qmail-popup expects descriptor 0 to read from the network and descriptor 1 to write to the network. It reads a username and password from descriptor 0 in POP's USER-PASS style or APOP style. File descriptor 5 is used to provide additional logging. It invokes subprogram, with the same descriptors 0 and 1; descriptor 2 writing to the network; and descriptor 3 reading the username, a 0 byte, the password, another 0 byte, an APOP timestamp derived from hostname, and a final 0 byte. qmail-popup then waits for subprogram to finish. It prints an error message if subprogram crashes or exits nonzero.
qmail-popup has a 20-minute idle timeout.
qmail-popup should be used only within a secure network. Otherwise an eavesdropper can steal passwords. Even if you use APOP, an active attacker can still take over the connection and wreak havoc.
At first, using sslserver and binding qmail-popup, qmail-pop3d on (in particular) the POP3S port 995 provides mandatory TLS encryption.
Second, in case you provide the environment variable UCSPITLS='' together with sslserver, qmail-popup communicates with the sslserver program interface through a control socket, a reading and a writing pipe created dynamically during the session start after announcing STLS to the client, thus allowing TLS encryption on request. In case UCSPITLS='!' is set, STLS is required; while setting UCSPITLS='-' disables STLS.
The log is available on file descriptor 5. In order to display the result use the redirection '5>&1'.
qmail-popup is based on a program contributed by Russ Nelson.