The "Logout user=???" message indicates that the client gave a POP3 QUIT command without ever logging in.
If you are not seeing any "Login failed" or "Login disabled" error messages, that means that the client never attempted to log in. I suspect that your pre-existing ipop3d build was one which permitted password logins in an unencrypted session (meaning every bad guy in the world can sniff passwords). By default, ipop3d no longer permits use of password-type authentication unless the session is encrypt. Try running the two copies of ipop3d under the shell. To each one, do a CAPA command. Let me know what the results are. That will show if my guess is correct. If it is, then the reason why your mail clients are working is that they are using encryption (either SSL or TLS), but your webmail is not. You then have two choices: 1) fix your webmail to use encryption. 2) break ipop3d to allow insecure logins, and accept that every so often your system is going to be hacked. Not surprisingly, I recommend choice (1). -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
