The SERVER parameter set allows you to specify the POP3 or IMAP server from which the mail reader retrieves the e-mail.

The following entries are required:

• The host name of the computer on which the POP3 or IMAP server is running

• The user ID and password for this computer

• In the case of an IMAP server: the MAILBOX name as well

You also have the option of specifying how often the mail reader checks whether there are any new messages.

You can also request TLS encryption of the connection to the server so that the password to be transferred cannot be read by anyone.

Syntax

Operand description

SERVER=POP3(. . . ) / IMAP(. . . )
Specifies which protocol is to be used to access e-mails.

SERVER=POP3
The POP3 protocol is to be used.

SERVER=IMAP
The IMAP protocol is to be used.

HOSTNAME=<hostname>
The server runs on the host <hostname>. <hostname> can be the server’s BCAM processor name or DNS name.

PORT=<port number>
Specifies the port number to be used to set up the TCP connection to the server. If this parameter is used, when TLS is used, automatic port number selection is disabled depending on the MODE parameter and the specified port number is used.

USER=<user-id>
User ID of the user whose mailbox is to be accessed.
The ID is enclosed in single quotes.
Depending on the server, a distinction may be drawn between uppercase and lowercase.

PASS=<password>
Password for accessing the mailbox.
The password is enclosed in single quotes.
Depending on the server, a distinction may be drawn between uppercase and lowercase.

KEEP= NO / YES
(For IMAP servers only)
Specifies whether the e-mail is to be deleted on the server after it is downloaded by the mail reader.

KEEP= NO
(For IMAP servers only)
The e-mail is deleted on the server after it is downloaded.

KEEP=YES
(For IMAP servers only)
After being downloaded, the e-mail is flagged as having been read but remains on the server. It can then be flagged as unread again using a standard e-mail client, for example, and thus made available or processing again.
This parameter value is particularly useful for test purposes. In live operation, suitable measures must be taken to ensure that the e-mails are deleted in good time, since otherwise there will be a resource bottleneck on the IMAP server.

MAILBOX=<mailbox>
(For IMAP servers only)
IMAP mailbox to be accessed
Default: INBOX

INTERVAL=<int>
Interval in seconds after which the mail reader checks whether there are any new messages. Default: 900 seconds.
If zero is specified, the check is carried out only once.

TLS= NO / YES
Specifies whether the connection to the server is to be secured by means of TLS.

TLS= NO
The connection to the server is not to be secured.

TLS=YES
The connection to the server is to be secured.

REQUIRED= NO / YES
Specifies whether the connection to the server is to be terminated if the server does not support TLS.

REQUIRED= NO
Even if the server does not support TLS, the e-mail is transferred. If it is discovered that the host name does not correspond to the server name in the X.509 certificate, an e-mail transfer is still carried out.

REQUIRED=YES
If the server does not support TLS, the connection is terminated. If it is discovered that the host name does not correspond to the server name in the X.509 certificate, the mail reader is terminated with an error message.

MODE= IMPLICIT / EXPLICIT
Specifies whether the TLS connection to the server is to be set up implicitly after the TCP connection is set up.

MODE= IMPLICIT
A TLS connection is set up implicitly immediately after TCP connection setup. If the PORT parameter was not used, the port number 995 (POP3 server) or 993 (IMAP server) is used to set up the TCP connection.

MODE=EXPLICIT
If the PORT parameter was not used, a TCP connection is set up using the default port number 110 (POP3 server) or 143 (IMAP server). A TLS connection is then set up by means of the POP3 command STLS or the IMAP command START-TLS.

PROTOCOL=<protocol spec>
You can limit the protocols used. TLS Version 1.2 and 1.3 are supported.
You can specify TLSv1.2, TLSv1.3 and All.
Depending on whether the protocol is to be activated or deactivated, you can precede it with a plus or minus sign. The entries “TLSv1.2” and “All -TLSv1.3” have the same effect.
Default: All

TLSMINPROTOCOLVERSION= TLSv1.2 / TLSv1.3
This option specifies the minimal TLS version to be used by the mail sender. It replaces in future together with the option TLSMAXPROTOCOLVERSION the old option PROTOCOL. Until then the three options work together, i.e. only TLS protocol versions are supported, which conform to all three options.

TLSMINPROTOCOLVERSION= TLSv1.2
The minimal TLS version to be used is TLSv1.2.

TLSMINPROTOCOLVERSION=TLSv1.3
The minimal TLS version to be used is TLSv1.3.

TLSMAXPROTOCOLVERSION=TLSv1.2 / TLSv1.3
This option specifies the maximal TLS version to be used by the mail sender. It replaces in future together with the option TLSMINPROTOCOLVERSION the old option PROTOCOL. Until then the three options work together, i.e. only TLS protocol versions are supported, which conform to all three options.

TLSMAXPROTOCOLVERSION=TLSv1.2
The maximal TLS version to be used is TLSv1.2.

TLSMAXPROTOCOLVERSION= TLSv1.3
The maximal TLS version to be used is TLSv1.3.

CIPHER_SUITE=<TLSv1.2 cipher suite spec> / TLSv1.3 <TLSv1.3 cipher suite spec>
specifies a list of preferred encryption methods for use with TLSv1.2 and with TLSv1.3 respectively. If this option is not specified, a default list of preferences is used. This option can be used doubly, for specifying cipher suites once for TLSv1.2 and once for TLSv1.3. In the latter case TLSv1.3 is prepended to the specification.

CIPHER_SUITE=<TLSv1.2 cipher suite spec>
The cipher suite specification is converted into a preference list for encryption algorithms. The specification consists of one or more cipher mnemonics separated by a colon (:).

The permissible cipher mnemonics and cipher suites are described in section “Specification of a cipher suite preference list”.

CIPHER_SUITE= TLSv1.3 <TLSv1.3 cipher suite spec>
The cipher suite specification is a colon separated list of preferred TLSv1.3 encryption methods.
Default: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

CERTIFICATE=<certificate file>
Specifies a file containing the X.509 client certificate for client authentication in PEM format. This file can also contain the client’s private key. Generally, however, the certificate and key are stored in separate files.

KEY=<private key file>
Specifies a file containing the private client key in PEM format. If both the X.509 certificate and private client are contained in the same file (see the CERTIFICATE), this operand does not need to be specified.

The client key should not be protected with a passphrase. If it were, the passphrase would have to be entered each time the mail reader was started. However, file attributes must be set to ensure that unauthorized access to the private key is not possible.

CA_CERTIFICATES=<CA certificates file>
Specifies a file containing in PEM format the CA certificates required for the authentication of the server. The individual PEM certificates are arranged in the file sequentially.

To add or delete certificates, you can edit the file in any text editor. The certificates are entered in the file as follows:

-----BEGIN CERTIFICATE----<
 CA certificate in Base64 code >
-----END CERTIFICATE-----

Text outside these sequences is ignored by the mail reader and can therefore be used to identify the certificates, which exist in readable form thanks to their ASN.1/Base64 coding.

CRL=<CRL file>
Specifies a file containing the CRLs (certificate revocation lists) of the certificate authorities (CAs). (Certificates issued by a certificate authority can be declared invalid by publishing them in a CRL.)

VERIFY_SERVER= YES / NO
Specifies whether the server’s certificate is to be verified.

VERIFY_SERVER= YES
The server’s certificate is to be verified.

VERIFY_SERVER=NO
The server’s certificate is not to be verified. This setting is vulnerable to “man in the middle” attacks.

VERIFY_DEPTH=<depth>
Specifies the verification depth, which is the maximum permissible number of certificates between the certificate of the server and the certificate known to the mail reader. If the maximum verification depth is exceeded, the connection is terminated unless verification of the server certificate has been disabled by means of VERIFY-SERVER=NO.

Example

In this example, the mail reader polls the server localhost every 600 seconds under the user ID inetvalu with the password secret.

SERVER=POP3(
     HOSTNAME=localhost,
     USER='inetvalu',
     PASS='secret',
     INTERVAL=600)
)