1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
.\" Copyright (c) 1980 Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms are permitted
.\" provided that this notice is preserved and that due credit is given
.\" to the University of California at Berkeley. The name of the University
.\" may not be used to endorse or promote products derived from this
.\" software without specific prior written permission. This software
.\" is provided ``as is'' without express or implied warranty.
.\"
.\" @(#)popper.8 1.3 (CCS) 9/15/90 Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n
.\"
.TH popper 8 "Kerberos Version 5.0" "MIT Project Athena"
.SH NAME
popper \- Kerberized Berkeley pop 3 server
.SH SYNOPSIS
.B /usr/etc/popper
[ -d ]
[ -t trace-file]
.SH DESCRIPTION
.I Popper
is an implementation of the Post Office Protocol server that runs on a
variety of Unix computers to manage electronic mail for Macintosh
and MS-DOS computers. The server was developed at the University of
California at Berkeley and conforms fully to the specifications in RFC
1081 and RFC 1082. The Berkeley server also has extensions to
send electronic mail on behalf of a client.
This Kerberized version of popper works like just like the Berkeley
POP server, except
that it expects the client to do a Kerberos authentication at the very
beginning (using krb5_sendauth). After the successful Kerberos
exchange, the protocol reverts back to standard POP protocol, except
that the username must match the Kerberos principal used in the initial
authentication, and the password command is ignored, since the user has
already authenticated using Kerberos.
.PP
The kerberized version of popper is invoked out of
.IR inetd(8),
using a
line in /etc/inetd.conf like this:
.PP
kpop stream tcp nowait root /usr/etc/popper popper
.PP
Since a Kerberos authentication is required at the beginning, the port
used by the Kerberized POP protocol is different from the standard
Berkeley POP
protocol. This port is kpop, and it is traditionally 1109 (where the
official Berkely port is 110 for version 3 and 109 for version 2).
.PP
The
.B \-d
flag sets the socket to debugging and turns on debugging. All debugging
information is saved using syslog(8). The
.B \-t trace\-file
flag turns on debugging and saves the trace information in
.I trace\-file
using fprintf(s).
.\" .SH HOW TO OBTAIN THE SERVER
.\" .PP
.\" The POP server is available via anonymous ftp from lilac.Berkeley.EDU
.\" (128.32.136.12). It is in two files in the pub directory: a compressed
.\" tar file popper.tar.Z and a Macintosh StuffIt archive in BinHex format
.\" called MacPOP.sit.hqx.
.\"
.SH THE POP TRANSACTION CYCLE
.PP
The Kerberized Berkeley POP server is a single program (called popper) that is
launched by inetd when it gets a service request on the KPOP TCP port.
The popper program initializes and verifies that the peer IP address is
registered in the local domain, logging a warning message when a
connection is made to a client whose IP address does not have a
canonical name. For systems using BSD 4.3 bind, it also checks to see
if a cannonical name lookup for the client returns the same peer IP
address, logging a warning message if it does not. The the server
enters the authorization state, during which the client sends the
password command with a dummy password, since authentication is done
with Kerberos credentials. No other exchanges are allowed during this
state (other than a request to quit.) If authentication fails, a
warning message is logged and the session ends. Once the user is
identified, popper changes its user and group ids to match that of the
user and enters the transaction state. The server makes a temporary
copy of the user's maildrop (ordinarily in /usr/spool/mail) which is
used for all subsequent transactions. These include the bulk of POP
commands to retrieve mail, delete mail, undelete mail, and so forth. A
Berkeley extension also allows the user to submit a mail parcel to the
server who mails it using the sendmail program (this extension is
supported in the HyperMail client distributed with the server). When
the client quits, the server enters the final update state during which
the network connection is terminated and the user's maildrop is updated
with the (possibly) modified temporary maildrop.
.SH LOGGING
.PP
The POP server uses syslog to keep a record of its activities. On
systems with BSD 4.3 syslogging, the server logs (by default) to the
"local0" facility at priority "notice" for all messages except
debugging which is logged at priority "debug". The default log file is
/usr/spool/mqueue/POPlog. These can be changed, if desired. On
systems with 4.2 syslogging all messages are logged to the local log
file, usually /usr/spool/mqueue/syslog.
.SH DEBUGGING
.PP
The popper program will log debugging information when the -d parameter
is specified after its invocation in the inetd.conf file. Care should
be exercised in using this option since it generates considerable
output in the syslog file. Alternatively, the "-t <file-name>" option
will place debugging information into file "<file-name>" using fprintf
instead of syslog.
.\" .PP
.\" For SunOS version 3.5, the popper program is launched by inetd from
.\" /etc/servers. This file does not allow you to specify command line
.\" arguments. Therefore, if you want to enable debugging, you can specify
.\" a shell script in /etc/servers to be launched instead of popper and in
.\" this script call popper with the desired arguments.
.PP
You can confirm that the POP server is running on Unix by telneting to
port 1109. For example:
.PP
.nf
%telnet myhost 1109
Trying...
Connected to myhost.berkeley.edu.
Escape character is '^]'.
+OK UCB Pop server (version 1.6) at myhost starting.
quit
Connection closed by foreign host.
.fi
.SH VERSION 1.7 RELEASE NOTES
Extensive re-write of the maildrop processing code contributed by
Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the
possibility that the maildrop can be corrupted as the result of
simultaneous access by two or more processes.
.PP
Added "pop_dropcopy" module to create a temporary maildrop from
the existing, standard maildrop as root before the setuid and
setgid for the user is done. This allows the temporary maildrop
to be created in a mail spool area that is not world read-writable.
.PP
This version does *not* send the sendmail "From " delimiter line
in response to a TOP or RETR command.
.PP
Encased all debugging code in #ifdef DEBUG constructs. This code can
be included by specifying the DEGUG compiler flag. Note: You still
need to use the -d or -t option to obtain debugging output.
.SH FILES
.nf
/usr/spool/mail mail files
/etc/inetd.conf pop program invocation
/etc/syslog.conf logging specifications
.fi
.SH "SEE ALSO"
inetd(8),
RFC1081,
RFC1082
.SH AUTHORS
Bob Campbell, Edward Moy, Austin Shelton, Marshall T Rose, and cast of
thousands at Rand, UDel, UCI, and elsewhere.
Kerberos authentication added by Tom Coppeto - MIT Network Services.
|
