Installing and Using POP3 Servers

qmail includes its own POP3 server, qmail-pop3d. We'll cover installing and configuring qmail-pop3d as well as two add-on POP3 servers: Qpopper and Solid POP.

Using qmail-pop3d

qmail-pop3d is the POP server included with qmail. It's an excellent POP server, and many qmail sites use it. It's modular, and it supports multiple authentication schemes via alternative authentication modules.

qmail-pop3d only supports maildir-format mailboxes. If you have users logging directly into the POP server and running MUAs locally, the MUAs must all support maildirs. If all of your users read mail exclusively via POP or IMAP, the mailbox format on the server is invisible to their MUAs.

Architecture of qmail-pop3d

A qmail-pop3d server consists of three modules:

• qmail-popup—gets username/password

• checkpassword—authenticates username/password

• qmail-pop3d—the POP daemon itself

Typically, qmail-popup is run via tcpserver, inetd, or xinetd, listening to port 110, the POP3 port. When a connection is made, it prompts for the username and password. Then it invokes checkpassword, which validates the username and password and invokes qmail-pop3d if they match.

Installing qmail-pop3d

qmail-pop3d has no additional requirements beyond those necessary for building and installing qmail:

1. Completely install and test qmail. If you want all users to have POP retrievable mailboxes, make sure defaultdelivery is set to ./Maildir/. If you installed the /var/qmail/rc/ script from Chapter 2, "Installing qmail," this is configured in /var/qmail/control/defaultdelivery. If not, it's probably in /var/qmail/rc/ on the qmail-start command line.

2. Download a checkpassword program from http://www.qmail.org/top.html#checkpassword. The standard check-password program, available from http://cr.yp.to/checkpwd.html, is a good choice if you don't need anything beyond standard /etc/passwd username/password authentication.

3. Compile and install the checkpassword program according to the directions. Make sure you install it as /bin/checkpassword. For example, at the time of this writing, the current version of checkpassword is 0.90. To install it, do this:

    $ gunzip -c checkpassword-0.90.tar.gz | tar xf - $ cd checkpassword-0.90 $ make ...lots of output ending with something like: ./load install hier.o auto_home.o unix.a byte.a ./compile instcheck.c ./load instcheck hier.o auto_home.o unix.a byte.a $ su Password: rootpassword # umask 022 # make setup check ./install ./instcheck # 

4. Create the /var/qmail/supervise/qmail-pop3d directory and the log subdirectory:

    # mkdir -p /var/qmail/supervise/qmail-pop3d/log # 

5. Create a /var/qmail/supervise/qmail-pop3d/run script:

    #!/bin/sh MAXPOP3D='head -1 /var/qmail/control/concurrencypop3' exec /usr/local/bin/softlimit -m 2000000 \      /usr/local/bin/tcpserver -v -R -H -l 0 -x /etc/tcp.pop3.cdb -c "$MAXPOP3D" \           0 110 /var/qmail/bin/qmail-popup FQDN /bin/checkpassword \           /var/qmail/bin/qmail-pop3d Maildir 2>&1 

where FQDN is the fully qualified domain name of the POP server you're setting up—for example, pop.example.net.

6. Create a /var/qmail/supervise/qmail-pop3d/log/run script containing this:

    #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t \      /var/log/qmail/pop3d 

7. Create /var/qmail/control/concurrencypop3, limiting simultaneous POP3 connections to 20:

    # echo 20 > /var/qmail/control/concurrencypop3 # 

8. Create the POP3 access database. The file /etc/tcp.pop3 is the human-readable version of the POP3 access database. It's analogous to the SMTP access database in /etc/tcp.smtp set up in Chapter 2, "Installing qmail." The tcprules command is used to convert the human-readable version into a machine-readable version, /etc/tcp.pop3.cdb. For example, to restrict access to hosts on the local network, 192.168.x.x, and the local host, you would create /etc/tcp.pop3, using your text editor, containing this:

    192.168.:allow 127.:allow :deny 

9. Set up the log directory and permissions on the run scripts and link the service into /service:

    # chmod +t /var/qmail/supervise/qmail-pop3d # mkdir /var/log/qmail/pop3d # chown qmaill /var/log/qmail/pop3d # chmod 755 /var/qmail/supervise/qmail-pop3d/run # chmod 755 /var/qmail/supervise/qmail-pop3d/log/run # ln -s /var/qmail/supervise/qmail-pop3d /service # 

10. Add the following to qmailctl's start section:

     if svok /service/qmail-pop3d ; then     svc -u /service/qmail-pop3d else     echo qmail-pop3d supervise not running fi 

11. Add the following to qmailctl's stop section:

     echo "  qmail-pop3d" svc -d /service/qmail-pop3d 

12. Add the following to qmailctl's stat section:

     svstat /service/qmail-pop3d svstat /service/qmail-pop3d/log 

13. Add the following to qmailctl's pause section:

     echo "Pausing qmail-pop3d" svc -p /service/qmail-pop3d 

14. Add the following to qmailctl's cont section:

     echo "Continuing qmail-pop3d" svc -c /service/qmail-pop3d 

15. Add the following to qmailctl's restart section:

     echo "* Restarting qmail-pop3d." svc -t /service/qmail-pop3d 

16. Add the following to qmailctl's cdb section:

     tcprules /etc/tcp.pop3.cdb /etc/tcp.pop3.tmp < /etc/tcp.pop3 chmod 644 /etc/tcp.pop3.cdb echo "Reloaded /etc/tcp.pop3." 

17. Build /etc/tcp.pop3.cdb:

     # qmailctl cdb Reloaded /etc/tcp.smtp. Reloaded /etc/tcp.pop3. # 

Testing the qmail-pop3d Service

At this point, your POP3 service should be up and running. You can test it by connecting to the POP3 port on the local system and logging in as a normal mail user:

  1 $ telnet 0 110  2 Trying 0.0.0.0. . .  3 Connected to 0.  4 Escape character is '^]'.  5 +OK <2922.992703469@FQDN>  6 user dave  7 +OK  8 pass flubgart  9 +OK 10 list 11 +OK 12 1 570 13 2 2556 14 3 4346 15 . 16 quit 17 +OK 18 Connection closed by foreign host. 19 $ 

Line 1 is the telnet command used to connect to the POP3 service. The 0 (zero) refers to the local host, and 110 is the POP3 port number.

Line 2 shows telnet trying to connect.

Line 3 shows that the connection was established.

Line 4 is telnet reminding the user that they can "escape" to the telnet prompt by holding the Control key and pressing the right square bracket key (]).

Line 5 is the banner message from qmail-popup. The <2922.992703469@FQDN> is an authentication "cookie" that would be used by an MUA doing APOP authentication (see "Securing POP" section later in this chapter).

Lines 6 though 9 are the authentication exchange. Because the authentication was reported as successful by checkpassword, as indicated by the +OK on line 9, qmail-popup runs qmail-pop3d to handle the remainder of the dialogue.

Lines 10 though 15 show the user using the POP3 LIST command to display a list of messages available, followed by qmail-pop3d's response: a list of three message numbers and their sizes, in bytes.

Lines 16 and 17 show the user ending the POP3 session.

Line 18 is telnet reporting that qmail-pop3d closed the connection.

The next step is to test the service remotely using a POP-enabled MUA.

Using Qpopper

Qualcomm, the company that created the popular Eudora MUA, also distributes a POP3 server called Qpopper. If you need a POP daemon that works only with mbox-format mailboxes, you might want to consider Qpopper.

More information about Qpopper is available on the Web (http://www.eudora.com/qpopper/).

Installing Qpopper

Qpopper has no additional requirements beyond those necessary for building and installing qmail:

1. Download the source tarball. At the time of this writing, the current version is 4.0.3. For example, using the lynx browser:

    $ lynx -dump \ ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.3.tar.gz > \ qpopper4.0.3.tar.gz $ 

2. Unpack the tarball and change to the build directory:

    $ gunzip -c qpopper4.0.3.tar.gz | tar xf - $ cd qpopper4.0.3 $ 

3. Configure Qpopper to look for mbox mailboxes in $HOME/Mailbox, for example:

    $ ./configure —enable-home-dir-mail=Mailbox ...lots of output ending with something like: creating mmangle/Makefile creating password/Makefile creating config.h $ 

4. Compile Qpopper:

    $ make ...lots of output ending with something like:         -lcrypt ../common/libcommon.a(maillock.o): In function 'Qmaillock': /usr/local/src/qpopper4.0.3/common/maillock.c:278: the use of 'tempnam' is dangerous, better use 'mkstemp' make[1]: Leaving directory '/usr/local/src/qpopper4.0.3/popper' $ 

5. Install the binaries:

    $ su Password: rootpassword # umask 022 # make install ...lots of output ending with something like: echo "Installed popauth as /usr/local/sbin/ "\           "with uid "; \     /usr/local/sbin/ -init -safe; \ fi make[1]: Leaving directory '/usr/local/src/qpopper4.0.3/popper' # 

6. Create the /var/qmail/supervise/qpopper directory and the log subdirectory:

    # mkdir -p /var/qmail/supervise/qpopper/log # 

7. Create a /var/qmail/supervise/qpopper/run script:

    #!/bin/sh MAXPOP3D='head -1 /var/qmail/control/concurrencypop3' exec /usr/local/bin/tcpserver -R -H -x /etc/tcp.pop3.cdb -c "$MAXPOP3D" \          0 110 /usr/local/sbin/popper 2>&1 

   Note

   concurrencypop3 is a nonstandard control file. Only the previous qpopper/run script uses it. The first line of the file should contain a number, which is the maximum number of simultaneous POP3 sessions that tcpserver allows.

8. Create a /var/qmail/supervise/qpopper/log/run script containing this:

    #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t \     /var/log/qpopper 

9. Create /var/qmail/control/concurrencypop3, limiting POP3 connections to 20:

    # echo 20 > /var/qmail/control/concurrencypop3 # 

10. Create the POP3 access database. The file /etc/tcp.pop3 is the human-readable version of the POP3 access database. It's analogous to the SMTP access database in /etc/tcp.smtp set up in Chapter 2, "Installing qmail." The tcprules command is used to convert the human-readable version into a machine-readable version, /etc/tcp.pop3.cdb. For example, to restrict access to hosts on the local network, 192.168.x.x, and the local host, you would create /etc/tcp.pop3, using your text editor, containing this:

     192.168.:allow 127.:allow :deny 

11. Set up the log directory and permissions on the run scripts, and link the service into /service:

     # chmod +t /var/qmail/supervise/qpopper # mkdir /var/log/qpopper # chown qmaill /var/log/qpopper # chmod 755 /var/qmail/supervise/qpopper/run # chmod 755 /var/qmail/supervise/qpopper/log/run # ln -s /var/qmail/supervise/qpopper /service # 

12. Add the following to qmailctl's start section:

     if svok /service/qpopper ; then     svc -u /service/qpopper else     echo qpopper supervise not running fi 

13. Add the following to qmailctl's stop section:

     echo "  qpopper" svc -d /service/qpopper 

14. Add the following to qmailctl's stat section:

     svstat /service/qpopper svstat /service/qpopper/log 

15. Add the following to qmailctl's pause section:

     echo "Pausing qpopper" svc -p /service/qpopper 

16. Add the following to qmailctl's cont section:

     echo "Continuing qpopper" svc -c /service/qpopper 

17. Add the following to qmailctl's restart section:

     echo "* Restarting qpopper." svc -t /service/qpopper 

18. Add the following to qmailctl's cdb section:

     tcprules /etc/tcp.pop3.cdb /etc/tcp.pop3.tmp < /etc/tcp.pop3 chmod 644 /etc/tcp.pop3.cdb echo "Reloaded /etc/tcp.pop3." 

19. Build /etc/tcp.pop3.cdb:

     # qmailctl cdb Reloaded /etc/tcp.smtp. Reloaded /etc/tcp.pop3. # 

Testing the Qpopper Service

At this point, your POP3 service should be up and running. You can test it by connecting to the POP3 port on the local system and logging in as a normal mail user:

  1 $ telnet 0 110  2 Trying 0.0.0.0. . .  3 Connected to 0.  4 Escape character is '^]'.  5 +OK Qpopper (version 4.0.3) at dolphin.example.com starting.  6 user dave  7 +OK Password required for dave.  8 pass flubgart  9 +OK dave has 1 visible message (0 hidden) in 1088 octets. 10 list 11 +OK 1 visible messages (1088 octets) 12 1 1088 13 . 14 quit 15 +OK Pop server at dolphin.example.com signing off. 16 Connection closed by foreign host. 17 $ 

Line 1 is the telnet command used to connect to the POP3 service. The 0 (zero) refers to the local host, and 110 is the POP3 port number.

Line 2 shows telnet trying to connect.

Line 3 shows that the connection was established.

Line 4 is telnet reminding the user that they can "escape" to the telnet prompt by holding the Control key and pressing the right square bracket key (]).

Line 5 is the banner message from Qpopper.

Lines 6 though 9 are the authentication exchange.

Lines 10 though 13 show the user using the POP3 LIST command to display a list of messages available, followed by Qpopper's response: a list of one message and its size, in bytes.

Lines 14 and 15 show the user ending the POP3 session.

Line 16 is telnet reporting that Qpopper closed the connection.

The next step is to test the service remotely using a POP-enabled MUA.

Using SolidPOP

The SolidPOP server supports both maildir and mbox mailboxes, as well as APOP authentication (see "Securing POP3" later in this chapter) and virtual domains. More information about SolidPOP is available on the Web (http://solidpop3d.pld.org.pl/).

Installing SolidPOP

SolidPOP has no additional requirements beyond those necessary for building and installing qmail:

1. Download the source tarball. At the time of this writing, the current version is 0.15. For example, using the lynx Web browser:

    $ lynx -dump http://solidpop3d.pld.org.pl/solid-pop3d-0.15.tar.gz > \ > solid-pop3d-0.15.tar.gz $ 

2. Unpack the tarball and move to the build directory:

    $ gunzip -c solid-pop3d-0.15.tar.gz | tar xf - $ cd solid-pop3d-0.15 $ 

3. Configure SolidPOP for building:

    $ ./configure ...lots of output ending with something like: creating man/Makefile creating src/Makefile creating config.h $ 

   Tip

   See the README file for a list of configurable options. For example, adding —enable-bulletins adds support for system-wide announcements. Other options add support for extended logging, statistics, automatic mailbox creation, and more.

4. Compile SolidPOP:

    $ make ...lots of output ending with something like: gcc -g -O2 -o spop3d authenticate.o cmds.o log.o fdfgets.o maildrop.o main.o md5 .o memops.o options.o response.o vsnprintf.o mailbox.o maildir.o userconfig.o configfile.o -lcrypt make[1]: Leaving directory '/usr/local/src/solid-pop3d-0.15/src' $ 

5. Create an spop3d account and install the binaries:

    $ su Password: rootpassword # umask 022 # useradd -d /nonexistent -s /nonexistent -M spop3d # make install ...lots of output ending with something like: /bin/sh ../mkinstalldirs /usr/local/bin /bin/sh ../mkinstalldirs /usr/local/sbin   /usr/bin/install -c   spop3d /usr/local/sbin/spop3d make[1]: Leaving directory '/usr/local/src/solid-pop3d-0.15/src' # 

6. Create the /var/qmail/supervise/spop3d directory and the log subdirectory:

    # mkdir -p /var/qmail/supervise/spop3d/log # 

7. Create a /var/qmail/supervise/spop3d/run script:

    #!/bin/sh MAXPOP3D='head -1 /var/qmail/control/concurrencypop3' exec /usr/local/bin/tcpserver -R -H -x /etc/tcp.pop3.cdb -c "$MAXPOP3D" \          0 110 /usr/local/sbin/spop3d 2>&1 

   Note

   concurrencypop3 is a nonstandard control file. Only the previous spop3d/run script uses it. The first line of the file should contain a number, which is the maximum number of simultaneous POP3 sessions that tcpserver allows.

8. Create a /var/qmail/supervise/spop3d/log/run script containing:

    #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t \      /var/log/qpopper 

9. Create /var/qmail/control/concurrencypop3, limiting POP3 connections to 20:

    # echo 20 > /var/qmail/control/concurrencypop3 # 

10. Create the POP3 access database. The file /etc/tcp.pop3 is the humanreadable version of the POP3 access database. It's analogous to the SMTP access database in /etc/tcp.smtp set up in Chapter 2, "Installing qmail." The tcprules command is used to convert the human-readable version into a machine-readable version, /etc/tcp.pop3.cdb. For example, restrict access to hosts on the local network, 192.168.x.x, and the local host, you would create /etc/tcp.pop3, using your text editor, containing this:

     192.168.:allow 127.:allow :deny 

11. Set up the log directory and permissions on the run scripts, and link the service into /service:

     # chmod +t /var/qmail/supervise/spop3d # mkdir /var/log/spop3d # chown qmaill /var/log/spop3d # chmod 755 /var/qmail/supervise/spop3d/run # chmod 755 /var/qmail/supervise/spop3d/log/run # ln -s /var/qmail/supervise/spop3d /service # 

12. Create a global SolidPOP configuration file specifying the default location and format of mailboxes. For example, for maildir mailboxes in $HOME/Maildir, create the file /usr/local/etc/spop3d.conf with the following contents:

     <Global>           MailDropName   Maildir           MailDropType   maildir </Global> 

13. Add the following to qmailctl's start section:

     if svok /service/spop3d ; then     svc -u /service/spop3d else     echo spop3d supervise not running fi 

14. Add the following to qmailctl's stop section:

     echo "  spop3d" svc -d /service/spop3d 

15. Add the following to qmailctl's stat section:

     svstat /service/spop3d svstat /service/spop3d/log 

16. Add the following to qmailctl's pause section:

     echo "Pausing spop3d" svc -p /service/spop3d 

17. Add the following to qmailctl's cont section:

     echo "Continuing spop3d" svc -c /service/spop3d 

18. Add the following to qmailctl's restart section:

     echo "* Restarting spop3d." svc -t /service/spop3d 

19. Add the following to qmailctl's cdb section:

     tcprules /etc/tcp.pop3.cdb /etc/tcp.pop3.tmp < /etc/tcp.pop3 chmod 644 /etc/tcp.pop3.cdb echo "Reloaded /etc/tcp.pop3." 

20. Build /etc/tcp.pop3.cdb:

     # qmailctl cdb Reloaded /etc/tcp.smtp. Reloaded /etc/tcp.pop3. # 

Testing the SolidPOP Service

At this point, your POP3 service should be up and running. You can test it by connecting to the POP3 port on the local system and logging in as a normal mail user:

  1 $ telnet 0 110  2 Trying 0.0.0.0. . .  3 Connected to 0.  4 Escape character is '^]'.  5 +OK Solid POP3 server ready  6 user dave  7 +OK username accepted  8 pass flubgart  9 +OK authentication successful 10 list 11 +OK scan listing follows 12 1 581 13 2 2620 14 3 4459 15 . 16 quit 17 +OK session ended 18 Connection closed by foreign host. 19 $ 

Line 1 is the telnet command used to connect to the POP3 service. The 0 (zero) refers to the local host, and 110 is the POP3 port number.

Line 2 shows telnet trying to connect.

Line 3 shows that the connection was established.

Line 4 is telnet reminding the user that they can "escape" to the telnet prompt by holding the Control key and pressing the right square bracket key (]).

Line 5 is the banner message from SolidPOP.

Lines 6 though 9 are the authentication exchange.

Lines 10 though 15 show the user using the POP3 LIST command to display a list of messages available, followed by SolidPOP's response: a list of three messages and their size, in bytes.

Lines 16 and 17 show the user ending the POP3 session.

Line 18 is telnet reporting that SolidPOP closed the connection.

The next step is to test the service remotely using a POP-enabled MUA.