POPA3D(8) OpenBSD System Manager's Manual POPA3D(8)
popa3d - Post Office Protocol (POP3) server
popa3d is a POP3 server. It offers network access to user mailboxes
through the POP3 protocol. The server uses the TCP protocol and listens
at the port specified in the ``pop3'' service specification; see
A POP3 server operates on local mailboxes on behalf of its remote users.
Users can connect at any time to check their mailbox and fetch the mail
that has accumulated. The advantage of this ``pull'' approach is that
any user with a simple POP3-capable mail reader program can receive mail,
eschewing the need for a full-fledged Mail Transfer Agent (MTA) and a
permanent network connection.
Note that POP3 can only be used to retrieve mail, not to send it. To
send mail, the SMTP protocol is commonly used; see sendmail(8).
The options are as follows:
-4 In standalone mode (-D), listen to IPv4 only.
-6 In standalone mode (-D), listen to IPv6 only.
-D With this option set, popa3d will detach and become a daemon, ac-
cepting connections on the pop3 port and forking child processes
to handle them. This has lower overhead than starting popa3d
from inetd(8) and is thus useful on busy servers to reduce load.
In this mode popa3d also does quite a few checks to significantly
reduce the impact of connection flood attacks.
-V Show version information and exit.
Alternatively, popa3d can be used through inetd(8). This requires the
following entry to be activated in /etc/inetd.conf:
pop3 stream tcp nowait root /usr/sbin/popa3d popa3d
or, using tcpd(8) for TCP-wrappers access control:
pop3 stream tcp nowait root /usr/libexec/tcpd /usr/sbin/popa3d
For access to a mailbox through the POP3 service, the username must be in
the password database. Additionally, popa3d does not permit null pass-
words and will refuse to serve mail for root (uid 0) users.
A normal POP3 session progresses through three states: authorization,
transaction and update.
After the TCP connection opens, the client must authenticate itself to
the server in the authorization state. The following commands are sup-
ported in the authorization state. All commands are case-insensitive.
USER name authenticate as user ``name''
PASS string authenticate using password ``string''
QUIT quit; do not enter update state
When authorization is successful, the server enters the transaction
state. The client can now list and retrieve messages or mark messages
for deletion. The following commands are supported in the transaction
DELE msg mark message for deletion
LAST show highest message number accessed (obsolete)
LIST [msg] list message number and size
NOOP do nothing
QUIT quit; enter update state
RETR msg retrieve message
RSET clear deletion marks
STAT return total number of messages and total size
TOP msg n show top n lines of message body
UIDL [msg] list message number and digest
When the client issues the QUIT command in the transaction state, the
server enters the update state. All messages that were marked for dele-
tion are now removed. The server then closes the connection.
User mail spools
TCP-wrappers access controls may be defined here as described in
hosts_access(5). Valid if popa3d is started in daemon-mode, or
if popa3d is running through inetd(8) and is used in combination
Official Internet Protocol Standard STD 53, also known as RFC 1939.
popa3d first appeared in OpenBSD 3.0.
Solar Designer <solarATopenwall.com>
POP3 authenticates using cleartext passwords.
OpenBSD 3.6 August 15, 2001 2