upgrde to 3.1.2, as 2.x had security issues and there's no support given

any longer to 2.x.

NOTE: kerberos support is dropped, kerberos guru please re-do it...


from ftp://ftp.qualcomm.com/eudora/servers/unix/popper/Release.Notes

Release Notes:

3.1
           Can now set server mode and kerberos service name using
        run-time options.
           Can now specify plain-text password handling when APOP is
        available using '-p 0|1|2|3' run-time option. 0 is default;
        1 means clear text passwords are never permitted for any user;
        2 means they are always permitted (even if an APOP entry exists),
        which allows them to be used as a fallback when clients don't
        support APOP); 3 means they are permitted on the local interface
        (127.*.*.*) only.
           Added '-D drac-host' run-time option to specify the drac host.
        Only valid if compiled with --enable-drac.  The default is
        localhost.
           Added '-f config-file' run-time option.  Additional run-time
        options are read from the specified file.  All current run-time
        options can now be set this way.  See INSTALL file for option
        names and syntax.
           Added '-u' run-time option to read '.qpopper-options' file in
        user's home directory.
           Added Kerberos V support.
           BULLDB access now uses usleep(3C) if available, resulting in
        many more access attempts with a shorter maximum delay.
           Added run-time options 'bulldb-nonfatal' (-B) and
        'bulldb-max-retries' to allow fine control over BULLDB access
        behavior.  'bulldb-nonfatal' allows a session to continue if
        the bulletin database can't be locked.  'bulldb-max-retries'
        sets the maximum number of attempts to lock the database.  This
        value should only be changed if you know if your system has
        usleep(3C) or not.  On systems with usleep(3C), this can be a
        large value (the default is 75).  On systems without usleep(3C),
        this should remain small (the default is 10).
           Added new ./configure flags (see INSTALL for more details):
              --enable-timing to write log records with elapsed time for
                   authentication, initialization, and cleanup.
              --enable-old-uidl to generates UIDs using old (pre-3.x)
                   style encoding.  This is only useful if you also set
                   NO_STATUS and have existing users with old (pre-3.x)
                   spool files and you want to keep the UIDs the same.
              --disable-status to prevent Qpopper from writing 'Status'
                   or 'X-UIDL' headers (sets NO_STATUS).  This forces
                   UIDs for each message to be recalculated in each
                   session.
              --enable-keep-temp-drop to prevents Qpopper from deleting
                   the temp drop files.
              --disable-check-pw-max to prevent Qpopper from checking
                   for expired passwords.
              --disable-old-spool-loc to not check for old .user.pop
                   files in old locations when HASH_SPOOL or HOMEDIRMAIL
                   used.
              --disable-check-hash-dir to not check for or create hash
                   spool directories.  Use this if you pre-create the
                   directories.
              --enable-server-mode-group-include=group to set server
                   mode for users in the specified group.
              --enable-server-mode-group-exclude=group to set server
                   mode OFF for users in the specified group.
              --enable-secure-nis-plus for use with secure NIS+.
              --disable-optimizations to turn off compiler optimizations.
              --with-kerberos5 for Kerberos V support (using patch from
                   Ken Hornstein).
              --enable-any-kerberos-principal to accept any principal in
                   the client request.
              --enable-kuserok to use kuserok() to vet users.
              --enable-ksockinst to use getsockinst() for Kerberos
                   instance.
              --enable-standalone to create standalone POP daemon instead
                   of being run out of inetd.  Can specify IP address
                   and/or port number to bind to as parameter 1, e.g.,
                   'popper 199.46.50.7:8110 -S' or 'popper 8110 -S -T600'.
                   If not specified, IP address defaults to all available.
                   The default port is 110 except when _DEBUG (not simply
                   DEBUG) is defined, then it is 8765.
              --enable-auth-file=path to permit access only to users listed
                   in the specified file.  Format is one user per line.
              --enable-nonauth-file=path to deny access to users listed in
                   the specified file.  Format is one user per line.
              --disable-update-abort to avoid the default behavior of going
                    into update mode if the session aborts (the default
                    behavior violates of RFC 1939, but was found to be
                    needed when noisy dialup lines otherwise prevented users
                    from ever deleting messages).
                                            ([RCG])

3.0
           Both dot-locking and flock() now used on all platforms.  (On some
        systems we emulate flock() using fcntl).
           Added POP3 extensions(CAPA). The extensions added so far are
        X-MANGLE, LOGIN-DELAY and EXPIRE.
           X-MANGLE condenses Mime messages into a single part for ease of
        use by lightweight clients. The transformations supported through
        X-MANGLE are to and from text/plain, format=flowed, and text/html.
           As a way to enable MIME-mangling with clients that do not
        support XMANGLE, add "-no-mime" to the user name.  For example,
        if the userid is"mary", enter it in the client as "mary-no-mime".
           The optional LOGIN-DELAY and EXPIRE values are only announced
        through the CAPA command.  The values to announce are passed as
        command line switches.  Actual enforcement of minimum login delay
        and message expiration is up to the site by some other means.
        (For example, a simple script run from crontab could be used for
        message expiration.)  Qpopper does support automatic deletion of
        downloaded messages through the --enable-auto-delete configure
        flag.  This can be used to effect EXPIRE 0 (no retention).
           Added new run-time options: -R to disable reverse-lookups on client
        IP addresses; -c to downcase user name.
           A failure at some point in a transaction now releases all locks
        explicitly. Certain paths do not release locks where SysV .lock files
        are created.
           Fixed bugs with Bulletin Services and Server mode.
           DEBUGn macros for debug and trace messages.
           Added new ./configure flags (see INSTALL for more details):
              --with-warnings for extra compiler warnings.
              --enable-shy to hide qpopper's version number in the
                    banner and CAPA IMPLEMENTATION tag.
              --enable-auto-delete to automatically mark for deletion
                    all messages downloaded with RETR.
              --enable-hash-spool=1|2 to use hashed spool directories.
              --enable-home-dir-mail=file to use a spool file in the
                   user's home directory.
              --enable-bulldb=path to enable bulletins and set the path
                   for the bulletin directory.
              --with-new-bulls=number to specify the maximum number
                   of bulletins for new users (default is 10).
              --enable-popbulldir=path to specify an alternate location
                    for users' popbull files.
              --enable-log-login to log successful user logins.  This
                   can be used, for example, to validate subsequent
                   SMTP sessions from the same IP address within a
                   short time period, in the absence of SMTP AUTH
                   support by client and server. (Suggested by Andy
                   Harper et al).
              --with-pam=service-name to authenticate using PAM (based
                    on patch contributed by German Poo).
              --with-log-facility=name to specify the log facility.
                    Default is LOG_LOCAL1 or LOG_MAIL, depending on the
                    OS.
              --enable-uw-kludge to check for and hide a UW IMAP status
                    message.
              --enable-group-bulls to show bulletins by groups (group
                    name is second element in bulletin name).  Based on
                    patch by Mikolaj Rydzewski.
              --enable-timing to report timing information in the log.
              --enable-drac to use DRAC.  Based on patches by Mike
                    McHenry, Forrest Aldrich, Steven Champeon, and others.
           Added file popper/banner.h -- modify this file to add a custom
        banner and CAPA IMPLEMENTATION tag suffix.  Note that if you modify
        qpopper you should indicate this using banner.h.
           Improved error messages and warnings: warning "Unable to get
        canonical name of client" now includes IP address of client; logging
        added for I/O errors and discarded input (line too long); added errno
        to POP EOF -ERR message; "Possible probe of account" warning now logged
        as WARNING, not CRITICAL.

1 files changed, 0 insertions, 106 deletions

diff --git a/mail/qpopper/patches/patch-ag b/mail/qpopper/patches/patch-ag
deleted file mode 100644
index 7fdd567272e..00000000000
--- a/mail/qpopper/patches/patch-ag
+++ /dev/null
@@ -1,106 +0,0 @@
-$NetBSD: patch-ag,v 1.6 1999/09/15 21:30:59 tron Exp $
-
---- popper.8.orig	Fri Jul 10 01:44:08 1998
-+++ popper.8	Wed Sep 15 23:28:17 1999
-@@ -10,11 +10,11 @@
- .\"
- .\" @(#)@(#)popper.8	2.3    2.3    (CCS)   4/2/91     Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n
- .\"
--.TH popper 8 "August 1990"
-+.TH qpopper 8 "August 1990"
- .UC 6
- .ad
- .SH NAME
--popper \- pop 3 server
-+qpopper \- Qualcomm pop 3 server
- .SH SYNOPSIS
- .B /usr/etc/popper
- [ -d ]
-@@ -24,7 +24,7 @@
- [ -T timeout]
- [ -b bulldir]
- .SH DESCRIPTION
--.I Popper
-+.I Qpopper
- is an implementation of the Post Office Protocol server that runs on a
- variety of Unix computers to manage electronic mail for Macintosh
- and MS-DOS computers.  The server was developed at the University of
-@@ -42,12 +42,12 @@
- .PP
- The
- .B \-k
--flag enables kerberos authentication when popper has been compiled with
-+flag enables kerberos authentication when qpopper has been compiled with
- the KERBEROS define.  You must already have libraries that support Kerberos.
- .PP
- The
- .B \-s
--flag turns on statistics logging using syslog(8). At the end of each popper
-+flag turns on statistics logging using syslog(8). At the end of each qpopper
- session, the following information is logged: username, number of 
- messages deleted, number of bytes deleted, number of message left on server,
- number of bytes left on server.
-@@ -58,7 +58,7 @@
- session with a pop client.  
- When the server is waiting for a command to arrive from the client, it
- times out after the specified number of seconds and terminates the session.
--This avoids having popper processes hang forever waiting for command input
-+This avoids having qpopper processes hang forever waiting for command input
- from clients which have terminated abnormally.
- A small value is ok for small to medium nets where
- the network delay is within a few seconds.  In this case 15-30 seconds is
-@@ -99,19 +99,19 @@
- is replaced by "To: username@thishost", and any "Status:" header lines are 
- deleted. Otherwise, the bulletin is copied as is.
- .PP
--When a new user checks for mail the first time, popper creates the .popbull 
-+When a new user checks for mail the first time, qpopper creates the .popbull 
- file in the user's home directory and seeds it with the current maximum 
- bulletin number. Thus new users do not get old bulletins.
- .SH THE POP TRANSACTION CYCLE
- .PP
--The Berkeley POP server is a single program (called popper) that is
-+The Qualcomm POP server is a single program (called qpopper) that is
- launched by inetd when it gets a service request on the POP TCP port.
- (The official port number specified in RFC 1081 for POP version 3 is
- port 110.  However, some POP3 clients attempt to contact the server at
- port 109, the POP version 2 port.  Unless you are running both POP2 and
- POP3 servers, you can simply define both ports for use by the POP3
- server.  This is explained in the installation instructions later on.)
--The popper program initializes and verifies that the peer IP address is
-+The qpopper program initializes and verifies that the peer IP address is
- registered in the local domain, logging a warning message when a
- connection is made to a client whose IP address does not have a
- canonical name.  For systems using BSD 4.3 bind, it also checks to see
-@@ -122,7 +122,7 @@
- server's host machine.  No other exchanges are allowed during this
- state (other than a request to quit.)  If authentication fails, a
- warning message is logged and the session ends.  Once the user is
--identified, popper changes its user and group ids to match that of the
-+identified, qpopper changes its user and group ids to match that of the
- user and enters the transaction state.  The server makes a temporary
- copy of the user's maildrop which is
- used for all subsequent transactions.  These include the bulk of POP
-@@ -141,18 +141,18 @@
- file, usually /usr/spool/mqueue/syslog.
- .SH DEBUGGING
- .PP
--The popper program will log debugging information when the -d parameter
-+The qpopper program will log debugging information when the -d parameter
- is specified after its invocation in the inetd.conf file.  Care should
- be exercised in using this option since it generates considerable
- output in the syslog file.  Alternatively, the "-t <file-name>" option
- will place debugging information into file "<file-name>" using fprintf
- instead of syslog.
- .PP
--For SunOS version 3.5, the popper program is launched by inetd from
-+For SunOS version 3.5, the qpopper program is launched by inetd from
- /etc/servers.  This file does not allow you to specify command line
- arguments.  Therefore, if you want to enable debugging, you can specify
--a shell script in /etc/servers to be launched instead of popper and in
--this script call popper with the desired arguments.
-+a shell script in /etc/servers to be launched instead of qpopper and in
-+this script call qpopper with the desired arguments.
- .PP
- You can confirm that the POP server is running on Unix by telneting to
- port 110 (or 109 if you set it up that way).  For example: