Install the software used in this section on the mail server. apt-get install dovecot-pop3d
Setting up a POP3 server is very easy. We only need to install a suitable package, such as Dovecot. There are other alternatives, but I do not intend to cover the topic much in this lab. Dovecot POP3d will run as a standalone service, although POP3 servers on small networks could run from inetd because they don’t take long to start up. There are other things we could configure on the POP3 server, such as enabling the use of encryption for sending data over the network; but for now, we shall keep it very simple.
change the line that says
protocols = such that
it now contains only pop3 (we don’t yet have certificates set up,
so we can’t really offer pop3s, which uses SSL). Save and exit,
then restart the dovecot service, using the techniques you should
by now be familiar with.
Verify that something is listening for POP3 connections:
lsof -i :pop3COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dovecot 5200 root 5u IPv4 13788 TCP *:pop3 (LISTEN) pop3-logi 5203 dovecot 0u IPv4 13788 TCP *:pop3 (LISTEN) pop3-logi 5204 dovecot 0u IPv4 13788 TCP *:pop3 (LISTEN) pop3-logi 5205 dovecot 0u IPv4 13788 TCP *:pop3 (LISTEN)
Hmmm, seems its only IPv4. Edit the configuration file again
and search for IPv6. You should see a descriptive comment
listen configurable. Set it as
suggested to enable IPv4 and IPv6 access:
listen = *, [::]
Save and exit, restart Dovecot (you should be able to figure out to do this by now) and check, using lsof, that Dovecot’s processes are IPv6 enabled. Take a screenshot of the output showing what is listening on the POP3 port (TCP port 110).
lsof -Pni TCP:110…
Beware that POP3 (as well as SMTP) is generally a clear text protocol, which means passwords can be captured fairly easily. Because this is a Bad Thing, the protocol has been extended to use other authentication protocols instead of just plaintext username and password. A discussion of this is beyond this humble lab though.
The Dovecot server is able to get e-mail from many different
places, and so we need to tell it where it can find the messages
for each user (it can do auto-detection, but this can fail for
some users). Edit the Dovecot configuration file again, and this time,
uncomment and change the
mail_location = mbox:~/mail:INBOX=/var/mail/%u
POP3 servers often have a DNS alias that makes pop3 a valid hostname in the DNS. We’ve already done this earlier in this lab, so pop3.localdomain should resolve to be Server1’s addresses:
host pop3.localdomainpop3.localdomain has address 192.168.1.1 pop3.localdomain has IPv6 address fd6b:4104:35ce::1
Now we better check to see if our POP service works. Since POP is used for pulling mail off the mail server, send a couple of simple messages to your mailbox on the server (using either mail or mutt), so you have something interesting to look at. Now lets speak POP to the server. Do this from your client.
telnet pop3.localdomain 110Trying fd6b:4104:35ce::1... Connected to pop3.localdomain. Escape character is '^]'. +OK Dovecot ready.
USER bob-ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
QUIT+OK Logging out Connection closed by foreign host.
Ah, Dovecot has disabled plain-text authentication by default, which is a good policy (secure by default: if we want to have to have a less secure system, we have to make it that way deliberately).
For our purposes though, we want to have plain-text
authentication enabled, to show how it all works. Edit
dovecot.conf, and uncomment the
disable_plaintext_auth line and set it to
Now restart Dovecot, and try connecting again from the client.
telnet pop3.localdomain pop3Trying fd6b:4104:35ce::1... Connected to pop3.localdomain. Escape character is '^]'. +OK Dovecot ready.
PASS+OK Logged in.
LIST+OK 3 messages: 1 486 2 486 3 673 .
RETR 3+OK 673 octets Return-path: <mal@localdomain> Envelope-to: bob@localdomain Delivery-date: Sat, 05 May 2007 23:15:24 +1200 Received: from mal by localdomain with local (Exim 4.60) (envelope-from <mal@localdomain>) id 1HkIEW-0001N5-Pq for bob@localdomain; Sat, 05 May 2007 23:15:24 +1200 Date: Sat, 5 May 2007 23:15:24 +1200 To: bob@localdomain Subject: Test from mutt Message-ID: <20070505111524.GA5271@localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 From: "Miss A. Laneous" <mal@localdomain> Hi Bob, its me, your old friend muttley. Goodbye. >From mal .
RETR 2… .
DELE 2+OK Marked to be deleted.
DELE 3+OK Marked to be deleted.
LIST+OK 1 messages: 1 486 .
QUIT+OK Logging out, messages deleted. Connection closed by foreign host.
The command structure should be obvious, you should be able
to guess what
RETR retrieves a
message (using the number output by
DELE deletes a message from the server.
As with all clear-text protocols containing private data, it would be wise to use some sort of secure tunnel, such as SSL. Some people use ssh to set up a secure tunnel to the server. We’ll cover the use of ssh for port forwarding in a later lab.
Show the demonstrator your terminal session above to show that you have successfully spoken POP3.
Do some research into IMAP and POP3, and create a short list of the biggest differences between them.
Configure a typical GUI e-mail program, such as Evolution (you can access it from the menu system), on Client1 to access the POP3 and SMTP services on Server1 (use the DNS aliases, don’t say server1.localdomain in the configuration settings). Test that you can send and receive messages. Take a screenshot to show that you can send a message to yourself and access your e-mail via POP3. It should end up looking something like Figure 13, “Using Evolution to access Email via POP3 and SMTP”:
Considering the options you saw when setting up the account, what further inprovements could be made?
 apt-get install mailx