POP (Post Office Protocol) Service Enumeration

POP (Post Office Protocol)

At a Glance

Default Ports

  • POP3: 110
  • POP3S (POP3 over TLS or SSL): 995

POP, or POP3 (POP version 3), is an application-layer protocol used by email clients to retrieve messages from a mail server. It provides access via IP to mailboxes maintained on a server.

Because POP was designed for temporary Internet connection, clients connect, retrieve messages, store them on the client, and finally delete them from the server. Clients also have the option to leave messages on the server. By contrast, IMAP was designed to normally leave all messages on the server allowing multiple client applications as online and offline modes. 1


telnet 110


nc -n 110

openssl 2

openssl s_client -crlf -connect
  • s_client: SSL/TLS client program.
  • -crlf: translate a line feed from the terminal into CR+LF.

NTLM Information Disclosure

See SMTP NTLM Information Disclosure

pop3-ntlm-info NSE Script

nmap -p 110,995 --script pop3-ntlm-info


POP3 capabilities are defined in RFC2449. The CAPA command allows a client to ask a server what commands it supports and possibly any site-specific policy.

pop3-capabilities NSE Script

nmap -p 110,995 --script pop3-capabilities


USER    Username or mailbox.
PASS    Server/mailbox-specific password.
STAT    Number of messages in the mailbox.
LIST    [ message# ] Messages summary.
RETR    [ message# ] Retrieve selected message.
DELE    [ message# ] Delete selected message.
RSET    Reset the session. Undelete deleted messages.
NOOP    No-op. Keeps connection open.
QUIT    End session.

Note: Server responses will start either with a successful (+OK) or failed status -ERR.

Refer to Exploits Search

  1. Contributors to Wikimedia projects. “Post Office Protocol - Wikipedia.” Wikipedia, the Free Encyclopedia, Wikimedia Foundation, Inc., 9 Sept. 2001, https://en.wikipedia.org/wiki/Post_Office_Protocol. ↩︎

  2. OpenSSL Foundation, Inc. “/Docs/Manmaster/Man1/Openssl.Html.” OpenSSL.Org, https://www.openssl.org/docs/manmaster/man1/openssl.html. ↩︎