OpenBSD manual page server

Manual Page Search Parameters

POPA3D(8) System Manager's Manual POPA3D(8)

popa3dPost Office Protocol (POP3) server

popa3d [-46DV]

popa3d is a POP3 server. It offers network access to user mailboxes through the POP3 protocol. The server uses the TCP protocol and listens at the port specified in the “pop3” service specification; see services(5).

A POP3 server operates on local mailboxes on behalf of its remote users. Users can connect at any time to check their mailbox and fetch the mail that has accumulated. The advantage of this ``pull'' approach is that any user with a simple POP3-capable mail reader program can receive mail, eschewing the need for a full-fledged Mail Transfer Agent (MTA) and a permanent network connection.

Note that POP3 can only be used to retrieve mail, not to send it. To send mail, the SMTP protocol is commonly used; see sendmail(8).

The options are as follows:

In standalone mode (-D), listen to IPv4 only.
In standalone mode (-D), listen to IPv6 only.
With this option set, popa3d will detach and become a daemon, accepting connections on the pop3 port and forking child processes to handle them. This has lower overhead than starting popa3d from inetd(8) and is thus useful on busy servers to reduce load.

In this mode popa3d also does quite a few checks to significantly reduce the impact of connection flood attacks.

Show version information and exit.

Alternatively, popa3d can be used through inetd(8). This requires the following entry to be activated in /etc/inetd.conf:

pop3 stream tcp nowait root /usr/sbin/popa3d popa3d

or, using tcpd(8) for TCP-wrappers access control:

pop3 stream tcp nowait root /usr/libexec/tcpd /usr/sbin/popa3d

For access to a mailbox through the POP3 service, the username must be in the password database. Additionally, popa3d does not permit null passwords and will refuse to serve mail for root (uid 0) users.

A normal POP3 session progresses through three states: authorization, transaction and update.

After the TCP connection opens, the client must authenticate itself to the server in the authorization state. The following commands are supported in the authorization state. All commands are case-insensitive.

Command Description
USER name authenticate as user ``name''
PASS string authenticate using password ``string''
QUIT quit; do not enter update state

When authorization is successful, the server enters the transaction state. The client can now list and retrieve messages or mark messages for deletion. The following commands are supported in the transaction state.

Command Description
DELE msg mark message for deletion
LAST show highest message number accessed (obsolete)
LIST [msg] list message number and size
NOOP do nothing
QUIT quit; enter update state
RETR msg retrieve message
RSET clear deletion marks
STAT return total number of messages and total size
TOP msg n show top n lines of message body
UIDL [msg] list message number and digest

When the client issues the QUIT command in the transaction state, the server enters the update state. All messages that were marked for deletion are now removed. The server then closes the connection.

User mail spools
/etc/hosts.allow, /etc/hosts.deny
TCP-wrappers access controls may be defined here as described in hosts_access(5). Valid if popa3d is started in daemon-mode, or if popa3d is running through inetd(8) and is used in combination with tcpd(8).

hosts_access(5), inetd(8), sendmail(8), tcpd(8)

Official Internet Protocol Standard STD 53, also known as RFC 1939.

popa3d first appeared in OpenBSD 3.0.

Solar Designer ⟨⟩

POP3 authenticates using cleartext passwords.

September 3, 2011 OpenBSD-5.1