qmail-popup(8) read a POP username and password


qmail-popup hostname subprogram


qmail-popup reads a POP username and password from the network. It then runs subprogram.

qmail-popup is most commonly invoked from inetd as

   qmail-popup CHANGEME checkpassword qmail-pop3d Maildir

with CHANGEME replaced by the fully qualified domain name of the local host.

qmail-popup expects descriptor 0 to read from the network and descriptor 1 to write to the network. It reads a username and password from descriptor 0 in POP's USER-PASS style or APOP style. It invokes subprogram, with the same descriptors 0 and 1; descriptor 2 writing to the network; and descriptor 3 reading the username, a 0 byte, the password, another 0 byte, an APOP timestamp derived from hostname, and a final 0 byte. qmail-popup then waits for subprogram to finish. It prints an error message if subprogram crashes or exits nonzero.

qmail-popup should be used only within a secure network. Otherwise an eavesdropper can steal passwords. Even if you use APOP, an active attacker can still take over the connection and wreak havoc.

qmail-popup has a 20-minute idle timeout.

qmail-popup is based on a program contributed by Russ Nelson.