-->
Page 125
The following sections cover the integration of the most-used application of any network: electronic mail (or e-mail for short). Because UNIX and "other" operating systems have a very different view of how e-mail should be handled, the Post Office Protocol (POP) was created. This protocol abstracts the details of e-mail to a system-independent level so that anyone who writes a POP client can communicate with a POP server.
The POP server you will configure on the sample systems is the freely available qpopper program. This package was originally written at Berkeley but is now maintained by the Eudora division of Qualcomm (www.eudora.com/freeware). If you also need client software for non-UNIX systems, check out the Eudora Light e-mail package also available from Qualcomm. Like qpopper, Eudora Light is available for free. (The Professional version does cost money, however.)
Red Hat has prepared an RPM of this package, which is available on the CD-ROM (qpopper-2.3-1.i386.rpm), or you can fetch it from Red Hat's Web site at ftp://ftp.redhat.com/pub/contrib/i386/qpopper-2.3-1.i386.rpm . To install it, simply run
rpm -i qpopper-2.3-1.i386.rpm
This way, you can install two programs: /usr/sbin/in.qpopper and /usr/sbin/popauth. /usr/sbin/in.qpopper is the actual server program that you will set up to run from inetd. /usr/sbin/popauth is used to configure clients that use APOP authentication.
Most of in.qpopper's (from this point on called just qpopper) options are configured at compile time; therefore, you don't have much of a say in how things are done unless you want to compile the package yourself. If you are interested in pursuing that route, you can fetch the complete package from Qualcomm's site at http://www.eudora.com/freeware/servers.html.
The default configuration items are fine for most sites. These defaults are as follows:
To allow qpopper to start from inetd, edit the /etc/inetd.conf file and add the following line:
pop-3 stream tcp nowait root /usr/sbin/tcpd in.qpopper
Don't forget to send the HUP signal to inetd. You can do so by issuing the following command:
kill -1 `cat /var/run/inetd.pid`
Page 126
Now you're ready to test the connection. At a command prompt, enter
telnet popserver 110
where popserver is the name of the machine running the qpopper program.
You should get a response similar to the following:
+OK QPOP (version 2.3) at mtx.domain.com starting. <14508.877059136@mtx.domain.com>
This result means that the POP server has responded and is awaiting an instruction. (Typically, this job is transparently done by the client mail reader.) If you want to test the authentication service, try to log in as yourself and see whether the service registers your current e-mail box. For example, to log in as sshah with the password mars1031, you enter
user sshah +OK Password required for sshah pass mars1031 +OK sshah has 5 messages (98031 octets). quit +OK Pop server at mtx.domain.com signing off.
The first line, user sshah, tells the POP server that the user for whom it will be checking mail is sshah. The response from the server is an acknowledgment that the user sshah exists and that a password is required to access the mailbox. You can then type pass mars1031, where mars1031 is the password for the sshah user. The server acknowledges the correct password by responding with a statement indicating that five messages are currently in user sshah's mail queue. Because you don't want to actually read the mail this way, you simply enter quit to terminate the session. The server sends a sign-off message and drops the connection.
Although the stock configuration of qpopper is ideal for most sites, you might want to adjust a few command-line parameters. To use a command-line parameter, simply edit your inetd.conf file so that the line invoking the in.qpopper program ends with the parameter you want to pass. For example, if you want to pass -T 10 to the server, your inetd.conf entry would look like this:
pop-3 stream tcp nowait root /usr/sbin/tcpd in.qpopper -T 10
Don't forget to the send the HUP signal to the inetd program using the following command:
kill -1 `cat /var/run/inetd.pid`
The following parameters are available in in.qpopper:
Parameter | Description |
-d | Enables the debugging messages to be sent to SYSLOG. |
-t <tracefile> | Redirects the debugging information to be sent to <tracefile>, where <tracefile> is a log file on your system. |
Page 127
Parameter | Description |
-s | Enables statistical information about each connection tobe logged to SYSLOG. |
-T <timeout> | Changes the time-out period for connections to <timeout> seconds. You might need to set this parameter to a higher value if your clients are connecting through slow connections (for example, PPP links). |
-b <bulldir> | Specifies what directory to use to hold the bulletins. The default directory is /var/spool/mail/bulletins. |
By default, the POP server sends all passwords in cleartext (not encrypted). If you are security conscious, using cleartext obviously is a bad idea, and a tighter control is needed on authentication. APOP support comes in at this point. APOP is a more security-minded way of authenticating users because the passwords are sent over the network already encrypted. qpopper supports APOP and keeps its APOP database in the /etc/pop.auth database. Because this database is kept in a binary format, you need to manipulate it using the popauth program.
When you installed qpopper, the /etc/pop.auth database was not created. Before you can begin using popauth, you need to initialize the database using the following command:
popauth -init
This command sets up the database and prepares it for further manipulation. popauth accepts the following three parameters to list, delete, and add users to its database:
Parameter | Description |
-list | Displays the existing users in the database by their login names. |
delete <name> | Removes user <name> from the database, where <name> is that user's login. |
-user <name> | Adds the user <name> to the database, where <name> is the user's login. When the parameter is invoked, you are prompted to enter the user's password twice (the second time to verify you typed it in correctly) to enable the entry. |
For example, to add the user sshah to the database, you use the following:
[root@mtx /root]# popauth -user sshah Changing POP password for sshah. New password: scrubber Retype new password: scrubber