Frequently Asked Questions for tpop3d
$Id$

1. How can I do POP-before-SMTP relaying with tpop3d?

   From version 1.4.1, support for POP-before-SMTP relaying is built into
   tpop3d itself, so the following is of mainly historical interest. For more
   information, see tpop3d.conf(5) and README.POP-before-SMTP.

   The game here is to have some table which your MTA consults to determine
   whether a client may relay through this server. Successful POP connections
   cause the connected host to be allowed to relay for a few minutes, so that
   a client whose PC-based MUA retrieves mail and then sends other mail can be
   allowed to do so without opening your server to all sorts of bad
   spam-related abuse.
   
   There are two basic approaches:
   
        - watch the system log for a tell-tale line, and use this to trigger
          addition of an entry to a table;
   
        - have the POP server set this up itself.
   
   For the first approach, a suitable log line to use will (ignoring the date,
   time, process name and PID generated by syslog) look like: 
   
       fork_child: [6]chris(10.73.32.1): successfully authenticated with pam
   
   A perl statement to parse this looks like
   
       $user, $host, $method) =
           ($line =~ m/^fork_child:\ \[\d+\]([^\s(]+)\(([0-9.]+)\):
                           \ successfully\ authenticated\ with\ ([^\s]+)$/x);
   
   where $line contains the part of the syslog line corresponding to the
   example shown above.
   
   Bear in mind that this syslog-watching approach is only as secure as the
   contents of your system log, by which I mean `not very':
   
   $ logger -t 'tpop3d[1234]' -p mail.info \
       'fork_child: [42]billg(12.34.56.78) successfully authenticated with pam' 
 
   Of course, this may not be an issue if there are no shell users on your
   POP3 server system, though you might want to think carefully about whether
   any other process on your system could be tricked into writing a log line of
   the above form.

   The alternative is to have tpop3d trigger addition of a client to the
   allowed-to-relay table. If you are happy to alter the C code, then the best
   thing to do is to insert some code at the same place that the above log
   line is generated to do whatever book-keeping you need. This is in the
   function fork_child in main.c. Alternatively, you could write an auth-perl
   or auth-other authenticator which did the dirty work for cases of successful
   authentication. Of course, this means that you have to implement the
   authentication yourself, too, which is slightly wasteful.


2. I want to use auth-mysql, but my database schema doesn't look like
   yours....

   Thanks to Mike Bremford, it is now possible to configure the SQL queries
   used by tpop3d at runtime. Look for the auth-mysql-pass-query and
   auth-mysql-apop-query directives in tpop3d.conf(5).


3. Do you have precompiled binaries for $operating_system?

   No. There are RPMs, .deb packages and a FreeBSD Port for tpop3d maintained
   by various people, but I don't maintain any packages or precompiled
   binaries myself, nor am I likely to do so in the future.

   My rationale here is that tpop3d is heavily configurable at compile-time.
   If I were to produce (say) RPMs for tpop3d, then I would need to either
   produce a single kitchen-sink package, with dependencies upon perl and
   MySQL which many users would not want, or produce a variety of
   differently-configured packages for the different combinations of
   authenticators, mailboxes, snideness and so forth. This would rapidly
   become silly in a combinatorial sense.

   The alternative would obviously be to produce a source package. It appears
   that this is not now necessary, since newer versions of the package tools
   can obtain this information from files in a standard .tar.gz file.


4. I see that tpop3d supports MySQL, but I want to use another/a proper
   database....

   You can, if you want, write a database authentication driver in C, using
   auth-mysql as an example. However, a better approach would be to write an
   authenticator in a scripting language such as Perl or Python, and have
   tpop3d call it through the auth-perl or auth-other mechanisms. There is a
   perl example for Oracle (contributed by Paul Makepeace) in the scripts/
   subdirectory of the distribution. From version 1.5.1, tpop3d also supports
   Postgres, through auth-pgsql.


5. I'm using auth-mysql, but authentication doesn't seem to work....

   auth-mysql is a virtual domains authenticator. This means that users need to
   log in with a domain specified in order to be authenticated. This is a
   Feature. If you only have users in one domain and you still want to use
   auth-mysql (it's not obvious why you would want to do this), then you can
   define a default domain using the (domain) syntax in the listener:
   configuration directive, and then switch append-domain on so that the domain
   you specify is passed to authenticators. See also archived postings on the
   mailing list.


6. tpop3d seems to be leaking memory.

   A number of memory leaks have been found and fixed in tpop3d over time.
   It's possible that you've found another one. Another possibility is that
   one of your authenticators leaks memory. If you're using auth-perl, check
   your code carefully. If you're using auth-pam, consider using the
   --enable-pam-leak-hack option to configure (see INSTALL file and
   auth_pam.c in the distribution). If that doesn't fix it, ask on the
   tpop3d-discuss mailing list (see README for further details).

