GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  QMAIL-POPUP (8)

NAME

qmail-popup - read a POP username and password

CONTENTS

Synopsis
Description

SYNOPSIS

qmail-popup hostname subprogram

DESCRIPTION

qmail-popup reads a POP username and password from the network. It then runs subprogram.

qmail-popup typically from tcpserver as

sslserver 0 pop3 qmail-popup CHANGEME checkpassword qmail-pop3d Maildir

with CHANGEME replaced by the fully qualified domain name of the local host.

qmail-popup expects descriptor 0 to read from the network and descriptor 1 to write to the network. It reads a username and password from descriptor 0 in POP’s USER-PASS style or APOP style. File descriptor 5 is used to provide additional logging. It invokes subprogram, with the same descriptors 0 and 1; descriptor 2 writing to the network; and descriptor 3 reading the username, a 0 byte, the password, another 0 byte, an APOP timestamp derived from hostname, and a final 0 byte. qmail-popup then waits for subprogram to finish. It prints an error message if subprogram crashes or exits nonzero.

qmail-popup has a 20-minute idle timeout.

AUTHENTICATION

qmail-popup supports both username/password and APOP authentication. This latter is invoked, once the environment variable POP3AUTH=’apop’ or POP3AUTH=’+apop’ is provided. In this case, you need to provide a APOP-capable PAM, eg. checkpassword.

qmail-popup should be used only within a secure network. Otherwise an eavesdropper can steal passwords. Even if you use APOP, an active attacker can still take over the connection and wreak havoc.

STLS/POP3S SUPPORT

qmail-popup can be adviced to work on a TLS encrypted connection.

At first, using sslserver instead of tcpserver and binding qmail-popup, qmail-pop3d on (in particular) the POP3S port 995 provides mandatory TLS encryption.

Second, in case you provide the environment variable UCSPITLS=’’ together with sslserver, qmail-popup communicates with the sslserver program interface through a control socket, a reading and a writing pipe created dynamically during the session start after announcing STLS to the client, thus allowing TLS encryption on request. In case UCSPITLS=’!’ is set, STLS is required; while setting UCSPITLS=’-’ disables STLS.

LOGGING

qmail-popup provides logging of accepted and rejected POP3 sessions using about the same format as qmail-smtpd. The authentication mechanism is indicated via User in case the userid/password method was used, and Apop if APOP challenge/response was applicable. The communication protocol may be either POP3 or POP3S for of a STLS/POP3S secured connection. The username provided for authentication is displayed after the sequence ’?=’. In case qmail-popup is setup requiring STLS by means of UCSPITLS=’!’ the log displays ’Any’ as auth method and ’unknown’ as username.

The log is available on file descriptor 5. In order to display the result use the redirection ’5>&1’.

qmail-popup is based on a program contributed by Russ Nelson.

SEE ALSO

maildir(5), qmail-local(8), qmail-pop3d(8)
Search for    or go to Top of page |  Section 8 |  Main Index


QMAIL-POPUP (8) -->

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.