1MSMTP(1)                    General Commands Manual                   MSMTP(1)
2
3
4

NAME

6       msmtp - An SMTP client
7

SYNOPSIS

9       Sendmail mode (default):
10              msmtp [option...] [--] recipient...
11              msmtp [option...] -t [--] [recipient...]
12
13       Configuration mode:
14              msmtp --configure <mailaddress>
15
16       Server information mode:
17              msmtp [option...] --serverinfo
18
19       Remote Message Queue Starting mode:
20              msmtp [option...] --rmqs=host|@domain|#queue
21

DESCRIPTION

23       In  the  default  sendmail mode, msmtp reads a mail from standard input
24       and sends it to an SMTP server for delivery.
25       In server information mode, msmtp  prints  information  about  an  SMTP
26       server.
27       In  Remote  Message  Queue  Starting mode, msmtp sends a Remote Message
28       Queue Starting request for a host, domain, or queue to an SMTP server.
29

EXIT STATUS

31       The standard sendmail exit status codes are used, as defined in  sysex‐
32       its.h.
33

OPTIONS

35       Options override configuration file settings.
36       They are compatible with sendmail where appropriate.
37
38       General options
39
40              --version
41                     Print  version  information,  including information about
42                     the libraries used.
43
44              --help Print help.
45
46              -P, --pretend
47                     Print the configuration settings that would be used,  but
48                     do  not  take  further action.  An asterisk (`*') will be
49                     printed instead of your password.
50
51              -v, -d, --debug
52                     Print lots of debugging information, including the  whole
53                     conversation  with  the SMTP server. Be careful with this
54                     option: the (potentially dangerous) output  will  not  be
55                     sanitized, and your password may get printed in an easily
56                     decodable format!
57
58       Changing the mode of operation
59
60              --configure=mailaddress
61                     Generate a configuration for the given mail  address  and
62                     print it. This can be modified or copied unchanged to the
63                     configuration file.  Note that this only works  for  mail
64                     domains  that  publish  appropriate  SRV records; see RFC
65                     8314.
66
67              -S, --serverinfo
68                     Print information about the SMTP server  and  exit.  This
69                     includes  information about supported features (mail size
70                     limit, authentication, TLS, DSN, ...) and about  the  TLS
71                     certificate (if TLS is active).
72
73              --rmqs=(host|@domain|#queue)
74                     Send  a  Remote  Message  Queue  Starting request for the
75                     given host, domain, or queue to the SMTP server and exit.
76
77       Configuration options
78
79              -C, --file=filename
80                     Use the given file instead  of  ~/.msmtprc  or  $XDG_CON‐
81                     FIG_HOME/msmtp/config as the user configuration file.
82
83              -a, --account=account_name
84                     Use  the  given  account  instead  of  the  account named
85                     "default". The settings of this account  may  be  changed
86                     with  command  line  options.  This option cannot be used
87                     together with the --host option.
88
89              --host=hostname
90                     Use this SMTP server with settings from the command line;
91                     do  not use any configuration file data. This option can‐
92                     not be used together with the --account option.
93
94              --port=number
95                     Set the port number to connect to. See the port command.
96
97              --source-ip=[IP]
98                     Set or unset an IP address to bind the socket to. See the
99                     source_ip command.
100
101              --proxy-host=[IP|hostname]
102                     Set  or  unset  a  SOCKS proxy to use. See the proxy_host
103                     command.
104
105              --proxy-port=[number]
106                     Set or unset a port number for the proxy  host.  See  the
107                     proxy_port command.
108
109              --timeout=(off|seconds)
110                     Set or unset a network timeout, in seconds. See the time‐
111                     out command.
112
113              --protocol=(smtp|lmtp)
114                     Set the protocol. See the protocol command.
115
116              --domain=[string]
117                     Set the argument of the SMTP EHLO (or LMTP LHLO) command.
118                     See the domain command.
119
120              --auth[=(on|off|method)]
121                     Enable  or  disable  authentication and optionally choose
122                     the method.  See the auth command.
123
124              --user=[username]
125                     Set or unset the user name for  authentication.  See  the
126                     user command.
127
128              --passwordeval=[eval]
129                     Evaluate  password for authentication. See the passworde‐
130                     val command.
131
132              --tls[=(on|off)]
133                     Enable or disable TLS/SSL. See the tls command.
134
135              --tls-starttls[=(on|off)]
136                     Enable or disable STARTTLS for TLS. See the  tls_starttls
137                     command.
138
139              --tls-trust-file=[file]
140                     Set or unset a trust file for TLS. See the tls_trust_file
141                     command.
142
143              --tls-crl-file=[file]
144                     Set or unset a certificate revocation list (CRL) file for
145                     TLS. See the tls_crl_file command.
146
147              --tls-fingerprint=[fingerprint]
148                     Set  or  unset  the fingerprint of a trusted TLS certifi‐
149                     cate. See the tls_fingerprint command.
150
151              --tls-key-file=[file]
152                     Set or unset a key file for  TLS.  See  the  tls_key_file
153                     command.
154
155              --tls-cert-file=[file]
156                     Set  or  unset a cert file for TLS. See the tls_cert_file
157                     command.
158
159              --tls-certcheck[=(on|off)]
160                     Enable or disable server certificate checks for TLS.  See
161                     the tls_certcheck command.
162
163              --tls-min-dh-prime-bits=[bits]
164                     Set  or unset minimum bit size of the Diffie-Hellman (DH)
165                     prime. See the tls_min_dh_prime_bits command.
166
167              --tls-priorities=[priorities]
168                     Set or unset TLS priorities. See the tls_priorities  com‐
169                     mand.
170
171       Options specific to sendmail mode
172
173              -f, --from=address
174                     Set  the  envelope-from  address.  It  is  only used when
175                     auto_from is off.
176                     If no account was chosen yet (with --account or  --host),
177                     this  option  will  choose the first account that has the
178                     given envelope-from address (set with the from  command).
179                     If no such account is found, "default" is used.
180
181              --auto-from[=(on|off)]
182                     Enable  or disable automatic envelope-from addresses. The
183                     default is off.  See the auto_from command.
184
185              --maildomain=[domain]
186                     Set the domain part for the --auto-from address. See  the
187                     maildomain command.
188
189              -N, --dsn-notify=(off|cond)
190                     Set   or  unset  DSN  notification  conditions.  See  the
191                     dsn_notify command.
192
193              -R, --dsn-return=(off|ret)
194                     Set  or  unset  the  DSN  notification  amount.  See  the
195                     dsn_return  command.   Note  that  hdrs is accepted as an
196                     alias for headers to be compatible with sendmail.
197
198              --add-missing-from-header[=(on|off)]
199                     Enable or disable the addition of a missing From  header.
200                     See the add_missing_from_header command.
201
202              --add-missing-date-header[=(on|off)]
203                     Enable  or disable the addition of a missing Date header.
204                     See the add_missing_date_header command.
205
206              --remove-bcc-headers[=(on|off)]
207                     Enable or disable the removal of  Bcc  headers.  See  the
208                     remove_bcc_headers command.
209
210              -X, --logfile=[file]
211                     Set or unset the log file. See the logfile command.
212
213              --logfile-time-format=[fmt]
214                     Set  or  unset  the  log  file  time format. See the log‐
215                     file_time_format command.
216
217              --syslog[=(on|off|facility)]
218                     Enable or disable syslog logging. See the syslog command.
219
220              -t, --read-recipients
221                     Read recipient addresses from the To, Cc, and Bcc headers
222                     of  the  mail  in addition to the recipients given on the
223                     command line.  If any Resent- headers are  present,  then
224                     the  addresses from any Resent-To, Resent-Cc, and Resent-
225                     Bcc headers in the first block  of  Resent-  headers  are
226                     used instead.
227
228              --read-envelope-from
229                     Read  the  envelope  from address from the From header of
230                     the mail.
231
232              --aliases=[file]
233                     Set or unset an aliases file. See the aliases command.
234
235              -Fname Msmtp adds a From header to mails that lack it, using the
236                     envelope  from  address.  This option allows one to set a
237                     full name to be used in that header.
238
239              --     This marks the end of options.  All  following  arguments
240                     will  be  treated  as  recipient  addresses, even if they
241                     start with a `-'.
242
243       The following options are accepted but ignored for sendmail compatibil‐
244       ity:
245       -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
246

USAGE

248       A  suggestion  for a suitable configuration file can be generated using
249       the --configure option.  Normally, a  system  wide  configuration  file
250       and/or  a  user configuration file contain information about which SMTP
251       server to use and how to use it, but all settings can also  be  config‐
252       ured on the command line.
253       The  information  about  SMTP  servers  is  organized in accounts. Each
254       account describes one SMTP server: host name, authentication  settings,
255       TLS  settings,  and  so on. Each configuration file can define multiple
256       accounts.
257
258       The user can choose which account to use in one of three ways:
259
260       --account=id
261              Use the given account. Command line settings override configura‐
262              tion file settings.
263
264       --host=hostname
265              Use only the settings from the command line; do not use any con‐
266              figuration file data.
267
268       --from=address or --read-envelope-from
269              Choose the first account from the system or  user  configuration
270              file that has a matching envelope-from address as specified by a
271              from command. This works only when neither --account nor  --host
272              is used.
273
274       If  none  of the above options is used (or if no account has a matching
275       from command), then the account "default" is used.
276
277       Msmtp transmits mails unaltered to the SMTP server, with the  following
278       exceptions:
279       -  The Bcc header(s) will be removed. This behavior can be changed with
280       the remove_bcc_headers command and --remove-bcc-headers option.
281       - A From header will be added if the mail does not have one.  This  can
282       be  changed  with  the  add_missing_from_header command and --add-miss‐
283       ing-from-header option.  The header will use the envelope from  address
284       and optionally a full name set with the -F option.
285       -  A  Date header will be added if the mail does not have one. This can
286       be changed with the  add_missing_date_header  command  and  --add-miss‐
287       ing-date-header option.
288
289       Skip to the EXAMPLES section for a quick start.
290

CONFIGURATION FILES

292       If  it  exists  and  is  readable,  a  system  wide  configuration file
293       SYSCONFDIR/msmtprc will be loaded, where  SYSCONFDIR  depends  on  your
294       platform.  Use --version to find out which directory is used.
295       If  it exists and is readable, a user configuration file will be loaded
296       (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
297       fig  by  default, but see --version). Accounts defined in the user con‐
298       figuration file override accounts from the system configuration file.
299       Configuration data from either file can  be  changed  by  command  line
300       options.
301
302       A  configuration  file  is a simple text file.  Empty lines and comment
303       lines (whose first non-blank character is `#') are ignored.
304       Every other line must contain a command and may contain an argument  to
305       that command.
306       The  argument  may be enclosed in double quotes ("), for example if its
307       first or last character is a blank.
308       If a file name starts with the tilde (~), this tilde will  be  replaced
309       by  $HOME.   If  a  command accepts the argument on, it also accepts an
310       empty argument and treats that as if it was on.
311       Commands are organized  in  accounts.  Each  account  starts  with  the
312       account command and defines the settings for one SMTP account.
313
314       Skip to the EXAMPLES section for a quick start.
315
316       Commands are as follows:
317
318       defaults
319              Set  defaults.  The  following  configuration  commands will set
320              default values for all following account definitions in the cur‐
321              rent configuration file.
322
323       account name [:account[,...]]
324              Start  a new account definition with the given name. The current
325              default values are filled in.
326              If a colon and a list of previously defined  accounts  is  given
327              after  the  account  name,  the  new account, with the filled in
328              default values, will inherit all settings from the  accounts  in
329              the list.
330
331       host hostname
332              The SMTP server to send the mail to.  The argument may be a host
333              name or a network address.  Every account definition  must  con‐
334              tain this command.
335
336       port number
337              The  port  that  the  SMTP server listens on.  The default is 25
338              ("smtp"), unless TLS without STARTTLS is used, in which case  it
339              is 465 ("smtps").
340
341       source_ip [IP]
342              Set a source IP address to bind the outgoing connection to. Use‐
343              ful only in special cases on multi-home systems. An empty  argu‐
344              ment disables this.
345
346       proxy_host [IP|hostname]
347              Use  a  SOCKS  proxy.  All  network traffic will go through this
348              proxy host, including DNS queries, except for a DNS  query  that
349              might  be  necessary to resolve the proxy host name itself (this
350              can be avoided by using an IP address as proxy  host  name).  An
351              empty  hostname  argument  disables  proxy usage.  The supported
352              SOCKS protocol version is 5. If you want to use this  with  Tor,
353              see also "Using msmtp with Tor" below.
354
355       proxy_port [number]
356              Set the port number for the proxy host. An empty number argument
357              resets this to the default port.
358
359       timeout (off|seconds)
360              Set or unset a network timeout, in  seconds.  The  argument  off
361              means  that no timeout will be set, which means that the operat‐
362              ing system default will be used.
363
364       protocol (smtp|lmtp)
365              Set the protocol to use. Currently only SMTP and LMTP  are  sup‐
366              ported.  SMTP  is  the  default.  See the port command above for
367              default ports.
368
369       domain argument
370              Use this command to set the argument of the SMTP EHLO  (or  LMTP
371              LHLO)  command.   The  default is localhost, which is stupid but
372              usually works. Try to change the default if mails  get  rejected
373              due  to anti-SPAM measures. Possible choices are the domain part
374              of your mail address (provider.example for joe@provider.example)
375              or the fully qualified domain name of your host (if available).
376
377       auth [(on|off|method)]
378              Enable  or disable authentication and optionally choose a method
379              to use. The argument on chooses a method automatically.
380              Usually a user name and a password are used for  authentication.
381              The  user  name  is specified in the configuration file with the
382              user command. There are five different methods  to  specify  the
383              password:
384              1. Add the password to the system key ring.  Currently supported
385              key rings are the Gnome key ring and the Mac OS X Keychain.  For
386              the Gnome key ring, use the command secret-tool (part of Gnome's
387              libsecret) to store passwords: secret-tool  store  --label=msmtp
388              host  mail.freemail.example service smtp user joe.smith.  On Mac
389              OS X, use the following command: security  add-internet-password
390              -s mail.freemail.example -r smtp -a joe.smith -w.  In both exam‐
391              ples, replace mail.freemail.example with the SMTP  server  name,
392              and joe.smith with your user name.
393              2.  Store the password in an encrypted files, and use passworde‐
394              val to specify a command to decrypt that file, e.g. using GnuPG.
395              See EXAMPLES.
396              3.  Store the password in the configuration file using the pass‐
397              word command.  (Usually it is not  considered  a  good  idea  to
398              store  passwords  in plain text files.  If you do it anyway, you
399              must make sure that the file can only be read by yourself.)
400              4. Store the password in ~/.netrc. This method is probably obso‐
401              lete.
402              5. Type the password into the terminal when it is required.
403              It is recommended to use method 1 or 2.
404              Multiple authentication methods exist. Most servers support only
405              some of them.  Historically, sophisticated methods  were  devel‐
406              oped  to  protect  passwords  from being sent unencrypted to the
407              server, but nowadays everybody needs TLS anyway, so  the  simple
408              methods suffice since the whole session is protected. A suitable
409              authentication method is chosen automatically, and when  TLS  is
410              disabled  for some reason, only methods that avoid sending clear
411              text passwords are considered.
412              The following user / password methods are  supported:  plain  (a
413              simple  plain  text  method,  with base64 encoding, supported by
414              almost all servers), scram-sha-1 (a method  that  avoids  clear-
415              text passwords), cram-md5 (an obsolete method that avoids clear-
416              text  passwords,  but  is  not   considered   secure   anymore),
417              digest-md5  (an  overcomplicated  obsolete  method  that  avoids
418              clear-text passwords, but is  not  considered  secure  anymore),
419              login  (a  non-standard  clear-text  method similar to but worse
420              than the plain method), ntlm  (an  obscure  non-standard  method
421              that  is  now considered broken; it sometimes requires a special
422              domain parameter passed via ntlmdomain).
423              There are currently three authentication methods  that  are  not
424              based on user / password information and have to be chosen manu‐
425              ally: oauthbearer (an OAuth2 token from  the  mail  provider  is
426              used  as  the  password.   See  the  documentation  of your mail
427              provider for details on how to get this token. The  passwordeval
428              command  can  be used to pass the regularly changing tokens into
429              msmtp from a script or an environment variable),  external  (the
430              authentication  happens  outside  of  the protocol, typically by
431              sending a TLS client certificate, and the method merely confirms
432              that  this  authentication  succeeded), and gssapi (the Kerberos
433              framework takes care of secure authentication, only a user  name
434              is required).
435              It depends on the underlying authentication library and its ver‐
436              sion whether a particular method is supported or not. Use --ver‐
437              sion to find out which methods are supported.
438
439       user login
440              Set  the  user name for authentication. An empty argument unsets
441              the user name.
442
443       password secret
444              Set the password for authentication. An  empty  argument  unsets
445              the  password.  Consider using the passwordeval command or a key
446              ring instead of this command, to avoid storing plain text  pass‐
447              words in the configuration file.
448
449       passwordeval [eval]
450              Set  the  password  for authentication to the output (stdout) of
451              the command eval.  This can be used  e.g.  to  decrypt  password
452              files  on the fly or to query key rings, and thus to avoid stor‐
453              ing plain text passwords.
454
455       ntlmdomain [domain]
456              Set a domain for the ntlm authentication method. This  is  obso‐
457              lete.
458
459       tls [(on|off)]
460              Enable  or  disable  TLS (also known as SSL) for secured connec‐
461              tions.
462              Transport Layer Security (TLS) "... provides communications pri‐
463              vacy  over  the  Internet.   The  protocol  allows client/server
464              applications to communicate in a way that is designed to prevent
465              eavesdropping,   tampering,  or  message  forgery"  (quote  from
466              RFC2246).
467              A server can use TLS in one of two modes: via a STARTTLS command
468              (the session starts with the normal protocol initialization, and
469              TLS is then started using the protocol's STARTTLS  command),  or
470              immediately  (TLS is initialized before the normal protocol ini‐
471              tialization; this requires a separate port). The first  mode  is
472              the  default, but you can switch to the second mode by disabling
473              tls_starttls.
474              When TLS is started, the server sends a certificate to  identify
475              itself.  To  verify  the  server  identity,  a client program is
476              expected to check that the certificate is formally  correct  and
477              that it was issued by a Certificate Authority (CA) that the user
478              trusts. (There can also be certificate chains with  intermediate
479              CAs.)
480              The  list  of  trusted CAs is specified using the tls_trust_file
481              command.  The default value ist "system" and chooses the system-
482              wide default, but you can also choose the trusted CAs yourself.
483              One practical problem with this approach is that the client pro‐
484              gram should also  check  if  the  server  certificate  has  been
485              revoked  for  some  reason,  using a Certificate Revocation List
486              (CRL). A CRL file can be specified using the  tls_crl_file  com‐
487              mand,  but getting the relevant CRL files and keeping them up to
488              date is not straightforward. You are basically on your own.
489              A much more serious and fundamental problem is that you need  to
490              trust  CAs.   Like  any other organization, a CA can be incompe‐
491              tent, malicious, subverted by bad people, or forced  by  govern‐
492              ment  agencies to compromise end users without telling them. All
493              of these things happened and continue to happen worldwide.   The
494              idea  to  have central organizations that have to be trusted for
495              your communication to be secure is fundamentally broken.
496              Instead of putting trust in a CA, you can choose to trust only a
497              single  certificate  for  the server you want to connect to. For
498              that purpose, specify the certificate fingerprint with  tls_fin‐
499              gerprint. This makes sure that no man-in-the-middle can fake the
500              identity of the server by presenting you a  fraudulent  certifi‐
501              cate  issued  by  some CA that happens to be in your trust list.
502              However, you have to update the fingerprint whenever the  server
503              certificate  changes,  and you have to make sure that the change
504              is legitimate each time, e.g. when the old certificate  expired.
505              This is inconvenient, but it's the price to pay.
506              Information  about  a  server  certificate  can be obtained with
507              --serverinfo --tls --tls-certcheck=off. This includes the issuer
508              CA   of   the   certificate  (so  you  can  trust  that  CA  via
509              tls_trust_file), and the fingerprint of the certificate (so  you
510              can trust that particular certificate via tls_fingerprint).
511              TLS also allows the server to verify the identity of the client.
512              For this purpose, the client has to present a certificate issued
513              by a CA that the server trusts. To present that certificate, the
514              client also needs the matching key file. You can  set  the  cer‐
515              tificate  and  key  files  using tls_cert_file and tls_key_file.
516              This mechanism can also be used to authenticate users,  so  that
517              traditional user / password authentication is not necessary any‐
518              more. See the external mechanism in auth.
519              You can also use client certificates  stored  on  some  external
520              authentication  device  by  specifying  GnuTLS  device  URIs  in
521              tls_cert_file and tls_key_file. You can find  the  correct  URIs
522              using  p11tool  --list-privkeys --login (p11tool is bundled with
523              GnuTLS). If your device requires a PIN to access the  data,  you
524              can  specify  that  using  one  of the password mechanisms (e.g.
525              passwordeval, password).
526
527       tls_starttls [(on|off)]
528              Choose the TLS variant: start TLS from within the  session  (on,
529              default), or tunnel the session through TLS (off).
530
531       tls_trust_file file
532              Activate server certificate verification using a list of trusted
533              Certification Authorities (CAs).  The  default  is  the  special
534              value "system", which selects the system default. An empty argu‐
535              ment disables trust in CAs.  If you select a file, it must be in
536              PEM format, and you should also use tls_crl_file.
537
538       tls_crl_file [file]
539              Set  a  certificate revocation list (CRL) file for TLS, to check
540              for revoked certificates. An empty argument disables this.
541
542       tls_fingerprint [fingerprint]
543              Set the fingerprint of a single certificate to accept  for  TLS.
544              This  certificate  will  be  trusted  regardless of its contents
545              (this overrides tls_trust_file).  The fingerprint should  be  of
546              type SHA256, but can for backwards compatibility also be of type
547              SHA1  or  MD5  (please  avoid  this).   The  format  should   be
548              01:23:45:67:....   Use  --serverinfo  --tls  --tls-certcheck=off
549              --tls-fingerprint= to get the server certificate fingerprint.
550
551       tls_key_file file
552              Send a client certificate to the server (use this together  with
553              tls_cert_file}).   The  file  must  contain the private key of a
554              certificate in PEM format. An empty argument disables this  fea‐
555              ture.
556
557       tls_cert_file file
558              Send  a client certificate to the server (use this together with
559              tls_key_file).  The file must contain a certificate in PEM  for‐
560              mat. An empty argument disables this feature.
561
562       tls_certcheck [(on|off)]
563              Enable  or  disable  checks  of the server certificate. They are
564              enabled by default.  Disabling them will override tls_trust_file
565              and tls_fingerprint.  WARNING: When the checks are disabled, TLS
566              sessions will not be secure!
567
568       tls_min_dh_prime_bits [bits]
569              Set or unset the minimum number  of  Diffie-Hellman  (DH)  prime
570              bits that mpop will accept for TLS sessions.  The default is set
571              by the TLS library and can be selected by using an  empty  argu‐
572              ment  to  this  command.  Only lower the default (for example to
573              512 bits) if there is no other way to make  TLS  work  with  the
574              remote server.
575
576       tls_priorities [priorities]
577              Set  the  priorities for TLS sessions. The default is set by the
578              TLS library and can be selected by using an  empty  argument  to
579              this command.  See the GnuTLS documentation of the gnutls_prior‐
580              ity_init function for a description of the priorities string.
581
582       from envelope_from
583              Set the envelope-from address. This address will  only  be  used
584              when auto_from is off.
585
586       auto_from [(on|off)]
587              Enable or disable automatic envelope-from addresses. The default
588              is off.  When enabled, an  envelope-from  address  of  the  form
589              user@domain  will  be  generated.  The local part will be set to
590              USER or, if that fails, to LOGNAME or, if  that  fails,  to  the
591              login name of the current user.  The domain part can be set with
592              the maildomain command.  If the maildomain is empty,  the  enve‐
593              lope-from  address  will  only  consist of the user name and not
594              have a domain part. When auto_from is  disabled,  the  envelope-
595              from address must be set explicitly.
596
597       maildomain [domain]
598              Set  a  domain  part  for  the  generation  of  an envelope-from
599              address. This is only used when auto_from is on. The domain  may
600              be empty.
601
602       dsn_notify (off|condition)
603              This  command  sets the condition(s) under which the mail system
604              should send DSN (Delivery  Status  Notification)  messages.  The
605              argument  off  disables  explicit  DSN requests, which means the
606              mail system decides when to  send  DSN  messages.  This  is  the
607              default.   The condition must be never, to never request notifi‐
608              cation, or a comma separated list (no spaces!) of one or more of
609              the  following: failure, to request notification on transmission
610              failure, delay, to be notified of message delays, success, to be
611              notified  of  successful transmission. The SMTP server must sup‐
612              port the DSN extension.
613
614       dsn_return (off|amount)
615              This command controls how much of a mail should be  returned  in
616              DSN  (Delivery  Status  Notification) messages. The argument off
617              disables explicit DSN requests,  which  means  the  mail  system
618              decides  how  much of a mail it returns in DSN messages. This is
619              the default.  The amount must be headers,  to  just  return  the
620              message  headers,  or  full,  to return the full mail.  The SMTP
621              server must support the DSN extension.
622
623       add_missing_from_header [(on|off)]
624              This command controls whether to add a From header if  the  mail
625              does not have one.  The default is to add it.
626
627       add_missing_date_header [(on|off)]
628              This  command  controls whether to add a Date header if the mail
629              does not have one.  The default is to add it.
630
631       remove_bcc_headers [(on|off)]
632              This command controls whether to remove Bcc headers. The default
633              is to remove them.
634
635       logfile [file]
636              An empty argument disables logging (this is the default).
637              When  logging  is  enabled  by  choosing  a log file, msmtp will
638              append one line to the log file for each mail it tries  to  send
639              via the account that this log file was chosen for.
640              The  line  will include the following information: date and time
641              in the format specified by logfile_time_format, host name of the
642              SMTP  server,  whether  TLS was used, whether authentication was
643              used, authentication user name (only if authentication is used),
644              envelope-from  address, recipient addresses, size of the mail as
645              transferred to the server (only if the delivery succeeded), SMTP
646              status  code and SMTP error message (only in case of failure and
647              only if available), error message (only in case of  failure  and
648              only  if available), exit code (from sysexits.h; EX_OK indicates
649              success).
650              If the filename is a dash (-), msmtp prints the log line to  the
651              standard output.
652
653       logfile_time_format [fmt]
654              Set  or unset the log file time format. This will be used as the
655              format string for the strftime()  function.  An  empty  argument
656              chooses the default ("%b %d %H:%M:%S").
657
658       syslog [(on|off|facility)]
659              Enable  or  disable  syslog  logging. The facility can be one of
660              LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default  is
661              LOG_USER.
662              Each  time  msmtp tries to send a mail via the account that con‐
663              tains this syslog command, it will log one entry to  the  syslog
664              service with the chosen facility.
665              The  line  will  include the following information: host name of
666              the SMTP server, whether TLS was  used,  whether  authentication
667              was  used,  envelope-from  address, recipient addresses, size of
668              the mail as transferred to the server (only if the delivery suc‐
669              ceeded),  SMTP  status code and SMTP error message (only in case
670              of failure and only if available), error message (only  in  case
671              of  failure  and only if available), exit code (from sysexits.h;
672              EX_OK indicates success).
673
674       aliases [file]
675              Replace local recipients with addresses  in  the  aliases  file.
676              The  aliases  file  is  a  plain  text  file containing mappings
677              between a local address and a list of replacement addresses. The
678              mappings are of the form:
679                  local: someone@example.com, person@domain.example
680              Multiple  replacement addresses are separated with commas.  Com‐
681              ments start with `#' and continue to the end of the line.
682              The local  address  default  has  special  significance  and  is
683              matched  if  the local address is not found in the aliases file.
684              If no default alias is found, then the local address is left  as
685              is.
686              An  empty  argument to the aliases command disables the replace‐
687              ment of local addresses.  This is the default.
688

EXAMPLES

690       Configuration file
691
692       # Example for a user configuration file ~/.msmtprc
693       #
694       # This file focusses on TLS and authentication. Features not used  here
695       include
696       #  logging,  timeouts,  SOCKS  proxies, TLS parameters, Delivery Status
697       Notification
698       # (DSN) settings, and more.
699
700       # Set default values for all following accounts.
701       defaults
702
703       # Use the mail submission port 587 instead of the SMTP port 25.
704       port 587
705
706       # Always use TLS.
707       tls on
708
709       # Set a list of trusted CAs for TLS. The default is to use system  set‐
710       tings, but
711       # you can select your own file.
712       #tls_trust_file /etc/ssl/certs/ca-certificates.crt
713
714       #  If  you  select  your own file, you should also use the tls_crl_file
715       command to
716       # check for revoked certificates, but unfortunately getting  revocation
717       lists and
718       # keeping them up to date is not straightforward.
719       #tls_crl_file ~/.tls-crls
720
721       # A freemail service
722       account freemail
723
724       # Host name of the SMTP server
725       host smtp.freemail.example
726
727       #  As  an  alternative  to  tls_trust_file/tls_crl_file,  you  can  use
728       tls_fingerprint
729       # to pin a single certificate. You have to update the fingerprint  when
730       the
731       #  server  certificate  changes,  but an attacker cannot trick you into
732       accepting
733       # a fraudulent certificate. Get the fingerprint with
734       #     $     msmtp      --serverinfo      --tls      --tls-certcheck=off
735       --host=smtp.freemail.example
736       #tls_fingerprint  00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
737       :22:33
738
739       # Envelope-from address
740       from joe_smith@freemail.example
741
742       # Authentication. The password is given using one of five methods,  see
743       below.
744       auth on
745       user joe.smith
746
747       #  Password  method  1: Add the password to the system keyring, and let
748       msmtp get
749       # it automatically. To set the keyring password  using  Gnome's  libse‐
750       cret:
751       # $ secret-tool store --label=msmtp \
752       #   host smtp.freemail.example \
753       #   service smtp \
754       #   user joe.smith
755
756       #  Password method 2: Store the password in an encrypted file, and tell
757       msmtp
758       # which command to use to decrypt it. This is usually used with  GnuPG,
759       as in
760       #  this  example.  Usually  gpg-agent  will ask once for the decryption
761       password.
762       passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
763
764       # Password method 3: Store the password directly in this file.  Usually
765       it is not
766       # a good idea to store passwords in plain text files. If you do it any‐
767       way, at
768       # least make sure that this file can only be read by yourself.
769       #password secret123
770
771       # Password method 4: Store the password in  ~/.netrc.  This  method  is
772       probably not
773       # relevant anymore.
774
775       #  Password method 5: Do not specify a password. Msmtp will then prompt
776       you for
777       # it. This means you need to be able to type into a terminal when msmtp
778       runs.
779
780       # A second mail address at the same freemail service
781       account freemail2 : freemail
782       from joey@freemail.example
783
784       # The SMTP server of your ISP
785       account isp
786       host mail.isp.example
787       from smithjoe@isp.example
788       auth on
789       user 12345
790
791       # Set a default account
792       account default : freemail
793
794
795       Using msmtp with Mutt
796
797       Create  a  configuration  file for msmtp and add the following lines to
798       your Mutt configuration file:
799       set sendmail="/path/to/msmtp"
800       set use_from=yes
801       set realname="Your Name"
802       set from=you@example.com
803       set envelope_from=yes
804       The envelope_from=yes option lets Mutt use  the  -f  option  of  msmtp.
805       Therefore msmtp chooses the first account that matches the from address
806       you@example.com.
807       Alternatively, you can use the -a option:
808       set sendmail="/path/to/msmtp -a my-account"
809       Or set everything from the command line (but note that you cannot set a
810       password this way):
811       set  sendmail="/path/to/msmtp  --host=mailhub  -f  me@example.com --tls
812       --tls-trust-file=trust.crt"
813
814       If you have multiple mail accounts in your msmtp configuration file and
815       let  Mutt  use  the  -f  option to choose the right one, you can easily
816       switch accounts in Mutt with the following Mutt configuration lines:
817       macro generic "<esc>1" ":set from=you@example.com"
818       macro generic "<esc>2" ":set from=you@your-employer.example"
819       macro generic "<esc>3" ":set from=you@some-other-provider.example"
820
821
822       Using msmtp with mail
823
824       Define a default account, and put the following in your ~/.mailrc:
825       set sendmail="/path/to/msmtp"
826
827
828       Using msmtp with Tor
829
830       Use the following settings:
831       proxy_host 127.0.0.1
832       proxy_port 9050
833       tls on
834       Use an IP address as proxy host name, so that msmtp does not leak a DNS
835       query when resolving it.
836       TLS is required to prevent exit hosts from reading your SMTP session.
837       Do  not  set domain to something that you do not want to reveal (do not
838       set it at all if possible).
839
840
841       Aliases file
842
843       # Example aliases file
844
845       # Send root to Joe and Jane
846       root: joe_smith@example.com, jane_chang@example.com
847
848       # Send cron to Mark
849       cron: mark_jones@example.com
850
851       # Send everything else to admin
852       default: admin@domain.example
853
854

FILES

856       SYSCONFDIR/msmtprc
857              System configuration  file.  Use  --version  to  find  out  what
858              SYSCONFDIR is on your platform.
859
860       ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
861              User configuration file.
862
863       ~/.netrc and SYSCONFDIR/netrc
864              The  netrc file contains login information. Before prompting for
865              a   password,   msmtp   will   search   it   in   ~/.netrc   and
866              SYSCONFDIR/netrc.
867

ENVIRONMENT

869       USER, LOGNAME
870              These variables override the user's login name when constructing
871              an envelope-from address. LOGNAME is only used if USER is unset.
872
873       TMPDIR Directory to create temporary files in. If this is unset, a sys‐
874              tem specific default directory is used.
875              A  temporary  file is only created when the -t/--read-recipients
876              or --read-envelope-from option is used. The file is then used to
877              buffer  the  headers  of the mail (but not the body, so the file
878              won't get very large).
879
880       EMAIL, SMTPSERVER
881              These environment variables are used only if neither --host  nor
882              --account is used and there is no default account defined in the
883              configuration files. In this case, the host name is  taken  from
884              SMTPSERVER,  and  the envelope from address is taken from EMAIL,
885              unless overridden by --from or  --read-envelope-from.  Currently
886              SMTPSERVER  must  contain  a plain host name (no URL), and EMAIL
887              must contain a plain address (no names  or  additional  informa‐
888              tion).
889

AUTHORS

891       msmtp was written by Martin Lambers <marlam@marlam.de>.
892       Other  authors  are  listed in the AUTHORS file in the source distribu‐
893       tion.
894

SEE ALSO

896       sendmail(8), netrc(5) or ftp(1)
897
898
899
900                                    2019-07                           MSMTP(1)
Impressum