Introduction to POP3 | FreeBSD 6 Unleashed

You now have a sound understanding of SMTP and Sendmail, and you have the tools you need to configure your server according to the needs of almost any typical Internet server. But SMTP is only half of the equation. For email to get completely from one user to another, there's another process that needs to take place: downloading the mail through the Post Office Protocol, known as POP.

The Post Office Protocol enables users to access their mailboxes from remote client machines and download their messages. POP became necessary once it was clear that there would ultimately be a great many more Internet users who used graphical clientside email programs on their own dial-up computers, rather than server-side shell clients such as Pine and Mutt. Shell-based clients read mail directly out of the user's mailbox file. To use an MUA such as Microsoft Outlook or Apple Mail, however, the client has to connect to the mail server in which the user's mailbox file is stored (refer to Figure 25.1), determine whether there are any new messages since the last time it checked, and if so, download them. The client program then displays these new messages and optionally deletes them from the mailbox file on the server.

Unlike SMTP, POP3 (the current and standard version of POP) requires authentication. This is sensible because although security really isn't an issue for sending mail (except as regards protecting your server from spammers), it's absolutely essential to ensure that only the intended recipient can view the mail addressed to him. After all, in real life, anybody can drop a letter in the outgoing post office mailbox, but only the legitimate receiver can open his or her mailbox and retrieve it.

Authentication makes it a little less easy to simulate a POP transaction than an SMTP one. Simulating a POP transaction is also a lot less necessary, however, largely because POP3 requires very little in the way of configuration. There's not a lot that can go wrong. However, the POP3 server, Qpopper, is not included in the core FreeBSD installation. To enable POP3 service you must install Qpopper out of the ports (/usr/ports/mail/qpopper). This program is derived from the original Berkeley POP server program and has been further developed semicommercially (but in a free and open-source fashion) by Qualcomm, the makers of the once-popular Eudora mail client. Qpopper is no longer officially developed or supported, but it's still available from Qualcomm, as is its complete documentation.

Note

Other POP3 server programs are beginning to take the spotlight away from Qpopper. Probably the most popular is Dovecot, available in the ports or from its site at http://dovecot.org; it's a full-featured, security-focused POP3 and IMAP server that works excellently even though it's still in alpha development at the time of this writing. Another solution is IMAP-UW, discussed later in this chapter, which also includes a POP3 server you can use instead of Qpopper.

The POP3 server runs from out of inetd, the "super-server." inetd listens for TCP and UDP connections, and upon receiving one on TCP port 110, it looks up the service name in /etc/services, determines how to handle requests for that service type, and fires off a Qpopper process from /usr/local/libexec/qpopper. (This locationin the libexec directory, rather than bin or sbintells you that Qpopper is not a program intended to be run from the command line. Rather, it's only supposed to be invoked by other programs.) This process handles the transaction, authenticates the user, locks the user's mailbox, figures out which messages need to be downloaded, and serves them. This works just fine for most systems. Although Qpopper does in fact provide a rather large number of configuration options, most of them are useful only for tweaking extra performance out of the servera valuable thing to know how to do if your server is a high-profile one. For most purposes, though, all you have to do is install the port and enable the service.

Note

You may have your system configured so that inetd is not running (for example, for security reasons, as outlined in Chapter 30, "Network Security"). If this is the case, Qpopper can be run in standalone mode, like Sendmail. We will discuss how this is done in a moment.

It's important to note that, by default, POP3 transactions are done in clear text. This means that POP3 is a source of potential password leaks and a security risk.

In version 4.0, Qpopper enables encrypted connections through the Secure Sockets Layer (SSL) libraries, which are part of FreeBSD and also used in such protocols as SSH (Secure Shell) and secure HTTP. The following section describes how to configure Qpopper to take advantage of this security measure.