1MPOP(1) General Commands Manual MPOP(1)
2
3
4
6 mpop - A POP3 client
7
9 Mail retrieval mode (default):
10 mpop [option...] [--] [account...]
11 mpop --host=host [option...]
12
13 Configuration mode:
14 mpop --configure <mailaddress>
15
16 Server information mode:
17 mpop [option...] --serverinfo [account...]
18 mpop --host=host [option...] --serverinfo
19
21 In mail retrieval mode of operation, mpop retrieves mails from one or
22 more POP3 mailboxes, optionally does some filtering, and delivers them
23 through a mail delivery agent (MDA), to a maildir folder, or to an mbox
24 file. Mails that were successfully delivered before will not be
25 retrieved a second time, even if errors occur or mpop is terminated in
26 the middle of a session.
27 In server information mode, mpop prints information about one or more
28 POP3 servers.
29 If no account names are given on the command line, one named default
30 will be used.
31 The best way to start is probably to have a look at the EXAMPLES sec‐
32 tion.
33
35 The standard sendmail exit codes are used, as defined in sysexits.h.
36
38 Options override configuration file settings, for every used account.
39
40 General Options
41
42 --version
43 Print version information, including information about
44 the libraries used.
45
46 --help Print help.
47
48 -P, --pretend
49 Print the configuration settings that would be used, but
50 do not take further action. An asterisk (`*') will be
51 printed instead of your password.
52
53 -d, --debug
54 Print lots of debugging information, including the whole
55 conversation with the server. Be careful with this
56 option: the (potentially dangerous) output will not be
57 sanitized, and your password may get printed in an easily
58 decodable format!
59 This option implies --half-quiet, because the progress
60 output would interfere with the debugging output.
61
62 Changing the mode of operation
63
64 --configure=mailaddress
65 Generate a configuration for the given mail address and
66 print it. This can be modified or copied unchanged to the
67 configuration file. Note that this only works for mail
68 domains that publish appropriate SRV records; see RFC
69 8314.
70
71 -S, --serverinfo
72 Print information about the POP3 server(s) and exit. This
73 includes information about supported features (pipelin‐
74 ing, authentication methods, TOP command, ...), about
75 parameters (time for which mails will not be deleted,
76 minimum time between logins, ...), and about the TLS cer‐
77 tificate (if TLS is active).
78
79 Configuration options
80
81 -C, --file=conffile
82 Use the given file instead of ~/.mpoprc or $XDG_CON‐
83 FIG_HOME/mpop/config as the user configuration file.
84
85 --host=hostname
86 Use this server with settings from the command line; do
87 not use any configuration file data. This option disables
88 loading of the configuration file. You cannot use both
89 this option and account names on the command line.
90
91 --port=number
92 Set the port number to connect to. See the port command.
93
94 --source-ip=[IP]
95 Set or unset an IP address to bind the socket to. See the
96 source_ip command.
97
98 --proxy-host=[IP|hostname]
99 Set or unset a SOCKS proxy to use. See the proxy_host
100 command.
101
102 --proxy-port=[number]
103 Set or unset a port number for the proxy host. See the
104 proxy_port command.
105
106 --timeout=(off|seconds)
107 Set a network timeout. See the timeout command.
108
109 --pipelining=(auto|on|off)
110 Enable or disable POP3 pipelining. See the pipelining
111 command.
112
113 --received-header[=(on|off)]
114 Enable or disable the Received header. See the
115 received_header command.
116
117 --auth[=(on|method)]
118 Set the authentication method to automatic (with "on") or
119 manually choose an authentication method. See the auth
120 command.
121
122 --user=[username]
123 Set or unset the user name for authentication. See the
124 user command.
125
126 --passwordeval=[eval]
127 Evaluate password for authentication. See the passworde‐
128 val command.
129
130 --tls[=(on|off)]
131 Enable or disable TLS/SSL. See the tls command.
132
133 --tls-starttls[=(on|off)]
134 Enable or disable STARTTLS for TLS. See the tls_starttls
135 command.
136
137 --tls-trust-file=[file]
138 Set or unset a trust file for TLS. See the tls_trust_file
139 command.
140
141 --tls-crl-file=[file]
142 Set or unset a certificate revocation list (CRL) file for
143 TLS. See the tls_crl_file command.
144
145 --tls-fingerprint=[fingerprint]
146 Set or unset the fingerprint of a trusted TLS certifi‐
147 cate. See the tls_fingerprint command.
148
149 --tls-key-file=[file]
150 Set or unset a key file for TLS. See the tls_key_file
151 command.
152
153 --tls-cert-file=[file]
154 Set or unset a cert file for TLS. See the tls_cert_file
155 command.
156
157 --tls-certcheck[=(on|off)]
158 Enable or disable server certificate checks for TLS. See
159 the tls_certcheck command.
160
161 --tls-min-dh-prime-bits=[bits]
162 Set or unset minimum bit size of the Diffie-Hellmann (DH)
163 prime. See the tls_min_dh_prime_bits command.
164
165 --tls-priorities=[priorities]
166 Set or unset TLS priorities. See the tls_priorities com‐
167 mand.
168
169 Options specific to mail retrieval mode
170
171 -q, --quiet
172 Do not print status or progress information.
173
174 -Q, --half-quiet
175 Print status but not progress information.
176
177 -a, --all-accounts
178 Query all accounts in the configuration file.
179
180 -A, --auth-only
181 Authenticate only; do not retrieve mail. Useful for SMTP-
182 after-POP.
183
184 -s, --status-only
185 Print number and size of mails in each account only; do
186 not retrieve mail.
187
188 -n, --only-new[=(on|off)]
189 Process only new messages. See the only_new command.
190
191 -k, --keep[=(on|off)]
192 Do not delete mails from POP3 servers, regardless of
193 other options or settings. See the keep command.
194
195 --killsize=(off|size)
196 Set or unset kill size. See the killsize command.
197
198 --skipsize=(off|size)
199 Set or unset skip size. See the skipsize command.
200
201 --filter=[program]
202 Set a filter which will decide whether to retrieve, skip,
203 or delete each mail by investigating the mail's headers.
204 See the filter command.
205
206 --delivery=method,method_arguments...
207 How to deliver messages received from this account. See
208 the delivery command. Note that a comma is used instead
209 of a blank to separate the method from its arguments.
210
211 --uidls-file=filename
212 File to store UIDLs in. See the uidls_file command.
213
215 A suggestion for a suitable configuration file can be generated using
216 the --configure option. The default configuration file is ~/.mpoprc or
217 $XDG_CONFIG_HOME/mpop/config. Settings in this file can be changed by
218 command line options.
219 A configuration file is a simple text file. Empty lines and comment
220 lines (first non-blank character is '#') are ignored. Every other line
221 must contain a command and may contain an argument to that command.
222 The argument may be enclosed in double quotes (").
223 If a file name starts with the tilde (~), this tilde will be replaced
224 by $HOME.
225 If a command accepts the argument on, it also accepts an empty argument
226 and treats that as if it was on.
227 Commands are organized in accounts. Each account starts with the
228 account command and defines the settings for one POP3 account.
229
230 Commands are as follows:
231
232 defaults
233 Set defaults. The following configuration commands will set
234 default values for all following account definitions.
235
236 account name [:account[,...]]
237 Start a new account definition with the given name. The current
238 default values are filled in.
239 If a colon and a list of previously defined accounts is given
240 after the account name, the new account, with the filled in
241 default values, will inherit all settings from the accounts in
242 the list.
243
244 host hostname
245 The POP3 server to retrieve mails from. The argument may be a
246 host name or a network address. Every account definition must
247 contain this command.
248
249 port number
250 The port that the POP3 server listens on. The default is 110
251 ("pop3"), unless TLS without STARTTLS is used, in which case it
252 is 995 ("pop3s").
253
254 source_ip [IP]
255 Set a source IP address to bind the outgoing connection to. Use‐
256 ful only in special cases on multi-home systems. An empty argu‐
257 ment disables this.
258
259 proxy_host [IP|hostname]
260 Use a SOCKS proxy. All network traffic will go through this
261 proxy host, including DNS queries, except for a DNS query that
262 might be necessary to resolve the proxy host name itself (this
263 can be avoided by using an IP address as proxy host name). An
264 empty hostname argument disables proxy usage. The supported
265 SOCKS protocol version is 5. If you want to use this with Tor,
266 see also "Using mpop with Tor" below.
267
268 proxy_port [number]
269 Set the port number for the proxy host. An empty number argument
270 resets this to the default port, which is 1080 ("socks").
271
272 timeout (off|seconds)
273 Set or unset a network timeout, in seconds. The default is 180
274 seconds. The argument off means that no timeout will be set,
275 which means that the operating system default will be used.
276
277 pipelining (auto|on|off)
278 Enable or disable POP3 pipelining. You should never need to
279 change the default setting, which is auto: mpop enables pipelin‐
280 ing for POP3 servers that advertise this capability, and dis‐
281 ables it for all other servers. Pipelining can speed up a POP3
282 session substantially.
283
284 auth [(on|method)]
285 Choose an authentication method. The default argument on chooses
286 a method automatically.
287 Usually a user name and a password are used for authentication.
288 The user name is specified in the configuration file with the
289 user command. There are five different methods to specify the
290 password:
291 1. Add the password to the system key ring. Currently supported
292 key rings are the Gnome key ring and the Mac OS X Keychain. For
293 the Gnome key ring, use the command secret-tool (part of Gnome's
294 libsecret) to store passwords: secret-tool store --label=mpop
295 host pop.freemail.example service pop3 user joe.smith. On Mac
296 OS X, use the following command: security add-internet-password
297 -s pop.freemail.example -r pop3 -a joe.smith -w. In both exam‐
298 ples, replace pop.freemail.example with the POP3 server name,
299 and joe.smith with your user name.
300 2. Store the password in an encrypted files, and use passworde‐
301 val to specify a command to decrypt that file, e.g. using GnuPG.
302 See EXAMPLES.
303 3. Store the password in the configuration file using the pass‐
304 word command. (Usually it is not considered a good idea to
305 store passwords in plain text files. If you do it anyway, you
306 must make sure that the file can only be read by yourself.)
307 4. Store the password in ~/.netrc. This method is probably obso‐
308 lete.
309 5. Type the password into the terminal when it is required.
310 It is recommended to use method 1 or 2.
311 Multiple authentication methods exist. Most servers support only
312 some of them. Historically, sophisticated methods were devel‐
313 oped to protect passwords from being sent unencrypted to the
314 server, but nowadays everybody needs TLS anyway, so the simple
315 methods suffice since the whole session is protected. A suitable
316 authentication method is chosen automatically, and when TLS is
317 disabled for some reason, only methods that avoid sending clear
318 text passwords are considered.
319 The following user / password methods are supported: user (a
320 simple plain text method supported by all servers), plain
321 (another simple plain text method, supported by almost all
322 servers), scram-sha-1 (a method that avoids clear-text pass‐
323 words), apop (an obsolete method that avoids clear-text pass‐
324 words, but is not considered secure anymore), cram-md5 (an obso‐
325 lete method that avoids clear-text passwords, but is not consid‐
326 ered secure anymore), digest-md5 (an overcomplicated obsolete
327 method that avoids clear-text passwords, but is not considered
328 secure anymore), login (a non-standard clear-text method similar
329 to but worse than the plain method), ntlm (an obscure non-stan‐
330 dard method that is now considered broken; it sometimes requires
331 a special domain parameter passed via ntlmdomain).
332 There are currently three authentication methods that are not
333 based on user / password information and have to be chosen manu‐
334 ally: oauthbearer (an OAuth2 token from the mail provider is
335 used as the password; a user name is not required. See the docu‐
336 mentation of your mail provider for details on how to get this
337 token. The passwordeval command can be used to pass the regu‐
338 larly changing tokens into mpop from a script or an environment
339 variable), external (the authentication happens outside of the
340 protocol, typically by sending a TLS client certificate, and the
341 method merely confirms that this authentication succeeded), and
342 gssapi (the Kerberos framework takes care of secure authentica‐
343 tion, only a user name is required).
344 It depends on the underlying authentication library and its ver‐
345 sion whether a particular method is supported or not. Use --ver‐
346 sion to find out which methods are supported.
347
348 user login
349 Set the user name for authentication. An empty argument unsets
350 the user name.
351
352 password secret
353 Set the password for authentication. An empty argument unsets
354 the password. Consider using the passwordeval command or a key
355 ring instead of this command, to avoid storing plain text pass‐
356 words in the configuration file.
357
358 passwordeval [eval]
359 Set the password for authentication to the output (stdout) of
360 the command eval. This can be used e.g. to decrypt password
361 files on the fly or to query key rings, and thus to avoid stor‐
362 ing plain text passwords.
363
364 ntlmdomain [domain]
365 Set a domain for the ntlm authentication method. This is obso‐
366 lete.
367
368 tls [(on|off)]
369 Enable or disable TLS (also known as SSL) for secured connec‐
370 tions.
371 Transport Layer Security (TLS) "... provides communications pri‐
372 vacy over the Internet. The protocol allows client/server
373 applications to communicate in a way that is designed to prevent
374 eavesdropping, tampering, or message forgery" (quote from
375 RFC2246).
376 A server can use TLS in one of two modes: via a STARTTLS command
377 (the session starts with the normal protocol initialization, and
378 TLS is then started using the protocol's STARTTLS command), or
379 immediately (TLS is initialized before the normal protocol ini‐
380 tialization; this requires a separate port). The first mode is
381 the default, but you can switch to the second mode by disabling
382 tls_starttls.
383 When TLS is started, the server sends a certificate to identify
384 itself. To verify the server identity, a client program is
385 expected to check that the certificate is formally correct and
386 that it was issued by a Certificate Authority (CA) that the user
387 trusts. (There can also be certificate chains with intermediate
388 CAs.)
389 The list of trusted CAs is specified using the tls_trust_file
390 command. The default value ist "system" and chooses the system-
391 wide default, but you can also choose the trusted CAs yourself.
392 One practical problem with this approach is that the client pro‐
393 gram should also check if the server certificate has been
394 revoked for some reason, using a Certificate Revocation List
395 (CRL). A CRL file can be specified using the tls_crl_file com‐
396 mand, but getting the relevant CRL files and keeping them up to
397 date is not straightforward. You are basically on your own.
398 A much more serious and fundamental problem is is that you need
399 to trust CAs. Like any other organization, a CA can be incompe‐
400 tent, malicious, subverted by bad people, or forced by govern‐
401 ment agencies to compromise end users without telling them. All
402 of these things happened and continue to happen worldwide. The
403 idea to have central organizations that have to be trusted for
404 your communication to be secure is fundamentally broken.
405 Instead of putting trust in a CA, you can choose to trust only a
406 single certificate for the server you want to connect to. For
407 that purpose, specify the certificate fingerprint with tls_fin‐
408 gerprint. This makes sure that no man-in-the-middle can fake the
409 identity of the server by presenting you a fraudulent certifi‐
410 cate issued by some CA that happens to be in your trust list.
411 However, you have to update the fingerprint whenever the server
412 certificate changes, and you have to make sure that the change
413 is legitimate each time, e.g. when the old certificate expired.
414 This is inconvenient, but it's the price to pay.
415 Information about a server certificate can be obtained with
416 --serverinfo --tls --tls-certcheck=off. This includes the issuer
417 CA of the certificate (so you can trust that CA via
418 tls_trust_file), and the fingerprint of the certificate (so you
419 can trust that particular certificate via tls_fingerprint).
420 TLS also allows the server to verify the identity of the client.
421 For this purpose, the client has to present a certificate issued
422 by a CA that the server trusts. To present that certificate, the
423 client also needs the matching key file. You can set the cer‐
424 tificate and key files using tls_cert_file and tls_key_file.
425 This mechanism can also be used to authenticate users, so that
426 traditional user / password authentication is not necessary any‐
427 more. See the external mechanism in auth.
428
429 tls_starttls [(on|off)]
430 Choose the TLS variant: start TLS from within the session (on,
431 default), or tunnel the session through TLS (off).
432
433 tls_trust_file file
434 Activate server certificate verification using a list of trusted
435 Certification Authorities (CAs). The default is the special
436 value "system", which selects the system default. An empty argu‐
437 ment disables trust in CAs. If you select a file, it must be in
438 PEM format, and you should also use tls_crl_file.
439
440 tls_crl_file [file]
441 Set a certificate revocation list (CRL) file for TLS, to check
442 for revoked certificates. An empty argument disables this.
443
444 tls_fingerprint [fingerprint]
445 Set the fingerprint of a single certificate to accept for TLS.
446 This certificate will be trusted regardless of its contents
447 (this overrides tls_trust_file). The fingerprint should be of
448 type SHA256, but can for backwards compatibility also be of type
449 SHA1 or MD5 (please avoid this). The format should be
450 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
451 --tls-fingerprint= to get the server certificate fingerprint.
452
453 tls_key_file file
454 Send a client certificate to the server (use this together with
455 tls_cert_file}). The file must contain the private key of a
456 certificate in PEM format. An empty argument disables this fea‐
457 ture.
458
459 tls_cert_file file
460 Send a client certificate to the server (use this together with
461 tls_key_file). The file must contain a certificate in PEM for‐
462 mat. An empty argument disables this feature.
463
464 tls_certcheck [(on|off)]
465 Enable or disable checks of the server certificate. They are
466 enabled by default. Disabling them will override tls_trust_file
467 and tls_fingerprint. WARNING: When the checks are disabled, TLS
468 sessions will not be secure!
469
470 tls_min_dh_prime_bits [bits]
471 Set or unset the minimum number of Diffie-Hellman (DH) prime
472 bits that mpop will accept for TLS sessions. The default is set
473 by the TLS library and can be selected by using an empty argu‐
474 ment to this command. Only lower the default (for example to
475 512 bits) if there is no other way to make TLS work with the
476 remote server.
477
478 tls_priorities [priorities]
479 Set the priorities for TLS sessions. The default is set by the
480 TLS library and can be selected by using an empty argument to
481 this command. See the GnuTLS documentation of the gnutls_prior‐
482 ity_init function for a description of the priorities string.
483
484 delivery method method_arguments...
485 How to deliver messages received from this account.
486
487 delivery mda command
488 Deliver the mails through a mail delivery agent (MDA).
489 All occurrences of %F in the command will be replaced
490 with the envelope from address of the current message (or
491 MAILER-DAEMON if none is found). Note that this address
492 is guaranteed to contain only letters a-z and A-Z, digits
493 0-9, and any of ".@_-+/", even though that is only a sub‐
494 set of what is theoretically allowed in a mail address.
495 Other characters, including those interpreted by the
496 shell, are replaced with "_". Nevertheless, you should
497 put %F into single quotes: '%F'.
498 Use "delivery mda /usr/bin/procmail -f '%F' -d $USER" for
499 the procmail MDA.
500 Use "delivery mda /usr/sbin/sendmail -oi -oem -f '%F' --
501 $USER" to let your MTA handle the mail.
502 Use "delivery mda /usr/local/bin/msmtp --host=localhost
503 --from='%F' -- $USER@`hostname`.`dnsdomainname`" to pass
504 the mail to your MTA via SMTP. (This is what fetchmail
505 does by default.)
506
507 delivery maildir directory
508 Deliver the mails to the given maildir directory. The
509 directory must exist and it must have the maildir subdi‐
510 rectories cur, new, and tmp; mpop will not create direc‐
511 tories. This delivery type only works on file systems
512 that support hard links.
513
514 delivery mbox mbox-file
515 Deliver the mails to the given file in mbox format. The
516 file will be locked with fcntl(2). mpop uses the MBOXRD
517 mbox format variant; see the documentation of the mbox
518 format.
519
520 delivery exchange directory
521 Deliver the mails to the given Exchange pickup directory.
522 The directory must exist.
523
524 If the delivery method needs to parse the mail headers for an
525 envelope from address (the mda method if the command contains
526 %F, and the mbox method), then it needs to create a temporary
527 file to store the mail headers (but not the body) in. See
528 $TMPDIR in the FILES / ENVIRONMENT section.
529
530 uidls_file filename
531 The file to store UIDLs in. These are needed to identify new
532 messages. %U in the filename will be replaced by the username
533 of the current account. %H in the filename will be replaced by
534 the hostname of the current account. If the filename contains
535 directories that do not exist, mpop will create them. mpop
536 locks this file for exclusive access when accessing the associ‐
537 ated POP3 account.
538 The default value is "~/.mpop_uidls/%U_at_%H". You can also use
539 a single UIDLS file for multiple accounts, but then you cannot
540 poll more than one of these accounts at the same time.
541
542 only_new [(on|off)]
543 By default, mpop processes only new messages (new messages are
544 those that were not already successfully retrieved in an earlier
545 session). If this option is turned off, mpop will process all
546 messages.
547
548 keep [(on|off)]
549 Keep all mails on the POP3 server, never delete them. The
550 default behaviour is to delete mails that have been successfully
551 retrieved or filtered by kill filters.
552
553 killsize (off|size)
554 Mails larger than the given size will be deleted (unless the
555 keep command is used, in which case they will just be skipped).
556 The size argument must be zero or greater. If it is followed by
557 a `k' or an `m', the size is measured in kibibytes/mebibytes
558 instead of bytes. Note that some POP3 servers report slightly
559 incorrect sizes for mails; see NOTES below.
560 When killsize is set to 0 and keep is set to on, then all mails
561 are marked as retrieved, but no mail gets deleted from the
562 server. This can be used to synchronize the UID list on the
563 client to the UID list on the server.
564
565 skipsize (off|size)
566 Mails larger than the given size will be skipped (not down‐
567 loaded). The size argument must be zero or greater. If it is
568 followed by a `k' or an `m', the size is measured in
569 kibibytes/mebibytes instead of bytes. Note that some POP3
570 servers report slightly incorrect sizes for mails; see NOTES
571 below.
572
573 filter [command]
574 Set a filter which will decide whether to retrieve, skip, or
575 delete each mail by investigating the mail's headers. The POP3
576 server must support the POP3 TOP command for this to work; see
577 option --serverinfo above. An empty argument disables filtering.
578 All occurrences of %F in the command will be replaced with the
579 envelope from address of the current message (or MAILER-DAEMON
580 if none is found). Note that this address is guaranteed to con‐
581 tain only letters a-z and A-Z, digits 0-9, and any of ".@_-+/",
582 even though that is only a subset of what is theoretically
583 allowed in a mail address. Other characters, including those
584 interpreted by the shell, are replaced with "_". Nevertheless,
585 you should put %F into single quotes: '%F'.
586 All occurrences of %S in the command will be replaced with the
587 size of the current mail as reported by the POP3 server.
588 The mail headers (plus the blank line separating the headers
589 from the body) will be piped to the command. Based on the return
590 code, mpop decides what to do with the mail:
591 0: proceed normally; no special action
592 1: delete the mail; do not retrieve it
593 2: skip the mail; do not retrieve it
594 Return codes greater than or equal to 3 mean that an error
595 occurred. The sysexits.h error codes may be used to give infor‐
596 mation about the kind of the error, but this is not necessary.
597
598 received_header [(on|off)]
599 Enable or disable adding a Received header. By default, mpop
600 prepends a Received header to the mail during delivery. This is
601 required by the RFCs if the mail is subsequently further deliv‐
602 ered e.g. via SMTP.
603
605 There are three filtering commands available. They will be executed in
606 the following order:
607 killsize
608 skipsize
609 filter
610 If a filtering command applies to a mail, the remaining filters will
611 not be executed.
612
614 Configuration file
615
616 # Example for a user configuration file ~/.mpoprc
617 #
618 # This file focusses on TLS, authentication, and the mail delivery
619 method.
620 # Features not used here include mail filtering, timeouts, SOCKS prox‐
621 ies,
622 # TLS parameters, and more.
623
624 # Set default values for all following accounts.
625 defaults
626
627 # Always use TLS.
628 tls on
629
630 # Set a list of trusted CAs for TLS. The default is to use system set‐
631 tings, but
632 # you can select your own file.
633 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
634
635 # If you select your own file, you should also use the tls_crl_file
636 command to
637 # check for revoked certificates, but unfortunately getting revocation
638 lists and
639 # keeping them up to date is not straightforward.
640 #tls_crl_file ~/.tls-crls
641
642 # Deliver mail to an MBOX mail file:
643 delivery mbox ~/Mail/inbox
644 # Deliver mail to a maildir folder:
645 #delivery maildir ~/Mail/incoming
646 # Deliver mail via procmail:
647 #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
648 # Deliver mail via the local SMTP server:
649 #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
650 # Deliver mail to an Exchange pickup directory:
651 #delivery exchange c:\exchange\pickup
652
653 # Use an UIDLS file in ~/.local/share instead of ~/.mpop_uidls
654 uidls_file ~/.local/share/%U_at_%H
655
656 # A freemail service
657 account freemail
658
659 # Host name of the POP3 server
660 host pop.freemail.example
661
662 # As an alternative to tls_trust_file/tls_crl_file, you can use
663 tls_fingerprint
664 # to pin a single certificate. You have to update the fingerprint when
665 the
666 # server certificate changes, but an attacker cannot trick you into
667 accepting
668 # a fraudulent certificate. Get the fingerprint with
669 # $ mpop --serverinfo --tls --tls-certcheck=off
670 --host=pop.freemail.example
671 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
672 :22:33
673
674 # Authentication. The password is given using one of five methods, see
675 below.
676 user joe.smith
677
678 # Password method 1: Add the password to the system keyring, and let
679 mpop get
680 # it automatically. To set the keyring password using Gnome's libse‐
681 cret:
682 # $ secret-tool store --label=mpop \
683 # host pop.freemail.example \
684 # service pop3 \
685 # user joe.smith
686
687 # Password method 2: Store the password in an encrypted file, and tell
688 mpop
689 # which command to use to decrypt it. This is usually used with GnuPG,
690 as in
691 # this example. Usually gpg-agent will ask once for the decryption
692 password.
693 passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg
694
695 # Password method 3: Store the password directly in this file. Usually
696 it is not
697 # a good idea to store passwords in plain text files. If you do it any‐
698 way, at
699 # least make sure that this file can only be read by yourself.
700 #password secret123
701
702 # Password method 4: Store the password in ~/.netrc. This method is
703 probably not
704 # relevant anymore.
705
706 # Password method 5: Do not specify a password. Mpop will then prompt
707 you for
708 # it. This means you need to be able to type into a terminal when mpop
709 runs.
710
711 # A second mail box at the same freemail service
712 account freemail2 : freemail
713 user joey
714
715 # The POP3 server of your ISP
716 account isp
717 host mail.isp.example
718 auth on
719 user 12345
720 # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status:
721 Yes"
722 # header, and delete all mails with this header before downloading
723 them.
724 filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit
725 0; fi
726
727 # Set a default account
728 account default : freemail
729
730
731 Filtering with SpamAssassin
732
733 The command filter "/path/to/spamc -c > /dev/null" will delete all
734 mails that SpamAssassin thinks are spam. Since no message body is
735 passed to SpamAssassin, you should disable all body-specific tests in
736 the SpamAssassin configuration file; for example set use_bayes 0.
737
738 If your mail provider runs SpamAssassin for you, you just have to check
739 for the result. The following script can do that when used as an mpop
740 filter:
741 #!/bin/sh
742 if [ "`grep "^X-Spam-Status: Yes"`" ]; then
743 exit 1 # kill this message
744 else
745 exit 0 # proceed normally
746 fi
747 Since the filter command is passed to a shell, you can also use this
748 directly:
749 filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0;
750 fi
751
752
753 Using mpop with Tor
754
755 Use the following settings:
756 proxy_host 127.0.0.1
757 proxy_port 9050
758 tls on
759 Use an IP address as proxy host name, so that mpop does not leak a DNS
760 query when resolving it.
761 TLS is required to prevent exit hosts from reading your POP3 session.
762
763
764
766 ~/.mpoprc or $XDG_CONFIG_HOME/mpop/config
767 Default configuration file.
768
769 ~/.mpop_uidls
770 Default directory to store UIDLs files in.
771
772 ~/.netrc and SYSCONFDIR/netrc
773 The netrc file contains login information. Before prompting for
774 a password, msmtp will search it in ~/.netrc and
775 SYSCONFDIR/netrc.
776
778 $USER, $LOGNAME
779 These variables override the user's login name. $LOGNAME is only
780 used if $USER is unset. The user's login name is used for
781 Received headers.
782
783 $TMPDIR
784 Directory to create temporary files in. If this is unset, a sys‐
785 tem specific default directory is used.
786
788 mpop was written by Martin Lambers <marlam@marlam.de>
789 Other authors are listed in the AUTHORS file in the source distribu‐
790 tion.
791
793 procmail(1), spamassassin(1), netrc(5) or ftp(1), mbox(5), fcntl(2)
794
795
796
797 2019-04 MPOP(1)