------------------------- Contents ------------------------- General What's new Recent Changes New Installation Options APOP Command UIDL Command Drop Line Patch DECNET/OSI namespace support Node mapping via logical names ------------------------- General ------------------------- This is version 1.9u (beta 6) of the IUPOP3 server. The last official version made at Indiana University was 1.8-1. This file describes the changes between the original distribution of IUPOP3 version 1.8-1 and this version. The original files are found in /pub/vms/iupop3/v1.8 on ftp.indiana.edu. All the recent changes here are only tested on an OpenVMS 6.1 Alpha system with UCX 3.3 as TCP/IP stack. Use them on your own risk! Michael Stenns (stenns@vw.tci.uni-hannover.de) ------------------------- What's new in beta 6 ------------------------- new behavior of the logfile flush timer IUPOP3 1.8 flushes the logfile every three minutes. This was done via a close/open operation on the file. This did fail if the file was accessed by another process during the flush operation. Now the flush is done via fflush/fsync without closing the file and the file is updated within 30 seconds after write to it. number of required timer queue entrys added to start_iupop3.com start_iupop3.com contains now a additional line with "/queue_limit=20". fixed bug in mail_retrieve_message_headers() under some circumstances (a decnet mail was misinterpreted as internet mail) the message lines left to retrieve were wrong determined. This can happen if the from lines looks like "From : name". ------------------------- What's new in beta 5 ------------------------- new command "xtnd netstats" gives some informations about network accesses changed behavior for missing external messages IUPOP3 1.8 generated missing external mail files with an error message. This version does not create any mail file. The error message is generated on the fly. From client view there should no difference. changed behavior for entering update state In the update state messages marked as retrieved or deleted are moved to the mail or wastebasket folders (and probably deleted). IUPOP3 1.8 entered the update state even after a broken connection or a client timeout. For RFC 1725 and RFC 1939 compatibility the update state may only be entered after a quit command in transaction state. This beta is now conform to the standard. new method for detecting client timeouts IUPOP3 1.8 used the $setimr system service for this purpose. This required one timer queue entry per client. Normal timer queue quotas are 20 for system and 10 for user accounts, which is not sufficient to support up to 30 client threads. Now the threads are checked in regular intervals for timeouts, requiring no additional timer queue entrys. ------------------------- What's new in beta 4 ------------------------- new commandline option -timeout N This defines the client timeout in minutes. Default is like in the old versions 2 minutes. The internet standard (RFC 1939) defines a minimum value of 10 minutes. N can be any value between 1 and 1439 (24 * 60 - 1). new make option FAST_SCAN With this option enabled the size of the messages is estimated by their number of records (currently assuming 47 chars per line) rather than scanning through the mail directory. On a test mailbox (> 100 msg) the cpu time opening the maildrop is reduced from >1 to 0.02 seconds (and 1 cpu second could be 2-4 seconds in real life). The progress bar of the pop clients becomes less accurate - that's all. some bug fixes Through all versions of IUPOP3 the read buffer was too small to support the maximum record lenght (255 bytes) of the callable mail routines. This could cause a buffer overflow and some bytes could be lost. (Thanks to Karol Zielonko who solved the bug). A buffer overflow in beta 3 could overwrite the value of a pointer causing a program crash. A bug either in OpenVMS 6.1 alpha or in UCX 3.3 lets netclose() fail on a broken pipe. The socket is closed but the associated file descriptor remains unavailable. If this happens too often the server hung. The error status is now cleared before netclose is called. ------------------------- What's new in beta 1-3 ------------------------- This version supports additional two pop3 commands uidl and apop and some other patches/enhancements previously discussed on the iupop3-users@indiana.edu mailing list. See each section of this file for details. This beta adds no additional commands or make options. Changes are new commandline option -default_type [decnet | smtp] This defines how the server handles messages with only "name" in the from field. The server does currently not know if this are decnet or smtp messages. scanning for RFC 822 headers in mail_retrieve_message_headers This solves a old bug relating to the top command. The top command (top msg n) should return the header plus n lines of message msg. With version 1.8 this works only for decnet messages. The RFC 822 headers may not exceed 8192 bytes. handling a bug in callable mail of OpenVMS/VAX 6.? For very large messages (>1MB ?) the callable mail returns the MAIL$_NOMOREREC status code at the begin of the transfer. IUPOP3 tries to process the external file direct in this case. some fixes for OpenVMS 7.1 Because some callable mail routines now return word instead of longword values, this routines shouldn't be called with uninitialized values. And OpenVMS 7.1 has now a ioctl routine in the RTL's. improved performance IUPOP3 know uses a internal buffer (8 kb) in some routines to reduce qio's to the network. The unblock ast timer know increases from 50 msec up to 3 seconds instead of a constant value of 2 seconds. This reduces download time on fast connections. ------------------------- Recent Changes ------------------------- 8-Jul-1996 add the uidl command 16-Aug-1996 change of the errno.h behavior for multinet in IUPOP3_VMS.C. 21-Aug-1996 change of valid_vms_user() to check for expired accounts. 5-Sep-1996 Parse VMS "From:" header to recognize DECnet/OSI format 5-Sep-1996 Use logical names to map decnet names to RFC822 format 5-Jan-1997 add the apop command 12-Jan-1997 add the IGNORE_EXPIRED_PASSWORDS and SCAN_INTRUSION make options 12-Jan-1997 add a help commandline option for make.com 19-Jan-1997 top command works now correct for smtp (RFC822) messages 19-Jan-1997 new commandline option -default_type [decnet | smtp] ------------------------- New Installation Options ------------------------- There are four additional make options: IGNORE_EXPIRED_PASSWORDS Instructs the server not to check for expired passwords. This applies both to the user/pass combination and the apop command because the check is done in the valid_vms_user routine. SCAN_INTRUSION: substitute a new routine for PWDcheck: it controls the correctness of the given password via the sys$hash_password SS and before returning a code to the caller checks via sys$scan_intrusion if there is a current intrusion attempt from the address of the POP client for the same username. The code returned by PWDcheck reflects the answer of sys$scan_intrusion, that moreover updates the intrusion database. After a single password error the SHOW INTRUSION DCL command gives the following answer NETWORK SUSPECT 1 16:23:30.23 IUPOP3::193.76.205.67:uno The last field contains the source of the suspect intrusion. At least OpenVMS/VAX 6.1 or OpenVMS/Alpha 6.2 is required. The IUPOP3 process needs the security privilege. SEND_ORIG_HEADER This may be only of interrest for UCX users. If not configured otherwise UCX puts the original mail header behind the message after the line "================== RFC 822 Headers ==================". When compiled with this option IUPOP3 removes the line above and sends the text behind (the original header) at the top of the message. Use it in conjunction with the IGNORE_MAIL11_HEADERS option. MAIL_FOLDER With this option enabled IUPOP3 offers the MAIL instead of the NEWMAIL folder. All messages in the NEWMAIL folder is moved to the MAIL folder before the MAIL folder is opened. This has the advantage that the mail did not disappear after read and you can see the mails read with other clients (like VMS Mail). The disadvantage is that IUPOP3 may need significant more resources, both memory and cpu utilisation. Because most clients don't like if they see only a part of the maildrop, the maximum messages shown per connection must be set to a very high value. The default is 500 with this option enabled and 20 otherwise. The value can also be set through the -maxmsg command line option (see readme.txt). Commandline parameters of the make.com script can now specified in any order. Currently supportet are: help | ucx | wins | multinet | mms | mmk | nomms make_option | "/mms_parameter" Examples: $ @MAKE help $ @MAKE UCX MMS "IGNORE_MAIL11_HEADERS,PERSONAL_NAME" $ @MAKE ignore_mail11_headers,personal_name mms $ @MAKE ignore_mail11_headers, personal_name mms "/from_sources" $ @MAKE IGNORE_MAIL11_HEADERS, MAIL_FOLDER SEND_ORIG_HEADER ------------------------- APOP Command ------------------------- The APOP command implements a additional authorization mechanism. On connect the client get a time stamp from the server, combines it with the password and sents the MD5 digest string of this combination back to the server. Security is enhanced because the digest string changes on every connect. The POP server has to know the password (shared secret) as clear text. It is read from the first line of the file "pop_secret.dat" in the user's mail directory. The filename is the same as the UCX 4.x server use. In this implementation the shared secret has to be from eight up to 512 characters and is case sensitive. It should not be the same as the password for interactive login! ------------------------- UIDL Command ------------------------- IUPOP3 implements an POP3 Server based on RFC 1460, which was superseded by RFC 1725. The changes made here add the UIDL command as described in RFC 1725 to the IUPOP3 server. The UIDL command is used by some newer clients like the netscape navigator and the microsoft internet mail. On servers without the uidl command the mail is always deleted by these clients. Use this version on your own risk! It was tested only on OpenVMS 6.1/ALPHA with UCX Version V3.3! ---- Details: The following lines are from RFC1725.TXT: The unique-id of a message is an arbitrary server-determined string, consisting of characters in the range 0x21 to 0x7E, which uniquely identifies a message within a maildrop and which persists across sessions. The server should never reuse an unique-id in a given maildrop, for as long as the entity using the unique-id exists. I used the user name and the arrival date of a mail message for building the unique-id string. The large number at the end of the string is directly build from the quadword binary value of the message arrival date. This should be unique to each mail on the system for a given user. This is an example response to the UIDL Command from RFC 1725: Examples: C: UIDL S: +OK S: 1 whqtswO00WBw418f9t5JxYwZ S: 2 QhdPYR:00WBw1Ph7x7 S: . This is an example response from the modified IUPOP3 server: Examples: C: UIDL S: +OK S: 1 user_10112310281319730 S: 2 user_101123212694823619 S: . good luck Michael ------------------------- Drop Line Patch ------------------------- The following lines are from a letter from Rick Westerman (westerm@purdue.edu) to B. Pauwels (bpwl@sbc.picanol.be): [snip] The following is a bug fix by Karol Zielonko (zielonko@ucx.lkg.dec.com) and myself. If you have been following the 'iupop3' mailing list for the last couple of weeks (Apr-May, 1996) then you have already seen the fix. This message simply ties together the various messages that Karol and myself have posted. My public thanks to Karol for pointing out how my original fix didn't take into account what would happen when it was used with multiple threads. My only defense in not noticing this problem before is that my server is very lightly loaded with a maximum of three threads running at a time. There is a bug that can corrupt BinHex attachments under certain conditions and certain releases of IUPOP3. This bug effects release 1.8 (the most recent) of IUPOP3 built with the "IGNORE_MAIL11_HEADERS" option. While the fix is simple and shouldn't effect any other parts of the program, as usual, use at your own risk. The fix requires the modification of two source files: [... Description of the fix follows] Michael ------------------------- DECNET/OSI namespace support ------------------------- When mail is delivered via DECnet, the VMS From: line can be any of these formats: username [ If no DECnet ] node::username [ if DECnet phase IV ] namespace:.node::username [ if DECnet Phase V ] Previously, IUPOP3 did not support the last of these. Now the namespace portion is removed, to leave just "node::username". Andy Harper Kings College London ------------------------------- Node mapping via logical names ------------------------------- The DECnet address is mapped by IUPOP3 as follows: nodename::username ---> username@nodename With this enhancement, the nodename is subjected to a further translation using logical names of the form "IUPOP3_NODE_nodename' and the translation, if any, replaces the "nodename" string. For example: if the logical name IUPOP3_NODE_BLACK is defined as "CAMPUS.EDU" and the DECnet address is: BLACK::JOHN The resultant string translation goes like this: 1. BLACK::JOHN --> JOHN@BLACK 2. Translate IUPOP3_NODE_BLACK to get "CAMPUS.EDU" 3. Replace BLACK by CAMPUS.EDU to get JOHN@CAMPUS.EDU This is very useful for mapping systems in a cluster. Andy Harper Kings College London