Re: akpop3d questions
On Mon, Nov 28, 2005 at 12:34:05PM +1100, the unit calling itself Ian McWilliam wrote: > > On 28 Nov 2005, at 8:18 AM, J Moore wrote: > > >Ian, > > > >Hope you'll excuse my persistence, but I'm still struggling with > >akpop3d. I may be confused, but here's how I see my choices: > > > >1. chgrp mail /var/mail (after adding mail as a group) > >2. akpop3d -g wheel (give akpop3 wheel privileges ?) > > > > Not really the port needs fixing some what. Try the attached tar ball. > > The port now creates a group _akpop3d and the lock files writable by > the _akpop3d group. > You will need to make /var/mail group writable, leave the permissons > on /var/mail as root:wheel (the default). > The command line I've used for simple testing is > > /usr/local/sbin/akpop3d -d -s -c /etc/ssl/server.crt -k /etc/ssl/ > private/server.key Ian, I'm groggy, but I think this fixes it. I plan to start using it in a day or two & will let you know if I see anything. Many thanks, and it looks like you may have inherited a port :) Oh - I tried to create a diff between the tarball you sent, and the stuff in the tree... it was pretty ugly, and didn't seem to apply. diff -u -p -r /.../ians_akpop3d /usr/ports/mail/akpop3d > ian.patch Jay
Re: akpop3d questions
Ian McWilliam wrote:
Not really the port needs fixing some what. Try the attached tar ball.
The port now creates a group _akpop3d and the lock files writable by
the _akpop3d group.
You will need to make /var/mail group writable, leave the permissons on
/var/mail as root:wheel (the default).
The command line I've used for simple testing is
/usr/local/sbin/akpop3d -d -s -c /etc/ssl/server.crt -k /etc/ssl/
private/server.key
Ian McWilliam
Sorry, I just noticed this thread. I'm the maintainer.
There really is a problem with the group handling in this port, and I
think Ian's approach is right. This was my first attempt at making a
port and I guess the edges are a bit rough...
I don't really have the time anymore to maintain this port, and don't
use it anymore, which makes things harder, so I'll relinquish ownership
if anyone is willing to handle it.
On a more general note, I found that the code in akpop3d is not the
prettiest thing around. If you look at the patches in my port, you'll
see that in several places they make it log errors, whereas the original
code would just ignore non-zero return codes on calls such as
getgrnam("mail"). I contributed a bunch of patches to the original
author over a year ago, but he hasn't released anything since then.
Maxime
Re: akpop3d questions
On 28 Nov 2005, at 8:18 AM, J Moore wrote: Ian, Hope you'll excuse my persistence, but I'm still struggling with akpop3d. I may be confused, but here's how I see my choices: 1. chgrp mail /var/mail (after adding mail as a group) 2. akpop3d -g wheel (give akpop3 wheel privileges ?) Not really the port needs fixing some what. Try the attached tar ball. The port now creates a group _akpop3d and the lock files writable by the _akpop3d group. You will need to make /var/mail group writable, leave the permissons on /var/mail as root:wheel (the default). The command line I've used for simple testing is /usr/local/sbin/akpop3d -d -s -c /etc/ssl/server.crt -k /etc/ssl/ private/server.key Ian McWilliam akpop3d-port.tgz Description: Binary data
Re: akpop3d questions
On Thu, Nov 24, 2005 at 07:17:54PM +1100, the unit calling itself Ian McWilliam wrote: > > > >The culprit seems to be the "group not found" error... WTF, O?? > > > > OK, It looks like the port needs some work as it doesn't handle the > default group name. > > main.c:# define DEFAULT_GROUP_NAME "mail" > > It appears that this can be changed with a command line arg. True, but running it wit '-g wheel' does not solve the problem. > > main.c: case 'g': group_name = optarg; break; > > It looks like the groupname is used as an argument to lock the users > mail box. << snip >> > yup, it then fchowns the lock file > > lock_maildrop.c: fchown(fd,uid,gid); > > So I would assume on other unix systems /var/mail is group mail by > default, maybe??. > > if you want to add mail to the /etc/group file This doesn't seem to work... akpop3d writes a lockfile to /var/mail, but it doesn't delete it when it finishes. I seem to be the only one interested in trying to fix this... the maintainer hasn't replied in over a week, and the other advice I've gotten has ranged from "try another package" to "you're too stupid, so I won't explain it to you". I may be stupid, but if someone will try to explain what changes are needed, I'll try to come up with a patch. At the very least, I'll test the friggin' thing so there won't be dysfunctional crap in the ports tree. Jay
Re: akpop3d questions
On Thu, Nov 24, 2005 at 08:49:25AM +0100, the unit calling itself Xavier Santolaria wrote: > so spake J Moore on Thu, Nov 24, 2005 at 07:40:24AM CET: > [...] > > > The culprit seems to be the "group not found" error... WTF, O?? > > > > > > 23:17:13.312 << 0009 USER jm\0D\0A > > > 23:17:13.359 >> 0005 +OK\0D\0A > > > 23:17:13.359 << 0017 PASS abcdefghij\0D\0A > > > 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A > > > 23:17:20.718 << 0006 QUIT\0D\0A > > > 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data > > > was read because the remote system closed the connection (recv() == 0)') > > > --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. --- > > > > What is this group "mail"...? > > http://marc.theaimsgroup.com/?t=11320426661&r=1&w=2 OK - I didn't see this when I Google'd last night - thanks! ... guess the port maintainer is too busy. > > How does it get set up? > > Why is it not addressed in the docs od the instructions? >
Re: akpop3d questions
On Thu, Nov 24, 2005 at 07:17:54PM +1100, the unit calling itself Ian McWilliam
wrote:
> >
> >Perhaps some fwd progress... got cert & key files installed, but I am
> >bombing during the authentication process. Following is part of the
> >debug output from my client. I double-checked the password value, and
> >it's correct (changed here, but my client's log shows it correctly).
> >
> >The culprit seems to be the "group not found" error... WTF, O??
> >
> >23:17:13.312 << 0009 USER jm\0D\0A
> >23:17:13.359 >> 0005 +OK\0D\0A
> >23:17:13.359 << 0017 PASS abcdefghij\0D\0A
> >23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
> >23:17:20.718 << 0006 QUIT\0D\0A
> >23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
> >was read because the remote system closed the connection (recv() ==
> >0)')
> >--- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---
> >
>
> OK, It looks like the port needs some work as it doesn't handle the
> default group name.
>
> main.c:# define DEFAULT_GROUP_NAME "mail"
>
> It appears that this can be changed with a command line arg.
It can - that's how I finally got it to work. According to man akpop3d,
-g groupID does it. (and apparently I'm confused - I thought group ID
was the number, but akpop3d wants the group name, ... whatever)
> main.c: case 'g': group_name = optarg; break;
>
> It looks like the groupname is used as an argument to lock the users
> mail box.
>
> pop3_session.c.orig: g_inf = getgrnam("mail");
> pop3_session.c.orig: if (g_inf==NULL) {
> pop3_session.c.orig: if (setegid(g_inf->gr_gid)!=0 && real_username
> [0] == 0) {
> pop3_session.c.orig:syslog(LOG_ERR,"%s: %u: %s","setegid()
> failed",g_inf->gr_gid,strerror(errno));
> pop3_session.c.orig: if (setgid(g_inf->gr_gid)!=0 && real_username
> [0] == 0) {
> pop3_session.c.orig:syslog(LOG_ERR,"%s: %u: %s","setgid()
> failed",g_inf->gr_gid,strerror(errno));
> pop3_session.c.orig: if ((rc=lock_maildrop(maildrop,u_inf-
> >pw_uid,g_inf->gr_gid))<=0)
>
> yup, it then fchowns the lock file
>
> lock_maildrop.c: fchown(fd,uid,gid);
>
> So I would assume on other unix systems /var/mail is group mail by
> default, maybe??.
That may be... I checked a FreeBSD and a Linux (Fedora) box - both
listed "mail" as the group for /var/mail. So OpenBSD would appear to be
in a minority position.
> if you want to add mail to the /etc/group file
>
> man -k groupadd
>
> groupadd (8) - add a group to the system
I thought about this, but wouldn't you actually have to change group
ownership of /var/mail to group "mail" for this to make any difference?
And if you did this, wouldn't you risk breaking something else?
Thanks for the insight,
Jay
Re: akpop3d questions
On 24 Nov 2005, at 4:28 PM, J Moore wrote:
On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J
Moore wrote:
I need to set up a POP3 server for a while, and after a quick survey,
akpop3d seemed like a good choice - partly because it supports
POP3 via
SSL. So I built it from the ports tree (3.8 -stable), and
installed it.
I am currently starting from the command line as follows:
# akpop3d -d -s
Attempts to connect result in immediate complaints from the client
(I've
tried two of them: Evolution (Linux) and Pegasus (Windoze).
I'm assuming this is due to the fact that I have no cert or key file
installed or generated?
Before I invest any more time in this, I thought I'd ask if anyone
else
is using akpop3d, what the consensus of opinion is on it, and if
there
is any documentation on how to generate the .pem (Base64-encoded?)
cert
and key files.
Perhaps some fwd progress... got cert & key files installed, but I am
bombing during the authentication process. Following is part of the
debug output from my client. I double-checked the password value, and
it's correct (changed here, but my client's log shows it correctly).
The culprit seems to be the "group not found" error... WTF, O??
23:17:13.312 << 0009 USER jm\0D\0A
23:17:13.359 >> 0005 +OK\0D\0A
23:17:13.359 << 0017 PASS abcdefghij\0D\0A
23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
23:17:20.718 << 0006 QUIT\0D\0A
23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
was read because the remote system closed the connection (recv() ==
0)')
--- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---
Thanks,
Jay
OK, It looks like the port needs some work as it doesn't handle the
default group name.
main.c:# define DEFAULT_GROUP_NAME "mail"
It appears that this can be changed with a command line arg.
main.c: case 'g': group_name = optarg; break;
It looks like the groupname is used as an argument to lock the users
mail box.
pop3_session.c.orig: g_inf = getgrnam("mail");
pop3_session.c.orig: if (g_inf==NULL) {
pop3_session.c.orig: if (setegid(g_inf->gr_gid)!=0 && real_username
[0] == 0) {
pop3_session.c.orig:syslog(LOG_ERR,"%s: %u: %s","setegid()
failed",g_inf->gr_gid,strerror(errno));
pop3_session.c.orig: if (setgid(g_inf->gr_gid)!=0 && real_username
[0] == 0) {
pop3_session.c.orig:syslog(LOG_ERR,"%s: %u: %s","setgid()
failed",g_inf->gr_gid,strerror(errno));
pop3_session.c.orig: if ((rc=lock_maildrop(maildrop,u_inf-
>pw_uid,g_inf->gr_gid))<=0)
yup, it then fchowns the lock file
lock_maildrop.c: fchown(fd,uid,gid);
So I would assume on other unix systems /var/mail is group mail by
default, maybe??.
if you want to add mail to the /etc/group file
man -k groupadd
groupadd (8) - add a group to the system
Ian McWilliam
Re: akpop3d questions
so spake J Moore on Thu, Nov 24, 2005 at 07:40:24AM CET: [...] > > The culprit seems to be the "group not found" error... WTF, O?? > > > > 23:17:13.312 << 0009 USER jm\0D\0A > > 23:17:13.359 >> 0005 +OK\0D\0A > > 23:17:13.359 << 0017 PASS abcdefghij\0D\0A > > 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A > > 23:17:20.718 << 0006 QUIT\0D\0A > > 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data > > was read because the remote system closed the connection (recv() == 0)') > > --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. --- > > What is this group "mail"...? http://marc.theaimsgroup.com/?t=11320426661&r=1&w=2 > How does it get set up? > Why is it not addressed in the docs od the instructions?
Re: akpop3d questions
On Wed, Nov 23, 2005 at 11:28:47PM -0600, the unit calling itself J Moore wrote: > On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J Moore > wrote: > > I need to set up a POP3 server for a while, and after a quick survey, > > akpop3d seemed like a good choice - partly because it supports POP3 via > > SSL. So I built it from the ports tree (3.8 -stable), and installed it. > > > > I am currently starting from the command line as follows: > > # akpop3d -d -s > > > > Attempts to connect result in immediate complaints from the client (I've > > tried two of them: Evolution (Linux) and Pegasus (Windoze). > > > > I'm assuming this is due to the fact that I have no cert or key file > > installed or generated? > > > > Before I invest any more time in this, I thought I'd ask if anyone else > > is using akpop3d, what the consensus of opinion is on it, and if there > > is any documentation on how to generate the .pem (Base64-encoded?) cert > > and key files. > > Perhaps some fwd progress... got cert & key files installed, but I am > bombing during the authentication process. Following is part of the > debug output from my client. I double-checked the password value, and > it's correct (changed here, but my client's log shows it correctly). > > The culprit seems to be the "group not found" error... WTF, O?? > > 23:17:13.312 << 0009 USER jm\0D\0A > 23:17:13.359 >> 0005 +OK\0D\0A > 23:17:13.359 << 0017 PASS abcdefghij\0D\0A > 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A > 23:17:20.718 << 0006 QUIT\0D\0A > 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data > was read because the remote system closed the connection (recv() == 0)') > --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. --- What is this group "mail"...? How does it get set up? Why is it not addressed in the docs od the instructions? Thnx, Jay
Re: akpop3d questions
On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J Moore wrote: > I need to set up a POP3 server for a while, and after a quick survey, > akpop3d seemed like a good choice - partly because it supports POP3 via > SSL. So I built it from the ports tree (3.8 -stable), and installed it. > > I am currently starting from the command line as follows: > # akpop3d -d -s > > Attempts to connect result in immediate complaints from the client (I've > tried two of them: Evolution (Linux) and Pegasus (Windoze). > > I'm assuming this is due to the fact that I have no cert or key file > installed or generated? > > Before I invest any more time in this, I thought I'd ask if anyone else > is using akpop3d, what the consensus of opinion is on it, and if there > is any documentation on how to generate the .pem (Base64-encoded?) cert > and key files. Perhaps some fwd progress... got cert & key files installed, but I am bombing during the authentication process. Following is part of the debug output from my client. I double-checked the password value, and it's correct (changed here, but my client's log shows it correctly). The culprit seems to be the "group not found" error... WTF, O?? 23:17:13.312 << 0009 USER jm\0D\0A 23:17:13.359 >> 0005 +OK\0D\0A 23:17:13.359 << 0017 PASS abcdefghij\0D\0A 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A 23:17:20.718 << 0006 QUIT\0D\0A 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data was read because the remote system closed the connection (recv() == 0)') --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. --- Thanks, Jay
akpop3d questions
I need to set up a POP3 server for a while, and after a quick survey, akpop3d seemed like a good choice - partly because it supports POP3 via SSL. So I built it from the ports tree (3.8 -stable), and installed it. I am currently starting from the command line as follows: # akpop3d -d -s Attempts to connect result in immediate complaints from the client (I've tried two of them: Evolution (Linux) and Pegasus (Windoze). I'm assuming this is due to the fact that I have no cert or key file installed or generated? Before I invest any more time in this, I thought I'd ask if anyone else is using akpop3d, what the consensus of opinion is on it, and if there is any documentation on how to generate the .pem (Base64-encoded?) cert and key files. Thnx, Jay
