Port Authority Edition – Internet Vulnerability Profiling
by Steve Gibson,  Gibson Research Corporation.





Goto Port 109
Probe Port 110
Enter Port: 0-65535
Goto Port 111



Port Authority Database

Port 110

Name: 
pop3

Purpose: 
Post Office Protocol - Version 3

Description: 
Pop3 "post office protocol" is used by eMail clients for the retrieval of their eMail from designated eMail "post office" servers. Email Clients such as Microsoft Outlook, Netscape, Eudora, and many others, connect to port 110 of a remote eMail server, then use the pop3 protocol to retrieve their eMail. They first identify and authenticate themselves by logging on to the remote eMail server using their eMail account information. After doing so they are permitted to view and download their waiting eMail.

Related Ports: 
25, 143




Background and Additional Information:

Pop3 on port 110 is the older of the two popular protocols used to retrieve eMail from remote mail servers. (The newer protocol, imap, the Internet message access protocol, uses port 143.) End-user eMail clients send eMail to remote eMail servers using the SMTP protocol on port 25 and typically retrieve their eMail using either pop3 or imap. Email clients and servers must each support both an eMail sending (SMTP) and retrieving (pop3 or imap) protocol.

Local POP proxies

Although it is uncommon for end-user PCs to host a full eMail server, anti-virus and anti-spam "filtering" programs often open the user's local port 110 to provide convenient eMail filtering through a technique known as "proxying". The bad news is that some of these programs cause this port to be opened and exposed to the outside world — to the whole Internet — which can create serious vulnerabilities for the user's PC.

The idea behind a "local proxy" is that the anti-virus or anti-spam program needs to "filter" the remote eMail before it reaches the local eMail client program. So the proxying filter program creates a little local pop3 or imap server right there on the user's machine. The user instructs their eMail client to retrieve eMail from port 110 or 143 of their own computer, and the proxy, in turn, fetches the eMail from the remote eMail server.

This places the proxy "in line" between the remote eMail server and the local eMail client. The Proxy retrieves eMail from the remote server, checks it, filters it, virus scans it, or whatever, then offers it to the local eMail client through its own local pop3 or imap server running on port 110 or 143.

The only trouble with this is that poorly or hastily written local proxies can sometimes create the side-effect of opening the same local server to connections from the entire Internet. If such a proxy also had some insecure features which could be exploited (which is always a concern with any publicly accessible Internet servers) it might be possible for nefarious hackers to exploit the local server's security weaknesses as a means of gaining an advantage of some sort.

Closing port 110

Under no circumstances would you want port 110 of a local proxy (or any local proxy ports for that matter) to be open to the outside world. It's unlikely that you would have a full eMail server running on your machine, but a local proxy such as that described above is becoming more common. If our probes show that your machine has port 110 open, you should determine the cause and see about updating your software, or determine how to close this port to outside access. If all else fails, the use of a NAT router or personal firewall would do the trick.

The POP3 RFC (the complete specification)

The specification of every nuance and detail of the POP3 protocol:

  http://www.ietf.org/rfc/rfc1939.txt

  http://www.faqs.org/rfcs/rfc1939.html

Trojan Sightings: ProMail trojan

The entire contents of this page is copyright © 2008 by Gibson Research Corporation.


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page