--- a/libnetclient/net-client-pop.c_org	2019-01-29 09:48:37.798385374 +0000
+++ a/libnetclient/net-client-pop.c_org	2019-01-29 10:00:57.770278238 +0000
@@ -722,6 +722,7 @@ 
 	client->priv->can_pipelining = FALSE;
 	result = net_client_pop_execute(client, "CAPA", NULL, NULL);
 
+	/* qmail resopnds -ERR Authorizaion First, so the while is never executed */ 
 	/* evaluate the response */
 	done = FALSE;
 	while (result && !done) {
@@ -770,9 +771,15 @@ 
 
 	/* see RFC 1939, Sect. 4: if no other authentication method is supported explicitly (in particular no APOP), the server *must*
 	 * at least support USER/PASS... */
-	if (*auth_supported == 0U) {
-		*auth_supported = NET_CLIENT_POP_AUTH_USER_PASS;
-	}
+
+	/* if (*auth_supported == 0U) has to be wrong, we set *auth_supported = *auth_supported & NET_CLIENT_POP_AUTH_APOP; above 
+	   drop the if altogether, since NET_CLIENT_POP_AUTH_USER_PASS is way down the list of preferences, so won't be used 
+	   if we have something better. 
+	   fixes POP3 and POP3S authorization with qmail*/ 
+
+	/* if (*auth_supported == NET_CLIENT_POP_AUTH_APOP) { */
+	*auth_supported |= NET_CLIENT_POP_AUTH_USER_PASS;
+	/* } */
 	client->priv->can_pipelining = TRUE;
 }