1MPOP(1)                     General Commands Manual                    MPOP(1)
2
3
4

NAME

6       mpop - A POP3 client
7

SYNOPSIS

9       Mail retrieval mode (default):
10              mpop [option...] [--] [account...]
11              mpop --host=host [option...]
12
13       Configuration mode:
14              mpop --configure <mailaddress>
15
16       Server information mode:
17              mpop [option...] --serverinfo [account...]
18              mpop --host=host [option...] --serverinfo
19

DESCRIPTION

21       In  mail  retrieval mode of operation, mpop retrieves mails from one or
22       more POP3 mailboxes, optionally does some filtering, and delivers  them
23       through a mail delivery agent (MDA), to a maildir folder, or to an mbox
24       file.  Mails that  were  successfully  delivered  before  will  not  be
25       retrieved  a second time, even if errors occur or mpop is terminated in
26       the middle of a session.
27       In server information mode, mpop prints information about one  or  more
28       POP3 servers.
29       If  no  account  names are given on the command line, one named default
30       will be used.
31       The best way to start is probably to have a look at the  EXAMPLES  sec‐
32       tion.
33

EXIT STATUS

35       The standard sendmail exit codes are used, as defined in sysexits.h.
36

OPTIONS

38       Options override configuration file settings, for every used account.
39
40       General Options
41
42              --version
43                     Print  version  information,  including information about
44                     the libraries used.
45
46              --help Print help.
47
48              -P, --pretend
49                     Print the configuration settings that would be used,  but
50                     do  not  take  further action.  An asterisk (`*') will be
51                     printed instead of your password.
52
53              -d, --debug
54                     Print lots of debugging information, including the  whole
55                     conversation  with  the  server.  Be  careful  with  this
56                     option: the (potentially dangerous) output  will  not  be
57                     sanitized, and your password may get printed in an easily
58                     decodable format!
59                     This option implies --half-quiet,  because  the  progress
60                     output would interfere with the debugging output.
61
62       Changing the mode of operation
63
64              --configure=mailaddress
65                     Generate  a  configuration for the given mail address and
66                     print it. This can be modified or copied unchanged to the
67                     configuration  file.   Note that this only works for mail
68                     domains that publish appropriate  SRV  records;  see  RFC
69                     8314.
70
71              -S, --serverinfo
72                     Print information about the POP3 server(s) and exit. This
73                     includes information about supported  features  (pipelin‐
74                     ing,  authentication  methods,  TOP  command, ...), about
75                     parameters (time for which mails  will  not  be  deleted,
76                     minimum time between logins, ...), and about the TLS cer‐
77                     tificate (if TLS is active).
78
79       Configuration options
80
81              -C, --file=conffile
82                     Use the given file  instead  of  ~/.mpoprc  or  $XDG_CON‐
83                     FIG_HOME/mpop/config as the user configuration file.
84
85              --host=hostname
86                     Use  this  server with settings from the command line; do
87                     not use any configuration file data. This option disables
88                     loading  of  the  configuration file. You cannot use both
89                     this option and account names on the command line.
90
91              --port=number
92                     Set the port number to connect to. See the port command.
93
94              --source-ip=[IP]
95                     Set or unset an IP address to bind the socket to. See the
96                     source_ip command.
97
98              --proxy-host=[IP|hostname]
99                     Set  or  unset  a  SOCKS proxy to use. See the proxy_host
100                     command.
101
102              --proxy-port=[number]
103                     Set or unset a port number for the proxy  host.  See  the
104                     proxy_port command.
105
106              --timeout=(off|seconds)
107                     Set a network timeout. See the timeout command.
108
109              --pipelining=(auto|on|off)
110                     Enable  or  disable  POP3  pipelining. See the pipelining
111                     command.
112
113              --received-header[=(on|off)]
114                     Enable  or  disable  the   Received   header.   See   the
115                     received_header command.
116
117              --auth[=(on|method)]
118                     Set the authentication method to automatic (with "on") or
119                     manually choose an authentication method.  See  the  auth
120                     command.
121
122              --user=[username]
123                     Set  or  unset  the user name for authentication. See the
124                     user command.
125
126              --passwordeval=[eval]
127                     Evaluate password for authentication. See the  passworde‐
128                     val command.
129
130              --tls[=(on|off)]
131                     Enable or disable TLS/SSL. See the tls command.
132
133              --tls-starttls[=(on|off)]
134                     Enable  or disable STARTTLS for TLS. See the tls_starttls
135                     command.
136
137              --tls-trust-file=[file]
138                     Set or unset a trust file for TLS. See the tls_trust_file
139                     command.
140
141              --tls-crl-file=[file]
142                     Set or unset a certificate revocation list (CRL) file for
143                     TLS. See the tls_crl_file command.
144
145              --tls-fingerprint=[fingerprint]
146                     Set or unset the fingerprint of a  trusted  TLS  certifi‐
147                     cate. See the tls_fingerprint command.
148
149              --tls-key-file=[file]
150                     Set  or  unset  a  key file for TLS. See the tls_key_file
151                     command.
152
153              --tls-cert-file=[file]
154                     Set or unset a cert file for TLS. See  the  tls_cert_file
155                     command.
156
157              --tls-certcheck[=(on|off)]
158                     Enable  or disable server certificate checks for TLS. See
159                     the tls_certcheck command.
160
161              --tls-min-dh-prime-bits=[bits]
162                     Set or unset minimum bit size of the Diffie-Hellmann (DH)
163                     prime. See the tls_min_dh_prime_bits command.
164
165              --tls-priorities=[priorities]
166                     Set  or unset TLS priorities. See the tls_priorities com‐
167                     mand.
168
169       Options specific to mail retrieval mode
170
171              -q, --quiet
172                     Do not print status or progress information.
173
174              -Q, --half-quiet
175                     Print status but not progress information.
176
177              -a, --all-accounts
178                     Query all accounts in the configuration file.
179
180              -A, --auth-only
181                     Authenticate only; do not retrieve mail. Useful for SMTP-
182                     after-POP.
183
184              -s, --status-only
185                     Print  number  and size of mails in each account only; do
186                     not retrieve mail.
187
188              -n, --only-new[=(on|off)]
189                     Process only new messages. See the only_new command.
190
191              -k, --keep[=(on|off)]
192                     Do not delete mails  from  POP3  servers,  regardless  of
193                     other options or settings.  See the keep command.
194
195              --killsize=(off|size)
196                     Set or unset kill size. See the killsize command.
197
198              --skipsize=(off|size)
199                     Set or unset skip size. See the skipsize command.
200
201              --filter=[program]
202                     Set a filter which will decide whether to retrieve, skip,
203                     or delete each mail by investigating the mail's  headers.
204                     See the filter command.
205
206              --delivery=method,method_arguments...
207                     How  to  deliver messages received from this account. See
208                     the delivery command. Note that a comma is  used  instead
209                     of a blank to separate the method from its arguments.
210
211              --uidls-file=filename
212                     File to store UIDLs in. See the uidls_file command.
213

USAGE

215       A  suggestion  for a suitable configuration file can be generated using
216       the --configure option.  The default configuration file is ~/.mpoprc or
217       $XDG_CONFIG_HOME/mpop/config.   Settings in this file can be changed by
218       command line options.
219       A configuration file is a simple text file.  Empty  lines  and  comment
220       lines  (first non-blank character is '#') are ignored. Every other line
221       must contain a command and may contain an  argument  to  that  command.
222       The argument may be enclosed in double quotes (").
223       If  a  file name starts with the tilde (~), this tilde will be replaced
224       by $HOME.
225       If a command accepts the argument on, it also accepts an empty argument
226       and treats that as if it was on.
227       Commands  are  organized  in  accounts.  Each  account  starts with the
228       account command and defines the settings for one POP3 account.
229
230       Commands are as follows:
231
232       defaults
233              Set defaults. The  following  configuration  commands  will  set
234              default values for all following account definitions.
235
236       account name [:account[,...]]
237              Start  a new account definition with the given name. The current
238              default values are filled in.
239              If a colon and a list of previously defined  accounts  is  given
240              after  the  account  name,  the  new account, with the filled in
241              default values, will inherit all settings from the  accounts  in
242              the list.
243
244       host hostname
245              The  POP3  server to retrieve mails from.  The argument may be a
246              host name or a network address.  Every account  definition  must
247              contain this command.
248
249       port number
250              The  port  that  the  POP3 server listens on. The default is 110
251              ("pop3"), unless TLS without STARTTLS is used, in which case  it
252              is 995 ("pop3s").
253
254       source_ip [IP]
255              Set a source IP address to bind the outgoing connection to. Use‐
256              ful only in special cases on multi-home systems. An empty  argu‐
257              ment disables this.
258
259       proxy_host [IP|hostname]
260              Use  a  SOCKS  proxy.  All  network traffic will go through this
261              proxy host, including DNS queries, except for a DNS  query  that
262              might  be  necessary to resolve the proxy host name itself (this
263              can be avoided by using an IP address as proxy  host  name).  An
264              empty  hostname  argument  disables  proxy usage.  The supported
265              SOCKS protocol version is 5. If you want to use this  with  Tor,
266              see also "Using mpop with Tor" below.
267
268       proxy_port [number]
269              Set the port number for the proxy host. An empty number argument
270              resets this to the default port, which is 1080 ("socks").
271
272       timeout (off|seconds)
273              Set or unset a network timeout, in seconds. The default  is  180
274              seconds.  The  argument  off  means that no timeout will be set,
275              which means that the operating system default will be used.
276
277       pipelining (auto|on|off)
278              Enable or disable POP3 pipelining.  You  should  never  need  to
279              change the default setting, which is auto: mpop enables pipelin‐
280              ing for POP3 servers that advertise this  capability,  and  dis‐
281              ables  it for all other servers.  Pipelining can speed up a POP3
282              session substantially.
283
284       auth [(on|method)]
285              Choose an authentication method. The default argument on chooses
286              a method automatically.
287              Usually  a user name and a password are used for authentication.
288              The user name is specified in the configuration  file  with  the
289              user  command.  There  are five different methods to specify the
290              password:
291              1. Add the password to the system key ring.  Currently supported
292              key rings are the Gnome key ring and the Mac OS X Keychain.  For
293              the Gnome key ring, use the command secret-tool (part of Gnome's
294              libsecret)  to  store  passwords: secret-tool store --label=mpop
295              host pop.freemail.example service pop3 user joe.smith.   On  Mac
296              OS  X, use the following command: security add-internet-password
297              -s pop.freemail.example -r pop3 -a joe.smith -w.  In both  exam‐
298              ples,  replace  pop.freemail.example  with the POP3 server name,
299              and joe.smith with your user name.
300              2. Store the password in an encrypted files, and use  passworde‐
301              val to specify a command to decrypt that file, e.g. using GnuPG.
302              See EXAMPLES.
303              3. Store the password in the configuration file using the  pass‐
304              word  command.   (Usually  it  is  not considered a good idea to
305              store passwords in plain text files.  If you do it  anyway,  you
306              must make sure that the file can only be read by yourself.)
307              4. Store the password in ~/.netrc. This method is probably obso‐
308              lete.
309              5. Type the password into the terminal when it is required.
310              It is recommended to use method 1 or 2.
311              Multiple authentication methods exist. Most servers support only
312              some  of  them.  Historically, sophisticated methods were devel‐
313              oped to protect passwords from being  sent  unencrypted  to  the
314              server,  but  nowadays everybody needs TLS anyway, so the simple
315              methods suffice since the whole session is protected. A suitable
316              authentication  method  is chosen automatically, and when TLS is
317              disabled for some reason, only methods that avoid sending  clear
318              text passwords are considered.
319              The  following  user  /  password methods are supported: user (a
320              simple plain  text  method  supported  by  all  servers),  plain
321              (another  simple  plain  text  method,  supported  by almost all
322              servers), scram-sha-1 (a method  that  avoids  clear-text  pass‐
323              words),  apop  (an  obsolete method that avoids clear-text pass‐
324              words, but is not considered secure anymore), cram-md5 (an obso‐
325              lete method that avoids clear-text passwords, but is not consid‐
326              ered secure anymore), digest-md5  (an  overcomplicated  obsolete
327              method  that  avoids clear-text passwords, but is not considered
328              secure anymore), login (a non-standard clear-text method similar
329              to  but worse than the plain method), ntlm (an obscure non-stan‐
330              dard method that is now considered broken; it sometimes requires
331              a special domain parameter passed via ntlmdomain).
332              There  are  currently  three authentication methods that are not
333              based on user / password information and have to be chosen manu‐
334              ally:  oauthbearer  (an  OAuth2  token from the mail provider is
335              used as the password; a user name is not required. See the docu‐
336              mentation  of  your mail provider for details on how to get this
337              token. The passwordeval command can be used to  pass  the  regu‐
338              larly  changing tokens into mpop from a script or an environment
339              variable), external (the authentication happens outside  of  the
340              protocol, typically by sending a TLS client certificate, and the
341              method merely confirms that this authentication succeeded),  and
342              gssapi  (the Kerberos framework takes care of secure authentica‐
343              tion, only a user name is required).
344              It depends on the underlying authentication library and its ver‐
345              sion whether a particular method is supported or not. Use --ver‐
346              sion to find out which methods are supported.
347
348       user login
349              Set the user name for authentication. An empty  argument  unsets
350              the user name.
351
352       password secret
353              Set  the  password  for authentication. An empty argument unsets
354              the password.  Consider using the passwordeval command or a  key
355              ring  instead of this command, to avoid storing plain text pass‐
356              words in the configuration file.
357
358       passwordeval [eval]
359              Set the password for authentication to the  output  (stdout)  of
360              the  command  eval.   This  can be used e.g. to decrypt password
361              files on the fly or to query key rings, and thus to avoid  stor‐
362              ing plain text passwords.
363
364       ntlmdomain [domain]
365              Set  a  domain for the ntlm authentication method. This is obso‐
366              lete.
367
368       tls [(on|off)]
369              Enable or disable TLS (also known as SSL)  for  secured  connec‐
370              tions.
371              Transport Layer Security (TLS) "... provides communications pri‐
372              vacy over  the  Internet.   The  protocol  allows  client/server
373              applications to communicate in a way that is designed to prevent
374              eavesdropping,  tampering,  or  message  forgery"  (quote   from
375              RFC2246).
376              A server can use TLS in one of two modes: via a STARTTLS command
377              (the session starts with the normal protocol initialization, and
378              TLS  is  then started using the protocol's STARTTLS command), or
379              immediately (TLS is initialized before the normal protocol  ini‐
380              tialization;  this  requires a separate port). The first mode is
381              the default, but you can switch to the second mode by  disabling
382              tls_starttls.
383              When  TLS is started, the server sends a certificate to identify
384              itself. To verify the  server  identity,  a  client  program  is
385              expected  to  check that the certificate is formally correct and
386              that it was issued by a Certificate Authority (CA) that the user
387              trusts.  (There can also be certificate chains with intermediate
388              CAs.)
389              The list of trusted CAs is specified  using  the  tls_trust_file
390              command.  The default value ist "system" and chooses the system-
391              wide default, but you can also choose the trusted CAs yourself.
392              One practical problem with this approach is that the client pro‐
393              gram  should  also  check  if  the  server  certificate has been
394              revoked for some reason, using  a  Certificate  Revocation  List
395              (CRL).  A  CRL file can be specified using the tls_crl_file com‐
396              mand, but getting the relevant CRL files and keeping them up  to
397              date is not straightforward. You are basically on your own.
398              A  much more serious and fundamental problem is is that you need
399              to trust CAs.  Like any other organization, a CA can be incompe‐
400              tent,  malicious,  subverted by bad people, or forced by govern‐
401              ment agencies to compromise end users without telling them.  All
402              of  these things happened and continue to happen worldwide.  The
403              idea to have central organizations that have to be  trusted  for
404              your communication to be secure is fundamentally broken.
405              Instead of putting trust in a CA, you can choose to trust only a
406              single certificate for the server you want to  connect  to.  For
407              that  purpose, specify the certificate fingerprint with tls_fin‐
408              gerprint. This makes sure that no man-in-the-middle can fake the
409              identity  of  the server by presenting you a fraudulent certifi‐
410              cate issued by some CA that happens to be in  your  trust  list.
411              However,  you have to update the fingerprint whenever the server
412              certificate changes, and you have to make sure that  the  change
413              is  legitimate each time, e.g. when the old certificate expired.
414              This is inconvenient, but it's the price to pay.
415              Information about a server  certificate  can  be  obtained  with
416              --serverinfo --tls --tls-certcheck=off. This includes the issuer
417              CA  of  the  certificate  (so  you  can  trust   that   CA   via
418              tls_trust_file),  and the fingerprint of the certificate (so you
419              can trust that particular certificate via tls_fingerprint).
420              TLS also allows the server to verify the identity of the client.
421              For this purpose, the client has to present a certificate issued
422              by a CA that the server trusts. To present that certificate, the
423              client  also  needs  the matching key file. You can set the cer‐
424              tificate and key files  using  tls_cert_file  and  tls_key_file.
425              This  mechanism  can also be used to authenticate users, so that
426              traditional user / password authentication is not necessary any‐
427              more. See the external mechanism in auth.
428
429       tls_starttls [(on|off)]
430              Choose  the  TLS variant: start TLS from within the session (on,
431              default), or tunnel the session through TLS (off).
432
433       tls_trust_file file
434              Activate server certificate verification using a list of trusted
435              Certification  Authorities  (CAs).  The  default  is the special
436              value "system", which selects the system default. An empty argu‐
437              ment disables trust in CAs.  If you select a file, it must be in
438              PEM format, and you should also use tls_crl_file.
439
440       tls_crl_file [file]
441              Set a certificate revocation list (CRL) file for TLS,  to  check
442              for revoked certificates. An empty argument disables this.
443
444       tls_fingerprint [fingerprint]
445              Set  the  fingerprint of a single certificate to accept for TLS.
446              This certificate will be  trusted  regardless  of  its  contents
447              (this  overrides  tls_trust_file).  The fingerprint should be of
448              type SHA256, but can for backwards compatibility also be of type
449              SHA1   or  MD5  (please  avoid  this).   The  format  should  be
450              01:23:45:67:....   Use  --serverinfo  --tls  --tls-certcheck=off
451              --tls-fingerprint= to get the server certificate fingerprint.
452
453       tls_key_file file
454              Send  a client certificate to the server (use this together with
455              tls_cert_file}).  The file must contain the  private  key  of  a
456              certificate  in PEM format. An empty argument disables this fea‐
457              ture.
458
459       tls_cert_file file
460              Send a client certificate to the server (use this together  with
461              tls_key_file).   The file must contain a certificate in PEM for‐
462              mat. An empty argument disables this feature.
463
464       tls_certcheck [(on|off)]
465              Enable or disable checks of the  server  certificate.  They  are
466              enabled by default.  Disabling them will override tls_trust_file
467              and tls_fingerprint.  WARNING: When the checks are disabled, TLS
468              sessions will not be secure!
469
470       tls_min_dh_prime_bits [bits]
471              Set  or  unset  the  minimum number of Diffie-Hellman (DH) prime
472              bits that mpop will accept for TLS sessions.  The default is set
473              by  the  TLS library and can be selected by using an empty argu‐
474              ment to this command.  Only lower the default  (for  example  to
475              512  bits)  if  there  is no other way to make TLS work with the
476              remote server.
477
478       tls_priorities [priorities]
479              Set the priorities for TLS sessions. The default is set  by  the
480              TLS  library  and  can be selected by using an empty argument to
481              this command.  See the GnuTLS documentation of the gnutls_prior‐
482              ity_init function for a description of the priorities string.
483
484       delivery method method_arguments...
485              How to deliver messages received from this account.
486
487              delivery mda command
488                     Deliver the mails through a mail delivery agent (MDA).
489                     All  occurrences  of  %F  in the command will be replaced
490                     with the envelope from address of the current message (or
491                     MAILER-DAEMON  if  none is found). Note that this address
492                     is guaranteed to contain only letters a-z and A-Z, digits
493                     0-9, and any of ".@_-+/", even though that is only a sub‐
494                     set of what is theoretically allowed in a  mail  address.
495                     Other  characters,  including  those  interpreted  by the
496                     shell, are replaced with "_".  Nevertheless,  you  should
497                     put %F into single quotes: '%F'.
498                     Use "delivery mda /usr/bin/procmail -f '%F' -d $USER" for
499                     the procmail MDA.
500                     Use "delivery mda /usr/sbin/sendmail -oi -oem -f '%F'  --
501                     $USER" to let your MTA handle the mail.
502                     Use  "delivery  mda /usr/local/bin/msmtp --host=localhost
503                     --from='%F' -- $USER@`hostname`.`dnsdomainname`" to  pass
504                     the  mail  to your MTA via SMTP.  (This is what fetchmail
505                     does by default.)
506
507              delivery maildir directory
508                     Deliver the mails to the  given  maildir  directory.  The
509                     directory  must exist and it must have the maildir subdi‐
510                     rectories cur, new, and tmp; mpop will not create  direc‐
511                     tories.  This  delivery  type  only works on file systems
512                     that support hard links.
513
514              delivery mbox mbox-file
515                     Deliver the mails to the given file in mbox  format.  The
516                     file  will  be locked with fcntl(2). mpop uses the MBOXRD
517                     mbox format variant; see the documentation  of  the  mbox
518                     format.
519
520              delivery exchange directory
521                     Deliver the mails to the given Exchange pickup directory.
522                     The directory must exist.
523
524              If the delivery method needs to parse the mail  headers  for  an
525              envelope  from  address  (the mda method if the command contains
526              %F, and the mbox method), then it needs to  create  a  temporary
527              file  to  store  the  mail  headers  (but  not the body) in. See
528              $TMPDIR in the FILES / ENVIRONMENT section.
529
530       uidls_file filename
531              The file to store UIDLs in. These are  needed  to  identify  new
532              messages.   %U  in the filename will be replaced by the username
533              of the current account.  %H in the filename will be replaced  by
534              the  hostname  of the current account.  If the filename contains
535              directories that do not exist,  mpop  will  create  them.   mpop
536              locks  this file for exclusive access when accessing the associ‐
537              ated POP3 account.
538              The default value is "~/.mpop_uidls/%U_at_%H". You can also  use
539              a  single  UIDLS file for multiple accounts, but then you cannot
540              poll more than one of these accounts at the same time.
541
542       only_new [(on|off)]
543              By default, mpop processes only new messages (new  messages  are
544              those that were not already successfully retrieved in an earlier
545              session). If this option is turned off, mpop  will  process  all
546              messages.
547
548       keep [(on|off)]
549              Keep  all  mails  on  the  POP3  server,  never delete them. The
550              default behaviour is to delete mails that have been successfully
551              retrieved or filtered by kill filters.
552
553       killsize (off|size)
554              Mails  larger  than  the  given size will be deleted (unless the
555              keep command is used, in which case they will just be  skipped).
556              The  size argument must be zero or greater. If it is followed by
557              a `k' or an `m', the size  is  measured  in  kibibytes/mebibytes
558              instead  of  bytes.  Note that some POP3 servers report slightly
559              incorrect sizes for mails; see NOTES below.
560              When killsize is set to 0 and keep is set to on, then all  mails
561              are  marked  as  retrieved,  but  no  mail gets deleted from the
562              server. This can be used to synchronize  the  UID  list  on  the
563              client to the UID list on the server.
564
565       skipsize (off|size)
566              Mails  larger  than  the  given  size will be skipped (not down‐
567              loaded).  The size argument must be zero or greater.  If  it  is
568              followed   by  a  `k'  or  an  `m',  the  size  is  measured  in
569              kibibytes/mebibytes instead  of  bytes.   Note  that  some  POP3
570              servers  report  slightly  incorrect  sizes for mails; see NOTES
571              below.
572
573       filter [command]
574              Set a filter which will decide whether  to  retrieve,  skip,  or
575              delete  each  mail by investigating the mail's headers. The POP3
576              server must support the POP3 TOP command for this to  work;  see
577              option --serverinfo above. An empty argument disables filtering.
578              All  occurrences  of %F in the command will be replaced with the
579              envelope from address of the current message  (or  MAILER-DAEMON
580              if none is found).  Note that this address is guaranteed to con‐
581              tain only letters a-z and A-Z, digits 0-9, and any of  ".@_-+/",
582              even  though  that  is  only  a  subset of what is theoretically
583              allowed in a mail address.  Other  characters,  including  those
584              interpreted  by  the shell, are replaced with "_". Nevertheless,
585              you should put %F into single quotes: '%F'.
586              All occurrences of %S in the command will be replaced  with  the
587              size of the current mail as reported by the POP3 server.
588              The  mail  headers  (plus  the blank line separating the headers
589              from the body) will be piped to the command. Based on the return
590              code, mpop decides what to do with the mail:
591              0: proceed normally; no special action
592              1: delete the mail; do not retrieve it
593              2: skip the mail; do not retrieve it
594              Return  codes  greater  than  or  equal  to 3 mean that an error
595              occurred. The sysexits.h error codes may be used to give  infor‐
596              mation about the kind of the error, but this is not necessary.
597
598       received_header [(on|off)]
599              Enable  or  disable  adding  a Received header. By default, mpop
600              prepends a Received header to the mail during delivery. This  is
601              required  by the RFCs if the mail is subsequently further deliv‐
602              ered e.g. via SMTP.
603

FILTERING

605       There are three filtering commands available.  They will be executed in
606       the following order:
607       killsize
608       skipsize
609       filter
610       If  a  filtering  command applies to a mail, the remaining filters will
611       not be executed.
612

EXAMPLES

614       Configuration file
615
616       # Example for a user configuration file ~/.mpoprc
617       #
618       # This file focusses on TLS,  authentication,  and  the  mail  delivery
619       method.
620       #  Features not used here include mail filtering, timeouts, SOCKS prox‐
621       ies,
622       # TLS parameters, and more.
623
624       # Set default values for all following accounts.
625       defaults
626
627       # Always use TLS.
628       tls on
629
630       # Set a list of trusted CAs for TLS. The default is to use system  set‐
631       tings, but
632       # you can select your own file.
633       #tls_trust_file /etc/ssl/certs/ca-certificates.crt
634
635       #  If  you  select  your own file, you should also use the tls_crl_file
636       command to
637       # check for revoked certificates, but unfortunately getting  revocation
638       lists and
639       # keeping them up to date is not straightforward.
640       #tls_crl_file ~/.tls-crls
641
642       # Deliver mail to an MBOX mail file:
643       delivery mbox ~/Mail/inbox
644       # Deliver mail to a maildir folder:
645       #delivery maildir ~/Mail/incoming
646       # Deliver mail via procmail:
647       #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
648       # Deliver mail via the local SMTP server:
649       #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
650       # Deliver mail to an Exchange pickup directory:
651       #delivery exchange c:\exchange\pickup
652
653       # Use an UIDLS file in ~/.local/share instead of ~/.mpop_uidls
654       uidls_file ~/.local/share/%U_at_%H
655
656       # A freemail service
657       account freemail
658
659       # Host name of the POP3 server
660       host pop.freemail.example
661
662       #  As  an  alternative  to  tls_trust_file/tls_crl_file,  you  can  use
663       tls_fingerprint
664       # to pin a single certificate. You have to update the fingerprint  when
665       the
666       #  server  certificate  changes,  but an attacker cannot trick you into
667       accepting
668       # a fraudulent certificate. Get the fingerprint with
669       #     $      mpop      --serverinfo      --tls      --tls-certcheck=off
670       --host=pop.freemail.example
671       #tls_fingerprint  00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
672       :22:33
673
674       # Authentication. The password is given using one of five methods,  see
675       below.
676       user joe.smith
677
678       #  Password  method  1: Add the password to the system keyring, and let
679       mpop get
680       # it automatically. To set the keyring password  using  Gnome's  libse‐
681       cret:
682       # $ secret-tool store --label=mpop \
683       #   host pop.freemail.example \
684       #   service pop3 \
685       #   user joe.smith
686
687       #  Password method 2: Store the password in an encrypted file, and tell
688       mpop
689       # which command to use to decrypt it. This is usually used with  GnuPG,
690       as in
691       #  this  example.  Usually  gpg-agent  will ask once for the decryption
692       password.
693       passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg
694
695       # Password method 3: Store the password directly in this file.  Usually
696       it is not
697       # a good idea to store passwords in plain text files. If you do it any‐
698       way, at
699       # least make sure that this file can only be read by yourself.
700       #password secret123
701
702       # Password method 4: Store the password in  ~/.netrc.  This  method  is
703       probably not
704       # relevant anymore.
705
706       #  Password  method 5: Do not specify a password. Mpop will then prompt
707       you for
708       # it. This means you need to be able to type into a terminal when  mpop
709       runs.
710
711       # A second mail box at the same freemail service
712       account freemail2 : freemail
713       user joey
714
715       # The POP3 server of your ISP
716       account isp
717       host mail.isp.example
718       auth on
719       user 12345
720       # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status:
721       Yes"
722       # header, and delete all mails  with  this  header  before  downloading
723       them.
724       filter    if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit
725       0; fi
726
727       # Set a default account
728       account default : freemail
729
730
731       Filtering with SpamAssassin
732
733       The command filter "/path/to/spamc -c  >  /dev/null"  will  delete  all
734       mails  that  SpamAssassin  thinks  are  spam.  Since no message body is
735       passed to SpamAssassin, you should disable all body-specific  tests  in
736       the SpamAssassin configuration file; for example set use_bayes 0.
737
738       If your mail provider runs SpamAssassin for you, you just have to check
739       for the result. The following script can do that when used as  an  mpop
740       filter:
741       #!/bin/sh
742       if [ "`grep "^X-Spam-Status: Yes"`" ]; then
743           exit 1  # kill this message
744       else
745           exit 0  # proceed normally
746       fi
747       Since  the  filter  command is passed to a shell, you can also use this
748       directly:
749       filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0;
750       fi
751
752
753       Using mpop with Tor
754
755       Use the following settings:
756       proxy_host 127.0.0.1
757       proxy_port 9050
758       tls on
759       Use  an IP address as proxy host name, so that mpop does not leak a DNS
760       query when resolving it.
761       TLS is required to prevent exit hosts from reading your POP3 session.
762
763
764

FILES

766       ~/.mpoprc or $XDG_CONFIG_HOME/mpop/config
767              Default configuration file.
768
769       ~/.mpop_uidls
770              Default directory to store UIDLs files in.
771
772       ~/.netrc and SYSCONFDIR/netrc
773              The netrc file contains login information. Before prompting  for
774              a   password,   msmtp   will   search   it   in   ~/.netrc   and
775              SYSCONFDIR/netrc.
776

ENVIRONMENT

778       $USER, $LOGNAME
779              These variables override the user's login name. $LOGNAME is only
780              used  if  $USER  is  unset.  The  user's  login name is used for
781              Received headers.
782
783       $TMPDIR
784              Directory to create temporary files in. If this is unset, a sys‐
785              tem specific default directory is used.
786

AUTHOR

788       mpop was written by Martin Lambers <marlam@marlam.de>
789       Other  authors  are  listed in the AUTHORS file in the source distribu‐
790       tion.
791

SEE ALSO

793       procmail(1), spamassassin(1), netrc(5) or ftp(1), mbox(5), fcntl(2)
794
795
796
797                                    2019-04                            MPOP(1)
Impressum