1MSMTP(1) General Commands Manual MSMTP(1)
2
6 msmtp - An SMTP client
7
9 Sendmail mode (default):
10 msmtp [option...] [--] recipient...
11 msmtp [option...] -t [--] [recipient...]
12 Configuration mode:
14 msmtp --configure <mailaddress>
15 Server information mode:
17 msmtp [option...] --serverinfo
18 Remote Message Queue Starting mode:
20 msmtp [option...] --rmqs=host|@domain|#queue
21
23 In the default sendmail mode, msmtp reads a mail from standard input
24 and sends it to an SMTP server for delivery.
25 In server information mode, msmtp prints information about an SMTP
26 server.
27 In Remote Message Queue Starting mode, msmtp sends a Remote Message
28 Queue Starting request for a host, domain, or queue to an SMTP server.
29
31 The standard sendmail exit status codes are used, as defined in sysex‐
32 its.h.
33
35 Options override configuration file settings.
36 They are compatible with sendmail where appropriate.
37 General options
39 --version
41 Print version information, including information about
42 the libraries used.
43 --help Print help.
45 -P, --pretend
47 Print the configuration settings that would be used, but
48 do not take further action. An asterisk (`*') will be
49 printed instead of your password.
50 -v, -d, --debug
52 Print lots of debugging information, including the whole
53 conversation with the SMTP server. Be careful with this
54 option: the (potentially dangerous) output will not be
55 sanitized, and your password may get printed in an easily
56 decodable format!
57 Changing the mode of operation
59 --configure=mailaddress
61 Generate a configuration for the given mail address and
62 print it. This can be modified or copied unchanged to the
63 configuration file. Note that this only works for mail
64 domains that publish appropriate SRV records; see RFC
65 8314.
66 -S, --serverinfo
68 Print information about the SMTP server and exit. This
69 includes information about supported features (mail size
70 limit, authentication, TLS, DSN, ...) and about the TLS
71 certificate (if TLS is active).
72 --rmqs=(host|@domain|#queue)
74 Send a Remote Message Queue Starting request for the
75 given host, domain, or queue to the SMTP server and exit.
76 Configuration options
78 -C, --file=filename
80 Use the given file instead of ~/.msmtprc or $XDG_CON‐
81 FIG_HOME/msmtp/config as the user configuration file.
82 -a, --account=account_name
84 Use the given account instead of the account named
85 "default". The settings of this account may be changed
86 with command line options. This option cannot be used
87 together with the --host option.
88 --host=hostname
90 Use this SMTP server with settings from the command line;
91 do not use any configuration file data. This option can‐
92 not be used together with the --account option.
93 --port=number
95 Set the port number to connect to. See the port command.
96 --source-ip=[IP]
98 Set or unset an IP address to bind the socket to. See the
99 source_ip command.
100 --proxy-host=[IP|hostname]
102 Set or unset a SOCKS proxy to use. See the proxy_host
103 command.
104 --proxy-port=[number]
106 Set or unset a port number for the proxy host. See the
107 proxy_port command.
108 --timeout=(off|seconds)
110 Set or unset a network timeout, in seconds. See the time‐
111 out command.
112 --protocol=(smtp|lmtp)
114 Set the protocol. See the protocol command.
115 --domain=[string]
117 Set the argument of the SMTP EHLO (or LMTP LHLO) command.
118 See the domain command.
119 --auth[=(on|off|method)]
121 Enable or disable authentication and optionally choose
122 the method. See the auth command.
123 --user=[username]
125 Set or unset the user name for authentication. See the
126 user command.
127 --passwordeval=[eval]
129 Evaluate password for authentication. See the passworde‐
130 val command.
131 --tls[=(on|off)]
133 Enable or disable TLS/SSL. See the tls command.
134 --tls-starttls[=(on|off)]
136 Enable or disable STARTTLS for TLS. See the tls_starttls
137 command.
138 --tls-trust-file=[file]
140 Set or unset a trust file for TLS. See the tls_trust_file
141 command.
142 --tls-crl-file=[file]
144 Set or unset a certificate revocation list (CRL) file for
145 TLS. See the tls_crl_file command.
146 --tls-fingerprint=[fingerprint]
148 Set or unset the fingerprint of a trusted TLS certifi‐
149 cate. See the tls_fingerprint command.
150 --tls-key-file=[file]
152 Set or unset a key file for TLS. See the tls_key_file
153 command.
154 --tls-cert-file=[file]
156 Set or unset a cert file for TLS. See the tls_cert_file
157 command.
158 --tls-certcheck[=(on|off)]
160 Enable or disable server certificate checks for TLS. See
161 the tls_certcheck command.
162 --tls-min-dh-prime-bits=[bits]
164 Set or unset minimum bit size of the Diffie-Hellman (DH)
165 prime. See the tls_min_dh_prime_bits command.
166 --tls-priorities=[priorities]
168 Set or unset TLS priorities. See the tls_priorities com‐
169 mand.
170 Options specific to sendmail mode
172 -f, --from=address
174 Set the envelope-from address. It is only used when
175 auto_from is off.
176 If no account was chosen yet (with --account or --host),
177 this option will choose the first account that has the
178 given envelope-from address (set with the from command).
179 If no such account is found, "default" is used.
180 --auto-from[=(on|off)]
182 Enable or disable automatic envelope-from addresses. The
183 default is off. See the auto_from command.
184 --maildomain=[domain]
186 Set the domain part for the --auto-from address. See the
187 maildomain command.
188 -N, --dsn-notify=(off|cond)
190 Set or unset DSN notification conditions. See the
191 dsn_notify command.
192 -R, --dsn-return=(off|ret)
194 Set or unset the DSN notification amount. See the
195 dsn_return command. Note that hdrs is accepted as an
196 alias for headers to be compatible with sendmail.
197 --add-missing-from-header[=(on|off)]
199 Enable or disable the addition of a missing From header.
200 See the add_missing_from_header command.
201 --add-missing-date-header[=(on|off)]
203 Enable or disable the addition of a missing Date header.
204 See the add_missing_date_header command.
205 --remove-bcc-headers[=(on|off)]
207 Enable or disable the removal of Bcc headers. See the
208 remove_bcc_headers command.
209 -X, --logfile=[file]
211 Set or unset the log file. See the logfile command.
212 --logfile-time-format=[fmt]
214 Set or unset the log file time format. See the log‐
215 file_time_format command.
216 --syslog[=(on|off|facility)]
218 Enable or disable syslog logging. See the syslog command.
219 -t, --read-recipients
221 Read recipient addresses from the To, Cc, and Bcc headers
222 of the mail in addition to the recipients given on the
223 command line. If any Resent- headers are present, then
224 the addresses from any Resent-To, Resent-Cc, and Resent-
225 Bcc headers in the first block of Resent- headers are
226 used instead.
227 --read-envelope-from
229 Read the envelope from address from the From header of
230 the mail. Currently this header must be on a single line
231 for this option to work correctly.
232 --aliases=[file]
234 Set or unset an aliases file. See the aliases command.
235 -Fname Msmtp adds a From header to mails that lack it, using the
237 envelope from address. This option allows one to set a
238 full name to be used in that header.
239 -- This marks the end of options. All following arguments
241 will be treated as recipient addresses, even if they
242 start with a `-'.
243 The following options are accepted but ignored for sendmail compatibil‐
245 ity:
246 -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
247
249 A suggestion for a suitable configuration file can be generated using
250 the --configure option. Normally, a system wide configuration file
251 and/or a user configuration file contain information about which SMTP
252 server to use and how to use it, but all settings can also be config‐
253 ured on the command line.
254 The information about SMTP servers is organized in accounts. Each
255 account describes one SMTP server: host name, authentication settings,
256 TLS settings, and so on. Each configuration file can define multiple
257 accounts.
258 The user can choose which account to use in one of three ways:
260 --account=id
262 Use the given account. Command line settings override configura‐
263 tion file settings.
264 --host=hostname
266 Use only the settings from the command line; do not use any con‐
267 figuration file data.
268 --from=address or --read-envelope-from
270 Choose the first account from the system or user configuration
271 file that has a matching envelope-from address as specified by a
272 from command. This works only when neither --account nor --host
273 is used.
274 If none of the above options is used (or if no account has a matching
276 from command), then the account "default" is used.
277 Msmtp transmits mails unaltered to the SMTP server, with the following
279 exceptions:
280 - The Bcc header(s) will be removed. This behavior can be changed with
281 the remove_bcc_headers command and --remove-bcc-headers option.
282 - A From header will be added if the mail does not have one. This can
283 be changed with the add_missing_from_header command and --add-miss‐
284 ing-from-header option. The header will use the envelope from address
285 and optionally a full name set with the -F option.
286 - A Date header will be added if the mail does not have one. This can
287 be changed with the add_missing_date_header command and --add-miss‐
288 ing-date-header option.
289 Skip to the EXAMPLES section for a quick start.
291
293 If it exists and is readable, a system wide configuration file
294 SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your
295 platform. Use --version to find out which directory is used.
296 If it exists and is readable, a user configuration file will be loaded
297 (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
298 fig by default, but see --version). Accounts defined in the user con‐
299 figuration file override accounts from the system configuration file.
300 Configuration data from either file can be changed by command line
301 options.
302 A configuration file is a simple text file. Empty lines and comment
304 lines (whose first non-blank character is `#') are ignored.
305 Every other line must contain a command and may contain an argument to
306 that command.
307 The argument may be enclosed in double quotes ("), for example if its
308 first or last character is a blank.
309 If a file name starts with the tilde (~), this tilde will be replaced
310 by $HOME. If a command accepts the argument on, it also accepts an
311 empty argument and treats that as if it was on.
312 Commands are organized in accounts. Each account starts with the
313 account command and defines the settings for one SMTP account.
314 Skip to the EXAMPLES section for a quick start.
316 Commands are as follows:
318 defaults
320 Set defaults. The following configuration commands will set
321 default values for all following account definitions in the cur‐
322 rent configuration file.
323 account name [:account[,...]]
325 Start a new account definition with the given name. The current
326 default values are filled in.
327 If a colon and a list of previously defined accounts is given
328 after the account name, the new account, with the filled in
329 default values, will inherit all settings from the accounts in
330 the list.
331 host hostname
333 The SMTP server to send the mail to. The argument may be a host
334 name or a network address. Every account definition must con‐
335 tain this command.
336 port number
338 The port that the SMTP server listens on. The default is 25
339 ("smtp"), unless TLS without STARTTLS is used, in which case it
340 is 465 ("smtps").
341 source_ip [IP]
343 Set a source IP address to bind the outgoing connection to. Use‐
344 ful only in special cases on multi-home systems. An empty argu‐
345 ment disables this.
346 proxy_host [IP|hostname]
348 Use a SOCKS proxy. All network traffic will go through this
349 proxy host, including DNS queries, except for a DNS query that
350 might be necessary to resolve the proxy host name itself (this
351 can be avoided by using an IP address as proxy host name). An
352 empty hostname argument disables proxy usage. The supported
353 SOCKS protocol version is 5. If you want to use this with Tor,
354 see also "Using msmtp with Tor" below.
355 proxy_port [number]
357 Set the port number for the proxy host. An empty number argument
358 resets this to the default port.
359 timeout (off|seconds)
361 Set or unset a network timeout, in seconds. The argument off
362 means that no timeout will be set, which means that the operat‐
363 ing system default will be used.
364 protocol (smtp|lmtp)
366 Set the protocol to use. Currently only SMTP and LMTP are sup‐
367 ported. SMTP is the default. See the port command above for
368 default ports.
369 domain argument
371 Use this command to set the argument of the SMTP EHLO (or LMTP
372 LHLO) command. The default is localhost, which is stupid but
373 usually works. Try to change the default if mails get rejected
374 due to anti-SPAM measures. Possible choices are the domain part
375 of your mail address (provider.example for joe@provider.example)
376 or the fully qualified domain name of your host (if available).
377 auth [(on|off|method)]
379 Enable or disable authentication and optionally choose a method
380 to use. The argument on chooses a method automatically.
381 Usually a user name and a password are used for authentication.
382 The user name is specified in the configuration file with the
383 user command. There are five different methods to specify the
384 password:
385 1. Add the password to the system key ring. Currently supported
386 key rings are the Gnome key ring and the Mac OS X Keychain. For
387 the Gnome key ring, use the command secret-tool (part of Gnome's
388 libsecret) to store passwords: secret-tool store --label=msmtp
389 host mail.freemail.example service smtp user joe.smith. On Mac
390 OS X, use the following command: security add-internet-password
391 -s mail.freemail.example -r smtp -a joe.smith -w. In both exam‐
392 ples, replace mail.freemail.example with the SMTP server name,
393 and joe.smith with your user name.
394 2. Store the password in an encrypted files, and use passworde‐
395 val to specify a command to decrypt that file, e.g. using GnuPG.
396 See EXAMPLES.
397 3. Store the password in the configuration file using the pass‐
398 word command. (Usually it is not considered a good idea to
399 store passwords in plain text files. If you do it anyway, you
400 must make sure that the file can only be read by yourself.)
401 4. Store the password in ~/.netrc. This method is probably obso‐
402 lete.
403 5. Type the password into the terminal when it is required.
404 It is recommended to use method 1 or 2.
405 Multiple authentication methods exist. Most servers support only
406 some of them. Historically, sophisticated methods were devel‐
407 oped to protect passwords from being sent unencrypted to the
408 server, but nowadays everybody needs TLS anyway, so the simple
409 methods suffice since the whole session is protected. A suitable
410 authentication method is chosen automatically, and when TLS is
411 disabled for some reason, only methods that avoid sending clear
412 text passwords are considered.
413 The following user / password methods are supported: plain (a
414 simple plain text method, with base64 encoding, supported by
415 almost all servers), scram-sha-1 (a method that avoids clear-
416 text passwords), cram-md5 (an obsolete method that avoids clear-
417 text passwords, but is not considered secure anymore),
418 digest-md5 (an overcomplicated obsolete method that avoids
419 clear-text passwords, but is not considered secure anymore),
420 login (a non-standard clear-text method similar to but worse
421 than the plain method), ntlm (an obscure non-standard method
422 that is now considered broken; it sometimes requires a special
423 domain parameter passed via ntlmdomain).
424 There are currently three authentication methods that are not
425 based on user / password information and have to be chosen manu‐
426 ally: oauthbearer (an OAuth2 token from the mail provider is
427 used as the password; a user name is not required. See the docu‐
428 mentation of your mail provider for details on how to get this
429 token. The passwordeval command can be used to pass the regu‐
430 larly changing tokens into msmtp from a script or an environment
431 variable), external (the authentication happens outside of the
432 protocol, typically by sending a TLS client certificate, and the
433 method merely confirms that this authentication succeeded), and
434 gssapi (the Kerberos framework takes care of secure authentica‐
435 tion, only a user name is required).
436 It depends on the underlying authentication library and its ver‐
437 sion whether a particular method is supported or not. Use --ver‐
438 sion to find out which methods are supported.
439 user login
441 Set the user name for authentication. An empty argument unsets
442 the user name.
443 password secret
445 Set the password for authentication. An empty argument unsets
446 the password. Consider using the passwordeval command or a key
447 ring instead of this command, to avoid storing plain text pass‐
448 words in the configuration file.
449 passwordeval [eval]
451 Set the password for authentication to the output (stdout) of
452 the command eval. This can be used e.g. to decrypt password
453 files on the fly or to query key rings, and thus to avoid stor‐
454 ing plain text passwords.
455 ntlmdomain [domain]
457 Set a domain for the ntlm authentication method. This is obso‐
458 lete.
459 tls [(on|off)]
461 Enable or disable TLS (also known as SSL) for secured connec‐
462 tions.
463 Transport Layer Security (TLS) "... provides communications pri‐
464 vacy over the Internet. The protocol allows client/server
465 applications to communicate in a way that is designed to prevent
466 eavesdropping, tampering, or message forgery" (quote from
467 RFC2246).
468 A server can use TLS in one of two modes: via a STARTTLS command
469 (the session starts with the normal protocol initialization, and
470 TLS is then started using the protocol's STARTTLS command), or
471 immediately (TLS is initialized before the normal protocol ini‐
472 tialization; this requires a separate port). The first mode is
473 the default, but you can switch to the second mode by disabling
474 tls_starttls.
475 When TLS is started, the server sends a certificate to identify
476 itself. To verify the server identity, a client program is
477 expected to check that the certificate is formally correct and
478 that it was issued by a Certificate Authority (CA) that the user
479 trusts. (There can also be certificate chains with intermediate
480 CAs.)
481 The list of trusted CAs is specified using the tls_trust_file
482 command. The default value ist "system" and chooses the system-
483 wide default, but you can also choose the trusted CAs yourself.
484 One practical problem with this approach is that the client pro‐
485 gram should also check if the server certificate has been
486 revoked for some reason, using a Certificate Revocation List
487 (CRL). A CRL file can be specified using the tls_crl_file com‐
488 mand, but getting the relevant CRL files and keeping them up to
489 date is not straightforward. You are basically on your own.
490 A much more serious and fundamental problem is is that you need
491 to trust CAs. Like any other organization, a CA can be incompe‐
492 tent, malicious, subverted by bad people, or forced by govern‐
493 ment agencies to compromise end users without telling them. All
494 of these things happened and continue to happen worldwide. The
495 idea to have central organizations that have to be trusted for
496 your communication to be secure is fundamentally broken.
497 Instead of putting trust in a CA, you can choose to trust only a
498 single certificate for the server you want to connect to. For
499 that purpose, specify the certificate fingerprint with tls_fin‐
500 gerprint. This makes sure that no man-in-the-middle can fake the
501 identity of the server by presenting you a fraudulent certifi‐
502 cate issued by some CA that happens to be in your trust list.
503 However, you have to update the fingerprint whenever the server
504 certificate changes, and you have to make sure that the change
505 is legitimate each time, e.g. when the old certificate expired.
506 This is inconvenient, but it's the price to pay.
507 Information about a server certificate can be obtained with
508 --serverinfo --tls --tls-certcheck=off. This includes the issuer
509 CA of the certificate (so you can trust that CA via
510 tls_trust_file), and the fingerprint of the certificate (so you
511 can trust that particular certificate via tls_fingerprint).
512 TLS also allows the server to verify the identity of the client.
513 For this purpose, the client has to present a certificate issued
514 by a CA that the server trusts. To present that certificate, the
515 client also needs the matching key file. You can set the cer‐
516 tificate and key files using tls_cert_file and tls_key_file.
517 This mechanism can also be used to authenticate users, so that
518 traditional user / password authentication is not necessary any‐
519 more. See the external mechanism in auth.
520 tls_starttls [(on|off)]
522 Choose the TLS variant: start TLS from within the session (on,
523 default), or tunnel the session through TLS (off).
524 tls_trust_file file
526 Activate server certificate verification using a list of trusted
527 Certification Authorities (CAs). The default is the special
528 value "system", which selects the system default. An empty argu‐
529 ment disables trust in CAs. If you select a file, it must be in
530 PEM format, and you should also use tls_crl_file.
531 tls_crl_file [file]
533 Set a certificate revocation list (CRL) file for TLS, to check
534 for revoked certificates. An empty argument disables this.
535 tls_fingerprint [fingerprint]
537 Set the fingerprint of a single certificate to accept for TLS.
538 This certificate will be trusted regardless of its contents
539 (this overrides tls_trust_file). The fingerprint should be of
540 type SHA256, but can for backwards compatibility also be of type
541 SHA1 or MD5 (please avoid this). The format should be
542 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
543 --tls-fingerprint= to get the server certificate fingerprint.
544 tls_key_file file
546 Send a client certificate to the server (use this together with
547 tls_cert_file}). The file must contain the private key of a
548 certificate in PEM format. An empty argument disables this fea‐
549 ture.
550 tls_cert_file file
552 Send a client certificate to the server (use this together with
553 tls_key_file). The file must contain a certificate in PEM for‐
554 mat. An empty argument disables this feature.
555 tls_certcheck [(on|off)]
557 Enable or disable checks of the server certificate. They are
558 enabled by default. Disabling them will override tls_trust_file
559 and tls_fingerprint. WARNING: When the checks are disabled, TLS
560 sessions will not be secure!
561 tls_min_dh_prime_bits [bits]
563 Set or unset the minimum number of Diffie-Hellman (DH) prime
564 bits that mpop will accept for TLS sessions. The default is set
565 by the TLS library and can be selected by using an empty argu‐
566 ment to this command. Only lower the default (for example to
567 512 bits) if there is no other way to make TLS work with the
568 remote server.
569 tls_priorities [priorities]
571 Set the priorities for TLS sessions. The default is set by the
572 TLS library and can be selected by using an empty argument to
573 this command. See the GnuTLS documentation of the gnutls_prior‐
574 ity_init function for a description of the priorities string.
575 from envelope_from
577 Set the envelope-from address. This address will only be used
578 when auto_from is off.
579 auto_from [(on|off)]
581 Enable or disable automatic envelope-from addresses. The default
582 is off. When enabled, an envelope-from address of the form
583 user@domain will be generated. The local part will be set to
584 USER or, if that fails, to LOGNAME or, if that fails, to the
585 login name of the current user. The domain part can be set with
586 the maildomain command. If the maildomain is empty, the enve‐
587 lope-from address will only consist of the user name and not
588 have a domain part. When auto_from is disabled, the envelope-
589 from address must be set explicitly.
590 maildomain [domain]
592 Set a domain part for the generation of an envelope-from
593 address. This is only used when auto_from is on. The domain may
594 be empty.
595 dsn_notify (off|condition)
597 This command sets the condition(s) under which the mail system
598 should send DSN (Delivery Status Notification) messages. The
599 argument off disables explicit DSN requests, which means the
600 mail system decides when to send DSN messages. This is the
601 default. The condition must be never, to never request notifi‐
602 cation, or a comma separated list (no spaces!) of one or more of
603 the following: failure, to request notification on transmission
604 failure, delay, to be notified of message delays, success, to be
605 notified of successful transmission. The SMTP server must sup‐
606 port the DSN extension.
607 dsn_return (off|amount)
609 This command controls how much of a mail should be returned in
610 DSN (Delivery Status Notification) messages. The argument off
611 disables explicit DSN requests, which means the mail system
612 decides how much of a mail it returns in DSN messages. This is
613 the default. The amount must be headers, to just return the
614 message headers, or full, to return the full mail. The SMTP
615 server must support the DSN extension.
616 add_missing_from_header [(on|off)]
618 This command controls whether to add a From header if the mail
619 does not have one. The default is to add it.
620 add_missing_date_header [(on|off)]
622 This command controls whether to add a Date header if the mail
623 does not have one. The default is to add it.
624 remove_bcc_headers [(on|off)]
626 This command controls whether to remove Bcc headers. The default
627 is to remove them.
628 logfile [file]
630 An empty argument disables logging (this is the default).
631 When logging is enabled by choosing a log file, msmtp will
632 append one line to the log file for each mail it tries to send
633 via the account that this log file was chosen for.
634 The line will include the following information: date and time
635 in the format specified by logfile_time_format, host name of the
636 SMTP server, whether TLS was used, whether authentication was
637 used, authentication user name (only if authentication is used),
638 envelope-from address, recipient addresses, size of the mail as
639 transferred to the server (only if the delivery succeeded), SMTP
640 status code and SMTP error message (only in case of failure and
641 only if available), error message (only in case of failure and
642 only if available), exit code (from sysexits.h; EX_OK indicates
643 success).
644 If the filename is a dash (-), msmtp prints the log line to the
645 standard output.
646 logfile_time_format [fmt]
648 Set or unset the log file time format. This will be used as the
649 format string for the strftime() function. An empty argument
650 chooses the default ("%b %d %H:%M:%S").
651 syslog [(on|off|facility)]
653 Enable or disable syslog logging. The facility can be one of
654 LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default is
655 LOG_USER.
656 Each time msmtp tries to send a mail via the account that con‐
657 tains this syslog command, it will log one entry to the syslog
658 service with the chosen facility.
659 The line will include the following information: host name of
660 the SMTP server, whether TLS was used, whether authentication
661 was used, envelope-from address, recipient addresses, size of
662 the mail as transferred to the server (only if the delivery suc‐
663 ceeded), SMTP status code and SMTP error message (only in case
664 of failure and only if available), error message (only in case
665 of failure and only if available), exit code (from sysexits.h;
666 EX_OK indicates success).
667 aliases [file]
669 Replace local recipients with addresses in the aliases file.
670 The aliases file is a plain text file containing mappings
671 between a local address and a list of domain addresses. A local
672 address is defined as one without an `@' character and a domain
673 address is one with an `@' character. The mappings are of the
674 form:
675 local: someone@example.com, person@domain.example
676 Multiple domain addresses are separated with commas. Comments
677 start with `#' and continue to the end of the line.
678 The local address default has special significance and is
679 matched if the local address is not found in the aliases file.
680 If no default alias is found, then the local address is left as
681 is.
682 An empty argument to the aliases command disables the replace‐
683 ment of local addresses. This is the default.
684
686 Configuration file
687 # Example for a user configuration file ~/.msmtprc
689 #
690 # This file focusses on TLS and authentication. Features not used here
691 include
692 # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status
693 Notification
694 # (DSN) settings, and more.
695 # Set default values for all following accounts.
697 defaults
698 # Use the mail submission port 587 instead of the SMTP port 25.
700 port 587
701 # Always use TLS.
703 tls on
704 # Set a list of trusted CAs for TLS. The default is to use system set‐
706 tings, but
707 # you can select your own file.
708 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
709 # If you select your own file, you should also use the tls_crl_file
711 command to
712 # check for revoked certificates, but unfortunately getting revocation
713 lists and
714 # keeping them up to date is not straightforward.
715 #tls_crl_file ~/.tls-crls
716 # A freemail service
718 account freemail
719 # Host name of the SMTP server
721 host smtp.freemail.example
722 # As an alternative to tls_trust_file/tls_crl_file, you can use
724 tls_fingerprint
725 # to pin a single certificate. You have to update the fingerprint when
726 the
727 # server certificate changes, but an attacker cannot trick you into
728 accepting
729 # a fraudulent certificate. Get the fingerprint with
730 # $ msmtp --serverinfo --tls --tls-certcheck=off
731 --host=smtp.freemail.example
732 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
733 :22:33
734 # Envelope-from address
736 from joe_smith@freemail.example
737 # Authentication. The password is given using one of five methods, see
739 below.
740 auth on
741 user joe.smith
742 # Password method 1: Add the password to the system keyring, and let
744 msmtp get
745 # it automatically. To set the keyring password using Gnome's libse‐
746 cret:
747 # $ secret-tool store --label=msmtp \
748 # host smtp.freemail.example \
749 # service smtp \
750 # user joe.smith
751 # Password method 2: Store the password in an encrypted file, and tell
753 msmtp
754 # which command to use to decrypt it. This is usually used with GnuPG,
755 as in
756 # this example. Usually gpg-agent will ask once for the decryption
757 password.
758 passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
759 # Password method 3: Store the password directly in this file. Usually
761 it is not
762 # a good idea to store passwords in plain text files. If you do it any‐
763 way, at
764 # least make sure that this file can only be read by yourself.
765 #password secret123
766 # Password method 4: Store the password in ~/.netrc. This method is
768 probably not
769 # relevant anymore.
770 # Password method 5: Do not specify a password. Msmtp will then prompt
772 you for
773 # it. This means you need to be able to type into a terminal when msmtp
774 runs.
775 # A second mail address at the same freemail service
777 account freemail2 : freemail
778 from joey@freemail.example
779 # The SMTP server of your ISP
781 account isp
782 host mail.isp.example
783 from smithjoe@isp.example
784 auth on
785 user 12345
786 # Set a default account
788 account default : freemail
789 Using msmtp with Mutt
792 Create a configuration file for msmtp and add the following lines to
794 your Mutt configuration file:
795 set sendmail="/path/to/msmtp"
796 set use_from=yes
797 set realname="Your Name"
798 set from=you@example.com
799 set envelope_from=yes
800 The envelope_from=yes option lets Mutt use the -f option of msmtp.
801 Therefore msmtp chooses the first account that matches the from address
802 you@example.com.
803 Alternatively, you can use the -a option:
804 set sendmail="/path/to/msmtp -a my-account"
805 Or set everything from the command line (but note that you cannot set a
806 password this way):
807 set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls
808 --tls-trust-file=trust.crt"
809 If you have multiple mail accounts in your msmtp configuration file and
811 let Mutt use the -f option to choose the right one, you can easily
812 switch accounts in Mutt with the following Mutt configuration lines:
813 macro generic "<esc>1" ":set from=you@example.com"
814 macro generic "<esc>2" ":set from=you@your-employer.example"
815 macro generic "<esc>3" ":set from=you@some-other-provider.example"
816 Using msmtp with mail
819 Define a default account, and put the following in your ~/.mailrc:
821 set sendmail="/path/to/msmtp"
822 Using msmtp with Tor
825 Use the following settings:
827 proxy_host 127.0.0.1
828 proxy_port 9050
829 tls on
830 Use an IP address as proxy host name, so that msmtp does not leak a DNS
831 query when resolving it.
832 TLS is required to prevent exit hosts from reading your SMTP session.
833 Do not set domain to something that you do not want to reveal (do not
834 set it at all if possible).
835 Aliases file
838 # Example aliases file
840 # Send root to Joe and Jane
842 root: joe_smith@example.com, jane_chang@example.com
843 # Send cron to Mark
845 cron: mark_jones@example.com
846 # Send everything else to admin
848 default: admin@domain.example
849
852 SYSCONFDIR/msmtprc
853 System configuration file. Use --version to find out what
854 SYSCONFDIR is on your platform.
855 ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
857 User configuration file.
858 ~/.netrc and SYSCONFDIR/netrc
860 The netrc file contains login information. Before prompting for
861 a password, msmtp will search it in ~/.netrc and
862 SYSCONFDIR/netrc.
863
865 USER, LOGNAME
866 These variables override the user's login name when constructing
867 an envelope-from address. LOGNAME is only used if USER is unset.
868 TMPDIR Directory to create temporary files in. If this is unset, a sys‐
870 tem specific default directory is used.
871 A temporary file is only created when the -t/--read-recipients
872 or --read-envelope-from option is used. The file is then used to
873 buffer the headers of the mail (but not the body, so the file
874 won't get very large).
875 EMAIL, SMTPSERVER
877 These environment variables are used only if neither --host nor
878 --account is used and there is no default account defined in the
879 configuration files. In this case, the host name is taken from
880 SMTPSERVER, and the envelope from address is taken from EMAIL,
881 unless overridden by --from or --read-envelope-from. Currently
882 SMTPSERVER must contain a plain host name (no URL), and EMAIL
883 must contain a plain address (no names or additional informa‐
884 tion).
885
887 msmtp was written by Martin Lambers <marlam@marlam.de>.
888 Other authors are listed in the AUTHORS file in the source distribu‐
889 tion.
890
892 sendmail(8), netrc(5) or ftp(1)
893 2019-04 MSMTP(1)