1MSMTP(1) General Commands Manual MSMTP(1)
2
6 msmtp - An SMTP client
7
9 Sendmail mode (default):
10 msmtp [option...] [--] recipient...
11 msmtp [option...] -t [--] [recipient...]
12 Configuration mode:
14 msmtp --configure <mailaddress>
15 Server information mode:
17 msmtp [option...] --serverinfo
18 Remote Message Queue Starting mode:
20 msmtp [option...] --rmqs=host|@domain|#queue
21
23 In the default sendmail mode, msmtp reads a mail from standard input
24 and sends it to an SMTP server for delivery.
25 In server information mode, msmtp prints information about an SMTP
26 server.
27 In Remote Message Queue Starting mode, msmtp sends a Remote Message
28 Queue Starting request for a host, domain, or queue to an SMTP server.
29
31 The standard sendmail exit status codes are used, as defined in sysex‐
32 its.h.
33
35 Options override configuration file settings.
36 They are compatible with sendmail where appropriate.
37 General options
39 --version
41 Print version information, including information about
42 the libraries used.
43 --help Print help.
45 -P, --pretend
47 Print the configuration settings that would be used, but
48 do not take further action. An asterisk (`*') will be
49 printed instead of your password.
50 -v, -d, --debug
52 Print lots of debugging information, including the whole
53 conversation with the SMTP server. Be careful with this
54 option: the (potentially dangerous) output will not be
55 sanitized, and your password may get printed in an easily
56 decodable format!
57 Changing the mode of operation
59 --configure=mailaddress
61 Generate a configuration for the given mail address and
62 print it. This can be modified or copied unchanged to the
63 configuration file. Note that this only works for mail
64 domains that publish appropriate SRV records; see RFC
65 8314.
66 -S, --serverinfo
68 Print information about the SMTP server and exit. This
69 includes information about supported features (mail size
70 limit, authentication, TLS, DSN, ...) and about the TLS
71 certificate (if TLS is active).
72 --rmqs=(host|@domain|#queue)
74 Send a Remote Message Queue Starting request for the
75 given host, domain, or queue to the SMTP server and exit.
76 Configuration options
78 -C, --file=filename
80 Use the given file instead of ~/.msmtprc or $XDG_CON‐
81 FIG_HOME/msmtp/config as the user configuration file.
82 -a, --account=account_name
84 Use the given account instead of the account named
85 "default". The settings of this account may be changed
86 with command line options. This option cannot be used
87 together with the --host option.
88 --host=hostname
90 Use this SMTP server with settings from the command line;
91 do not use any configuration file data. This option can‐
92 not be used together with the --account option.
93 --port=number
95 Set the port number to connect to. See the port command.
96 --source-ip=[IP]
98 Set or unset an IP address to bind the socket to. See the
99 source_ip command.
100 --proxy-host=[IP|hostname]
102 Set or unset a SOCKS proxy to use. See the proxy_host
103 command.
104 --proxy-port=[number]
106 Set or unset a port number for the proxy host. See the
107 proxy_port command.
108 --timeout=(off|seconds)
110 Set or unset a network timeout, in seconds. See the time‐
111 out command.
112 --protocol=(smtp|lmtp)
114 Set the protocol. See the protocol command.
115 --domain=[string]
117 Set the argument of the SMTP EHLO (or LMTP LHLO) command.
118 See the domain command.
119 --auth[=(on|off|method)]
121 Enable or disable authentication and optionally choose
122 the method. See the auth command.
123 --user=[username]
125 Set or unset the user name for authentication. See the
126 user command.
127 --passwordeval=[eval]
129 Evaluate password for authentication. See the passworde‐
130 val command.
131 --tls[=(on|off)]
133 Enable or disable TLS/SSL. See the tls command.
134 --tls-starttls[=(on|off)]
136 Enable or disable STARTTLS for TLS. See the tls_starttls
137 command.
138 --tls-trust-file=[file]
140 Set or unset a trust file for TLS. See the tls_trust_file
141 command.
142 --tls-crl-file=[file]
144 Set or unset a certificate revocation list (CRL) file for
145 TLS. See the tls_crl_file command.
146 --tls-fingerprint=[fingerprint]
148 Set or unset the fingerprint of a trusted TLS certifi‐
149 cate. See the tls_fingerprint command.
150 --tls-key-file=[file]
152 Set or unset a key file for TLS. See the tls_key_file
153 command.
154 --tls-cert-file=[file]
156 Set or unset a cert file for TLS. See the tls_cert_file
157 command.
158 --tls-certcheck[=(on|off)]
160 Enable or disable server certificate checks for TLS. See
161 the tls_certcheck command.
162 --tls-min-dh-prime-bits=[bits]
164 Set or unset minimum bit size of the Diffie-Hellman (DH)
165 prime. See the tls_min_dh_prime_bits command.
166 --tls-priorities=[priorities]
168 Set or unset TLS priorities. See the tls_priorities com‐
169 mand.
170 Options specific to sendmail mode
172 -f, --from=address
174 Set the envelope-from address. It is only used when
175 auto_from is off.
176 If no account was chosen yet (with --account or --host),
177 this option will choose the first account that has the
178 given envelope-from address (set with the from command).
179 If no such account is found, "default" is used.
180 --auto-from[=(on|off)]
182 Enable or disable automatic envelope-from addresses. The
183 default is off. See the auto_from command.
184 --maildomain=[domain]
186 Set the domain part for the --auto-from address. See the
187 maildomain command.
188 -N, --dsn-notify=(off|cond)
190 Set or unset DSN notification conditions. See the
191 dsn_notify command.
192 -R, --dsn-return=(off|ret)
194 Set or unset the DSN notification amount. See the
195 dsn_return command. Note that hdrs is accepted as an
196 alias for headers to be compatible with sendmail.
197 --add-missing-from-header[=(on|off)]
199 Enable or disable the addition of a missing From header.
200 See the add_missing_from_header command.
201 --add-missing-date-header[=(on|off)]
203 Enable or disable the addition of a missing Date header.
204 See the add_missing_date_header command.
205 --remove-bcc-headers[=(on|off)]
207 Enable or disable the removal of Bcc headers. See the
208 remove_bcc_headers command.
209 -X, --logfile=[file]
211 Set or unset the log file. See the logfile command.
212 --logfile-time-format=[fmt]
214 Set or unset the log file time format. See the log‐
215 file_time_format command.
216 --syslog[=(on|off|facility)]
218 Enable or disable syslog logging. See the syslog command.
219 -t, --read-recipients
221 Read recipient addresses from the To, Cc, and Bcc headers
222 of the mail in addition to the recipients given on the
223 command line. If any Resent- headers are present, then
224 the addresses from any Resent-To, Resent-Cc, and Resent-
225 Bcc headers in the first block of Resent- headers are
226 used instead.
227 --read-envelope-from
229 Read the envelope from address from the From header of
230 the mail.
231 --aliases=[file]
233 Set or unset an aliases file. See the aliases command.
234 -Fname Msmtp adds a From header to mails that lack it, using the
236 envelope from address. This option allows one to set a
237 full name to be used in that header.
238 -- This marks the end of options. All following arguments
240 will be treated as recipient addresses, even if they
241 start with a `-'.
242 The following options are accepted but ignored for sendmail compatibil‐
244 ity:
245 -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
246
248 A suggestion for a suitable configuration file can be generated using
249 the --configure option. Normally, a system wide configuration file
250 and/or a user configuration file contain information about which SMTP
251 server to use and how to use it, but all settings can also be config‐
252 ured on the command line.
253 The information about SMTP servers is organized in accounts. Each
254 account describes one SMTP server: host name, authentication settings,
255 TLS settings, and so on. Each configuration file can define multiple
256 accounts.
257 The user can choose which account to use in one of three ways:
259 --account=id
261 Use the given account. Command line settings override configura‐
262 tion file settings.
263 --host=hostname
265 Use only the settings from the command line; do not use any con‐
266 figuration file data.
267 --from=address or --read-envelope-from
269 Choose the first account from the system or user configuration
270 file that has a matching envelope-from address as specified by a
271 from command. This works only when neither --account nor --host
272 is used.
273 If none of the above options is used (or if no account has a matching
275 from command), then the account "default" is used.
276 Msmtp transmits mails unaltered to the SMTP server, with the following
278 exceptions:
279 - The Bcc header(s) will be removed. This behavior can be changed with
280 the remove_bcc_headers command and --remove-bcc-headers option.
281 - A From header will be added if the mail does not have one. This can
282 be changed with the add_missing_from_header command and --add-miss‐
283 ing-from-header option. The header will use the envelope from address
284 and optionally a full name set with the -F option.
285 - A Date header will be added if the mail does not have one. This can
286 be changed with the add_missing_date_header command and --add-miss‐
287 ing-date-header option.
288 Skip to the EXAMPLES section for a quick start.
290
292 If it exists and is readable, a system wide configuration file
293 SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your
294 platform. Use --version to find out which directory is used.
295 If it exists and is readable, a user configuration file will be loaded
296 (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
297 fig by default, but see --version). Accounts defined in the user con‐
298 figuration file override accounts from the system configuration file.
299 Configuration data from either file can be changed by command line
300 options.
301 A configuration file is a simple text file. Empty lines and comment
303 lines (whose first non-blank character is `#') are ignored.
304 Every other line must contain a command and may contain an argument to
305 that command.
306 The argument may be enclosed in double quotes ("), for example if its
307 first or last character is a blank.
308 If a file name starts with the tilde (~), this tilde will be replaced
309 by $HOME. If a command accepts the argument on, it also accepts an
310 empty argument and treats that as if it was on.
311 Commands are organized in accounts. Each account starts with the
312 account command and defines the settings for one SMTP account.
313 Skip to the EXAMPLES section for a quick start.
315 Commands are as follows:
317 defaults
319 Set defaults. The following configuration commands will set
320 default values for all following account definitions in the cur‐
321 rent configuration file.
322 account name [:account[,...]]
324 Start a new account definition with the given name. The current
325 default values are filled in.
326 If a colon and a list of previously defined accounts is given
327 after the account name, the new account, with the filled in
328 default values, will inherit all settings from the accounts in
329 the list.
330 host hostname
332 The SMTP server to send the mail to. The argument may be a host
333 name or a network address. Every account definition must con‐
334 tain this command.
335 port number
337 The port that the SMTP server listens on. The default is 25
338 ("smtp"), unless TLS without STARTTLS is used, in which case it
339 is 465 ("smtps").
340 source_ip [IP]
342 Set a source IP address to bind the outgoing connection to. Use‐
343 ful only in special cases on multi-home systems. An empty argu‐
344 ment disables this.
345 proxy_host [IP|hostname]
347 Use a SOCKS proxy. All network traffic will go through this
348 proxy host, including DNS queries, except for a DNS query that
349 might be necessary to resolve the proxy host name itself (this
350 can be avoided by using an IP address as proxy host name). An
351 empty hostname argument disables proxy usage. The supported
352 SOCKS protocol version is 5. If you want to use this with Tor,
353 see also "Using msmtp with Tor" below.
354 proxy_port [number]
356 Set the port number for the proxy host. An empty number argument
357 resets this to the default port.
358 timeout (off|seconds)
360 Set or unset a network timeout, in seconds. The argument off
361 means that no timeout will be set, which means that the operat‐
362 ing system default will be used.
363 protocol (smtp|lmtp)
365 Set the protocol to use. Currently only SMTP and LMTP are sup‐
366 ported. SMTP is the default. See the port command above for
367 default ports.
368 domain argument
370 Use this command to set the argument of the SMTP EHLO (or LMTP
371 LHLO) command. The default is localhost, which is stupid but
372 usually works. Try to change the default if mails get rejected
373 due to anti-SPAM measures. Possible choices are the domain part
374 of your mail address (provider.example for joe@provider.example)
375 or the fully qualified domain name of your host (if available).
376 auth [(on|off|method)]
378 Enable or disable authentication and optionally choose a method
379 to use. The argument on chooses a method automatically.
380 Usually a user name and a password are used for authentication.
381 The user name is specified in the configuration file with the
382 user command. There are five different methods to specify the
383 password:
384 1. Add the password to the system key ring. Currently supported
385 key rings are the Gnome key ring and the Mac OS X Keychain. For
386 the Gnome key ring, use the command secret-tool (part of Gnome's
387 libsecret) to store passwords: secret-tool store --label=msmtp
388 host mail.freemail.example service smtp user joe.smith. On Mac
389 OS X, use the following command: security add-internet-password
390 -s mail.freemail.example -r smtp -a joe.smith -w. In both exam‐
391 ples, replace mail.freemail.example with the SMTP server name,
392 and joe.smith with your user name.
393 2. Store the password in an encrypted files, and use passworde‐
394 val to specify a command to decrypt that file, e.g. using GnuPG.
395 See EXAMPLES.
396 3. Store the password in the configuration file using the pass‐
397 word command. (Usually it is not considered a good idea to
398 store passwords in plain text files. If you do it anyway, you
399 must make sure that the file can only be read by yourself.)
400 4. Store the password in ~/.netrc. This method is probably obso‐
401 lete.
402 5. Type the password into the terminal when it is required.
403 It is recommended to use method 1 or 2.
404 Multiple authentication methods exist. Most servers support only
405 some of them. Historically, sophisticated methods were devel‐
406 oped to protect passwords from being sent unencrypted to the
407 server, but nowadays everybody needs TLS anyway, so the simple
408 methods suffice since the whole session is protected. A suitable
409 authentication method is chosen automatically, and when TLS is
410 disabled for some reason, only methods that avoid sending clear
411 text passwords are considered.
412 The following user / password methods are supported: plain (a
413 simple plain text method, with base64 encoding, supported by
414 almost all servers), scram-sha-1 (a method that avoids clear-
415 text passwords), cram-md5 (an obsolete method that avoids clear-
416 text passwords, but is not considered secure anymore),
417 digest-md5 (an overcomplicated obsolete method that avoids
418 clear-text passwords, but is not considered secure anymore),
419 login (a non-standard clear-text method similar to but worse
420 than the plain method), ntlm (an obscure non-standard method
421 that is now considered broken; it sometimes requires a special
422 domain parameter passed via ntlmdomain).
423 There are currently three authentication methods that are not
424 based on user / password information and have to be chosen manu‐
425 ally: oauthbearer (an OAuth2 token from the mail provider is
426 used as the password. See the documentation of your mail
427 provider for details on how to get this token. The passwordeval
428 command can be used to pass the regularly changing tokens into
429 msmtp from a script or an environment variable), external (the
430 authentication happens outside of the protocol, typically by
431 sending a TLS client certificate, and the method merely confirms
432 that this authentication succeeded), and gssapi (the Kerberos
433 framework takes care of secure authentication, only a user name
434 is required).
435 It depends on the underlying authentication library and its ver‐
436 sion whether a particular method is supported or not. Use --ver‐
437 sion to find out which methods are supported.
438 user login
440 Set the user name for authentication. An empty argument unsets
441 the user name.
442 password secret
444 Set the password for authentication. An empty argument unsets
445 the password. Consider using the passwordeval command or a key
446 ring instead of this command, to avoid storing plain text pass‐
447 words in the configuration file.
448 passwordeval [eval]
450 Set the password for authentication to the output (stdout) of
451 the command eval. This can be used e.g. to decrypt password
452 files on the fly or to query key rings, and thus to avoid stor‐
453 ing plain text passwords.
454 ntlmdomain [domain]
456 Set a domain for the ntlm authentication method. This is obso‐
457 lete.
458 tls [(on|off)]
460 Enable or disable TLS (also known as SSL) for secured connec‐
461 tions.
462 Transport Layer Security (TLS) "... provides communications pri‐
463 vacy over the Internet. The protocol allows client/server
464 applications to communicate in a way that is designed to prevent
465 eavesdropping, tampering, or message forgery" (quote from
466 RFC2246).
467 A server can use TLS in one of two modes: via a STARTTLS command
468 (the session starts with the normal protocol initialization, and
469 TLS is then started using the protocol's STARTTLS command), or
470 immediately (TLS is initialized before the normal protocol ini‐
471 tialization; this requires a separate port). The first mode is
472 the default, but you can switch to the second mode by disabling
473 tls_starttls.
474 When TLS is started, the server sends a certificate to identify
475 itself. To verify the server identity, a client program is
476 expected to check that the certificate is formally correct and
477 that it was issued by a Certificate Authority (CA) that the user
478 trusts. (There can also be certificate chains with intermediate
479 CAs.)
480 The list of trusted CAs is specified using the tls_trust_file
481 command. The default value ist "system" and chooses the system-
482 wide default, but you can also choose the trusted CAs yourself.
483 One practical problem with this approach is that the client pro‐
484 gram should also check if the server certificate has been
485 revoked for some reason, using a Certificate Revocation List
486 (CRL). A CRL file can be specified using the tls_crl_file com‐
487 mand, but getting the relevant CRL files and keeping them up to
488 date is not straightforward. You are basically on your own.
489 A much more serious and fundamental problem is that you need to
490 trust CAs. Like any other organization, a CA can be incompe‐
491 tent, malicious, subverted by bad people, or forced by govern‐
492 ment agencies to compromise end users without telling them. All
493 of these things happened and continue to happen worldwide. The
494 idea to have central organizations that have to be trusted for
495 your communication to be secure is fundamentally broken.
496 Instead of putting trust in a CA, you can choose to trust only a
497 single certificate for the server you want to connect to. For
498 that purpose, specify the certificate fingerprint with tls_fin‐
499 gerprint. This makes sure that no man-in-the-middle can fake the
500 identity of the server by presenting you a fraudulent certifi‐
501 cate issued by some CA that happens to be in your trust list.
502 However, you have to update the fingerprint whenever the server
503 certificate changes, and you have to make sure that the change
504 is legitimate each time, e.g. when the old certificate expired.
505 This is inconvenient, but it's the price to pay.
506 Information about a server certificate can be obtained with
507 --serverinfo --tls --tls-certcheck=off. This includes the issuer
508 CA of the certificate (so you can trust that CA via
509 tls_trust_file), and the fingerprint of the certificate (so you
510 can trust that particular certificate via tls_fingerprint).
511 TLS also allows the server to verify the identity of the client.
512 For this purpose, the client has to present a certificate issued
513 by a CA that the server trusts. To present that certificate, the
514 client also needs the matching key file. You can set the cer‐
515 tificate and key files using tls_cert_file and tls_key_file.
516 This mechanism can also be used to authenticate users, so that
517 traditional user / password authentication is not necessary any‐
518 more. See the external mechanism in auth.
519 You can also use client certificates stored on some external
520 authentication device by specifying GnuTLS device URIs in
521 tls_cert_file and tls_key_file. You can find the correct URIs
522 using p11tool --list-privkeys --login (p11tool is bundled with
523 GnuTLS). If your device requires a PIN to access the data, you
524 can specify that using one of the password mechanisms (e.g.
525 passwordeval, password).
526 tls_starttls [(on|off)]
528 Choose the TLS variant: start TLS from within the session (on,
529 default), or tunnel the session through TLS (off).
530 tls_trust_file file
532 Activate server certificate verification using a list of trusted
533 Certification Authorities (CAs). The default is the special
534 value "system", which selects the system default. An empty argu‐
535 ment disables trust in CAs. If you select a file, it must be in
536 PEM format, and you should also use tls_crl_file.
537 tls_crl_file [file]
539 Set a certificate revocation list (CRL) file for TLS, to check
540 for revoked certificates. An empty argument disables this.
541 tls_fingerprint [fingerprint]
543 Set the fingerprint of a single certificate to accept for TLS.
544 This certificate will be trusted regardless of its contents
545 (this overrides tls_trust_file). The fingerprint should be of
546 type SHA256, but can for backwards compatibility also be of type
547 SHA1 or MD5 (please avoid this). The format should be
548 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
549 --tls-fingerprint= to get the server certificate fingerprint.
550 tls_key_file file
552 Send a client certificate to the server (use this together with
553 tls_cert_file}). The file must contain the private key of a
554 certificate in PEM format. An empty argument disables this fea‐
555 ture.
556 tls_cert_file file
558 Send a client certificate to the server (use this together with
559 tls_key_file). The file must contain a certificate in PEM for‐
560 mat. An empty argument disables this feature.
561 tls_certcheck [(on|off)]
563 Enable or disable checks of the server certificate. They are
564 enabled by default. Disabling them will override tls_trust_file
565 and tls_fingerprint. WARNING: When the checks are disabled, TLS
566 sessions will not be secure!
567 tls_min_dh_prime_bits [bits]
569 Set or unset the minimum number of Diffie-Hellman (DH) prime
570 bits that mpop will accept for TLS sessions. The default is set
571 by the TLS library and can be selected by using an empty argu‐
572 ment to this command. Only lower the default (for example to
573 512 bits) if there is no other way to make TLS work with the
574 remote server.
575 tls_priorities [priorities]
577 Set the priorities for TLS sessions. The default is set by the
578 TLS library and can be selected by using an empty argument to
579 this command. See the GnuTLS documentation of the gnutls_prior‐
580 ity_init function for a description of the priorities string.
581 from envelope_from
583 Set the envelope-from address. This address will only be used
584 when auto_from is off.
585 auto_from [(on|off)]
587 Enable or disable automatic envelope-from addresses. The default
588 is off. When enabled, an envelope-from address of the form
589 user@domain will be generated. The local part will be set to
590 USER or, if that fails, to LOGNAME or, if that fails, to the
591 login name of the current user. The domain part can be set with
592 the maildomain command. If the maildomain is empty, the enve‐
593 lope-from address will only consist of the user name and not
594 have a domain part. When auto_from is disabled, the envelope-
595 from address must be set explicitly.
596 maildomain [domain]
598 Set a domain part for the generation of an envelope-from
599 address. This is only used when auto_from is on. The domain may
600 be empty.
601 dsn_notify (off|condition)
603 This command sets the condition(s) under which the mail system
604 should send DSN (Delivery Status Notification) messages. The
605 argument off disables explicit DSN requests, which means the
606 mail system decides when to send DSN messages. This is the
607 default. The condition must be never, to never request notifi‐
608 cation, or a comma separated list (no spaces!) of one or more of
609 the following: failure, to request notification on transmission
610 failure, delay, to be notified of message delays, success, to be
611 notified of successful transmission. The SMTP server must sup‐
612 port the DSN extension.
613 dsn_return (off|amount)
615 This command controls how much of a mail should be returned in
616 DSN (Delivery Status Notification) messages. The argument off
617 disables explicit DSN requests, which means the mail system
618 decides how much of a mail it returns in DSN messages. This is
619 the default. The amount must be headers, to just return the
620 message headers, or full, to return the full mail. The SMTP
621 server must support the DSN extension.
622 add_missing_from_header [(on|off)]
624 This command controls whether to add a From header if the mail
625 does not have one. The default is to add it.
626 add_missing_date_header [(on|off)]
628 This command controls whether to add a Date header if the mail
629 does not have one. The default is to add it.
630 remove_bcc_headers [(on|off)]
632 This command controls whether to remove Bcc headers. The default
633 is to remove them.
634 logfile [file]
636 An empty argument disables logging (this is the default).
637 When logging is enabled by choosing a log file, msmtp will
638 append one line to the log file for each mail it tries to send
639 via the account that this log file was chosen for.
640 The line will include the following information: date and time
641 in the format specified by logfile_time_format, host name of the
642 SMTP server, whether TLS was used, whether authentication was
643 used, authentication user name (only if authentication is used),
644 envelope-from address, recipient addresses, size of the mail as
645 transferred to the server (only if the delivery succeeded), SMTP
646 status code and SMTP error message (only in case of failure and
647 only if available), error message (only in case of failure and
648 only if available), exit code (from sysexits.h; EX_OK indicates
649 success).
650 If the filename is a dash (-), msmtp prints the log line to the
651 standard output.
652 logfile_time_format [fmt]
654 Set or unset the log file time format. This will be used as the
655 format string for the strftime() function. An empty argument
656 chooses the default ("%b %d %H:%M:%S").
657 syslog [(on|off|facility)]
659 Enable or disable syslog logging. The facility can be one of
660 LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default is
661 LOG_USER.
662 Each time msmtp tries to send a mail via the account that con‐
663 tains this syslog command, it will log one entry to the syslog
664 service with the chosen facility.
665 The line will include the following information: host name of
666 the SMTP server, whether TLS was used, whether authentication
667 was used, envelope-from address, recipient addresses, size of
668 the mail as transferred to the server (only if the delivery suc‐
669 ceeded), SMTP status code and SMTP error message (only in case
670 of failure and only if available), error message (only in case
671 of failure and only if available), exit code (from sysexits.h;
672 EX_OK indicates success).
673 aliases [file]
675 Replace local recipients with addresses in the aliases file.
676 The aliases file is a plain text file containing mappings
677 between a local address and a list of replacement addresses. The
678 mappings are of the form:
679 local: someone@example.com, person@domain.example
680 Multiple replacement addresses are separated with commas. Com‐
681 ments start with `#' and continue to the end of the line.
682 The local address default has special significance and is
683 matched if the local address is not found in the aliases file.
684 If no default alias is found, then the local address is left as
685 is.
686 An empty argument to the aliases command disables the replace‐
687 ment of local addresses. This is the default.
688
690 Configuration file
691 # Example for a user configuration file ~/.msmtprc
693 #
694 # This file focusses on TLS and authentication. Features not used here
695 include
696 # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status
697 Notification
698 # (DSN) settings, and more.
699 # Set default values for all following accounts.
701 defaults
702 # Use the mail submission port 587 instead of the SMTP port 25.
704 port 587
705 # Always use TLS.
707 tls on
708 # Set a list of trusted CAs for TLS. The default is to use system set‐
710 tings, but
711 # you can select your own file.
712 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
713 # If you select your own file, you should also use the tls_crl_file
715 command to
716 # check for revoked certificates, but unfortunately getting revocation
717 lists and
718 # keeping them up to date is not straightforward.
719 #tls_crl_file ~/.tls-crls
720 # A freemail service
722 account freemail
723 # Host name of the SMTP server
725 host smtp.freemail.example
726 # As an alternative to tls_trust_file/tls_crl_file, you can use
728 tls_fingerprint
729 # to pin a single certificate. You have to update the fingerprint when
730 the
731 # server certificate changes, but an attacker cannot trick you into
732 accepting
733 # a fraudulent certificate. Get the fingerprint with
734 # $ msmtp --serverinfo --tls --tls-certcheck=off
735 --host=smtp.freemail.example
736 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
737 :22:33
738 # Envelope-from address
740 from joe_smith@freemail.example
741 # Authentication. The password is given using one of five methods, see
743 below.
744 auth on
745 user joe.smith
746 # Password method 1: Add the password to the system keyring, and let
748 msmtp get
749 # it automatically. To set the keyring password using Gnome's libse‐
750 cret:
751 # $ secret-tool store --label=msmtp \
752 # host smtp.freemail.example \
753 # service smtp \
754 # user joe.smith
755 # Password method 2: Store the password in an encrypted file, and tell
757 msmtp
758 # which command to use to decrypt it. This is usually used with GnuPG,
759 as in
760 # this example. Usually gpg-agent will ask once for the decryption
761 password.
762 passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
763 # Password method 3: Store the password directly in this file. Usually
765 it is not
766 # a good idea to store passwords in plain text files. If you do it any‐
767 way, at
768 # least make sure that this file can only be read by yourself.
769 #password secret123
770 # Password method 4: Store the password in ~/.netrc. This method is
772 probably not
773 # relevant anymore.
774 # Password method 5: Do not specify a password. Msmtp will then prompt
776 you for
777 # it. This means you need to be able to type into a terminal when msmtp
778 runs.
779 # A second mail address at the same freemail service
781 account freemail2 : freemail
782 from joey@freemail.example
783 # The SMTP server of your ISP
785 account isp
786 host mail.isp.example
787 from smithjoe@isp.example
788 auth on
789 user 12345
790 # Set a default account
792 account default : freemail
793 Using msmtp with Mutt
796 Create a configuration file for msmtp and add the following lines to
798 your Mutt configuration file:
799 set sendmail="/path/to/msmtp"
800 set use_from=yes
801 set realname="Your Name"
802 set from=you@example.com
803 set envelope_from=yes
804 The envelope_from=yes option lets Mutt use the -f option of msmtp.
805 Therefore msmtp chooses the first account that matches the from address
806 you@example.com.
807 Alternatively, you can use the -a option:
808 set sendmail="/path/to/msmtp -a my-account"
809 Or set everything from the command line (but note that you cannot set a
810 password this way):
811 set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls
812 --tls-trust-file=trust.crt"
813 If you have multiple mail accounts in your msmtp configuration file and
815 let Mutt use the -f option to choose the right one, you can easily
816 switch accounts in Mutt with the following Mutt configuration lines:
817 macro generic "<esc>1" ":set from=you@example.com"
818 macro generic "<esc>2" ":set from=you@your-employer.example"
819 macro generic "<esc>3" ":set from=you@some-other-provider.example"
820 Using msmtp with mail
823 Define a default account, and put the following in your ~/.mailrc:
825 set sendmail="/path/to/msmtp"
826 Using msmtp with Tor
829 Use the following settings:
831 proxy_host 127.0.0.1
832 proxy_port 9050
833 tls on
834 Use an IP address as proxy host name, so that msmtp does not leak a DNS
835 query when resolving it.
836 TLS is required to prevent exit hosts from reading your SMTP session.
837 Do not set domain to something that you do not want to reveal (do not
838 set it at all if possible).
839 Aliases file
842 # Example aliases file
844 # Send root to Joe and Jane
846 root: joe_smith@example.com, jane_chang@example.com
847 # Send cron to Mark
849 cron: mark_jones@example.com
850 # Send everything else to admin
852 default: admin@domain.example
853
856 SYSCONFDIR/msmtprc
857 System configuration file. Use --version to find out what
858 SYSCONFDIR is on your platform.
859 ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
861 User configuration file.
862 ~/.netrc and SYSCONFDIR/netrc
864 The netrc file contains login information. Before prompting for
865 a password, msmtp will search it in ~/.netrc and
866 SYSCONFDIR/netrc.
867
869 USER, LOGNAME
870 These variables override the user's login name when constructing
871 an envelope-from address. LOGNAME is only used if USER is unset.
872 TMPDIR Directory to create temporary files in. If this is unset, a sys‐
874 tem specific default directory is used.
875 A temporary file is only created when the -t/--read-recipients
876 or --read-envelope-from option is used. The file is then used to
877 buffer the headers of the mail (but not the body, so the file
878 won't get very large).
879 EMAIL, SMTPSERVER
881 These environment variables are used only if neither --host nor
882 --account is used and there is no default account defined in the
883 configuration files. In this case, the host name is taken from
884 SMTPSERVER, and the envelope from address is taken from EMAIL,
885 unless overridden by --from or --read-envelope-from. Currently
886 SMTPSERVER must contain a plain host name (no URL), and EMAIL
887 must contain a plain address (no names or additional informa‐
888 tion).
889
891 msmtp was written by Martin Lambers <marlam@marlam.de>.
892 Other authors are listed in the AUTHORS file in the source distribu‐
893 tion.
894
896 sendmail(8), netrc(5) or ftp(1)
897 2019-07 MSMTP(1)