SBnet - When we say Internet, we mean business.


SBnet

Home 
Services 
Support 
About Us 
Employment 
Client List 
Terms of Service
Privacy Policy

Customer Quote

Advertisements
Warp 9 Inc. - Building Online Businesses
Providing Full
e-Commerce
Solutions

   
maps.com
The Place For Maps Online

Post Office Protocol version 3

Welcome to the world of POP mail. This document will help you understand and troubleshoot the POP3 (Post Office Protocol version 3) mail system.

A Quick Overview

Basically, POP3 is intended to permit a workstation (client) to dynamically access a mailbox on a server and download mail messages. It's among the most simplistic Internet protocols around. For example, here's a simple POP3 session translated into English:

  • Server: Here I am.. anybody need me?
  • Client: Yeah! My name's Ted.
  • Server: Hi Ted! What's you password?
  • Client: My password is SECRET. So.. do I have any mail?
  • Server: Sure do, Ted. 1 message.
  • Client: Could you send it to me?
  • Server: Sure. It's on its way.
  • Client: Also, mark your copy as deleted.
  • Server: Done.
  • Client: OK, thanks! Good-bye.
  • Server: See ya.....
  • Server: Here I am.. anybody need me?

Pretty simple, right? To be honest, though, it's really not much more difficult than what you just saw, except in POP3, commands and replies are issued in a less conversational manner. Here is the same conversation translated back to POP3:

  • Server: +ok POP3 Server ready
  • Client: USER Ted
  • Server: +ok
  • Client: PASS SECRET
  • Server: +ok Ted has 1 messages (120 octets)
  • Client: RETR 1
  • Server: +ok (120 octets)
  • Client: DELE 1
  • Server: +ok message 1 deleted
  • Client: QUIT
  • Server: +ok POP3 Server signing off
  • Server: +ok POP3 Server ready

I hope you understood all that. And while this is the most simplistic view of a POP3 conversation, you should have been able to recognize the most important commands used in POP3:

USER (username)
PASS (password)
RETR (retrieve)
DELE (delete)
QUIT (quit)

The Basics

POP3 sessions (conversations) consist of 3 states (or stages, if you will):

  1. Authorization State
  2. Transaction State
  3. Update State

Think of these stages as a letter to your friend. We all learned in school that every good letter must consist of three parts: the greeting, the body, and the closing. This is exactly what POP3 consists of. Think of the Authorization State as the greeting, the Transaction State as the body, and the Update State as the closing. To give you a bit of framework and to allow you to apply what you already know, let's put the previous POP3 conversation into the 3 States. Here goes:

Authorization State

  • Server: +ok POP3 Server ready
  • Client: USER Ted
  • Server: +ok
  • Client: PASS SECRET
  • Server: +ok Ted has 1 messages (120 octets)

Transaction State

  • Client: RETR 1
  • Server: +ok (120 octets)
  • Client: DELE 1
  • Server: +ok message 1 deleted

Update State

  • Client: QUIT
  • Server: +ok POP3 Server signing off

Make sense? Well.. mostly. And for those of you that know POP3, you realize that I am leaving some key elements out. But by the end of this document, we'll all be experts.

Now that you understand the framework of the POP3 session, it's time to fill in some holes. And these holes consist of more commands. Remember to breathe easy: you already know the major ones. All other commands or mostly optional or secondary.

List of Possible Commands within the Authorization State:

  1. USER
    • This is your user name
  2. PASS
    • This is your password
  3. QUIT
    • This terminates the session due to inability to login (bad password, no such user, user is locked, etc..)
  4. APOP
    • This is a command to send an encoded password, versus just sending your password over the line in clear text for the whole world to see. This is used instead of the USER and PASS commands, and uses a secure encoding process known only to the client machine and the server machine. For encoding, the MD5 algorithm is used (not that you'd ever need to know this). Here's what the Authorization State looks like when using APOP:
      • Server: +ok POP3 Server ready <1896.697170952@dbc.mtview.ca.us>
      • Client: APOP ted c4c9334bac560ecc979e58001b3ee22fb
      • Server: +ok Ted has 1 messages (120 octets)

      What's basically happening here (don't panic), is that the password SECRET is getting added to the Server's ID string of <1896.697170952@dbc.mtview.ca.us>, and then the MD5 algorithm is applied yielding c4c9334bac560ecc979e58001b3ee22fb. To make it more simple, just think of it as the server telling you it's name, then you combine it with your password, then take it times some random number that only you and the server knows. This way, only you and the server know your password. Got it?

      Well, if not, just remember this: you are much safer using APOP than without it. And besides, as far as the end user and administrator are concerned, there is no difference between using it and not using it except you've clicked a little button in your mail program that reads APOP. Everything else is all done for you.

List of Possible Commands within the Transaction State:

  1. STAT
    • This command is given by the client and it basically does nothing more than asks the server how many pieces of mail are waiting. For example:
      • Client: STAT
      • Server: +ok 1 (120 octets)
  2. LIST
    • As is probably obvious, this command asks the server to list the messages waiting. For example, if there were 2 pieces of mail waiting:
      • Client: LIST
      • Server: +ok 2 (320 octets)
      • Server: 1 (120 octets)
      • Server: 2 (200 octets)
  3. RETR
  4. DELE
  5. NOOP
    • NOOP is basically short for "no-operation", and as might be obvious as well, this command tells the server to sit there and do nothing. This might be useful if you feel like perhaps the server has closed it's connection with you. In this case, you'd issue the NOOP command. If the connection is still live, it'll give you an +ok. Not very flashy.
  6. RSET
    • RSET is a very useful command. RSET is shorthand for RESET (the RFC for POP3 likes to keep commands to 4 letter words), and what this can do is, after a message is marked for deletion, RSET will unmark it. And in case 1+1 did not equal 2 for you in that last sentence, imagine this: You have two computers you access your mail with, one at home, the other at work. Well, since by default all mail is deleted from the server once downloaded, you can only view a message once per machine. More specifically, if you've got a mail message you downloaded on your work machine, when you connect to your mail account from home, the message will no longer be there. Well...? How can you get around this? I'm glad you asked, because the RSET command is the very tool to help you out. Issuing this command during the POP3 session tells the server not to delete the mail it intended to delete once you've signed off. Now.. how can you issue this command? Simple. On most POP3 mail programs, there is a command commonly known as Leave Mail on Server. Choosing this option will issue the RSET command by default. No worries. And now you have your mail both at home and work.
  7. TOP
    • The TOP command allows the server to send the client a peek at what the messages contain. This command has parameters that allow you to specify how many lines on what message you want to peek at. For example, the command:
      • Client: TOP 1 10
      • Server: +ok
      • Server: ( header and lines of text)

      will let you peek at the header and first 10 lines of message 1. QMPRO from CE Software currently utilizes this functionality.

  8. UIDL
    • The Unique ID Listing command is given by the Client when the Client needs to know the exact ID of a message on the server (besides "message 1"). Each message is given a unique ID, and it usually is pretty cryptic. For example:
      • Client: UIDL 1
      • Server: +ok 1 QhdPYR:00WBw1Ph7x7

      Obviously, this is a hexadecimal number that, besides being unpronounceable, denotes the exact message ID, much like your Social Security Number identifies you, even though you answer to your first name.

List of Possible Commands within the Update State:

  1. QUIT
    • It doesn't get much easier than this. This simply tells the server that you are logging off. But, what is necessary to know here is that unless you used the RSET command, this is where and when all the deleting takes place, as well as updating the mail list.

Conclusion & Things to Remember:

Well, while it may not be as easy as eating Jello, as far as Internet protocols go, this is among the simplest. Just remember the three states:

Authorization
Transaction
Update

and the basic commands:

USER (username)
PASS (password)
RETR (retrieve)
DELE (delete)
QUIT (quit)

Everything else is rarely seen and really not that important for your understanding of POP3.

Also, you may have noticed that while POP3 has a lot of commands to control messages being downloaded to you, where is the SEND command that seems so necessary? Well, while this may seem foreign at first, SEND is not a command within POP3. POP3 is only for message retrieval, really. Sending mail is a function of another Internet protocol known as SMTP (Simple Mail Transfer Protocol). And don't worry too much about this, because while it is indeed a separate entity from POP3, your POP3 client does have built-in SMTP sending capability. But of course, this is transparent. All you need to know is to push the SEND button in the program when you are ready to send the message. The mail client does everything else. No worries.

Also, you may wonder what happens when the server does not like what command you send it. Well, you do know that if it likes what you tell it, it will respond with an "+ok", right? Well, if it doesn't like what you tell it, it will respond with "-ERR" (shorthand for "error"). No big deal. In fact, +ok and -ERR are really about the only two responses that the server gives.

That's about it in a nutshell. If you would like further clarification on POP3, I suggest a delightful document known to the Internet community as RFC 1725.
 © 1999 SBnet back to top