what would a POP3s daemon best look like?
Hi, The end of the year is approaching and I'm looking around for new projects. Currently I have two projects that i'M active on, but willing to put them on the back burner come new years for a POP3s daemon. The reason I want a pop3s daemon is because I want something pledged and unveil'ed with privsep and high security (all the while using libressl). Now having said that OpenBSD had a non-ssl'ed pop3 daemon once but it was moved away I gather. Where would I find the source to this? Is it worth it taking design hints from that daemon? Obviously I want it written in C with possibly a small YACC parser but a pop3s daemon doesn't need much configuration I gather. I once watched a friend in 1998 write a POP3 daemon but it doesn't cut it under todays security theatre demands, plus I wouldn't know where to get that source and he's deceased on top of that. Currently I'm using POP3s with dovecot on a small vps for me and my family. We're pretty much happy but I'm starting to get worried about the lacking pledge and unveil in that package. Regards, -peter
Re: what would a POP3s daemon best look like?
I don't think there is much interest in having a pop3 daemon in base due to the use of plain-text passwords but if you want to check out a copy the old one, you can do it like this: cvs get -rOPENBSD_5_4 src/usr.sbin/popa3d The DESIGN file in that directory describes the security model. - todd
Re: what would a POP3s daemon best look like?
On Tue, 30 Oct 2018 09:32:45 -0600, "Todd C. Miller" wrote: > I don't think there is much interest in having a pop3 daemon in > base due to the use of plain-text passwords but if you want to check > out a copy the old one, you can do it like this: > > cvs get -rOPENBSD_5_4 src/usr.sbin/popa3d > > The DESIGN file in that directory describes the security model. You can also find the upsteam sources for it at https://www.openwall.com/popa3d/ - todd
Re: what would a POP3s daemon best look like?
Thanks! I guess there is no DANE for POP3 is there? There was APOP in some RFC too but that required that passwords be unencrypted on the server side (and that was with MD5 I think). The reason my parents like POP3s is that they do not require mail to be left on the server, and to this I do agree. I personally fetchmail (with checking against a TLS signature file) to an IMAP server that is behind my gateway in RFC1918 land. My parents had some emails coming from all over the world claiming that our mail computer is not safe and I believe it is just FUD. Still I'd like to do something about the POP3s server and give it pledge and unveil. A POP3 server doesn't need to see much things other than /var/mail directory and with the great imsg library the pledge could be just at "stdio" when talking directly to the client. This intrigues me. Regards, -peter On 10/30/18 16:33, Todd C. Miller wrote: On Tue, 30 Oct 2018 09:32:45 -0600, "Todd C. Miller" wrote: I don't think there is much interest in having a pop3 daemon in base due to the use of plain-text passwords but if you want to check out a copy the old one, you can do it like this: cvs get -rOPENBSD_5_4 src/usr.sbin/popa3d The DESIGN file in that directory describes the security model. You can also find the upsteam sources for it at https://www.openwall.com/popa3d/ - todd
Re: what would a POP3s daemon best look like?
Hi Todd, Not an expert here and just to be sure, :-) In article <21bf906b4c6c6...@sudo.ws> Todd C. Miller wrote: > I don't think there is much interest in having a pop3 daemon in > base due to the use of plain-text passwords I've been assuming that running pop3d(8) from ports, listening in 995 only and with 110 port firewalled my passwords aren't traveling in plain text. Am I assuming right? Walter
Re: what would a POP3s daemon best look like?
On Sun, 04 Nov 2018 12:26:27 +0100, Walter Alejandro Iglesias wrote: > I've been assuming that running pop3d(8) from ports, listening in 995 > only and with 110 port firewalled my passwords aren't traveling in plain > text. Am I assuming right? Port 995 is pop3 protocol over TLS/SSL so that should be safe enough. - todd
Re: what would a POP3s daemon best look like?
On Sun, Nov 04, 2018 at 05:38:42AM -0700, Todd C. Miller wrote: > On Sun, 04 Nov 2018 12:26:27 +0100, Walter Alejandro Iglesias wrote: > > > I've been assuming that running pop3d(8) from ports, listening in 995 > > only and with 110 port firewalled my passwords aren't traveling in plain > > text. Am I assuming right? > > Port 995 is pop3 protocol over TLS/SSL so that should be safe enough. Then, as an idea for Peter, Time ago I sent a patch to Sunil Nimmagadda to allow pop3d read an optional certs location, he corrected and committed the patch. In that opportunity he mentioned me that he wasn't hacking pop3d anymore since he himself stopped using it because he considered it severely limited. Personally I like simplicity, I still use pop3d(8) but I'm not a developer, I'm not skilled enough to hack it and maintain it. If Peter is willing to, perhaps pop3d(8) could be a good start point. If allowing pop connections by default through 110 port is not desirable perhaps it would be fine to implement an only TLS pop3 daemon (deliberately refusing non TLS connections over 110). In case this is possible, that would be a fine simple and secure pop3 daemon for OpenBSD base. > > - todd Walter
