What Is POP3S

This section provides a quick introduction on POP3S (Post Office Protocol 3 Secure) for message retrieval. A POP3S sample session of retrieving an email message using the 'openssl s_client' command is included.

What Is POP3S? - POP3S (Internet Message Access Protocol Secure) is a method to secure a POP3S communication by wrapping it under a SSL (Secure Socket Layer) or TLS (Transport Layer Security) connection.

Running a POP3S communication requires the email message agents on both sides of the communication to meet server authentication requirements defined by the PKI (Public Key Infrastructure) standard:

By default, an POP3S server listens on port 995 for POP3S connection requests. Here is a sample session of retrieving an email message with POP3S using "openssl s_client" as the MUA. The POP3S server is a Dovecot server.

herong$ openssl s_client -connect 127.0.0.1:995

CONNECTED(00000003)
depth=0 OU = IMAP server, CN = mail.herongyang.com, emailAddress = post...
verify error:num=18:self signed certificate
verify return:1
Server certificate
-----BEGIN CERTIFICATE-----
MIIEUzCCArugAwIBAgIUemnAqnnY7dfjsdPa2HVHDkVKu20wDQYJKoZIhvcNAQEL
..
-----END CERTIFICATE-----
---
No client certificate CA names sent
Server Temp Key: ECDH, secp521r1, 521 bits
---
SSL handshake has read 2013 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 3072 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 862F03C3D9B1F36ED97DDC0E2622482EA723885B647695E1A119...
    Session-ID-ctx:
    Master-Key: 54024E6377B6A77683F58EEAD28278EEE72ED04F916C659F7B84...
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    ...
    Start Time: 1605851257
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
+OK Dovecot ready.

user herong
  +OK
pass TopSecret
  +OK Logged in.
list
  +OK 15 messages:
  1 692
  2 302
  3 296
  ...
  .
retr 3
  +OK 296 octets
  Return-Path: <herong@herongyang.com>
  X-Original-To: herong
  Delivered-To: herong@herongyang.com
  Received: from localhost (localhost [IPv6:::1])
    by mail.herongyang.com (Postfix) with ESMTPS id CCEF0266002F
    for <herong>; 15 Nov 2023 03:23:36 -0500 (EST)

  Hello encrypted world!
  .
quit
  +OK Logging out.
  closed

Note that "openssl s_client" actually failed to validate the server certificate. It returned the "verify return:1" message, because I did not tell "openssl" to trust the self-signed server certificate.

POP3S method can also support client authentication to ensure that only authorized clients can connect the server.

Table of Contents

 About This Book

Introduction to Email

 What Is Email

 What Is SMTP

 What Is SMTPS

 What Is IMAP

 What Is IMAPS

 What Is POP3

What Is POP3S

 Postfix - Mail Transport Agent (MTA)

 SSL/TLS Secure Connections with Postfix Server

 Dovecot - IMAP and POP3 Server

 SSL/TLS Secure Connections with Dovecot Server

 Email Client Tools - Mail User Agents (MUA)

 Mozilla Thunderbird - Mail User Agents (MUA)

 PHPMailer - PHP Package for Sending Emails

 Email Message Format and Headers

 References

 Full Version in PDF/EPUB