Hi, We have been using solidpop3d for a few months with a couple of modifications we had to do. We pulished them now so you are able to use it and, if you want to, incorporate them in future versions. Our mail server is ZMailer (see http://zmailer.org). First, we added support for LDAP authentication (since we have our users in an LDAP DIT). Second, we added support for POP before SMTP. For this, we are using a small contributed-to-zmailer protocol called "whoson". This protocol allows remote "login", "logout" and "verify" of IP addressess with username information to a small "on line users database" indexed by IP address with username and timestamp info in it. It can be used from, say, a radius server, to allow to asociate smtp messages coming from an IP address with a radius user. In our case, as we only provide e-mail (and, in fact, we don't have trustable IP addresses), we use it to asociate smtp messages coming from an IP address with a POP or IMAP user. Since, in the case of POP the user is not logged into de POP server while he/she is sending the mail, and rather, logs to POP, downloads, exits POP and THEN he/she connects to SMTP, we only use the "login" and our SMTP server verifies using a predefined timeout. That is, the SMTP does the following (simplified): -if the message is inbound, allow it. -if the message is oubound: -verify the IP of the client in the whoson database -if you don't find it, reject it. -if you find it: -if the time elapsed since the timestamp is greater than your predefined timeout, reject it. -else, allow the realying and put the username in the Received: header generated. For this to work, and taking into account that we could have relatively short timeouts and maybe long POP download times, we do a "whoson login" with the user authentication AND with the user's POP logout. So, in POP, we do this "whoson login" right after the authentication and right after the client send the QUIT (obviously, having had a correct authentication :-) ====================================================================== In order to implement this stuff, we modified four files, and added two more. Modified files: configure.in acconfig.h src/main.c src/Makefile.in new files: src/auth_ldap.h src/auth_ldap.c The new files, along with "diff -u"s of the modified versions (relative to the 0.15 tarball, no CVS) are attached. ====================================================================== To enable the use of this options you have to use the following configure options: --enable-whoson=PATH compile server with whoson support where PATH is the PATH you have whoson installed (defaults to /usr/local/whoson) --enable-ldap=PATH compile server with ldap authentication support where PATH is the PATH you have LDAP installed (defaults to /usr/local/ldap) --with-ldapconfigfile define ldap config file (default is /etc/ldap.conf) --with-uidmaildir define owner of the maildir directory (default nobody). This is the Unix user which will read and write to the maildirs... it has to have read/write permissions on the maildirs. ======================================================================= # # Example /etc/ldap.conf file # # You must at least define "base", "ldaphost", "filter" & "attr". # base ou=mailUsers,o=exampleOrganization ldaphost ldap.example.com ldapport 389 binddn cn=ReadOnlyUser, o=exampleOrganization passwd secret filter (&(objectclass=mailUser)(uid=%s)) passattr userPassword attr maildirFileName scope sub ======================================================================= We added a -n option to solidpop3d to handle a base path from where maildirFileName is relative. You can use it from /etc/inetd with: pop-3 stream tcp nowait root /usr/sbin/tcpd \ /usr/local/sbin/spop3d -n /maildir-base/%s -t maildir if in the maildirFileName attribute you have "/x/y/somebody", it will look for the maildir in /maildir-base/x/y/somebody. ========================================================================== Acknowledgements: This stuff wasn't made by me... I am only the "guy who better writes in English" :-) The author is Edgardo Szulsztein <email@example.com>. The LDAP code was taken from the ZMailer LDAP code made (as stated in the source code) by: Lai Yiu Fai | Tel.: (852) 2358-6202 Centre of Computing Services | Fax.: (852) 2358-0967 & Telecommunications | E-mail: firstname.lastname@example.org | The Hong Kong University of | Clear Water Bay, Science & Technology | Kowloon, Hong Kong. -- Mariano Absatz - El Baby mailto:email@example.com http://www.baby.com.ar/ PGP KEYS: http://www.baby.com.ar/datos/personales.html#claves_pgp |\ _ _\\/'> Powered by Pegasus Mail /|__) http://www.pmail.com ) )\ ----------------------------------------------------------- Programming is an art form that fights back.