Learn to speak POP3 in one simple lesson

Joor Loohuis, October 6, 2009, 14102 views.

POP3 is one of the core protocols of the Internet, allowing mail clients to fetch messages from a remote server. There are circumstances where it is very convenient to be able to perform a manual POP3 session, for example for debugging purposes. This article shows you all you need to know about POP3 to handle such a manual session.

Tags: , , ,

POP3 is one of the core protocols of the Internet. It is very likely the most widely used protocol for retrieving email from a remote maildrop. It is not nearly as sophisticated as IMAP, but apparently suffices for most users. Its simplicity is convenient for systems administrators, because it makes debugging problems very easy. The only thing you need to know are a few simple commands, and a way of manually sending these to a POP3 server, in stead of using a mail client. The problem with the latter is that it may affect the state of the messages in a maildrop, and by sending POP3 commands manually, this can be avoided.

Netcat

There are several ways of communicating with a POP3 server. Our preferred tool is netcat, typically installed on any Linux system, and easily installed on other systems, since it's part of the GNU software collection. Traditionally, netcat is invoked through the nc command, but sometimes it is renamed to avoid name conflicts. In the following, we'll use nc.

Testing accounts

The primary use we have for manual POP3 sessions is to verify that a user account works as it should, so we'll kick off with that. Afterwards, we'll discuss a few other POP3 commands that come in handy every now and then. A POP3 session is initialized with

nc pop.example.com 110

Of course you need to replace the domain name with that of the POP3 server you want to connect to. NB: do not try to connect to servers that you don't administer yourself, or at least have a mail account on. Most systems administrators consider this bad manners. Anyway, assuming the server you connect to is running a POP3 server on port 110, you'll receive a banner as a reply to your connection attempt:

+OK Dovecot ready.

Depending on the configuration you might receive less or more information. We use the Doveot POP3/IMAP server, but we prefer to keep our server banners to the minimum necessary for correct operation. In any case, any reply by the POP3 server will start with +OK if the result was in order, or -ERR if it was not. In this case Dovecot just told us it's ok to proceed, which we do by authenticating:

USER user@example.com
+OK

We issued the USER command, followed by the username of the account we want to access. The POP3 server again signals that it's ok to proceed. Note that this doesn't mean that the account actually exists. But if the server immediately responds with an error, it would allow a cracker to fish for account names, so any decent POP3 server will only return an authentication error after all login data are sent. We now provide a password for the account:

PASS passwd
+OK Logged in.

We use the PASS command, followed by the actual password, and consequently, we're logged in. If the account data were invalid, the POP3 server would return something along the lines of

-ERR Authentication failed.

Note that the password will be on your screen for all to see, so be careful who is looking over your shoulder, and be sure to clear your screen or close the terminal after you're done. Anyway, now that we've verified that the account data are valid, and the problem the user reported actually is located between the chair and the keyboard, we can terminate the POP3 session:

QUIT
+OK Logging out.

Other commands

POP3 is a relatively simple protocol, with just a few commands. Of these, there are four that are useful in a manual session, the first being the STAT command. Assuming you have succesfully authenticated as described above, you can use STAT to inspect the status of the account:

STAT
+OK 19 46812

Here the POP3 server tells us that there are 19 messages waiting to be retrieved, with a total size of about 45KB. More detail can be obtained with the LIST command:

LIST
+OK
1 22829
2 3063
3 25404
4 26513
...

The LIST command provides us with a list of all messages and their sizes. The ordinal numbers of the messages are important, since these can be used by other commands. For example, to inspect the headers of a message, issue the TOP command, followed by the ordinal number of a message:

TOP 2
+OK
Return-Path: <somebody@domain.com>
X-Original-To: user@example.com
Delivered-To: user@example.com
...

You can also add the number of lines you want to see from the message content itself:

TOP 2 10
+OK
...

The command above should show you the message headers and the first 10 lines of the message itself. This might be useful to verify we have the correct ordinal number for the final command we'll discuss, which is the DELE command:

DELE 2
+OK

This will instruct the POP3 server to delete the message from the maildrop. We've used this once or twice when there was a malformed message that crashed the buggy mail client a user insisted on using. Note that there is no undelete command, but the message will not actually be deleted until the QUIT command is issued.

Alternative clients

There are ports of netcat for Windows and MacOS X, but as an alternative you can also use telnet to connect to a remote server, much like using netcat:

telnet pop.example.com 110

We use netcat because it follows the Unix philosophy of doing one thing, and doing it good, and probably also because of a kneejerk reaction against telnet, having seen it abused many times. Of course, you can choose your own poison.

Another option, if the POP3 server supports it, is to connect over SSL. This has the additional benefit that the authentication data are sent over a secure connection. Connecting over SSL is done by using the s_client utility from OpenSSL:

openssl s_client -connect pop.example.com:995

We use port 995 now, because that is the default port for POP3 over SSL. Of course the password you enter is still leggible in your console.

Update Oct 7: added section on SSL

Social networking: Tweet this article on Twitter Pass on this article on LinkedIn Bookmark this article on Google Bookmark this article on Yahoo! Bookmark this article on Technorati Bookmark this article on Delicious Share this article on Facebook Digg this article on Digg Submit this article to Reddit Thumb this article up at StumbleUpon Submit this article to Furl

Talkback

respond to this article

Re: Learn to speak POP3 in one simple lesson (Jos Visser, 2009-10-10 23:28 CEST)
Why nc? What's wrong with telnet? Or am I showing my age?
Re: Learn to speak POP3 in one simple lesson (Joor Loohuis, 2009-10-11 20:57 CEST)
> Why nc? What's wrong with telnet? Or am I showing my age?

Well, the initial netcat release is from 1995 (http://seclists.org/bugtraq/1995/Oct/28), so we wouldn't exactly call you 'old'. Perhaps 'neolithic' is more appropriate ;)