Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 9 Sep 2002 11:49:57 +0400
From: Solar Designer <>
Subject: Re: popa3d comments

On Sat, Sep 07, 2002 at 08:53:08AM -0700, popa support wrote:
> I'm using popa3d as part of the OpenBSD 3.1 package. I'm happy with it, but do have a few comment-suggestions.

I do appreciate user feedback, thanks!

> I get a lot of "Authentication failed for UNKNOWN USER" messages, but I have no idea who's trying to access their non-existant account. If I knew who, I could contact them and tell them their account no longer exists or they're using "Fred" for the user name instead of "fred" or something. Better would be "Authentication failed for UNKNOWN USER Fred".

Actually, popa3d tries to be careful to NOT log unknown usernames, --
people often place their passwords for username.

Yes, I am asked to change this once in a while and I might add such an
option, but it will never be default.

> 2. It would be great if the IP address was logged too, i.e. " Authentication passed for fred"

It is logged with standalone mode and should be logged by either your
inetd clone or TCP wrappers otherwise.  This is explained in INSTALL.

If it's not logged in OpenBSD default setup, that should be fixed.
(Camiel is on this list.)

> 3. Even for a small system like ours, the mail fetching completely buries anything else in /var/log/daemon which might be interesting. Since mail is such a large part of any system, I think popa3d needs it's own log file: /var/log/pop

This is a local configuration or distribution issue.  I believe the
OpenBSD syslogd is advanced enough to filter by program (ident) even
without them having to pick a unique facility.

> 4. How do I determine the version of popa3d? There's no V command, or connection message, or even text in the executable. It's good to be able to determine this to know about exploits, updates, etc. I want to find this from the executable, not from the source, since not all users have the source.

I agree, this should be added.  Probably a command line option.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.