QPopper [21]

To quote from the man page:

The Qpopper server is a single program (called popper) that is launched by inetd when it gets a service request on the POP TCP port. (The official port number specified in RFC 1939 for POP version 3 is port 110. However, some POP3 clients attempt to contact the server at port 109, the POP version 2 port. Unless you are running both POP2 and POP3 servers, you can simply define both ports for use by the POP3 server.

The qpopper program initializes and verifies that the peer IP address is registered in the local domain (unless the -R command-line option is used), logging a warning message when a connection is made with a client whose IP address does not have a canonical name. For systems using BSD 4.3 bind, it also checks to see if a canonical name lookup for the client returns the same peer IP address, logging a warning message if it does not.

The server enters the authorization state, during which the client must correctly identify itself by providing a valid Unix userid and password on the server's host machine (or successfully authenticate using APOP or AUTH). No other exchanges are allowed during this state (other than a request to quit.) If authentication fails, a warning message is logged and the session ends.

Once the user is identified, qpopper changes its user and group ids to match that of the user and enters the transaction state. The server makes a temporary copy of the user's maildrop which is used for all subsequent transactions (unless running in server mode). These include the bulk of POP commands to retrieve mail, delete mail, undelete mail, and so forth.