Release.Notes Last updated: 22 June 2008 Copyright (c) 2011 QUALCOMM Incorporated. All rights reserved. Features: These are features which have been added to the standard Berkeley popper since the '91 release: 1) Popper idle timeout (UIUC 1.831) 2) Bulletin board (2.0) 3) Statistics gathering (2.0) 4) xlst command (eXtended LiST) (2.0) 5) uidl command (Unique IDentifier List) (2.1.1) 6) Kerberos IV (2.1.2) and V (3.1) 7) Shadow passwords (2.1.1) 8) rpop (uses /etc/hosts.equiv and .rhosts. Not recommended) (2.1.2) 9) Popper authorization file (2.1.2) 10) Sending mail via POP is now logged to mail debug (2.1.2) 11) MMDF handling (autodetect) (2.1.4) 12) 'Content-Length:' header processing (2.1.4) 13) APOP authentication (2.1.4-r4) 14) Large site support -- Server mode (2.2) 15) Database for bulletin tracking (2.2) 16) Kerberos enabling choice by a switch (2.2) 17) Configure Script to ease installation (2.4) 18) POP Extensions and Response Codes to server (CAPA) (3.0) 19) X-Mangle support for lightweight clients (3.0) 20) PAM support (3.0) 21) Timing reported in log (3.1) 22) DRAC support (3.1) 23) Server mode can be set on a per-user basis, using group membership and/or user options file (3.1) 24) Run-time options can be read from a file (3.1) 25) Per-user run-time options file (3.1) 26) Stand-alone daemon mode (3.1) 27) TLS/SSL security (4.0) 28) Enhanced performance (4.0) 29) Most compile-time options now available at run-time (4.0) 30) Integrated poppassd into build (4.0) 31) Support Cyrus SASL libraries (4.1) 32) Initial Cygwin support (4.1) 33) Ability to execute arbitrary programs when users log in (4.1) 34) Initial Sieve support (4.1) 35) IPv6 support (4.1) This popper diverges from the POP standard in that the timeout can be set to less than 10 minutes. Practically, I have found that a timeout of 30 seconds seems to be adequate for most circumstances. It needs to be a little greater for 2400 baud ppp/slip connections. The default value is 2 minutes (RFC 1939 says this must be at least 10 minutes). This timer is used to cleanup an aborted connection. A short timeout allows the user to reconnect without getting that pesky little error which states that the pop drop file is already locked. Otherwise the admin will get a phone call, walk the user through the connection, and (since by now the timer has expired) find everything works. Frustrating for both admin and user. On the minus side, if the client takes too long to respond, the connection will be dropped prematurely. The timeout choice is yours. Release Notes: 4.1 Support Cyrus SASL libraries. '--with-cyrus-sasl' added to ./configure. 'sasl-log-login', 'sasl-min-ssf', 'sasl-max-ssf', 'sasl-no-plaintext', 'sasl-no-active', 'sasl-no-dictionary', 'sasl-forward-secrecy', and 'sasl-no-anonymous' run-time options added. Initial Cygwin support Ability to execute arbitrary programs when users log in 'ext-postauth-cmd' run-time option added, Initial Sieve support. Support IPv6. '--disable-ipv6' added to ./configure. Entire configuration file is now processed and all errors reported in one pass. Cache file now used even if new arrived since last session, unless new "conservative-cache" configuration option is set. 4.0 Supports TLS/SSL security. '-p' option now has value '4' to permit plain-text passwords under TLS/SSL. Now uses a cache file to retain spool index across sessions. This dramatically speeds up session start when no new mail has arrived. '-l' option added to specify TLS/SSL support. Lots of TLS/SSL options added. See the Administrator's Guide for details. '-v' option added to report current version and exit. 'make install' added. Lots of compile-time options now available at run-time. See the Administrator's Guide for details. Integrated poppassd into build. Must explicitly 'set xtnd_xmit' to allow XTND XMIT. 3.1 Can now set server mode and kerberos service name using run-time options. Can now specify plain-text password handling when APOP is available using '-p 0|1|2|3' run-time option. 0 is default; 1 means clear text passwords are never permitted for any user; 2 means they are always permitted (even if an APOP entry exists), which allows them to be used as a fallback when clients don't support APOP); 3 means they are permitted on the local interface (127.*.*.*) only. Added '-D drac-host' run-time option to specify the drac host. Only valid if compiled with --enable-drac. The default is localhost. Added '-f config-file' run-time option. Additional run-time options are read from the specified file. All current run-time options can now be set this way. See INSTALL file for option names and syntax. Added '-u' run-time option to read '.qpopper-options' file in user's home directory. Added Kerberos V support. BULLDB access now uses usleep(3C) if available, resulting in many more access attempts with a shorter maximum delay. Added run-time options 'bulldb-nonfatal' (-B) and 'bulldb-max-retries' to allow fine control over BULLDB access behavior. 'bulldb-nonfatal' allows a session to continue if the bulletin database can't be locked. 'bulldb-max-retries' sets the maximum number of attempts to lock the database. This value should only be changed if you know if your system has usleep(3C) or not. On systems with usleep(3C), this can be a large value (the default is 75). On systems without usleep(3C), this should remain small (the default is 10). Added new ./configure flags (see INSTALL for more details): --enable-timing to write log records with elapsed time for authentication, initialization, and cleanup. --enable-old-uidl to generates UIDs using old (pre-3.x) style encoding. This is only useful if you also set NO_STATUS and have existing users with old (pre-3.x) spool files and you want to keep the UIDs the same. --disable-status to prevent Qpopper from writing 'Status' or 'X-UIDL' headers (sets NO_STATUS). This forces UIDs for each message to be recalculated in each session. --enable-keep-temp-drop to prevents Qpopper from deleting the temp drop files. --disable-check-pw-max to prevent Qpopper from checking for expired passwords. --disable-old-spool-loc to not check for old .user.pop files in old locations when HASH_SPOOL or HOMEDIRMAIL used. --disable-check-hash-dir to not check for or create hash spool directories. Use this if you pre-create the directories. --enable-server-mode-group-include=group to set server mode for users in the specified group. --enable-server-mode-group-exclude=group to set server mode OFF for users in the specified group. --enable-secure-nis-plus for use with secure NIS+. --disable-optimizations to turn off compiler optimizations. --with-kerberos5 for Kerberos V support (using patch from Ken Hornstein). --enable-any-kerberos-principal to accept any principal in the client request. --enable-kuserok to use kuserok() to vet users. --enable-ksockinst to use getsockinst() for Kerberos instance. --enable-standalone to create standalone POP daemon instead of being run out of inetd. Can specify IP address and/or port number to bind to as parameter 1, e.g., 'popper 199.46.50.7:8110 -S' or 'popper 8110 -S -T600'. If not specified, IP address defaults to all available. The default port is 110 except when _DEBUG (not simply DEBUG) is defined, then it is 8765. --enable-auth-file=path to permit access only to users listed in the specified file. Format is one user per line. --enable-nonauth-file=path to deny access to users listed in the specified file. Format is one user per line. --disable-update-abort to avoid the default behavior of going into update mode if the session aborts (the default behavior violates of RFC 1939, but was found to be needed when noisy dialup lines otherwise prevented users from ever deleting messages). ([RCG]) 3.0 Both dot-locking and flock() now used on all platforms. (On some systems we emulate flock() using fcntl). Added POP3 extensions(CAPA). The extensions added so far are X-MANGLE, LOGIN-DELAY and EXPIRE. X-MANGLE condenses Mime messages into a single part for ease of use by lightweight clients. The transformations supported through X-MANGLE are to and from text/plain, format=flowed, and text/html. As a way to enable MIME-mangling with clients that do not support XMANGLE, add "-no-mime" to the user name. For example, if the userid is"mary", enter it in the client as "mary-no-mime". The optional LOGIN-DELAY and EXPIRE values are only announced through the CAPA command. The values to announce are passed as command line switches. Actual enforcement of minimum login delay and message expiration is up to the site by some other means. (For example, a simple script run from crontab could be used for message expiration.) Qpopper does support automatic deletion of downloaded messages through the --enable-auto-delete configure flag. This can be used to effect EXPIRE 0 (no retention). Added new run-time options: -R to disable reverse-lookups on client IP addresses; -c to downcase user name. A failure at some point in a transaction now releases all locks explicitly. Certain paths do not release locks where SysV .lock files are created. Fixed bugs with Bulletin Services and Server mode. DEBUGn macros for debug and trace messages. Added new ./configure flags (see INSTALL for more details): --with-warnings for extra compiler warnings. --enable-shy to hide qpopper's version number in the banner and CAPA IMPLEMENTATION tag. --enable-auto-delete to automatically mark for deletion all messages downloaded with RETR. --enable-hash-spool=1|2 to use hashed spool directories. --enable-home-dir-mail=file to use a spool file in the user's home directory. --enable-bulldb=path to enable bulletins and set the path for the bulletin directory. --with-new-bulls=number to specify the maximum number of bulletins for new users (default is 10). --enable-popbulldir=path to specify an alternate location for users' popbull files. --enable-log-login to log successful user logins. This can be used, for example, to validate subsequent SMTP sessions from the same IP address within a short time period, in the absence of SMTP AUTH support by client and server. (Suggested by Andy Harper et al). --with-pam=service-name to authenticate using PAM (based on patch contributed by German Poo). --with-log-facility=name to specify the log facility. Default is LOG_LOCAL1 or LOG_MAIL, depending on the OS. --enable-uw-kludge to check for and hide a UW IMAP status message. --enable-group-bulls to show bulletins by groups (group name is second element in bulletin name). Based on patch by Mikolaj Rydzewski. --enable-timing to report timing information in the log. --enable-drac to use DRAC. Based on patches by Mike McHenry, Forrest Aldrich, Steven Champeon, and others. Added file popper/banner.h -- modify this file to add a custom banner and CAPA IMPLEMENTATION tag suffix. Note that if you modify qpopper you should indicate this using banner.h. Improved error messages and warnings: warning "Unable to get canonical name of client" now includes IP address of client; logging added for I/O errors and discarded input (line too long); added errno to POP EOF -ERR message; "Possible probe of account" warning now logged as WARNING, not CRITICAL. ([LGL], [PY], [RCG]) 2.4 Added configure script. Running configure script generates the Makefile for the platform. Added timeout for the the xtnd xmit command. Now the information for xtnd xmit command is read from the same read statement as any other command. ([PY]) 2.3 Fixed the bug with NOUPDATEONABORT. Now if the connection aborts with the client the messages in temporary file are copied back to original mail drop and the temporary file is deleted. Added the macro GDBM, if defined will make use of GNU's DBM library. Fixed the bug in pop_dropcopy.c, where the process changes the UID and GID to that of the user's, but leaves the Supplementary group IDs. Strictly enforcing BINMAIL_IS_SETGID for IRIX. ([PY]) 2.2 Added SERVER_MODE. This feature should only be used on systems that do not allow users to use access their mailspools directly. Added several mail spool access methods. If your site is large and you wish to improve mail spool file access you might want to use these. They require modification to the local mail delivery program. One method hashes the username into one of 26 possible directories, the other method creates a hierarchy off the name such as /m/ma/mark. Added date/time and PID to tracefile lines. Fixed bug in message size reporting. Added a flag to force RFC 1725 style update on aborts. Added a flag to not change Status headers. Change the way temporary file ownership/permissions verification was done. Added a fix for nulls left at the beginning of mail spools. Change From separator recognition to a simpler (?) macro from Mark Crispin's c-client. /usr/local/bin/bash: w!: command not found home directories required. Added checking for valid shells to enable admins to lockout users. Rewrote fgets to fix a problem on some operating systems. If a packet of "dele 1dele 2..." was sent, only the first would be read by the popper. LARGESITE no longer available. Now if you want verbose logging use DEBUG and enable messages with -b at the command line When Kerberos support is compiled it, it must be activated with the -k switch. For those who insisted on one popper for both Kerberos and non kerberos accessing. 2.1.4-r4 - NOT Released Changed how the popdrop file was being created and checked. If the file existed it was possible to create one owned by someone else and snoop mail. Removed O_APPEND from the open call of the the popdrop. Wasn't needed. Leftover code in pop_pass for SCO caused some headaches. Pop_pass now checks both regular and extended crypt calls for systems that support both. Added APOP option. Several users sent in code but I used the submission from Ian Donaldson (iand@labtam.oz.au). This code is derived from the MH code. I added a -delete option to popauth so that a user entry could be removed. I also rewrote some of it to allow for longer passwords. The GNU getpass() routine was added which is enabled by a compiler flag. Getline was not available on Solaris 2.3 so a flag NO_GETLINE was also added. The password database is now permuted so that greps don't find cleartext words. NOTE: This verion of the popauth database is not compatible with earlier beta versions. UID bug fixed. Only a "From:" header was searched for before X-UIDL insertion. Now "To:" is checked for with a fallback of inserting UID before the Status header. Changed the location and method of creating UID so that it is now the first header after the message separator. UIDs are now created by pushing headers through MD5. This makes UIDs RFC complient to be consistant between sessions even if the popper aborts. Somewhere a bug was introduced which caused the copyback (update) to fail if the filesystem filled or the user was overquota. Fixed. Added support for NIS+. Your mileage may vary. Code provided by Andy Smith (abs@maunsell.co.uk). Changed where CONTENT_LENGTH was defined, now it must be added to the build line. Fixed problems with building Linux, BSDi 2.x, and FreeBSD systems. Fixed a bug in pop_msg and pop_log. Va_end(ap) was run prematurely. RSET didn't reset status fields correctly. Fixed. Fixed a problem with From line separator recognition. A blank would cause the separator to be missed. X.400 addresses failed to parse correctly if they had imbedded " characters. Fixed. 2.1.4-r3 Fixed a bug in UID caching. Some messages that appeared to have valid from lines but no received lines caused the UIDL header to not be initialized and the cached value was undefined. The popper would crash if debugging was turned on or the UIDL command was issued (since 2.1.4-r2). Fixed sequence problem in UIDL caching. The cache was one more than the actual message sequence. This caused messages to be retrieved twice. Changed the way UIDL is cached and handled to facilitate moving of the header for old UID enabled qpopper and reduce the number of string compares. UILD is not inserted before the From: header. This feature creates a time where if the popper/system crash, the cached (newly created) UID information will be lost. UIDL headers which already exist will be retained. Changed the internal calculation of message size to facilitate the Content-Length: header. Implemented Content-length processing. Added a define for (off_t), (gid_t), (pid_t), (uid_t), and (gid_t) types. Some OS's are not compiling/running well without them and most support the types. The default is to use these defines. Change popper.h if your OS does not support these types. Move the set_auth_parameters() call ahead of the umask() system call and add the parameters argc, and argv. Swapped order of seuid & setgid so that the setgid call was first. Setgid would fail after setuid call. Fixed a bug in the last command. Deleted messages were included as the last message retrieved. Changed the check of the From line from a dynamic setting to a compiler define. This was done to fix a bug in the way bulletins are validated. An improper From header was accepted causing subsequent runs of the popper to concatenate the previous message with the bulletin. Fixed MMDF handling. I implemented it wrong the first time :-( Added __RES checks to pop_init. Added support for Sequent (PTX) (w/sockets). This isn't working very well yet. Help requested. Added support for maildrops existing in users home directories (needed for supporting PTX and MMDF maildrops). Changed strcpy to strncpy in pop_user.c. Fixed more compile problems with OSF/1, AIX, A/UX, BSDi 2.0, IRIX, and a few other operating systems. Changed the process wait code in pop_xmit to use pidwait exclusively. Seems to work on most systems. 2.1.4-r2 Fixed numerous (more :-[) compilation problems. Added UIDL caching in the message structure. Scanning the file took much to long. SunOS 4.1.x does not use 'x' when C2 shadow passwords are enabled. The check was removed and was reported to work at several sites. Fixed an unreported bug in grabbing info on leftover .user.pop files. It use to create one large message :-( (Mark Erikson 4/95) 2.1.4-r1 Fixed numerous compilation problems with AIX, OSF/1, SCO, AUX. Updated the INSTALL doc. 2.1.4-b3 Fixed an error in bulletins. UID was not implemented corectly :-( 2.1.4-b2 Fixed compilation errors for the SCO and OSF/1 ports. Added password expiration for Linux. Now Linux, Solaris, and UnixWare check for expired passwords. Changed OSF/1 ifdefs in popper.c. If you have enhance security then you will want to define OSF1 and AUTH. AUTH enables shadow password checking. Defining OSF1 and AUTH will enable the call to set_auth_parameters(). If you do not set AUTH, then standard password checking is done. Fixed a bug where a corrupted mail spool can cause popper to expand the file. If there is more than one "From " line in the header, the popper got confused. Now, the second From is used as the start of the message and the first part of the header is tossed. Fixed a bug in UID handling for bulletins. Rewrote password routines to be more consistant with each other. 2.1.4-b1 Added changes for a Unixware port. Added changes for an OSF/1 port. Added changes for a Linux port. Fixed a file locking problem. When transfering a mail spool file to the temp file, a reopen was issued which removed the lock from the original file. Zero length files are now dealt with more efficiently. Added a minimum bulletin count for new users. The value will be subtracted from the max bulletin value. Pretty much guarenteed to receive at least one message, more if bulletins are in strict sequence. Solaris2.x handling of expired passwords. Fixed NIS handling (I really thought it was done correctly. Sigh). If you would like other OSs to handle the expiration fields, please send me your code fragments. I don't have the appropriate systems to do the ports myself. Added NIS fixes for other OS's. Fixed gethostbyname bug where the static area was being overwritten. Added MMDF handling. As far as I know, it only requires placing a special string before and after each message. The default character string that this popper recognizes is ^A (-A). Popper.h needs to be modified if your string is different. If there is something else that needs to be done in handling MMDF files please let me know. Fixed total mail drop size report. Modified X-UIDL header insertion so that it doesn't conflict with other mailers. The header is now inserted after the last Received: header. This will cause problems with earlier versions of qpopper since it does not check for other X-UIDL headers. Clients already using qpopper and UID will have all email redelivered once. Modified popper so that if it receives a bad username/password it exits after a 15sec timeout. 2.1.3-r5 Forgot to put a Status header out during a retrieve. Added a fix to pop bulletin code to ensure a valid value exists in the .pop_bull file when the filesystem fills up. (Ray Davison ray@sfu.ca) (Mark Erikson 12/94) 2.1.3-r4 Fixed a problem with UID and Unix mailers. The UIDL header was being appended to the header (after the Status header). Some mail programs didn't like this and removed the UIDL header, which caused Leave Mail On Server to break for Eudora 2.1. Fixed a bug in error handling of the temporary mail file. If new messages were appended to the temp file but an error occured during addition of bulletins, the temp mail file was truncated back to the original length before new messages were added causing messages to get tossed. (Ray Davison ray@sfu.ca) 2.1.3-r3 Finally got the bugs out of left over .user.pop files and the bulletins. Added the last command just because I was in there and it was easy to do. (Mark Erikson 11/94) 2.1.3-r2 Almost fixed retrival of .user.pop files. Now it works much better. Fixed the random addition of messages getting appended to the maildrop. (Mark Erikson 11/94) 2.1.3-r1 Fixed another nasty bug. If the user had a .user.pop file then it got ignored and removed. Since this popper cleans up after itself so well, this condition rarely, if ever, occured. Fixed the bulletin board feature. In combining the info gathering pass with the mailbox copy pass, the info was never gathered on the added bulletins. Fixed a bug where copying the pop drop back to the mail spool file did not always detect errors. Messages could be lost. Added a suggested fix for a problem with resetting resolver options? Something about crypt using gethostbyname without fully qualified domain names? I've never heard of this problem but I put a conditional compile in just in case. Fixed a typo in pop_passwd for running shadow passwords. Made /usr/mail the default spool directory for IRIX. Reported to AIX and Ultrix. Still have to report to OSF1. (Mark Erikson 11/94) 2.1.2-r4 Fixed a nasty bug where copying the .user.pop file back to the maildrop could cause all the messages to be removed. (Mark Erikson 10/94) 2.1.2-r3 Fixed a bug introduced in logging during init. Caused code to coredump on startup. (Mark Erikson 10/94) 2.1.2-r2 Fixed a make problem for IRIX. Required a -cckr option (what ever that does). Added user information in addition to the system info already Fixed a bug in pop_parse. It left cr/lf chars after the password string. Removed, now works for Sunos. Changed the service name for Kerberos from pop to rcmd. This makes administering srvtab files easier by not requiring them to be changed in order to add the popper. (requested by Paul Pomes p-pomes@uiuc.edu) (Mark Erikson 10/94) 2.1.2-r1 Added Kerberos IV option to popper. Add -DKERBEROS to your make.OS file if you want to build a Kerberos only popper. Mods supplied by Christopher Davis ckd@loiosh.kei.com. Added rpop. This feature uses the host.equiv and .rhosts files to validate a user. This opens up a security hole since it is quite easy to pose as another user and PC. I do not recommend using this feature if you have security concerns. Enabled by defining -DRPOP in your make.OS file. Mods supplied by spike@world.std.com. Fixed a bug that does not allow spaces in the middle or end of a password. Mods supplied by spike@world.std.com. Removed HPUX make flag. Added a bug in 2.1.1 for HPUX, removed the bug and simply compiled a sysv version. Seems to work well. Added authfile validation. This file contains a list of users (one each line) which have access to popper. Enabled by defining AUTHFILE to an authorization file in your make.OS file (eg: -DAUTHFILE=\"/etc/authfile\"). Mods supplied by spike@world.std.com. Implemented shadow passwords for SunOS4.x. You must define AUTH and SUNOS4 to use this feature. You must also make sure you have loaded C2 security. Mods supplied by spike@world.std.com. Added mkstemp (supplied by Christopoer Davis ckd@loiosh.kei.com) to create temporary files to get around a race condition which allowed users to break root. Bug pointed out by bugtraq mailing list. Added logging to mail debug of pop xtnd xmit. This is to allow easier tracking of messages sent via popper. Before, a message just showed up in the log but no account was made from where it came. Fixed a bug which allowed copying of the mail spool file to a temporary location. The copy did not check if there was an error (ie: File system full) so the maildrop could be lost. Pretty nasty. Bug discoverd by Douglas Gatchell dgg@lanl.gov. (Mark Erikson 9/94) 2.1.1 Ported popper to OSF, IRIX, BSDi, SCO, Ultrix, AU/X, AIX, SunOS4, Solaris2, HPUX, Pyramid, generic SVR4, and BSD OS's. Created a Makefile to help the sysadmins generate the correct popper with little fuss. Added SIGPIP signal. When the socket was closed but the popper continued to send data, it core dumped. This signal catches this. Added reset of signals to the signal handler. This fixes the SVR4 bug and does not harm BSD systems. Modified the popper struct to fix a system dependant parameter for hostname length. Several revisions of this code exist. This problem caused interesting mailbox names to be referenced. Picked up a flock code which ifdefs to the correct values depending on your OS. Does the right thing for BSD and SYSV systems. Unknown author. Added uidl command. This feature gives each message a unique identifier to help facilitate sharing of mail between several clients. In addition to adding this command the copying and information gathering of the maildrop were merged into a single pass which improved performance when maildrops get large. (Mark Erikson 8/94) 2.0 Properly clean up on abnormal termination and rewrite the mail drop file. The QC3 mods to catch SIGHUP signals and time out reads were not enough. You also have to catch SIGPIPE signals to avoid being killed when the client connection is aborted while the server is writing (e.g., if you cancel downloading a large message in Eudora, a common operation). Fixed some bad log messages. Added a mod from Don Lewis . Under SunOS 4.1.3, and possibly other systems, the check for null passwords doesn't work. QC3 checked only for a null password pointer in the struct returned by getpwnam. You also have to check for an empty string returned by getpwnam. Added a -s command line option to generate statistics messages in the log. One message is issued for each session: Stats: username aaa bbb ccc ddd where: aaa = number of messages deleted. bbb = number of bytes deleted. ccc = number of messages left on server. ddd = number of bytes left on server. Added a "POP bulletin" feature. This feature gives system administrators a way to send important announcements to all POP users without having to do sendmail mass mailings. The feature is enabled via the -b command line option. This option is followed by the path of the bulletin directory. The bulletin directory contains one file per bulletin. Each file contains a complete single mail message with header and body in mailbox format. The first line of each such bulletin must be a "From " line. The easiest way for sysadmins to create such bulletins is to mail themselves a copy of the bulletin (using the account to which they want replies to be sent), then use their mail program to save the message to a file in the bulletin directory in mailbox format. The bulletin directory must be world readable. The name of each bulletin file begins with the bulletin number, and may optionally continue with any other characters. E.g., the file name of bulletin number 23 might be: 23.pophost_down_sunday Popper creates a file named ".popbull" in the home directory of each user. This file contains a single line recording the highest numbered bulletin received by the user. Bulletins are processed by popper in pop_dropcopy.c, immediately after copying the mail drop to the temporary mail drop, but before building the temporary mail drop index. All bulletins which this user has not received previously are appended to the temporary mail drop file. When bulletins are copied to the temporary mail drop file, all "To" header lines are replaced by "To: username@myhost". Any "Status:" header lines are deleted. Otherwise, the bulletins are copied as is. When a new user checks for mail the first time, popper creates the .popbull file in the user's home directory and seeds it with the current maximum bulletin number. Thus new users do not get old bulletins. All errors are logged and cause the bulletins to not be copied. E.g., if the bulletin directory cannot be located, or the .popbull file doesn't contain a number, or a bulletin does not begin with a "From " line, or a bulletin name does not begin with a number, etc. I use bulletin numbers instead of last mod date/times because I want to make it possible for a sysadmin to, for example, fix a spelling error in a bulletin without having to force all pop users to receive a new copy of the bulletin. Changed the default timeout from 30 to 300 seconds (5 minutes). This value should be reasonably "safe" for even slow dialup connections. Included a mod from Steve Dorner to implement a new "XTND XLST" command. Updated the manpage. Changed the version number to just plain version 2.0. John Norstad of Northwestern University (j-norstad@nwu.edu) (6/94). 1.831-2Q3 This version fixes a bug in the cleanup code. If an error occurs during the login phase then a core file is dumped. Annoying but not serious since the .user.pop file is unlocked and the popper deals with this old file as a matter of course. (Mark Erikson 4/94) 1.831-2Q2 Add HPUX file locking calls and a shorter timeout. The timeout was modified to be configureable at the command line. The timer starts after a command or message has been delivered and the popper is expecing input from the client. If the response takes longer than the timeout then the popper closes down the socket and cleans up the files. A value of 120 seconds seems to be pretty for even 1200baud slip links. Your mileage may vary. (Mark Erikson 2/94) 1.831-2Q1 Write out changes to the temporary pop log on an abort (SIGHUP). NOTE: This diverts from the Popper RFC but it made our users life much easier for dialup users. The next feature is only useful with Eudora's "Leave mail on Server" switch set (or any other client that leaves mail on the server). Basically, if a user has read 5 out of 10 messages and the session dies, the first 5 messages are marked as read. If the 5th message is good but you only receive part of it then it will be skipped (bad). But if the message was bad and caused the mail client to abort then you can continue to receive the rest of your mail (good). There is no switch to disable this feature. (Keith Pilotti 1/94) 1.831uiuc2 Unlinking temporary drop file (safely). (Steve Dorner, 12/12/91) 1.831uiuc1 Make sure user's shell is in /etc/shells. (Paul Pomes) Timeout added. (Steve Dorner, 12/5/91) 1.83 Make sure that everything we do as root is non-destructive. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.831beta is no longer beta 30 July 91 (Cliff Frost poptest@nettlesome.berkeley.edu) 1.831beta.tar.Z 03 April 91 Changed mkstemp to mktemp for Ultrix. Sigh. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.83beta.tar.Z 02 April 91 This version makes certain that while running as root we do nothing at all destructive. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.82 Make the /usr/spool/mail/.userid.pop file owned by the user rather than owned by root. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.82beta.tar.Z 27 March 91 This version fixes problems on Encore MultiMax and some Sun releases which wouldn't allow a user to ftruncate() a file from an open file descripter unless the user owns the file. Now the user owns the /usr/spool/mail/.userid.pop file. Thanks to Ben Levy of FTP Software and Henry Holtzman of Apple. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.81 There were two versions of 1.7 floating around, 1.7b4 and 1.7b5. The difference is that 1.7b5 attempted to save disk space on /usr/spool/mail by deleting the users permanent maildrop after making the temporary copy. Unfortunately, if compiled with -DDEBUG, this version could easily wipe out a users' mail file. This is now fixed. This version also fixes a security hole for systems that have /usr/spool/mail writeable by all users. With this version we go to all new SCCS IDs for all files. This is unfortunate, and we hope it is not too much of a problem. Thanks to Steve Dorner of UIUC for pointing out the major problem. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.81beta.tar.Z 20 March 91 This version of popper is supposed to fix three problems reported with various versions of popper (all called 1.7 or 1.7something). 1) Dropped network connections meant lost mail files. Some 1.7 versions also risked corrupting mail files. 2) Some versions of 1.7 created temporary drop files with world read and write permissions. 3) Some versions of 1.7 were not careful about opening the temporary drop file. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.7 Extensive re-write of the maildrop processing code contributed by Viktor Dukhovni that greatly reduces the possibility that the maildrop can be corrupted as the result of simultaneous access by two or more processes. Added "pop_dropcopy" module to create a temporary maildrop from the existing, standard maildrop as root before the setuid and setgid for the user is done. This allows the temporary maildrop to be created in a mail spool area that is not world read-writable. This version does *not* send the sendmail "From " delimiter line in response to a TOP or RETR command. Encased all debugging code in #ifdef DEBUG constructs. This code can be included by specifying the DEGUG compiler flag. Note: You still need to use the -d or -t option to obtain debugging output. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.6 Corrects a bug that causes the server to crash on SunOS 4.0 systems. Uses varargs and vsprintf (if available) in pop_log and pop_msg. This is enabled by the "HAVE_VSPRINTF" compiler flag. For systems with BSD 4.3 bind, performs a cannonical name lookup and searches the returned address(es) for the client's address, logging a warning message if it is not located. This is enabled by the "BIND43" comiler flag. Removed all the includes from popper.h and distributed them throughout the porgrams files, as needed. Reformatted the source to convert tabs to spaces and shorten lines for display on 80-column terminals. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.5 Creates the temporary maildrop with mode "600" and immediately unlinks it. Uses client's IP address in lieu of a canonical name if the latter cannot be obtained. Added "-t " option. The presence of this option causes debugging output to be placed in the file "file-name" using fprintf instead of the system log file using syslog. Corrected maildrop parsing problem. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.4 Copies user's mail into a temporary maildrop on which all subsequent activity is performed. Added "pop_log" function and replaced "syslog" calls throughout the code with it. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.3 Corrected updating of Status: header line. Added strncasecmp for systems that do not have one. Used strncasecmp in all appropriate places. This is enabled by the STRNCASECMP compiler flag. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.2 Support for version 4.2 syslogging added. This is enabled by the SYSLOG42 compiler flag. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.1 Several bugs fixed. (Cliff Frost poptest@nettlesome.berkeley.edu) 1.0 Original version. (Cliff Frost poptest@nettlesome.berkeley.edu) Platform-specific Notes: For MacOS, please see the file doc/mac. For HP-UX 10.20, it may be necessary to add the following line to popper/popper.h: #include Limitations + The POP server copies the user's entire maildrop to .user.pop and then operates on that copy. If the maildrop is particularly large, or inadequate space is available in file system, then the server will refuse to continue and terminate the connection. Credits Original Writers: Edward Moy, Austin Shelton Contributions and Changes: Robert Campbell (U.C. Berkeley), Viktor Dukhovni (Princeton University), Austin Shelton (U.C. Berkeley), Steve Dorner (UIUC), Paul Pomes (UIUC), Keith Pilotti, Mark Erikson, John Norstand, Laurence Lundblade, Praveen Yaramada, Randall Gellens (QUALCOMM). Many, many more whose contributions have enabled Qpopper to become robust and helpful. Some of these people are credited in the doc/Changes file and/or in individual files. Contributions are always welcome. Footnotes [1] Copyright (c) 1990 Regents of the University of California. All rights reserved. The Berkeley software License Agreement specifies the terms and conditions for redistribution. Unix is a registered trademark of AT&T corporation. HyperCard and Macintosh are registered trademarks of Apple Corporation. [2] M. Rose, Post Office Protocol - Version 3. RFC 1081, NIC, November 1988. [3] M. Rose, Post Office Protocol - Version 3 Extended Service Offerings. RFC 1082, NIC, November 1988.