0125-0127.html

来自「linux-unix130.linux.and.unix.ebooks130 l」· HTML 代码 · 共 458 行

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:SMTP and POP</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=07 //-->
<!-- PAGES=0097-0130 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="0122-0124.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0128-0130.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-125"><P>Page 125</P></A>






<P>The following sections cover the integration of the most-used application of any network:
electronic mail (or e-mail for short). Because UNIX and &quot;other&quot; operating systems have a
very different view of how e-mail should be handled, the Post Office Protocol (POP) was
created. This protocol abstracts the details of e-mail to a system-independent level so that anyone
who writes a POP client can communicate with a POP server.
</P>




<H4><A NAME="ch07_ 38">


Configuring a POP Server
</A></H4>




<P>The POP server you will configure on the sample systems is the freely available
qpopper program. This package was originally written at Berkeley but is now maintained by the
Eudora division of Qualcomm
(www.eudora.com/freeware). If you also need client software for
non-UNIX systems, check out the Eudora Light e-mail package also available from
Qualcomm. Like qpopper, Eudora Light is available for free. (The Professional version does cost
money, however.)
</P>




<P>Red Hat has prepared an RPM of this package, which is available on the CD-ROM
(qpopper-2.3-1.i386.rpm), or you can fetch it from Red Hat's Web site at
ftp://ftp.redhat.com/pub/contrib/i386/qpopper-2.3-1.i386.rpm
. To install it, simply run
</P>


<!-- CODE SNIP //-->
<PRE>
rpm -i qpopper-2.3-1.i386.rpm
</PRE>
<!-- END CODE SNIP //-->





<P>This way, you can install two programs:
/usr/sbin/in.qpopper and /usr/sbin/popauth.
/usr/sbin/in.qpopper is the actual server program that you will set up to run from
inetd. /usr/sbin/popauth is used to configure clients that use APOP authentication.
</P>




<H4><A NAME="ch07_ 39">


Configuring in.qpopper
</A></H4>




<P>Most of in.qpopper's (from this point on called just
qpopper) options are configured at compile time; therefore, you don't have much of a say in how things are done unless you want
to compile the package yourself. If you are interested in pursuing that route, you can fetch
the complete package from Qualcomm's site at
<a href="http://www.eudora.com/freeware/servers.html.">http://www.eudora.com/freeware/servers.html.</A>
</P>




<P>The default configuration items are fine for most sites. These defaults are as follows:
</P>




<UL>
<LI>          Refusal to retrieve mail for anyone whose UID is below 10 (for example, root).
<LI>          Bulletin support in
/var/spool/mail/bulletins.
<LI>          New users will receive the last bulletin posted.
<LI>          Verbose logging to
syslog.
<LI>          APOP authentication uses
/etc/pop.auth (see the section on popauth for details).
</UL>




<P>To allow qpopper to start from inetd, edit the
/etc/inetd.conf file and add the following line:
</P>


<!-- CODE SNIP //-->
<PRE>
pop-3     stream    tcp     nowait    root    /usr/sbin/tcpd in.qpopper
</PRE>
<!-- END CODE SNIP //-->





<P>Don't forget to send the HUP signal to inetd. You can do so by issuing the following
command:
</P>
	

<!-- CODE SNIP //-->
<PRE>
kill -1 `cat /var/run/inetd.pid`
</PRE>
<!-- END CODE SNIP //-->


<A NAME="PAGENUM-126"><P>Page 126</P></A>






<P>Now you're ready to test the connection. At a command prompt, enter
</P>


<!-- CODE SNIP //-->
<PRE>
telnet popserver 110
</PRE>
<!-- END CODE SNIP //-->





<P>where popserver is the name of the machine running the
qpopper program.</P>




<P>You should get a response similar to the following:
</P>


<!-- CODE SNIP //-->
<PRE>
+OK QPOP (version 2.3) at mtx.domain.com starting.
&lt;14508.877059136@mtx.domain.com&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>This result means that the POP server has responded and is awaiting an instruction.
(Typically, this job is transparently done by the client mail reader.) If you want to test
the authentication service, try to log in as yourself and see whether the service registers your
current e-mail box. For example, to log in as
sshah with the password mars1031, you enter
</P>


<!-- CODE //-->
<PRE>
user sshah
+OK Password required for sshah
pass mars1031
+OK sshah has 5 messages (98031 octets).
quit
+OK Pop server at mtx.domain.com signing off.
</PRE>
<!-- END CODE //-->





<P>The first line, user sshah, tells the POP server that the user for whom it will be checking
mail is sshah. The response from the server is an acknowledgment that the user
sshah exists and that a password is required to access the mailbox. You can then type
pass mars1031, where mars1031 is the password for the
sshah user. The server acknowledges the correct password by
responding with a statement indicating that five messages are currently in user
sshah's mail queue. Because you don't want to actually read the mail this way, you simply enter
quit to terminate the session. The server sends a sign-off message and drops the connection.
</P>




<P>Although the stock configuration of qpopper is ideal for most sites, you might want to adjust
a few command-line parameters. To use a command-line parameter, simply edit your
inetd.conf file so that the line invoking the
in.qpopper program ends with the parameter you want
to pass. For example, if you want to pass -T 10 to the server, your
inetd.conf entry would look like this:
</P>


<!-- CODE SNIP //-->
<PRE>
pop-3     stream    tcp     nowait    root    /usr/sbin/tcpd in.qpopper -T 10
</PRE>
<!-- END CODE SNIP //-->





<P>Don't forget to the send the HUP signal to the
inetd program using the following command:
</P>


<!-- CODE SNIP //-->
<PRE>
kill -1 `cat /var/run/inetd.pid`
</PRE>
<!-- END CODE SNIP //-->





<P>The following parameters are available in
in.qpopper:
</P>

<HR>
<TABLE WIDTH="360">

<TR><TD>
Parameter
</TD><TD>
Description
</TD></TR>

<TR><TD>
-d
</TD><TD>
Enables the debugging messages to be sent to
SYSLOG.
</TD></TR>

<TR><TD>
-t &lt;tracefile&gt;
</TD><TD>
Redirects the debugging information to be sent
to &lt;tracefile&gt;, where &lt;tracefile&gt; is a log file on your system.
</TD><TR>
</TABLE>


<A NAME="PAGENUM-127"><P>Page 127</P></A>


<HR>
<TABLE WIDTH="360">


<TR><TD>
Parameter
</TD><TD>
Description
</TD></TR>


<TR><TD>
-s
</TD><TD>
Enables statistical information about each connection tobe logged to SYSLOG.
</TD></TR>

<TR><TD>
-T &lt;timeout&gt;
</TD><TD>
Changes the time-out period for connections to
&lt;timeout&gt; seconds. You might need to set this parameter to a
higher value if your clients are connecting through slow
connections (for example, PPP links).
</TD></TR>

<TR><TD>
-b &lt;bulldir&gt;
</TD><TD>
Specifies what directory to use to hold the bulletins.
The default directory is /var/spool/mail/bulletins.
</TD></TR>
</TABLE>




<H4><A NAME="ch07_ 40">


Using popauth
</A></H4>




<P>By default, the POP server sends all passwords in cleartext (not encrypted). If you
are security conscious, using cleartext obviously is a bad idea, and a tighter control is needed
on authentication. APOP support comes in at this point. APOP is a more security-minded way
of authenticating users because the passwords are sent over the network already encrypted.
qpopper supports APOP and keeps its APOP database in the
/etc/pop.auth database. Because this database is kept in a binary format, you need to manipulate it using the
popauth program.
</P>




<P>When you installed qpopper, the /etc/pop.auth database was not created. Before you can
begin using popauth, you need to initialize the database using the following command:
</P>


<!-- CODE SNIP //-->
<PRE>
popauth -init
</PRE>
<!-- END CODE SNIP //-->





<P>This command sets up the database and prepares it for further manipulation.
popauth accepts the following three parameters to list, delete, and add users to its database:
</P>


<HR>

<TABLE WIDTH="360">

<TR><TD>
Parameter
</TD><TD>
Description
</TD></TR>


<TR><TD>
-list
</TD><TD>
Displays the existing users in the database by their
login names.
</TD></TR>

<TR><TD>
delete &lt;name&gt;
</TD><TD>
Removes user
&lt;name&gt; from the database, where &lt;name&gt; is
that user's login.
</TD></TR>

<TR><TD>
-user &lt;name&gt;
</TD><TD>
Adds the user &lt;name&gt; to the database, where
&lt;name&gt; is the user's login. When the parameter is invoked, you
are prompted to enter the user's password twice (the second
time to verify you typed it in correctly) to enable the entry.
</TD></TR>
</TABLE>





<P>For example, to add the user sshah to the database, you use the following:
</P>


<!-- CODE SNIP //-->
<PRE>
[root@mtx /root]# popauth -user sshah
Changing POP password for sshah.
New password: scrubber
Retype new password: scrubber
</PRE>
<!-- END CODE SNIP //-->


<P><CENTER>
<a href="0122-0124.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0128-0130.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>