The following sections cover the integration of the most-used application of any network: electronic mail (or e-mail for short). Because UNIX and "other" operating systems have a very different view of how e-mail should be handled, the Post Office Protocol (POP) was created. This protocol abstracts the details of e-mail to a system-independent level so that anyone who writes a POP client can communicate with a POP server.

Configuring a POP Server

The POP server you will configure on the sample systems is the freely available qpopper program. This package was originally written at Berkeley but is now maintained by the Eudora division of Qualcomm (www.eudora.com/freeware). If you also need client software for non-UNIX systems, check out the Eudora Light e-mail package also available from Qualcomm. Like qpopper, Eudora Light is available for free. (The Professional version does cost money, however.)

Red Hat has prepared an RPM of this package, which is available on the CD-ROM (qpopper-2.3-1.i386.rpm), or you can fetch it from Red Hat's Web site at ftp://ftp.redhat.com/pub/contrib/i386/qpopper-2.3-1.i386.rpm . To install it, simply run

rpm -i qpopper-2.3-1.i386.rpm

This way, you can install two programs: /usr/sbin/in.qpopper and /usr/sbin/popauth. /usr/sbin/in.qpopper is the actual server program that you will set up to run from inetd. /usr/sbin/popauth is used to configure clients that use APOP authentication.

Configuring in.qpopper

Most of in.qpopper's (from this point on called just qpopper) options are configured at compile time; therefore, you don't have much of a say in how things are done unless you want to compile the package yourself. If you are interested in pursuing that route, you can fetch the complete package from Qualcomm's site at http://www.eudora.com/freeware/servers.html.

The default configuration items are fine for most sites. These defaults are as follows:

• Refusal to retrieve mail for anyone whose UID is below 10 (for example, root).
• Bulletin support in /var/spool/mail/bulletins.
• New users will receive the last bulletin posted.
• Verbose logging to syslog.
• APOP authentication uses /etc/pop.auth (see the section on popauth for details).

To allow qpopper to start from inetd, edit the /etc/inetd.conf file and add the following line:

pop-3     stream    tcp     nowait    root    /usr/sbin/tcpd in.qpopper

Don't forget to send the HUP signal to inetd. You can do so by issuing the following command:

kill -1 `cat /var/run/inetd.pid`

Now you're ready to test the connection. At a command prompt, enter

telnet popserver 110

where popserver is the name of the machine running the qpopper program.

You should get a response similar to the following:

+OK QPOP (version 2.3) at mtx.domain.com starting.

<14508.877059136@mtx.domain.com>

This result means that the POP server has responded and is awaiting an instruction. (Typically, this job is transparently done by the client mail reader.) If you want to test the authentication service, try to log in as yourself and see whether the service registers your current e-mail box. For example, to log in as sshah with the password mars1031, you enter

user sshah

+OK Password required for sshah

pass mars1031

+OK sshah has 5 messages (98031 octets).

quit

+OK Pop server at mtx.domain.com signing off.

The first line, user sshah, tells the POP server that the user for whom it will be checking mail is sshah. The response from the server is an acknowledgment that the user sshah exists and that a password is required to access the mailbox. You can then type pass mars1031, where mars1031 is the password for the sshah user. The server acknowledges the correct password by responding with a statement indicating that five messages are currently in user sshah's mail queue. Because you don't want to actually read the mail this way, you simply enter quit to terminate the session. The server sends a sign-off message and drops the connection.

Although the stock configuration of qpopper is ideal for most sites, you might want to adjust a few command-line parameters. To use a command-line parameter, simply edit your inetd.conf file so that the line invoking the in.qpopper program ends with the parameter you want to pass. For example, if you want to pass -T 10 to the server, your inetd.conf entry would look like this:

pop-3     stream    tcp     nowait    root    /usr/sbin/tcpd in.qpopper -T 10

Don't forget to the send the HUP signal to the inetd program using the following command:

kill -1 `cat /var/run/inetd.pid`

The following parameters are available in in.qpopper:

Using popauth

By default, the POP server sends all passwords in cleartext (not encrypted). If you are security conscious, using cleartext obviously is a bad idea, and a tighter control is needed on authentication. APOP support comes in at this point. APOP is a more security-minded way of authenticating users because the passwords are sent over the network already encrypted. qpopper supports APOP and keeps its APOP database in the /etc/pop.auth database. Because this database is kept in a binary format, you need to manipulate it using the popauth program.

When you installed qpopper, the /etc/pop.auth database was not created. Before you can begin using popauth, you need to initialize the database using the following command:

popauth -init

This command sets up the database and prepares it for further manipulation. popauth accepts the following three parameters to list, delete, and add users to its database:

For example, to add the user sshah to the database, you use the following:

[root@mtx /root]# popauth -user sshah

Changing POP password for sshah.

New password: scrubber

Retype new password: scrubber