📄 rfc1225_pop3.txt
字号:
Examples:
C: TOP 10
S: +OK
S: <the POP3 server sends the headers of the
message, a blank line, and the first 10 lines
of the body of the message>
S: .
...
C: TOP 100
S: -ERR no such message
RPOP user
Arguments: a client specific user-id (required)
Restrictions: may only be given in the AUTHORIZATION
Rose [Page 11]
RFC 1225 POP3 May 1991
state after a successful USER command; in addition,
may only be given if the client used a reserved
(privileged) TCP port to connect to the server.
Discussion:
The RPOP command may be used instead of the PASS
command to authenticate access to the maildrop. In
order for this command to be successful, the POP3
client must use a reserved TCP port (port < 1024) to
connect tothe server. The POP3 server uses the
argument pair from the USER and RPOP commands to
determine if the client should be given access to
the appropriate maildrop. Unlike the PASS command
however, the POP3 server considers if the remote user
specified by the RPOP command who resides on the POP3
client host is allowed to access the maildrop for the
user specified by the USER command (e.g., on Berkeley
UNIX, the .rhosts mechanism is used). With the
exception of this differing in authentication, this
command is identical to the PASS command.
Note that the use of this feature has allowed much wider
penetration into numerous hosts on local networks (and
sometimes remote networks) by those who gain illegal
access to computers by guessing passwords or otherwise
breaking into the system.
Possible Responses:
+OK maildrop locked and ready
-ERR permission denied
Examples:
C: USER mrose
S: +OK mrose is a real hoopy frood
C: RPOP mrose
S: +OK mrose's maildrop has 2 messages (320
octets)
Minimal POP3 Commands:
USER name valid in the AUTHORIZATION state
PASS string
QUIT
STAT valid in the TRANSACTION state
LIST [msg]
RETR msg
DELE msg
NOOP
LAST
Rose [Page 12]
RFC 1225 POP3 May 1991
RSET
QUIT valid in the UPDATE state
Optional POP3 Commands:
RPOP user valid in the AUTHORIZATION state
TOP msg n valid in the TRANSACTION state
POP3 Replies:
+OK
-ERR
Note that with the exception of the STAT command, the reply given
by the POP3 server to any command is significant only to "+OK"
and "-ERR". Any text occurring after this reply may be ignored
by the client.
Example POP3 Session
S: <wait for connection on TCP port 110>
...
C: <open connection>
S: +OK dewey POP3 server ready (Comments to: PostMaster@UDEL.EDU)
C: USER mrose
S: +OK mrose is a real hoopy frood
C: PASS secret
S: +OK mrose's maildrop has 2 messages (320 octets)
C: STAT
S: +OK 2 320
C: LIST
S: +OK 2 messages (320 octets)
S: 1 120
S: 2 200
S: .
C: RETR 1
S: +OK 120 octets
S: <the POP3 server sends message 1>
S: .
C: DELE 1
S: +OK message 1 deleted
C: RETR 2
S: +OK 200 octets
S: <the POP3 server sends message 2>
S: .
C: DELE 2
S: +OK message 2 deleted
C: QUIT
Rose [Page 13]
RFC 1225 POP3 May 1991
S: +OK dewey POP3 server signing off (maildrop empty)
C: <close connection>
S: <wait for next connection>
Message Format
All messages transmitted during a POP3 session are assumed to conform
to the standard for the format of Internet text messages [RFC822].
It is important to note that the byte count for a message on the
server host may differ from the octet count assigned to that message
due to local conventions for designating end-of-line. Usually,
during the AUTHORIZATION state of the POP3 session, the POP3 client
can calculate the size of each message in octets when it parses the
maildrop into messages. For example, if the POP3 server host
internally represents end-of-line as a single character, then the
POP3 server simply counts each occurrence of this character in a
message as two octets. Note that lines in the message which start
with the termination octet need not be counted twice, since the POP3
client will remove all byte-stuffed termination characters when it
receives a multi-line response.
The POP and the Split-UA model
The underlying paradigm in which the POP3 functions is that of a
split-UA model. The POP3 client host, being a remote PC based
workstation, acts solely as a client to the message transport system.
It does not provide delivery/authentication services to others.
Hence, it is acting as a UA, on behalf of the person using the
workstation. Furthermore, the workstation uses SMTP to enter mail
into the MTS.
In this sense, we have two UA functions which interface to the
message transport system: Posting (SMTP) and Retrieval (POP3). The
entity which supports this type of environment is called a split-UA
(since the user agent is split between two hosts which must
interoperate to provide these functions).
ASIDE: Others might term this a remote-UA instead.
There are arguments supporting the use of both terms.
This memo has explicitly referenced TCP as the underlying transport
agent for the POP3. This need not be the case. In the MZnet split-
UA, for example, personal micro-computer systems are used which do
not have IP-style networking capability. To connect to the POP3
server host, a PC establishes a terminal connection using some simple
protocol (PhoneNet). A program on the PC drives the connection,
first establishing a login session as a normal user. The login shell
Rose [Page 14]
RFC 1225 POP3 May 1991
for this pseudo-user is a program which drives the other half of the
terminal protocol and communicates with one of two servers. Although
MZnet can support several PCs, a single pseudo-user login is present
on the server host. The user-id and password for this pseudo-user
login is known to all members of MZnet. Hence, the first action of
the login shell, after starting the terminal protocol, is to demand a
USER/PASS authorization pair from the PC. This second level of
authorization is used to ascertain who is interacting with the MTS.
Although the server host is deemed to support a "trusted" MTS entity,
PCs in MZnet are not. Naturally, the USER/PASS authorization pair
for a PC is known only to the owner of the PC (in theory, at least).
After successfully verifying the identity of the client, a modified
SMTP server is started, and the PC posts mail with the server host.
After the QUIT command is given to the SMTP server and it terminates,
a modified POP3 server is started, and the PC retrieves mail from the
server host. After the QUIT command is given to the POP3 server and
it terminates, the login shell for the pseudo-user terminates the
terminal protocol and logs the job out. The PC then closes the
terminal connection to the server host.
The SMTP server used by MZnet is modified in the sense that it knows
that it's talking to a user agent and not a "trusted" entity in the
message transport system. Hence, it does performs the validation
activities normally performed by an entity in the MTS when it accepts
a message from a UA.
The POP3 server used by MZnet is modified in the sense that it does
not require a USER/PASS combination before entering the TRANSACTION
state. The reason for this (of course) is that the PC has already
identified itself during the second-level authorization step
described above.
NOTE: Truth in advertising laws require that the author
of this memo state that MZnet has not actually been
fully implemented. The concepts presented and proven
by the project led to the notion of the MZnet
split-slot model. This notion has inspired the
split-UA concept described in this memo, led to the
author's interest in the POP, and heavily influenced
the the description of the POP3 herein.
In fact, some UAs present in the Internet already support the notion
of posting directly to an SMTP server and retrieving mail directly
from a POP server, even if the POP server and client resided on the
same host!
ASIDE: this discussion raises an issue which this memo
Rose [Page 15]
RFC 1225 POP3 May 1991
purposedly avoids: how does SMTP know that it's talking
to a "trusted" MTS entity?
References
[MZnet] Stefferud, E., J. Sweet, and T. Domae, "MZnet: Mail
Service for Personal Micro-Computer Systems",
Proceedings, IFIP 6.5 International Conference on
Computer Message Systems, Nottingham, U.K., May 1984.
[RFC821] Postel, J., "Simple Mail Transfer Protocol",
USC/Information Sciences Institute, August 1982.
[RFC822] Crocker, D., "Standard for the Format of ARPA-Internet
Text Messages", University of Delaware, August 1982.
[RFC937] Butler, M., J. Postel, D. Chase, J. Goldberger, and J.
Reynolds, "Post Office Protocol - Version 2", RFC 937,
USC/Information Sciences Institute, February 1985.
[RFC1060] Reynolds, J., and J. Postel, "Assigned Numbers", RFC
1060, USC/Information Sciences Institute, March 1990.
Security Considerations
Security issues are not discussed in this memo.
Author's Address:
Marshall T. Rose
Performance Systems International
5201 Great America Parkway
Suite 3106
Santa Clara, CA 95054
Phone: +1 408 562 6222
EMail: mrose@psi.com
X.500: rose, psi, us
Rose [Page 16]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -