Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  QMAIL-POPUP (8)


qmail-popup - read a POP username and password




qmail-popup hostname subprogram


qmail-popup reads a POP username and password from the network. It then runs subprogram.

qmail-popup typically from tcpserver as

sslserver 0 pop3 qmail-popup CHANGEME checkpassword qmail-pop3d Maildir

with CHANGEME replaced by the fully qualified domain name of the local host.

qmail-popup expects descriptor 0 to read from the network and descriptor 1 to write to the network. It reads a username and password from descriptor 0 in POP’s USER-PASS style or APOP style. File descriptor 5 is used to provide additional logging. It invokes subprogram, with the same descriptors 0 and 1; descriptor 2 writing to the network; and descriptor 3 reading the username, a 0 byte, the password, another 0 byte, an APOP timestamp derived from hostname, and a final 0 byte. qmail-popup then waits for subprogram to finish. It prints an error message if subprogram crashes or exits nonzero.

qmail-popup has a 20-minute idle timeout.


qmail-popup supports both username/password and APOP authentication. This latter is invoked, once the environment variable POP3AUTH=’apop’ or POP3AUTH=’+apop’ is provided. In this case, you need to provide a APOP-capable PAM, eg. checkpassword.

qmail-popup should be used only within a secure network. Otherwise an eavesdropper can steal passwords. Even if you use APOP, an active attacker can still take over the connection and wreak havoc.


qmail-popup can be adviced to work on a TLS encrypted connection.

At first, using sslserver instead of tcpserver and binding qmail-popup, qmail-pop3d on (in particular) the POP3S port 995 provides mandatory TLS encryption.

Second, in case you provide the environment variable UCSPITLS=’’ together with sslserver, qmail-popup communicates with the sslserver program interface through a control socket, a reading and a writing pipe created dynamically during the session start after announcing STLS to the client, thus allowing TLS encryption on request. In case UCSPITLS=’!’ is set, STLS is required; while setting UCSPITLS=’-’ disables STLS.


qmail-popup provides logging of accepted and rejected POP3 sessions using about the same format as qmail-smtpd. The authentication mechanism is indicated via User in case the userid/password method was used, and Apop if APOP challenge/response was applicable. The communication protocol may be either POP3 or POP3S for of a STLS/POP3S secured connection. The username provided for authentication is displayed after the sequence ’?=’. In case qmail-popup is setup requiring STLS by means of UCSPITLS=’!’ the log displays ’Any’ as auth method and ’unknown’ as username.

The log is available on file descriptor 5. In order to display the result use the redirection ’5>&1’.

qmail-popup is based on a program contributed by Russ Nelson.


maildir(5), qmail-local(8), qmail-pop3d(8)
Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.