GNU Mailutils Manual (split by section):   Section:   Chapter:FastBack: Programs   Up: Programs   FastForward: Libraries   Contents: Table of ContentsIndex: Function Index

3.16 POP3 Daemon

The pop3d daemon implements the Post Office Protocol Version 3 server.

pop3d has two operation modes:


The server is started from /etc/inetd.conf file:

pop3  stream tcp nowait  root  /usr/local/sbin/pop3d pop3d

This is the default operation mode.


The server runs as daemon, forking a child for each new connection.

The server operation mode is configured using mode statement (see mode).

3.16.1 Login delay

POP3 clients often login frequently to check for new mail. Each new connection implies authenticating the user and opening his maildrop and can be very resource consuming. To reduce server load, it is possible to impose a minimum delay between any two consecutive logins. This is called ‘LOGIN-DELAY’ capability and is described in RFC 2449.

As of version 3.14, GNU Mailutils pop3d allows to set global login delay, i.e. such enforcement will affect all POP3 users. If a user attempts to log in before the specified login delay expires, he will get the following error message:

-ERR [LOGIN-DELAY] Attempt to log in within the minimum login delay interval

The message will be issued after a valid password is entered. This prevents this feature from being used by malicious clients for account harvesting.

To enable the login delay capability, specify the minimum delay using login-delay configuration statement, e.g.:

login-delay 60;

The pop3d utility keeps each user’s last login time in a special DBM file, called login statistics database, so to be able to use this feature, Mailutils must be compiled with DBM support. By default, the login statistics database is called /var/run/pop3-login.db. You can change its name using stat-file configuration statement:

login-delay 60;
stat-file /tmp/pop.login.db;

The login delay facility will be enabled only if pop3d is able to access the statistics database for both reading and writing. If it is not, it will report this using syslog and start up without login delay restrictions. A common error message looks like:

Unable to open statistics db: Operation not permitted

You can check whether your pop3d uses login delays by connecting to it and issuing the ‘CAPA’ command. If login delays are in use, there response will contain the string ‘LOGIN-DELAY n’, where n is the actual login delay value.

3.16.2 Auto-expire

Automatic expiration of messages allows you to limit the period of time users are permitted to keep their messages on the server. It is enabled by expire configuration statement:

expire n;

Enable automatic expiration of messages after n days.

The current implementation works as follows. When a message is downloaded by RETR or TOP command, it is marked with ‘X-Expire-Timestamp: n’ header, where n is current value of UNIX timestamp. The exact expiration mechanism depends on you. Mailutils allows you two options:

  1. Expired messages are deleted by pop3d upon closing the mailbox. You specify this mechanism using delete-expired configuration statement:
    delete-expired bool;

    If bool is ‘true’, delete expired messages after receiving the QUIT command.

  2. Expired messages remain in the mailbox after closing it. The system administrator is supposed to run a cron job that purges the mailboxes. Such a cron job can be easily implemented using sieve from GNU Mailutils and the following script:
    require "timestamp";
    # Replace "5" with the desired expiration period
    if timestamp :before "X-Expire-Timestamp" "now - 5 days"

    This script will remove expired messages 5 days after the retrieval. Replace ‘5’ with the desired expiration period and make sure it equals the argument to expire configuration keyword.

The statement expire 0 means the client is not permitted to leave mail on the server. It always implies delete-expired true.

3.16.3 Bulletins

The bulletin feature allows you to send important announcements to all POP3 users without mailing them. It works by creating a bulletin source mailbox and sending the announcements to it.

After a user successfully authenticates, pop3d checks the last bulletin number the user receives. The bulletin number refers to the number of the bulletin message in the bulletin source mailbox. If the latter contains more messages, these are appended to the user mailbox.

The user last bulletin number can be kept in two places. First, it can be stored in file .popbull in his home directory. Secondly, if Mailutils is compiled with DBM support, the numbers can be kept in a DBM file, supplied via bulletin-db configuration statement. If both the database and the .popbull file are present, the data from the database take precedence.

To enable this feature, use the following configuration statements:

bulletin-source mbox

Set the URL of the bulletin source mailbox.

bulletin-db file

Set the name of the database file to keep last bulletin numbers in.

The following example instructs pop3d to look for the bulletin messages in MH folder /var/spool/bull/mbox and to keep the database of last delivered bulletin numbers in /var/spool/bull/numbers.db:

bulletin-source mh:/var/spool/bull/mbox;
bulletin-db /var/spool/bull/numbers.db;

3.16.4 Pop3d Configuration

The following configuration file statements affect the behavior of pop3d.

debugSee debug statement.
tlsSee tls statement.
tls-file-checksSee tls-file-checks statement.
mailboxSee mailbox statement.
lockingSee locking statement.
loggingSee logging statement.
pamSee pam statement.
sqlSee sql statement.
virtdomainSee virtdomain statement.
radiusSee radius statement.
ldapSee ldap statement.
authSee auth statement.
serverSee Server Settings.
aclSee acl statement.
tcp-wrappersSee tcp-wrappers statement.
Pop3d Conf: tls-mode mode

Configure the use of TLS encryption for inetd mode.

In daemon mode, this statement sets the type of TLS encryption to use in all server blocks that lack the tls-mode statement (see Server Statement).

Allowed values for mode are:


TLS is not used. The STLS command won’t be available even if the TLS configuration is otherwise complete.


TLS is initiated when the user issues the appropriate command. This is the default when TLS is configured.


Same as above, but the use of TLS is mandatory. The authentication state is entered only after TLS negotiation has succeeded.


TLS is always forced when the connection is established (POP3S protocol).

Pop3d Conf: undelete bool

On startup, clear deletion marks from all the messages.

Pop3d Conf: expire n

Automatically expire read messages after n days. See Auto-expire, for a detailed description.

Pop3d Conf: delete-expired bool

Delete expired messages upon closing the mailbox. See Auto-expire, for a detailed description.

Pop3d Conf: login-delay duration

Set the minimal allowed delay between two successive logins. See Login delay, for more information.

Pop3d Conf: stat-file file

Set the name of login statistics file for the login-delay facility. See Login delay, for more information.

Pop3d Conf: bulletin-source file

Get bulletins from the specified mailbox. See Bulletins, for a detailed description.

Pop3d Conf: bulletin-db file

Set bulletin database file name. See Bulletins, for a detailed description.

3.16.5 Command line options

The following table summarizes all pop3d command line options.


Run in standalone mode. An optional number specifies the maximum number of child processes allowed to run simultaneously. When it is omitted, it defaults to 10 processes. Please note, that there should be no whitespace between the -d and its parameter.


Run in inetd mode.


Remain in foreground.

The Mailutils common options are also understood. See Common Options.

GNU Mailutils Manual (split by section):   Section:   Chapter:FastBack: Programs   Up: pop3d   FastForward: Libraries   Contents: Table of ContentsIndex: Function Index