denying certain system users from checking for mail

Is there a way with popa3d to do like a deny.users list or
something?  I'm just looking for a way to tighten down
the system, to keep the script kiddies and such from
even getting to an authentication stage in the mail check,
for example when they use the news user, root user, etc.

I want the username to have to be a valid user of the
system, i.e. mail-retrieving user, before it will get
to the authentication stage.

TLD

popa3d and virtual domains

Hi,

As far as I can determine, popa3d (patched with the vname patch) will
support local virtual domains (i.e.  domain:<path>).  Is there a patch
out there that can support external paths?
(i.e. domain:<server>:<port>)?   So instead of popa3d retrieving
mail from a local virtual server,  it goes for another pop server
(by relaying commands coming from and contents going to the
client).

Any clarifications appreciated.

Ed

patch: discarding domain if no virtual domains

Hi,

I'm moving from shared web-hosting to VPS where I'm setting up popa3d.
I want to make the move as seamless for mail users as possible.
The shared hosting uses cPanel software with builtin POP3 server,
there full email address serves as POP3 login, there is also a note:

| If your e-mail client has trouble using a @ sign in the login,
| you can use +, :, or % sign instead.

The users have different localparts of POPable mailboxes, so I needn't
virtual domains in popa3d. It's more convenient without virtual domains
because of the KISS principle and because users can change their passwords
if I specify /usr/bin/passwd as login shell. I want users to be able
to continie to use full email addresses as POP3 logins,
popa3d to just ignore domains in logins and to use localpart as the username.
I wrote and tested a patch http://lena.kiev.ua/popa3d-1.0.2-nonvirtual.diff
It seems to work OK. I also include the same patch below.

Lena

-----

*** pop_auth.c.old	Mon Sep  9 14:07:48 2002
--- pop_auth.c	Thu Apr 10 00:16:05 2008
***************
*** 6,11 ****
--- 6,12 ----
  #include <unistd.h>
  #include <string.h>

Failed or refused to load /var/spool/mail/xxxx

Hello guys,

I'm trying to use the popa3d after some years without work with
mailservers (I was working just with webservers on ISP provider).

I'm using the popa3d-1.0.2-1mdv2007.0 package, the server is UP and
listen on 110/tcp port, the postfix it's working and delivering
messages on /var/spool/mail/user as well.

This is the problem:

$ telnet localhost 110
Trying 127.0.0.1...
Connected to orochimaru (127.0.0.1).
Escape character is '^]'.
+OK
user tiagocruz
+OK
pass 123456
-ERR
Connection closed by foreign host.

And this is the error on log:

Jul 18 00:17:36 orochimaru popa3d[12995]: Authentication passed for
tiagocruz -- [127.0.0.1]
Jul 18 00:17:36 orochimaru popa3d[12995]: Failed or refused to load
/var/spool/mail/tiagocruz

I don't have Idea of how can I solve this problem... someone can help me?

cannot get this to work

Hello everyone I am going to just start off and say I am rather new to linux 
and this is truly my last resort. I have looked everywhere and tried quite a 
bit before asking for help and I appreciate any that you all can provide.

I have been trying for a couple days now to successfully setup this popa3d 
server to receive emails. I am using the basic out of the box openwall 
configurations and I have modified the postfix main.cf file the best I can 
and created a test user. I am able to locally connect and do a STAT w/ no 
problem. I dont know if this is a routing issue or a configuration within 
the postfix config files or not.

I have set my router to forward the traffic on port 110 that comes in on my 
dynamic dns that is managed by my router to the pop server. I have forwarded 
both udp and tcp traffic through iptables.

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 110 -j DNAT --to 
192.168.1.153
iptables          -A forwarding_rule -i $WAN -p tcp --dport 110 -d 
192.168.1.153 -j ACCEPT

and I repeated the above for udp.

I checked my apache server and verified that it is working fine and 
forwarding to another machine successfully. By connecting with a non-local 
ip. However we cannot connect to the pop server via telnet or mail2web on 
that external ip. No traffic showed up heading to port 110 either when I 
looked for traffic on port 110 with wireshark locally.

Again thanks to anyone who can point me in the right direction. If there are 
any resources you all could recommend for me I would appreciate that as 

popa3d-users@...

undefined reference to `crypt'

Suddenly, won't authenticate

Trouble with fetch mail from Gmail

Hi, all!
I wanted to receive ALL of my e-mails from Gmail every time when I run
fetchmail.
Fetchmail script has follow content :

set postmaster root
set no bouncemail
set no spambounce
set logfile "****"
poll "pop.gmail.com" proto POP3 timeout 100 no uidl no envelope user
"goownway@..." password "****" smtpname "<local address>"
smtphost "127.0.0.1" fetchall  keep  fetchlimit 10 ssl

I tryed to said not use UIDL - "no uidl" - but I could received only
new message.
Log example is (in Gmail box was 5 e-mails):

.2 querying pop.gmail.com (protocol POP3) at Wed 07 Jun 2006 12:10:07
PM EEST: poll started
fetchmail: Issuer Organization: Equifax
fetchmail: Unknown Issuer CommonName
fetchmail: Server CommonName: pop.gmail.com
fetchmail: pop.gmail.com key fingerprint:
59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4
fetchmail: POP3< +OK Gpop ready for requests from 82.144.198.127
c1pf554873ugf
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< USER
fetchmail: POP3< RESP-CODES
fetchmail: POP3< EXPIRE 0
fetchmail: POP3< LOGIN-DELAY 300
fetchmail: POP3< X-GOOGLE-VERHOEVEN
fetchmail: POP3< UIDL
fetchmail: POP3< .
fetchmail: POP3> USER goownway@...
fetchmail: POP3< +OK send PASS
fetchmail: POP3> PASS *
fetchmail: POP3< +OK Welcome.
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for goownway@... at pop.gmail.com
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Farewell.
fetchmail: 6.3.2 querying pop.gmail.com (protocol POP3) at Wed 07 Jun
2006 12:10:09 PM EEST: poll completed
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL)
fetchmail: Deleting fetchids file.
fetchmail: normal termination, status 1
fetchmail: Deleting fetchids file.

Will anybody what I can do? Probably change fetchmail script or change
Gmail settings? Another suggestions?
Thanks!

pop-before-smtp on Linux...

For years, I have been using the pop-before-smtp patch for popa3d on
FreeBSD.

I have a linux server (Redhat Enterprise 4.0) now that I wish to do this on.
I have been unable to compile either 0.6.4 or 1.0 with the pop-before-smtp
patch. Here are the errors I get:

gcc -Wall -O2 -fomit-frame-pointer -DPOPB4SMTP -DVALIDTIME=600 -c pop_db.c
pop_db.c: In function `write_db_entry':
pop_db.c:60: warning: implicit declaration of function `dbopen'
pop_db.c:60: warning: assignment makes pointer from integer without a cast
pop_db.c:65: error: too few arguments to function
pop_db.c:70: warning: implicit declaration of function `flock'
pop_db.c:80: warning: passing arg 2 of pointer to function from incompatible
pointer type
pop_db.c:80: error: too few arguments to function
pop_db.c:84: error: structure has no member named `seq'
pop_db.c:84: error: `R_FIRST' undeclared (first use in this function)
pop_db.c:84: error: (Each undeclared identifier is reported only once
pop_db.c:84: error: for each function it appears in.)
pop_db.c:91: warning: passing arg 2 of pointer to function from incompatible
pointer type
pop_db.c:91: error: too few arguments to function
pop_db.c:94: error: structure has no member named `seq'
pop_db.c:97: error: structure has no member named `seq'
pop_db.c:97: error: `R_NEXT' undeclared (first use in this function)
pop_db.c:103: error: too few arguments to function
make: *** [pop_db.o] Error 1

The write_db_entry function is from the pop-before-smtp patch. I am not a C
person, so I need some help here. I imagine others have gotten this to work
under Linux. I really hate to do the old method of running a perl scripts
which manually takes IP's from log and puts them into a popauth.db hash.

Thanks in advance.

John Von Essen
Systems Administrator
ATX Communications
(610) 755-4389

Re: [owl-users] ldap / pam / tcb / popa3d / maildir

On Tue, 04 Oct 2005 20:08:03 +0400
Michael Tokarev <mjt@...> wrote:

> > - recompile glibc to include nscd and attach an init script.
> 
> Why do you need nscd?

Hello Michael,

for cacheing - just in case the directory service isn't up. 
To keep a small time window where mail services still work.
Well, its my intention. Extensive tests will follow.

> 
> > So far, all went OK. My users are all on a directory server. For 
> > that i build openldap and nss/pam stuff for ldap.
> 
> Are you sure you want your users to be system accounts?
> I mean, instead of tweaking system-wide settings (nsswitch.conf
> etc) and enabling ldap there, you can use ldap for email only,
> tweaking postfix and pop3 configs.  Mind you, almost every
> network-aware user storage (ldap, sql, etc) is inherently
> insecure - it's very difficult to set it up properly so that
> security level will be acceptable.

Don't misunderstand me, i'm aware of that. They exists a lot of
ways for mailsetups. Especially in conjunction with ldap services.
Indeed i agree with you.

> > My primary focus is popa3d and not suing. For that i didn't 
> > try to customize pam.d/su for ldap users (cause i also think its 
> > to entangled with tcb) but i compiled popa3d with Maildir support
> > and 
> > 
> > #define AUTH_SHADOW                   1
> > #define AUTH_PAM_USERPASS             0
> > #define USE_LIBPAM_USERPASS           0
> > #undef MAIL_SPOOL_PATH
> > #define HOME_MAILBOX_NAME             "Maildir"
> > 
...
> > I tried a couple different configuration of pop3ad 
> > but no one works. I have no more ideas. What do you say ?
> 
> Yes.
> At least, don't use nsswitch for auth. Use pam.

Thats the point. popa3d compiled with AUTH_PAM and pam.d/popa3d
like this 

auth       required     /lib/security/pam_ldap.so
account    required     /lib/security/pam_ldap.so
password   required     /lib/security/pam_deny.so
session    required     /lib/security/pam_deny.so

don't want to work. Maybe some one in popa3d list
had some experiences ?

> 
> And, don't use system accounts for your mail users.
> Postfix's virtual(8) delivery agent together with
> virtual_mailbox_maps out of ldap (with single uid
> or single uid per mail address), plus something
> similar for popd using pam.  May work.  YMMV.

Many thanks for your suggestions.

Stanislav