#!/usr/bin/perl -T
# POP3 Intercept Daemon
# Sends an informative message to users
# of insecure POP3.  Great for wireless
# hotspots or other public access networks.
#
# License: Public Domain
# Original Author: rlotz at seattlewireless.net
# 

$| = 1;

my ($day, $month, $date, $time, $year) = split /\s+/, scalar localtime;
my $now = "$day, $date $month $year $time";
my $timeout = 30;

my $i_line;
my $message = 
qq|Received: from localhost (luser\@localhost [IPv6:::1])
        by localhost (educate_popd v0.2) 
        for <luser\@localhost>; $now -0700 (PDT)
Date: $now -0700 (PDT)
From: A Friend <someone\@localhost>
To: Insecure User <luser\@localhost>
Subject: Your Mail Is Insecure
Message-ID: <Pine.BSO.4.53.0309081618110.23627\@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

This is a POP3 intercept daemon.  Your mail client was directed 
here because someone wanted to educate you about the insecurity
of clear-text POP e-mail.   Any user with access to the network
could easily read your username, password, and e-mail retrieved.
If you would like to retrieve your e-mail on this network please
switch to secure POP or secure IMAP.

Don't believe me?  A malicious user could have easily read what
you told me:
|;

chomp $message;
my $uidl = gen_uidl();

print "+OK\r\n";
eval {
alarm $timeout;

while ($i_line = <>) {
	push @transaction, $i_line;
	chomp $i_line;

	# we don't actually know pop3, we just fake it
	if ($i_line =~ /USER/i) {
		print "+OK\r\n";
	} elsif ($i_line =~ /PASS/i) {
		print "+OK\r\n";
	} elsif ($i_line =~ /APOP/i) {
		print "+OK\r\n";
	} elsif ($i_line =~ /DELE/i) {
		print "+OK\r\n";
	} elsif ($i_line =~ /LIST/i) {
		print "+OK\r\n1 ".length($message)."\r\n.\r\n";
	} elsif ($i_line =~ /RETR/i) {
		print "+OK\r\n$message\r\n",@transaction,".\r\n";
	} elsif ($i_line =~ /STAT/i) {
		print "+OK 1 ".length($message)."\r\n";
	} elsif ($i_line =~ /UIDL\s+1/i) {
		print "+OK 1 $uidl\r\n";
	} elsif ($i_line =~ /UIDL\s+(\d+)/i) {
		print "-ERR\r\n";
	} elsif ($i_line =~ /UIDL/i) {
		print "+OK\r\n1 $uidl\r\n.\r\n";
	} elsif ($i_line =~ /QUIT/i) {
		print "+OK\r\n";
		last;
	} else { 
		print "-ERR\r\n";
	}
}
};

# generate a new (fake) message hash each iteration so that
# pop3 client will retrieve another copy of it each time
sub gen_uidl {
	my $uidl;
	foreach (1 ... 5) {
		$little = chr( int(rand(26) + 97) );
		$big = chr( int(rand(26) + 65) );
		$number = chr( int(rand(10) + 48) );
		$uidl .= "$little$big$number";
	}
	return $uidl;
}