rfc1939-pop3.txt

串口配置工具 ·作车牌识别的人一定要看

          response, then the response given is multi-line.  After the
          initial +OK, for each message in the maildrop, the POP3 server
          responds with a line containing information for that message.
          This line is called a "unique-id listing" for that message.

          In order to simplify parsing, all POP3 servers are required to
          use a certain format for unique-id listings.  A unique-id
          listing consists of the message-number of the message,
          followed by a single space and the unique-id of the message.
          No information follows the unique-id in the unique-id listing.

          The unique-id of a message is an arbitrary server-determined
          string, consisting of one to 70 characters in the range 0x21
          to 0x7E, which uniquely identifies a message within a
          maildrop and which persists across sessions.  This
          persistence is required even if a session ends without
          entering the UPDATE state.  The server should never reuse an
          unique-id in a given maildrop, for as long as the entity
          using the unique-id exists.

          Note that messages marked as deleted are not listed.

          While it is generally preferable for server implementations
          to store arbitrarily assigned unique-ids in the maildrop,



Myers & Rose                Standards Track                    [Page 12]

RFC 1939                          POP3                          May 1996


          this specification is intended to permit unique-ids to be
          calculated as a hash of the message.  Clients should be able
          to handle a situation where two identical copies of a
          message in a maildrop have the same unique-id.

      Possible Responses:
          +OK unique-id listing follows
          -ERR no such message

      Examples:
          C: UIDL
          S: +OK
          S: 1 whqtswO00WBw418f9t5JxYwZ
          S: 2 QhdPYR:00WBw1Ph7x7
          S: .
             ...
          C: UIDL 2
          S: +OK 2 QhdPYR:00WBw1Ph7x7
             ...
          C: UIDL 3
          S: -ERR no such message, only 2 messages in maildrop


      USER name

         Arguments:
             a string identifying a mailbox (required), which is of
             significance ONLY to the server

         Restrictions:
             may only be given in the AUTHORIZATION state after the POP3
             greeting or after an unsuccessful USER or PASS command

         Discussion:
             To authenticate using the USER and PASS command
             combination, the client must first issue the USER
             command.  If the POP3 server responds with a positive
             status indicator ("+OK"), then the client may issue
             either the PASS command to complete the authentication,
             or the QUIT command to terminate the POP3 session.  If
             the POP3 server responds with a negative status indicator
             ("-ERR") to the USER command, then the client may either
             issue a new authentication command or may issue the QUIT
             command.

             The server may return a positive response even though no
             such mailbox exists.  The server may return a negative
             response if mailbox exists, but does not permit plaintext



Myers & Rose                Standards Track                    [Page 13]

RFC 1939                          POP3                          May 1996


             password authentication.

         Possible Responses:
             +OK name is a valid mailbox
             -ERR never heard of mailbox name

         Examples:
             C: USER frated
             S: -ERR sorry, no mailbox for frated here
                ...
             C: USER mrose
             S: +OK mrose is a real hoopy frood


      PASS string

         Arguments:
             a server/mailbox-specific password (required)

         Restrictions:
             may only be given in the AUTHORIZATION state immediately
             after a successful USER command

         Discussion:
             When the client issues the PASS command, the POP3 server
             uses the argument pair from the USER and PASS commands to
             determine if the client should be given access to the
             appropriate maildrop.

             Since the PASS command has exactly one argument, a POP3
             server may treat spaces in the argument as part of the
             password, instead of as argument separators.

         Possible Responses:
             +OK maildrop locked and ready
             -ERR invalid password
             -ERR unable to lock maildrop

         Examples:
             C: USER mrose
             S: +OK mrose is a real hoopy frood
             C: PASS secret
             S: -ERR maildrop already locked
               ...
             C: USER mrose
             S: +OK mrose is a real hoopy frood
             C: PASS secret
             S: +OK mrose's maildrop has 2 messages (320 octets)



Myers & Rose                Standards Track                    [Page 14]

RFC 1939                          POP3                          May 1996


      APOP name digest

         Arguments:
             a string identifying a mailbox and a MD5 digest string
             (both required)

         Restrictions:
             may only be given in the AUTHORIZATION state after the POP3
             greeting or after an unsuccessful USER or PASS command

         Discussion:
             Normally, each POP3 session starts with a USER/PASS
             exchange.  This results in a server/user-id specific
             password being sent in the clear on the network.  For
             intermittent use of POP3, this may not introduce a sizable
             risk.  However, many POP3 client implementations connect to
             the POP3 server on a regular basis -- to check for new
             mail.  Further the interval of session initiation may be on
             the order of five minutes.  Hence, the risk of password
             capture is greatly enhanced.

             An alternate method of authentication is required which
             provides for both origin authentication and replay
             protection, but which does not involve sending a password
             in the clear over the network.  The APOP command provides
             this functionality.

             A POP3 server which implements the APOP command will
             include a timestamp in its banner greeting.  The syntax of
             the timestamp corresponds to the `msg-id' in [RFC822], and
             MUST be different each time the POP3 server issues a banner
             greeting.  For example, on a UNIX implementation in which a
             separate UNIX process is used for each instance of a POP3
             server, the syntax of the timestamp might be:

                <process-ID.clock@hostname>

             where `process-ID' is the decimal value of the process's
             PID, clock is the decimal value of the system clock, and
             hostname is the fully-qualified domain-name corresponding
             to the host where the POP3 server is running.

             The POP3 client makes note of this timestamp, and then
             issues the APOP command.  The `name' parameter has
             identical semantics to the `name' parameter of the USER
             command. The `digest' parameter is calculated by applying
             the MD5 algorithm [RFC1321] to a string consisting of the
             timestamp (including angle-brackets) followed by a shared



Myers & Rose                Standards Track                    [Page 15]

RFC 1939                          POP3                          May 1996


             secret.  This shared secret is a string known only to the
             POP3 client and server.  Great care should be taken to
             prevent unauthorized disclosure of the secret, as knowledge
             of the secret will allow any entity to successfully
             masquerade as the named user.  The `digest' parameter
             itself is a 16-octet value which is sent in hexadecimal
             format, using lower-case ASCII characters.

             When the POP3 server receives the APOP command, it verifies
             the digest provided.  If the digest is correct, the POP3
             server issues a positive response, and the POP3 session
             enters the TRANSACTION state.  Otherwise, a negative
             response is issued and the POP3 session remains in the
             AUTHORIZATION state.

             Note that as the length of the shared secret increases, so
             does the difficulty of deriving it.  As such, shared
             secrets should be long strings (considerably longer than
             the 8-character example shown below).

         Possible Responses:
             +OK maildrop locked and ready
             -ERR permission denied

         Examples:
             S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
             C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
             S: +OK maildrop has 1 message (369 octets)

             In this example, the shared  secret  is  the  string  `tan-
             staaf'.  Hence, the MD5 algorithm is applied to the string

                <1896.697170952@dbc.mtview.ca.us>tanstaaf

             which produces a digest value of

                c4c9334bac560ecc979e58001b3e22fb

8. Scaling and Operational Considerations

   Since some of the optional features described above were added to the
   POP3 protocol, experience has accumulated in using them in large-
   scale commercial post office operations where most of the users are
   unrelated to each other.  In these situations and others, users and
   vendors of POP3 clients have discovered that the combination of using
   the UIDL command and not issuing the DELE command can provide a weak
   version of the "maildrop as semi-permanent repository" functionality
   normally associated with IMAP.  Of course the other capabilities of



Myers & Rose                Standards Track                    [Page 16]

RFC 1939                          POP3                          May 1996


   IMAP, such as polling an existing connection for newly arrived
   messages and supporting multiple folders on the server, are not
   present in POP3.

   When these facilities are used in this way by casual users, there has
   been a tendency for already-read messages to accumulate on the server
   without bound.  This is clearly an undesirable behavior pattern from
   the standpoint of the server operator.  This situation is aggravated
   by the fact that the limited capabilities of the POP3 do not permit
   efficient handling of maildrops which have hundreds or thousands of
   messages.

   Consequently, it is recommended that operators of large-scale multi-
   user servers, especially ones in which the user's only access to the
   maildrop is via POP3, consider such options as:

   *  Imposing a per-user maildrop storage quota or the like.

      A disadvantage to this option is that accumulation of messages may
      result in the user's inability to receive new ones into the
      maildrop.  Sites which choose this option should be sure to inform
      users of impending or current exhaustion of quota, perhaps by
      inserting an appropriate message into the user's maildrop.

   *  Enforce a site policy regarding mail retention on the server.

      Sites are free to establish local policy regarding the storage and
      retention of messages on the server, both read and unread.  For
      example, a site might delete unread messages from the server after
      60 days and delete read messages after 7 days.  Such message
      deletions are outside the scope of the POP3 protocol and are not
      considered a protocol violation.

      Server operators enforcing message deletion policies should take
      care to make all users aware of the policies in force.

      Clients must not assume that a site policy will automate message
      deletions, and should continue to explicitly delete messages using
      the DELE command when appropriate.

      It should be noted that enforcing site message deletion policies
      may be confusing to the user community, since their POP3 client
      may contain configuration options to leave mail on the server
      which will not in fact be supported by the server.

      One special case of a site policy is that messages may only be
      downloaded once from the server, and are deleted after this has
      been accomplished.  This could be implemented in POP3 server



Myers & Rose                Standards Track                    [Page 17]

RFC 1939                          POP3                          May 1996


      software by the following mechanism: "following a POP3 login by a
      client which was ended by a QUIT, delete all messages downloaded
      during the session with the RETR command".  It is important not to
      delete messages in the event of abnormal connection termination
      (ie, if no QUIT was received from the client) because the client
      may not have successfully received or stored the messages.
      Servers implementing a download-and-delete policy may also wish to
      disable or limit the optional TOP command, since it could be used
      as an alternate mechanism to download entire messages.

9. POP3 Command Summary