Frequently Asked Questions for tpop3d $Id: FAQ,v 1.9 2003/08/21 15:51:57 chris Exp $ 1. How can I do POP-before-SMTP relaying with tpop3d? From version 1.4.1, support for POP-before-SMTP relaying is built into tpop3d itself, so the following is of mainly historical interest. For more information, see tpop3d.conf(5) and README.POP-before-SMTP. The game here is to have some table which your MTA consults to determine whether a client may relay through this server. Successful POP connections cause the connected host to be allowed to relay for a few minutes, so that a client whose PC-based MUA retrieves mail and then sends other mail can be allowed to do so without opening your server to all sorts of bad spam-related abuse. There are two basic approaches: - watch the system log for a tell-tale line, and use this to trigger addition of an entry to a table; - have the POP server set this up itself. For the first approach, a suitable log line to use will (ignoring the date, time, process name and PID generated by syslog) look like: fork_child: [6]chris(10.73.32.1): successfully authenticated with pam A perl statement to parse this looks like $user, $host, $method) = ($line =~ m/^fork_child:\ \[\d+\]([^\s(]+)\(([0-9.]+)\): \ successfully\ authenticated\ with\ ([^\s]+)$/x); where $line contains the part of the syslog line corresponding to the example shown above. Bear in mind that this syslog-watching approach is only as secure as the contents of your system log, by which I mean `not very': $ logger -t 'tpop3d[1234]' -p mail.info \ 'fork_child: [42]billg(12.34.56.78) successfully authenticated with pam' Of course, this may not be an issue if there are no shell users on your POP3 server system, though you might want to think carefully about whether any other process on your system could be tricked into writing a log line of the above form. The alternative is to have tpop3d trigger addition of a client to the allowed-to-relay table. If you are happy to alter the C code, then the best thing to do is to insert some code at the same place that the above log line is generated to do whatever book-keeping you need. This is in the function fork_child in main.c. Alternatively, you could write an auth-perl or auth-other authenticator which did the dirty work for cases of successful authentication. Of course, this means that you have to implement the authentication yourself, too, which is slightly wasteful. 2. I want to use auth-mysql, but my database schema doesn't look like yours.... Thanks to Mike Bremford, it is now possible to configure the SQL queries used by tpop3d at runtime. Look for the auth-mysql-pass-query and auth-mysql-apop-query directives in tpop3d.conf(5). 3. Do you have precompiled binaries for $operating_system? No. There are RPMs, .deb packages and a FreeBSD Port for tpop3d maintained by various people, but I don't maintain any packages or precompiled binaries myself, nor am I likely to do so in the future. My rationale here is that tpop3d is heavily configurable at compile-time. If I were to produce (say) RPMs for tpop3d, then I would need to either produce a single kitchen-sink package, with dependencies upon perl and MySQL which many users would not want, or produce a variety of differently-configured packages for the different combinations of authenticators, mailboxes, snideness and so forth. This would rapidly become silly in a combinatorial sense. The alternative would obviously be to produce a source package. It appears that this is not now necessary, since newer versions of the package tools can obtain this information from files in a standard .tar.gz file. 4. I see that tpop3d supports MySQL, but I want to use another/a proper database.... You can, if you want, write a database authentication driver in C, using auth-mysql as an example. However, a better approach would be to write an authenticator in a scripting language such as Perl or Python, and have tpop3d call it through the auth-perl or auth-other mechanisms. There is a perl example for Oracle (contributed by Paul Makepeace) in the scripts/ subdirectory of the distribution. From version 1.5.1, tpop3d also supports Postgres, through auth-pgsql. 5. I'm using auth-mysql, but authentication doesn't seem to work.... auth-mysql is a virtual domains authenticator. This means that users need to log in with a domain specified in order to be authenticated. This is a Feature. If you only have users in one domain and you still want to use auth-mysql (it's not obvious why you would want to do this), then you can define a default domain using the (domain) syntax in the listener: configuration directive, and then switch append-domain on so that the domain you specify is passed to authenticators. See also archived postings on the mailing list. 6. tpop3d seems to be leaking memory. A number of memory leaks have been found and fixed in tpop3d over time. It's possible that you've found another one. Another possibility is that one of your authenticators leaks memory. If you're using auth-perl, check your code carefully. If you're using auth-pam, consider using the --enable-pam-leak-hack option to configure (see INSTALL file and auth_pam.c in the distribution). If that doesn't fix it, ask on the tpop3d-discuss mailing list (see README for further details).