<!-- review: finished -->

<a id="mail-pop3"></a>

# POP3

The module enables POP3 mail protocol support, allowing the server to download
messages from mail servers. It connects to POP3 servers, retrieves message
headers and content, provides secure authentication, and manages message
statuses such as downloaded or deleted.

<a id="directives-59"></a>

## Directives

<a id="index-0"></a>

<a id="m-pop3-auth"></a>

### pop3_auth

| [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)   | `pop3_auth` method ...;   |
|------------------------------------------------------------------------------------------|---------------------------|
| Default                                                                                  | `pop3_auth plain;`        |
| [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)  | mail, server              |

Sets permitted methods of authentication for POP3 clients. Supported methods are:

| `plain`       | [USER/PASS](https://datatracker.ietf.org/doc/html/rfc1939), [AUTH PLAIN](https://datatracker.ietf.org/doc/html/rfc4616), [AUTH LOGIN](https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00)   |
|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `apop`        | [APOP](https://datatracker.ietf.org/doc/html/rfc1939). In order for this method to work, the password must be stored unencrypted.                                                                            |
| `cram-md5`    | [AUTH=CRAM-MD5](https://datatracker.ietf.org/doc/html/rfc2195). In order for this method to work, the password must be stored unencrypted.                                                                   |
| `external`    | [AUTH=EXTERNAL](https://datatracker.ietf.org/doc/html/rfc4422)                                                                                                                                               |
| `xoauth2`     | [AUTH=XOAUTH2](https://developers.google.com/gmail/imap/xoauth2-protocol)                                                                                                                                    |
| `oauthbearer` | [AUTH=OAUTHBEARER](https://datatracker.ietf.org/doc/html/rfc7628)                                                                                                                                            |

Plain text authentication methods (`USER/PASS`, `AUTH PLAIN` and
`AUTH LOGIN`) are always enabled, though if the `plain` method is
not specified, `AUTH PLAIN` and `AUTH LOGIN` will not be
automatically included in [pop3_capabilities](#m-pop3-capabilities).

<a id="index-1"></a>

<a id="m-pop3-capabilities"></a>

### pop3_capabilities

| [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)   | `pop3_capabilities` extension ...;   |
|------------------------------------------------------------------------------------------|--------------------------------------|
| Default                                                                                  | `pop3_capabilities TOP USER UIDL;`   |
| [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)  | mail, server                         |

Sets the [POP3 protocol](https://datatracker.ietf.org/doc/html/rfc2449) extensions list that is passed to the client in response to the CAPA command. The authentication methods specified in the [pop3_auth](#m-pop3-auth) directive ([SASL](https://datatracker.ietf.org/doc/html/rfc2449) extension) and [STLS](https://datatracker.ietf.org/doc/html/rfc2595) are automatically added to this list depending on the [starttls](https://en.angie.software//angie/docs/configuration/modules/mail/mail_ssl.md#m-starttls) directive value.

It makes sense to specify the extensions supported by the POP3 backends to which the clients are proxied (if these extensions are related to commands used after the authentication, when Angie transparently proxies the client connection to the backend).