Eudora TM Search Contact Us
Support - Technical Support Resources and Knowledgebase User Forums - See users' online questions and answers about Eudora products, or post your own questions to the Eudora Community. Developers - Resources for Developers writing code to interact with Eudora Press - Press Releases and News Articles Testimonials - Read what others are saying about Eudora
Qualcomm

 

Qpopper Home

Documentation

 

 

Qpopper FAQ



What is the latest version of Qpopper and where can I get it?
The latest released version of Qpopper is 4.1.  You can get Qpopper from Qualcomm's FTP site.  If you are outside the U.S., you might want to try one of the mirror sites.

How can I be notified when new versions of Qpopper are available?
Easy!  Just subscribe to either the unofficial public Qpopper discussion list, or the low-volume official Qpopper announcements list.  When new versions are available, we send a notice to both lists.


Is there a mailing list for Qpopper?

There is an unofficial public mailing list for discussion of Qpopper.  To subscribe, send the word subscribe as the body of a message to qpopper-request at lists.pensive.org

There is a mailing list for official announcements from Qualcomm about Qpopper.  This is a very low-volume list.  To subscribe, send the word subscribe as the body of a message to qpopper-announce-request at rohan.qualcomm.com or if your browser supports it and is configured so this works, click here.


Which authentication methods are available?
In addition to the standard username and password, Qpopper can use APOP, Kerberos (version 4 or 5), or any PAM method.  In addition, Qpopper can use TLS/SSL to encrypt the authentication exchange.
  • In APOP, the server issues a challenge and the email client sends a response which proves it knows the password, without sending the actual password.  Both the challenge and the response contain a random element, which prevents the response from being used by an interceptor.  See What is APOP authentication? for more information on APOP.
  • Kerberos is a mechanism for secure authentication over untrusted networks.  For more information, see the MIT Kerberos pages.

    If you use Kerberos with Qpopper, be sure to obtain updated libraries that address CERT Advisory CA-2000-06.

  • PAM is an architecture which allows the use of various authentication modules with different applications.  It is available on many platforms, including Linux and Solaris.  See How do I use Qpopper with PAM? for more information.
  • TLS/SSL (Transport Layer Security/Secure Sockets Layer) permits all traffic between Qpopper and the email client to be encrypted, including authentication and message contents.  Qpopper works with the free OpenSSL package as well as SSL Plus and Security Builder® from Certicom


What is APOP authentication?
With APOP, MD5 hashes are generated on a block of data that contains the password and random data (pid.clock@hostname).  It is the hash that is sent to the server to prove that the user knows the password.  The actual password is not sent (so it can't be intercepted).  In addition, the pid and clock values differ on each connection, which avoids replay attacks.

For details please refer to RFC 1939.


How do I setup APOP authentication?
APOP is an alternate authentication method.  It is able to authenticate without passing the password in cleartext over the wire.  To enable this feature, you need to run the ./configure script with the --enable-apop=path to database and --enable-popuid=popuid flags.

The first flag is the location of the APOP user database (the authorization database); the second specifies the user entity that owns this authorization database.  When you build Qpopper with APOP, you also get a program called popauth which must be installed in a public location.  This program must also run SUID as the POPUID user so that it can make modifications to the database.  For example:

chown pop popauth
chmod u+s popauth

NOTE: Make sure the database (for example, /etc/pop.auth) is owned by popuid and that the permissions are 600.  popauth -init creates the file with the proper owner and permissions.

The database must be initialized by user root with the following command:

popauth -init

New users can be added by rootor the popuid user with the following command:

popauth -user user

Or removed with the following command:

popauth -delete user

Users can add themselves or change their password with the following command:

popauth

How do I use TLS/SSL with Qpopper?
  • Obtain Qpopper 4.0 or later
  • Obtain and install a TLS/SSL library.  Qpopper works with the free OpenSSL package as well as SSL Plus and Security Builder® from Certicom
  • Compile Qpopper.  If you are using OpenSSL, add --with-openssl to the ./configure command.  If you are using SSL Plus and Security Builder® add --with-sslplus to the ./configure command.
  • Make sure your system has /dev/urandom Many systems already do.  You can usually obtain one from your vendor.  Lack of a suitable /dev/urandom will severely compromise security. 
    The Entropy Gathering Daemon can be used as a /dev/urandom device.  After installing it create a startup script that runs egd.pl /dev/urandom.
  • Create and install certificates.


I installed/upgraded OpenSSL and now Eudora doesn't work
There is a known issue between OpenSSL 0.9.6g and later and the TLS libraries used by Eudora and other clients. OpenSSL added several security countermeasures, one of which doesn't work with all TLS/SSL libraries. Until these libraries are updated, you can work around this by upgrading to Qpopper 4.0.5 or later and turning off the specific security countermeasure that is the problem: SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.

To do this, add set tls-options = 0x00000800 in your Qpopper configuration file.


How do I create and install certificates for TLS/SSL?
Qpopper works with the free OpenSSL package as well as SSL Plus and Security Builder® from Certicom

To create a certificate signed by a Certificate Authority using OpenSSL, follow these steps:

  1. Create or choose a directory for the certificates and your private key.  Because the private key is stored unencrypted, it is very important that only user root has access to this directory.  For example, the following three commands:
    mkdir -p -m665 /etc/mail/certs
    chown root:mail /etc/mail/certs
    chmod 660 /etc/mail/certs
  2. Use openssl to create a public-private key pair and a certificate signing request (csa).  For example, the following command (this text should be entered at a command prompt as one long line):
    /usr/local/ssl/bin/openssl req -new -nodes -out req.pem -keyout /etc/mail/certs/cert.pem
    When you run openssl it prompts you for items of information.  It is very important that you properly answer these prompts; the default explanation may not be accurate.  It asks you:
    1. Country Name   Supply the ISO-standard two-letter code for your country.
    2. State or Province Name   Type the full name of your state or province.
    3. Locality Name   Type the full name of your city or municipal area.
    4. Organization Name   Type the legal name of your company or organization.
    5. Organizational Unit Name   Type the name of your division or section of your company.
    6. Common Name   Type the fully-qualified host name of the mail server host.  Do not type your personal name, even if the openssl prompt sounds like that is what you should do.  This must be the same name that a client enters to get to your server.
    7. Email Address   This should be your email address, or that of an institutional role (such as postmaster).

  3. Ensure that the file which now contains the private key (and will later contain the signed certificate) is owned by and only accessible by root.  For example, the following two commands:
    chmod 600 /etc/mail/certs/cert.pem
    chown root:0 /etc/mail/certs/cert.pem
  4. Send the certificate signing request (file req.pem) to your Certificate Authority for signing.  You will receive back a signed request.  Assuming this signed request is in a file called signed_req.pem, concatenate it to the private key generated earlier:
    cat signed_req.pem >> /etc/mail/certs/cert.pem
  5. Create a configuration file for Qpopper.  You can locate this file anywhere you choose.  For example, /etc/mail/pop/qpopper.config.  Put the paths to the private key and signed certificate in this file, and enable either alternate-port or STLS.  For example, using the above file names and STLS:
    set tls-support = stls
    set tls-server-cert-file = /etc/mail/certs/cert.pem
  6. Use the -f config-file-path command-line option to tell Qpopper to read the configuration file.


How do I sign my certificate with a test Certificate Authority (CA)?
When testing and becoming familiar with Qpopper and TLS/SSL, it can be helpful to create a test Certificate Authority (CA) and use it to sign your certificate.  Be aware that most clients will warn you that they don't trust the certificate (as well they shouldn't), and require you to manually accept the certificate to continue.

To sign your certificate with a test Certificate Authority (CA) using OpenSSL, follow the instructions to create and install certificates except that when told to send the request to a real CA (in step 4), follow these steps instead:

  1. Create the CA private key by entering the following command:
    /usr/local/ssl/bin/openssl genrsa -des3 -out ca.key 1024
    Be sure to remember the pass phrase you enter.

  2. Create the CA certificate:
    /usr/local/ssl/bin/opensslopenssl req -new -x509 -days 365 -key ca.key -out ca.crt
    When you run openssl it prompts you for items of information.  Since this is just for a test CA, in this case it's really not important how you answer these prompts.  It asks you:
    1. Country Name   Supply the ISO-standard two-letter code for your country.
    2. State or Province Name   Type the full name of your state or province.
    3. Locality Name   Type the full name of your city or municipal area.
    4. Organization Name   Type the name you want to use for your test CA. This can be the name of your company or organization if you like, or you can make something up.
    5. Organizational Unit Name   Type a name for a division within the test CA.  You can use the name of your division or section of your company if you like.
    6. Common Name   You can use the fully-qualified host name of machine you're using for the test CA.  You can also use your own personal name if you like.
    7. Email Address   This should be your email address, or that of an institutional role (such as postmaster).

  3. Now sign your request (note that at least in some versions of OpenSSL, case matters here):
    /usr/local/ssl/bin/openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in req.pem -out signed-req.pem -CAcreateserial

 


Are any versions of Qpopper vulnerable to remote exploit?
Qpopper 2.41 and prior versions (and some early beta versions of Qpopper 3.0) are vulnerable to buffer overflow.  Remote users can obtain root access on systems running these versions.  Qpopper 2.53 and earlier have a non-root exploit.

Releases of Qpopper 4.0.5 and later are immune from all known buffer overrun and other security issues.  Please upgrade your server if you are running any Qpopper older than the current version

Also, 4.0 and later has new code which makes future buffer overruns far less likely, and releases are run against a utility which tests all parameters of all commands for buffer overruns.


Can Qpopper look for passwords in a file other than /etc/passwd?
While Qpopper uses system authentication calls, if you use PAM, you can have Qpopper use a PAM module which gets authentication information from a source other than /etc/passwd or /etc/shadow (for example, LDAP).  Note that since Qpopper reads the mail spool of the Unix user, it still needs a pwnam entry for the user.

In addition, there are third-party patches which provide alternative mechanisms.  Qualcomm does not provide support for Qpopper patches such as these.


How do I set the correct ownership and permissions on the spool directory?

The spool directory needs to have ownership and permissions set correctly.  Normally, this directory has owner root and group mail, and has permissions set drwxrwxr-x or drwxrwxrwt.  (The second form sets the sticky bit to prevent non-owners from deleting or renaming files.)

For example, if your spool directory is /var/mail, enter:

chown root:mail /var/mail
    chmod u=rwx,g=rwx,o=rx /var/mail
or
    chmod a=trwx /var/mail
chmod ug=rw,o-rwx /var/mail/*

The first command sets the spool directory so it has owner root and group mail.

The first form of the second command sets permissions so that only user root or group mail can create or write files.  The second form sets permissions so that anyone can create files, but only the owners can delete or rename them.

The third command sets the permissions on existing spool files so that the owners and group mail can read and write them, but no one else can access them.

If you do an ls -ld on your spool directory, it should show as drwxrwxr-x or drwxrwxrwt

If you do an ls -l on your spool directory, all files should show as rw-rw----

If permissions are not set correctly, Qpopper is unable to create the dot-lock file in the spool directory.


Can I use Qpopper over NFS?
We recommend against using Qpopper over NFS.  This is because atomic locking is required to prevent spool corruption, and NFS does not provide this. 

How do I install Qpopper on RedHat v7 Linux with xinetd?
Create a file called pop3 in the /etc/xinetd.d directory that contains the following lines (adjust the server line to contain the path to the Qpopper executable, and the server_args line to contain any Qpopper command-line flags you wish to use; this example shows the executable located at /usr/local/lib/popper, and the -s command-line flag):
service pop3
{
  socket_type = stream  
  protocol = tcp  
  wait = no  
  user = root  
  server = /usr/local/lib/popper  
  server_args = qpopper -s  
  port = 110  
}
Note that it may also be necessary to create an entry in the /etc/hosts.allow file such as the following:
popper:ALL
Additionally, the standard distribution of RedHat Linux 7.0 installs the file /etc/xinetd.d/ipop3 in support of its default POP3 service, which is likely to create a redundant POP3 references for the xinetd daemon.  You may need to either delete the /etc/xinetd.d/ipop3 file or comment out its service pop3 line.


Can Qpopper use $HOME/Mailbox as the mail spool?
Add --enable-home-dir-mail=Mailbox to the ./configure command or add set home-dir-mail = Mailbox to a configuration file. 


My users get the message system error, can't open temporary file. Do you own it?
This occurs when the user does not have the permissions to create the .user.pop in the temporary drop directory (which defaults to the mail spool directory).  Check the permissions of this directory.


What does the warning Possible probe of user account mean?
This indicates a client issued a QUIT command in themiddle of authenticating.  While this may be perfectly normal, it can also indicate a possible break-in attempt, hence the warning.


What does the message pop3/tcp server failing (looping), service terminated mean?
This indicates that inetd received more requests for Qpopper service within one minute than it is configured to allow.  On most systems, by default inetd only permits 40 connections within one minute to any service.  If you have a lot of users, this may be too small a limit.  You can increase the global default (for all inetd services) by passing a timeout argument to inetd.  On most systems, you can increase the timeout for Qpopper by modifying your inetd.conf file.  Find the pop3 line, and change nowait to nowait.timeout, for example, nowait.50 to permit 50 Qpopper connections within one minute.


What does the error message Unable to get canonical name of client mean?
This error message in your log means that a client connected in and Qpopper got an error when it tried to do a reverse lookup on the IP address.  If the client is local, this may indicate a problem with its DNS entry (specifically the PTR record for that IP address), or it may be a temporary DNS problem.

Qpopper allows you to turn off this check if you like.  Qpopper also includes the IP address of the client in the log message, to make it easier to check its DNS entries.


What does the error message Unable to copy mail spool file to temp pop dropbox mean?
You need to ensure that enough free space exists in your spool directory, and any user disk quotas are large enough, so that the spool file can be copied.  This means at least twice the spool file size may be needed.

You can also specify a separate directory for temporary files by using the --enable-temp-drop-dir=path option with ./configure or adding set temp-dir = path to a configuration file.


What does the error message Unable to process From lines (envelope), change recognition modes mean?
This indicates that the user's mail spool is corrupted.  The first line, which should be a "From " or MMDF separator is not recognizable.

If you are using procmail as the delivery agent (check the "Mlocal" line in /etc/sendmail.cf), or if procmail is being used in addition to a delivery agent, be sure to upgrade to the latest version.  Reports have linked procmail v3.10 with spool file corruption.  You can get an updated procmail at www.procmail.org.

Be sure to use the lastest version of Qpopper.  In particular, it was possible for versions prior to 3.0 to create corrupted .user.pop files if server mode was not used, and Qpopper was unable to copy the user's spool file because the disk filled up, the user was over quota, or some other error occurred.

NOTE: It is possible that corrupted .user.pop files were created for some users by aborted sessions using versions prior to 3.0.  The next time these users check mail, the corrupted .user.pop file will cause the error.  It is a good idea to check for any .user.pop files after upgrading from a version prior to 3.0.  If you find any of these files, check them for corruption.  You can delete them if they seem to be all garbage.  .user.pop files should normally not exist after a session ends.  If you find any, it either means the Qpopper process was killed abnormally, or a version prior to 3.0 created a corrupted one.

We have also had reports that certain webmail programs can corrupt the mail spool.

To fix the immediate problem for this user, edit the mail spool file and check the first line.   If it does not start with "From " (including the space but not the quotes), delete it and any following lines until you see a separator.   If the line starts with "rom " or "FFrom", correct it to be "From ".   Note that the separator line starts with "From ", not "From: ".  

You can also use a utility such as formail to edit the spool file, for example, formail -b oldfile newfile and then replace oldfile with newfile, perhaps keeping a copy of oldfile in case you discover a problem with the results of formail.


When Netscape clients connect in, I see errors in my log such as Unknown command: xsender and Too few arguments for the auth command.
See the heading "Turning off authentication in the client" in this Netscape SMTP AUTH document.  Do the following on each client machine:
  1. Quit Netscape
  2. Open the following file in a text editor:
    • For Macintosh clients, edit Netscape Preferences
    • For Windows clients, edit prefs.js
  3. Add the following line to the end of the file:
    user_pref("mail.auth_login", false);
  4. Launch Netscape
The preferences file will be re-sorted after Netscape runs.


Even correct usercodes/passwords get Password supplied for user is incorrect errors
Probably you are using shadow passwords.  You need to run ./configure with the --enable-specialauth flag. 

Try:

make realclean
./configure --enable-specialauth
make


I see Unknown command: "capa" in my log
CAPA is a new POP extension (defined in RFC 2449) which permits a POP server to give information to a client about supported POP extensions, optional server behavior, and site policy.   Some newer email clients, such as Eudora, issue the command, and if supported by the server, take advantage of the response.  CAPA is supported by qpopper 3.0 and later.


I see warnings in my log of the form Client at "192.168.2.3" resolves to an unknown host name "foo.bar.gork"
When a client connects, Qpopper attempts a reverse-lookup on the IP address, and if it resolves to a canonical name, then attempts a lookup on the returned name.  If the returned name does not resolve to an IP address, qpopper issues this error. 


I get Error 4 when I try to use PAM on my Solaris system
This is a known bug in Solaris 6 PAM.  It is fixed in Solaris 7, and patch 106257-05 is also available.


I see errors such as POP EOF, SIGHUP or SIGPIPE flagged, or POP hangup.
Generally, this is because a client has disconnected without sending QUIT.  This can be the result of telephone modem problems, which are more likely to occur when downloading large messages.  It could also be caused by too-small timeout values in some clients.

If you are using Qpopper 4.0 or later and your network is very congested, the aggregating of small packets into one large one can acerbate the situation.  In this case you can use the --enable-chunky-writes=1 flag with ./configure, or use set chunky-writes = tls in a configuration file. 


If my users cancel during a long download, the .lock file and the .user.pop file, along with the Qpopper process, hang around.
As the size of the spool file increases (more and larger messages left on the server), the time required to start and stop the POP session goes up, especially if Server Mode is not used.  If you check the spool directory just after a session ends, you may see the lock file and the temporary spool still there, and the Qpopper process still active.  Do not kill the process, as it is updating the spool.  You should make sure to run the latest version of Qpopper.  You may want to review the options which affect performance.


Sometimes, two email messages are concatenated together.
If you are using Solaris, probably the Content-Length: header for the first message is incorrect (too large).  If you are using /bin/mail as your local delivery agent (the Mlocal line in sendmail.cf), try repalcing this with /usr/lib/mail.local.

Be sure to run the latest version of Qpopper, especially 4.0 or later, which better handles slightly-off Content-Length: headers.


When I run ./configure I get the error configure: error: no acceptable cc found in $PATH
You probably don't have a C compiler installed.  You need a C development environment, which includes a C compiler, /usr/include files, and various utilities.  You can get this from your vendor, or, use the free ones from GNU.  You may also get pre-compiled versions specific for your platform from various locations.  For example, Solaris.


Since upgrading from 2.x the UIDLs look funny
Qpopper 3.0 introduced a more compact encoding of message unique identifiers (known as UIDs or UIDLs).  For example, a UID may now look like E`'!!Y]+"!(-i!!Tl$#!

These UIDs are fine, they are not corrupted.  They may look strange, but that is OK.  They are in full conformance with RFC 1939.  Specifically, see "UIDL Command" in section 7.

The unique-id of a message is an arbitrary server-determined string, consisting of one to 70 characters in the range 0x21 to 0x7E

This means that the UID can consist of any characters in the ASCII range (hex) 21-7E; (decimal) 33-126; (characters) '!' - '~'.


What does the log entry -ERR POP timeout mean?
This indicates that Qpopper failed to receive a command from the client within the timeout period.  You can adjust Qpopper's timeout by using the -T seconds command-line flag, or set timeout = seconds in a configuration file.

If you are using Qpopper 4.0 or later and your network is very congested, the aggregating of small packets into one large one can acerbate the situation.  In this case you can use the --enable-chunky-writes=1 flag with ./configure, or use set chunky-writes = tls in a configuration file. 


What does the error message POP EOF or I/O error mean?
EOF or I/O error almost always means EOF.  That is, the network connection with the client dropped unexpectedly.

At the point where this message is issued, Qpopper no longer knows if it was an EOF or an actual I/O error, and so it reports the error number just in case it really is an I/O error (which it almost never is).  When it is just an EOF, the associated error is meaningless. 


What are maillock errors?
A maillock error indicates a failure to obtain exclusive access to the mail spool.  The error number indicates the nature of the problem.  More details are usually found in the log.

Here are what the numbers mean:

  1. The user name is too long
  2. Qpopper was unable to create the dot-lockfile.  Check the permissions on the spool directory, and also make sure the user is not over quota and the spool disk is not full.
  3. Qpopper was unable to write its process ID into the lockfile.  Check if the user is over quota or if the spool disk is full.
  4. The spool was locked by another process; perhaps the delivery agent was adding new mail.  If this persists, it indicates a problem.
  5. Something else went wrong.  Check the log for a more detailed error message.
  6. Qpopper lost the lock in the middle of locking it.  If this persists, it indicates a problem.


I get syntax errors compiling on HP-UX
Errors on HP-UX such as
(Bundled) cc: warning 480: The -A option is available only with the C/ANSI product; ignored
(Bundled) cc: "popper.h", line 327: error 1000: Unexpected symbol: "*"
indicate that you are using HP's bundled C compiler, which can not handle standard C programs such as Qpopper.  You need a full, ANSI-standard C compiler.  You can obtain one from HP, or download the free gcc from gnu.  (Use the mirrors and links on their page, or ftp from their main ftp site.)

I see -ERR Unknown authentication mechanism: twinkie in my log
This indicates a Microsoft client tried to use the twinkie authentication mechanism, which is not standard and not supported.  You can just ignore this error, or ask your users to uncheck the client option to use it.

I get Unable to process configuration file when I try and connect to Qpopper
This indicates a syntax error in the specified configuration file.  To make it easier to track down, try adding set tracefile = path to the top of the configuration file.  This causes detailed debug information to be written to the file specified in path.  Then run Qpopper again, and check the file path to see specifics on the error.  When you have it working, you can delete (or comment out) the set tracefile.


I'm trying to use Kerberos 5, and I'm getting the error ld: fatal: library -lkrb5util: not found
Look in your library location (for example, /usr/local/lib) for a file called libkrb5util.a.  If it isn't there, copy it from your Kerberos source directory and make sure it has a mode of 644 or 444.  For example:
    cp krb5-1.2.1/src/lib/libkrb5util.a /usr/local/lib/
    chmod 444 /usr/local/lib/libkrb5util.a


All IP addresses are logged as 0.0.0.0
This is usually caused by a problem in the specific version of gcc on your platform.  Try upgrading gcc.

I see TLS shutdown Error in my log
This is generally harmless, and can usually be ignored.

I get following warning when I compile Qpopper: "the use of `tempnam' is dangerous, better use `mkstemp'"
The warning should probably say that the use of 'tempnam' is potentially dangerous if it isn't used correctly. In Qpopper's case, the usage appears to be fine. You should be able to ignore this warning.


Which options affect performance?
  • Server mode reduces I/O in sessions in which all mail is deleted (the default with many email clients) or all mail is left on the server.  Server mode can be used if your users do not have shell access to the server.  Server mode can be enabled for all users, all users who belong to a certain group, users who do not belong to a specified group, or on a user-by-user basis. 
  • Qpopper 4.0 and later offers faster session startups when using server mode.  Session startups can be reduced to a few milliseconds from up to a minute (or even more) with very large spools, in many cases. Qpopper 4.1 further improves session startups for even faster response.

  • Qpopper 4.0 and later also offers the fast-update option which reduces I/O by a third during spool updates.  However, use of this option is likely to break programs such as biff(1) or the shell's mail check feature.  Only enable if such programs are not used.  This option is set with the -F command-line flag or the enable-fast-update configure file option.

  • Using --disable-status with ./configure or adding set update-status-headers = false in a configuration file prevents Qpopper from creating or updating Status: and X-UIDL: headers.  Combined with server mode, this further reduces I/O in sessions in which all mail is left on the server and new has arrived.  However, it also prevents Qpopper from keeping track of which messages have been downloaded, a feature relied upon by some email clients.  In addition, it forces Qpopper to recalculate the unique identifier (UID) of each message, which increases CPU usage.

  • Standalone mode may offer better performance than using inetd, but be aware that you may lose capabilities such as load throttling, address filtering, etc.  Standalone mode is enabled by using the --enable-standalone flag with ./configure
  • By default, Qpopper 4.0 and later aggregates data to be sent to clients into large chunks.  This may be faster or slower, depending on the specifics of both the client and server hardware and networking stacks as wel as network elements in between (such as routers).  Also, some networking stacks do their own aggregation.

    Under congested network conditions, larger packets increase the incidence of lost packets and thus client or server timeouts, leading to POP timeout or EOF errors. 

    When TLS/SSL is in effect, smaller packets increase the overhead needed to send data, which may result in worse performance. 

    You can adjust the Qpopper behavior by setting the chunky-writes option.  The possible values are:

    • default—Always send large chunks
    • always—Same as default
    • never—Never aggregate data into large chunks
    • tls—Only aggregate data into large chunks when TLS/SSL has been negotiated for the session
    • ssl—Same as tls
    You can also use the --enable-chunky-writes flag with ./configure to set this option.  Use --enable-chunky-writes=1 for the tls value, and --enable-chunky-writes=2 for the never value.


  • Disabling reverse lookups avoids whatever overhead is incurred by the reverse DNS lookup.  However, it may make your logs harder to read.  Use the -R command-line switch or the reverse-lookups configuration file option.

  • You can adjust the frequency with which Qpopper calls kernel routines to check if the mail lock needs to be refreshed during session start-up and shutdown.  This is done with the -L command-line or mail-lock-check configuration file option.  However, this is unlikely to be needed.  This option specifies the number of messages to be processed during initialization and cleanup before checking if the mail lock needs to be refreshed.  The default is 500.  The value must be small enough to be able to be processed in 60 seconds.


No NDBM on my Workstation?
NDBM is a database Manager utility that is optionally available with most UNIX installations.  GDBM is another database Manager byGNU.  If you don't have an NDBM library, use the GDBM library by defining the macro GDBM in the make file for your installation. Also, link with the appropriate library which is -lgdbm for GDBM.  Note that in most cases all of this is handled automatically by running ./configure.

A database manager is used for APOP and bulletins, if bulldb is set.


What is the purpose of SERVER_MODE?
Server mode makes an assumption that the spool file is only altered by Qpopper or the local delivery agent (for example, mail.local).  This means that, apart from Qpopper, the spool file is only changed when new mail is appended to the end.

Server Mode reduces I/O on sessions that:

  1. delete all mail on the server
  2. leave all the mail on the server
In other words, transactions that delete all or none of the messages.

In normal mode, the mail spool is copied into a temporary file at the beginning of the session.  Once the session is complete, the undeleted messages are copied back to the mail spool. 

In Server Mode this copying is avoided if all of the messages are deleted or all of the messages are left on the server.


How do I use bulletin services?
This can be done in two ways:
  1. By adding --enable-bulletins=path when running ./configure, specifying as path the location of the bulletins directory.  This enables bulletins by default, regardless of the command line options.  The server uses the .popbull file in the users' home directory to store the number of the last bulletin delivered.  The alternative to .popbull is to use --enable-bulldb=path instead of --enable-bulletins=path;
  2. Using the command line option -b bulldir.  This overrides any compiled value.


How do I disable DNS lookups at run-time?
Normally, Qpopper attempts a reverse-lookup on the client IP address when a connection is made.  You can prevent this by using the -R command-line or the reverse-lookups configuration file option.

When this is done, the log file repeats the client IP address twice, instead ofthe canonical name following the IP address.

You might want to do this on systems that have a high load, to avoid the overhead of the DNS lookups.  You might also want to do this if the information is simply not useful or desired.

 


What are those numbers in the stats line?
When statistics are enabled (by using the -s command-line or statistics configuration file option), Qpopper writes a stats record to the log after every user session.

The stats record looks like:

fred 1 4486 0 0 fred.example.org 192.168.9.8

The numbers are for the session which just ended.  After the username are four numbers:

  1. The number of messages which were deleted;
  2. The number of bytes in those deleted messages;
  3. the number of messages left on the server (how many messages were not deleted);
  4. The size of the spool left on the server (the size of the undeleted messages).

After the numbers there are two strings: the name and IP address of the client.


Does Qpopper support virtual domains?
Virtual domains are not currently supported by qpopper, but you can handle them by configuring your MTA (e.g., Sendmail) to map, say, joe@domain1 to user23, and joe@domain2 to user89 (or whatever).  Then you tell Joe #1 that his email address is joe@domain1.x.y and his POP user name is user23, and Joe #2 that his email address is joe@domain2.x.y and his POP user name is user89.


How do I use Qpopper with PAM?
PAM (Pluggable Authentication Modules), is an authentication framework available on Linux and some versions of Unix (such as Solaris and HP-UX).  To use PAM, add the --with-pam=service-name flag when running ./configure.  If you omit service-name it defaults to pop3.

You must then create a file in the directory /etc/pam.d with the same name as specified for service-name, for example, /etc/pam.d/pop3.  This file contains the rules for authenticating using Qpopper.  See your PAM documentation for more details.

An example of such a file is:

[admin@mailhost qpopper3.1]$ cat /etc/pam.d/pop3
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session required /lib/security/pam_pwdb.so


How do I force the use of cc instead of gcc?
By default, ./configure chooses gcc instead of cc if available, but you can easily override this.  Simply export CC=cc before running ./configure.  For example, in bash type export CC=cc.

 



 

| Home | Online Support | Open Source Development | User Forums | Contact Webmaster |

| QUALCOMM | Section 508 | Privacy Statement | Terms of Use |


© 1999-2009 QUALCOMM Incorporated. All rights reserved. QUALCOMM and Eudora are registered trademarks of QUALCOMM Incorporated. All other trademarks are the property of their respective owners.