|
This Mailismus component implements a POP3 server (Post Office Protocol v3).
The POP server requires the Message-Store (see section §4.2) and Directory subsystems to be configured.
The only Directory config file it's concerned with is the
users
file (see section §4.10.1), which defines the login credentials for POP clients.
Mailismus supports the following optional POP3 commands and extensions:
USER, PASS, APOP, TOP, UIDL, CAPA, AUTH (Plain, CRAM-MD5 & External), STLS, PIPELINING.
The top-level config of the POP server task is outlined below.
<pop3server> <listeners> <listener name="POP3"> <server> ... </server> <ssl ... /> </listener> </listeners> </pop3server> |
The Listener is a generic NAF component that is documented in the NAF Guide (see §7 there).
The POP3 server typically only has one Listener, listening on the standard POP3 port of 110, but you may however choose to run separate listeners, eg. on ports 110 and 995 (pure SSL).
Note the following aspects of the POP3 listener:
• It's
port
attribute need not be specified, since in this context, it defaults to the standard POP3 ports of 110 or 995, depending on SSL mode.
Of course if there is more than one listener, you will have explicitly specify another port on the others.
• Likewise the server's
class
attribute is omitted, as it defaults to the Mailismus POP3-Server class.
The optional SSL config block is also a generic NAF facility (see NAF Guide, section §8) and the only thing left to add here is the treatment of its
latent
and
mandatory
attributes in the context of the POP3 Server.
Note that Mailismus supports the POP3
STLS
extension, whereby a client may switch to SSL mode after establishing the connection.
The server's config block is listed below, with largely default values.
<server> <transcript>%DIRLOG%/transcripts/pop3server-%DT%.log</transcript> <greet>Mailismus POP3 Ready</greet> <authtypes>USERPASS | APOP | SASL_PLAIN | SASL_CRAM_MD5 | SASL_EXTERNAL</authtypes> <authtypes_ssl>SASL_EXTERNAL | SASL_PLAIN</authtypes_ssl> <timeout>2m</timeout> <expire>-1</expire> </server> |
transcript
This file records a transcript of the POP3 protocol dialogue.
This config item supports the same attributes as the GreyLog loggers (rotation, buffering, etc - see
GreyLog Guide).
This setting has no default and transcripts will be turned off if it is omitted.
greet
This specifies the greeting message which the POP server issues in response to new connections.
The default is as illustrated above.
authtypes
This specifies the authentication methods which clients are allowed to use (as advertised by the POP3
CAPA
command)
and defaults to the full set of supported mechanisms as illustrated above.
The
USERPASS
option refers to POP3's built-in
USER
and
PASS
commands.
The SASL-External mechanism is only relevant if SSL is in effect, and requires the client to supply its own X.509 certificate.
The certificate's
Common-Name
attribute is taken as the username, and the existence of this username in our Directory is sufficient to authenticate the client.
The special value
all
means All and is equivalent to omitting this config item (as that is the default).
The special value
-
means None, and prevents any users from logging in (although in that case, you might as well turn off your POP3 server!)
authtypes_ssl
This specifies the login methods which are only allowed in SSL mode, and is thus always a subset of the methods in the
authtypes
config item.
If SSL capability is not configured, then this defaults to
SASL_EXTERNAL,
ie. only SASL-External is forbidden (since it makes no sense in the absence of a certificate).
If SSL capability is configured and is mandatory (ie. connections are initially established in SSL mode), then this config item is superfluous, and defaults to being the same as
authtypes.
If SSL capability is configured but latent (ie. the client has to explicitly switch to SSL mode via the POP3
STLS
command), then this setting defaults to SASL-Plain and SASL-External, as illustrated above.
The special value
all
means all the login methods are restricted to SSL mode only, ie. no logins are permitted in non-SSL mode.
The special value
-
means None, ie. none of the login methods are restricted to SSL mode (though it still makes no sense for SASL-External, which will fail anyway without a certificate).
timeout
This specifies the idle timeout.
Defaults to 2 minutes.
expire
This specifies the message-retention period (in days), as advertised by the
CAPA
command's
EXPIRE
response.
It defaults to -1 which means
NEVER.
The only setting enforced by Mailismus is 0 (zero), in which case it will delete all downloaded messages at the end of the session.
All other values are merely intended as advisory information for the users, and you will have to purge old messages from the server by some other means, external to Mailismus.
Note that the
expire
setting merely refers to server-side message deletion, and doesn't necessarily mean messages don't get deleted. The expectation is that POP clients delete messages by default anyway, after downloading them.