Post Office Protocol
POP3 (Post Office Protocol Version 3) | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Family: | Internet protocol family | ||||||||||||||||||||||||
Operation area: | Collecting email from the provider | ||||||||||||||||||||||||
Port: | 110 / TCP 995 / TCP (encrypted) |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||
Standards: | RFC 1939 (POP3, 1996) |
The Post Office Protocol ( POP ) is a transmission protocol that a client can use to pick up e-mails from an e-mail server . Version 3 ( POP3 ) is described in RFC 1939 . POP3 is an ASCII protocol , whereby the data transmission is controlled by commands that are sent to port 110 as standard .
POP3 is very limited in functionality and only allows the listing, retrieval and deletion of e-mails on the e-mail server. For further functionalities such as hierarchical mailboxes directly on the mail server, access to several mailboxes during a session, preselection of e-mails, etc., protocols such as IMAP must be used.
As a counterpart to POP3, the Simple Mail Transfer Protocol (SMTP) is usually implemented in clients and servers for sending e-mails .
history
The Post Office Protocol was first described in RFC 918 in October 1984 . POP2, described in RFC 937 , followed in February 1985 , before POP3 first appeared in RFC 1081 in November 1988 .
POP3 corresponds to POP and POP2 in the basic form. The procedure for retrieving e-mails differs mainly in that the client does not need to be ready to receive and the correct receipt of an e-mail no longer needs to be confirmed. The lower complexity and the presence of "overview commands" like STAT and LIST are among the features of POP3. POP3 is also described more precisely and in greater detail from the start.
A proposal was made for POP4, including a functioning server implementation. This proposal includes basic directory management, support for multi-part messaging, and message marking, which provides a simple protocol to add some popular IMAP features that POP3 lacks. No progress in the development of POP4 has been observed since 2003.
POP3 clients
The POP3 protocol is integrated in all popular e-mail programs .
POP3 server
Appropriate POP3 server software must be installed so that the mail server can answer inquiries via POP3.
In the case of Windows e-mail servers, the POP3 server can be integrated into the corresponding e-mail server package (e.g. in the Windows Server 2003 mail server or in server software such as Microsoft Exchange or Lotus Domino ) be. With Mercury / 32 the POP3 functionality is available as a module. Other software manufacturers can provide further solutions.
In the Unix area there are u. a. the following POP3 server software:
- courier-pop
- cyrus-pop3d (part of the Cyrus mail server software)
- Dovecot
- ipopd
- popa3d
- qpop3d (part of qmail )
- qpopper
- ipop3d (from the IMAP Toolkit Environment by Mark Crispin)
- Citadel / UX
Advantages and disadvantages of POP3
advantage | disadvantage |
---|---|
|
|
Commands
Standard commands (available on every server):
USER xxx
- selects the user name or the user account on the e-mail server.
PASS xxx
- passes the password in clear text .
STAT
- provides the status of the mailbox, etc. a. the number of all e-mails in the mailbox and their total size (in bytes).
LIST n
- provides the number and size of the ( nth ) email (s).
RETR n
- fetches the nth e-mail from the e-mail server.
DELE n
- deletes the nth e-mail on the e-mail server.
NOOP
- no function, the server answers with + OK.
RSET
- resets all DELE commands.
QUIT
- ends the current POP3 session and executes all DELE commands.
Optional commands (depending on the server):
APOP
- secure login, s. u.
TOP n x
- gets the header and the first x lines of the nth mail.
UIDL n
- shows the unique ID of the email.
To test POP3 connections, the commands can be sent directly to port 110 using a Telnet program and the responses from the POP3 server can be checked. (For this example, on Windows or Linux, enter telnet example.com pop3 at the command prompt or console. Domain and port are separated by spaces and not colon.)
A typical POP3 session between server and client could look like this:
Client | server |
---|---|
(waiting for connections on TCP port 110) | |
(opens connection) | |
+ OK example.com POP3 server | |
USER [email protected] | |
+ OK Please enter password | |
PASS password_in_clartext | |
+ OK mailbox locked and ready | |
STAT | |
+ OK 1 236 | |
LIST | |
+ OK mailbox has 1 messages (236 octets) 1 236 . |
|
RETR 1 | |
+ OK message follows Date: Mon, Oct 18 2004 04:11:45 +0200 From: Someone <[email protected]> To: [email protected] Subject: Test email Content-Type: text / plain; charset = us-ascii; format = flowed Content-Transfer-Encoding: 7bit This is a test e-mail . |
|
DELE 1 | |
+ OK message marked for delete | |
QUIT | |
+ OK bye (closes the connection and executes the DELE command) |
safety
Authentication
Like SMTP, POP3 is pretty simple. It requires the user to be authenticated using a user name and password. Username and password are transmitted unprotected as plain text. This allows attackers unnoticed access to the mailbox and is a glaring security hole. There are various extensions to secure the authentication. This can be remedied by the mechanisms available on many servers via SASL and the APOP, which is also defined in the standard . When using APOP, the password is no longer transmitted in clear text. Instead, the server transmits a time stamp at the beginning of the session . The mail client calculates a hash value from this and the password , which is then transmitted to the server. If the server comes to the same result, the login process is considered successful.
Encryption
The transmission of the authentication data, the POP3 commands and the message itself can also take place completely encrypted via SSL / TLS . Alternatively, the STARTTLS procedure (the command is STLS) is used on the standard TCP port 110 or POP3 via SSL (POP3S) on TCP port 995.
See also
- Internet Message Access Protocol (IMAP)
- Simple Mail Transfer Protocol (SMTP)
- Simple Mail Access Protocol (SMAP)
Individual evidence
- ↑ POP4 specification although pop is used to receive mail after system is not online. . 2003. Archived from the original on September 27, 2011. Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved October 17, 2011.
literature
- RFC 1939 (Post Office Protocol - Version 3)
- RFC 1082 (POP3 Extended Service Offerings)
- RFC 1734 (POP3 AUTHentication command)
- RFC 2595 (Using TLS with IMAP, POP3 and ACAP)
- RFC 2449 (POP3 Extension Mechanism)
- RFC 3206 (The SYS and AUTH POP Response Codes)
- Peer Heinlein , Peer Hartleben: POP3 and IMAP - Mailserver with Courier and Cyrus , Open Source Press , September 2007, ISBN 978-3-937514-11-6