1@c This is part of the GNU Mailutils manual. 2@c Copyright (C) 1999--2021 Free Software Foundation, Inc. 3@c See file mailutils.texi for copying conditions. 4@comment ******************************************************************* 5@pindex pop3d 6 7The @command{pop3d} daemon implements the Post Office Protocol 8Version 3 server. 9 10@command{pop3d} has two operation modes: 11 12@table @asis 13@item Inetd 14The server is started from @file{/etc/inetd.conf} file: 15 16@example 17pop3 stream tcp nowait root /usr/local/sbin/pop3d pop3d 18@end example 19 20This is the default operation mode. 21 22@item Standalone 23The server runs as daemon, forking a child for each new connection. 24@end table 25 26The server operation mode is configured using @code{mode} statement 27(@pxref{Server Settings, mode}). 28 29@menu 30* Login delay:: 31* Auto-expire:: 32* Bulletins:: 33* Conf-pop3d:: Pop3d Configuration 34* Command line options:: 35@end menu 36 37@node Login delay 38@subsection Login delay 39 40 POP3 clients often login frequently to check for new mail. Each new 41connection implies authenticating the user and opening his maildrop 42and can be very resource consuming. To reduce server load, it is 43possible to impose a minimum delay between any two consecutive logins. 44This is called @samp{LOGIN-DELAY} capability and is described in RFC 452449. 46 47 As of version @value{VERSION}, GNU Mailutils @command{pop3d} allows 48to set global login delay, i.e. such enforcement will affect all POP3 49users. If a user attempts to log in before the specified login delay 50expires, he will get the following error message: 51 52@example 53-ERR [LOGIN-DELAY] Attempt to log in within the minimum login delay interval 54@end example 55 56The message will be issued after a valid password is entered. This prevents 57this feature from being used by malicious clients for account 58harvesting. 59 60 To enable the login delay capability, specify the minimum delay 61using @code{login-delay} configuration statement, e.g.: 62 63@example 64login-delay 60; 65@end example 66 67 The @command{pop3d} utility keeps each user's last login time in a 68special DBM file, called @dfn{login statistics database}, so to be 69able to use this feature, Mailutils must be compiled with DBM support. 70By default, the login statistics database is called 71@file{/var/run/pop3-login.db}. You can change its name using 72@code{stat-file} configuration statement: 73 74@example 75login-delay 60; 76stat-file /tmp/pop.login.db; 77@end example 78 79 The login delay facility will be enabled only if @command{pop3d} is 80able to access the statistics database for both reading and 81writing. If it is not, it will report this using @command{syslog} and 82start up without login delay restrictions. A common error message 83looks like: 84 85@example 86Unable to open statistics db: Operation not permitted 87@end example 88 89 You can check whether your @command{pop3d} uses login delays by 90connecting to it and issuing the @samp{CAPA} command. If login delays 91are in use, there response will contain the string @samp{LOGIN-DELAY 92@var{n}}, where @var{n} is the actual login delay value. 93 94@node Auto-expire 95@subsection Auto-expire 96 97 Automatic expiration of messages allows you to limit the period of 98time users are permitted to keep their messages on the server. It is 99enabled by @code{expire} configuration statement: 100 101@table @code 102@item expire @var{n}; 103Enable automatic expiration of messages after @var{n} days. 104@end table 105 106 The current implementation works as follows. When a message is 107downloaded by @code{RETR} or @code{TOP} command, it is marked with 108@samp{X-Expire-Timestamp: @var{n}} header, where @var{n} is current 109value of UNIX timestamp. The exact expiration mechanism 110depends on you. Mailutils allows you two options: 111 112@enumerate 113@item 114Expired messages are deleted by @command{pop3d} upon closing the 115mailbox. You specify this mechanism using @code{delete-expired} 116configuration statement: 117 118@table @command 119@item delete-expired @var{bool}; 120If @var{bool} is @samp{true}, delete expired messages after receiving 121the @code{QUIT} command. 122@end table 123 124@item 125Expired messages remain in the mailbox after closing it. The system 126administrator is supposed to run a cron job that purges the mailboxes. 127Such a cron job can be easily implemented using @command{sieve} from 128GNU Mailutils and the following script: 129 130@example 131@group 132require "timestamp"; 133# @r{Replace "5" with the desired expiration period} 134if timestamp :before "X-Expire-Timestamp" "now - 5 days" 135 @{ 136 discard; 137 @} 138@end group 139@end example 140 141This script will remove expired messages 5 days after the 142retrieval. Replace @samp{5} with the desired expiration period and 143make sure it equals the argument to @command{expire} configuration keyword. 144@end enumerate 145 146The statement @code{expire 0} means the client is not permitted to 147leave mail on the server. It always implies @code{delete-expired true}. 148 149@node Bulletins 150@subsection Bulletins 151 152 The bulletin feature allows you to send important announcements to 153all POP3 users without mailing them. It works by creating a 154@dfn{bulletin source mailbox} and sending the announcements to it. 155 156 After a user successfully authenticates, @command{pop3d} checks the 157last @dfn{bulletin number} the user receives. The bulletin number 158refers to the number of the bulletin message in the bulletin source 159mailbox. If the latter contains more messages, these are appended to 160the user mailbox. 161 162 The user last bulletin number can be kept in two places. First, it 163can be stored in file @file{.popbull} in his home directory. Secondly, 164if Mailutils is compiled with DBM support, the numbers can be kept in 165a DBM file, supplied via @code{bulletin-db} configuration statement. If 166both the database and the @file{.popbull} file are present, the data 167from the database take precedence. 168 169 To enable this feature, use the following configuration statements: 170 171@table @code 172@item bulletin-source @var{mbox} 173Set the @acronym{URL} of the bulletin source mailbox. 174 175@item bulletin-db @var{file} 176Set the name of the database file to keep last bulletin numbers in. 177@end table 178 179 The following example instructs @command{pop3d} to look for the 180bulletin messages in @acronym{MH} folder @file{/var/spool/bull/mbox} 181and to keep the database of last delivered bulletin numbers in 182@file{/var/spool/bull/numbers.db}: 183 184@example 185@group 186bulletin-source mh:/var/spool/bull/mbox; 187bulletin-db /var/spool/bull/numbers.db; 188@end group 189@end example 190 191@node Conf-pop3d 192@subsection Pop3d Configuration 193 194The following configuration file statements affect the behavior of 195@command{pop3d}. 196 197@multitable @columnfractions 0.3 0.6 198@headitem Statement @tab Reference 199@item debug @tab @xref{debug statement}. 200@item tls @tab @xref{tls statement}. 201@item tls-file-checks @tab @xref{tls-file-checks statement}. 202@item mailbox @tab @xref{mailbox statement}. 203@item locking @tab @xref{locking statement}. 204@item logging @tab @xref{logging statement}. 205@item pam @tab @xref{pam statement}. 206@item sql @tab @xref{sql statement}. 207@item virtdomain @tab @xref{virtdomain statement}. 208@item radius @tab @xref{radius statement}. 209@item ldap @tab @xref{ldap statement}. 210@item auth @tab @xref{auth statement}. 211@item server @tab @xref{Server Settings}. 212@item acl @tab @xref{acl statement}. 213@item tcp-wrappers @tab @xref{tcp-wrappers statement}. 214@end multitable 215 216@deffn {Pop3d Conf} tls-mode @var{mode} 217Configure the use of TLS encryption for inetd mode. 218 219In daemon mode, this statement sets the type of TLS encryption to 220use in all server blocks that lack the @code{tls-mode} statement 221(@pxref{Server Statement}). 222 223Allowed values for @var{mode} are: 224 225@table @asis 226@item no 227TLS is not used. The @command{STLS} command won't be available even if 228the TLS configuration is otherwise complete. 229 230@item ondemand 231TLS is initiated when the user issues the appropriate command. 232This is the default when TLS is configured. 233 234@item required 235Same as above, but the use of TLS is mandatory. The authentication 236state is entered only after TLS negotiation has succeeded. 237 238@item connection 239TLS is always forced when the connection is established (POP3S 240protocol). 241@end table 242@end deffn 243 244@deffn {Pop3d Conf} undelete @var{bool} 245On startup, clear deletion marks from all the messages. 246@end deffn 247 248@deffn {Pop3d Conf} expire @var{n} 249Automatically expire read messages after @var{n} 250days. @xref{Auto-expire}, for a detailed description. 251@end deffn 252 253@deffn {Pop3d Conf} delete-expired @var{bool} 254Delete expired messages upon closing the mailbox. @xref{Auto-expire}, 255for a detailed description. 256@end deffn 257 258@deffn {Pop3d Conf} login-delay @var{duration} 259Set the minimal allowed delay between two successive logins. 260@xref{Login delay}, for more information. 261@end deffn 262 263@deffn {Pop3d Conf} stat-file @var{file} 264Set the name of login statistics file for the @code{login-delay} 265facility. @xref{Login delay}, for more information. 266@end deffn 267 268@deffn {Pop3d Conf} bulletin-source @var{file} 269Get bulletins from the specified mailbox. @xref{Bulletins}, for a 270detailed description. 271@end deffn 272 273@deffn {Pop3d Conf} bulletin-db @var{file} 274Set bulletin database file name. @xref{Bulletins}, for a 275detailed description. 276@end deffn 277 278@node Command line options 279@subsection Command line options 280 281The following table summarizes all @command{pop3d} command line options. 282 283@table @option 284@item -d[@var{number}] 285@itemx --daemon[=@var{number}] 286Run in standalone mode. An optional @var{number} specifies the maximum number 287of child processes allowed to run simultaneously. When it is omitted, 288it defaults to 10 processes. 289@emph{Please note}, that there should be no whitespace between the 290@option{-d} and its parameter. 291 292@item -i 293@itemx --inetd 294Run in inetd mode. 295 296@item --foreground 297Remain in foreground. 298@end table 299 300The Mailutils common options are also understood. @xref{Common Options}. 301