Post Office Protocol (POP) is a mail protocol for retrieving mail from a remote mail server to a local mail client. Usually, once the client downloads the received mail from the Inbox
folder, the mail is removed from the server. This results in the mail not been able to be accessed across multiple devices.
The first version of POP, specified in RFC 918 was published in 1984 and was immediately followed by POP2 in 1985 before POP3 was released in 1988 and underwent several revisions until 1996. By default POP runs on unsecured TCP port 110
or secured TCP 995
if SSL/TLS enabled. It works in tandem with Simple Mail Transfer Protocol (SMTP) for end-to-end email communication, where POP pulls messages and SMTP pushes them to the server.
To Observe the POP communication on the wire, see POP Communication traffic flow.
|
|
Common Server Application
- Unix systems
- Dovecot
- Postfix
- Exim
- Windows systems
- MailEnable
- Microsoft Exchange Server
- Zimbra
Common Commands
COMMAND | USAGE | DESCRIPTION |
---|---|---|
CAPA | CAPA | list supported capabilities |
DELE | DELE n | delete specified message number index n |
LIST | LIST | list all messages in inbox |
NOOP | NOOP | ping the server |
PASS | PASS $PASSWORD | submit password for username |
QUIT | QUIT | quit connection session (expunges messages if no RSET) |
RETR | RETR n | retrieve content of specified message number index n |
RSET | RSET | unmark messages queued for deletion |
STAT | STAT | list messages and total mailbox size |
TOP | TOP n l | show l number of lines of specified message number index n |
USER | USER $USERNAME | login with specified username |
Common Vulnerability
Security Best Practices
- Deploy a TLS POP3 for encrypted communication.
- Enable strong password policies and two-factor authentication for user accounts.
Exploitation
Although not prevalent as its counterpart IMAP an attacker can still exploit this service. One caveat to keep in mind though is that depending on the configuration of the server and the attacker’s goal they may have a hard time repeating a particular procedure. For example they have just once chance to exfilterate a confidential mail and it has to be resident in the inbox. One primary inclination is:
- Whether they are able to retrieve sensitive information.
|
|
References