"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/msmtp.1" between
msmtp-1.8.15.tar.xz and msmtp-1.8.16.tar.xz

About: msmtp is an SMTP client with a sendmail compatible interface. It can be used with Mutt and other mail user agents.

msmtp.1  (msmtp-1.8.15.tar.xz):msmtp.1  (msmtp-1.8.16.tar.xz)
skipping to change at line 236 skipping to change at line 236
--host=hostname --host=hostname
Use only the settings from the command line; do not use any config uration file data. Use only the settings from the command line; do not use any config uration file data.
--from=address or --read-envelope-from --from=address or --read-envelope-from
Choose the first account from the system or user configuration fil e that has a matching envelope- Choose the first account from the system or user configuration fil e that has a matching envelope-
from address as specified by a from command. This works only when neither --account nor --host is from address as specified by a from command. This works only when neither --account nor --host is
used. used.
Subadresses are supported. For example, the envelope from addres s user+detail@example.com will Subadresses are supported. For example, the envelope from addres s user+detail@example.com will
match the account for user@example.com. match the account for user@example.com.
Furthermore, the envelope-from address of the account may be a
wildcard pattern. See the from
command.
If none of the above options is used (or if no account has a matching from command), then the account If none of the above options is used (or if no account has a matching fro m command), then the account
"default" is used. "default" is used.
Msmtp transmits mails unaltered to the SMTP server, with the following ex ceptions: Msmtp transmits mails unaltered to the SMTP server, with the following ex ceptions:
- The Bcc header(s) will be removed. This behavior can be changed with th e remove_bcc_headers command and - The Bcc header(s) will be removed. This behavior can be changed with th e remove_bcc_headers command and
--remove-bcc-headers option. --remove-bcc-headers option.
- A From header will be added if the mail does not have one. This can be changed with the set_from_header - A From header will be added if the mail does not have one. This can be changed with the set_from_header
command and --set-from-header option. The header will use the envelope f rom address and optionally a command and --set-from-header option. The header will use the envelo pe from address and optionally a
full name set with the -F option. full name set with the -F option.
- A Date header will be added if the mail does not have one. This can be changed with the set_date_header - A Date header will be added if the mail does not have one. This can be changed with the set_date_header
command and --set-date-header option. command and --set-date-header option.
- When undisclosed_recipients is set, the original To, Cc, and Bcc header s are removed and replaced with - When undisclosed_recipients is set, the original To, Cc, and Bcc heade rs are removed and replaced with
"To: undisclosed-recipients:;". "To: undisclosed-recipients:;".
Skip to the EXAMPLES section for a quick start. Skip to the EXAMPLES section for a quick start.
CONFIGURATION FILES CONFIGURATION FILES
If it exists and is readable, a system wide configuration file SYSCONFD IR/msmtprc will be loaded, where If it exists and is readable, a system wide configuration file SYSCONFDIR /msmtprc will be loaded, where
SYSCONFDIR depends on your platform. Use --version to find out which dir ectory is used. SYSCONFDIR depends on your platform. Use --version to find out which dir ectory is used.
If it exists and is readable, a user configuration file will be loaded (~ If it exists and is readable, a user configuration file will be loaded
/.msmtprc will be tried first (~/.msmtprc will be tried first
followed by $XDG_CONFIG_HOME/msmtp/config by default, but see --versio followed by $XDG_CONFIG_HOME/msmtp/config by default, but see --version).
n). Accounts defined in the user Accounts defined in the user
configuration file override accounts from the system configuration file. configuration file override accounts from the system configuration file.
Configuration data from either file can be changed by command line option s. Configuration data from either file can be changed by command line option s.
A configuration file is a simple text file. Empty lines and comment line s (whose first non-blank charac- A configuration file is a simple text file. Empty lines and comment line s (whose first non-blank charac-
ter is `#') are ignored. ter is `#') are ignored.
Every other line must contain a command and may contain an argument to th at command. Every other line must contain a command and may contain an argument to th at command.
The argument may be enclosed in double quotes ("), for example if its fir st or last character is a blank. The argument may be enclosed in double quotes ("), for example if its fir st or last character is a blank.
If a file name starts with the tilde (~), this tilde will be replaced by $HOME. If a command accepts the If a file name starts with the tilde (~), this tilde will be replaced by $HOME. If a command accepts the
argument on, it also accepts an empty argument and treats that as if it w as on. argument on, it also accepts an empty argument and treats that as if it w as on.
Commands are organized in accounts. Each account starts with the account command and defines the settings Commands are organized in accounts. Each account starts with the account command and defines the settings
for one SMTP account. for one SMTP account.
Skip to the EXAMPLES section for a quick start. Skip to the EXAMPLES section for a quick start.
Commands are as follows: Commands are as follows:
defaults defaults
Set defaults. The following configuration commands will set default values for all following Set defaults. The following configuration commands will set defa ult values for all following
account definitions in the current configuration file. account definitions in the current configuration file.
account name [:account[,...]] account name [:account[,...]]
Start a new account definition with the given name. The current de fault values are filled in. Start a new account definition with the given name. The current de fault values are filled in.
If a colon and a list of previously defined accounts is given afte If a colon and a list of previously defined accounts is given
r the account name, the new after the account name, the new
account, with the filled in default values, will inherit all s account, with the filled in default values, will inherit all setti
ettings from the accounts in the ngs from the accounts in the
list. list.
host hostname host hostname
The SMTP server to send the mail to. The argument may be a host n ame or a network address. Every The SMTP server to send the mail to. The argument may be a host n ame or a network address. Every
account definition must contain this command. account definition must contain this command.
port number port number
The port that the SMTP server listens on. The default is 25 ("smt p"), unless TLS without STARTTLS The port that the SMTP server listens on. The default is 25 ("smt p"), unless TLS without STARTTLS
is used, in which case it is 465 ("smtps"). is used, in which case it is 465 ("smtps").
source_ip [IP] source_ip [IP]
Set a source IP address to bind the outgoing connection to. Useful only in special cases on multi- Set a source IP address to bind the outgoing connection to. Useful only in special cases on multi-
home systems. An empty argument disables this. home systems. An empty argument disables this.
proxy_host [IP|hostname] proxy_host [IP|hostname]
Use a SOCKS proxy. All network traffic will go through this pr Use a SOCKS proxy. All network traffic will go through this proxy
oxy host, including DNS queries, host, including DNS queries,
except for a DNS query that might be necessary to resolve the prox except for a DNS query that might be necessary to resolve the pro
y host name itself (this can be xy host name itself (this can be
avoided by using an IP address as proxy host name). An empty avoided by using an IP address as proxy host name). An empty hos
hostname argument disables proxy tname argument disables proxy
usage. The supported SOCKS protocol version is 5. If you want to usage. The supported SOCKS protocol version is 5. If you wan
use this with Tor, see also t to use this with Tor, see also
"Using msmtp with Tor" below. "Using msmtp with Tor" below.
proxy_port [number] proxy_port [number]
Set the port number for the proxy host. An empty number argument r esets this to the default port. Set the port number for the proxy host. An empty number argument r esets this to the default port.
socket socketname socket socketname
Set the file name of a unix domain socket to connect to. T his overrides both host/port and Set the file name of a unix domain socket to connect to. This overrides both host/port and
proxy_host/proxy_port. proxy_host/proxy_port.
timeout (off|seconds) timeout (off|seconds)
Set or unset a network timeout, in seconds. The argument off means that no timeout will be set, Set or unset a network timeout, in seconds. The argument off me ans that no timeout will be set,
which means that the operating system default will be used. which means that the operating system default will be used.
protocol (smtp|lmtp) protocol (smtp|lmtp)
Set the protocol to use. Currently only SMTP and LMTP are support ed. SMTP is the default. See the Set the protocol to use. Currently only SMTP and LMTP are supporte d. SMTP is the default. See the
port command above for default ports. port command above for default ports.
domain argument domain argument
Use this command to set the argument of the SMTP EHLO (or LMTP LH Use this command to set the argument of the SMTP EHLO (or LMT
LO) command. The default is P LHLO) command. The default is
localhost, which is stupid but usually works. Try to change the d localhost, which is stupid but usually works. Try to change the de
efault if mails get rejected due fault if mails get rejected due
to anti-SPAM measures. Possible choices are the domain part of you r mail address (provider.example to anti-SPAM measures. Possible choices are the domain part of you r mail address (provider.example
for joe@provider.example) or the fully qualified domain name of yo ur host (if available). for joe@provider.example) or the fully qualified domain name of yo ur host (if available).
The following substitution patterns are supported:
%H will be replaced by $HOSTNAME, or if that fails by the host nam
e of the system.
%C will be replaced by the canonical name of %H.
%M will be replaced by the contents of /etc/mailname (potentially
a different directory is used
depending on the build configuration; see the output of msmtp --v
ersion and look for the location
of the system configuration file).
auth [(on|off|method)] auth [(on|off|method)]
Enable or disable authentication and optionally choose a method t o use. The argument on chooses a Enable or disable authentication and optionally choose a method to use. The argument on chooses a
method automatically. method automatically.
Usually a user name and a password are used for authentication. Th Usually a user name and a password are used for authentication. T
e user name is specified in the he user name is specified in the
configuration file with the user command. There are five differ configuration file with the user command. There are five different
ent methods to specify the pass- methods to specify the pass-
word: word:
1. Add the password to the system key ring. Currently supported k 1. Add the password to the system key ring. Currently supported
ey rings are the Gnome key ring key rings are the Gnome key ring
and the Mac OS X Keychain. For the Gnome key ring, use the comm and the Mac OS X Keychain. For the Gnome key ring, use the comman
and secret-tool (part of Gnome's d secret-tool (part of Gnome's
libsecret) to store passwords: secret-tool store --label=msmtp hos libsecret) to store passwords: secret-tool store --label=msmtp ho
t mail.freemail.example service st mail.freemail.example service
smtp user joe.smith. On Mac OS X, use the following command: s smtp user joe.smith. On Mac OS X, use the following command: sec
ecurity add-internet-password -s urity add-internet-password -s
mail.freemail.example -r smtp -a joe.smith -w. In both examples, mail.freemail.example -r smtp -a joe.smith -w. In both example
replace mail.freemail.example s, replace mail.freemail.example
with the SMTP server name, and joe.smith with your user name. with the SMTP server name, and joe.smith with your user name.
2. Store the password in an encrypted files, and use passwordeval to specify a command to decrypt 2. Store the password in an encrypted files, and use passwordeval to specify a command to decrypt
that file, e.g. using GnuPG. See EXAMPLES. that file, e.g. using GnuPG. See EXAMPLES.
3. Store the password in the configuration file using the password 3. Store the password in the configuration file using the passw
command. (Usually it is not ord command. (Usually it is not
considered a good idea to store passwords in cleartext files. If considered a good idea to store passwords in cleartext files. If
you do it anyway, you must make you do it anyway, you must make
sure that the file can only be read by yourself.) sure that the file can only be read by yourself.)
4. Store the password in ~/.netrc. This method is probably obsolet e. 4. Store the password in ~/.netrc. This method is probably obsolet e.
5. Type the password into the terminal when it is required. 5. Type the password into the terminal when it is required.
It is recommended to use method 1 or 2. It is recommended to use method 1 or 2.
Multiple authentication methods exist. Most servers support only Multiple authentication methods exist. Most servers support o
some of them. Historically, nly some of them. Historically,
sophisticated methods were developed to protect passwords fr sophisticated methods were developed to protect passwords from b
om being sent unencrypted to the eing sent unencrypted to the
server, but nowadays everybody needs TLS anyway, so the simple met server, but nowadays everybody needs TLS anyway, so the simple
hods suffice since the whole methods suffice since the whole
session is protected. A suitable authentication method is chose session is protected. A suitable authentication method is chosen a
n automatically, and when TLS is utomatically, and when TLS is
disabled for some reason, only methods that avoid sending cleartex t passwords are considered. disabled for some reason, only methods that avoid sending cleartex t passwords are considered.
The following user / password methods are supported: plain (a simp le cleartext method, with base64 The following user / password methods are supported: plain (a simp le cleartext method, with base64
encoding, supported by almost all servers), scram-sha-1 (a me encoding, supported by almost all servers), scram-sha-1 (a method
thod that avoids cleartext pass- that avoids cleartext pass-
words), scram-sha-256 (same but with stronger hash), cram-md5 (an words), scram-sha-256 (same but with stronger hash), cram-md5
obsolete method that avoids (an obsolete method that avoids
cleartext passwords, but is not considered secure anymore), dige cleartext passwords, but is not considered secure anymore), digest
st-md5 (an overcomplicated obso- -md5 (an overcomplicated obso-
lete method that avoids cleartext passwords, but is not considered lete method that avoids cleartext passwords, but is not considere
secure anymore), login (a non- d secure anymore), login (a non-
standard cleartext method similar to but worse than the plain met standard cleartext method similar to but worse than the plain meth
hod), ntlm (an obscure non-stan- od), ntlm (an obscure non-stan-
dard method that is now considered broken; it sometimes requires a special domain parameter passed dard method that is now considered broken; it sometimes requires a special domain parameter passed
via ntlmdomain). via ntlmdomain).
There are currently three authentication methods that are not base d on user / password information There are currently three authentication methods that are not base d on user / password information
and have to be chosen manually: oauthbearer or its predecessor xoa uth2 (an OAuth2 token from the and have to be chosen manually: oauthbearer or its predecessor x oauth2 (an OAuth2 token from the
mail provider is used as the password. See the documentation of y our mail provider for details on mail provider is used as the password. See the documentation of y our mail provider for details on
how to get this token. The passwordeval command can be used to pas s the regularly changing tokens how to get this token. The passwordeval command can be used to pa ss the regularly changing tokens
into msmtp from a script or an environment variable), external (th e authentication happens outside into msmtp from a script or an environment variable), external (th e authentication happens outside
of the protocol, typically by sending a TLS client certificate, an of the protocol, typically by sending a TLS client certificate
d the method merely confirms , and the method merely confirms
that this authentication succeeded), and gssapi (the Kerbero that this authentication succeeded), and gssapi (the Kerberos fr
s framework takes care of secure amework takes care of secure
authentication, only a user name is required). authentication, only a user name is required).
It depends on the underlying authentication library and its versio n whether a particular method is It depends on the underlying authentication library and its versio n whether a particular method is
supported or not. Use --version to find out which methods are supp orted. supported or not. Use --version to find out which methods are supp orted.
user login user login
Set the user name for authentication. An empty argument unsets the user name. Set the user name for authentication. An empty argument unsets the user name.
password secret password secret
Set the password for authentication. An empty argument unsets t Set the password for authentication. An empty argument unsets the
he password. Consider using the password. Consider using the
passwordeval command or a key ring instead of this command, to avo passwordeval command or a key ring instead of this command, to a
id storing cleartext passwords void storing cleartext passwords
in the configuration file. in the configuration file.
passwordeval [eval] passwordeval [eval]
Set the password for authentication to the output (stdout) of the command eval. This can be used Set the password for authentication to the output (stdout) of the command eval. This can be used
e.g. to decrypt password files on the fly or to query key rings, a nd thus to avoid storing cleart- e.g. to decrypt password files on the fly or to query key rings, a nd thus to avoid storing cleart-
ext passwords. ext passwords.
Note that the eval command must not mess with standard input (st din) because that is where msmtp Note that the eval command must not mess with standard input (stdi n) because that is where msmtp
reads the mail from. If in doubt, append </dev/null to eval. reads the mail from. If in doubt, append </dev/null to eval.
ntlmdomain [domain] ntlmdomain [domain]
Set a domain for the ntlm authentication method. This is obsolete. Set a domain for the ntlm authentication method. This is obsolete.
tls [(on|off)] tls [(on|off)]
Enable or disable TLS (also known as SSL) for secured connections. Enable or disable TLS (also known as SSL) for secured connections.
Transport Layer Security (TLS) "... provides communications privac y over the Internet. The proto- Transport Layer Security (TLS) "... provides communications privac y over the Internet. The proto-
col allows client/server applications to communicate in a way th at is designed to prevent eaves- col allows client/server applications to communicate in a way that is designed to prevent eaves-
dropping, tampering, or message forgery" (quote from RFC2246). dropping, tampering, or message forgery" (quote from RFC2246).
A server can use TLS in one of two modes: via a STARTTLS command ( the session starts with the nor- A server can use TLS in one of two modes: via a STARTTLS command ( the session starts with the nor-
mal protocol initialization, and TLS is then started using the mal protocol initialization, and TLS is then started using the pro
protocol's STARTTLS command), or tocol's STARTTLS command), or
immediately (TLS is initialized before the normal protocol initial immediately (TLS is initialized before the normal protocol initi
ization; this requires a sepa- alization; this requires a sepa-
rate port). The first mode is the default, but you can switch rate port). The first mode is the default, but you can switch to
to the second mode by disabling the second mode by disabling
tls_starttls. tls_starttls.
When TLS is started, the server sends a certificate to identify it self. To verify the server iden- When TLS is started, the server sends a certificate to identify it self. To verify the server iden-
tity, a client program is expected to check that the certificate tity, a client program is expected to check that the certificate i
is formally correct and that it s formally correct and that it
was issued by a Certificate Authority (CA) that the user trusts. ( was issued by a Certificate Authority (CA) that the user trusts
There can also be certificate . (There can also be certificate
chains with intermediate CAs.) chains with intermediate CAs.)
The list of trusted CAs is specified using the tls_trust_file command. The default value ist The list of trusted CAs is specified using the tls_trust_file com mand. The default value ist
"system" and chooses the system-wide default, but you can also cho ose the trusted CAs yourself. "system" and chooses the system-wide default, but you can also cho ose the trusted CAs yourself.
A fundamental problem with this is that you need to trust CAs. Li A fundamental problem with this is that you need to trust CAs. L
ke any other organization, a CA ike any other organization, a CA
can be incompetent, malicious, subverted by bad people, or force can be incompetent, malicious, subverted by bad people, or forced
d by government agencies to com- by government agencies to com-
promise end users without telling them. All of these things happen ed and continue to happen world- promise end users without telling them. All of these things happen ed and continue to happen world-
wide. The idea to have central organizations that have to be trus ted for your communication to be wide. The idea to have central organizations that have to be trus ted for your communication to be
secure is fundamentally broken. secure is fundamentally broken.
Instead of putting trust in a CA, you can choose to trust only a s ingle certificate for the server Instead of putting trust in a CA, you can choose to trust only a s ingle certificate for the server
you want to connect to. For that purpose, specify the certific ate fingerprint with tls_finger- you want to connect to. For that purpose, specify the certificate fingerprint with tls_finger-
print. This makes sure that no man-in-the-middle can fake the iden tity of the server by presenting print. This makes sure that no man-in-the-middle can fake the iden tity of the server by presenting
you a fraudulent certificate issued by some CA that happens to you a fraudulent certificate issued by some CA that happens to be
be in your trust list. However, in your trust list. However,
you have to update the fingerprint whenever the server certificate you have to update the fingerprint whenever the server certifica
changes, and you have to make te changes, and you have to make
sure that the change is legitimate each time, e.g. when the sure that the change is legitimate each time, e.g. when the old
old certificate expired. This is certificate expired. This is
inconvenient, but it's the price to pay. inconvenient, but it's the price to pay.
Information about a server certificate can be obtain ed with --serverinfo --tls Information about a server certificate can be obtain ed with --serverinfo --tls
--tls-certcheck=off. This includes the issuer CA of the certifica te (so you can trust that CA via --tls-certcheck=off. This includes the issuer CA of the certificat e (so you can trust that CA via
tls_trust_file), and the fingerprint of the certificate (so you ca n trust that particular certifi- tls_trust_file), and the fingerprint of the certificate (so you ca n trust that particular certifi-
cate via tls_fingerprint). cate via tls_fingerprint).
TLS also allows the server to verify the identity of the client. TLS also allows the server to verify the identity of the client. F
For this purpose, the client has or this purpose, the client has
to present a certificate issued by a CA that the server trusts. To to present a certificate issued by a CA that the server trusts.
present that certificate, the To present that certificate, the
client also needs the matching key file. You can set the client also needs the matching key file. You can set the cer
certificate and key files using tificate and key files using
tls_cert_file and tls_key_file. This mechanism can also be used to tls_cert_file and tls_key_file. This mechanism can also be use
authenticate users, so that d to authenticate users, so that
traditional user / password authentication is not necessary anymor e. See the external mechanism in traditional user / password authentication is not necessary anymor e. See the external mechanism in
auth. auth.
You can also use client certificates stored on some external authe You can also use client certificates stored on some external aut
ntication device by specifying hentication device by specifying
GnuTLS device URIs in tls_cert_file and tls_key_file. You can fin GnuTLS device URIs in tls_cert_file and tls_key_file. You can find
d the correct URIs using p11tool the correct URIs using p11tool
--list-privkeys --login (p11tool is bundled with GnuTLS). If your --list-privkeys --login (p11tool is bundled with GnuTLS). If your
device requires a PIN to access device requires a PIN to access
the data, you can specify that using one of the password mechanism s (e.g. passwordeval, password). the data, you can specify that using one of the password mechanism s (e.g. passwordeval, password).
tls_starttls [(on|off)] tls_starttls [(on|off)]
Choose the TLS variant: start TLS from within the session (on, default), or tunnel the session Choose the TLS variant: start TLS from within the session (on, def ault), or tunnel the session
through TLS (off). through TLS (off).
tls_trust_file file tls_trust_file file
Activate server certificate verification using a list of trusted C Activate server certificate verification using a list of trusted
ertification Authorities (CAs). Certification Authorities (CAs).
The default is the special value "system", which selects the s The default is the special value "system", which selects the syste
ystem default. An empty argument m default. An empty argument
disables trust in CAs. If you select a file, it must be in PEM fo disables trust in CAs. If you select a file, it must be in PEM
rmat, and you should also use format, and you should also use
tls_crl_file. tls_crl_file.
tls_crl_file [file] tls_crl_file [file]
Deprecated. This sets a certificate revocation list (CRL) file fo Deprecated. This sets a certificate revocation list (CRL) file for
r TLS, to check for revoked cer- TLS, to check for revoked cer-
tificates (an empty argument, which is the default, disables th tificates (an empty argument, which is the default, disables
is). Nowadays automatic OCSP this). Nowadays automatic OCSP
checks replace CRL file checks. checks replace CRL file checks.
tls_fingerprint [fingerprint] tls_fingerprint [fingerprint]
Set the fingerprint of a single certificate to accept for TLS. Set the fingerprint of a single certificate to accept for TLS. Thi
This certificate will be trusted s certificate will be trusted
regardless of its contents (this overrides tls_trust_file). The f regardless of its contents (this overrides tls_trust_file). T
ingerprint should be of type he fingerprint should be of type
SHA256, but can for backwards compatibility also be of type SHA1 SHA256, but can for backwards compatibility also be of type SHA1 o
or MD5 (please avoid this). The r MD5 (please avoid this). The
format should be 01:23:45:67:.... Use --serverinfo --tls --tls-c format should be 01:23:45:67:.... Use --serverinfo --tls --tls-
ertcheck=off --tls-fingerprint= certcheck=off --tls-fingerprint=
to get the server certificate fingerprint. to get the server certificate fingerprint.
tls_key_file file tls_key_file file
Send a client certificate to the server (use this together with tls_cert_file}). The file must Send a client certificate to the server (use this together with tl s_cert_file}). The file must
contain the private key of a certificate in PEM format. An empty a rgument disables this feature. contain the private key of a certificate in PEM format. An empty a rgument disables this feature.
tls_cert_file file tls_cert_file file
Send a client certificate to the server (use this together with tl s_key_file). The file must con- Send a client certificate to the server (use this together with tl s_key_file). The file must con-
tain a certificate in PEM format. An empty argument disables this feature. tain a certificate in PEM format. An empty argument disables this feature.
tls_certcheck [(on|off)] tls_certcheck [(on|off)]
Enable or disable checks of the server certificate. They are ena bled by default. Disabling them Enable or disable checks of the server certificate. They are enabl ed by default. Disabling them
will override tls_trust_file and tls_fingerprint. WARNING: When t he checks are disabled, TLS ses- will override tls_trust_file and tls_fingerprint. WARNING: When t he checks are disabled, TLS ses-
sions will not be secure! sions will not be secure!
tls_priorities [priorities] tls_priorities [priorities]
Set priorities for TLS session parameters. The default is s Set priorities for TLS session parameters. The default is set by
et by the TLS library and can be the TLS library and can be
selected by using an empty argument to this command. The interpret selected by using an empty argument to this command. The interpr
ation of the priorities string etation of the priorities string
depends on the TLS library. Use --version to find out which TLS li brary you use. depends on the TLS library. Use --version to find out which TLS li brary you use.
For GnuTLS, see the section on Priority Strings in the manual. For GnuTLS, see the section on Priority Strings in the manual.
For libtls, the priorites string is a space-separated list of For libtls, the priorites string is a space-separated list of pa
parameter strings prefixed with rameter strings prefixed with
either PROTOCOLS=, CIPHERS=, or ECDHECURVES=. These parameter stri either PROTOCOLS=, CIPHERS=, or ECDHECURVES=. These parameter str
ngs will be passed to the func- ings will be passed to the func-
tions tls_config_parse_protocols, tls_config_set_ciphers, and tls_ config_set_ecdhecurves. Unrecog- tions tls_config_parse_protocols, tls_config_set_ciphers, and tls_ config_set_ecdhecurves. Unrecog-
nized parts of the priorities string will be ignored. Example: "P ROTOCOLS=TLSv1.3 CIPHERS=ECDHE- nized parts of the priorities string will be ignored. Example: " PROTOCOLS=TLSv1.3 CIPHERS=ECDHE-
RSA-AES128-SHA256 ECDHECURVES=P-384". RSA-AES128-SHA256 ECDHECURVES=P-384".
tls_host_override [host] tls_host_override [host]
By default, TLS host verification uses the host name given by the host command. This command By default, TLS host verification uses the host name given by the host command. This command
allows one to use a different host name for verification. This is only useful in special cases. allows one to use a different host name for verification. This is only useful in special cases.
tls_min_dh_prime_bits [bits] tls_min_dh_prime_bits [bits]
Deprecated, use tls_priorities instead. Set or unset the minimum number of Diffie-Hellman (DH) Deprecated, use tls_priorities instead. Set or unset the minim um number of Diffie-Hellman (DH)
prime bits accepted for TLS sessions. The default is set by the TL S library and can be selected by prime bits accepted for TLS sessions. The default is set by the TL S library and can be selected by
using an empty argument to this command. Only lower the default (f or example to 512 bits) if there using an empty argument to this command. Only lower the default (f or example to 512 bits) if there
is no other way to make TLS work with the remote server. is no other way to make TLS work with the remote server.
from envelope_from from envelope_from
Set the envelope-from address. The following substitution patterns are supported: Set the envelope-from address. The following substitution patterns are supported:
%U will be replaced by $USER, or if that fails by $LOGNAME, or if that fails by the login name of %U will be replaced by $USER, or if that fails by $LOGNAME, or if that fails by the login name of
the user running msmtp. the user running msmtp.
%H will be replaced by $HOSTNAME, or if that fails by the host nam e of the system. %H will be replaced by $HOSTNAME, or if that fails by the host nam e of the system.
%C will be replaced by the canonical name of %H. %C will be replaced by the canonical name of %H.
%M will be replaced by the contents of /etc/mailname (potentially %M will be replaced by the contents of /etc/mailname (potential
a different directory is used ly a different directory is used
depending on the build configuration; see the output of msmtp --v depending on the build configuration; see the output of msmtp --ve
ersion and look for the location rsion and look for the location
of the system configuration file). of the system configuration file).
Note that the obsolete auto_from command replaces this envelope-fr om address. Note that the obsolete auto_from command replaces this envelope-fr om address.
Furthermore, the envelope-from address may be a wildcard pattern a
s used for file name matching in
the shell. This is the case if it contains one of the characters ?
, * or [. This allows a variety
of envelope-from addresses given with the --from option to match a
single account.
dsn_notify (off|condition) dsn_notify (off|condition)
This command sets the condition(s) under which the mail system sho uld send DSN (Delivery Status This command sets the condition(s) under which the mail system should send DSN (Delivery Status
Notification) messages. The argument off disables explicit DSN req uests, which means the mail sys- Notification) messages. The argument off disables explicit DSN req uests, which means the mail sys-
tem decides when to send DSN messages. This is the default. The c ondition must be never, to never tem decides when to send DSN messages. This is the default. The c ondition must be never, to never
request notification, or a comma separated list (no spaces!) of one or more of the following: request notification, or a comma separated list (no spaces!) of on e or more of the following:
failure, to request notification on transmission failure, delay, t o be notified of message delays, failure, to request notification on transmission failure, delay, t o be notified of message delays,
success, to be notified of successful transmission. The SMTP se rver must support the DSN exten- success, to be notified of successful transmission. The SMTP serve r must support the DSN exten-
sion. sion.
dsn_return (off|amount) dsn_return (off|amount)
This command controls how much of a mail should be returned in DSN (Delivery Status Notification) This command controls how much of a mail should be returned in DS N (Delivery Status Notification)
messages. The argument off disables explicit DSN requests, which m eans the mail system decides how messages. The argument off disables explicit DSN requests, which m eans the mail system decides how
much of a mail it returns in DSN messages. This is the default. T much of a mail it returns in DSN messages. This is the default.
he amount must be headers, to The amount must be headers, to
just return the message headers, or full, to return the full mai just return the message headers, or full, to return the full mail.
l. The SMTP server must support The SMTP server must support
the DSN extension. the DSN extension.
set_from_header [(auto|on|off)] set_from_header [(auto|on|off)]
When to set a From header: auto adds a From header if the mail doe When to set a From header: auto adds a From header if the mai
s not have one (this is the l does not have one (this is the
default), on always sets a From header and overrides any existin default), on always sets a From header and overrides any existing
g one, and off never sets a From one, and off never sets a From
header. header.
If the mail server rejects the mail because its From header does not match the envelope from If the mail server rejects the mail because its From header does not match the envelope from
address (a common anti-spam measure), then you might want to set t his option to on. address (a common anti-spam measure), then you might want to set t his option to on.
For compatibility with older versions, add_missing_from_header [ (on|off)] is still supported and For compatibility with older versions, add_missing_from_header [(o n|off)] is still supported and
corresponds to the auto and off settings. corresponds to the auto and off settings.
set_date_header [(on|off)] set_date_header [(on|off)]
When to set a Date header: auto adds a Date header if the mail doe s not have one (this is the When to set a Date header: auto adds a Date header if the mai l does not have one (this is the
default), and off never sets a Date header. default), and off never sets a Date header.
For compatibility with older versions, add_missing_date_header [ (on|off)] is still supported and For compatibility with older versions, add_missing_date_header [(o n|off)] is still supported and
corresponds to the auto and off settings. corresponds to the auto and off settings.
remove_bcc_headers [(on|off)] remove_bcc_headers [(on|off)]
This command controls whether to remove Bcc headers. The default i s to remove them. This command controls whether to remove Bcc headers. The default i s to remove them.
undisclosed_recipients [(on|off)] undisclosed_recipients [(on|off)]
When set, the original To, Cc, and Bcc headers of the mail are rem oved and a single new header When set, the original To, Cc, and Bcc headers of the mail are removed and a single new header
line "To: undisclosed-recipients:;" is added. The default setting is off. line "To: undisclosed-recipients:;" is added. The default setting is off.
logfile [file] logfile [file]
An empty argument disables logging (this is the default). An empty argument disables logging (this is the default).
When logging is enabled by choosing a log file, msmtp will app end one line to the log file for When logging is enabled by choosing a log file, msmtp will append one line to the log file for
each mail it tries to send via the account that this log file was chosen for. each mail it tries to send via the account that this log file was chosen for.
The line will include the following information: date and time in The line will include the following information: date and time
the format specified by log- in the format specified by log-
file_time_format, host name of the SMTP server, whether TLS was file_time_format, host name of the SMTP server, whether TLS was us
used, whether authentication was ed, whether authentication was
used, authentication user name (only if authentication is used), e used, authentication user name (only if authentication is used),
nvelope-from address, recipient envelope-from address, recipient
addresses, size of the mail as transferred to the server (only addresses, size of the mail as transferred to the server (only if
if the delivery succeeded), SMTP the delivery succeeded), SMTP
status code and SMTP error message (only in case of failure and on status code and SMTP error message (only in case of failure and o
ly if available), error message nly if available), error message
(only in case of failure and only if available), exit code (from (only in case of failure and only if available), exit code (from s
sysexits.h; EX_OK indicates suc- ysexits.h; EX_OK indicates suc-
cess). cess).
If the filename is a dash (-), msmtp prints the log line to the st andard output. If the filename is a dash (-), msmtp prints the log line to the st andard output.
logfile_time_format [fmt] logfile_time_format [fmt]
Set or unset the log file time format. This will be used as the fo rmat string for the strftime() Set or unset the log file time format. This will be used as the format string for the strftime()
function. An empty argument chooses the default ("%b %d %H:%M:%S") . function. An empty argument chooses the default ("%b %d %H:%M:%S") .
syslog [(on|off|facility)] syslog [(on|off|facility)]
Enable or disable syslog logging. The facility can be one of LOG_ USER, LOG_MAIL, LOG_LOCAL0, ..., Enable or disable syslog logging. The facility can be one of LOG_U SER, LOG_MAIL, LOG_LOCAL0, ...,
LOG_LOCAL7. The default is LOG_USER. LOG_LOCAL7. The default is LOG_USER.
Each time msmtp tries to send a mail via the account that contains this syslog command, it will Each time msmtp tries to send a mail via the account that conta ins this syslog command, it will
log one entry to the syslog service with the chosen facility. log one entry to the syslog service with the chosen facility.
The line will include the following information: host name of The line will include the following information: host name of the
the SMTP server, whether TLS was SMTP server, whether TLS was
used, whether authentication was used, envelope-from address, reci used, whether authentication was used, envelope-from address,
pient addresses, size of the recipient addresses, size of the
mail as transferred to the server (only if the delivery succe mail as transferred to the server (only if the delivery succeeded)
eded), SMTP status code and SMTP , SMTP status code and SMTP
error message (only in case of failure and only if available), err error message (only in case of failure and only if available)
or message (only in case of , error message (only in case of
failure and only if available), exit code (from sysexits.h; EX_OK indicates success). failure and only if available), exit code (from sysexits.h; EX_OK indicates success).
aliases [file] aliases [file]
Replace local recipients with addresses in the aliases file. The aliases file is a cleartext file Replace local recipients with addresses in the aliases file. The aliases file is a cleartext file
containing mappings between a local address and a list of replacem ent addresses. The mappings are containing mappings between a local address and a list of replace ment addresses. The mappings are
of the form: of the form:
local: someone@example.com, person@domain.example local: someone@example.com, person@domain.example
Multiple replacement addresses are separated with commas. Comment s start with `#' and continue to Multiple replacement addresses are separated with commas. Comment s start with `#' and continue to
the end of the line. the end of the line.
The local address default has special significance and is matched if the local address is not The local address default has special significance and is mat ched if the local address is not
found in the aliases file. If no default alias is found, then the local address is left as is. found in the aliases file. If no default alias is found, then the local address is left as is.
An empty argument to the aliases command disables the replacement of local addresses. This is the An empty argument to the aliases command disables the replacement of local addresses. This is the
default. default.
auto_from [(on|off)] auto_from [(on|off)]
Obsolete; you can achieve the same and more using the substitution patterns of the from command. Obsolete; you can achieve the same and more using the substitution patterns of the from command.
Enable or disable automatic envelope-from addresses. The default i Enable or disable automatic envelope-from addresses. The default
s off. When enabled, an enve- is off. When enabled, an enve-
lope-from address of the form user@domain will be generated. Th lope-from address of the form user@domain will be generated. The
e local part will be set to USER local part will be set to USER
or, if that fails, to LOGNAME or, if that fails, to the login nam or, if that fails, to LOGNAME or, if that fails, to the logi
e of the current user. The n name of the current user. The
domain part can be set with the maildomain command. If the maildo main is empty, the envelope-from domain part can be set with the maildomain command. If the maildo main is empty, the envelope-from
address will only consist of the user name and not have a domain p art. When auto_from is disabled, address will only consist of the user name and not have a domain p art. When auto_from is disabled,
the envelope-from address must be set explicitly. the envelope-from address must be set explicitly.
maildomain [domain] maildomain [domain]
Obsolete; you can achieve the same and more using the substitution patterns of the from command. Obsolete; you can achieve the same and more using the substitution patterns of the from command.
Set a domain part for the generation of an envelope-from address. This is only used when auto_from Set a domain part for the generation of an envelope-from address. This is only used when auto_from
is on. The domain may be empty. is on. The domain may be empty.
EXAMPLES EXAMPLES
skipping to change at line 675 skipping to change at line 686
account default : freemail account default : freemail
Using msmtp with Mutt Using msmtp with Mutt
Create a configuration file for msmtp and add the following lines to your Mutt configuration file: Create a configuration file for msmtp and add the following lines to your Mutt configuration file:
set sendmail="/path/to/msmtp" set sendmail="/path/to/msmtp"
set use_from=yes set use_from=yes
set realname="Your Name" set realname="Your Name"
set from=you@example.com set from=you@example.com
set envelope_from=yes set envelope_from=yes
The envelope_from=yes option lets Mutt use the -f option of msmtp. There fore msmtp chooses the first The envelope_from=yes option lets Mutt use the -f option of msmtp. T herefore msmtp chooses the first
account that matches the from address you@example.com. account that matches the from address you@example.com.
Alternatively, you can use the -a option: Alternatively, you can use the -a option:
set sendmail="/path/to/msmtp -a my-account" set sendmail="/path/to/msmtp -a my-account"
Or set everything from the command line (but note that you cannot set a p assword this way): Or set everything from the command line (but note that you cannot set a p assword this way):
set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls --tls -trust-file=trust.crt" set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls --tls -trust-file=trust.crt"
If you have multiple mail accounts in your msmtp configuration file a nd let Mutt use the -f option to If you have multiple mail accounts in your msmtp configuration file and l et Mutt use the -f option to
choose the right one, you can easily switch accounts in Mutt with the fol lowing Mutt configuration lines: choose the right one, you can easily switch accounts in Mutt with the fol lowing Mutt configuration lines:
macro generic "<esc>1" ":set from=you@example.com" macro generic "<esc>1" ":set from=you@example.com"
macro generic "<esc>2" ":set from=you@your-employer.example" macro generic "<esc>2" ":set from=you@your-employer.example"
macro generic "<esc>3" ":set from=you@some-other-provider.example" macro generic "<esc>3" ":set from=you@some-other-provider.example"
Using msmtp with mail Using msmtp with mail
Define a default account, and put the following in your ~/.mailrc: Define a default account, and put the following in your ~/.mailrc:
set sendmail="/path/to/msmtp" set sendmail="/path/to/msmtp"
skipping to change at line 724 skipping to change at line 735
default: admin@domain.example default: admin@domain.example
FILES FILES
SYSCONFDIR/msmtprc SYSCONFDIR/msmtprc
System configuration file. Use --version to find out what SYSCONFD IR is on your platform. System configuration file. Use --version to find out what SYSCONFD IR is on your platform.
~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
User configuration file. User configuration file.
~/.netrc and SYSCONFDIR/netrc ~/.netrc and SYSCONFDIR/netrc
The netrc file contains login information. Before prompting for a password, msmtp will search it The netrc file contains login information. Before prompting for a password, msmtp will search it
in ~/.netrc and SYSCONFDIR/netrc. in ~/.netrc and SYSCONFDIR/netrc.
ENVIRONMENT ENVIRONMENT
USER, LOGNAME USER, LOGNAME
These variables override the user's login name when constructing a n envelope-from address. LOGNAME These variables override the user's login name when constructing a n envelope-from address. LOGNAME
is only used if USER is unset. is only used if USER is unset.
TMPDIR Directory to create temporary files in. If this is unset, a system specific default directory is TMPDIR Directory to create temporary files in. If this is unset, a syst em specific default directory is
used. used.
A temporary file is only created when the -t/--read-recipients o r --read-envelope-from option is A temporary file is only created when the -t/--read-recipients or --read-envelope-from option is
used. The file is then used to buffer the headers of the mail (but not the body, so the file won't used. The file is then used to buffer the headers of the mail (but not the body, so the file won't
get very large). get very large).
EMAIL, SMTPSERVER EMAIL, SMTPSERVER
These environment variables are used only if neither --host nor - These environment variables are used only if neither --host nor --
-account is used and there is no account is used and there is no
default account defined in the configuration files. In this case, default account defined in the configuration files. In this c
the host name is taken from ase, the host name is taken from
SMTPSERVER, and the envelope from address is taken from EMAIL SMTPSERVER, and the envelope from address is taken from EMAIL, un
, unless overridden by --from or less overridden by --from or
--read-envelope-from. Currently SMTPSERVER must contain a plain ho st name (no URL), and EMAIL must --read-envelope-from. Currently SMTPSERVER must contain a plain ho st name (no URL), and EMAIL must
contain a plain address (no names or additional information). contain a plain address (no names or additional information).
AUTHORS AUTHORS
msmtp was written by Martin Lambers <marlam@marlam.de>. msmtp was written by Martin Lambers <marlam@marlam.de>.
Other authors are listed in the AUTHORS file in the source distribution. Other authors are listed in the AUTHORS file in the source distribution.
SEE ALSO SEE ALSO
sendmail(8), netrc(5) or ftp(1) sendmail(8), netrc(5) or ftp(1)
 End of changes. 77 change blocks. 
213 lines changed or deleted 231 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)