[C ++ RFC] POP Protocol rfc1939 Chinese

Source: Internet
Author: User
Tags md5 digest rfc

1. Introduction
For small nodes on the network, it is impractical to support the message transmission system (MTS ).
. For example, a workstation may not have sufficient resources to allow the SMTP server and a considerable number of local email delivery systems to stay in sequence and run continuously. Similarly, the cost of connecting a personal computer to an IP network over a long period of time is considerable (the lack of resources at the node is called "Contact ").
Even so, it is very useful to allow mail management on such summary points, and these nodes often support a user agent to manage mail. To solve this problem, the nodes that support MTS provide the mail storage function for those nodes that cannot be supported. The Post Office Protocol-Version 3 enables such workstations to use a more practical method to access stored mails stored on servers. Generally, this means that the workstation can get the mail from the server, and the server temporarily saves the mail for it.
In the following section, a client host refers to a host that uses the POP3 Service, and a server host refers to a host that provides the POP3 service.

2. Simple Description

This document does not specify how the client host sends messages to the transfer system. But here is a description: when the user agent needs to send the information to the transfer system, it establishes an SMTP connection on the Relay host (these can be POP3 hosts, or not ).
 
3. Basic operations

Initially, the server listens to TCP port 110 to start the POP3 service. When the customer host needs to use the service, it establishes a TCP connection with the server host. After the connection is established, POP3 sends a confirmation message. The client and POP3 server exchange commands and responses to each other (respectively). This process continues until the connection is terminated.
The POP3 command consists of a command and some parameters. All commands end with a CRLF pair. Commands and parameters are composed of printable ASCII characters separated by spaces. The command generally contains three to four letters, but each parameter can be up to 40 characters long.
A POP3 response consists of a status code and a command that may contain additional information. All responses are also ended by the CRLF pair. There are two status codes: "OK" ("+ OK") and "failed" ("-Err ").
The response to a specific command is composed of many characters. In these cases, the following statements are one by one: after the first line of response and a CRLF are sent, any additional information lines are sent, and they are also ended by the CRLF pair. When all messages are sent, the last line is sent, including an ending character (decimal code 46, that is, ".") and a CRLF pair. If any row in the Information starts with an ending character, this row is filled by Preloading and ending the row. Therefore, the multi-line response is ended by five CRLF. CRLF. When multiple lines are detected, the customer checks to confirm whether the line starts with an ending character. If yes, and the subsequent character is not CRLF, the first character (ending character) of this line will be discarded; if it is followed by CRLF, the response from the POP server will terminate, including. CRLF rows are not considered part of Multiline responses.
In the lifecycle, POP3 sessions have several different states. Once the TCP connection is enabled and the POP3 server sends a confirmation message, the process enters the "OK" status. In this status, the customer must confirm with the POP3 server that he is the customer. Once confirmed, the server obtains the resources related to the customer's email, and the process enters the "operation" status. In this status, the customer proposes a service. When the customer issues a QUIT command, the process enters the "Update" status. In this status, the POP3 server releases the resources obtained in the "operation" status, sends a message, and terminates the connection.
The POP3 server can have a logon logout record. This note must be recorded for at least 10 minutes. In this way, the message sent from the customer can be refreshed. When the note expires, the POP3 session does not enter the "Update" status, but closes the TCP connection, does not delete any messages, and does not send any response to the customer.
 
4. "Confirm" status

When a TCP connection is opened by a POP3 client, the POP3 server sends a single row for confirmation. This message can be any character ending with CRLF. For example, it can be:
S: + OK POP3 server ready
Note: This message is a POP3 response. The POP3 server should provide a "OK" response for confirmation.
The POP3 session enters the "OK" status. In this case, the customer must prove its identity to the server. This document describes two possible processing mechanisms: USER and PASS commands, and APOP commands to be introduced later.
The customer must first send the USER command to confirm the process by using the user and PASS commands. If the POP3 server responds with a "OK" status code, the customer can send the PASS command to complete the confirmation, or send the quit command to terminate the POP3 session. If the POP3 server returns the "failed" status code, the customer can send the confirmation command or the quit command again.
After the customer sends the PASS Command, the server determines whether to allow access to the corresponding storage mail based on the additional information of the user and PASS commands.
Once the server decides to allow customers to access and store emails through the data, the server will add an exclusive lock to the emails to prevent changes to the emails before entering the "Update" status. If the exclusive lock is successfully obtained, the server returns a "Confirm" status code. The session enters the "operation status" and no emails are marked as deleted. If the email cannot be opened for some reason (for example, the exclusive lock cannot be obtained, the customer cannot access the corresponding email or the email cannot perform syntax analysis), the server returns the "failed" status code. After the "failed" status code is returned, the server closes the connection. If the server does not close the connection, the customer can resend the confirmation command, start again, or send the quit command.
After an email is opened on the server, it specifies a message number for each message and represents the length of each message in octal. The first message is specified as 1, the second message is specified as 2, and so on. The Nth message is specified as N. In POP3 commands and responses, the message number and length are in decimal format.
The following is a summary of the above three commands:
 
5. "operation" status
 
Once the customer successfully confirms his identity to the server, the server will lock and open the corresponding email, then the POP3 session enters the "operation" status. Now, the customer can repeat the following POP3 command and return a response for each command server. Finally, the customer sends the quit command and the session enters the "Update" status.
The following commands are available in the "operation" status:
 
6. "Update" status

When the customer sends the quit command in the "operation" status, the session enters the "Update" status. (Note: If the user sends quit in the "OK" status, the session does not enter the "Update" status .)
If a session is interrupted due to reasons other than the QUIT command, the session does not enter the "Update" status or delete any emails from the server.
 
7. Optional POP3 commands

The commands discussed above are the minimum implementation of the POP3 service. The optional commands described below allow the customer to process mails more conveniently. This is a common POP3 Service implementation.
. TOP msg n
[Parameter] One is the number of letters not marked as deleted, and the other is not negative (required)
[Restriction] is only used in the "operation" status.
[Description]
If the server returns "OK", the response is multiline. After the initial + OK, the server sends the mail header. An empty line separates the mail header and the letter body. For multi-line response, note that the termination character is filled in byte.
Note: If the number of lines requested by the customer is greater than the number of lines in the mail body, the server will send the entire letter.
[Response] + OK: There is a mail header;
-ERR: there is no similar message afterwards.
[Example]
C: TOP 1 10
S: + OK
S: <the server sends the message header, and the first 10 lines of an empty line and a letter>
S :.
...
C: TOP 100 3
S:-ERR no such message

. UIDL [msg]
[Parameter] Number of letters (optional ). If the number of letters is given, it does not include the letters marked as deleted.
[Restriction] is only used in the "operation" status.
[Description]
If a parameter is provided and the POP3 server returns "OK" containing the preceding information, this row is called the "independent-ID table" of the information ".
If no parameter exists, the server returns a "OK" response, which is given in multiple rows. After the initial + OK, the server will respond to each letter accordingly. This row is called the independent-ID table of the letter ".
To simplify syntax analysis, all servers require the specific format of the independent-ID table. It includes spaces and independent-IDs of letters.
The letter's independent-ID consists of 0x21 to 0x7E characters, which are not repeated in the given stored mail.
Note: emails do not include those marked as deleted.
[Response] + OK: the independent-ID table is followed by OK;
-ERR: there are no similar emails.
[Example]
C: UIDL
S: + OK
S: 1 whqtswO00WBw418f9t5JxYwZ
S: 2 QhdPYR: 00WBw1Ph7x7
S :.
...
C: UIDL 2
S: + OK 2 QhdPYR: 00WBw1Ph7x7
...
C: UIDL 3
S:-ERR no such message, only 2 messages in maildrop

. APOP name digest
[Parameter] specifies the mailbox string and MD5 Digest string.
[Restriction] It is only used in the "Confirm" status after POP3 confirmation.
[Description] Generally, each POP3 session starts with a USER/PASS interchange. This causes explicit transmission of user names and passwords over the network, which is not dangerous. However, many customers often connect to service check letters. Generally, the interval is relatively short, which increases the possibility of leaks.
Another way to provide the "validation" process is to use the APOP command.
The server that implements the APOP command includes a timestamp marked for confirmation. For example, on UNIX, the syntax for using the APOP command is: process-ID.clock @ hostname, where process-ID is the number of the Process in decimal notation, the clock is the system clock in decimal notation, the host name is the same as that of the POP3 server.
The customer records the timestamp and sends the APOP command. The name syntax is consistent with the USER command. Digest is a string generated by using the MD5 algorithm, including the timestamp and shared key. This key is shared between the customer and the server. You should protect it. If it is disclosed, anyone can access the server as a user.
If the server receives the APOP command, it verifies digest. If it is correct, the server returns "OK" to enter the "operation" status; otherwise, it returns "failed" and stays in "OK" status.
Note: the length of the shared key increases, and the difficulty of interpreting it increases accordingly. The key should be a long string.
[Response] + OK: the email is locked and ready;
-ERR: the request is rejected.
[Example]
S: + OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
S: + OK maildrop has 1 message (369 octets)
In this example, the shared key <1896.697170952@dbc.mtview.ca.us> tanstaaf is generated by the MD5 algorithm, which generates the digest value, c4c9334bac560ecc979e58001b3e22fb

8. POP3 command Summary

Basic POP3 commands:
The USER name is valid in the "OK" status.
PASS string
QUIT
 
STAT is valid in "operation" status
LIST [msg]
RETR msg
DELE msg
NOOP
RSET
 
QUIT is valid in "Update" status
 
Optional POP3 commands:
APOP name digest is valid in "OK" status
TOP msg n is valid in "operation" status
UIDL [msg]
 
POP3 response:
+ OK
-ERR
 
Note: Except for the STAT, LIST, And UIDL responses, the responses of other commands are "+ OK" and "-ERR ". All the text after the response will be omitted by the customer.

9. POP3 session instance

S: <waiting to connect to TCP port 110>
C: <open connection>
S: + OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
S: + OK mrose's maildrop has 2 messages (320 octets)
C: STAT
S: + OK 2 320
C: LIST
S: + OK 2 messages (320 octets)
S: 1 120
S: 2 200
S :.
C: RETR 1
S: + OK 120 octets
S: <server sends mail 1>
S :.
C: DELE 1
S: + OK message 1 deleted
C: RETR 2
S: + OK 200 octets
S: <server sends mail 2>
S :.
C: DELE 2
S: + OK message 2 deleted
C: Quit
S: + OK Dewey POP3 server signing off (maildrop empty)
C: <close connection>
S: <waiting for next connection>
 
10. Message format

The message format during the session is assumed to be consistent with the Internet Text Message format standard. It should be noted that the count is not necessarily the same because different servers have different line breaks. Generally, in the "Confirm" status, the server can calculate the mail size in octal. For example, if the server determines that a line break represents one character when opening a stored mail, the server generally calculates it as two characters. Note that the message lines starting with the terminator are not counted twice, because the customer will delete all byte fills after receiving the multi-row response.

11. security considerations

It can be inferred that the APOP command can provide protection during the session. Correspondingly, the server that implements the pass and APOP commands at the same time only allows users to access them in one way. That is to say, either the user/pass combination or the APOP command cannot be used at the same time.
Note that as the length of the shared key increases, the difficulty of interpretation increases. The server does not give any response when providing the user name, and does not give any suggestion that the user name is correct. The password is explicitly transmitted over the network, and the RETR and TOP commands are used to explicitly send emails over the network.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.