akpop3d questions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

akpop3d questions

J Moore
I need to set up a POP3 server for a while, and after a quick survey,
akpop3d seemed like a good choice - partly because it supports POP3 via
SSL. So I built it from the ports tree (3.8 -stable), and installed it.

I am currently starting from the command line as follows:
# akpop3d -d -s

Attempts to connect result in immediate complaints from the client (I've
tried two of them: Evolution (Linux) and Pegasus (Windoze).

I'm assuming this is due to the fact that I have no cert or key file
installed or generated?

Before I invest any more time in this, I thought I'd ask if anyone else
is using akpop3d, what the consensus of opinion is on it, and if there
is any documentation on how to generate the .pem (Base64-encoded?) cert
and key files.

Thnx,
Jay

Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

J Moore
On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J Moore wrote:

> I need to set up a POP3 server for a while, and after a quick survey,
> akpop3d seemed like a good choice - partly because it supports POP3 via
> SSL. So I built it from the ports tree (3.8 -stable), and installed it.
>
> I am currently starting from the command line as follows:
> # akpop3d -d -s
>
> Attempts to connect result in immediate complaints from the client (I've
> tried two of them: Evolution (Linux) and Pegasus (Windoze).
>
> I'm assuming this is due to the fact that I have no cert or key file
> installed or generated?
>
> Before I invest any more time in this, I thought I'd ask if anyone else
> is using akpop3d, what the consensus of opinion is on it, and if there
> is any documentation on how to generate the .pem (Base64-encoded?) cert
> and key files.

Perhaps some fwd progress... got cert & key files installed, but I am
bombing during the authentication process. Following is part of the
debug output from my client. I double-checked the password value, and
it's correct (changed here, but my client's log shows it correctly).

The culprit seems to be the "group not found" error... WTF, O??

23:17:13.312 << 0009 USER jm\0D\0A
23:17:13.359 >> 0005 +OK\0D\0A
23:17:13.359 << 0017 PASS abcdefghij\0D\0A
23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
23:17:20.718 << 0006 QUIT\0D\0A
23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
was read because the remote system closed the connection (recv() == 0)')
--- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---


Thanks,
Jay

Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

J Moore
On Wed, Nov 23, 2005 at 11:28:47PM -0600, the unit calling itself J Moore wrote:

> On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J Moore wrote:
> > I need to set up a POP3 server for a while, and after a quick survey,
> > akpop3d seemed like a good choice - partly because it supports POP3 via
> > SSL. So I built it from the ports tree (3.8 -stable), and installed it.
> >
> > I am currently starting from the command line as follows:
> > # akpop3d -d -s
> >
> > Attempts to connect result in immediate complaints from the client (I've
> > tried two of them: Evolution (Linux) and Pegasus (Windoze).
> >
> > I'm assuming this is due to the fact that I have no cert or key file
> > installed or generated?
> >
> > Before I invest any more time in this, I thought I'd ask if anyone else
> > is using akpop3d, what the consensus of opinion is on it, and if there
> > is any documentation on how to generate the .pem (Base64-encoded?) cert
> > and key files.
>
> Perhaps some fwd progress... got cert & key files installed, but I am
> bombing during the authentication process. Following is part of the
> debug output from my client. I double-checked the password value, and
> it's correct (changed here, but my client's log shows it correctly).
>
> The culprit seems to be the "group not found" error... WTF, O??
>
> 23:17:13.312 << 0009 USER jm\0D\0A
> 23:17:13.359 >> 0005 +OK\0D\0A
> 23:17:13.359 << 0017 PASS abcdefghij\0D\0A
> 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
> 23:17:20.718 << 0006 QUIT\0D\0A
> 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
> was read because the remote system closed the connection (recv() == 0)')
> --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---

What is this group "mail"...?

How does it get set up?
Why is it not addressed in the docs od the instructions?

Thnx,
Jay

Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

Xavier Santolaria
so spake J Moore on Thu, Nov 24, 2005 at 07:40:24AM CET:
[...]

> > The culprit seems to be the "group not found" error... WTF, O??
> >
> > 23:17:13.312 << 0009 USER jm\0D\0A
> > 23:17:13.359 >> 0005 +OK\0D\0A
> > 23:17:13.359 << 0017 PASS abcdefghij\0D\0A
> > 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
> > 23:17:20.718 << 0006 QUIT\0D\0A
> > 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
> > was read because the remote system closed the connection (recv() == 0)')
> > --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---
>
> What is this group "mail"...?

http://marc.theaimsgroup.com/?t=113204266600001&r=1&w=2

> How does it get set up?
> Why is it not addressed in the docs od the instructions?

Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

Ian McWilliam
In reply to this post by J Moore

On 24 Nov 2005, at 4:28 PM, J Moore wrote:

> On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J  
> Moore wrote:
>> I need to set up a POP3 server for a while, and after a quick survey,
>> akpop3d seemed like a good choice - partly because it supports  
>> POP3 via
>> SSL. So I built it from the ports tree (3.8 -stable), and  
>> installed it.
>>
>> I am currently starting from the command line as follows:
>> # akpop3d -d -s
>>
>> Attempts to connect result in immediate complaints from the client  
>> (I've
>> tried two of them: Evolution (Linux) and Pegasus (Windoze).
>>
>> I'm assuming this is due to the fact that I have no cert or key file
>> installed or generated?
>>
>> Before I invest any more time in this, I thought I'd ask if anyone  
>> else
>> is using akpop3d, what the consensus of opinion is on it, and if  
>> there
>> is any documentation on how to generate the .pem (Base64-encoded?)  
>> cert
>> and key files.
>
> Perhaps some fwd progress... got cert & key files installed, but I am
> bombing during the authentication process. Following is part of the
> debug output from my client. I double-checked the password value, and
> it's correct (changed here, but my client's log shows it correctly).
>
> The culprit seems to be the "group not found" error... WTF, O??
>
> 23:17:13.312 << 0009 USER jm\0D\0A
> 23:17:13.359 >> 0005 +OK\0D\0A
> 23:17:13.359 << 0017 PASS abcdefghij\0D\0A
> 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
> 23:17:20.718 << 0006 QUIT\0D\0A
> 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
> was read because the remote system closed the connection (recv() ==  
> 0)')
> --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---
>
>
> Thanks,
> Jay
>
>

OK, It looks like the port needs some work as it doesn't handle the  
default group name.

main.c:# define DEFAULT_GROUP_NAME "mail"

It appears that this can be changed with a command line arg.

main.c:      case 'g': group_name = optarg; break;

It looks like the groupname is used as an argument to lock the users  
mail box.

pop3_session.c.orig:  g_inf = getgrnam("mail");
pop3_session.c.orig:  if (g_inf==NULL) {
pop3_session.c.orig:  if (setegid(g_inf->gr_gid)!=0 && real_username
[0] == 0) {
pop3_session.c.orig:    syslog(LOG_ERR,"%s: %u: %s","setegid()  
failed",g_inf->gr_gid,strerror(errno));
pop3_session.c.orig:  if (setgid(g_inf->gr_gid)!=0 && real_username
[0] == 0) {
pop3_session.c.orig:    syslog(LOG_ERR,"%s: %u: %s","setgid()  
failed",g_inf->gr_gid,strerror(errno));
pop3_session.c.orig:  if ((rc=lock_maildrop(maildrop,u_inf-
 >pw_uid,g_inf->gr_gid))<=0)

yup, it then fchowns the lock file

lock_maildrop.c: fchown(fd,uid,gid);

So I would assume  on other unix systems /var/mail is group mail by  
default, maybe??.

if you want to add  mail  to the /etc/group file

man -k groupadd

groupadd (8) - add a group to the system


Ian McWilliam



Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

J Moore
On Thu, Nov 24, 2005 at 07:17:54PM +1100, the unit calling itself Ian McWilliam wrote:

> >
> >Perhaps some fwd progress... got cert & key files installed, but I am
> >bombing during the authentication process. Following is part of the
> >debug output from my client. I double-checked the password value, and
> >it's correct (changed here, but my client's log shows it correctly).
> >
> >The culprit seems to be the "group not found" error... WTF, O??
> >
> >23:17:13.312 << 0009 USER jm\0D\0A
> >23:17:13.359 >> 0005 +OK\0D\0A
> >23:17:13.359 << 0017 PASS abcdefghij\0D\0A
> >23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
> >23:17:20.718 << 0006 QUIT\0D\0A
> >23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
> >was read because the remote system closed the connection (recv() ==  
> >0)')
> >--- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---
> >
>
> OK, It looks like the port needs some work as it doesn't handle the  
> default group name.
>
> main.c:# define DEFAULT_GROUP_NAME "mail"
>
> It appears that this can be changed with a command line arg.

It can - that's how I finally got it to work. According to man akpop3d,
-g groupID does it. (and apparently I'm confused - I thought group ID
was the number, but akpop3d wants the group name, ... whatever)

> main.c:      case 'g': group_name = optarg; break;
>
> It looks like the groupname is used as an argument to lock the users  
> mail box.
>
> pop3_session.c.orig:  g_inf = getgrnam("mail");
> pop3_session.c.orig:  if (g_inf==NULL) {
> pop3_session.c.orig:  if (setegid(g_inf->gr_gid)!=0 && real_username
> [0] == 0) {
> pop3_session.c.orig:    syslog(LOG_ERR,"%s: %u: %s","setegid()  
> failed",g_inf->gr_gid,strerror(errno));
> pop3_session.c.orig:  if (setgid(g_inf->gr_gid)!=0 && real_username
> [0] == 0) {
> pop3_session.c.orig:    syslog(LOG_ERR,"%s: %u: %s","setgid()  
> failed",g_inf->gr_gid,strerror(errno));
> pop3_session.c.orig:  if ((rc=lock_maildrop(maildrop,u_inf-
> >pw_uid,g_inf->gr_gid))<=0)
>
> yup, it then fchowns the lock file
>
> lock_maildrop.c: fchown(fd,uid,gid);
>
> So I would assume  on other unix systems /var/mail is group mail by  
> default, maybe??.

That may be... I checked a FreeBSD and a Linux (Fedora) box - both
listed "mail" as the group for /var/mail. So OpenBSD would appear to be
in a minority position.

> if you want to add  mail  to the /etc/group file
>
> man -k groupadd
>
> groupadd (8) - add a group to the system

I thought about this, but wouldn't you actually have to change group
ownership of /var/mail to group "mail" for this to make any difference?
And if you did this, wouldn't you risk breaking something else?

Thanks for the insight,
Jay

Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

J Moore
In reply to this post by Xavier Santolaria
On Thu, Nov 24, 2005 at 08:49:25AM +0100, the unit calling itself Xavier Santolaria wrote:

> so spake J Moore on Thu, Nov 24, 2005 at 07:40:24AM CET:
> [...]
> > > The culprit seems to be the "group not found" error... WTF, O??
> > >
> > > 23:17:13.312 << 0009 USER jm\0D\0A
> > > 23:17:13.359 >> 0005 +OK\0D\0A
> > > 23:17:13.359 << 0017 PASS abcdefghij\0D\0A
> > > 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
> > > 23:17:20.718 << 0006 QUIT\0D\0A
> > > 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
> > > was read because the remote system closed the connection (recv() == 0)')
> > > --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---
> >
> > What is this group "mail"...?
>
> http://marc.theaimsgroup.com/?t=113204266600001&r=1&w=2

OK - I didn't see this when I Google'd last night - thanks!

... guess the port maintainer is too busy.


> > How does it get set up?
> > Why is it not addressed in the docs od the instructions?
>

Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

J Moore
In reply to this post by Ian McWilliam
On Thu, Nov 24, 2005 at 07:17:54PM +1100, the unit calling itself Ian McWilliam wrote:

> >
> >The culprit seems to be the "group not found" error... WTF, O??
> >
>
> OK, It looks like the port needs some work as it doesn't handle the  
> default group name.
>
> main.c:# define DEFAULT_GROUP_NAME "mail"
>
> It appears that this can be changed with a command line arg.

True, but running it wit '-g wheel' does not solve the problem.

>
> main.c:      case 'g': group_name = optarg; break;
>
> It looks like the groupname is used as an argument to lock the users  
> mail box.
  << snip >>
> yup, it then fchowns the lock file
>
> lock_maildrop.c: fchown(fd,uid,gid);
>
> So I would assume  on other unix systems /var/mail is group mail by  
> default, maybe??.
>
> if you want to add  mail  to the /etc/group file

This doesn't seem to work... akpop3d writes a lockfile to /var/mail, but
it doesn't delete it when it finishes.

I seem to be the only one interested in trying to fix this... the
maintainer hasn't replied in over a week, and the other advice I've
gotten has ranged from "try another package" to "you're too stupid, so I
won't explain it to you".

I may be stupid, but if someone will try to explain what changes are
needed, I'll try to come up with a patch. At the very least, I'll test
the friggin' thing so there won't be dysfunctional crap in the ports
tree.

Jay

Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

Ian McWilliam
In reply to this post by Ian McWilliam

On 28 Nov 2005, at 8:18 AM, J Moore wrote:

> Ian,
>
> Hope you'll excuse my persistence, but I'm still struggling with
> akpop3d. I may be confused, but here's how I see my choices:
>
> 1. chgrp mail /var/mail (after adding mail as a group)
> 2. akpop3d -g wheel (give akpop3 wheel privileges ?)
>

Not really the port needs fixing some what. Try the attached tar ball.

The port now creates a group _akpop3d and the lock files writable by  
the _akpop3d group.
You will need to make /var/mail group writable, leave the permissons  
on /var/mail as root:wheel (the default).
The command line I've used for simple testing is

/usr/local/sbin/akpop3d -d -s -c /etc/ssl/server.crt -k /etc/ssl/
private/server.key

Ian McWilliam





akpop3d-port.tgz (9K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

Maxime Guillaud-2
Ian McWilliam wrote:

> Not really the port needs fixing some what. Try the attached tar ball.
>
> The port now creates a group _akpop3d and the lock files writable by  
> the _akpop3d group.
> You will need to make /var/mail group writable, leave the permissons  on
> /var/mail as root:wheel (the default).
> The command line I've used for simple testing is
>
> /usr/local/sbin/akpop3d -d -s -c /etc/ssl/server.crt -k /etc/ssl/
> private/server.key
>
> Ian McWilliam
>

Sorry, I just noticed this thread. I'm the maintainer.
There really is a problem with the group handling in this port, and I
think Ian's approach is right. This was my first attempt at making a
port and I guess the edges are a bit rough...

I don't really have the time anymore to maintain this port, and don't
use it anymore, which makes things harder, so I'll relinquish ownership
if anyone is willing to handle it.

On a more general note, I found that the code in akpop3d is not the
prettiest thing around. If you look at the patches in my port, you'll
see that in several places they make it log errors, whereas the original
code would just ignore non-zero return codes on calls such as
getgrnam("mail"). I contributed a bunch of patches to the original
author over a year ago, but he hasn't released anything since then.

Maxime


Reply | Threaded
Open this post in threaded view
|

Re: akpop3d questions

J Moore
In reply to this post by Ian McWilliam
On Mon, Nov 28, 2005 at 12:34:05PM +1100, the unit calling itself Ian McWilliam wrote:

>
> On 28 Nov 2005, at 8:18 AM, J Moore wrote:
>
> >Ian,
> >
> >Hope you'll excuse my persistence, but I'm still struggling with
> >akpop3d. I may be confused, but here's how I see my choices:
> >
> >1. chgrp mail /var/mail (after adding mail as a group)
> >2. akpop3d -g wheel (give akpop3 wheel privileges ?)
> >
>
> Not really the port needs fixing some what. Try the attached tar ball.
>
> The port now creates a group _akpop3d and the lock files writable by  
> the _akpop3d group.
> You will need to make /var/mail group writable, leave the permissons  
> on /var/mail as root:wheel (the default).
> The command line I've used for simple testing is
>
> /usr/local/sbin/akpop3d -d -s -c /etc/ssl/server.crt -k /etc/ssl/
> private/server.key

Ian,

I'm groggy, but I think this fixes it. I plan to start using it in a day
or two & will let you know if I see anything.

Many thanks, and it looks like you may have inherited a port :)

Oh - I tried to create a diff between the tarball you sent, and the
stuff in the tree... it was pretty ugly, and didn't seem to apply.
diff -u -p -r /.../ians_akpop3d /usr/ports/mail/akpop3d > ian.patch

Jay