greenbits

Rob made an amusing comment on the NoCat Auth list today:

Actually, speaking of proxy servers, I get four or five users every day that use POP in the clear from my node. I’d love to see a POP proxy server that accepts any username and password, and delivers a message that tells the user what an idiot they are for using insecure protocols.

Since POP3 is so easy, and I have plenty of other things I should be doing, I decided to write a pop3 intercept daemon. It does nothing but return the message included in the Perl source. Installation is easy: just run it from inetd. Since I don’t trust my own code I’ve chosen to run it as nobody:

pop3            stream  tcp     nowait  nobody  /home/rlotz/bin/pop3id  pop3id

You’ll need to restart inetd ( kill -HUP `cat /var/run/inetd` ) and redirect all traffic destined to 110 to your pop3 intercept daemon. For OpenBSD include the following line in /etc/pf.conf (int_if is a macro that defines my internal interface):

rdr on $int_if proto tcp from any to any port 110 -> $int_if port 110