1 files changed, 131 insertions, 0 deletions

diff --git a/sqmail-4.3.07/man/qmail-popup.8 b/sqmail-4.3.07/man/qmail-popup.8
new file mode 100644
index 0000000..bc4aeef
--- /dev/null
+++ b/sqmail-4.3.07/man/qmail-popup.8
@@ -0,0 +1,131 @@
+.TH s/qmail: qmail-popup 8
+.SH NAME
+qmail-popup \- read a POP username and password
+.SH SYNOPSIS
+.B qmail-popup
+.I hostname
+.I subprogram
+.SH DESCRIPTION
+.B qmail-popup
+reads a POP username and password from the network.
+It then runs
+.IR subprogram .
+
+.B qmail-popup
+expects descriptor 0 to read from the network
+and descriptor 1 to write to the network.
+It reads a username and password from descriptor 0
+in POP's USER-PASS style or APOP style.
+File descriptor 5 is used to provide additional logging.
+It invokes
+.IR subprogram ,
+with the same descriptors 0 and 1;
+descriptor 2 writing to the network;
+and descriptor 3 reading the username, a 0 byte, the password,
+another 0 byte, 
+an APOP timestamp derived from
+.IR hostname ,
+and a final 0 byte.
+.B qmail-popup
+then waits for
+.I subprogram
+to finish.
+It prints an error message if
+.I subprogram
+crashes or exits nonzero.
+
+.B qmail-popup
+has a 20-minute idle timeout.
+
+.SH "AUTHENTICATION"
+.B qmail-popup
+supports both username/password and APOP authentication.
+This latter is invoked, once the 
+environment variable
+.I POP3AUTH='apop'
+or 
+.I POP3AUTH='+apop'
+is set. 
+In this case, you need to provide a
+APOP-capable PAM, eg. 
+.BR qmail-authuser .
+
+.B qmail-popup
+should be used only within a secure network.
+Otherwise an eavesdropper can steal passwords.
+Even if you use APOP,
+an active attacker can still take over the connection
+and wreak havoc.
+
+.SH "STLS/POP3S SUPPORT"
+.B qmail-popup
+can be adviced to work on a TLS encrypted connection.
+
+At first, using
+.B sslserver
+and binding 
+.BR qmail-popup ,
+.B qmail-pop3d 
+on (in particular) the POP3S port
+.I 995 
+provides mandatory TLS encryption.
+
+Second, in case you provide
+the environment variable 
+.I UCSPITLS='' 
+together with
+.BR sslserver ,
+.B qmail-popup
+communicates with the
+.B sslserver
+program interface through a control socket, 
+a reading and a writing pipe created dynamically
+during the session start after announcing 
+.I STLS
+to the client, thus allowing TLS encryption on request.
+In case
+.IR UCSPITLS='!'
+is set, STLS is required; while setting
+.IR UCSPITLS='-'
+disables STLS.
+
+.SH "LOGGING"
+.B qmail-popup
+provides logging of accepted and rejected POP3 sessions
+using about the same format as
+.BR qmail-smtpd .
+The authentication mechanism is indicated via
+.I User 
+in case the userid/password method was used, and
+.I Apop
+if APOP challenge/response was applicable.
+The communication protocol may be either
+.I POP3
+or 
+.I POP3S
+for of a STLS/POP3S secured connection.
+The
+.I username
+provided for authentication is displayed after the 
+sequence 
+.IR '?~' .
+In case
+.B qmail-popup
+is setup requiring STLS by means of
+.IR UCSPITLS='!' ,
+the log displays 'Any' as auth method 
+and 'unknown' as username.
+
+
+The log is available on file descriptor 5. 
+In order to display the result use the redirection '5>&1'.
+
+.B qmail-popup
+is based on a program contributed by Russ Nelson.
+
+.SH "SEE ALSO"
+maildir(5),
+qmail-authuser(8),
+qmail-pop3d(8),
+qmail-log(8).
+