The Post Office Protocol (POP3)


Mail clients use SMTP to send outgoing mail to an SMTP server. To retrieve mail messages, however, the Post Office Protocol (currently version 3) generally is used. POP3 is a stateful protocol, progressing from one state to another, depending on the results of the transaction in progress and the commands that are issued. The states are listed here:

  • AUTHORIZATION In this state, the user supplies a username and password to authenticate the client to the mail server. In its original implementation, the protocol supports clear-text for username and password transmissions. This, of course, can be a security problem, and other techniques should be used in a secure environment.

  • TRANSACTION In this state, the client issues commands and receives responses from the server.

  • UPDATE In this state, the client has finished its commands (by issuing the QUIT command), and the server can then delete messages that were marked for deletion and close the TCP connection.

In the following sections, you'll see what happens during each state and the POP3 commands that can be used in each state. Similar to SMTP, commands are not case-sensitive and are either 3 or 4 characters long. The total length of arguments allowed for a command is 40 characters. Responses, however, can be up to 512 characters in length.

Finally, the status indicators that the POP3 server can return to the client are limited to only two:

  • +OK A positive response.

  • -ERR A negative response.

Each of these status indicators can be followed by text that describes the response. In many cases, the response consists of multiple lines. Both the +OK and the -ERR status indicators must be sent by the server in uppercase only. When multiple lines are sent as part of a response, the same method used by SMTP to mark the end of the response is used: the period character on a line by itself.

The AUTHORIZATION State

A POP3 server typically listens on TCP port number 110 for incoming requests from POP3 clients. After a TCP connection is established between the client and the POP3 server, the POP3 server sends a greeting to the client. At this point, the process is said to be in the AUTHORIZATION state. During this state, the client uses some authentication method to identify itself to the POP3 server. This can be clear-text username and password combinations, or it can be a more secure authorization method. For more information about secure forms of authentication when using POP3, see RFC 1734, "POP3 AUTHentication command." This RFC defines the AUTH command that can be used to negotiate an authentication mechanism between the client and the server.

After the client has been authenticated to the POP3 server, the server attempts to gain an exclusive lock on the client's mailbox files. This lock prevents changes to the mailbox during the session so that the current collection of messages remains the same through the UPDATE state. Failure to lock the mailbox could allow new messages to arrive. As you'll find out in the next section, the server uses message numbers to identify each message in the mailbox. If new messages were allowed to enter the mailbox while the users were accessing it, it would be possible for confusion to exist during the UPDATE state, especially if messages are to be deleted. Thus, the mailbox is locked so that it will remain consistent for the current session.

The TRANSACTION State

After authentication has been performed successfully, the process enters into the TRANSACTION state, in which the client can send commands to the POP3 server. When finished issuing commands to the server, the client uses the QUIT command to terminate the session. At this point, the server enters the UPDATE state.

The POP3 server assigns a unique message number, beginning with 1, to each message in the mailbox. During this TRANSACTION state, the client can use the following commands to communicate with the POP3 server:

  • STAT This "status" command results in the server returning information about the mailbox to the client. This is called a drop listing. The format is the +OK status indicator followed by a single space and then the number of messages currently in the mailbox. The drop listing also contains the size of the messages contained in the mailbox in octets (bytes).

  • LIST This command can be optionally followed by a message number. If a message number is included, the POP3 server returns a "scan listing" for the specified message. If no message number is specified, the server responds with the +OK status indicator and then lists, line by line, a scan listing for each message in the mailbox. The scan listing consists of the message number followed by one single space and then the size of the message in octets.

  • RETR This is the retrieve command used to pull copies of messages from the server. A message number must follow the RETR command. The server responds with the +OK status indicator, followed by a multiline response that consists of the actual text of the mail message itself. The message is terminated with the period character.

  • DELE This command allows the client to request that a message be deleted from the POP3 server. Again, a specific message number is required. The message will be marked as deleted, but it still exists in the mailbox until the session enters the UPDATE state.

  • NOOP Again, the no operation command does nothing, but the POP3 server responds with the +OK status indicator.

  • RSET This "reset" command causes any messages that have been marked as deleted to be reset to a nondelete state.

After the client has finished issuing commands to the server and processing the responses the POP3 server returns, the client issues the QUIT command to indicate that it is finished. This ends the TRANSACTION state.

The UPDATE State

After the QUIT command has been received by the POP3 server, the session enters the UPDATE state. In this state, the POP3 server can delete the mail messages that were previously marked for deletion by the client. Again, if the session is terminated (by a network failure, for example) before the client can issue the QUIT command, messages that were marked for deletion are not deleted because the session never makes it to the UPDATE state.

When the POP3 server deletes messages during this state, it sends the +OK status indicator back to the client. If an error occurs trying to delete any of the messages, the -ERR status indicator is returned to the client.

After deleting the messages, the server performs other housekeeping chores, such as removing its lock on the mailbox, and then terminates the TCP connection.




Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2006
Pages: 411

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net