Receiving Mail (POP)

The flip side to sending mail is, of course, receiving it. This is done using the POP or Post Office Protocol. It is a very similar "dialog" process to SMTP.

A POP3 session progresses through a number of states during its lifetime. Once the TCP connection has been opened and the POP3 server has sent the greeting, the session enters the AUTHORIZATION state. In this state, the client must identify itself to the POP3 server. Once the client has successfully done this, the server acquires resources associated with the client's maildrop, and the session enters the TRANSACTION state. In this state, the client requests actions on the part of the POP3 server. When the client has issued the QUIT command, the session enters the UPDATE state. In this state, the POP3 server releases any resources acquired during the TRANSACTION state and says goodbye. The TCP connection is then closed.

A POP3 server MAY have an inactivity autologout timer. Such a timer MUST be of at least 10 minutes' duration. The receipt of any command from the client during that interval should suffice to reset the autologout timer. When the timer expires, the session does NOT enter the UPDATE state-the server should close the TCP connection without removing any messages or sending any response to the client.

Once the TCP connection has been opened by a POP3 client, the POP3 server issues a one line greeting. This can be any string terminated by CRLF. An example might be:

  S:  +OK POP3 server ready

Note that this greeting is a POP3 reply. The POP3 server should always give a positive response as the greeting.

The POP3 session is now in the AUTHORIZATION state. The client must now identify and authenticate itself to the POP3 server. Two possible mechanisms for doing this are described in this document, the USER and PASS command combination and the APOP command. The APOP command is described later in this document.

To authenticate using the USER and PASS command combination, the client must first issue the USER command. If the POP3 server responds with a positive status indicator ("+OK"), then the client may issue either the PASS command to complete the authentication, or the QUIT command to terminate the POP3 session. If the POP3 server responds with a negative status indicator ("-ERR") to the USER command, then the client may either issue a new authentication command or may issue the QUIT command.

When the client issues the PASS command, the POP3 server uses the argument pair from the USER and PASS commands to determine if the client should be given access to the appropriate maildrop.

Once the POP3 server has determined through the use of any authentication command that the client should be given access to the appropriate maildrop, the POP3 server then acquires an exclusive- access lock on the maildrop, as necessary to prevent messages from being modified or removed before the session enters the UPDATE state. If the lock is successfully acquired, the POP3 server responds with a positive status indicator. The POP3 session now enters the TRANSACTION state, with no messages marked as deleted. If the the maildrop cannot be opened for some reason (for example, a lock can not be acquired, the client is denied access to the appropriate maildrop, or the maildrop cannot be parsed), the POP3 server responds with a negative status indicator. (If a lock was acquired but the POP3 server intends to respond with a negative status indicator, the POP3 server must release the lock prior to rejecting the command.) After returning a negative status indicator, the server may close the connection. If the server does not close the connection, the client may either issue a new authentication command and start again, or the client may issue the QUIT command.

After the POP3 server has opened the maildrop, it assigns a message- number to each message, and notes the size of each message in octets. The first message in the maildrop is assigned a message-number of "1", the second is assigned "2", and so on, so that the n'th message in a maildrop is assigned a message-number of "n". In POP3 commands and responses, all message-number's and message sizes are expressed in base-10 (i.e., decimal).

Minimal POP3 Commands:

The folowing commands are essential and are valid in the AUTHORIZATION state:

USER name

-- Login process starts. Only you can read your mail.

PASS string

-- Login proceeds. A valid Password must be supply to match Username.

QUIT

-- Terminate AUTHORIZATION.

The folowing commands are essential and are valid in the TRANSACTION state:

STAT

-- The POP3 server issues a positive response with a line containing information for the maildrop if it receives this message.

LIST msg

-- List mail messages (or messages refered to by msg) by number and size of messages waiting to be read. A msg message-number (optional), which, if present, may NOT refer to a message marked as deleted.

RETR msg

-- Retrieve a mail message from the server

DELE msg

-- Delete a mail message

NOOP

-- Check if server is still up. The POP3 server does nothing, it merely replies with a positive response.

RSET

-- Reset the server.If any messages have been marked as deleted by the POP3 server, they are unmarked. The POP3 server then replies with a positive response.

The folowing commands are essential and are valid in the UPDATE state:

QUIT

-- end the session. The POP3 server removes all messages marked as deleted from the maildrop.

The following are optional POP3 Commands:

APOP name digest

-- valid in the AUTHORIZATION state. Normally, each POP3 session starts with a USER/PASS exchange. This results in a server/user-id specific password being sent in the clear on the network. For intermittent use of POP3, this may not introduce a sizable risk. However, many POP3 client implementations connect to the POP3 server on a regular basis - to check for new mail. Further the interval of session initiation may be on the order of five minutes. Hence, the risk of password capture is greatly enhanced. An alternate method of authentication is required which provides for both origin authentication and replay protection, but which does not involve sending a password in the clear over the network. The APOP command provides this functionality.

TOP msg n

-- valid in the TRANSACTION state. If the POP3 server issues a positive response, then the response given is multi-line. After the initial +OK, the POP3 server sends the headers of the message, the blank line separating the headers from the body, and then the number of lines indicated message's body, being careful to byte-stuff the termination character (as with all multi- line responses).

Note: that if the number of lines requested by the POP3 client is greater than than the number of lines in the body, then the POP3 server sends the entire message.

UIDL [msg]

-- If an argument was given and the POP3 server issues a positive response with a line containing information for that message. This line is called a "unique-id listing" for that message. If a message-number is given, it may NOT refer to a message marked as deleted.

The following are the POP Replies:

+OK

-ERR

Note that with the exception of the STAT, LIST, and UIDL commands, the reply given by the POP3 server to any command is significant only to "+OK" and "-ERR". Any text occurring after this reply may be ignored by the client.

Sample POP Session

  < <wait for connection on TCP port 110>
  > open connection 
  <    +OK POP3 server ready <sentinel.cs.cf.ac.uk>
  >    APOP mrose c4c9334bac560ecc979e58001b3e22fb
  <    +OK mrose's maildrop has 2 messages (320 octets)
  >    STAT
  <    +OK 2 320
  >    LIST
  <    +OK 2 messages (320 octets)
  <    1 120
  <    2 200
  <    .
  >    RETR 1
  <    +OK 120 octets
  <    The POP3 server sends message 1
  <    .
  >    DELE 1
  <    +OK message 1 deleted
  >    RETR 2
  <    +OK 200 octets
  <    
  <the POP3 server sends message 2>
  <    .
  >    DELE 2
  <    +OK message 2 deleted
  >    QUIT
  <    +OK dewey POP3 server signing off (maildrop empty)
  <    close connection
  <    wait for next connection...