pop3-gw v0.4alpha
^^^^^^^ ^^^^^^^^^

This proxy implements pop3 protocol gateway with optional USER/PASS -> APOP
auth protocol translation for outbound pop3 connections.

It supports RFC-1939 pop3 commands only and does not work with AUTH type
authentication (and who does?). Only outbound APOP is supported; that 
means you can't use it to authenticate to proxy itself (if you use plugged
or transparent operation, you can, but..).

Please note that messages pass over the internet unencrypted even if
you use APOP. Use PGP to avoid that.

setting up proxy
^^^^^^^ ^^ ^^^^^

Edit Makefile to add -DIPFILTER to c options and IPFILTER variable to point
to IPFilter source if you use IPFilter tranparency.

Compile the source and edit inetd.conf to point to the binary.
Set up connection divertor if you use transparent operation.

netperm-table general options:

userid <uid>,groupid <gid>		similar to fwtk

{permit-|deny-}hosts 			similar to fwtk

netperm-table hosts options:

-dest <list>				similar to fwtk

-fallback				permit fallback to insecure protocol

-transparent				tranparent operation

-plug-to <server>			plug to a pre-defined server
					(can be useful for inbound operation)

-apop-only				being used with -transparent or 
					-plug-to, disallow user/pass
					authentication on client side
					(recommended for inbound proxy)

-user <username-list>			specify the list of users allowed
					to access proxy. "!" modifier is
					valid.

-separator <separator-char>		a character to replace @ as separator.

(unimplemented)
-extnd					turn extended permissions processing
					on (see authsrv documentation)

setting up client side
^^^^^^^ ^^ ^^^^^^ ^^^^

Use your firewall name as POP3 server name and user@host[:port] syntax
to specify real destination for non-transparent operation.

For transparent operations no special client setup is required.

BUGS
^^^^

Just an alpha release - so there should be some.
I've noticed it does not work good with hotmail.com. If somebody knows why
please tell me.

ToDo
^^^^

Fix hotmail bug.
Make real proxying when in TRANSACTION state.

For developers
^^^ ^^^^^^^^^^

Feel free to improve the program the way you want - but send me a
copy of your patches.


Revision history
^^^^^^^^ ^^^^^^^

0.1alpha		First version

0.2alpha		bugfix: fixed typo caused "userid" config parameter
			to be ignored
			added transparency support and plug-to support
			added client APOP support when using one of those
			renamed from pop3-gw.out to pop3-gw
			Removed gaunlet-style authentication from ToDo
			list (considered harmful)

0.3alpha		added -user option

0.4alpha		added -separator option - Netscape (HATE!) 
			workaround.

Email
^^^^^

home: ark@mpak.convey.ru
work: ark@eltex.spb.ru

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
