diff options
| -rw-r--r-- | INSTALL | 29 | ||||
| -rw-r--r-- | Makefile.in | 5 | ||||
| -rw-r--r-- | NEWS | 9 | ||||
| -rw-r--r-- | README | 9 | ||||
| -rw-r--r-- | configure.in | 1 | ||||
| -rw-r--r-- | design-notes.html | 1 | ||||
| -rw-r--r-- | fetchmail.man | 32 | ||||
| -rw-r--r-- | pop3.c | 41 |
8 files changed, 99 insertions, 28 deletions
@@ -1,6 +1,6 @@ INSTALL Instructions for fetchmail -If you have installed binaries (e.g. from an RPM) you can skip to step 4. +If you have installed binaries (e.g. from an RPM) you can skip to step 5. If you are a Linux system packager, be aware that the build process generates an RPM spec file at fetchmail.spec, and you can "make rpm" to generate an @@ -10,7 +10,20 @@ The Frequently Asked Questions list, included as the file FAQ in this distributions, answers the most common questions about configuring and running fetchmail. -1. CONFIGURE +1. USEFUL THINGS TO INSTALL FIRST + +If you want support for RFC1938-compliant one-time passwords, you'll +need to install Craig Metz's OPIE libraries first. The fetchmail +build process will detect them and configure appropriately. + +Note: there is no point in doing this unless your server is +OTP-enabled. To test this, telnet to the server port and give it +a valid USER id. If the OK response includes the string "otp-", +you should install OPIE. + +The OPIE library sources are available at ftp://ftp.inner.net/pub/opie. + +2. CONFIGURE Installing fetchmail is easy. From within this directory, type: @@ -50,7 +63,7 @@ If you're running QNX, edit the distributed Makefile directly. The QNX values for various macros are there but commented out; all you have to do is uncomment them. -2. MAKE +3. MAKE You may find you need flex at version 2.5.3 or greater to build fetchmail. The stock lex distributed with some versions of Linux does @@ -63,7 +76,7 @@ Run This should compile fetchmail for your system. -3. INSTALL +4. INSTALL Lastly, become root and run @@ -77,14 +90,14 @@ NOTE: If you are using an MTA other than sendmail (such as qmail, exim, or smail), see the FAQ (section T) for discussion of any special configuration steps that may be necessary. -4. SET UP A RUN CONTROL FILE +5. SET UP A RUN CONTROL FILE See the man page and the file sample.rcfile for a description of how to configure your individual preferences. If you're upgrading from popclient, see question F4 in the FAQ file. -5. TEST +6. TEST I strongly recommend that your first fetchmail run use the -v and -k options, in case there is something not quite right with your server, @@ -96,11 +109,11 @@ freeware POP3 servers; also with the IMAP2bis and IMAP4 servers that are distributed with Pine from the University of Washington. This covers all the servers normally hosted on Linux and *BSD systems. -6. REPORTING BUGS +7. REPORTING BUGS You should read the FAQ file question G3 before reporting a bug. -7. USE IT +8. USE IT Once you've verified your configuration, you can start fetchmail to run in background and forget about it. Enjoy! diff --git a/Makefile.in b/Makefile.in index 5445622f..8ab9c207 100644 --- a/Makefile.in +++ b/Makefile.in @@ -3,7 +3,7 @@ # If you're running QNX, we can't assume a working autoconf. # So just uncomment all the lines marked QNX. -VERS=4.0.1 +VERS=4.0.2 # Ultrix 2.2 make doesn't expand the value of VPATH. srcdir = @srcdir@ @@ -147,7 +147,8 @@ distclean: clean -rm -f fetchmail.log fetchmail.toc fetchmail.*aux realclean: distclean # fetchmail.info* - rm -f FAQ FEATURES + rm -f FAQ FEATURES NOTES \ + MANIFEST config.cache config.log configure Makefile mostlyclean: clean @@ -15,14 +15,19 @@ Release Notes: ------------------------------------------------------------------------------ -fetchmail-4.0.1 (Wed Jul 16 14:32:08 EDT 1997) +fetchmail 4.0.2 () +* Experimental RFC1938 one-time password support using OPIE library, + courtesy of Craig Metz <cmetz@inner.net> (couthor of RFC1938). -(Minor cleanup release for non-Linux systems.) +Private release to Craig Metz only for OPIE testing. +There are 251 people on the fetchmail-friends list. +fetchmail-4.0.1 (Wed Jul 16 14:32:08 EDT 1997) * Compilation cleanup for DEC Unix 4.0 and AIX. * Corrected the machinery for remote builds. * Minor improvements in failed-connection error messages. +A minor cleanup release for non-Linux systems. There are 254 people on the fetchmail-friends list. ------------------------------------------------------------------------------ @@ -2,13 +2,16 @@ fetchmail is a free, full-featured, robust, well-documented remote mail retrieval and forwarding utility intended to be used over -on-demand TCP/IP links (such as SLIP or PPP connections). It supports -POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP (including IMAP4rev1 -with RFC1731 Kerberos v4 authentication), and ESMTP ETRN. It +on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be be read by normal mail user agents such as elm(1) or Mail(1). +fetchmail supports standard all mail-retrieval protocols in use on the +Internet: POP2, POP3 (including POP3 with RFC1938 one-time passwords), +RPOP, APOP, KPOP, all flavors of IMAP (including IMAP4rev1 with +RFC1731 Kerberos v4 authentication), and ESMTP ETRN. + The fetchmail code was developed under Linux, but has also been extensively tested under 4.4BSD, AIX, Solaris and NEXTSTEP. It should be readily portable to other Unix variants (it uses GNU autoconf). It diff --git a/configure.in b/configure.in index 5939a046..241140d7 100644 --- a/configure.in +++ b/configure.in @@ -34,6 +34,7 @@ AC_SUBST(LIBOBJS) AC_CHECK_LIB(nsl,inet_addr) AC_CHECK_LIB(socket,socket) AC_CHECK_LIB(inet,socket) +AC_CHECK_LIB(opie,opiegenerator) AC_CHECK_FUNC(strstr, AC_DEFINE(HAVE_STRSTR), [EXTRASRC="$EXTRASRC \$(srcdir)/strstr.c" diff --git a/design-notes.html b/design-notes.html index 8b08efe8..134f0066 100644 --- a/design-notes.html +++ b/design-notes.html @@ -368,6 +368,7 @@ all shaped the design in one way or another.<P> <DT>RFC1891<DD> SMTP Service Extension for Delivery Status Notifications <DT>RFC1893<DD> Enhanced Mail System Status Codes <DT>RFC1894<DD> An Extensible Message Format for Delivery Status Notifications +<DT>RFC1938<DD> A One-Time Password System <DT>RFC1939<DD> Post Office Protocol - Version 3 <DT>RFC1985<DD> SMTP Service Extension for Remote Message Queue Starting <DT>RFC2060<DD> Internet Message Access Protocol - Version 4rev1 diff --git a/fetchmail.man b/fetchmail.man index 964beb4c..e2b4ce62 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -421,8 +421,13 @@ Kerberos preauthentication (either with --auth or the \fI.fetchmailrc\fR option \fBauthenticate kerberos_v4\fR) it will try to get a Kerberos ticket from the mailserver at the start of each query. .PP -If you use IMAP-K4 the code will expect the IMAP server to have -RFC1731-conformant AUTHENTICATE KERBEROS_V4 capability. +If you use IMAP-K4, \fIfetchmail\fR will expect the IMAP server to have +RFC1731-conformant AUTHENTICATE KERBEROS_V4 capability, and will use it. +.PP +If you are using POP3, and the server issues a one-time-password +challenge conforming to RFC1938, \fIfetchmail\fR will use your +password as a pass phrase to generate the required response. This +avoids sending secrets over the net unencrypted. .SH DAEMON MODE The @@ -1162,16 +1167,16 @@ The RFC822 parser used in multidrop mode chokes on some @-addresses that are technically legal but bizarre. Strange uses of quoting and embedded comments are likely to confuse it. .PP -Use of any of the supported protocols other than APOP, KPOP, IMAP-K4, -or ETRN requires that the program send unencrypted passwords over the -TCP/IP connection to the mailserver. This creates a risk that -name/password pairs might be snaffled with a packet sniffer or more -sophisticated monitoring software. Under Linux, the --interface -option can be used to restrict polling to availability of a specific -interface device with a specific local IP address, but snooping is -still possible if (a) either host has a network device that can be -opened in promiscuous mode, or (b) the intervening network link can be -tapped. +Use of any of the supported protocols other than POP3 with OTP, APOP, +KPOP, IMAP-K4, or ETRN requires that the program send unencrypted +passwords over the TCP/IP connection to the mailserver. This creates +a risk that name/password pairs might be snaffled with a packet +sniffer or more sophisticated monitoring software. Under Linux, the +--interface option can be used to restrict polling to availability of +a specific interface device with a specific local IP address, but +snooping is still possible if (a) either host has a network device +that can be opened in promiscuous mode, or (b) the intervening network +link can be tapped. .PP Send comments, bug reports, gripes, and the like to Eric S. Raymond <esr@thyrsus.com>. An HTML FAQ is available at the fetchmail home @@ -1208,3 +1213,6 @@ RFC 1730, RFC 1731, RFC 1732, RFC 2060, RFC 2061 .TP 5 ETRN: RFC 1985 +.TP 5 +OTP: +RFC 1938 @@ -19,6 +19,10 @@ #include "fetchmail.h" #include "socket.h" +#if HAVE_LIBOPIE +#include <opie.h> +#endif /* HAVE_LIBOPIE */ + #define PROTOCOL_ERROR {error(0, 0, "protocol error"); return(PS_ERROR);} #define LOCKBUSY_ERROR {error(0, 0, "lock busy! Is another session active?"); return(PS_LOCKBUSY);} @@ -27,6 +31,10 @@ extern char *strstr(); /* needed on sysV68 R3V7.1. */ static int last; +#if HAVE_LIBOPIE +static char lastok[POPBUFSIZE+1]; +#endif /* HAVE_LIBOPIE */ + int pop3_ok (int sock, char *argbuf) /* parse command response */ { @@ -47,7 +55,12 @@ int pop3_ok (int sock, char *argbuf) *(bufp++) = '\0'; if (strcmp(buf,"+OK") == 0) + { +#if HAVE_LIBOPIE + strcpy(lastok, bufp); +#endif /* HAVE_LIBOPIE */ ok = 0; + } else if (strcmp(buf,"-ERR") == 0) { /* @@ -79,6 +92,9 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) /* apply for connection authorization */ { int ok; +#if HAVE_LIBOPIE + char *challenge; +#endif /* HAVE_LIBOPIE */ /* build MD5 digest from greeting timestamp + password */ if (ctl->server.protocol == P_APOP) @@ -118,7 +134,30 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) if ((gen_transact(sock, "USER %s", ctl->remotename)) != 0) PROTOCOL_ERROR - if ((ok = gen_transact(sock, "PASS %s", ctl->password)) != 0) +#ifdef HAVE_LIBOPIE + /* see RFC1938: A One-Time Password System */ + if (challenge = strstr(lastok, "otp-")) + { + char response[OPIE_RESPONSE_MAX+1]; + + if (ctl->password && !strcmp(ctl->password, "opie")) + { + if (ok = opiegenerator(challenge, "", response)) + if (ok != 2) + PROTOCOL_ERROR + } + else if (opiegenerator(challenge, ctl->password, response)) + PROTOCOL_ERROR + + ok = gen_transact(sock, "PASS %s", response); + } + else +#else + /* ordinary validation, no one-time password */ + ok = gen_transact(sock, "PASS %s", ctl->password); +#endif /* HAVE_LIBOPIE */ + + if (ok != 0) { if (ok == PS_LOCKBUSY) LOCKBUSY_ERROR |