Frequently Asked Questions for tpop3d
$Id: FAQ,v 1.3 2001/10/26 22:28:32 chris Exp $

1. How can I do POP-before-SMTP relaying with tpop3d?

   The game here is to have some table which your MTA consults to determine
   whether a client may relay through this server. Successful POP connections
   cause the connected host to be allowed to relay for a few minutes, so that
   a client whose PC-based MUA retrieves mail and then sends other mail can be
   allowed to do so without opening your server to all sorts of bad
   spam-related abuse.
   
   There are two basic approaches:
   
        - watch the system log for a tell-tale line, and use this to trigger
          addition of an entry to a table;
   
        - have the POP server set this up itself.
   
   For the first approach, a suitable log line to use will (ignoring the date,
   time, process name and PID generated by syslog) look like: 
   
       fork_child: [6]chris(10.73.32.1): successfully authenticated with pam
   
   A perl statement to parse this looks like
   
       $user, $host, $method) =
           ($line =~ m/^fork_child:\ \[\d+\]([^\s(]+)\(([0-9.]+)\):
                           \ successfully\ authenticated\ with\ ([^\s]+)$/x);
   
   where $line contains the part of the syslog line corresponding to the
   example shown above.
   
   Bear in mind that this syslog-watching approach is only as secure as the
   contents of your system log, by which I mean `not very':
   
   $ logger -t 'tpop3d[1234]' -p mail.info \
       'fork_child: [42]billg(12.34.56.78) successfully authenticated with pam' 
 
   Of course, this may not be an issue if there are no shell users on your
   POP3 server system.
   
   
   The alternative is to have tpop3d trigger addition of a client to the
   allowed-to-relay table. If you are happy to alter the C code, then the best
   thing to do is to insert some code at the same place that the above log
   line is generated to do whatever book-keeping you need. This is in the
   function fork_child in main.c. . Alternatively, you could write an auth-perl
   or auth-other authenticator which did the dirty work for cases of successful
   authentication. Of course, this means that you have to implement the
   authentication yourself, too, which is slightly wasteful.

   If there's enough demand, I may add configurable hooks for this sort of
   thing.


2. I want to use auth-mysql, but my database schema doesn't look like
   yours....

   Thanks to Mike Bremford, it is now possible to configure the SQL queries
   used by tpop3d at runtime. Look for the auth-mysql-pass-query and
   auth-mysql-apop-query directives in tpop3d.conf(5).


3. Do you have precompiled binaries for $operating_system?

   No. There are RPMs, .deb packages and a FreeBSD Port for tpop3d maintained
   by various people, but I don't maintain any packages or precompiled
   binaries myself, nor am I likely to do so in the future.

   My rationale here is that tpop3d is heavily configurable at compile-time.
   If I were to produce (say) RPMs for tpop3d, then I would need to either
   produce a single kitchen-sink package, with dependencies upon perl and
   MySQL which many users would not want, or produce a variety of
   differently-configured packages for the different combinations of
   authenticators, mailboxes, snideness and so forth. This would rapidly
   become silly in a combinatorial sense.

   The alternative would obviously be to produce a source package. It appears
   that this is not now necessary, since newer versions of the package tools
   can obtain this information from files in a standard .tar.gz file.


4. I see that tpop3d supports MySQL, but I want to use another/a proper
   database....

   You can, if you want, write a database authentication driver in C, using
   auth_mysql as an example. However, a better approach would be to write an
   authenticator in a scripting language such as Perl or Python, and have
   tpop3d call it through the auth_perl or auth_other mechanisms. There is a
   perl example for Oracle (contributed by Paul Makepeace) in the scripts/
   subdirectory of the distribution.

