I’m trying to answer the second question: “Access the email account using the user credentials that you discovered and submit the flag in the email as your answer.”
I discovered the user m*****, then tried to bruteforce the password using the provided list and rockyou.txt. Nothing worked. I’m not sure what I’m missing.
Well done finding the user. Think about how you log into your mail service. Do you just use the username or do you need to complete your username with something?
Thank you. Got it 
Any advice on finding the user for the first question? Things I’ve tried:
I’ve been stuck on this one for several hours now.
how did you login into his email account? is there a web interface somewhere, not seeing it.
nvm, got it.
I`m stuck here… got user and password but in the telnet session I get no emails 
Try to find it using the openssl command and loggin in there, telnet will just give you the banner
Thank! I got it I was trying through the wrong port!
Finally
The ‘full username’ is a very helpful note. Thanks!
I’m still stuck on the last question. I tried to brute force imap and pop3 using the full username and pw lists, thinking it might reveal another password for a different user that I could reuse but I get nothing. Can something give me a hint on how to find the pw?
Edit: I got it. I tried again on my VM instead of the pwnbox and it worked. didn’t need to use the full username list either.