summaryrefslogtreecommitdiff
path: root/sqmail-4.3.07/man/qmail-popup.8
diff options
context:
space:
mode:
authorErwin Hoffmann <feh@fehcom.de>2024-01-14 17:55:54 +0100
committerErwin Hoffmann <feh@fehcom.de>2024-01-14 17:55:54 +0100
commita293489ee83c8b05d845a162dc2a4de026f3775d (patch)
treed50ab15afde698ad2d32bfc251753e5e89204f25 /sqmail-4.3.07/man/qmail-popup.8
s/qmail 4.3.07
Diffstat (limited to 'sqmail-4.3.07/man/qmail-popup.8')
-rw-r--r--sqmail-4.3.07/man/qmail-popup.8131
1 files changed, 131 insertions, 0 deletions
diff --git a/sqmail-4.3.07/man/qmail-popup.8 b/sqmail-4.3.07/man/qmail-popup.8
new file mode 100644
index 0000000..bc4aeef
--- /dev/null
+++ b/sqmail-4.3.07/man/qmail-popup.8
@@ -0,0 +1,131 @@
+.TH s/qmail: qmail-popup 8
+.SH NAME
+qmail-popup \- read a POP username and password
+.SH SYNOPSIS
+.B qmail-popup
+.I hostname
+.I subprogram
+.SH DESCRIPTION
+.B qmail-popup
+reads a POP username and password from the network.
+It then runs
+.IR subprogram .
+
+.B qmail-popup
+expects descriptor 0 to read from the network
+and descriptor 1 to write to the network.
+It reads a username and password from descriptor 0
+in POP's USER-PASS style or APOP style.
+File descriptor 5 is used to provide additional logging.
+It invokes
+.IR subprogram ,
+with the same descriptors 0 and 1;
+descriptor 2 writing to the network;
+and descriptor 3 reading the username, a 0 byte, the password,
+another 0 byte,
+an APOP timestamp derived from
+.IR hostname ,
+and a final 0 byte.
+.B qmail-popup
+then waits for
+.I subprogram
+to finish.
+It prints an error message if
+.I subprogram
+crashes or exits nonzero.
+
+.B qmail-popup
+has a 20-minute idle timeout.
+
+.SH "AUTHENTICATION"
+.B qmail-popup
+supports both username/password and APOP authentication.
+This latter is invoked, once the
+environment variable
+.I POP3AUTH='apop'
+or
+.I POP3AUTH='+apop'
+is set.
+In this case, you need to provide a
+APOP-capable PAM, eg.
+.BR qmail-authuser .
+
+.B qmail-popup
+should be used only within a secure network.
+Otherwise an eavesdropper can steal passwords.
+Even if you use APOP,
+an active attacker can still take over the connection
+and wreak havoc.
+
+.SH "STLS/POP3S SUPPORT"
+.B qmail-popup
+can be adviced to work on a TLS encrypted connection.
+
+At first, using
+.B sslserver
+and binding
+.BR qmail-popup ,
+.B qmail-pop3d
+on (in particular) the POP3S port
+.I 995
+provides mandatory TLS encryption.
+
+Second, in case you provide
+the environment variable
+.I UCSPITLS=''
+together with
+.BR sslserver ,
+.B qmail-popup
+communicates with the
+.B sslserver
+program interface through a control socket,
+a reading and a writing pipe created dynamically
+during the session start after announcing
+.I STLS
+to the client, thus allowing TLS encryption on request.
+In case
+.IR UCSPITLS='!'
+is set, STLS is required; while setting
+.IR UCSPITLS='-'
+disables STLS.
+
+.SH "LOGGING"
+.B qmail-popup
+provides logging of accepted and rejected POP3 sessions
+using about the same format as
+.BR qmail-smtpd .
+The authentication mechanism is indicated via
+.I User
+in case the userid/password method was used, and
+.I Apop
+if APOP challenge/response was applicable.
+The communication protocol may be either
+.I POP3
+or
+.I POP3S
+for of a STLS/POP3S secured connection.
+The
+.I username
+provided for authentication is displayed after the
+sequence
+.IR '?~' .
+In case
+.B qmail-popup
+is setup requiring STLS by means of
+.IR UCSPITLS='!' ,
+the log displays 'Any' as auth method
+and 'unknown' as username.
+
+
+The log is available on file descriptor 5.
+In order to display the result use the redirection '5>&1'.
+
+.B qmail-popup
+is based on a program contributed by Russ Nelson.
+
+.SH "SEE ALSO"
+maildir(5),
+qmail-authuser(8),
+qmail-pop3d(8),
+qmail-log(8).
+