Qpopper 2.41 and prior versions (and some early beta versions of Qpopper 3.0) are vulnerable to buffer overflow.  Remote users can obtain root access on systems running these versions.  Qpopper 2.53 and earlier have a non-root exploit.

Releases of Qpopper 4.0.5 and later are immune from all known buffer overrun and other security issues.  Please upgrade your server if you are running any Qpopper older than the current version

Also, 4.0 and later has new code which makes future buffer overruns far less likely, and releases are run against a utility which tests all parameters of all commands for buffer overruns.

While Qpopper uses system authentication calls, if you use PAM, you can have Qpopper use a PAM module which gets authentication information from a source other than /etc/passwd or /etc/shadow (for example, LDAP).  Note that since Qpopper reads the mail spool of the Unix user, it still needs a pwnam entry for the user.

In addition, there are third-party patches which provide alternative mechanisms.  Qualcomm does not provide support for Qpopper patches such as these.

The spool directory needs to have ownership and permissions set correctly.  Normally, this directory has owner root and group mail, and has permissions set drwxrwxr-x or drwxrwxrwt.  (The second form sets the sticky bit to prevent non-owners from deleting or renaming files.)

For example, if your spool directory is /var/mail, enter:

chown root:mail /var/mail
    chmod u=rwx,g=rwx,o=rx /var/mail
or
    chmod a=trwx /var/mail
chmod ug=rw,o-rwx /var/mail/*

The first command sets the spool directory so it has owner root and group mail.

The first form of the second command sets permissions so that only user root or group mail can create or write files.  The second form sets permissions so that anyone can create files, but only the owners can delete or rename them.

The third command sets the permissions on existing spool files so that the owners and group mail can read and write them, but no one else can access them.

If you do an ls -ld on your spool directory, it should show as drwxrwxr-x or drwxrwxrwt. 

If you do an ls -l on your spool directory, all files should show as rw-rw----. 

If permissions are not set correctly, Qpopper is unable to create the dot-lock file in the spool directory.

We recommend against using Qpopper over NFS.  This is because atomic locking is required to prevent spool corruption, and NFS does not provide this. 

Create a file called pop3 in the /etc/xinetd.d directory that contains the following lines (adjust the server line to contain the path to the Qpopper executable, and the server_args line to contain any Qpopper command-line flags you wish to use; this example shows the executable located at /usr/local/lib/popper, and the -s command-line flag):

service pop3
{

	socket_type	=	stream
	protocol	=	tcp
	wait	=	no
	user	=	root
	server	=	/usr/local/lib/popper
	server_args	=	qpopper -s
	port	=	110

}

Note that it may also be necessary to create an entry in the /etc/hosts.allow file such as the following:

popper:ALL

Additionally, the standard distribution of RedHat Linux 7.0 installs the file /etc/xinetd.d/ipop3 in support of its default POP3 service, which is likely to create a redundant POP3 references for the xinetd daemon.  You may need to either delete the /etc/xinetd.d/ipop3 file or comment out its service pop3 line.

Add --enable-home-dir-mail=Mailbox to the ./configure command or add set home-dir-mail = Mailbox to a configuration file. 

This occurs when the user does not have the permissions to create the .user.pop in the temporary drop directory (which defaults to the mail spool directory).  Check the permissions of this directory.

This indicates a client issued a QUIT command in themiddle of authenticating.  While this may be perfectly normal, it can also indicate a possible break-in attempt, hence the warning.

This indicates that inetd received more requests for Qpopper service within one minute than it is configured to allow.  On most systems, by default inetd only permits 40 connections within one minute to any service.  If you have a lot of users, this may be too small a limit.  You can increase the global default (for all inetd services) by passing a timeout argument to inetd.  On most systems, you can increase the timeout for Qpopper by modifying your inetd.conf file.  Find the pop3 line, and change nowait to nowait.timeout, for example, nowait.50 to permit 50 Qpopper connections within one minute.

This error message in your log means that a client connected in and Qpopper got an error when it tried to do a reverse lookup on the IP address.  If the client is local, this may indicate a problem with its DNS entry (specifically the PTR record for that IP address), or it may be a temporary DNS problem.

Qpopper allows you to turn off this check if you like.  Qpopper also includes the IP address of the client in the log message, to make it easier to check its DNS entries.

You need to ensure that enough free space exists in your spool directory, and any user disk quotas are large enough, so that the spool file can be copied.  This means at least twice the spool file size may be needed.

You can also specify a separate directory for temporary files by using the --enable-temp-drop-dir=path option with ./configure or adding set temp-dir = path to a configuration file.

This indicates that the user's mail spool is corrupted.  The first line, which should be a "From " or MMDF separator is not recognizable.

If you are using procmail as the delivery agent (check the "Mlocal" line in /etc/sendmail.cf), or if procmail is being used in addition to a delivery agent, be sure to upgrade to the latest version.  Reports have linked procmail v3.10 with spool file corruption.  You can get an updated procmail at www.procmail.org.

Be sure to use the lastest version of Qpopper.  In particular, it was possible for versions prior to 3.0 to create corrupted .user.pop files if server mode was not used, and Qpopper was unable to copy the user's spool file because the disk filled up, the user was over quota, or some other error occurred.

NOTE: It is possible that corrupted .user.pop files were created for some users by aborted sessions using versions prior to 3.0.  The next time these users check mail, the corrupted .user.pop file will cause the error.  It is a good idea to check for any .user.pop files after upgrading from a version prior to 3.0.  If you find any of these files, check them for corruption.  You can delete them if they seem to be all garbage.  .user.pop files should normally not exist after a session ends.  If you find any, it either means the Qpopper process was killed abnormally, or a version prior to 3.0 created a corrupted one.

We have also had reports that certain webmail programs can corrupt the mail spool.

To fix the immediate problem for this user, edit the mail spool file and check the first line.   If it does not start with "From " (including the space but not the quotes), delete it and any following lines until you see a separator.   If the line starts with "rom " or "FFrom", correct it to be "From ".   Note that the separator line starts with "From ", not "From: ".  

You can also use a utility such as formail to edit the spool file, for example, formail -b oldfile newfile and then replace oldfile with newfile, perhaps keeping a copy of oldfile in case you discover a problem with the results of formail.

See the heading "Turning off authentication in the client" in this Netscape SMTP AUTH document.  Do the following on each client machine:

1. Quit Netscape
2. Open the following file in a text editor:
   • For Macintosh clients, edit Netscape Preferences
   • For Windows clients, edit prefs.js
3. Add the following line to the end of the file:

   user_pref("mail.auth_login", false);

4. Launch Netscape

The preferences file will be re-sorted after Netscape runs.

Probably you are using shadow passwords.  You need to run ./configure with the --enable-specialauth flag. 

Try:

make realclean
./configure --enable-specialauth
make

CAPA is a new POP extension (defined in RFC 2449) which permits a POP server to give information to a client about supported POP extensions, optional server behavior, and site policy.   Some newer email clients, such as Eudora, issue the command, and if supported by the server, take advantage of the response.  CAPA is supported by qpopper 3.0 and later.

When a client connects, Qpopper attempts a reverse-lookup on the IP address, and if it resolves to a canonical name, then attempts a lookup on the returned name.  If the returned name does not resolve to an IP address, qpopper issues this error. 

This is a known bug in Solaris 6 PAM.  It is fixed in Solaris 7, and patch 106257-05 is also available.

Generally, this is because a client has disconnected without sending QUIT.  This can be the result of telephone modem problems, which are more likely to occur when downloading large messages.  It could also be caused by too-small timeout values in some clients.

If you are using Qpopper 4.0 or later and your network is very congested, the aggregating of small packets into one large one can acerbate the situation.  In this case you can use the --enable-chunky-writes=1 flag with ./configure, or use set chunky-writes = tls in a configuration file. 

As the size of the spool file increases (more and larger messages left on the server), the time required to start and stop the POP session goes up, especially if Server Mode is not used.  If you check the spool directory just after a session ends, you may see the lock file and the temporary spool still there, and the Qpopper process still active.  Do not kill the process, as it is updating the spool.  You should make sure to run the latest version of Qpopper.  You may want to review the options which affect performance.

If you are using Solaris, probably the Content-Length: header for the first message is incorrect (too large).  If you are using /bin/mail as your local delivery agent (the Mlocal line in sendmail.cf), try repalcing this with /usr/lib/mail.local.

Be sure to run the latest version of Qpopper, especially 4.0 or later, which better handles slightly-off Content-Length: headers.

You probably don't have a C compiler installed.  You need a C development environment, which includes a C compiler, /usr/include files, and various utilities.  You can get this from your vendor, or, use the free ones from GNU.  You may also get pre-compiled versions specific for your platform from various locations.  For example, Solaris.

Qpopper 3.0 introduced a more compact encoding of message unique identifiers (known as UIDs or UIDLs).  For example, a UID may now look like E`'!!Y]+"!(-i!!Tl$#!

These UIDs are fine, they are not corrupted.  They may look strange, but that is OK.  They are in full conformance with RFC 1939.  Specifically, see "UIDL Command" in section 7.

The unique-id of a message is an arbitrary server-determined string, consisting of one to 70 characters in the range 0x21 to 0x7E

This means that the UID can consist of any characters in the ASCII range (hex) 21-7E; (decimal) 33-126; (characters) '!' - '~'.

This indicates that Qpopper failed to receive a command from the client within the timeout period.  You can adjust Qpopper's timeout by using the -T seconds command-line flag, or set timeout = seconds in a configuration file.

If you are using Qpopper 4.0 or later and your network is very congested, the aggregating of small packets into one large one can acerbate the situation.  In this case you can use the --enable-chunky-writes=1 flag with ./configure, or use set chunky-writes = tls in a configuration file. 

EOF or I/O error almost always means EOF.  That is, the network connection with the client dropped unexpectedly.

At the point where this message is issued, Qpopper no longer knows if it was an EOF or an actual I/O error, and so it reports the error number just in case it really is an I/O error (which it almost never is).  When it is just an EOF, the associated error is meaningless. 

A maillock error indicates a failure to obtain exclusive access to the mail spool.  The error number indicates the nature of the problem.  More details are usually found in the log.

Here are what the numbers mean:

1. The user name is too long
2. Qpopper was unable to create the dot-lockfile.  Check the permissions on the spool directory, and also make sure the user is not over quota and the spool disk is not full.
3. Qpopper was unable to write its process ID into the lockfile.  Check if the user is over quota or if the spool disk is full.
4. The spool was locked by another process; perhaps the delivery agent was adding new mail.  If this persists, it indicates a problem.
5. Something else went wrong.  Check the log for a more detailed error message.
6. Qpopper lost the lock in the middle of locking it.  If this persists, it indicates a problem.

Errors on HP-UX such as

(Bundled) cc: warning 480: The -A option is available only with the C/ANSI product; ignored
(Bundled) cc: "popper.h", line 327: error 1000: Unexpected symbol: "*"

indicate that you are using HP's bundled C compiler, which can not handle standard C programs such as Qpopper.  You need a full, ANSI-standard C compiler.  You can obtain one from HP, or download the free gcc from gnu.  (Use the mirrors and links on their page, or ftp from their main ftp site.)

This indicates a Microsoft client tried to use the twinkie authentication mechanism, which is not standard and not supported.  You can just ignore this error, or ask your users to uncheck the client option to use it.

This indicates a syntax error in the specified configuration file.  To make it easier to track down, try adding set tracefile = path to the top of the configuration file.  This causes detailed debug information to be written to the file specified in path.  Then run Qpopper again, and check the file path to see specifics on the error.  When you have it working, you can delete (or comment out) the set tracefile.