7. POP3 Server

Install the software used in this section on the mail server. apt-get install dovecot-pop3d

Setting up a POP3 server is very easy. We only need to install a suitable package, such as Dovecot. There are other alternatives, but I do not intend to cover the topic much in this lab. Dovecot POP3d will run as a standalone service, although POP3 servers on small networks could run from inetd because they don’t take long to start up. There are other things we could configure on the POP3 server, such as enabling the use of encryption for sending data over the network; but for now, we shall keep it very simple.

Edit /etc/dovecot/dovecot.conf, and change the line that says protocols = such that it now contains only pop3 (we don’t yet have certificates set up, so we can’t really offer pop3s, which uses SSL). Save and exit, then restart the dovecot service, using the techniques you should by now be familiar with.

Verify that something is listening for POP3 connections:

# lsof -i :pop3
COMMAND    PID    USER   FD   TYPE DEVICE SIZE NODE NAME
dovecot   5200    root    5u  IPv4  13788       TCP *:pop3 (LISTEN)
pop3-logi 5203 dovecot    0u  IPv4  13788       TCP *:pop3 (LISTEN)
pop3-logi 5204 dovecot    0u  IPv4  13788       TCP *:pop3 (LISTEN)
pop3-logi 5205 dovecot    0u  IPv4  13788       TCP *:pop3 (LISTEN)

Hmmm, seems its only IPv4. Edit the configuration file again and search for IPv6. You should see a descriptive comment documenting the listen configurable. Set it as suggested to enable IPv4 and IPv6 access:

listen = *, [::]

Save and exit, restart Dovecot (you should be able to figure out to do this by now) and check, using lsof, that Dovecot’s processes are IPv6 enabled. Take a screenshot of the output showing what is listening on the POP3 port (TCP port 110).

# lsof -Pni TCP:110

Beware that POP3 (as well as SMTP) is generally a clear text protocol, which means passwords can be captured fairly easily. Because this is a Bad Thing, the protocol has been extended to use other authentication protocols instead of just plaintext username and password. A discussion of this is beyond this humble lab though.

The Dovecot server is able to get e-mail from many different places, and so we need to tell it where it can find the messages for each user (it can do auto-detection, but this can fail for some users). Edit the Dovecot configuration file again, and this time, uncomment and change the mail_location variable:

mail_location = mbox:~/mail:INBOX=/var/mail/%u

Restart Dovecot.

POP3 servers often have a DNS alias that makes pop3 a valid hostname in the DNS. We’ve already done this earlier in this lab, so pop3.localdomain should resolve to be Server1’s addresses:

$ host pop3.localdomain
pop3.localdomain has address 192.168.1.1
pop3.localdomain has IPv6 address fd6b:4104:35ce::1

Now we better check to see if our POP service works. Since POP is used for pulling mail off the mail server, send a couple of simple messages to your mailbox on the server (using either mail[70] or mutt), so you have something interesting to look at. Now lets speak POP to the server. Do this from your client.

$ telnet pop3.localdomain 110
Trying fd6b:4104:35ce::1...
Connected to pop3.localdomain.
Escape character is '^]'.
+OK Dovecot ready.
USER bob
-ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
QUIT
+OK Logging out
Connection closed by foreign host.

Ah, Dovecot has disabled plain-text authentication by default, which is a good policy (secure by default: if we want to have to have a less secure system, we have to make it that way deliberately).

For our purposes though, we want to have plain-text authentication enabled, to show how it all works. Edit dovecot.conf, and uncomment the disable_plaintext_auth line and set it to no.

Now restart Dovecot, and try connecting again from the client.

$ telnet pop3.localdomain pop3
Trying fd6b:4104:35ce::1...
Connected to pop3.localdomain.
Escape character is '^]'.
+OK Dovecot ready.
USER bob
+OK
PASS bob’s password
+OK Logged in.
LIST
+OK 3 messages:
1 486
2 486
3 673
.
RETR 3
+OK 673 octets
Return-path: <mal@localdomain>
Envelope-to: bob@localdomain
Delivery-date: Sat, 05 May 2007 23:15:24 +1200
Received: from mal by localdomain with local (Exim 4.60)
        (envelope-from <mal@localdomain>)
        id 1HkIEW-0001N5-Pq
        for bob@localdomain; Sat, 05 May 2007 23:15:24 +1200
Date: Sat, 5 May 2007 23:15:24 +1200
To: bob@localdomain
Subject: Test from mutt
Message-ID: <20070505111524.GA5271@localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.11
From: "Miss A. Laneous" <mal@localdomain>

Hi Bob, its me, your old friend muttley.

Goodbye.
>From mal

.
RETR 2
…
.
DELE 2
+OK Marked to be deleted.
DELE 3
+OK Marked to be deleted.
LIST
+OK 1 messages:
1 486
.
QUIT
+OK Logging out, messages deleted.
Connection closed by foreign host.

The command structure should be obvious, you should be able to guess what USER PASS and LIST do. RETR retrieves a message (using the number output by LIST), and DELE deletes a message from the server.

As with all clear-text protocols containing private data, it would be wise to use some sort of secure tunnel, such as SSL. Some people use ssh to set up a secure tunnel to the server. We’ll cover the use of ssh for port forwarding in a later lab.

7.1. Assessment

7.1.1.

Show the demonstrator your terminal session above to show that you have successfully spoken POP3.

7.1.2.

Do some research into IMAP and POP3, and create a short list of the biggest differences between them.

7.1.3.

Configure a typical GUI e-mail program, such as Evolution (you can access it from the menu system), on Client1 to access the POP3 and SMTP services on Server1 (use the DNS aliases, don’t say server1.localdomain in the configuration settings). Test that you can send and receive messages. Take a screenshot to show that you can send a message to yourself and access your e-mail via POP3. It should end up looking something like Figure 13, “Using Evolution to access Email via POP3 and SMTP”:

Considering the options you saw when setting up the account, what further inprovements could be made?

Figure 13. Using Evolution to access Email via POP3 and SMTP

Using Evolution to access Email via POP3 and SMTP

An account has been setup using Evolution to access the server using SMTP and POP3; a test message has been sent to mal@localdomain from the same account.




[70] apt-get install mailx