1MSMTP(1) General Commands Manual MSMTP(1)
2
6 msmtp - An SMTP client
7
9 Sendmail mode (default):
10 msmtp [option...] [--] recipient...
11 msmtp [option...] -t [--] [recipient...]
12 Configuration mode:
14 msmtp --configure <mailaddress>
15 Server information mode:
17 msmtp [option...] --serverinfo
18 Remote Message Queue Starting mode:
20 msmtp [option...] --rmqs=host|@domain|#queue
21
23 In the default sendmail mode, msmtp reads a mail from standard input
24 and sends it to an SMTP server for delivery.
25 In server information mode, msmtp prints information about an SMTP
26 server.
27 In Remote Message Queue Starting mode, msmtp sends a Remote Message
28 Queue Starting request for a host, domain, or queue to an SMTP server.
29
31 The standard sendmail exit status codes are used, as defined in sysex‐
32 its.h.
33
35 Options override configuration file settings.
36 They are compatible with sendmail where appropriate.
37 General options
39 --version
41 Print version information, including information about
42 the libraries used.
43 --help Print help.
45 -P, --pretend
47 Print the configuration settings that would be used, but
48 do not take further action. An asterisk (`*') will be
49 printed instead of your password.
50 -v, -d, --debug
52 Print lots of debugging information, including the whole
53 conversation with the SMTP server. Be careful with this
54 option: the (potentially dangerous) output will not be
55 sanitized, and your password may get printed in an easily
56 decodable format!
57 Changing the mode of operation
59 --configure=mailaddress
61 Generate a configuration for the given mail address and
62 print it. This can be modified or copied unchanged to the
63 configuration file. Note that this only works for mail
64 domains that publish appropriate SRV records; see RFC
65 8314.
66 -S, --serverinfo
68 Print information about the SMTP server and exit. This
69 includes information about supported features (mail size
70 limit, authentication, TLS, DSN, ...) and about the TLS
71 certificate (if TLS is active).
72 --rmqs=(host|@domain|#queue)
74 Send a Remote Message Queue Starting request for the
75 given host, domain, or queue to the SMTP server and exit.
76 Configuration options
78 -C, --file=filename
80 Use the given file instead of ~/.msmtprc or $XDG_CON‐
81 FIG_HOME/msmtp/config as the user configuration file.
82 -a, --account=account_name
84 Use the given account instead of the account named
85 "default". The settings of this account may be changed
86 with command line options. This option cannot be used
87 together with the --host option.
88 --host=hostname
90 Use this SMTP server with settings from the command line;
91 do not use any configuration file data. This option can‐
92 not be used together with the --account option.
93 --port=number
95 Set the port number to connect to. See the port command.
96 --source-ip=[IP]
98 Set or unset an IP address to bind the socket to. See the
99 source_ip command.
100 --proxy-host=[IP|hostname]
102 Set or unset a SOCKS proxy to use. See the proxy_host
103 command.
104 --proxy-port=[number]
106 Set or unset a port number for the proxy host. See the
107 proxy_port command.
108 --socket=[socketname]
110 Set or unset a local unix domain socket name to connect
111 to. See the socket command.
112 --timeout=(off|seconds)
114 Set or unset a network timeout, in seconds. See the time‐
115 out command.
116 --protocol=(smtp|lmtp)
118 Set the protocol. See the protocol command.
119 --domain=[string]
121 Set the argument of the SMTP EHLO (or LMTP LHLO) command.
122 See the domain command.
123 --auth[=(on|off|method)]
125 Enable or disable authentication and optionally choose
126 the method. See the auth command.
127 --user=[username]
129 Set or unset the user name for authentication. See the
130 user command.
131 --passwordeval=[eval]
133 Evaluate password for authentication. See the passworde‐
134 val command.
135 --tls[=(on|off)]
137 Enable or disable TLS/SSL. See the tls command.
138 --tls-starttls[=(on|off)]
140 Enable or disable STARTTLS for TLS. See the tls_starttls
141 command.
142 --tls-trust-file=[file]
144 Set or unset a trust file for TLS. See the tls_trust_file
145 command.
146 --tls-crl-file=[file]
148 Set or unset a certificate revocation list (CRL) file for
149 TLS. See the tls_crl_file command.
150 --tls-fingerprint=[fingerprint]
152 Set or unset the fingerprint of a trusted TLS certifi‐
153 cate. See the tls_fingerprint command.
154 --tls-key-file=[file]
156 Set or unset a key file for TLS. See the tls_key_file
157 command.
158 --tls-cert-file=[file]
160 Set or unset a cert file for TLS. See the tls_cert_file
161 command.
162 --tls-certcheck[=(on|off)]
164 Enable or disable server certificate checks for TLS. See
165 the tls_certcheck command.
166 --tls-min-dh-prime-bits=[bits]
168 Set or unset minimum bit size of the Diffie-Hellman (DH)
169 prime. See the tls_min_dh_prime_bits command.
170 --tls-priorities=[priorities]
172 Set or unset TLS priorities. See the tls_priorities com‐
173 mand.
174 --tls-host-override=[host]
176 Set or unset override for TLS host verification. See the
177 tls_host_override command.
178 Options specific to sendmail mode
180 -f, --from=address
182 Set the envelope-from address.
183 If no account was chosen yet (with --account or --host),
184 this option will choose the first account that has the
185 given envelope-from address (set with the from command).
186 If no such account is found, "default" is used.
187 See the from command for substitution patterns supported
188 in address.
189 -N, --dsn-notify=(off|cond)
191 Set or unset DSN notification conditions. See the
192 dsn_notify command.
193 -R, --dsn-return=(off|ret)
195 Set or unset the DSN notification amount. See the
196 dsn_return command. Note that hdrs is accepted as an
197 alias for headers to be compatible with sendmail.
198 --set-from-header[=(auto|on|off)]
200 Set From header handling. See the set_from_header com‐
201 mand.
202 --set-date-header[=(auto|off)]
204 Set Date header handling. See the set_date_header com‐
205 mand.
206 --remove-bcc-headers[=(on|off)]
208 Enable or disable the removal of Bcc headers. See the
209 remove_bcc_headers command.
210 -X, --logfile=[file]
212 Set or unset the log file. See the logfile command.
213 --logfile-time-format=[fmt]
215 Set or unset the log file time format. See the log‐
216 file_time_format command.
217 --syslog[=(on|off|facility)]
219 Enable or disable syslog logging. See the syslog command.
220 -t, --read-recipients
222 Read recipient addresses from the To, Cc, and Bcc headers
223 of the mail in addition to the recipients given on the
224 command line. If any Resent- headers are present, then
225 the addresses from any Resent-To, Resent-Cc, and Resent-
226 Bcc headers in the first block of Resent- headers are
227 used instead.
228 --read-envelope-from
230 Read the envelope from address from the From header of
231 the mail.
232 --aliases=[file]
234 Set or unset an aliases file. See the aliases command.
235 -Fname Msmtp adds a From header to mails that lack it, using the
237 envelope from address. This option allows one to set a
238 full name to be used in that header.
239 --auto-from[=(on|off)]
241 Obsolete. See the auto_from command.
242 --maildomain=[domain]
244 Obsolete. See the maildomain command.
245 -- This marks the end of options. All following arguments
247 will be treated as recipient addresses, even if they
248 start with a `-'.
249 The following options are accepted but ignored for sendmail compatibil‐
251 ity:
252 -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
253
255 A suggestion for a suitable configuration file can be generated using
256 the --configure option. Normally, a system wide configuration file
257 and/or a user configuration file contain information about which SMTP
258 server to use and how to use it, but all settings can also be config‐
259 ured on the command line.
260 The information about SMTP servers is organized in accounts. Each
261 account describes one SMTP server: host name, authentication settings,
262 TLS settings, and so on. Each configuration file can define multiple
263 accounts.
264 The user can choose which account to use in one of three ways:
266 --account=id
268 Use the given account. Command line settings override configura‐
269 tion file settings.
270 --host=hostname
272 Use only the settings from the command line; do not use any con‐
273 figuration file data.
274 --from=address or --read-envelope-from
276 Choose the first account from the system or user configuration
277 file that has a matching envelope-from address as specified by a
278 from command. This works only when neither --account nor --host
279 is used.
280 If none of the above options is used (or if no account has a matching
282 from command), then the account "default" is used.
283 Msmtp transmits mails unaltered to the SMTP server, with the following
285 exceptions:
286 - The Bcc header(s) will be removed. This behavior can be changed with
287 the remove_bcc_headers command and --remove-bcc-headers option.
288 - A From header will be added if the mail does not have one. This can
289 be changed with the set_from_header command and --set-from-header
290 option. The header will use the envelope from address and optionally a
291 full name set with the -F option.
292 - A Date header will be added if the mail does not have one. This can
293 be changed with the set_date_header command and --set-date-header
294 option.
295 Skip to the EXAMPLES section for a quick start.
297
299 If it exists and is readable, a system wide configuration file
300 SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your
301 platform. Use --version to find out which directory is used.
302 If it exists and is readable, a user configuration file will be loaded
303 (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
304 fig by default, but see --version). Accounts defined in the user con‐
305 figuration file override accounts from the system configuration file.
306 Configuration data from either file can be changed by command line
307 options.
308 A configuration file is a simple text file. Empty lines and comment
310 lines (whose first non-blank character is `#') are ignored.
311 Every other line must contain a command and may contain an argument to
312 that command.
313 The argument may be enclosed in double quotes ("), for example if its
314 first or last character is a blank.
315 If a file name starts with the tilde (~), this tilde will be replaced
316 by $HOME. If a command accepts the argument on, it also accepts an
317 empty argument and treats that as if it was on.
318 Commands are organized in accounts. Each account starts with the
319 account command and defines the settings for one SMTP account.
320 Skip to the EXAMPLES section for a quick start.
322 Commands are as follows:
324 defaults
326 Set defaults. The following configuration commands will set
327 default values for all following account definitions in the cur‐
328 rent configuration file.
329 account name [:account[,...]]
331 Start a new account definition with the given name. The current
332 default values are filled in.
333 If a colon and a list of previously defined accounts is given
334 after the account name, the new account, with the filled in
335 default values, will inherit all settings from the accounts in
336 the list.
337 host hostname
339 The SMTP server to send the mail to. The argument may be a host
340 name or a network address. Every account definition must con‐
341 tain this command.
342 port number
344 The port that the SMTP server listens on. The default is 25
345 ("smtp"), unless TLS without STARTTLS is used, in which case it
346 is 465 ("smtps").
347 source_ip [IP]
349 Set a source IP address to bind the outgoing connection to. Use‐
350 ful only in special cases on multi-home systems. An empty argu‐
351 ment disables this.
352 proxy_host [IP|hostname]
354 Use a SOCKS proxy. All network traffic will go through this
355 proxy host, including DNS queries, except for a DNS query that
356 might be necessary to resolve the proxy host name itself (this
357 can be avoided by using an IP address as proxy host name). An
358 empty hostname argument disables proxy usage. The supported
359 SOCKS protocol version is 5. If you want to use this with Tor,
360 see also "Using msmtp with Tor" below.
361 proxy_port [number]
363 Set the port number for the proxy host. An empty number argument
364 resets this to the default port.
365 socket socketname
367 Set the file name of a unix domain socket to connect to. This
368 overrides both host/port and proxy_host/proxy_port.
369 timeout (off|seconds)
371 Set or unset a network timeout, in seconds. The argument off
372 means that no timeout will be set, which means that the operat‐
373 ing system default will be used.
374 protocol (smtp|lmtp)
376 Set the protocol to use. Currently only SMTP and LMTP are sup‐
377 ported. SMTP is the default. See the port command above for
378 default ports.
379 domain argument
381 Use this command to set the argument of the SMTP EHLO (or LMTP
382 LHLO) command. The default is localhost, which is stupid but
383 usually works. Try to change the default if mails get rejected
384 due to anti-SPAM measures. Possible choices are the domain part
385 of your mail address (provider.example for joe@provider.example)
386 or the fully qualified domain name of your host (if available).
387 auth [(on|off|method)]
389 Enable or disable authentication and optionally choose a method
390 to use. The argument on chooses a method automatically.
391 Usually a user name and a password are used for authentication.
392 The user name is specified in the configuration file with the
393 user command. There are five different methods to specify the
394 password:
395 1. Add the password to the system key ring. Currently supported
396 key rings are the Gnome key ring and the Mac OS X Keychain. For
397 the Gnome key ring, use the command secret-tool (part of Gnome's
398 libsecret) to store passwords: secret-tool store --label=msmtp
399 host mail.freemail.example service smtp user joe.smith. On Mac
400 OS X, use the following command: security add-internet-password
401 -s mail.freemail.example -r smtp -a joe.smith -w. In both exam‐
402 ples, replace mail.freemail.example with the SMTP server name,
403 and joe.smith with your user name.
404 2. Store the password in an encrypted files, and use passworde‐
405 val to specify a command to decrypt that file, e.g. using GnuPG.
406 See EXAMPLES.
407 3. Store the password in the configuration file using the pass‐
408 word command. (Usually it is not considered a good idea to
409 store passwords in cleartext files. If you do it anyway, you
410 must make sure that the file can only be read by yourself.)
411 4. Store the password in ~/.netrc. This method is probably obso‐
412 lete.
413 5. Type the password into the terminal when it is required.
414 It is recommended to use method 1 or 2.
415 Multiple authentication methods exist. Most servers support only
416 some of them. Historically, sophisticated methods were devel‐
417 oped to protect passwords from being sent unencrypted to the
418 server, but nowadays everybody needs TLS anyway, so the simple
419 methods suffice since the whole session is protected. A suitable
420 authentication method is chosen automatically, and when TLS is
421 disabled for some reason, only methods that avoid sending clear‐
422 text passwords are considered.
423 The following user / password methods are supported: plain (a
424 simple cleartext method, with base64 encoding, supported by
425 almost all servers), scram-sha-1 (a method that avoids cleartext
426 passwords), cram-md5 (an obsolete method that avoids cleartext
427 passwords, but is not considered secure anymore), digest-md5 (an
428 overcomplicated obsolete method that avoids cleartext passwords,
429 but is not considered secure anymore), login (a non-standard
430 cleartext method similar to but worse than the plain method),
431 ntlm (an obscure non-standard method that is now considered bro‐
432 ken; it sometimes requires a special domain parameter passed via
433 ntlmdomain).
434 There are currently three authentication methods that are not
435 based on user / password information and have to be chosen manu‐
436 ally: oauthbearer (an OAuth2 token from the mail provider is
437 used as the password. See the documentation of your mail
438 provider for details on how to get this token. The passwordeval
439 command can be used to pass the regularly changing tokens into
440 msmtp from a script or an environment variable), external (the
441 authentication happens outside of the protocol, typically by
442 sending a TLS client certificate, and the method merely confirms
443 that this authentication succeeded), and gssapi (the Kerberos
444 framework takes care of secure authentication, only a user name
445 is required).
446 It depends on the underlying authentication library and its ver‐
447 sion whether a particular method is supported or not. Use --ver‐
448 sion to find out which methods are supported.
449 user login
451 Set the user name for authentication. An empty argument unsets
452 the user name.
453 password secret
455 Set the password for authentication. An empty argument unsets
456 the password. Consider using the passwordeval command or a key
457 ring instead of this command, to avoid storing cleartext pass‐
458 words in the configuration file.
459 passwordeval [eval]
461 Set the password for authentication to the output (stdout) of
462 the command eval. This can be used e.g. to decrypt password
463 files on the fly or to query key rings, and thus to avoid stor‐
464 ing cleartext passwords.
465 ntlmdomain [domain]
467 Set a domain for the ntlm authentication method. This is obso‐
468 lete.
469 tls [(on|off)]
471 Enable or disable TLS (also known as SSL) for secured connec‐
472 tions.
473 Transport Layer Security (TLS) "... provides communications pri‐
474 vacy over the Internet. The protocol allows client/server
475 applications to communicate in a way that is designed to prevent
476 eavesdropping, tampering, or message forgery" (quote from
477 RFC2246).
478 A server can use TLS in one of two modes: via a STARTTLS command
479 (the session starts with the normal protocol initialization, and
480 TLS is then started using the protocol's STARTTLS command), or
481 immediately (TLS is initialized before the normal protocol ini‐
482 tialization; this requires a separate port). The first mode is
483 the default, but you can switch to the second mode by disabling
484 tls_starttls.
485 When TLS is started, the server sends a certificate to identify
486 itself. To verify the server identity, a client program is
487 expected to check that the certificate is formally correct and
488 that it was issued by a Certificate Authority (CA) that the user
489 trusts. (There can also be certificate chains with intermediate
490 CAs.)
491 The list of trusted CAs is specified using the tls_trust_file
492 command. The default value ist "system" and chooses the system-
493 wide default, but you can also choose the trusted CAs yourself.
494 One practical problem with this approach is that the client pro‐
495 gram should also check if the server certificate has been
496 revoked for some reason, using a Certificate Revocation List
497 (CRL). A CRL file can be specified using the tls_crl_file com‐
498 mand, but getting the relevant CRL files and keeping them up to
499 date is not straightforward. You are basically on your own.
500 A much more serious and fundamental problem is that you need to
501 trust CAs. Like any other organization, a CA can be incompe‐
502 tent, malicious, subverted by bad people, or forced by govern‐
503 ment agencies to compromise end users without telling them. All
504 of these things happened and continue to happen worldwide. The
505 idea to have central organizations that have to be trusted for
506 your communication to be secure is fundamentally broken.
507 Instead of putting trust in a CA, you can choose to trust only a
508 single certificate for the server you want to connect to. For
509 that purpose, specify the certificate fingerprint with tls_fin‐
510 gerprint. This makes sure that no man-in-the-middle can fake the
511 identity of the server by presenting you a fraudulent certifi‐
512 cate issued by some CA that happens to be in your trust list.
513 However, you have to update the fingerprint whenever the server
514 certificate changes, and you have to make sure that the change
515 is legitimate each time, e.g. when the old certificate expired.
516 This is inconvenient, but it's the price to pay.
517 Information about a server certificate can be obtained with
518 --serverinfo --tls --tls-certcheck=off. This includes the issuer
519 CA of the certificate (so you can trust that CA via
520 tls_trust_file), and the fingerprint of the certificate (so you
521 can trust that particular certificate via tls_fingerprint).
522 TLS also allows the server to verify the identity of the client.
523 For this purpose, the client has to present a certificate issued
524 by a CA that the server trusts. To present that certificate, the
525 client also needs the matching key file. You can set the cer‐
526 tificate and key files using tls_cert_file and tls_key_file.
527 This mechanism can also be used to authenticate users, so that
528 traditional user / password authentication is not necessary any‐
529 more. See the external mechanism in auth.
530 You can also use client certificates stored on some external
531 authentication device by specifying GnuTLS device URIs in
532 tls_cert_file and tls_key_file. You can find the correct URIs
533 using p11tool --list-privkeys --login (p11tool is bundled with
534 GnuTLS). If your device requires a PIN to access the data, you
535 can specify that using one of the password mechanisms (e.g.
536 passwordeval, password).
537 tls_starttls [(on|off)]
539 Choose the TLS variant: start TLS from within the session (on,
540 default), or tunnel the session through TLS (off).
541 tls_trust_file file
543 Activate server certificate verification using a list of trusted
544 Certification Authorities (CAs). The default is the special
545 value "system", which selects the system default. An empty argu‐
546 ment disables trust in CAs. If you select a file, it must be in
547 PEM format, and you should also use tls_crl_file.
548 tls_crl_file [file]
550 Set a certificate revocation list (CRL) file for TLS, to check
551 for revoked certificates. An empty argument disables this.
552 tls_fingerprint [fingerprint]
554 Set the fingerprint of a single certificate to accept for TLS.
555 This certificate will be trusted regardless of its contents
556 (this overrides tls_trust_file). The fingerprint should be of
557 type SHA256, but can for backwards compatibility also be of type
558 SHA1 or MD5 (please avoid this). The format should be
559 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
560 --tls-fingerprint= to get the server certificate fingerprint.
561 tls_key_file file
563 Send a client certificate to the server (use this together with
564 tls_cert_file}). The file must contain the private key of a
565 certificate in PEM format. An empty argument disables this fea‐
566 ture.
567 tls_cert_file file
569 Send a client certificate to the server (use this together with
570 tls_key_file). The file must contain a certificate in PEM for‐
571 mat. An empty argument disables this feature.
572 tls_certcheck [(on|off)]
574 Enable or disable checks of the server certificate. They are
575 enabled by default. Disabling them will override tls_trust_file
576 and tls_fingerprint. WARNING: When the checks are disabled, TLS
577 sessions will not be secure!
578 tls_min_dh_prime_bits [bits]
580 Set or unset the minimum number of Diffie-Hellman (DH) prime
581 bits that mpop will accept for TLS sessions. The default is set
582 by the TLS library and can be selected by using an empty argu‐
583 ment to this command. Only lower the default (for example to
584 512 bits) if there is no other way to make TLS work with the
585 remote server.
586 tls_priorities [priorities]
588 Set the priorities for TLS sessions. The default is set by the
589 TLS library and can be selected by using an empty argument to
590 this command. See the GnuTLS documentation of the gnutls_prior‐
591 ity_init function for a description of the priorities string.
592 tls_host_override [host]
594 By default, TLS host verification uses the host name given by
595 the host command. This command allows to use a different host
596 name for verification. This is only useful in special cases.
597 from envelope_from
599 Set the envelope-from address. The following substitution pat‐
600 terns are supported:
601 %U will be replaced by $USER, or if that fails by $LOGNAME, or
602 if that fails by the login name of the user running msmtp.
603 %H will be replaced by $HOSTNAME, or if that fails by the host
604 name of the system.
605 %C will be replaced by the canonical name of %H.
606 %M will be replaced by the contents of /etc/mailname (poten‐
607 tially a different directory is used depending on the build con‐
608 figuration; see the output of msmtp --version and look for the
609 location of the system configuration file).
610 Note that the obsolete auto_from command replaces this envelope-
611 from address.
612 dsn_notify (off|condition)
614 This command sets the condition(s) under which the mail system
615 should send DSN (Delivery Status Notification) messages. The
616 argument off disables explicit DSN requests, which means the
617 mail system decides when to send DSN messages. This is the
618 default. The condition must be never, to never request notifi‐
619 cation, or a comma separated list (no spaces!) of one or more of
620 the following: failure, to request notification on transmission
621 failure, delay, to be notified of message delays, success, to be
622 notified of successful transmission. The SMTP server must sup‐
623 port the DSN extension.
624 dsn_return (off|amount)
626 This command controls how much of a mail should be returned in
627 DSN (Delivery Status Notification) messages. The argument off
628 disables explicit DSN requests, which means the mail system
629 decides how much of a mail it returns in DSN messages. This is
630 the default. The amount must be headers, to just return the
631 message headers, or full, to return the full mail. The SMTP
632 server must support the DSN extension.
633 set_from_header [(auto|on|off)]
635 When to set a From header: auto adds a From header if the mail
636 does not have one (this is the default), on always sets a From
637 header and overrides any existing one, and off never sets a From
638 header.
639 If the mail server rejects the mail because its From header does
640 not match the envelope from address (a common anti-spam mea‐
641 sure), then you might want to set this option to on.
642 For compatibility with older versions, add_missing_from_header
643 [(on|off)] is still supported and corresponds to the auto and
644 off settings.
645 set_date_header [(on|off)]
647 When to set a Date header: auto adds a Date header if the mail
648 does not have one (this is the default), and off never sets a
649 Date header.
650 For compatibility with older versions, add_missing_date_header
651 [(on|off)] is still supported and corresponds to the auto and
652 off settings.
653 remove_bcc_headers [(on|off)]
655 This command controls whether to remove Bcc headers. The default
656 is to remove them.
657 logfile [file]
659 An empty argument disables logging (this is the default).
660 When logging is enabled by choosing a log file, msmtp will
661 append one line to the log file for each mail it tries to send
662 via the account that this log file was chosen for.
663 The line will include the following information: date and time
664 in the format specified by logfile_time_format, host name of the
665 SMTP server, whether TLS was used, whether authentication was
666 used, authentication user name (only if authentication is used),
667 envelope-from address, recipient addresses, size of the mail as
668 transferred to the server (only if the delivery succeeded), SMTP
669 status code and SMTP error message (only in case of failure and
670 only if available), error message (only in case of failure and
671 only if available), exit code (from sysexits.h; EX_OK indicates
672 success).
673 If the filename is a dash (-), msmtp prints the log line to the
674 standard output.
675 logfile_time_format [fmt]
677 Set or unset the log file time format. This will be used as the
678 format string for the strftime() function. An empty argument
679 chooses the default ("%b %d %H:%M:%S").
680 syslog [(on|off|facility)]
682 Enable or disable syslog logging. The facility can be one of
683 LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default is
684 LOG_USER.
685 Each time msmtp tries to send a mail via the account that con‐
686 tains this syslog command, it will log one entry to the syslog
687 service with the chosen facility.
688 The line will include the following information: host name of
689 the SMTP server, whether TLS was used, whether authentication
690 was used, envelope-from address, recipient addresses, size of
691 the mail as transferred to the server (only if the delivery suc‐
692 ceeded), SMTP status code and SMTP error message (only in case
693 of failure and only if available), error message (only in case
694 of failure and only if available), exit code (from sysexits.h;
695 EX_OK indicates success).
696 aliases [file]
698 Replace local recipients with addresses in the aliases file.
699 The aliases file is a cleartext file containing mappings between
700 a local address and a list of replacement addresses. The map‐
701 pings are of the form:
702 local: someone@example.com, person@domain.example
703 Multiple replacement addresses are separated with commas. Com‐
704 ments start with `#' and continue to the end of the line.
705 The local address default has special significance and is
706 matched if the local address is not found in the aliases file.
707 If no default alias is found, then the local address is left as
708 is.
709 An empty argument to the aliases command disables the replace‐
710 ment of local addresses. This is the default.
711 auto_from [(on|off)]
713 Obsolete; you can achieve the same and more using the substitu‐
714 tion patterns of the from command.
715 Enable or disable automatic envelope-from addresses. The default
716 is off. When enabled, an envelope-from address of the form
717 user@domain will be generated. The local part will be set to
718 USER or, if that fails, to LOGNAME or, if that fails, to the
719 login name of the current user. The domain part can be set with
720 the maildomain command. If the maildomain is empty, the enve‐
721 lope-from address will only consist of the user name and not
722 have a domain part. When auto_from is disabled, the envelope-
723 from address must be set explicitly.
724 maildomain [domain]
726 Obsolete; you can achieve the same and more using the substitu‐
727 tion patterns of the from command.
728 Set a domain part for the generation of an envelope-from
729 address. This is only used when auto_from is on. The domain may
730 be empty.
731
733 Configuration file
734 # Example for a user configuration file ~/.msmtprc
736 #
737 # This file focusses on TLS and authentication. Features not used here
738 include
739 # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status
740 Notification
741 # (DSN) settings, and more.
742 # Set default values for all following accounts.
744 defaults
745 # Use the mail submission port 587 instead of the SMTP port 25.
747 port 587
748 # Always use TLS.
750 tls on
751 # Set a list of trusted CAs for TLS. The default is to use system set‐
753 tings, but
754 # you can select your own file.
755 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
756 # If you select your own file, you should also use the tls_crl_file
758 command to
759 # check for revoked certificates, but unfortunately getting revocation
760 lists and
761 # keeping them up to date is not straightforward.
762 #tls_crl_file ~/.tls-crls
763 # A freemail service
765 account freemail
766 # Host name of the SMTP server
768 host smtp.freemail.example
769 # As an alternative to tls_trust_file/tls_crl_file, you can use
771 tls_fingerprint
772 # to pin a single certificate. You have to update the fingerprint when
773 the
774 # server certificate changes, but an attacker cannot trick you into
775 accepting
776 # a fraudulent certificate. Get the fingerprint with
777 # $ msmtp --serverinfo --tls --tls-certcheck=off
778 --host=smtp.freemail.example
779 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
780 :22:33
781 # Envelope-from address
783 from joe_smith@freemail.example
784 # Authentication. The password is given using one of five methods, see
786 below.
787 auth on
788 user joe.smith
789 # Password method 1: Add the password to the system keyring, and let
791 msmtp get
792 # it automatically. To set the keyring password using Gnome's libse‐
793 cret:
794 # $ secret-tool store --label=msmtp \
795 # host smtp.freemail.example \
796 # service smtp \
797 # user joe.smith
798 # Password method 2: Store the password in an encrypted file, and tell
800 msmtp
801 # which command to use to decrypt it. This is usually used with GnuPG,
802 as in
803 # this example. Usually gpg-agent will ask once for the decryption
804 password.
805 passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
806 # Password method 3: Store the password directly in this file. Usually
808 it is not
809 # a good idea to store passwords in cleartext files. If you do it any‐
810 way, at
811 # least make sure that this file can only be read by yourself.
812 #password secret123
813 # Password method 4: Store the password in ~/.netrc. This method is
815 probably not
816 # relevant anymore.
817 # Password method 5: Do not specify a password. Msmtp will then prompt
819 you for
820 # it. This means you need to be able to type into a terminal when msmtp
821 runs.
822 # A second mail address at the same freemail service
824 account freemail2 : freemail
825 from joey@freemail.example
826 # The SMTP server of your ISP
828 account isp
829 host mail.isp.example
830 from smithjoe@isp.example
831 auth on
832 user 12345
833 # Set a default account
835 account default : freemail
836 Using msmtp with Mutt
839 Create a configuration file for msmtp and add the following lines to
841 your Mutt configuration file:
842 set sendmail="/path/to/msmtp"
843 set use_from=yes
844 set realname="Your Name"
845 set from=you@example.com
846 set envelope_from=yes
847 The envelope_from=yes option lets Mutt use the -f option of msmtp.
848 Therefore msmtp chooses the first account that matches the from address
849 you@example.com.
850 Alternatively, you can use the -a option:
851 set sendmail="/path/to/msmtp -a my-account"
852 Or set everything from the command line (but note that you cannot set a
853 password this way):
854 set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls
855 --tls-trust-file=trust.crt"
856 If you have multiple mail accounts in your msmtp configuration file and
858 let Mutt use the -f option to choose the right one, you can easily
859 switch accounts in Mutt with the following Mutt configuration lines:
860 macro generic "<esc>1" ":set from=you@example.com"
861 macro generic "<esc>2" ":set from=you@your-employer.example"
862 macro generic "<esc>3" ":set from=you@some-other-provider.example"
863 Using msmtp with mail
866 Define a default account, and put the following in your ~/.mailrc:
868 set sendmail="/path/to/msmtp"
869 Using msmtp with Tor
872 Use the following settings:
874 proxy_host 127.0.0.1
875 proxy_port 9050
876 tls on
877 Use an IP address as proxy host name, so that msmtp does not leak a DNS
878 query when resolving it.
879 TLS is required to prevent exit hosts from reading your SMTP session.
880 Do not set domain to something that you do not want to reveal (do not
881 set it at all if possible).
882 Aliases file
885 # Example aliases file
887 # Send root to Joe and Jane
889 root: joe_smith@example.com, jane_chang@example.com
890 # Send cron to Mark
892 cron: mark_jones@example.com
893 # Send everything else to admin
895 default: admin@domain.example
896
899 SYSCONFDIR/msmtprc
900 System configuration file. Use --version to find out what
901 SYSCONFDIR is on your platform.
902 ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
904 User configuration file.
905 ~/.netrc and SYSCONFDIR/netrc
907 The netrc file contains login information. Before prompting for
908 a password, msmtp will search it in ~/.netrc and
909 SYSCONFDIR/netrc.
910
912 USER, LOGNAME
913 These variables override the user's login name when constructing
914 an envelope-from address. LOGNAME is only used if USER is unset.
915 TMPDIR Directory to create temporary files in. If this is unset, a sys‐
917 tem specific default directory is used.
918 A temporary file is only created when the -t/--read-recipients
919 or --read-envelope-from option is used. The file is then used to
920 buffer the headers of the mail (but not the body, so the file
921 won't get very large).
922 EMAIL, SMTPSERVER
924 These environment variables are used only if neither --host nor
925 --account is used and there is no default account defined in the
926 configuration files. In this case, the host name is taken from
927 SMTPSERVER, and the envelope from address is taken from EMAIL,
928 unless overridden by --from or --read-envelope-from. Currently
929 SMTPSERVER must contain a plain host name (no URL), and EMAIL
930 must contain a plain address (no names or additional informa‐
931 tion).
932
934 msmtp was written by Martin Lambers <marlam@marlam.de>.
935 Other authors are listed in the AUTHORS file in the source distribu‐
936 tion.
937
939 sendmail(8), netrc(5) or ftp(1)
940 2020-04 MSMTP(1)