which has 
gone into the main codeline (/current/) that didn't make it into 4.0.

Everyone is encouraged to play with it, contribute more code, etc.
-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly-selected tag: ---------------
Far out in the uncharted backwaters of the unfashionable end of
the Western Spiral arm of the Galaxy lies a small unregarded
yellow sun.  Orbiting this at a distance of roughly ninety-eight
million miles is an utterly insignificant little blue-green
planet whose ape-descended life forms are so amazingly primitive
that they still think digital watches are a pretty neat idea....
        --Douglas Adams, "The Hitchhiker's Guide to the Galaxy"

Date: Fri, 12 Aug 2005 17:59:25 +0200
From: Martin Kellermann <Kellermann at sk-datentechnik dot com>
Subject: qpopper 4.0.8 + mysql

hi list,

is there a patch for qpopper 4.0.8 to support mysql auth?
what i found is: 
http://www.asteroid-b612.org/software/qpopper-mysql/qpopper-mysql-0.14.patch
but unfortunately it is for version 4.0.5 ...
or, does it work for 4.0.8 ?

i use qpopper for lots of years now....simply wonderful.
but some mysql support would be fine...

thanks for you hints..

MK


Date: Fri, 12 Aug 2005 12:44:35 -0400
From: Daniel Senie <dts at senie dot com>
Subject: Re: qpopper 4.0.8 + mysql

At 11:59 AM 8/12/2005, Martin Kellermann wrote:
>hi list,
>
>is there a patch for qpopper 4.0.8 to support mysql auth?
>what i found is: 
>http://www.asteroid-b612.org/software/qpopper-mysql/qpopper-mysql-0.14.patch
>but unfortunately it is for version 4.0.5 ...
>or, does it work for 4.0.8 ?
>
>i use qpopper for lots of years now....simply wonderful.
>but some mysql support would be fine...
>
>thanks for you hints..

That patch set appears to add more than just mysql. I'd like to have 
a discussion and invite the patch author, preferably on the 
developers list, about integrating such support. I agree it would be 
useful, and would prefer to see the capabilities merged into the 
mainline code once it's been integrated and tested.

Dan 


Date: Fri, 12 Aug 2005 15:36:03 -0700
From: Ken A <ka at pacific dot net>
Subject: Re: qpopper 4.0.8 + mysql

An alternative to patching qpopper is pam_mysql, which works fine with 
4.08. Just configure qpopper --with-pam and setup /etc/pam.d/pop3 to use 
pam_mysql.so. This makes upgrades a bit less painful.

Ken


Martin Kellermann wrote:
> hi list,
> 
> is there a patch for qpopper 4.0.8 to support mysql auth?
> what i found is: 
> http://www.asteroid-b612.org/software/qpopper-mysql/qpopper-mysql-0.14.patch 
> 
> but unfortunately it is for version 4.0.5 ...
> or, does it work for 4.0.8 ?
> 
> i use qpopper for lots of years now....simply wonderful.
> but some mysql support would be fine...
> 
> thanks for you hints..
> 
> MK
> 
> 

Last updated on 12 Aug 2005 by Pensive Mailing List Admin