- •Table of Contents
- •Dedication
- •Foreword
- •Introduction
- •What Is FreeBSD?
- •How Did FreeBSD Get Here?
- •The BSD License: BSD Goes Public
- •The Birth of Modern FreeBSD
- •FreeBSD Development
- •Committers
- •Contributors
- •Users
- •Other BSDs
- •NetBSD
- •OpenBSD
- •Other UNIXes
- •Solaris
- •Linux
- •IRIX, HPUX, etc.
- •FreeBSD's Strengths
- •Portability
- •Power
- •Simplified Software Management
- •Optimized Upgrade Process
- •Filesystem
- •Who Should Use FreeBSD
- •FreeBSD as Your Desktop
- •Who Should Run Another BSD
- •Who Should Run a Proprietary Operating System
- •How to Read This Book
- •What Must You Know?
- •How to Think About UNIX
- •Channels of Communication
- •Working with Channels
- •The Command Line
- •Chapter 1: Installation
- •FreeBSD Hardware
- •Processor
- •Memory (RAM)
- •Hard Drives
- •Downloading FreeBSD
- •Installing by FTP
- •Other FTP Install Information
- •Hardware Setup
- •Actually Installing FreeBSD
- •Configuring the Kernel for ISA Cards
- •Sysinstall: The Ugly FreeBSD Installer
- •Disk Usage
- •Partitioning
- •Root
- •Swap Space
- •Swap Splitting
- •/var, /usr, and /home
- •A Second Hard Drive
- •Soft Updates
- •Block Size
- •What to Install
- •Installation Media
- •Committing
- •Root Password
- •Adding Users
- •Time Zone
- •Mouse
- •Configuring Network Cards
- •Xfree86
- •Software
- •Restart
- •A Note on Editors
- •Chapter 2: Getting More Help
- •Why Not Mail First?
- •The FreeBSD Attitude
- •Man Pages
- •The FreeBSD Manual
- •Man Page Headings
- •The FreeBSD Documentation
- •The Mailing List Archives
- •Other Web Sites
- •Checking the Handbook/FAQ
- •Checking the Man Pages
- •Checking the Mailing List Archives
- •Using Your Answer
- •Mailing for Help
- •Chapter 3: Read This Before You Break Something Else! (Backup and Recovery)
- •Overview
- •System Backups
- •Tape Devices
- •How to Read Dmesg.boot
- •Controlling Your Tape Drive
- •Device Nodes
- •Using the TAPE Variable
- •The mt Command
- •Backup Programs
- •Dump/Restore
- •Restoring from an Archive
- •Checking the Contents of an Archive
- •Extracting Data from an Archive
- •Restoring Interactively
- •Recording What Happened
- •Revision Control
- •Getting Older Versions
- •Breaking Locks
- •Viewing Log Messages
- •Reviewing a File's Revision History
- •Ident and ident Strings
- •Going Further
- •The Fixit Disk
- •Chapter 4: Kernel Games
- •Overview
- •What Is the Kernel?
- •Configuring Your Kernel
- •Sysctl
- •Changing Sysctls
- •Setting Sysctls at Boot
- •Kernel Configuration with Loader.conf
- •Manually Configuring the Loader
- •Viewing Loaded Modules
- •Loading and Unloading Modules
- •Customizing the Kernel
- •Preparation
- •Your Backup Kernel
- •Editing Kernel Files
- •Basic Options
- •Multiple Processors
- •Device Entries
- •Building Your Kernel
- •Troubleshooting Kernel Builds
- •Booting an Alternate Kernel
- •Adding to the Kernel
- •LINT
- •Fixing Errors with Options
- •Tweaking Kernel Performance
- •Sharing Kernels
- •Chapter 5: Networking
- •Overview
- •Network Layers
- •The Physical Layer
- •The Physical Protocol Layer
- •The Logical Protocol Layer
- •The Application Layer
- •The Network in Practice
- •Mbufs
- •What Is a Bit?
- •Ethernet
- •Broadcasting
- •Address Resolution
- •Hubs and Switches
- •Netmasks
- •Netmask Tricks
- •Hexadecimal Netmasks
- •Unusable IP Addresses
- •Routing
- •Network Ports
- •Connecting to an Ethernet Network
- •Multiple IP Addresses on One Interface
- •Using Netstat
- •Chapter 6: Upgrading FreeBSD
- •Overview
- •FreeBSD Versions
- •Release
- •Snapshots
- •Security Updates
- •Which Release Should You Use?
- •Upgrade Methods
- •Upgrading via Sysinstall
- •Upgrading via CVSup
- •Simplifying the CVSup Upgrade Process
- •Building a Local CVSup Server
- •Controlling Access
- •Authentication
- •Combining Authentication and Access
- •Chapter 7: Securing Your System
- •Overview
- •Who Is the Enemy?
- •Script Kiddies
- •Disaffected Users
- •Skilled Attackers
- •FreeBSD Security Announcements
- •Subscribing
- •What You'll Get
- •Installation Security Profiles
- •Moderate
- •Extreme
- •Root, Groups, and Permissions
- •The root Password
- •Groups of Users
- •Primary Group
- •Some Interesting Default Groups
- •Group Permissions
- •Changing Permissions
- •Changing File Ownership
- •Assigning Permissions
- •File Flags
- •Viewing a File's Flags
- •Setting Flags
- •Securelevels
- •Setting Securelevels
- •Which Securelevel Do You Need?
- •What Won't Securelevel and File Flags Do?
- •Living with Securelevels
- •Programs That Can Be Hacked
- •Putting It All Together
- •Chapter 8: Advanced Security Features
- •Traffic Control
- •Default Accept vs. Default Deny
- •TCP Wrappers
- •Configuring Wrappers
- •Daemon Name
- •The Client List
- •Putting It All Together
- •Packet Filtering
- •IPFilter
- •IPFW
- •Default Accept and Default Deny in Packet Filtering
- •Basic Concepts of Packet Filtering
- •Implementing IPFilter
- •Configuring Your Server to Use Jail
- •Configuring Your Kernel to Use Jail
- •Client Setup
- •Final Jail Setup
- •Starting the Jail
- •Managing Jails
- •Shutting Down a Jail
- •Monitoring System Security
- •If You're Hacked
- •Chapter 9: Too Much Information About /etc
- •Overview
- •Varieties of /etc Files
- •Default Files
- •/etc/defaults/rc.conf
- •/etc/adduser.conf
- •/etc/crontab
- •/etc/dhclient.conf
- •/etc/fstab
- •/etc/hosts.allow
- •/etc/hosts.equiv
- •/etc/hosts.lpd
- •/etc/inetd.conf
- •/etc/locate.rc
- •/etc/login.access
- •/etc/login.conf
- •Specifying Default Environment Settings
- •/etc/mail/mailer.conf
- •/etc/make.conf and /etc/defaults/make.conf
- •/etc/master.passwd
- •/etc/motd
- •/etc/mtree/*
- •/etc/namedb/*
- •/etc/newsyslog.conf
- •/etc/passwd
- •/etc/periodic.conf and /etc/defaults/periodic.conf
- •/etc/printcap
- •Working with Printcap Entries
- •/etc/profile
- •/etc/protocols
- •/etc/rc.conf and /etc/defaults/rc.conf
- •/etc/resolv.conf
- •/etc/security
- •/etc/services
- •/etc/shells
- •/etc/spwd.db
- •/etc/sysctl.conf
- •/etc/syslog.conf
- •Chapter 10: Making Your System Useful
- •Overview
- •Making Software
- •The Pain and Pleasure of Source Code
- •Debugging
- •The Ports and Packages System
- •Ports
- •Finding Software
- •Legal Restrictions
- •Using Packages
- •Installing via FTP
- •What Does a Package Install?
- •Uninstalling Packages
- •Package Information
- •Controlling Pkg_add
- •Package Problems
- •Forcing an Install
- •Using Ports
- •Installing a Port
- •Using Make Install
- •Uninstalling and Reinstalling
- •Cleaning Up with Make Clean
- •Building Packages
- •Changing the Install Path
- •Setting Make Options Permanently
- •Upgrading Ports and Packages
- •Upgrading the Ports Collection
- •Ports Collection Upgrade Issues
- •Checking Software Versions
- •Hints for Upgrading
- •Chapter 11: Advanced Software Management
- •Overview
- •Startup and Shutdown Scripts
- •Typical Startup Script
- •Using Scripts to Manage Running Programs
- •Managing Shared Libraries
- •Ldconfig
- •Running Software from the Wrong OS
- •Recompilation
- •Emulation
- •ABI Implementation
- •Foreign Software Libraries
- •Installing and Enabling Linux Mode
- •Identifying Programs
- •What Is Linux_base?
- •Adding to Linux_base
- •Configuring Linux Shared Libraries
- •Installing Extra Linux Packages as RPMs
- •What Is SMP?
- •Kernel Assumptions
- •FreeBSD 3.0 SMP
- •FreeBSD 5 SMP
- •Using SMP
- •SMP and Upgrades
- •Chapter 12: Finding Hosts With DNS
- •How DNS Works
- •Basic DNS Tools
- •The Host Command
- •Getting Detailed Information with Dig
- •Looking Up Hostnames with Dig
- •More Dig Options
- •Configuring a DNS Client: The Resolver
- •Domain or Search Keywords
- •The Nameserver List
- •DNS Information Sources
- •The Hosts File
- •The Named Daemon
- •Zone Files
- •A Real Sample Zone
- •named.conf
- •/var/named/master/absolutebsd.com
- •Making Changes Work
- •Starting Named at Boottime
- •Checking DNS
- •Named Configuration Errors
- •Named Security
- •Controlling Information Order
- •More About BIND
- •Chapter 13: Managing Small Network Services
- •Bandwidth Control
- •Configuring IPFW
- •Reviewing IPFW Rules
- •Dummynet Queues
- •Directional Traffic Shaping
- •Certificates
- •Create a Request
- •Being Your Own CA
- •Testing SSH
- •Enabling SSH
- •Basics of SSH
- •Creating Keys
- •Confirming SSH Identity
- •SSH Clients
- •Connecting via SSH
- •Configuring SSH
- •System Time
- •Setting the Time Zone
- •Network Time Protocol
- •Ntpdate
- •Ntpd
- •Inetd
- •/etc/inetd.conf
- •Configuring Programs in Inetd
- •Inetd Security
- •Starting Inetd
- •Changing Inetd's Behavior
- •Chapter 14: Email Services
- •Email Overview
- •Where FreeBSD Fits In
- •The Email Protocol
- •Email Programs
- •Who Needs Sendmail?
- •Replacing Sendmail
- •Installing Postfix
- •Pieces of Postfix
- •Configuring Postfix
- •Email Aliases
- •Email Logging
- •Virtual Domains
- •Postfix Commands
- •Finding the Correct Mail Host
- •Undeliverable Mail
- •Installing POP3
- •Testing POP3
- •POP3 Logging
- •POP3 Modes
- •Qpopper Preconfiguration Questions
- •Default Qpopper Configuration
- •APOP Setup
- •Configuring Pop3ssl
- •Qpopper Security
- •Chapter 15: Web and FTP Services
- •Overview
- •How a Web Server Works
- •The Apache Web Server
- •Apache Configuration Files
- •Configuring Apache
- •Controlling Apache
- •Virtual Hosting
- •Tweaking Virtual Hosts
- •.NET on FreeBSD
- •Installing the SSCLI
- •FTP Security
- •The FTP Client
- •The FTP Server
- •Chapter 16: Filsystems and Disks
- •Device Nodes
- •Hard Disks and Partitions
- •The /etc/fstab File
- •Disk Basics
- •The Fast File System
- •Vnodes
- •FFS Mount Types
- •FFS Mount Options
- •What's Mounted Now?
- •Dirty Disks
- •Fsck
- •Mounting and Unmounting Disks
- •Mounting Standard Filesystems
- •Mounting with Options
- •Mounting All Standard Filesystems
- •Mounting at Nonstandard Locations
- •Unmounting
- •Soft Updates
- •Enabling Soft Updates
- •IDE Write Caching and Soft Updates
- •Virtual Memory Directory Caching
- •Mounting Foreign Filesystems
- •Using Foreign Mounts
- •Foreign Filesystem Types
- •Mount Options and Foreign Filesystems
- •Filesystem Permissions
- •Removable Media and /etc/fstab
- •Creating a Floppy
- •Creating an FFS Filesystem
- •The Basics of SCSI
- •SCSI Types
- •SCSI Adapters
- •SCSI Buses
- •Termination and Cabling
- •SCSI IDs and LUNs
- •FreeBSD and SCSI
- •Wiring Down Devices
- •Adding New Hard Disks
- •Creating Slices
- •Creating Partitions
- •Configuring /etc/fstab
- •Installing Existing Files onto New Disks
- •Temporary Mounts
- •Moving Files
- •Stackable Mounts
- •Chapter 17: RAID
- •Hardware vs. Software RAID
- •RAID Levels
- •Software RAID
- •Vinum Disk Components
- •Vinum Plex Types
- •Preparing Vinum Drives
- •Dedicating Partitions to Vinum
- •Configuring Vinum
- •Concatenated Plex
- •Removing Vinum Configuration
- •Striped Volumes
- •Mirrored Volumes
- •Starting Vinum at Boot
- •Other Vinum Commands
- •Replacing a Failed Mirrored Plex
- •Chapter 18: System Performance
- •Overview
- •Computer Resources
- •Disk Input/Output
- •Network Bandwidth
- •CPU and Memory
- •Using Top
- •Memory Usage
- •Swap Space Usage
- •CPU Usage
- •When Swap Goes Bad
- •Paging
- •Swapping
- •Are You Swapping or Paging?
- •Fairness in Benchmarking
- •The Initial Test
- •Using Both CPUs
- •Directory Caching
- •Moving /usr/obj
- •Lessons Learned
- •Chapter 19: Now What's It Doing?
- •Status Mails
- •Forwarding Reports
- •Logging with Syslogd
- •Facilities
- •Levels
- •Syslog.conf
- •Wildcards
- •Rotating Logs with Newsyslog.conf
- •Reporting with SNMP
- •Basics of SNMP
- •MIBs
- •Snmpwalk
- •Specific Snmpwalk Queries
- •Translating Between Numbers and Names
- •Setting Up Snmpd
- •Index Numbers
- •Configuring MRTG
- •Sample mrtg.cfg Entry
- •Testing MRTG
- •Tracking Other System Values
- •Monitoring a Single MIB
- •Customizing MRTG
- •MRTG Index Page
- •Sample MRTG Configurations
- •Chapter 20: System Crashes and Panics
- •What Causes Panics?
- •What Does a Panic Look Like?
- •Responding to a Panic
- •Prerequisites
- •Crash Dump Process
- •The Debugging Kernel
- •kernel.debug
- •Dumpon
- •Savecore
- •Upon a Crash
- •Dumps and Bad Kernels
- •Using the Dump
- •Advanced Kernel Debugging
- •Examining Lines
- •Examining Variables
- •Apparent Gdb Weirdness
- •Results
- •Vmcore and Security
- •Symbols vs. No Symbols
- •Serial Consoles
- •Hardware Serial Console
- •Software Serial Console
- •Changing the Configuration
- •Using a Serial Console
- •Serial Login
- •Emergency Logon Setup
- •Disconnecting the Serial Console
- •Submitting a Problem Report
- •Problem Report System
- •What's in a PR?
- •Filling Out the Form
- •PR Results
- •Chapter 21: Desktop FreeBSD
- •Overview
- •Accessing File Shares
- •Prerequisites
- •Character Sets
- •Kernel Support for CIFS
- •SMB Tools
- •Configuring CIFS
- •Minimum Configuration: Name Resolution
- •Other smbutil Functions
- •Mounting a Share
- •Other mount_smbfs Options
- •Sample nsmb.conf Entries
- •CIFS File Ownership
- •Serving Windows File Shares
- •Accessing Print Servers
- •Running a Local Lpd
- •Printer Testing
- •Local Printers
- •X: A Graphic Interface
- •X Prerequisites
- •X Versions
- •Configuring X
- •Making X Look Decent
- •Desktop Applications
- •Web Browsers
- •Email Readers
- •Office Suites
- •Music
- •Graphics
- •Desk Utilities
- •Games
- •Afterword
- •Overview
- •The Community
- •What Can You Do?
- •Getting Things Done
- •Second Opinions
- •Appendix: Some Useful SYSCTL MIBs
- •List of Figures
- •Chapter 1: Installation
- •Chapter 5: Networking
- •Chapter 6: Upgrading FreeBSD
- •Chapter 19: Now What's It Doing?
- •List of Tables
- •Chapter 4: Kernel Games
- •Chapter 5: Networking
- •Chapter 8: Advanced Security Features
- •Chapter 9: Too Much Information About /etc
- •List of Sidebars
- •Chapter 15: Web and FTP Services
POP3
POP3 is the protocol used by desktop email clients to fetch mail from a server. Clients transmit mail to their server via SMTP, just like servers transmitting to other servers.
Installing POP3
The most popular POP3 daemon is qpopper (/usr/ports/mail/qpopper). This program has its roots in BSD, and has been supported by Eudora for some time now. You can install it from package or port.
Qpopper runs out of inetd. Both the port and package will display a message explaining how to edit /etc/inetd.conf to support it. The example is an adequate default; we'll fine−tune that configuration later.
Testing POP3
POP3 can work in both unencrypted and encrypted modes. It's difficult to test encrypted POP3 by hand, unless you can compute cryptographic transactions in your head on the fly. You can easily test unencrypted POP3, though, and testing qpopper can help you determine whether a problem exists on the server or on the client.
To begin, telnet to port 110 on the server.
...............................................................................................
# telnet magpire.AbsoluteBSD.com 110
Trying 192.168.1.222...
Connected to magpire.AbsoluteBSD.com.
Escape character is '^]'.
+OK Qpopper (version 4.0.3) at magpire.AbsoluteBSD.com starting.
<3915.992459999@magpire.AbsoluteBSD.com>
...............................................................................................
This is roughly what you should see when you connect.
Authenticate to POP3
Once you are connected by telnet, identify yourself to the POP3 server with the "user" command:
...............................................................................................
user mwlucas
+OK Password required for mwlucas.
...............................................................................................
Now, use the pass command to give your password. Your password will be displayed on the screen in clear text. Be sure nobody's looking over your shoulder while you do this!
...............................................................................................
pass YourPasswordHere
+OK mwlucas has 1 visible message (0 hidden) in 500 octets.
...............................................................................................
327
Viewing Mail
I have one message! That's odd; I don't receive mail on this particular system. To view that message, use the retr command and the message number.
...............................................................................................
retr 1
+OK 500 octets
Return−Path: <mlucas@gltg.com>
Delivered−To: mwlucas@magpire.AbsoluteBSD.com Received: from turtledawn (turtledawn [192.168.1.200])
by magpire.AbsoluteBSD.com (postfix) with SMTP id D51998041C
for <mwlucas@magpire.AbsoluteBSD.com>; Fri, 8 Jun 2001 14:48:59 −0400 (EDT) Message−Id: <20010608184859.D51998041C@magpire.AbsoluteBSD.com>
Date: Fri, 8 Jun 2001 14:48:59 −0400 (EDT) From: mlucas@AbsoluteBSD.com
To: undisclosed−recipients:; X−UIDL: $ld"!9>2"!P?)"!JlU"! test
...............................................................................................
Oh, right. I did this when I demonstrated testing mail servers.
With these tests, you can be sure that POP3 works. If your installation doesn't behave like this, you need to investigate further.
POP3 Logging
When you start qpopper with the −s option, it logs all activity to syslog, using the local0 facility and the notice priority (see Chapter 19). This defaults to putting the log in /var/log/messages, but you can arrange it any way you like.
POP3 Modes
You can use POP3 in three different ways: default, APOP, and SSL (pop3ssl).
Default POP3
We saw an example of default POP3 earlier. It works, but isn't very secure. Anyone with a packet sniffer can grab your username and password just as if she were looking over your shoulder. This is a common protocol in the Internet service provider world.
APOP
APOP provides secure authentication, but requires additional overhead. Both the client and the server compute a "shared secret" based on the password and various other bits of information, such as the current time. The client sends that shared secret to the server. If it matches what the server computed, access is granted.
This might be a good choice for your server: APOP is a little older than pop3ssl, and many clients
328
support it. While the authentication information is secure, the email itself isn't.
Pop3ssl
Pop3ssl is the newest version of the POP3 protocol, as well as funnels, the connection over SSL. This is the most secure type of POP3 service you can have today.
We'll consider each type of POP3 in turn. In order to use either APOP or pop3ssl, you need to have a basic POP3 setup anyway.
Qpopper Preconfiguration Questions
Before you configure qpopper, you need to settle two questions: What kind of users will you have and will you be using local mail readers?
User Types
If you're providing corporate mail services via qpopper, you are ultimately responsible for setting up the clients (or, at best, working with the people who have to set up the clients). You can insist upon things like "All users must type their usernames in lowercase" and "Mail must remain on the server." You can also insist that they use APOP or pop3ssl instead of default POP3.
If you're providing services for hundreds or thousands of people, you need a configuration that allows more user mistakes and handles a wider variety of email clients. You won't keep your users long if you insist that they use one of your approved email readers instead of the mail program that they've used for years!
Local Mail Readers
ome users read email locally on the server, using a UNIX−based email client, such as mutt(1) or pine(1). These clients change the users' mail file directly on the server.
If qpopper can safely assume that the mail spool will not change out from underneath it, it can make several optimizations that will greatly improve performance. This isn't a big deal for systems administrators—many sysadmins don't use POP3, relying instead on ssh and a local mail reader. Some power users might want to use both, however. If you don't allow the combination of local mail readers and POP3, you can optimize qpopper.
Default Qpopper Configuration
A raw install of qpopper will give you basic POP3 functionality, as demonstrated earlier. Users will be able to connect and download their mail. You can do various things to improve performance, however, and you can enhance your setup rather easily.
Earlier versions of qpopper were configured entirely by options on the command line in /etc/inetd.conf. This worked well when qpopper was a simple program that only supported default POP3. As APOP and pop3ssl became more common, however, command−line configuration became less and less practical. Once the command−line arguments start to wrap around the screen two or three times, you really need to convert your program to use a configuration file.
While a vanilla POP3 qpopper install doesn't need a config file, we're going to use one.
329
Config Files and Inetd
The obvious place on a FreeBSD system to put the qpopper configuration file is under /usr/local/etc/qpopper. By default, only root can access the qpopper directory. More advanced qpopper implementations will also store user databases and security certificates in this directory.
To tell qpopper to take its settings from a file in this directory, use the −f flag. You can make all your other changes in the configuration file, and never have to touch /etc/inetd.conf again. This would make your inetd.conf entry look like this (and despite the page width, this is all on one line):
...............................................................................................
pop3 stream tcp nowait root /usr/local/libexec/qpopper qpopper −s −f
/usr/local/etc/qpopper/qpopper.conf
...............................................................................................
Qpopper.conf
Now that you've told your system how to run qpopper, you need to create the configuration file. Each configuration statement in qpopper.conf appears on its own line, preceded by the word set. Any of these options can be combined with APOP and pop3ssl.
Qpopper Mode
The most important option you have is how qpopper is going to work. The following setting controls whether qpopper will accept clear−text passwords, as used in the manual test earlier.
...............................................................................................
set clear−text−password = default
...............................................................................................
You have a few different options here. We're going to look at the most common.
By default, qpopper checks to see if the user is set up for APOP. If so, then clear−text passwords are not allowed. If the user is not set up for APOP, then clear−text passwords are permitted. Use this for standard services.
Specifying always as the setting means that qpopper will accept clear−text passwords, even if the user is set up for APOP. You might need to use this in an ISP environment; while you'd like the user to use APOP, some users have email clients that simply cannot handle it.
Specifying never means that clear−text passwords will not work, even if you're using pop3ssl. You must use APOP to get your mail.
Specifying tls means that clear−text passwords are acceptable if you're running over an encrypted connection (such as SSL). After all, the entire connection is encrypted!
We'll discuss APOP and POP3 over SSL later (in "APOP Setup" and "Configuring Pop3ssl," respectively.)
330
Username Case
If you have a variety of users, some of them will type their username in all capital letters. That's how usernames appear in the movies, after all! By putting the following line in your configuration, usernames received from clients are transformed into all lowercase before qpopper attempts to authenticate them.
...............................................................................................
set downcase−user = true
...............................................................................................
This can reduce your technical support calls.
Mail Spool Handling
A POP3 client can choose to either copy all messages from the server, download and delete all messages from the server, or delete some messages from the server while leaving the rest. The first two choices (leave everything and delete everything) are typical of core mail−server functionality. The third, a mix of saving and deleting, is a lot of work, and it is set with the following line:
...............................................................................................
set server−mode = false
...............................................................................................
Server mode assumes that the client will either save all its mail or delete all its mail. This makes qpopper much faster, and reduces server disk I/O. If you enable server mode, you greatly increase qpopper's efficiency.
You also make some promises to qpopper when you enable server mode, however. Qpopper will assume that mail is only delivered to clients by qpopper. This is where the "mixing local mail readers and POP3" problem appears. If you use a local mail reader to check mail on an account, and someone pops that account's mail while you're reading it, you can damage users' mail. You don't want to do that. If you don't combine POP3 and local mail clients, and don't read your users' mail, setting this to true is perfectly safe and will improve performance.
Reducing Disk Activity
If you set the following option, you will decrease your disk activity by a third:
...............................................................................................
set fast−update = false
...............................................................................................
This setting doesn't mix with local mail readers, however. You will also break UNIX programs that notify you of new mail on the UNIX system. This is perfectly safe on a POP−only mail server.
331