pop3d (GNU Mailutils Manual)

3.16 POP3 Daemon

The pop3d daemon implements the Post Office Protocol Version 3 server.

pop3d has two operation modes:

Inetd

The server is started from /etc/inetd.conf file:

pop3  stream tcp nowait  root  /usr/local/sbin/pop3d pop3d

This is the default operation mode.

Standalone

The server runs as daemon, forking a child for each new connection.

The server operation mode is configured using mode statement (see mode).

3.16.1 Login delay

POP3 clients often login frequently to check for new mail. Each new connection implies authenticating the user and opening his maildrop and can be very resource consuming. To reduce server load, it is possible to impose a minimum delay between any two consecutive logins. This is called ‘LOGIN-DELAY’ capability and is described in RFC 2449.

As of version 3.14, GNU Mailutils pop3d allows to set global login delay, i.e. such enforcement will affect all POP3 users. If a user attempts to log in before the specified login delay expires, he will get the following error message:

-ERR [LOGIN-DELAY] Attempt to log in within the minimum login delay interval

The message will be issued after a valid password is entered. This prevents this feature from being used by malicious clients for account harvesting.

To enable the login delay capability, specify the minimum delay using login-delay configuration statement, e.g.:

login-delay 60;

The pop3d utility keeps each user’s last login time in a special DBM file, called login statistics database, so to be able to use this feature, Mailutils must be compiled with DBM support. By default, the login statistics database is called /var/run/pop3-login.db. You can change its name using stat-file configuration statement:

login-delay 60;
stat-file /tmp/pop.login.db;

The login delay facility will be enabled only if pop3d is able to access the statistics database for both reading and writing. If it is not, it will report this using syslog and start up without login delay restrictions. A common error message looks like:

Unable to open statistics db: Operation not permitted

You can check whether your pop3d uses login delays by connecting to it and issuing the ‘CAPA’ command. If login delays are in use, there response will contain the string ‘LOGIN-DELAY n’, where n is the actual login delay value.

3.16.2 Auto-expire

Automatic expiration of messages allows you to limit the period of time users are permitted to keep their messages on the server. It is enabled by expire configuration statement:

expire n;: Enable automatic expiration of messages after n days.

The current implementation works as follows. When a message is downloaded by RETR or TOP command, it is marked with ‘X-Expire-Timestamp: n’ header, where n is current value of UNIX timestamp. The exact expiration mechanism depends on you. Mailutils allows you two options:

Expired messages are deleted by pop3d upon closing the mailbox. You specify this mechanism using delete-expired configuration statement:

delete-expired bool;

If bool is ‘true’, delete expired messages after receiving the QUIT command.
Expired messages remain in the mailbox after closing it. The system administrator is supposed to run a cron job that purges the mailboxes. Such a cron job can be easily implemented using sieve from GNU Mailutils and the following script:
```
require "timestamp";
# Replace "5" with the desired expiration period
if timestamp :before "X-Expire-Timestamp" "now - 5 days"
  {
    discard;
  }
```
This script will remove expired messages 5 days after the retrieval. Replace ‘5’ with the desired expiration period and make sure it equals the argument to expire configuration keyword.

The statement expire 0 means the client is not permitted to leave mail on the server. It always implies delete-expired true.

3.16.3 Bulletins

The bulletin feature allows you to send important announcements to all POP3 users without mailing them. It works by creating a bulletin source mailbox and sending the announcements to it.

After a user successfully authenticates, pop3d checks the last bulletin number the user receives. The bulletin number refers to the number of the bulletin message in the bulletin source mailbox. If the latter contains more messages, these are appended to the user mailbox.

The user last bulletin number can be kept in two places. First, it can be stored in file .popbull in his home directory. Secondly, if Mailutils is compiled with DBM support, the numbers can be kept in a DBM file, supplied via bulletin-db configuration statement. If both the database and the .popbull file are present, the data from the database take precedence.

To enable this feature, use the following configuration statements:

bulletin-source mbox: Set the URL of the bulletin source mailbox.
bulletin-db file: Set the name of the database file to keep last bulletin numbers in.

The following example instructs pop3d to look for the bulletin messages in MH folder /var/spool/bull/mbox and to keep the database of last delivered bulletin numbers in /var/spool/bull/numbers.db:

bulletin-source mh:/var/spool/bull/mbox;
bulletin-db /var/spool/bull/numbers.db;

3.16.4 Pop3d Configuration

The following configuration file statements affect the behavior of pop3d.

Statement	Reference
debug	See debug statement.
tls	See tls statement.
tls-file-checks	See tls-file-checks statement.
mailbox	See mailbox statement.
locking	See locking statement.
logging	See logging statement.
pam	See pam statement.
sql	See sql statement.
virtdomain	See virtdomain statement.
radius	See radius statement.
ldap	See ldap statement.
auth	See auth statement.
server	See Server Settings.
acl	See acl statement.
tcp-wrappers	See tcp-wrappers statement.

Pop3d Conf: tls-mode mode

Configure the use of TLS encryption for inetd mode.

In daemon mode, this statement sets the type of TLS encryption to use in all server blocks that lack the tls-mode statement (see Server Statement).

Allowed values for mode are:

no: TLS is not used. The STLS command won’t be available even if the TLS configuration is otherwise complete.
ondemand: TLS is initiated when the user issues the appropriate command. This is the default when TLS is configured.
required: Same as above, but the use of TLS is mandatory. The authentication state is entered only after TLS negotiation has succeeded.
connection: TLS is always forced when the connection is established (POP3S protocol).

Pop3d Conf: undelete bool: On startup, clear deletion marks from all the messages.

Pop3d Conf: expire n: Automatically expire read messages after n days. See Auto-expire, for a detailed description.

Pop3d Conf: delete-expired bool: Delete expired messages upon closing the mailbox. See Auto-expire, for a detailed description.

Pop3d Conf: login-delay duration: Set the minimal allowed delay between two successive logins. See Login delay, for more information.

Pop3d Conf: stat-file file: Set the name of login statistics file for the login-delay facility. See Login delay, for more information.

Pop3d Conf: bulletin-source file: Get bulletins from the specified mailbox. See Bulletins, for a detailed description.

Pop3d Conf: bulletin-db file: Set bulletin database file name. See Bulletins, for a detailed description.

3.16.5 Command line options

The following table summarizes all pop3d command line options.

-d[number]
--daemon[=number]: Run in standalone mode. An optional number specifies the maximum number of child processes allowed to run simultaneously. When it is omitted, it defaults to 10 processes. Please note, that there should be no whitespace between the -d and its parameter.
-i
--inetd: Run in inetd mode.
--foreground: Remain in foreground.

The Mailutils common options are also understood. See Common Options.

This document was generated on January 2, 2022 using makeinfo.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

GNU Mailutils

General-Purpose Mail Package