Randall Gellens | 1 Mar 01:52 2003

Re: Qpopper + SSL + Eudora

At 4:24 PM +0100 2/18/03, Remy Zandwijk wrote:

>  Hi list.
>
>  I installed Qpopper 4.0.4, running as standalone binary. SSL is enabled
>  and is working correct when users use Outlook. However, when my users
>  use Eudora (V5.1) and the have choosen to use STLS, it appears there is
>  no mail in the spool for them. When disabling STLS, there is mail.
>
>  The logfile reports 'possible probe for account...' and 'TLS shutdown error'.
>
>  What causes this behaviour?

There is an incompatibility between the TLS/SSL libraries used in 
Eudora and recent OpenSSL changes.  Try using the latest Qpopper 
4.0.5b version, and set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS in your 
Qpopper configuration file; for example, in the file add 'set 
tls-options = 0x00000800'
--

-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly-selected tag: ---------------
Whenever people agree with me I always feel I must be wrong.
                                              --Oscar Wilde

Randall Gellens | 1 Mar 03:21 2003

Re: using qpopper as secure front end "POP proxy" for MS Exchange

At 11:39 AM -0700 2/27/03, scott wrote:

>  understands the POP protocol and does bounds-checking on commands 
> and parameters

You could use fetchmail and Qpopper.  Set up fetchmail to 
periodically fetch mail for the target users from the Exchange server 
and deposit the mail into a spool on the DMZ server.  Tell it to not 
delete the mail, just fetch new messages.  Then users can connect in 
and get at their mail.  Downside: when they get back, all their mail 
will still be there.
--

-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly-selected tag: ---------------
The nice thing about standards is that there are so many of
them to choose from.                  --Andrew S. Tanenbaum

qpopper-request | 1 Mar 09:00 2003

Qpopper Monthly Help File

         M O N T H L Y   Q P O P P E R   L I S T   H E L P

This is a routine monthly reminder of how to unsubscribe or use other
list commands.

First off, when you subscribe to a mailing list, you almost always get
a first message from the list admin telling you about the mailing list,
and explaining how to unsubscribe.  It is always a good idea to keep
these messages, since you never know when you will need to unsubscribe.
This is particularly useful when you change email addresses, because it
is difficult to unsubscribe from a list after you have a different
mailing address.

Every message sent by the list includes headers that you can just click
on to subscribe, unsubscribe, get help, or see the archives (if the
list has archives).

If you have tried this method, and the mailing list software won't let
you unsubscribe, it is probably because your address has changed.  In 
this case, please send a message to 
<mailto:listmaster <at> lists.pensive.org> stating which list (or lists) 
you want to unsubscribe from, and what you think your previous address
was.  There is a human (me) who will then try to take care of your 
request, often within a few days.

The list server in use (called AutoShare), offers several options which
you can set for yourself.  These options affect how the list sends you
messages.

The available options are:
(Continue reading)

Roman Gavrilov | 2 Mar 17:57 2003

qpopper ssl/tls

Is it possible to run qpopper with ssl as non privileged user i.e root ?

--

-- 
-----------------------------------------------------------------------------
 Roman Gavrilov                           
 Aduva Inc., Web Development Services.    
 work +972-3-7534373 mobile +972-54-834668
 romio <at> aduva.com, romio <at> netvision.net.il

Chuck Yerkes | 2 Mar 18:30 2003

Re: qpopper ssl/tls

Quoting Roman Gavrilov (romio <at> il.aduva.com):
> Is it possible to run qpopper with ssl as non privileged user i.e root ?

qpopper needs to be able to read all the mail files.
Root does that.

Gregory Hicks | 2 Mar 18:55 2003
Picon

Re: qpopper ssl/tls

> Date: Sun, 2 Mar 2003 12:30:44 -0500
> From: Chuck Yerkes <chuck+qpopper <at> yerkes.com>
> To: Subscribers of Qpopper <qpopper <at> lists.pensive.org>
> Subject: Re: qpopper ssl/tls
> 
> Quoting Roman Gavrilov (romio <at> il.aduva.com):
> > Is it possible to run qpopper with ssl as non privileged user i.e 
root ?
> 
> qpopper needs to be able to read all the mail files.
> Root does that.

Good reason, but not the right one...  (*I* think...)

qpopper doesn't real ALL the mail files, just one.  qpopper needs to be
able to assume the identity of the user that wants to download the
mail.  This "...assume the identity of..." is why root...  Although
since the user has to provide their password, this might not be the
right reason...

My own thoughts, possibly wrong, but ...

Regards,
Gregory Hicks
---------------------------------------------------------------------
Never attribute to malice that which is adequately explained by
ignorance or stupidity.

Asking the wrong questions is the leading cause of wrong answers

(Continue reading)

Alan Brown | 2 Mar 19:31 2003

Re: qpopper ssl/tls

On Sun, 2 Mar 2003, Gregory Hicks wrote:

> Good reason, but not the right one...  (*I* think...)

You're right, it isn't.

> qpopper doesn't real ALL the mail files, just one.  qpopper needs to be
> able to assume the identity of the user that wants to download the
> mail.

Which is why Qpopper switches to the ID of that user and drops all
privileges after authentication. If it didn't, permissions in the mail
spool directories wouldn't be as critical as they are - root can do
anything.

The REAL reason qpopper has to run as root is that it binds to a port
(or ports) under 1024 - which requires root privileges, and must be able
to switch to the user ID logging in after authentication.

It might be possible to run as root, bind to the port, then drop
privileges and then switch to the login UserID later, but some systems
will prevent switching userids from low privilege accounts and this
would require an authentication interface (which is there in some
systems, but not all) instead of direct access to /etc/shadow.

When running out of inetd, Qpopper only runs as root long enough to
verify passwords... :-)

Homer Wilson Smith | 3 Mar 02:07 2003

Re: QPOPPER SENDMAIL/PROCMAIL: AND NFS

> On Wed, 26 Feb 2003, Kenneth Porter wrote:
>
> > That sounds backwards. Have all mail delivered to a hub, which then
> > delivers it to multiple machines running POP3 and IMAP services.
> >
> > Perhaps you could post info explaining your motivation for wanting such a
> > beast?

    Not sure who this was directed at but since I posted the original
request here is our situation.

    sendmail and qpopper exist on same machine.

    The machine is being flooded by spam etc driving load
high.  This affects perceived responsiveness of popper.

    I would like to spread the incoming mail load across many
incoming mail servers, and yet have all of it go to one pop server
since the demands of reading mail are insignificant compared to
the demands of dealing with incoming connections and filtering
the spam.

    Maybe I got this backwards, maybe 100's of sendmail's driving my load
to 40 and a few poppers driving it to 1 or 2 is my mis configuration error
:)

    POint is that most incoming e-mail is spam and cpu and connection
resources dealing with the spammers and their spam is many times what
is necessary to read the valid e-mail that is finally delivered to
quiet and well behaved mailboxes.
(Continue reading)

Homer Wilson Smith | 3 Mar 02:07 2003

Re: QPOPPER SENDMAIL/PROCMAIL: AND NFS

> On Wed, 26 Feb 2003, Kenneth Porter wrote:
>
> > That sounds backwards. Have all mail delivered to a hub, which then
> > delivers it to multiple machines running POP3 and IMAP services.
> >
> > Perhaps you could post info explaining your motivation for wanting such a
> > beast?

    Not sure who this was directed at but since I posted the original
request here is our situation.

    sendmail and qpopper exist on same machine.

    The machine is being flooded by spam etc driving load
high.  This affects perceived responsiveness of popper.

    I would like to spread the incoming mail load across many
incoming mail servers, and yet have all of it go to one pop server
since the demands of reading mail are insignificant compared to
the demands of dealing with incoming connections and filtering
the spam.

    Maybe I got this backwards, maybe 100's of sendmail's driving my load
to 40 and a few poppers driving it to 1 or 2 is my mis configuration error
:)

    POint is that most incoming e-mail is spam and cpu and connection
resources dealing with the spammers and their spam is many times what
is necessary to read the valid e-mail that is finally delivered to
quiet and well behaved mailboxes.
(Continue reading)

Homer Wilson Smith | 3 Mar 02:12 2003

Re: QPOPPER SENDMAIL/PROCMAIL: AND NFS

> > That sounds backwards. Have all mail delivered to a hub, which then
> > delivers it to multiple machines running POP3 and IMAP services.
> >
> > Perhaps you could post info explaining your motivation for wanting such a
> > beast?
>
> High Availability pop3 access springs to mind.
>
> There are proabbly better ways though.

    Well I am certainly open to suggestions.

    The spam is causing war time conditions here.  We haven't been
able to concentrate on filtering the spam because there is so
much coming in we can't even deal with the number of connections
hitting on the server.

    Homer

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail


Gmane