Re: [cobalt-security] [Fwd: Cobalt Security Advisory - 07.24.2000 - Qpopper]

[zim <zim@xxxxxxxx>]

At 12:17 25.07.00 -0500, dan@xxxxxxxxxxxx wrote:

> I just installed the new Raq2 Qpopper package on my Raq 2 and rebooted. I
> also installed the POP before SMTP package about a month ago. Before I
> installed the Qpopper fix everything worked fine. Now I get the message
> below from any account on the server.

The format of the POP login lines in the log changed.
Instead of "login by user" it says now "login for user"
(or vice versa, i don't remember exactly).

Assuming that the pop-per-smtp is the same on
a RaQ2 as on a RaQ3 the following needs to be
done:

Telnet to your server, look at the log.
Check the poprelayd script and change
the scanaddr() subroutine to accept the
new format. Stop and restart poprelayd.

I posted the poprelayd script which I'm
using on a RaQ3 early sunday into cobalt_users.
Subject was:
RaQ3: Modified poprelayd script for qpopper 3.0.2

But I assume the script is identical on both
RaQ2 and RaQ3 - it's only a perl script, hmmm?

BTW. The modified script I posted accepts old and new
qpopper format as well as IMAP-login lines.
Perhaps Cobalt wants to include it into the
pop-before-smtp package? If so - feel free to do it.


Michael

--

Samurais help each other - victims don't.