Manual Reference Pages - QMAIL-POPUP (8)
qmail-popup - read a POP username and password
qmail-popup reads a POP username and password from the network.
It then runs
qmail-popup typically from
sslserver 0 pop3 qmail-popup CHANGEME checkpassword qmail-pop3d Maildir
replaced by the fully qualified domain name of the local host.
qmail-popup expects descriptor 0 to read from the network
and descriptor 1 to write to the network.
It reads a username and password from descriptor 0
in POPs USER-PASS style or APOP style.
File descriptor 5 is used to provide additional logging.
subprogram, with the same descriptors 0 and 1;
descriptor 2 writing to the network;
and descriptor 3 reading the username, a 0 byte, the password,
another 0 byte,
an APOP timestamp derived from
hostname, and a final 0 byte.
qmail-popup then waits for
subprogram to finish.
It prints an error message if
subprogram crashes or exits nonzero.
qmail-popup has a 20-minute idle timeout.
qmail-popup supports both username/password and APOP authentication.
This latter is invoked, once the
POP3AUTH=+apop is provided.
In this case, you need to provide a
APOP-capable PAM, eg.
qmail-popup should be used only within a secure network.
Otherwise an eavesdropper can steal passwords.
Even if you use APOP,
an active attacker can still take over the connection
and wreak havoc.
qmail-popup can be adviced to work on a TLS encrypted connection.
At first, using
sslserver instead of
tcpserver and binding
qmail-pop3d on (in particular) the POP3S port
995 provides mandatory TLS encryption.
Second, in case you provide
the environment variable
UCSPITLS= together with
qmail-popup communicates with the
sslserver program interface through a control socket,
a reading and a writing pipe created dynamically
during the session start after announcing
STLS to the client, thus allowing TLS encryption on request.
UCSPITLS=! is set, STLS is required; while setting
UCSPITLS=- disables STLS.
qmail-popup provides logging of accepted and rejected POP3 sessions
using about the same format as
qmail-smtpd. The authentication mechanism is indicated via
User in case the userid/password method was used, and
Apop if APOP challenge/response was applicable.
The communication protocol may be either
POP3S for of a STLS/POP3S secured connection.
username provided for authentication is displayed after the
?=. In case
qmail-popup is setup requiring STLS by means of
UCSPITLS=! the log displays Any as auth method
and unknown as username.
The log is available on file descriptor 5.
In order to display the result use the redirection 5>&1.
qmail-popup is based on a program contributed by Russ Nelson.
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.