Re: POP3 daemon selection

To: Jonathan Hall <jonhall@futureks.net>, debian-isp@lists.debian.org
Subject: Re: POP3 daemon selection
From: Russell Coker <russell@coker.com.au>
Date: Tue, 4 Jan 2000 15:28:07 +1100
Message-id: <[🔎] 0001041540300S.00999@lyta>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20000103204202.A4366@zeppelin.futureks.net>
References: <[🔎] 20000103204202.A4366@zeppelin.futureks.net>

On Tue, 04 Jan 2000, Jonathan Hall wrote:
>I've been using qpopper up until now, for no real reason, other than that's
>the first POP3 server I've tried.
>
>My needs, however, have recently changed, so I'm exploring other POP3
>servers, and would like some advice.
>
>First, security is important.  I've read of a few root exploits in qpopper
>recently (presumably fixed in the latest versions?).

I'd recommend avoiding qpopper for this reason.  It has a bad history.

>Anyway... my (somewhat unusual) situation at this point is as follows:
>
>  - Some customers have full Internet access, some customers have ONLY
>    e-mail access
>  - All users are authenticated w/ cistron radius out of /etc/passwd

I doubt that RADIUS is an issue.  The fact that all users are in /etc/passwd
is all that is relevant.

>  - Mail-only customers are all members of group "email", so when dialing
>    in, are given a private IP address (192.168.x.x) by the radius server to
>    prevent access to all but my local POP3 and SMTP servers
>  - Full-access customers have shell accounts, Mail-only customers do not
>    have shell accounts.  To prevent shell access for the mail-only
>    customers, I have changed their shell to /bin/false (a non-existant
>    file, not listed in /etc/shells), and changed their home directory to
>    /email (a non-existant directory).

This is standard stuff.

>  This setup all worked fine until I started utilizing the POP bulliten
>feature of qpopper, and qpopper needed to start storing .popbull files in
>each user's home directory.  Without a valid home directory, qpopper cannot
>store a .popbull file in the mail-only users' home directories.  As a
>result, these customers receive every pop bulliten again EVERY time they
>check their mail.

You can patch qpopper to use ~/.popbull-username instead of ~/.popbull , that
way you have have 25,000 users with the same home directory.  A site where I
used to work did just this.

>  The solution I have devised for this problem is to go ahead and create
>home directories for the mail-only customers, but not give the individual
>users read or write permissions to the directory.  Then, hacking the qpopper
>source to run setgid "mailonly", and then set all mail-only customers' home
>directories as read- and write-able by group "mailonly," thus allowing
>qpopper the ability to store the needed .popbull file, but not allowing
>mail-only customers access to the system.
>
>  Now... my question:  Is this solution pheasable and secure?

Firstly, why would you not want the account to have read access to it's own
home directory?
If the shell is /bin/false and sudo is either not installed or configured
correctly then they won't be able to access the home directory anyway.

>  Or better yet... is there a more "clean" way of accomplishing what I need,
>either with qpopper or another POP3 daemon?
>
>  And lastly... Is there another POP3 daemon I should consider anyway? 
>Either for security or configurability?

I recently fixed an old mail server that used to have 27000 accounts run by
qpopper.  I installed the POP server from Qmail.  Then I wrote and installed
my maildir-bulletin package (which should be in Debian now - you can get the
source from http://www.coker.com.au/maildir-bulletin/ ).  Now each user has
their own home directory.  Users who are mail-only have their shell as
/bin/false and can only login via POP.  When a bulletin arrives a single file
is created in /home/bulletins and then hard links (soft links if the hard
links fail) are created to the Maildir of every user.
This is much more capable than qpopper bulletins because it works with any
Maildir POP server (well there's only one such POP server at the moment - but
others are being written), "ls -l /home/bulletins" shows you how many people
have yet to read each bulletin (link-count - 1), and I've written an
automatic bulletin-unsender.

Try it out.  Currently this setup has 27000 people happily using it on an AIX
server.  The Debian version hasn't been tested as well as I would like but
I'll rapidly fix any bugs you find.

-- 
The ultimate result is that some innovations that would truly benefit
consumers never occur for the sole reason that they do not coincide with
Microsoft's self-interest.
-- Judge Thomas Penfield Jackson, U.S. District Judge

Reply to:

Follow-Ups:
- Re: POP3 daemon selection
  - From: Jonathan Hall <jonhall@futureks.net>

References:
- POP3 daemon selection
  - From: Jonathan Hall <jonhall@futureks.net>

Prev by Date: Re: security risk about eggdrop
Next by Date: Re: POP3 daemon selection
Previous by thread: POP3 daemon selection
Next by thread: Re: POP3 daemon selection
Index(es):
- Date
- Thread