What is Qpopper?

Security Vulnerability

Qpopper on Linux

Frequently Asked Questions (FAQ)

Qpopper 3.0 Now Available

Current Qpopper Release

Download

Mirror FTP sites

3.1 public beta

Feedback, Bug Reports, Mailing Lists

Installation and Documentation

Acknowledgments

Other QUALCOMM E-Mail Products

License and Legal Information

The README file

Qpopper 3.0
A Major New Release

Latest Standards
New standards and extensions designed to reduce support costs and improve operations:

• Support for RFC 2449, which adds a POP extension mechanism (including the CAPA command), and extended result codes.  This allows a site to communicate policy to clients such as the minimum delay between mail checks and the length of time mail may be left on the server.  This also allows Qpopper to tell the client more detail about error conditions, including suggested behavior.   More Information.
• Experimental extension (x-mangle) for more efficient bandwidth usage, especially with wireless devices (such as Eudora for the Palm Computing Platform).

See the INSTALL file for more details.

New Features
By popular request:

• Bulletins can now be issued to users based on group membership.
• Reverse-lookups on client IP addresses can now be disabled by using the -R run-time switch.
• User names can be down cased by using the -c run-time switch.  This helps when users are in the habit of entering their user name in ALL CAPS.
• PAM authentication is now supported.
• Qpopper now coexists with UW servers by ignoring the UW folder internal data message.
• Optional automatic deletion of downloaded messages.  Can be used to prevent users from keeping mail on the server.
• Easily add your own text to the greeting by simply editing the banner.h file.

See the INSTALL file for more details.

Stability
Significantly increased stability, including:

• Improved mailbox locking code.
• Corrected defects which could cause corrupted mail spools.
• Fixed defects which could cause crashes, or fail to remove locks while aborting.

Security
Improved security:

• “Belt, suspenders, and test ” approach to buffer overflows: prevention now at two code levels, plus comprehensive testing against each parameter of each command prior to release.
• General code improvements.
• PAM authentication is now supported.

See the INSTALL file for more details.

Easier Configuration
New and most existing compile-time settings can now be set from the configure script:

• --with-warnings for those who love to see extra compiler warnings.
• --enable-shy to hide qpopper's version number in the banner and CAPA IMPLEMENTATION tag.  (Some people feel this improves security by making it harder to tell if you are running software with known exploits; others feel this reduces security by hiding the fact that you are running fixed software, leading malicious users to try attacks they otherwise would avoid.)
• --enable-auto-delete to automatically mark for deletion all messages downloaded with RETR.
• --enable-hash-spool=1|2 to use hashed spool directories.
• --enable-home-dir-mail=file to use a spool file in the user's home directory.
• --enable-bulldb=path to enable bulletins and set the path for the bulletin directory.
• --with-new-bulls=number to specify the maximum number of bulletins for new users (default is 10).
• --enable-popbulldir=path to specify an alternate location for users' popbull files.
• --enable-log-login to log successful user logins. This can be used, for example, to validate subsequent SMTP sessions from the same IP address within a short time period, in the absence of SMTP AUTH support by client and server.
• --with-pam=service-name to authenticate using PAM.
• --with-log-facility=name to specify the log facility. Default is LOG_LOCAL1 or LOG_MAIL, depending on the platform.
• --enable-uw-kludge to check for and hide a UW IMAP status message.
• --enable-group-bulls to show bulletins by groups (group name is second element in bulletin name).
• Easily add your own text to the greeting by simply editing the banner.h file.

See the INSTALL file for more details.

POP Extension Mechanism and CAPA command, Extended Response Codes, and x-mangle

X-mangle condenses mime messages into a single part for ease of use by lightweight clients.  Messages can be translated to and from text/plain, format=flowed, and text/html.

As a way to enable mime-mangling with clients that do not support x-mangle, you can add -no-mime to the user name.  For example, if your user name is mary, enter it in the client as mary-no-mime.

The optional LOGIN-DELAY and EXPIRE values are announced through the CAPA command.  The values to announce are passed as command line switches.  Actual enforcement of minimum login delay and message expiration is up to the site by some other means.  (For example, a simple script run from crontab could be used for message expiration.)  Qpopper does support automatic deletion of downloaded messages through the --enable-auto-delete configure flag.  This can be used to effect EXPIRE 0 (no retention).

Qpopper uses the [AUTH], [IN-USE], [SYS/PERM], and [SYS/TEMP] extended response codes, and includes the AUTH-RESP-CODE tag in the CAPA response.

[AUTH] (together with the AUTH-RESP-CODE CAPA tag) informs the client that an error is related to the user's credentials.  This includes a bad password, an invalid user name, or any other failure which is caused in some way by the user's status or permissions.

[IN-USE] tells the client that an error is due to the user's mail drop being in use, probably by an earlier session that has not yet finished terminating.

[SYS/TEMP] lets the client know that an error is caused by a server condition, probably temporary.  No need to alarm the user unless the error persists.

[SYS/PERM] indicates that an error is caused by a server condition which is unlikely to clear up on its own; the user should be informed and instructed to contact technical support.