At 4:18 PM +0100 3/4/02, Eddy L O Jansson wrote: > I've experimented. I've read the FAQ. I've browsed the >manual. I've googled. I've noticed the list-archive isn't >searchable. I give up. > > How can I make qpopper reject cleartext passwords except >when in a TLS session? > >TLS is working: > > Mar 4 16:24:20 nynaeve in.qpopper[24178]: (v4.0.3) >TLSv1/SSLv3 handshake with client at eddy.klopper.net >(192.168.1.4); ew session-id; cipher: RC4-SHA (RC4-SHA SSLv3 >Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1), 128 bits > >However, it still allows: > >root@sarucity:/etc# telnet nynaeve 110 >Trying 192.168.1.2... >Connected to nynaeve.klopper.net. >Escape character is '^]'. >+OK Qpopper (version 4.0.3) at nynaeve.klopper.net starting. >USER eddy >+OK Password required for eddy. >PASS mypasswordhere >+OK eddy has 0 visible messages (0 hidden) in 0 octets. > >Not good. > >My /etc/qpopper.cfg says > > set clear-text-password = tls <-- PLEASE OBSERVE! > set tls-support = stls > >My /etc/inetd.conf is set up as follows: > > pop-3 stream tcp nowait root /usr/sbin/tcpd \ > /usr/sbin/in.qpopper -f /etc/qpopper.conf > >What gives?
I'm not sure why your 'set clear-text-password=tls' is not honored. Can you reproduce this with debug tracing? To enable tracing in Qpopper: 1. Do a 'make clean' 2. Re-run ./configure, adding '--enable-debugging'. 3. Edit the inetd.conf line for Qpopper, adding '-d' or '-t <tracefile-path>'. 4. Send inetd (or xinetd) a HUP signal. (Steps 3 and 4 are only needed if you use inetd (or xinetd). In standalone mode, you can add '-d' or '-t <tracefile-path>' to the command line directly.) (In either standalone or inetd mode, if you use a configuration file you can add 'set debug' or 'set tracefile = <tracefile>' to either a global or user-specific configuration file instead of steps 3 and 4.) This causes detailed tracing to be written to the syslog or to the file specified as 'tracefile'. --
