POP3 is an incredibly simple protocol, and with the most basic commands, you can access your POP3 server ‘by hand’ with this POP3 HOWTO without the need for a client. You can find the entire POP3 RFC here http://www.ietf.org/rfc/rfc1939.txt

Now, down to business. I have created a temporary test account:  test@iodigitalsec.com – please don’t try and access this as by the time you see this, it’s already been removed! I’ll use telnet to access the service, and send simple plain text commands. I’ve sent myself a test email, which I will also retrieve and then delete. Conversation as follows, I have highlighted my own commands in bold:

test:/email# telnet iodigitalsec.com 110
Connected to iodigitalsec.com.
Escape character is ‘^]’.
+OK Hello there.
USER test@iodigitalsec.com
+OK Password required.
PASS wrongpass
-ERR Login failed.
USER test@iodigitalsec.com
+OK Password required.
PASS testpass
+OK logged in.
+OK POP3 clients that break here, they violate STD53.
1 501
2 1475
+OK 501 octets follow.
Return-path: <root@iodigitalsec.com>
Envelope-to: test@iodigitalsec.com
Delivery-date: Tue, 16 Dec 2008 00:51:39 +0000
Received: from root by iodigitalsec.com with local (Exim 4.67)
(envelope-from <root@iodigitalsec.com>)
id 1LCO9z-0006a3-7w
for test@iodigitalsec.com; Tue, 16 Dec 2008 00:51:39 +0000
To: test@iodigitalsec.com
Message-Id: <E1LCO9z-0006a3-7w@iodigitalsec.com>
From: root <root@iodigitalsec.com>
Date: Tue, 16 Dec 2008 00:51:39 +0000Your account has been created

+OK Deleted.
+OK Deleted.
+OK POP3 clients that break here, they violate STD53.
+OK Bye-bye.

Now to detail what I’ve done..

Telnet to port 110 of your mail server, and enter USER user@name.com followed by PASS yourpassword – the mail server should then confirm your login. The first command to issue is generally LIST, which will list the number of messages and their sizes. It is not supposed to give you any extra information about them. RETR is then issued with an argument of the message number and allows you to retrieve said message. DELE followed by a message number then allows you to delete said message. QUIT then gracefully signs you off.

The mail server has two responses it can issue you, +OK which is positive and -ERR which is negative. The standard dictates that these must be in uppercase. The text after is irrelevant to the standard and the process, but simply serves to brighten up your experience.

These simple commands are an incredibly easy way to test a POP3 server, just remember the golden message that all your data is transmitted in easily intercepted plaintext. If this is a problem for you, consider POP3S!