POP Server - Password management
I apologize for being slightly off topic. The qmail server is also my pop server. (RH 7.1) I'd like to give my users the ability to manage their own passwords (IMO, a sysadmin shouldn't know his/her users passwords). In truth, its a switched network, so I'm not too worried about sniffing, but it will probably have to be a web based solution. Recommendations?
Re: pop server
-Original Message- From: PUB: Peter van Dijk [mailto:[EMAIL PROTECTED]] Sent: Miércoles 6 de Junio de 2001 20:09 To: qmail list Subject: Re: pop server [snip] PD: I'm not using Maildir You should! Which are the advantages to use Maildir instead of Mailbox? What about mail clients mail readers (mutt, elm pine, etc) using Maildir? --yapedu/xgnu
Re: pop server
* GARGIULO Eduardo INGDESI [EMAIL PROTECTED] [010607 14:05]: PD: I'm not using Maildir You should! Which are the advantages to use Maildir instead of Mailbox? [http://cr.yp.to/proto/maildir.html] What about mail clients mail readers (mutt, elm pine, etc) using Maildir? mutt == yes, natively elm == who knows?! (does anyone actually use elm anymore?! ;-) pine == yes, with specific patches Another excellent bet is to use IMAP (Courier-IMAP, e.g.) and automatically allow all IMAP-aware clients to work. /pg -- Peter Green : Architekton Internet Services, LLC : [EMAIL PROTECTED] --- For mad scientists who keep brains in jars, here's a tip: why not add a slice of lemon to each jar, for freshness? (Jack Handey)
RE: pop server
What about mail clients mail readers (mutt, elm pine, etc) using Maildir? --yapedu/xgnu Mutt plays well with Maildirs. Good mutt. --joshua.
pop server
is there any pop server for qmail better than qpopper 4.0? --yapedu
Re: pop server
On Wed, Jun 06, 2001 at 10:43:55AM -0300, GARGIULO Eduardo INGDESI wrote: is there any pop server for qmail better than qpopper 4.0? qmail-pop3d, ofcourse. Greetz, Peter.
Re: pop server
GARGIULO Eduardo INGDESI [EMAIL PROTECTED] wrote: is there any pop server for qmail better than qpopper 4.0? qmail includes qmail-pop3d, which does everything I need it to. What is your criteria for better? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: pop server
qmail-pop3d? comes with qmail, only works for ./Maildir/ what could be better? -Original Message- From: GARGIULO Eduardo INGDESI [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 06, 2001 9:44 AM To: qmail list Subject: pop server is there any pop server for qmail better than qpopper 4.0? --yapedu
Re: pop server
On Wed, Jun 06, 2001 at 10:43:55AM -0300, GARGIULO Eduardo INGDESI wrote: is there any pop server for qmail better than qpopper 4.0? A pop3d daemon comes with qmail. The FAQ[1] describes how to install it. Jörgen [1] http://cr.yp.to/qmail/faq.html
RE: pop server
How does vpopmail compare? -Original Message- From: Peter van Dijk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 06, 2001 9:08 AM To: qmail list Subject: Re: pop server On Wed, Jun 06, 2001 at 10:43:55AM -0300, GARGIULO Eduardo INGDESI wrote: is there any pop server for qmail better than qpopper 4.0? qmail-pop3d, ofcourse. Greetz, Peter.
Re: pop server
Virginia Chism [EMAIL PROTECTED] wrote: is there any pop server for qmail better than qpopper 4.0? qmail-pop3d, ofcourse. How does vpopmail compare? Not positive on this, but I belive vpopmail uses qmail-pop3d to provide POP3 access, just like vmailmgr does. The only part that changes between a single domain qmail-pop3d setup and a multiple virtual domains setup is the checkpassword used to do authentication. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: pop server
qmail includes qmail-pop3d, which does everything I need it to. What is your criteria for better? I said better in terms of performance. I was using sendmail/qpopper from several years ago and last month I switch to qmail and (thanks god ;-) it's working ok. I'd read in the list several messages talking about pop servers but nobody named qpopper, so I was asking for a good reason to change qpopper. do you think qmail-pop3d is a good choice? PD: I'm not using Maildir PD2: Sorry for my english! --yapedu/xgnu
Re: pop server
GARGIULO Eduardo INGDESI [EMAIL PROTECTED] wrote: I was using sendmail/qpopper from several years ago and last month I switch to qmail and (thanks god ;-) it's working ok. I'd read in the list several messages talking about pop servers but nobody named qpopper, so I was asking for a good reason to change qpopper. do you think qmail-pop3d is a good choice? For me, yes. For you, no -- qmail-pop3d supports _only_ Maildir. PD2: Sorry for my english! Your English is fine, except I think you mean P.S. instead of PD. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: pop server
On Wed, Jun 06, 2001 at 02:17:33PM -0300, GARGIULO Eduardo INGDESI wrote: [snip] PD: I'm not using Maildir You should! Greetz, Peter.
Re[2]: pop server setting passed/available in checkpoppasswd ?
Hello Peter, Wednesday, February 07, 2001, 6:13:40 AM, you wrote: On Fri, Feb 02, 2001 at 02:44:54AM -0600, David Hasbrouck wrote: [snip] The way we see this being done is to read in the POP3 server name during the checkpoppasswd program and look in that directory for the corresponding password file. What do you mean by 'the POP3 server name'? In the email program, you enter mail.yourdomain.com or yourdomain.com as the POP3/Incoming Email setting to retrieve emails. I am trying to find a way to get that setting in order to break up the password file better, allowing the same "pop username" (ie: webmaster) across multiple domains. Thanks. Best regards, Davidmailto:[EMAIL PROTECTED]
Re: pop server setting passed/available in checkpoppasswd ?
On Wed, Feb 07, 2001 at 01:46:55PM -0600, David Hasbrouck wrote: [snip] In the email program, you enter mail.yourdomain.com or yourdomain.com as the POP3/Incoming Email setting to retrieve emails. I am trying to find a way to get that setting in order to break up the password file better, allowing the same "pop username" (ie: webmaster) across multiple domains. You can find out what IP they're connecting to, and what name you have assigned as a reverse to that IP in your own DNS. Nothing more. Greetz, Peter.
pop server setting passed/available in checkpoppasswd ?
Hello, Am working on setting up qmail on our servers for our clients to use. Everything seems to be working very well and much cleaner than what sendmail did :-) Anyways, trying to do a few changes in the POP3 part of the system. We would like to allow, for example, the pop account of "webmaster" to be setup by multiple domains. The way we see this being done is to read in the POP3 server name during the checkpoppasswd program and look in that directory for the corresponding password file. But, we haven't found a way to read in that POP3 server setting. Only the username and password passed. Is there a variable that would be storing this POP3 server setting (the server setting the email client is setup with) in checkpoppasswd? If not, is there a way to pass this from the qmail-popup with minor modifications? Thanks for any ideas regarding this. Best regards, David mailto:[EMAIL PROTECTED]
Problem authenticating to POP server
I am running Open BSD 2.8 and Qmail. I am calling SMTP and POP using TCPServer with the ff script: if [ -x /usr/local/bin/tcpserver ]; then echo -n ' Qmail-SMTP'; /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 7791 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd \ 21 | /var/qmail/bin/splogger smtpd 3 fi if [ -x /usr/local/bin/tcpserver ]; then echo -n ' Qmail-POP'; /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-popu p geek.infinitymalls.com \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir fi My problem is I cannot authenticate using POP. I get an "authorization failed" error message. When I used Inetd to call POP, I am able to authenticate without any problems. Any ideas?
Pop server
Date: Tue, 07 Nov 2000 12:07:08 -0700 To: [EMAIL PROTECTED] From: Travis Turner [EMAIL PROTECTED] To All, Over the last month I have been trying to configure Qmail for the office mail server. As of now I am half way there, meaning that all the SMTP and relay controls are in place. What I am having a difficult time doing is making the pop portion work. Right now I have this huge script in the /etc/inetd.conf file and I do not know if it is right. I also have run out of ideas on where to look for the problem. A few questions that have been bothering me are 1.) where is the best place to put the mailboxes under a RedHat distribution? 2.) Where do you specify that location so the pop server knows where to find it. 3.)what is the best (easiest to configure) program for running pop mail. 4.) What is the best way to set up Pop3 accounts and passwords under the above program that can be easily accessible from outside computers/networks. I appreciate all the help. Sincerely, Travis Turner Information Technology Manager Applied Integration Corporation Tucson, Arizona U.S.A. Phone (520) 743-3095 Fax (520) 623-1683
RE: Pop server
hi, so many questions, and there could be so many different answers too... just two hints the handmade way: Single-UID based POP3 box HOWTO By Paul Gregg http://www.tibus.net/pgregg/projects/qmail/single-uid-howto.txt the automated way: vpopmail http://www.inter7.com/vchkpw/ (there is a handy webinterface too) ;) a -Original Message- From: Travis Turner [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 07, 2000 8:14 PM To: [EMAIL PROTECTED] Subject: Pop server Date: Tue, 07 Nov 2000 12:07:08 -0700 To: [EMAIL PROTECTED] From: Travis Turner [EMAIL PROTECTED] To All, Over the last month I have been trying to configure Qmail for the office mail server. As of now I am half way there, meaning that all the SMTP and relay controls are in place. What I am having a difficult time doing is making the pop portion work. Right now I have this huge script in the /etc/inetd.conf file and I do not know if it is right. I also have run out of ideas on where to look for the problem. A few questions that have been bothering me are 1.) where is the best place to put the mailboxes under a RedHat distribution? 2.) Where do you specify that location so the pop server knows where to find it. 3.)what is the best (easiest to configure) program for running pop mail. 4.) What is the best way to set up Pop3 accounts and passwords under the above program that can be easily accessible from outside computers/networks. I appreciate all the help. Sincerely, Travis Turner Information Technology Manager Applied Integration Corporation Tucson, Arizona U.S.A. Phone (520) 743-3095 Fax (520) 623-1683
Re: Re[4]: The most secure POP server
"clemensF" [EMAIL PROTECTED] writes: Scott Gifford: to use apop, germanynet (calisto) barked, thay would not change their entire setup for just one customer, when i asked them for apop. i dared to ask only because their greeting looks like an apop prompt, and it even changes on every dialup... so much for technical competence. They probably don't store plaintext passwords, which would make it impossible to support your request. Not a matter of technical competence as much as system design. that i don't understand. i can get my password anytime from any provider, just askin', maybe answering "secret questions". what makes you think they don't store plaintext-passwords? Just a guess; if the provider that won't provide APOP can provide you with plaintext passwords, then I don't know what their excuse is. :) -ScottG.
Re: Re[4]: The most secure POP server
Scott Gifford: Just a guess; if the provider that won't provide APOP can provide you with plaintext passwords, then I don't know what their excuse is. well i told you mom! first they asked what apop is and when i explained it and hinted i'd want it -- pause -- and then they said they would not change their setup just for me! :( clemens
Re: Re[4]: The most secure POP server
Scott Gifford: to use apop, germanynet (calisto) barked, thay would not change their entire setup for just one customer, when i asked them for apop. i dared to ask only because their greeting looks like an apop prompt, and it even changes on every dialup... so much for technical competence. They probably don't store plaintext passwords, which would make it impossible to support your request. Not a matter of technical competence as much as system design. that i don't understand. i can get my password anytime from any provider, just askin', maybe answering "secret questions". what makes you think they don't store plaintext-passwords? clemens
Re: Re[2]: The most secure POP server
Gabriel Ambuehl [EMAIL PROTECTED] writes: It works exactly the same as SSL and IMAP. You can encapsulate any TCP connection in an SSL tunnel. This includes IMAP, POP3, telnet, or even ssh or another SSL session, although the last two are pretty pointless. May anyone explain me what sense a SSL tunnel for POP3 does have (I've been wondering about that for long...)? [ ... ] To protect the POP password. -ScottG.
Re[4]: The most secure POP server
Hello Scott, Monday, July 03, 2000, 5:54:00 PM, you wrote: May anyone explain me what sense a SSL tunnel for POP3 does have (I've been wondering about that for long...)? [ ... ] To protect the POP password. But wouldn't it be way easier to just use APOP? Or does that one have its own security implications? Best regards, Gabriel
Re: Re[4]: The most secure POP server
Gabriel Ambuehl [EMAIL PROTECTED] writes: Hello Scott, Monday, July 03, 2000, 5:54:00 PM, you wrote: May anyone explain me what sense a SSL tunnel for POP3 does have (I've been wondering about that for long...)? [ ... ] To protect the POP password. But wouldn't it be way easier to just use APOP? Or does that one have its own security implications? The only particularly nasty implication of using APOP are that it requires that the server have the password stored in plaintext. The security aspect of that is that if somebody can steal the password file from a system, they have direct access to all accounts, compared to storing one-way hashes of passwords, which would make them run crack first and they still wouldn't get well-chosen passwords. The maintainability aspect is that standard UNIX passwords aren't stored in plaintext, so you can't use APOP to authenticate against a standard UNIX passwd file. POP over SSL solves both of these, by making no changes to the POP protocol, but just encrypting the whole session. I haven't looked at APOP in awhile, and if what I've said is wrong, I know that nobody on the list will hesititate to correct me. :) -ScottG.
Re: Re[4]: The most secure POP server
Scott Gifford writes: Gabriel Ambuehl [EMAIL PROTECTED] writes: Hello Scott, Monday, July 03, 2000, 5:54:00 PM, you wrote: May anyone explain me what sense a SSL tunnel for POP3 does have (I've been wondering about that for long...)? [ ... ] To protect the POP password. But wouldn't it be way easier to just use APOP? Or does that one have its own security implications? The only particularly nasty implication of using APOP are that it requires that the server have the password stored in plaintext. The security aspect of that is that if somebody can steal the password file from a system, they have direct access to all accounts, compared to storing one-way hashes of passwords, which would make them run crack first and they still wouldn't get well-chosen passwords. The maintainability aspect is that standard UNIX passwords aren't stored in plaintext, so you can't use APOP to authenticate against a standard UNIX passwd file. The APOP password only controls access to the e-mail POP account. It DOES NOT have anything to do with a UNIX login account! In fact, if you allow both shell and pop access, snooping the POP password gives you the shell password, whereas you can set a single APOP password that gives access to e-mail and has absolutely nothing to do with shell access. Thus, in spite of (or because of) the clear-text APOP password storage on the server, you cannot compromise anything except e-mail by discovering the APOP password. POP over SSL solves both of these, by making no changes to the POP protocol, but just encrypting the whole session. SSL for e-mail (especially POP) is extreme overkill, causing untold client and server configuration difficulties for little or no effect, seeing as SMTP is unencrypted... /Joe
Re: Re[4]: The most secure POP server
Scott Gifford: The only particularly nasty implication of using APOP are that it requires that the server have the password stored in plaintext. The most mail-servers that i, as a simple leafnode fetching private mail, care for has my password(s) stored in plaintext somewhere anyway, so that i can loose it it and have them retrieve it for me. this "service" is offered by every mailhost, but at least nobody could sniff it off the line, which is a little more secure than pop3's plain ascii transmission. POP over SSL solves both of these, by making no changes to the POP protocol, but just encrypting the whole session. i've checked around here in germany: isp's offer pop3 access plus web access. with freenet (mobile) i just had to change my fetchmailrc to use apop, germanynet (calisto) barked, thay would not change their entire setup for just one customer, when i asked them for apop. i dared to ask only because their greeting looks like an apop prompt, and it even changes on every dialup... so much for technical competence. clemens
Re: Re[4]: The most secure POP server
"clemensF" [EMAIL PROTECTED] writes: Scott Gifford: [ ... ] POP over SSL solves both of these, by making no changes to the POP protocol, but just encrypting the whole session. i've checked around here in germany: isp's offer pop3 access plus web access. with freenet (mobile) i just had to change my fetchmailrc to use apop, germanynet (calisto) barked, thay would not change their entire setup for just one customer, when i asked them for apop. i dared to ask only because their greeting looks like an apop prompt, and it even changes on every dialup... so much for technical competence. They probably don't store plaintext passwords, which would make it impossible to support your request. Not a matter of technical competence as much as system design. -ScottG.
Re: The most secure POP server
"Brett Randall" [EMAIL PROTECTED] writes: Ok, here's the deal: qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP passwords are sent in cleartext and are not encrypted. They can be viewed by people snooping a connection (although this is not as easy as it sounds). A way of fixing this insecurity is to use SSL, [...] As long as you're only concerned about the password and not about the security of the message content itself you can also do APOP, but this is an issue with checkpassword and not qmail-pop3d itself. Many of our users, including myself, prefer APOP. If I want a secure message body I use PGP. -t
Re: The most secure POP server
On Sun, Jul 02, 2000 at 01:23:20PM +1000, Brett Randall wrote: } Ok, here's the deal: } } qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP } passwords are sent in cleartext and are not encrypted. Yes, but if you use APOP, the password goes out in the clear but is useless afterwards. Any client I can think of, including Eudora on my Newton (which can't use SSL), supports APOP, and so does qmail-pop3d with the appropriate checkpassword replacement. } They can be viewed by } people snooping a connection (although this is not as easy as it sounds). A } way of fixing this insecurity is to use SSL, an option many POP3 clients } (including most Microsoft ones, and Netscape, AFAIK) offer (in Advanced } options usually). They perform the POP3 operations over the Secure Socket } Layer (that is SSL), however this requires quite some config which I } personally have never done before, but I have heard of people doing it. It's simple using something like stunnel. } } Look into it } } Brett } } Manager } InterPlanetary Solutions } http://ipsware.com/ } } -- Paul J. Schinder NASA Goddard Space Flight Center [EMAIL PROTECTED]
Re: The most secure POP server
On Sun, Jul 02, 2000 at 08:37:03AM -0400, [EMAIL PROTECTED] wrote: On Sun, Jul 02, 2000 at 01:23:20PM +1000, Brett Randall wrote: } Ok, here's the deal: } } qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP } passwords are sent in cleartext and are not encrypted. Yes, but if you use APOP, the password goes out in the clear but is useless afterwards. Any client I can think of, including Eudora on my Newton (which can't use SSL), supports APOP, and so does qmail-pop3d with the appropriate checkpassword replacement. The password does not go out in the clear at all. Your statement is based on a misconception. APOP authentication is secure from sniffers, they won't be able to learn anything from your APOP command, except by bruteforcing. Bruteforcing sniffed non-cleartext data applies to any authentication technique except one-time-pads. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:ircoper]
Re[2]: The most secure POP server
It works exactly the same as SSL and IMAP. You can encapsulate any TCP connection in an SSL tunnel. This includes IMAP, POP3, telnet, or even ssh or another SSL session, although the last two are pretty pointless. May anyone explain me what sense a SSL tunnel for POP3 does have (I've been wondering about that for long...)? I mean as long as SMTP isn't encrypted the message already WAS unencrypted on the net so why should I encrypt anything beside the password of the user which can be done using APOP. As already said, if anyone wants to secure the content of its mails, he will have to use PGP! Best regards, Gabriel
Re: Re[2]: The most secure POP server
On Sun, Jul 02, 2000 at 07:38:30PM +0200, Gabriel Ambuehl wrote: May anyone explain me what sense a SSL tunnel for POP3 does have (I've been wondering about that for long...)? I mean as long as SMTP isn't encrypted the message already WAS unencrypted on the net so why should I encrypt anything beside the password of the user which can be done using APOP. As already said, if anyone wants to secure the content of its mails, he will have to use PGP! As long as all users on a mail server are either behind the same firewall as the server or connecting with TLS (both SMTP and POP/IMAP) then local mail on that server can be regarded secure. IE for extranet purposes, there is a point. -Johan -- Johan Almqvist
Re: The most secure POP server
amir: How do you plan on using SSL with POP? I know that SSL and IMAP work nicely together, but SSL and POP, never heard about that... maybe some SSL proxying techniques??? APOP is the variant with challenging secrets. clemens
Re: The most secure POP server
[EMAIL PROTECTED]: Yes, but if you use APOP, the password goes out in the clear but is useless afterwards. Any client I can think of, including Eudora on my no, apop challenges the client which has to respond with an encrypted version of the password thus verifiable at the server. you can reuse that password as often as you like, but the challenge string and the answer will change each time. clemens
The most secure POP server
Hi , I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . Roberto Samarone Araujo
Re: The most secure POP server
At 10:58 PM 7/1/00 -0300, RSA wrote: Hi , I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . how' bout qmail-pop3d ?
RE: The most secure POP server
I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . how' bout qmail-pop3d ? I was thinking of suggesting that one but it isn't very secure... Brett ManagerInterPlanetary Solutionshttp://ipsware.com/
RE: The most secure POP server
At 11:59 AM 7/2/00 +1000, Brett Randall wrote: I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . how' bout qmail-pop3d ? I was thinking of suggesting that one but it isn't very secure... can you give the explanation why qmail-pop3d is not secure ? Should then we combined SSL with POP ? to make it more secure ?
RE: The most secure POP server
Irwan Hadi [EMAIL PROTECTED] wrote: At 11:59 AM 7/2/00 +1000, Brett Randall wrote: I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . how' bout qmail-pop3d ? I was thinking of suggesting that one but it isn't very secure... can you give the explanation why qmail-pop3d is not secure ? Should then we combined SSL with POP ? to make it more secure ? I think he meant that passwords will be sent in cleartext over the network w/o encryption. This is actually a problem with the POP protocol. But, qmail-pop3d is secure. How do you plan on using SSL with POP? I know that SSL and IMAP work nicely together, but SSL and POP, never heard about that... maybe some SSL proxying techniques??? Amir InfoTeen.com - email, chat, message boards, and much more. Go to http://www.infoteen.com
RE: The most secure POP server
I thought that qmail-pop3d still passed it's passwords in the clear??? If it does and the server is not inside a firewall anyone outside could snoop your connection requests etc... Irwan Hadi [EMAIL PROTECTED] wrote: At 11:59 AM 7/2/00 +1000, Brett Randall wrote: I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . how' bout qmail-pop3d ? I was thinking of suggesting that one but it isn't very secure... can you give the explanation why qmail-pop3d is not secure ? Should then we combined SSL with POP ? to make it more secure ? I think he meant that passwords will be sent in cleartext over the network w/o encryption. This is actually a problem with the POP protocol. But, qmail-pop3d is secure. How do you plan on using SSL with POP? I know that SSL and IMAP work nicely together, but SSL and POP, never heard about that... maybe some SSL proxying techniques??? Amir InfoTeen.com - email, chat, message boards, and much more. Go to http://www.infoteen.com
Re: The most secure POP server
On Sat, Jul 01, 2000 at 08:34:18PM -0600, Irwan Hadi wrote: At 11:59 AM 7/2/00 +1000, Brett Randall wrote: I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . how' bout qmail-pop3d ? I was thinking of suggesting that one but it isn't very secure... can you give the explanation why qmail-pop3d is not secure ? Should then we combined SSL with POP ? to make it more secure ? The poster said that qmail-pop3d is insecure, not the POP3 protocol. I, for one, would like to see him elucidate or defend his statement. --Adam
RE: The most secure POP server
Ok, here's the deal: qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP passwords are sent in cleartext and are not encrypted. They can be viewed by people snooping a connection (although this is not as easy as it sounds). A way of fixing this insecurity is to use SSL, an option many POP3 clients (including most Microsoft ones, and Netscape, AFAIK) offer (in Advanced options usually). They perform the POP3 operations over the Secure Socket Layer (that is SSL), however this requires quite some config which I personally have never done before, but I have heard of people doing it. Look into it Brett ManagerInterPlanetary Solutionshttp://ipsware.com/
Re: The most secure POP server
On Sun, Jul 02, 2000 at 02:56:18AM +, amir wrote: How do you plan on using SSL with POP? I know that SSL and IMAP work nicely together, but SSL and POP, never heard about that... maybe some SSL proxying techniques??? It works exactly the same as SSL and IMAP. You can encapsulate any TCP connection in an SSL tunnel. This includes IMAP, POP3, telnet, or even ssh or another SSL session, although the last two are pretty pointless. Some servers have built in support for SSL, or you can tack it on yourself. I use a program called sslwrap in conjuction with qmail-pop3. I believe another freely available program is called stunnel(?). When proxying like this typically you restrict connections to port 110 to localhost, and then sslwrap (or whatever) proxies between an open port 995 (the port assigned for pop3s) and the protected port 110. Brian
Re: The most secure POP server
On Sun, Jul 02, 2000 at 01:23:20PM +1000, Brett Randall wrote: Ok, here's the deal: qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP passwords are sent in cleartext and are not encrypted. They can be viewed by people snooping a connection (although this is not as easy as it sounds). A way of fixing this insecurity is to use SSL, an option many POP3 clients (including most Microsoft ones, and Netscape, AFAIK) offer (in Advanced options usually). They perform the POP3 operations over the Secure Socket Layer (that is SSL), however this requires quite some config which I personally have never done before, but I have heard of people doing it. Nice cover. So when you said "I was thinking of suggesting THAT ONE but IT isn't very secure", you were actually talking about the POP3 protocol and not qmail-pop3d specifically? If that's the case then why did you reply at all, and in such an ambiguous way? You certainly didn't answer the poster's question. --Adam
Re: The most secure POP server
On Sat, Jul 01, 2000 at 10:58:17PM -0300, Roberto Samarone Araújo (RSA) wrote: Hi , I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . Roberto Samarone Araujo Robert, Your best bet is qmail-pop3d+vpopmail which will enable you to give your customers pop3 accounts without actually giving them accounts on your UNIX system. If the passwords and mail are passing over the internet, you could wrap the pop3 service with sslwrap or stunnel, two popular packages which will wrap any service with SSL. --Adam
Re: The most secure POP server
Brian D. Winters wrote: It works exactly the same as SSL and IMAP. You can encapsulate any TCP connection in an SSL tunnel. This includes IMAP, POP3, telnet, or even ssh or another SSL session, although the last two are pretty pointless. Some servers have built in support for SSL, or you can tack it on yourself. I use a program called sslwrap in conjuction with qmail-pop3. I believe another freely available program is called stunnel(?). When proxying like this typically you restrict connections to port 110 to localhost, and then sslwrap (or whatever) proxies between an open port 995 (the port assigned for pop3s) and the protected port 110. This is no longer the preferred way to do it, see RFC 2595 (not yet a standard, but it's on its way). This RFC defines a STLS POP3 command which initiates TLS (essentially a new and fancy name for SSL, TLSv1 is almost identical to SSLv3) communication. A similar command (STARTTLS) is defined for IMAP. The definition for accomplishing the same thing over SMTP (using the STARTTLS command) is provided in RFC 2487. qmail can be made to support TLS in accordance with RFC 2487 by applying a patch at http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch . To my knowledge, at this time, no such patch can be applied to add RFC 2595 support to qmail-pop3d. Such a project would be harder to accomplish because of the more modular nature of qmail-pop3d: qmail-popup and qmail-pop3d both interact with the client over the network. This is something I've been thinking about, and if I ever get a chance, something I'd like to try to attack. Mark -- Do not reply directly to this e-mail address -- Mark Mentovai UNIX Engineer Gillette Global Network
RE: The most secure POP server
Nice cover. So when you said "I was thinking of suggesting THAT ONE but IT isn't very secure", you were actually talking about the POP3 protocol and not qmail-pop3d specifically? If that's the case then why did you reply at all, and in such an ambiguous way? You certainly didn't answer the poster's question. Well yeah, but I wanted to see what would come of it. SSL I have never used and it never came to mind until someone mentioned it. I was just making a statement in general about standard use of qmail-pop3d. Anyway, thanks for clarification : Brett Manager InterPlanetary Solutions http://ipsware.com/ http://ipsware.com/
Re: The most secure POP server
From: Brett Randall [EMAIL PROTECTED] I was thinking of suggesting that one but it isn't very secure... Ah, these guys can't take a joke :) However, again we find ourselves with the language problem. When Roberto Samarone Araujo says "secure", possibly he is associating the word "secure" in a diferent context from English. In fact, the Portuguese word "seguro" has a meaning more related to "stable" than to "secure". In Spanish, I think "seguro" means "sure". Quite different, isn't it? So, Roberto, I suggest that you take Adam McKenna suggestion and use qmail-pop3d. I'm not so sure about vpopmail, tough: depending on your installation, possibly the added complexity of vpopmail will result in less "estabilidade" e "segurança" that a straight qmail install. Armando
POP Server keeps dying.
My pop server keeps dying. I only have 5 users on my system. Why would this be happening ? I am looking at the logs for hours but I do not get any information from them. I am running my pop server like this: /usr/local/bin/tcpserver 0 110 /var/qmail/bin/qmail-popup mymail.server.com \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir Anyone know where I can begin to look for this problem ?? Is there a program that can check my qmail-config for errors ? thanks !
POP Server keeps stopping.
Hi all of a sudden my POP server keeps quitting every 20 mins or so. I am constantly looking at /var/log/qmail*/* but I dont get any messages on the server dying or anything like that. How would I debug this problem ? Anyone know what could be the cause offhand ?? I am running tcpserver-initscripts-3-3 rpm. It was working for about 5 months till now. Could it be a permissions problem with a recently added user ?? Is there a script that I can run to check my qmail config file rather than manually going through them 1 by 1 to check permissions and the like ?? Im running it like this from my startup: /usr/local/bin/tcpserver 0 110 /var/qmail/bin/qmail-popup mail.domain.com \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir thanks in advance !
Re: POP Server keeps stopping.
blue: Could it be a permissions problem with a recently added user ?? Is there a script that I can run to check my qmail config file rather than manually going through them 1 by 1 to check permissions and the like ?? the configuration i don't know about, but the qmail-general-setup can be checked with queue-fix (see archives). clemens
Re: BACKUP POP SERVER
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date:Mon, 15 May 2000 16:43:17 CDT To: Jhun Hubac [EMAIL PROTECTED] cc: [EMAIL PROTECTED] From:"David L. Nicol" [EMAIL PROTECTED] Subject: Re: BACKUP POP SERVER [snip] I don't see what is saved by this arrangement, over having all the users connect directly to the machine with the mailboxes: all you gain is complexity and additional possible points of failure. NFS isn't free, those packets need to get read off the disk and written to the LAN just the same as if the MUA connects directly. In this specific case, your statement appears to be true, but in a different case, you may have an improvement. You can make your NFS "server" a distributed cluster of machines, and take a single point of failure out of the picture (assuming that your have multiple network paths, etc, etc). See the EMC Celera (sp) as an example. My $.01 (too cheep for $.02 :) Brian -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5ISkMhVyYyj3CTLMRArvLAKCF4wicgKjm1upLq0AQmtC2Wux5cACglSYp QrOaRSC0TIn1A87h4ksPFIY= =n4u1 -END PGP SIGNATURE-
Re: BACKUP POP SERVER
Make sure you have round-robin turned on in your DNS, assuming that both POP servers have the same name. If that doesn't work, bother half your users and have them change their settings to point to the second machine. I don't see what is saved by this arrangement, over having all the users connect directly to the machine with the mailboxes: all you gain is complexity and additional possible points of failure. NFS isn't free, those packets need to get read off the disk and written to the LAN just the same as if the MUA connects directly. Jhun Hubac wrote: Hi! Is there a way that I can back-up my pop server? I'm using qmail for my two servers (both have SMTP POP3 service). No problem of having redundant SMTP servers but it seems that the MUA (clients) are polling on only 1 of the two servers. I'm using NIS/NFS to distribute information between the two, so their home directories are on a different LINUX machine and the accounts are based on a NIS master. Is there a work-around for this? -- David Nicol 816.235.1187 [EMAIL PROTECTED] drawn to the speed and performance
BACKUP POP SERVER
Hi! Is there a way that I can back-up my pop server? I'm using qmail for my two servers (both have SMTP POP3 service). No problem of having redundant SMTP servers but it seems that the MUA (clients) are polling on only 1 of the two servers. I'm using NIS/NFS to distribute information between the two, so their home directories are on a different LINUX machine and the accounts are based on a NIS master. Is there a work-around for this?
can't telnet to pop server
Hi, How to determine whether my pop server is running or not. I have tried to telnet to 127.0.0.1 110...and I got the connection refused. Then, I went for ps -aux, and i don't see any pop server running. Thus, i have already put pop server startup srcipt in /var/qmail/rc according to life with qmail. i put the following into /var/qmail/rc: tcpserver -v -R 0 pop-3 /var/qmail/bin/qmail-popup pop.sourcesfinder.com \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 21 | \ /var/qmail/bin/splogger pop3d And i have installed the checkpassword and tcpserver utitilities and working properly., my host name is space1.sourcesfinder.com, and using redhat 6.0. Thank You mark
Re: can't telnet to pop server
Mark Lo wrote: Hi, How to determine whether my pop server is running or not. I have tried to telnet to 127.0.0.1 110...and I got the connection refused. Then, I went for ps -aux, and i don't see any pop server running. Thus, i have already put pop server startup srcipt in /var/qmail/rc according to life with qmail. i put the following into /var/qmail/rc: tcpserver -v -R 0 pop-3 /var/qmail/bin/qmail-popup pop.sourcesfinder.com \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 21 | \ /var/qmail/bin/splogger pop3d And i have installed the checkpassword and tcpserver utitilities and working properly., my host name is space1.sourcesfinder.com, and using redhat 6.0. Thank You mark Try typing netstat -ta , it will show every service listening for a connection. The only thing that should be in the /var/qmail/rc is the qmail-start command and etc. Look in /var/qmail/boot for examples. Your pop3d and smtpd should be started from your local scripts or placed where your previous ones were started from. They would be in /etc/rc.d . Later, Dale
Running supervised pop server?
Hello, I'm currently running qmail-pop3d under tcpserver (til yesterday, it run under inetd) and as it crashedtoday just one hour after a reboot, I'd like to let it run some kind of supervised. tcpserver is start in /var/qmail/rc but what do I have to do in order to get the supervision? TIA Gabriel Best regards, Gabriel
Re: Running supervised pop server?
Gabriel Ambuehl [EMAIL PROTECTED] wrote: I'm currently running qmail-pop3d under tcpserver (til yesterday, it run under inetd) and as it crashedtoday just one hour after a reboot, I'd like to let it run some kind of supervised. tcpserver is start in /var/qmail/rc but what do I have to do in order to get the supervision? Look at how qmail-smtpd is handled in "Life with qmail", and do the same thing for qmail-pop3d: http://Web.InfoAve.Net/~dsill/lwq.html#start-qmail -Dave
Almost there (pop server)
Hi again. I almost have my setup as I would like it. I have used vpopmail to add popaccounts for my users. I have checked the popserver and connected to it remotely. All is well. I can use qmail as a relay if I use my equipment to dial in. The only problem is that when I send emails to the users I have added the mails do not arrive at their correct destination. I have looked in /var/log/maillog and there is no error message by the actual email. Can anyone suggest what may be wrong or how I could trace this? CHeers, -- Marek Narkiewicz, Webmaster Intercreations Reply to -marek @ intercreations . com- "Ticking away, the moments that make up a dull day" Pink Floyd Time
Pop Server
I am having some difficulty starting my pop server. Could someone give me an example of what type of syntax they use to start the qmail pop service? Regards Vivian Lal
Re: Pop Server
On Mon, Sep 20, 1999 at 09:09:04PM +1000, Qmail-User wrote: tcpserver -RHlmy.host.name 0 110 /usr/local/qmail/bin/qmail-popup \ my.host.name /usr/local/bin/checkpassword \ /usr/local/qmail/bin/qmail-pop3d Maildir Replace my.host.name with your host's name, and change the path to the programs to /var/qmail. That's where you most likely installed qmail. I am having some difficulty starting my pop server. Could someone give me an example of what type of syntax they use to start the qmail pop service? Regards Vivian Lal -- See complete headers for more info
Re: pop server crashing nightly
On Fri, 4 Jun 1999, wrote: Hello, Ever night since I sent up my qmail pop server it has crashed sometime during the night. There is no/very little traffic on the machine and the machine did not reboot during the nights. The startup scripts in rc work fine. I'm running linux redhat 5.2. Has anyone experienced anything like this? Because I cannot get logging working with pop, I have no information from the server itself. BTW, if tcpserver/qmail can log to syslog, why can't tcpserver/pop3d? Because of the lack of logging and its instability on my machine I'm thinking of using qpopper instead. Is qpopper a good alternative? You can also run tcpserver under supervise from Dan's daemontools package: supervise -r /var/qmail/etc/run/pop3d \ tcpserver -u 0 -g 0 -c 40 -v -R \ -x /var/qmail/etc/run/pop3d/rules.cdb 0 pop3\ /var/qmail/bin/qmail-popup quasar.cdn.telstra.com.au\ /pkgs/bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 21 \ | splogger pop3 Then, if tcpserver does die during the night, it will be automatically restarted by supervise. tcpserver output is verbose and is logged to syslogd, all messages will be tagged with the string pop3. If you don't want to log to syslog, use accustamp and cyclog from the daemontool's package. supervise -r /var/qmail/etc/run/pop3d \ tcpserver -u 0 -g 0 -c 40 -v -R \ -x /var/qmail/etc/run/pop3d/rules.cdb 0 pop3\ /var/qmail/bin/qmail-popup quasar.cdn.telstra.com.au\ /pkgs/bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 21 \ | accustamp | cyclog /var/log/pop3 Regards Peter -- Peter Samuel[EMAIL PROTECTED] Technical Consultantor at present: eServ. Pty Ltd [EMAIL PROTECTED] Phone: +61 2 9206 3410 Fax: +61 2 9281 1301 "If you kill all your unhappy customers, you'll only have happy ones left"
pop server crashing nightly
Hello, Ever night since I sent up my qmail pop server it has crashed sometime during the night. There is no/very little traffic on the machine and the machine did not reboot during the nights. The startup scripts in rc work fine. I'm running linux redhat 5.2. Has anyone experienced anything like this? Because I cannot get logging working with pop, I have no information from the server itself. BTW, if tcpserver/qmail can log to syslog, why can't tcpserver/pop3d? Because of the lack of logging and its instability on my machine I'm thinking of using qpopper instead. Is qpopper a good alternative? Thanks, Mark
Re: pop server crashing nightly
On Fri, Jun 04, 1999 at 08:37:33AM -0400, [EMAIL PROTECTED] wrote: Ever night since I sent up my qmail pop server it has crashed sometime during the night. There is no/very little traffic on the machine and the machine did not reboot during the nights. The startup scripts in rc work fine. I'm running linux redhat 5.2. Has anyone experienced anything like this? Because I cannot get logging working with pop, I have no information from the server itself. BTW, if tcpserver/qmail can log to syslog, why can't tcpserver/pop3d? Because of the lack of logging and its Sure it can. Just pipe the stderr of tcpserver to "logger", which is a program available on many unix system to do logging at a chosen facility and tag, something like: tcpserver -v -. qmail-pop3d Maildir 21 | logger -t mail.info instability on my machine I'm thinking of using qpopper instead. Is qpopper a good alternative? qpopper is too slow, in my opinion, because it makes a copy of the mailbox before it serves mail, and also it needs to start from inetd. Consider cucipop instead: very fast, small and has some nifty little features. -- System Administrator See complete headers for address, homepage and phone numbers
Re: POP server IP address
On Fri, 14 May 1999, Fred Backman wrote: Hi, I have a mail server with a couple of virtual IPs set up and I want to modify qmail's pop server so that it can tell which one of the IP interfaces the remote user is connecting to. As an example of what I want to achieve in the end, if a remote user is connecting to port 110, the pop server will be able to add "Connection from remote ip to local ip." just wrap it. Since I haven't got many users, I wrap it with a small shell script, which has available to it the various tcpserver environment variables. "echo $TCPREMOTEIP logfile" will do the trick. If you've got more users, write a tiny c program to wrap it. Is there a somewhat easy way to do this? I'm not afraid to dig deep into the source code. Currently running v1.00. Please note that I am _not_ interested in solutions where the format of the pop username is similar to "user@domain"! All which is required is normal user and password. Thanks a lot, Fred -- "Life is much too important to be taken seriously." Thomas Erskine[EMAIL PROTECTED](613) 998-2836
POP server IP address
Hi, I have a mail server with a couple of virtual IPs set up and I want to modify qmail's pop server so that it can tell which one of the IP interfaces the remote user is connecting to. As an example of what I want to achieve in the end, if a remote user is connecting to port 110, the pop server will be able to add "Connection from remote ip to local ip." Is there a somewhat easy way to do this? I'm not afraid to dig deep into the source code. Currently running v1.00. Please note that I am _not_ interested in solutions where the format of the pop username is similar to "user@domain"! All which is required is normal user and password. Thanks a lot, Fred
pop server Help Please
I am having the hardest time trying to figure out how to make my Linux system a mail server.. It surely can not be that hard but I can not find what I am looking for... Tell you what I am going to do (or want to do).. I live in a small town and I have a dedicated line to the internet... All I want to do is let a few of my friends dial my system to access the internet plus get E-Mail.. Now I know no Linux is the shit but this seems way to difficult for something so simple.. If anybody could please direct me into the right direction I would be most grateful Thank you Jason
Re: Qmail as a pop server
On Fri, Feb 05, 1999 at 09:10:04AM -0800, Glaza, Lorenz wrote: I just setup qmail on my server and I want to use it as a pop server for my friends. I can pop all the mail I want from my server, but I am unable to send mail from a pop client like Eudora. I get a message, "we do not relay" from the server as a response to sending mail. I can't figure out why this is. Does anyone have any ideas? Could it have to do with control files? If it's saying literally, "we do not relay," then you're not talking to qmail. qmail doesn't give out that message. If what it's really saying is, "sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)," see ftp://koobera.math.uic.edu/www/qmail/faq/servers.html#authorized-relay. Chris
Re: Qmail as a pop server
Chris Johnson wrote: If it's saying literally, "we do not relay," then you're not talking to qmail. qmail doesn't give out that message. Can I make it give such a message, or preferrably, a message of my own design such as "I spit on scum like you"? -- Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] at| [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] dot| [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]