Older versions of tpop3d

Ancient steam engine

[ Home page | tpop3d ]

Older versions of tpop3d are available for download. Each is linked from here, oldest first, with any relevant information from the change log.

Version 0.6

(no change log)

Version 0.7

(no change log)

Version 0.8

(no change log)

Version 1.1

(no change log)

Version 1.1.2

(no change log)

Version 1.2.1

Various fixes; added a patch for crypt(3) passwords in auth-mysql, and added
an option to suppress c-client metadata. CHANGES file created.

Version 1.2.2

Minor changes; addition of a -DNO_SNIDE_COMMENTS compile-time option to please
Mark, whose user community complained about "You can hang around all day if
you like, I have better things to do".

Version 1.2.3

Made logging clearer; fixed a potential problem with lock files for
non-existent (empty) mail spools, and another which might lead to zombie
processes being generated under very high load. In addition, tpop3d now
checks the configuration file for the presence of unknown directives, and uses
getopt(3) for option processing, making it more like other Unix programs.

Version 1.2.4

Fixes for a few minor bugs, and more intelligent signal handling. tpop3d now
shuts down in a cleaner fashion on SIGTERM, and re-execs itself on receipt of
SIGHUP. In addition, a new debugging option (-DAWFUL_BACKTRACE_HACK) is
available on Linux; a few people have reported unexplained trouble and this
will allow more useful data to be collected in the event of a failure.

Version 1.3.1

Minor changes, and the addition of auth-perl for implementing authenticators
as fragments of perl code.

Version 1.3.2

Minor changes, and an update for auth-mysql to allow passwords in formats
other than the default straight MD5 checksums. Different formats are denoted
by a prefixed token enclosed in { }. Presently supported are:

    {crypt}...          crypt(3) hash
    {crypt_md5}...      crypt_md5 hash
    {plaintext}...      plaintext password
    {md5} or no prefix  old-style simple MD5 password

This facility replaces the old apop_password field in the database; instead,
APOP users should arrange for their passwords to be recorded in the plaintext
format as above.  The new vmail-sql will work in the same way, when it is

In addition, there are a couple of fixes: a small memory leak was removed, and
code was added to work around some bugs in old GNU libc versions.

Version 1.3.3

Fixes for a couple of portability bugs which crept in to 1.3.2.

Version 1.3.4

Minor changes, and addition of metadata caching for BSD mailspools; in
addition, the mailbox object was modified for efficiency reasons.

Fixed a bug which could cause child processes to fail with SIGSEGV under heavy

Added an auth-perl script for authentication against an Oracle database,
contributed by Paul Makepeace.

Version 1.3.5

A bug in the log printing code which caused trouble on some architectures was
fixed. A bug in the maildir code which caused the STAT command to claim that
the size of the mailbox was 0 was also fixed. The code was cleaned up slightly
in a comp.lang.c sense.

Authenticators are now passed the IP address of the connected client, which
makes writing POP-before-SMTP authenticators easier.

Facility for specifying the SQL queries used by auth-mysql at runtime was
added, thanks to Mike Bremford. In addition, it is now possible to specify the
types of mailboxes used by auth-mysql.

Support for TCP Wrappers was added.

tpop3d will now remove a stale PID file on startup, rather than exiting.

Support for the MySQL PASSWORD() function as a password-hashing method was

A bug in the supplied TPOP3D::AuthDriver perl module was fixed, thanks to
Steve Benson.

A `StartupItem' (Mac OS X startup script) for tpop3d was contributed by
Gerben Wierda, along with notes on using tpop3d on Mac OS X.

Version 1.4.1

Hooks for POP-before-SMTP relaying support were implemented in tpop3d, and
support for same in TPOP3D::AuthDriver.

Incorporated LDAP support by Sebastien Thomas. The internal semantics of
authentication were changed slightly.

Added the option to ignore a domain name supplied by a user, based upon code
supplied by Dom Gallagher.

The facility as which tpop3d logs messages may now be changed from the
configuration file.

A serious bug in TPOP3D::AuthDriver which affected operation under
auth-other was corrected. Fixed the behaviour of STAT after DELE. A bug in the
experimental BSD metadata cache code was fixed. A memory leak in the stringmap
code which affected auth-perl and auth-other was fixed. Fixed a reference
counting problem which could cause auth-perl's perl interpreter to leak
memory. Added some notes to tpop3d.conf(5) on memory and resource leaks.

{md5} passwords may now be encoded in base64 as well as hex, for compatibility
with Exim and LDAP.

UIDs in maildir mailboxes are now generated by an MD5 hash of the file name,
fixing a uniqueness problem in previous versions. This means that this version
of tpop3d will display different UIDs by comparison with old versions. See the
comment in the maildir_make_indexpoint function in maildir.c, and also the
archived mailing list posting at
for more information, or if you want to use the old scheme regardless (not
recommended). In addition, tpop3d now marks messages in maildirs as `seen',
using the `:2,S' filename suffix, rather than just moving them to cur/.

Made logging of failed authentication attempts more informative, following a
suggestion by Jens Liebchen.

Configure no longer sets a default mailspool directory, as this could lead to
confusing behaviour and is deprecated anyway. Support for TCP Wrappers in the
configure script was fixed.

Some minor bugs were fixed thanks to the efforts of Chris Elsworth, Ben
Schumacher and Odhiambo Washington.

Version 1.4.2

tpop3d now accepts passwords containing spaces. auth-pam now passes the client
host information to the authentication stack. A fix to the logging code to work
around PAM brokenness was made. A memory leak in auth-ldap was fixed. The
amount of data transferred to/from the client is recorded. Fixed some bugs
which caused crashes on old versions of Solaris.

Added support for authentication against /etc/passwd-style flat text files,
contributed by Angel Marin. Added configuration-file options equivalent to
the -d command-line switch. Added support for notification of a DRAC server for
POP-before-SMTP relaying. Added support for the $(serverhost) substitution
variable in certain authenticators, thanks to Matthew Reimer.

Version 1.5.1

tpop3d now supports the WHOSON protocol (http://whoson.sourceforge.net/) for
POP-before-SMTP relaying, thanks to Arkadiusz Miskiewicz.

Added support for `mass virtual hosting', where the domain name used for a
connection is based upon the name associated with the address to which a client

Improved the clarity of the documentation slightly. tpop3d now obeys
configure's --sysconfdir option.

Improved the performance of the mailspool parser. Also, tpop3d will now remove
a stale lock files for mailspools.

Added an option to lock maildirs when accessing them, and fixed the maildir
code to cope with cases where a message file is moved or deleted during a

Fixed a problem in the command parsing code which could cause problems with
Eudora's command pipelining; thanks to Shin Zukeran for this fix. Also
incorporated a patch from Jonathan Oddy to fix a pipelining problem with bad

Fixed a minor problem in the PAM code, thanks to Christian Nordmann, and also
added facility to use auth-pam for authenticating users who have no UNIX
account, based on his patch. Added a nasty (but optional) hack to auth-pam to
work around memory leaks in buggy PAM implementations.

Added scripts/tpop3dtraffic, which extracts the identity of the heaviest POP3
users from logfiles.

Added a permit-empty-passwords option, default no, largely to protect LDAP
users who left LDAP anonymous authentication switched on....

The I/O layer was rewritten to use non-blocking I/O throughout. Support for TLS
was added. Connections are now frozen briefly after a failed authentication
using code adapted from a contribution by Yann Grossel, who also contributed
support for MySQL server failover for auth-mysql; a consequence of this is that
MySQL usernames and passwords are no longer cleared from memory by tpop3d.
Also fixed a bug which could cause a crash if there were NULL values in a
database being used by auth-mysql.

Various code tidyings-up.

It is now possible to have tpop3d wait until an onlogin handler has run before
opening and locking a user's mailbox. (Previously these events were not
sequenced in this way.) This makes it possible to use the onlogin handler to
implement POP3 server `bulletins' -- that is, messages which are delivered to
any user who logs in to the POP3 server.

Fixed a nasty bug in the mailspool reading code which could occur when a
mailspool was a multiple of PAGESIZE bytes long. Many thanks to Paul Makepeace
for identifying this problem.

Version 1.5.2

Fixed some omissions in the man page. Fixed a bug which caused bind(2) to fail
on some systems. Corrected a small error in README.bulletins.

Added the log-bad-passwords option, inspired by a patch from Kevin Bonner.

Fixed a bug in password handling which prevented passwords in the MySQL format
from working.

Version 1.5.3

Fixed a couple of errors in the man page and configuration directives which
got lost; thanks to Haris Hudji. Increased the default value for max-children
from 16 to 100. Fixed a typo in Makefile.am. Incorporated a patch from Diego
Alvarez to allow substitution variables to be used in LDAP base configurations.
Altered the apop-only option to affect unsecured connections only, following a
suggestion by Dave Baker. Fixed the `mass virtual hosting' option, following a
bug report from Matthew Trent. Improved performance under heavy load; thanks
to Larry Chancy for helping to identify this problem. Also added an optional
cache for authentication results; most users will not need this, but it may
help for very busy servers. Fixed a bug in the TLS implementation which could
cause connections to be dropped by the server; thanks to Dave Baker, Jens
Liebchen and others for assistance with this.

Copyright (c) 2003 Chris Lightfoot. All rights reserved.