home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.qualcomm.com
/
2014.06.ftp.qualcomm.com.tar
/
ftp.qualcomm.com
/
eudora
/
servers
/
unix
/
srialpop.shar
/
INSTALL
next >
Wrap
Text File
|
1997-03-26
|
14KB
|
330 lines
INSTALL 2.6 96/11/12
S R I A L P O P
Concise installation guide.
=============================================
Contents:
- COPYRIGHT NOTICE
1.What is srialpop?
2.Why should you use it?
3.How to install srialpop:
4.Are there disadvantages in using srialpop?
5.Has srialpop security risks?
6.How to test srialpop:
7.Some navigation and scripting examples.
=============================================
========================== COPYRIGHT NOTICE =============================
This package srialpop is written by and copyright Rudi van Houten
<R.vanHouten@cc.ruu.nl>, it is tested and used now at ACCU (Ac.Comp.
Centr.Utrecht, the Netherlands) for several years.
The package consists of four files:
srialpop.c the C source of the program
Makefile to build and eventually install the package
README an old documentation describing the package
INSTALL a newer document with concise installation instructions
I grant everybody the right to use the package and eventually
adapt it to local requirements. Please document your changes in the
program source with comments explicitely stating that a modification
to the original package has been made. I don't want to be blamed for
your errors nor get the praise for your inventions.
Also everybody has the right to bundle this package with other software
(e.g. a POP client) on distribution media, but THEN THE UNCHANGED VERSION
MUST BE DISTRIBUTED, and no extra fee may be charged for the presence
of srialpop in the bundle. If there is a need to modify srialpop for
special purposes these modification should be made available as a separate
file (e.g. a diff file to be applied with Larry Wall's patch program).
I present this package as is, feeling it can be of use. But no
guarantees are given about its proper working or behaviour. It has
been used at ACCU for some years now without troubles, so I think it may
be bug free. But I cannot be held responsible for any damage or other
misery resulting from using srialpop.
===========================================================================
1.What is srialpop?
------------------
Srialpop is a little gadget running on a UNIX system that makes a
serial terminal connection to a UNIX system (tty port) behave like
a TCP/IP connection. It was written to support the Post Office
Protocol (POP) over serial dial up lines for use with Eudora and
NUPop. Hence the name srialpop.
See also the file README.
2.Why should you use it?
-----------------------
In these days of SLIP and PPP, and IP over ISDN, the need of a gadget
like srialpop is fastly dwindling.
You only need srialpop if:
-your connection from your personal computer (Mac or PC) to the
maildrop computer is a plain serial tty connection. Either directly
to your mailhost or via a portselector (eg. Develcon or Gandalf).
-you connect to a communication server (Annex, Cisco, AccessBuilder)
that only offers the possibility to set up an interactive login session.
In short, if you are limited to a connection that shows you the UNIX
login prompt when the connection is established then you need srialpop.
You don't need srialpop if:
-your personal computer is connected to the mailhost via a TCP/IP
network.
-you use SLIP or PPP to reach the mailhost with a TCP/IP connection.
-you can connect to a communication server that enables you to open
a TCP/IP connection for POP and SMTP.
If this documentation doesn't provide you with enough clues to decide
you need or don't need srialpop please contact your UNIX system or
network manager.
If you decide you need srialpop but it is not clear how you should
install it you also need to call the help of your UNIX or network
manager.
3.How to install srialpop:
-------------------------
First you must compile srialpop on your mailhost UNIX system. I have
concocted a Makefile that ought to work on most systems. Perhaps
you might prune it somewhat. Especially the owner uid/gid should be
adapted to your situation. When srialpop is successfully made with
the command "make" you have to install it somewhere on the system.
There exist some different approaches to make it usable:
-You are not a system manager and you are installing srialpop for
your personal use. In this case you must move the srialpop executable
to your personal bin directory (generally $HOME/bin) that is named in
your searchpath (PATH in [ba|k]sh or path in [t]csh). If your
.profile ([ba|k]sh) or .login ([t]csh) interactively asks questions, eg.
the tset command, you have to teach the Eudora navigation or NUPop
scripts to handle these questions. Consult your POP client docs
on how to do this.
The command to perform this installation (I assume you have already
unpacked the files since you are reading this INSTALL):
make instbin
This installs srialpop in your ${HOME}/bin directory.
You can also use:
make
cp srialpop $HOME/bin (assuming you have this directory)
strip $HOME/bin/srialpop
chmod 755 $HOME/bin/srialpop
-You are a system manager and you are installing srialpop for general
use. Of course you can then simply install the srialpop binary in the
public bin directory (generally /usr/local/bin). This has the same
disadvantages concerning the questions in .profile or .login as with
the installation for personal use described above.
The commands to perform this installation (I assume you have already
unpacked the files since you are reading this INSTALL):
su
make
mv srialpop /usr/local/bin (assuming you have this directory)
strip /usr/local/bin/srialpop
chmod 555 /usr/local/bin/srialpop
exit
However I prefer the next approach.
-You use the scheme followed in the Makefile at the target
"install:". Then before you run "make install" you must create a
user called srialpop that has the program ~srialpop/srialpop as
its login shell. Now everyone logging in as srialpop can use the
telnet commands allowed by srialpop (port 25, 105, 106 109 and 110).
This seems a security risk since it offers everyone and his/her dog
who can use a modem the possibility to enter the Internet on the
above mentioned ports. There is no way to keep the srialpop login
password hidden from the users. However, I don't consider this a
real risk. It does not really enlarge the access to Internet
considering the count of Internet Service Providers that offer
access to Internet, and srialpop limits the access to the above
mentioned services.
The advantage of this approach is that there is no interaction with
the user's .profile or .login. There is even no need for the users to
have a real home directory. At ACCU we now have some thousands of so
called POPmail accounts. These accounts have ~srialpop as home directory
and /bin/passwd (or /bin/false) as login shell.
The commands to perform this installation (I assume you have already
unpacked the files since you are reading this INSTALL):
make
su
<<create pseudo user srialpop and its home directory>>
make install
exit
See also the file README.
4.Are there disadvantages in using srialpop?
-------------------------------------------
Sure there is a disadvantage. The TCP/IP protocols are based upon
guaranteed faultless transmission. The POP clients don't provide
for error handling since it assumes no errors can occur with TCP/IP.
Also with SLIP and PPP this error free transmission is guaranteed.
With srialpop this is not so.
When you use srialpop the connection looks like TCP/IP to the client
program on your personal computer, but that is only a facade. Even
a modem with error correction (MNP4) can not ensure faultless
transmissions. There always is a small risk that errors show up.
In special sending big attachments with binhex or uuencode can cause
problems with unusable damaged mails.
Also there are some thoughts concerning security, real or imaginary.
5.Has srialpop security risks?
----------------------------
Yes, there are some aspects with srialpop considering security. The most
aspects are already mentioned.
-You can not be dead sure that messages will be transferred error free.
-The scheme with pseudo-user srialpop offers potential hackers a way
to use the TCP/IP ports allowed by srialpop without an authentication.
The normal ways to get access to Internet require an authentication
via an account on the host computer or communication server. But since
srialpop restricts the TCP/IP services to the set needed for mail
(SMTP/PH/poppasswd/POP2/POP3) I don't see reasons for alarm. And the
skilled hackers have means to reach the Internet in more unimpeded
ways. How else should they have acquired their skills?
But when you have shivers on this aspect don't use my preferred scheme.
SMTP is the only hairy one in srialpop's subset of allowed services, it
does not ask for authentication. You could reduce your shivers by
removing SMTP from that subset (NO_SMTP in the Makefile) and configure
the clients to use the POP server for sending mail. Of course both the
server software as the client software must then support this option.
See the documentation of your server and/or client software (look for
the POP3 extension "XTND XMIT").
-The login to account srialpop is automated in the scripts/navigation of
the POPmail client. When the telephone line is noisy and characters are
lost or maimed the login fails. Many UNIX systems (AIX, SCO) have a
policy of locking an account after repeated login failures. So for the
srialpop pseudo account this security policy must be disabled. Recently
we experienced at ACCU a storm of complaints that serial pop access was
suddenly impossible, it cost us an hour before we pinpointed that locking
as the cause of the problem.
-Also the use of an expiration time on passwords must be disabled for the
srialpop pseudo account. It is nearly impossible (and utterly senseless)
to advertise the change in password needed in the navigation scripts.
-Also remember that there are no ways to keep srialpop's password secret.
So everything in srialpop's home directory, including the home directory
itself must NOT be owned or being writable by srialpop and no sensitive
information must be kept in that directory.
If your flavour of UNIX supports it you should disable the possibility
to "su" to user srialpop. Also the program's pathname should NOT be defined
as an allowable shell (etc/shells on most systems, /etc/security/login.cfg
on AIX).
-If user srialpop is not disabled from using ftp there can be done dire
things with the SITE EXEC commands if your ftp-daemon allows it.
Therefore the "make install" will put user srialpop in /etc/ftpusers to
disable the use of ftp.
6.How to test srialpop:
----------------------
Invoke the program srialpop, either by calling it from your own
login shell or by logging in as user srialpop. Srialpop will show
you the %-sign as prompt. Now you can enter commands just as in
a regular shell, but srialpop only allows the commands "exit",
"logout", "quit" and "telnet <host> <port>". The first three
commands will cause a graceful termination of srialpop. The
telnet-command will set up the desired telnet connection. Every
other command will result in an error exit.
When establishing a telnet connection srialpop performs its
magic on the tty settings as described in the file README. That
means echo-off and half-cooked mode. Now you can enter the
commands for the called IP service, but you will not see what
you type in (echo is off), and you must give a Linefeed (^J)
as line termination. In fact the line termination ought to be
the CR/LF (^M/^J) pair, but all UNIX systems I have tried till now
have been content with only the LF.
Upon closing the telnet connection the tty settings are set back to
what it was before.
This behaviour makes the program a little awkward for hand testing,
but it just is this functionality for what it was written.
7.Some navigation and scripting examples.
----------------------------------------
Macintosh Eudora uses STR#-resources for the "navigaton", see the
Eudora Users Manual Appendix D. An example of resources:
STR#-resource "Navigate In" ID=2400:
3 strings
string 1 "\r\r\elogin:"
string 2 "srialpop\r\eassword:"
string 3 "thepasswd\r\e%"
STR#-resource "Navigate Mid" ID=4200:
1 string
string 1 "\e%"
STR#-resource "Navigate Out" ID=2600
1 string
string 1 "logout\n"
NUPop uses script files MODEMINI.SCR, DIAL.SCR, CONNECT.SCR,
DISCONNE.SCR and DROP.SCR. Consult the NUPop documentation.
An example of a set of NUPop scripts:
MODEMINI.SCR:
* Initialize the modem.
*
modeminit
DIAL.SCR:
*
* Initialize the modem.
*
modeminit
*
* Dial terminal server / serving host
*
dial
*
* Wait for "CONNECT" etc. to pass by.
*
* Wait for the terminal server prompt.
*
* delay until login banner appears
repsendwait 2 2 "|" "login: "
*
* login as srialpop
stext "~srialpop|"
* wait for password prompt
waitstring "Password:"
* and send password
stext "~thepasswd"
* wait for command prompt
waitstring "%"
CONNECT.SCR
*
* Request a connection to the system (%n) on TCP port (%p).
*
stext "~telnet %n %p|"
DISCONNE.SCR:
*
* Wait for a second of peace and quiet.
*
waitquiet
DROP.SCR:
*
* Wait for a second of peace and quiet.
*
waitquiet
*
* Tell terminal server we're done.
*
stext "~logout|"
*
delay
*
waitquiet
96/11/12
Rudi van Houten
R.vanHouten@cc.ruu.nl
Ac.Comp.Centr.Utrecht