13.2 Starting the Pop Server

Setting up the POP server is similar to setting up the qmail SMTP server.

13.2.1 Prerequisite Packages

The POP server depends on the daemontools and ucspi-tcp packages. If you've set up qmail as described in Chapter 3, these tools are already installed and available. You also need a checkpassword package. If you want to use the same passwords that you use for shell logins, the standard checkpassword package at http://cr.yp.to/checkpwd.html will do the trick. The checkpassword section of www.qmail.org has a long list of other versions to handle virtual domains, retrieve passwords from databases, support multiple mailboxes per user, and other options. The discussion here presumes that you're using the standard version, but the component design of the POP server means that you can substitute your own version without changing the rest of the setup.

13.2.2 Directories

Two directories need to be created: one that contains the scripts and data files used to run the POP server, and the directory that will contain the log files. (You can put these directories anywhere you want, but the following names are chosen to match the names used in the widely used "Life With Qmail" setup.)

As root, create the script and data file directories, and the log directory (see Example 13-1).

Example 13-1. Creating the POP server directories

# mkdir /var/qmail/supervise/qmail/pop3d # mkdir /var/qmail/supervise/qmail/pop3d/log # chmod u=rwx,go= /var/qmail/supervise/qmail/pop3d # mkdir /var/qmail/supervise/qmail/pop3d/log # mkdir /var/qmail/supervise/qmail/pop3d/log/main # chown qmaill /var/qmail/supervise/qmail/pop3d/log/main # chmod u=rwx,go= /var/qmail/supervise/qmail/pop3d/log

13.2.3 The Listening Script

Example 13-2 has been purposely written to be as flexible as possible and will work for most situations. It goes into /var/qmail/supervise/qmail-pop3d/run.

Example 13-2. The listening script

 1. #!/bin/sh  2. limit datasize 2m  3. exec                                         \  4.  tcpserver                                   \  5.   -HRv -l pop.example.com                    \  6.   -x /var/qmail/supervise/qmail-pop3d/rules.cdb \  7.   0 110                                      \  8.   /var/qmail/bin/qmail-popup pop.example.com \  9.   checkpassword                              \ 10.   /var/qmail/bin/qmail-pop3d Maildir 2>&1

Once created, the script needs to be made executable with:

# chmod +x /var/qmail/supervise/qmail/pop3d/run

The beginning of this script should be familiar from the SMTP daemon setup, from the exec on line 3 to the rules file on line 6, and the IP address and port number on line 7. (If you want to run the new POP server in parallel with an old copy of qpopper for a while, pick a specific IP address not used by qpopper instead, or temporarily run the server on a port other than 110.) Line 8 runs qmail-popup with a single command-line option of pop.example.com, the domain name used in the POP protocol to get the username and password. Line 9 is the command that qmail-popup runs once it has the username and password. In this case it is checkpassword. There are no command-line options for checkpassword. Line 10 is the command that checkpassword runs once it has verified the username and password. In this case it is qmail-pop3d. qmail-pop3d uses the supplied command-line option as the path of the Maildir to access. checkpassword switches to the user's home directory, so this will be the user's own Maildir.

There are variations possible with this script. Here are a few of the most likely ones:

• The limit set on line 2 may need to be increased if the mailboxes have a very large number of messages (more than 10,000) because the POP server uses a small amount of memory to keep track of each message.

• Removing the "HR" options from line 5 provides more information for logging at the expense of increasing the time it takes to establish a connection. See the tcpserver manpage for details.

• If you allow POP connections from anywhere on the Internet, then you can remove line 6. Note that the username and password are sent over the POP connection in the clear, which makes these connections vulnerable to snooping. So be careful when making the decision to allow POP connections from networks outside of your control.

13.2.4 The Logging Script

The second script needed as part of the POP server is the script that runs multilog to log the connection details (see Example 13-3). Put this script into /var/qmail/supervise/qmail-pop3d/log/run.

Example 13-3. POP log/run

 1. #!/bin/sh  2.   exec setuidgid qmaill \  3.   multilog t s4000000 ./main

Once created, the script needs to be made executable with:

# chmod +x /var/qmail/supervise/qmail-pop3d/run

This script is the same as the ones used for qmail-send and qmail-smtpd.

13.2.5 tcpserver Rules

The last step before putting this all together is to populate the rules.cdb file with the networks that are allowed to access the POP server. The discussion of setting up SMTP servers in Chapter 7 explains, how to create rules files and run tcprules, so just populate the file with a rule that allows access from everywhere, as shown in Example 13-4.

Example 13-4. Populating rules.cdb

# cd /var/qmail/supervise/qmail-pop3d # echo :allow >rules.txt # tcprules rules.cdb rules.tmp <rules.txt

13.2.6 Putting It All Together

It is finally time to start the POP server.^[1] With svscan running, link the newly created service directory into /service:

^[1] If you have another POP server running, you must stop that first of course, or else run the POP server on a different IP address.

# ln -s /var/qmail/supervise/qmail-pop3d /service

Within five seconds, svscan will notice the new entry in /server and start the POP server.