Quoting from Birger Toedtmann's mail on Thu, May 02, 2002 at 05:48:04PM +0200:
lately I had some problems with fetchmail and the new STLS feature. Because
with a qpopper server at hand, it just didn't work. When I did some "-vv",
I was surprised that fetchmail never sent a CAPA to qpopper. So I went and
read some lines in pop3.c where the STLS/CAPA stuff is detailed:
[...]
:: if (ctl->server.authenticate == A_ANY
:: && strchr(greeting, '<')
:: && gen_transact(sock, "CAPA") == 0)
:: {
[...]
Mmmh. Why does it expect a '<'? AFAIK "POP3 Extension Mechanism" (RFC 2449,
where CAPA is defined) and "APOP" (a server advertises its APOP functionality
by having a "<"-some-number-">" in its banner) are not tied that closely to-
gether, are they? Some server - e.g. the qpopper at hand - may do CAPA but
not APOP and vice versa. At least I did not find anything stating "APOP is
required for CAPA to work" in RFC 2449.
In fact, I too faced a similar (but opposite!) problem. There is a
server (pop.net4india.com) which supports APOP but not CAPA. In fact,
the CAPA command was causing it to break the connection randomly.
Here is a sample session (with CAPA) (with wrong username+password):
$ telnet 202.71.129.81 pop3
POP3< +OK Cubic Circle's v1.31 1998/05/13 POP3 ready
<190200004c67d23c(_at_)storage(_dot_)net4india(_dot_)com>
POP3> CAPA
POP3< -ERR Invalid command, try one of: USER name, PASS string, APOP name
digest, QUIT
POP3> USER test
POP3< +OK test selected
POP3> PASS test
Connection closed by foreign host.
Note the direct closing of socket instead of the -ERR response.
Here is a sample session (without CAPA) (with wrong username+password):
telnet 202.71.129.81 pop3
POP3< +OK Cubic Circle's v1.31 1998/05/13 POP3 ready
<d1100000a26ad23c(_at_)storage(_dot_)net4india(_dot_)com>
POP3> USER test
POP3< +OK test selected
POP3> PASS test
POP3< -ERR cucipop: Invalid password or username (check case)
POP3> QUIT
POP3< +OK Not really your day, is it?
Connection closed by foreign host.
Even with a valid username+password, the session with CAPA used to
progress a bit more, but again terminate randomly.
Once I forced the authentication method to "password", things went
fine.
So, I feel that some other mechanism should be used for sending CAPA.
Sunil Shetye.