[tpop3d-discuss] tpop3d - new installation
dave at dsb3.com
Thu, 06 Jun 2002 16:26:19 -0400
On Thu, Jun 06, 2002 at 07:47:18PM +0100, Chris Lightfoot wrote:
> On Tue, Jun 04, 2002 at 10:49:56PM -0400, Dave Baker wrote:
> > 1) APOP only mode. With this, as soon as the client sends a "USER"
> > statement the server will immediately fail, to try to discourage the
> > password being sent in cleartext by mistake.
> > 2) Transfer stats mode. Qpopper has a handy log format that just details
> > username, mailbox size, bytes transferred. I'd like to implement this to
> > let me monitor network usage without requiring full -v output. (There were
> > a couple of mails on list regarding this on May 13th)
> I've added these two, as well as some trivial fixes, in
Looks good. A couple more quick ideas come to mind, now that these are
taken care of.
1) Allow "-d" option to be in config file. I run my tpop3d out of
daemontools, so multilog wants the log output on STDOUT and the program to
stay in the foreground.
2) Have a ./configure argument to override the default tpop3d.conf
On the apop-only front, I notice that qpopper (I hate to always compare,
but it's what I used the most so far) doesn't disconnect after the 'you
must use apop only' message. Perhaps that should be configurable. I
don't know what the RFC has to say on the matter, though.
If auth-perl is available perhaps a function hook could be sent the 'user
attempted' notice and return with either "+OK continue", "-ERR apop only"
or "-ERR and hangup". That way, you could check your password database
and allow user/apop or not depending on username/domain sent (though if
you decided on the per-user level and not per-domain you'd run the risk of
information gathering from the response, and the determination of valid
Does anyone else have an opinion as to whether that'd be useful or whether
it's just fluff?
- Dave Baker : email@example.com : firstname.lastname@example.org : http://dsb3.com/ -
GnuPG: 1024D/D7BCA55D / 09CD D148 57DE 711E 6708 B772 0DD4 51D5 D7BC A55D