E N D
POP3 Post Office Protocol v.3
Intro • The Post Office Protocol (POP) is currently the most popular TCP/IP e-mail access and retrieval protocol. It implements the offline access model, allowing users to retrieve mail from their SMTP server and use it on their local client computers. It is specifically designed to be a very simple protocol and has only small number of commands. The current revision of POP is version 3, and the protocol is usually abbreviated POP3 for that reason. • There are some implementations of POP that attempt to implement the disconnected access model, with limited success. More often, however, IMAP is used for this purpose, since it is better suited to that access model.
POP3 General Operation • POP3 is a client/server protocol that is described using a simple linear sequence of states. A POP3 session begins with a POP3 client making a TCP connection to a POP3 server, at which point the session is in the Authorization state. After successful authentication, the session moves to the Transaction state, where the client can perform mail access transactions. When it is done, the client ends the session and the Update state is entered automatically, where cleanup functions are performed and the POP3 session ended.
Session States • Authorization State: The server provides a greeting to the client to indicate that it is ready for commands. The client then provides authentication information to allow access to the user's mailbox. • Transaction State: The client is allowed to perform various operations on the mailbox. These include listing and retrieving messages, and marking retrieved messages for deletion. • Update State: When the client is done with all of its tasks and issues the QUIT command, the session enters this state automatically, where the server actually deletes the messages marked for deletion in the Transaction state. The session is then concluded and the TCP connection between the two terminated.
Standard POP3 Authentication • The normal method of authorization in POP3 is a standard “username / password” login. First the client issues a USER command along with the user's mailbox name (his or her user name or e-mail address). The server responds with an intermediate acknowledgment. The client then uses the PASS command to send the user's password. Assuming the login is valid, the server responds to the client with an acknowledgment that indicates successful authentication. The response will also typically specify the number of messages waiting for the user in the mailbox • If authorization is successful, the POP3 session transitions to the Transaction state. If the user name or password are incorrect, an error response is given and the session cannot proceed.
Alternative Authentication Using APOP • Since user/password authorization is considered by many people to be insufficient for the security needs of modern internetworks, the POP3 standard also defines an alternative authentication method, using the APOP command. This is a more sophisticated technique based on the MD5 “message digest” encryption algorithm. • If the server supports this technique, in its opening greeting it provides a string indicating a timestamp that is unique for each POP3 session. The client then performs an MD5 calculation using this timestamp value and a “shared secret” known by the server and client. The result of this calculation is included in the client's APOP command. If it matches the server's calculation, authentication is successful; otherwise the session remains in the Authorization state.
POP3 Transaction State • Typical POP3 Mail Exchange Sequence The Transaction state is relatively “unstructured” in that commands do not need to be issued in any particular order to meet the requirements of the standard. However, there is a natural progression to how a mailbox is retrieved, and that means the commands are usually used in the following way: • The client issues a STAT command to see the number of messages in the mailbox. • The client issues a LIST command and the server tells it the number of each message to be retrieved. • The client issues a RETR command to get the first message and if successful, marks it for deletion with DELE. The client uses RETR/DELE for each successive message.
POP3 Update State • When the POP3 client is done with its e-mail transactions, it issues the QUIT command. This causes the Update state to be automatically entered, where the server performs necessary clean-up operations, including deleting any messages marked for deletion in the Transaction state.
S: <wait for connection on TCP port 110>C: <open connection>S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>C: APOP mrose c4c9334bac560ecc979e58001b3e22fb The client may instead use USER and PASS --> C: USER mrose S +OK User accepted C: PASS mrosepass S +OK Pass acceptedS: +OK mrose's maildrop has 2 messages (320 octets)C: STATS: +OK 2 320C: LISTS: +OK 2 messages (320 octets)S: 1 120S: 2 200S: .C: RETR 1S: +OK 120 octetsS: <the POP3 server sends message 1>S: .C: DELE 1S: +OK message 1 deletedC: RETR 2S: +OK 200 octetsS: <the POP3 server sends message 2>C: DELE 2S: +OK message 2 deletedC: QUITS: +OK dewey POP3 server signing off (maildrop empty)C: <close connection>S: <wait for next connection>
References • http://www.ietf.org/rfc/rfc2449.txt • http://www.tcpipguide.com/free/t_TCPIPPostOfficeProtocolPOPPOP3.htm • http://en.wikipedia.org/wiki/POP3