Saturday, September 20, 2008

Apache Advanced Configuration wtih POP3 Protocol

Because of Apache’s modular nature, it is possible to serve multiple protocols from one software process. This means that you could conceivably use the Apache core to serve HTTP, POP3, SMTP, and more simultaneously. One thing to keep in mind when attempting this is that normally, you cannot serve more than one protocol on a single IP and port combination. This means that if you wish to use Apache to serve both HTTP and POP3 requests, you’ll need to use both ports 80 and 110 (the default HTTP and POP3 ports). This is important to think about, because you will need to configure both hardware and software firewalls accordingly. Usually, you won’t have to worry about conflicting ports; however, most well known protocols have a default or well known port that is defined so as to not conflict with any other protocols.

Using the example of the POP3 module that is developed by the Apache Software foundation, we would need to make the following configuration changes to your Apache server. First, you will need to follow create a subdirectory “httpd-pop3” under the “modules” directory in the Apache home directory. You will then need to re-run the “configure” command with the option “--enable-pop”. This will install the POP3 module into Apache.

After you’ve installed the module, you need to correctly configure it in the httpd.conf file. This requires you to create a virtual host similar to the ones described in the previous article. The following configuration block gives an example of this:


<

VirtualHost 123.234.345.111:110>

Pop3Protocol On

Pop3Maildrops /www/mail/pop3

< /VirtualHost>


This configuration creates a virtual host listening to a specific IP on port 110, the Internet-standard port for POP3. The internal lines tell Apache to turn on the POP3 protocol on this virtual host, as well as define the directory where the server should look for the mail files. However, this configuration alone does not suffice, as POP3 requires an authenticated user to make sense, since you need to make sure users only have access to their own email and that hackers don’t have access to any of it. To configure this, you need to use the following “Directory” block configuration:


<

Directory /www/mail/pop3>

AuthUserFile /www/auth/pop3.users

AuthName Pop3Auth

AuthType Basic

Require valid-user

< /Directory >



Notice that this configuration sets up security for the same directory as is defined in the “Pop3Maildrops” line in the “VirtualHost” block above. Otherwise, this acts as any other authentication definition as described in the previous article; it defines where the user file is to be found, the name transmitted to the client for authentication against, what type of authentication to use, and finally requires that a user be validated before they are granted access to the contents of the directory.

Basically, setting up and configuring this protocol takes advantage of some of the techniques described in the “Intermediate” article and describes how they work together with a Protocol Module to allow even more flexibility to the Apache server.