1MSMTP(1) General Commands Manual MSMTP(1)
2
3
4
6 msmtp - An SMTP client
7
9 Sendmail mode (default):
10 msmtp [option...] [--] recipient...
11 msmtp [option...] -t [--] [recipient...]
12
13 Configuration mode:
14 msmtp --configure <mailaddress>
15
16 Server information mode:
17 msmtp [option...] --serverinfo
18
19 Remote Message Queue Starting mode:
20 msmtp [option...] --rmqs=host|@domain|#queue
21
23 In the default sendmail mode, msmtp reads a mail from standard input
24 and sends it to an SMTP server for delivery.
25 In server information mode, msmtp prints information about an SMTP
26 server.
27 In Remote Message Queue Starting mode, msmtp sends a Remote Message
28 Queue Starting request for a host, domain, or queue to an SMTP server.
29
31 The standard sendmail exit status codes are used, as defined in sysex‐
32 its.h.
33
35 Options override configuration file settings.
36 They are compatible with sendmail where appropriate.
37
38 General options
39
40 --version
41 Print version information, including information about
42 the libraries used.
43
44 --help Print help.
45
46 -P, --pretend
47 Print the configuration settings that would be used, but
48 do not take further action. An asterisk (`*') will be
49 printed instead of your password.
50
51 -v, -d, --debug
52 Print lots of debugging information, including the whole
53 conversation with the SMTP server. Be careful with this
54 option: the (potentially dangerous) output will not be
55 sanitized, and your password may get printed in an easily
56 decodable format!
57
58 Changing the mode of operation
59
60 --configure=mailaddress
61 Generate a configuration for the given mail address and
62 print it. This can be modified or copied unchanged to the
63 configuration file. Note that this only works for mail
64 domains that publish appropriate SRV records; see RFC
65 8314.
66
67 -S, --serverinfo
68 Print information about the SMTP server and exit. This
69 includes information about supported features (mail size
70 limit, authentication, TLS, DSN, ...) and about the TLS
71 certificate (if TLS is active).
72
73 --rmqs=(host|@domain|#queue)
74 Send a Remote Message Queue Starting request for the
75 given host, domain, or queue to the SMTP server and exit.
76
77 Configuration options
78
79 -C, --file=filename
80 Use the given file instead of ~/.msmtprc or $XDG_CON‐
81 FIG_HOME/msmtp/config as the user configuration file.
82
83 -a, --account=account_name
84 Use the given account instead of the account named
85 "default". The settings of this account may be changed
86 with command line options. This option cannot be used
87 together with the --host option.
88
89 --host=hostname
90 Use this SMTP server with settings from the command line;
91 do not use any configuration file data. This option can‐
92 not be used together with the --account option.
93
94 --port=number
95 Set the port number to connect to. See the port command.
96
97 --source-ip=[IP]
98 Set or unset an IP address to bind the socket to. See the
99 source_ip command.
100
101 --proxy-host=[IP|hostname]
102 Set or unset a SOCKS proxy to use. See the proxy_host
103 command.
104
105 --proxy-port=[number]
106 Set or unset a port number for the proxy host. See the
107 proxy_port command.
108
109 --socket=[socketname]
110 Set or unset a local unix domain socket name to connect
111 to. See the socket command.
112
113 --timeout=(off|seconds)
114 Set or unset a network timeout, in seconds. See the time‐
115 out command.
116
117 --protocol=(smtp|lmtp)
118 Set the protocol. See the protocol command.
119
120 --domain=[string]
121 Set the argument of the SMTP EHLO (or LMTP LHLO) command.
122 See the domain command.
123
124 --auth[=(on|off|method)]
125 Enable or disable authentication and optionally choose
126 the method. See the auth command.
127
128 --user=[username]
129 Set or unset the user name for authentication. See the
130 user command.
131
132 --passwordeval=[eval]
133 Evaluate password for authentication. See the passworde‐
134 val command.
135
136 --tls[=(on|off)]
137 Enable or disable TLS/SSL. See the tls command.
138
139 --tls-starttls[=(on|off)]
140 Enable or disable STARTTLS for TLS. See the tls_starttls
141 command.
142
143 --tls-trust-file=[file]
144 Set or unset a trust file for TLS. See the tls_trust_file
145 command.
146
147 --tls-crl-file=[file]
148 Deprecated. Set or unset a certificate revocation list
149 (CRL) file for TLS. See the tls_crl_file command.
150
151 --tls-fingerprint=[fingerprint]
152 Set or unset the fingerprint of a trusted TLS certifi‐
153 cate. See the tls_fingerprint command.
154
155 --tls-key-file=[file]
156 Set or unset a key file for TLS. See the tls_key_file
157 command.
158
159 --tls-cert-file=[file]
160 Set or unset a cert file for TLS. See the tls_cert_file
161 command.
162
163 --tls-certcheck[=(on|off)]
164 Enable or disable server certificate checks for TLS. See
165 the tls_certcheck command.
166
167 --tls-priorities=[priorities]
168 Set or unset TLS priorities. See the tls_priorities com‐
169 mand.
170
171 --tls-host-override=[host]
172 Set or unset override for TLS host verification. See the
173 tls_host_override command.
174
175 --tls-min-dh-prime-bits=[bits]
176 Deprecated, use --tls-priorities instead. Set or unset
177 minimum bit size of the Diffie-Hellman (DH) prime. See
178 the tls_min_dh_prime_bits command.
179
180 Options specific to sendmail mode
181
182 -f, --from=address
183 Set the envelope-from address.
184 If no account was chosen yet (with --account or --host),
185 this option will choose the first account that has the
186 given envelope-from address (set with the from command).
187 If no such account is found, "default" is used.
188 See the from command for substitution patterns supported
189 in address.
190
191 -N, --dsn-notify=(off|cond)
192 Set or unset DSN notification conditions. See the
193 dsn_notify command.
194
195 -R, --dsn-return=(off|ret)
196 Set or unset the DSN notification amount. See the
197 dsn_return command. Note that hdrs is accepted as an
198 alias for headers to be compatible with sendmail.
199
200 --set-from-header[=(auto|on|off)]
201 Set From header handling. See the set_from_header com‐
202 mand.
203
204 --set-date-header[=(auto|off)]
205 Set Date header handling. See the set_date_header com‐
206 mand.
207
208 --remove-bcc-headers[=(on|off)]
209 Enable or disable the removal of Bcc headers. See the
210 remove_bcc_headers command.
211
212 --undisclosed-recipients[=(on|off)]
213 Enable or disable the replacement of To/Cc/Bcc with "To:
214 undisclosed-recipients:;". See the undisclosed_recipi‐
215 ents command.
216
217 -X, --logfile=[file]
218 Set or unset the log file. See the logfile command.
219
220 --logfile-time-format=[fmt]
221 Set or unset the log file time format. See the log‐
222 file_time_format command.
223
224 --syslog[=(on|off|facility)]
225 Enable or disable syslog logging. See the syslog command.
226
227 -t, --read-recipients
228 Read recipient addresses from the To, Cc, and Bcc headers
229 of the mail in addition to the recipients given on the
230 command line. If any Resent- headers are present, then
231 the addresses from any Resent-To, Resent-Cc, and Resent-
232 Bcc headers in the first block of Resent- headers are
233 used instead.
234
235 --read-envelope-from
236 Read the envelope from address from the From header of
237 the mail.
238
239 --aliases=[file]
240 Set or unset an aliases file. See the aliases command.
241
242 -Fname Msmtp adds a From header to mails that lack it, using the
243 envelope from address. This option allows one to set a
244 full name to be used in that header.
245
246 --auto-from[=(on|off)]
247 Obsolete. See the auto_from command.
248
249 --maildomain=[domain]
250 Obsolete. See the maildomain command.
251
252 -- This marks the end of options. All following arguments
253 will be treated as recipient addresses, even if they
254 start with a `-'.
255
256 The following options are accepted but ignored for sendmail compatibil‐
257 ity:
258 -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
259
261 A suggestion for a suitable configuration file can be generated using
262 the --configure option. Normally, a system wide configuration file
263 and/or a user configuration file contain information about which SMTP
264 server to use and how to use it, but all settings can also be config‐
265 ured on the command line.
266 The information about SMTP servers is organized in accounts. Each
267 account describes one SMTP server: host name, authentication settings,
268 TLS settings, and so on. Each configuration file can define multiple
269 accounts.
270
271 The user can choose which account to use in one of three ways:
272
273 --account=id
274 Use the given account. Command line settings override configura‐
275 tion file settings.
276
277 --host=hostname
278 Use only the settings from the command line; do not use any con‐
279 figuration file data.
280
281 --from=address or --read-envelope-from
282 Choose the first account from the system or user configuration
283 file that has a matching envelope-from address as specified by a
284 from command. This works only when neither --account nor --host
285 is used.
286 Subadresses are supported. For example, the envelope from
287 address user+detail@example.com will match the account for
288 user@example.com.
289
290 If none of the above options is used (or if no account has a matching
291 from command), then the account "default" is used.
292
293 Msmtp transmits mails unaltered to the SMTP server, with the following
294 exceptions:
295 - The Bcc header(s) will be removed. This behavior can be changed with
296 the remove_bcc_headers command and --remove-bcc-headers option.
297 - A From header will be added if the mail does not have one. This can
298 be changed with the set_from_header command and --set-from-header
299 option. The header will use the envelope from address and optionally a
300 full name set with the -F option.
301 - A Date header will be added if the mail does not have one. This can
302 be changed with the set_date_header command and --set-date-header
303 option.
304 - When undisclosed_recipients is set, the original To, Cc, and Bcc
305 headers are removed and replaced with "To: undisclosed-recipients:;".
306
307 Skip to the EXAMPLES section for a quick start.
308
310 If it exists and is readable, a system wide configuration file
311 SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your
312 platform. Use --version to find out which directory is used.
313 If it exists and is readable, a user configuration file will be loaded
314 (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
315 fig by default, but see --version). Accounts defined in the user con‐
316 figuration file override accounts from the system configuration file.
317 Configuration data from either file can be changed by command line
318 options.
319
320 A configuration file is a simple text file. Empty lines and comment
321 lines (whose first non-blank character is `#') are ignored.
322 Every other line must contain a command and may contain an argument to
323 that command.
324 The argument may be enclosed in double quotes ("), for example if its
325 first or last character is a blank.
326 If a file name starts with the tilde (~), this tilde will be replaced
327 by $HOME. If a command accepts the argument on, it also accepts an
328 empty argument and treats that as if it was on.
329 Commands are organized in accounts. Each account starts with the
330 account command and defines the settings for one SMTP account.
331
332 Skip to the EXAMPLES section for a quick start.
333
334 Commands are as follows:
335
336 defaults
337 Set defaults. The following configuration commands will set
338 default values for all following account definitions in the cur‐
339 rent configuration file.
340
341 account name [:account[,...]]
342 Start a new account definition with the given name. The current
343 default values are filled in.
344 If a colon and a list of previously defined accounts is given
345 after the account name, the new account, with the filled in
346 default values, will inherit all settings from the accounts in
347 the list.
348
349 host hostname
350 The SMTP server to send the mail to. The argument may be a host
351 name or a network address. Every account definition must con‐
352 tain this command.
353
354 port number
355 The port that the SMTP server listens on. The default is 25
356 ("smtp"), unless TLS without STARTTLS is used, in which case it
357 is 465 ("smtps").
358
359 source_ip [IP]
360 Set a source IP address to bind the outgoing connection to. Use‐
361 ful only in special cases on multi-home systems. An empty argu‐
362 ment disables this.
363
364 proxy_host [IP|hostname]
365 Use a SOCKS proxy. All network traffic will go through this
366 proxy host, including DNS queries, except for a DNS query that
367 might be necessary to resolve the proxy host name itself (this
368 can be avoided by using an IP address as proxy host name). An
369 empty hostname argument disables proxy usage. The supported
370 SOCKS protocol version is 5. If you want to use this with Tor,
371 see also "Using msmtp with Tor" below.
372
373 proxy_port [number]
374 Set the port number for the proxy host. An empty number argument
375 resets this to the default port.
376
377 socket socketname
378 Set the file name of a unix domain socket to connect to. This
379 overrides both host/port and proxy_host/proxy_port.
380
381 timeout (off|seconds)
382 Set or unset a network timeout, in seconds. The argument off
383 means that no timeout will be set, which means that the operat‐
384 ing system default will be used.
385
386 protocol (smtp|lmtp)
387 Set the protocol to use. Currently only SMTP and LMTP are sup‐
388 ported. SMTP is the default. See the port command above for
389 default ports.
390
391 domain argument
392 Use this command to set the argument of the SMTP EHLO (or LMTP
393 LHLO) command. The default is localhost, which is stupid but
394 usually works. Try to change the default if mails get rejected
395 due to anti-SPAM measures. Possible choices are the domain part
396 of your mail address (provider.example for joe@provider.example)
397 or the fully qualified domain name of your host (if available).
398
399 auth [(on|off|method)]
400 Enable or disable authentication and optionally choose a method
401 to use. The argument on chooses a method automatically.
402 Usually a user name and a password are used for authentication.
403 The user name is specified in the configuration file with the
404 user command. There are five different methods to specify the
405 password:
406 1. Add the password to the system key ring. Currently supported
407 key rings are the Gnome key ring and the Mac OS X Keychain. For
408 the Gnome key ring, use the command secret-tool (part of Gnome's
409 libsecret) to store passwords: secret-tool store --label=msmtp
410 host mail.freemail.example service smtp user joe.smith. On Mac
411 OS X, use the following command: security add-internet-password
412 -s mail.freemail.example -r smtp -a joe.smith -w. In both exam‐
413 ples, replace mail.freemail.example with the SMTP server name,
414 and joe.smith with your user name.
415 2. Store the password in an encrypted files, and use passworde‐
416 val to specify a command to decrypt that file, e.g. using GnuPG.
417 See EXAMPLES.
418 3. Store the password in the configuration file using the pass‐
419 word command. (Usually it is not considered a good idea to
420 store passwords in cleartext files. If you do it anyway, you
421 must make sure that the file can only be read by yourself.)
422 4. Store the password in ~/.netrc. This method is probably obso‐
423 lete.
424 5. Type the password into the terminal when it is required.
425 It is recommended to use method 1 or 2.
426 Multiple authentication methods exist. Most servers support only
427 some of them. Historically, sophisticated methods were devel‐
428 oped to protect passwords from being sent unencrypted to the
429 server, but nowadays everybody needs TLS anyway, so the simple
430 methods suffice since the whole session is protected. A suitable
431 authentication method is chosen automatically, and when TLS is
432 disabled for some reason, only methods that avoid sending clear‐
433 text passwords are considered.
434 The following user / password methods are supported: plain (a
435 simple cleartext method, with base64 encoding, supported by
436 almost all servers), scram-sha-1 (a method that avoids cleartext
437 passwords), cram-md5 (an obsolete method that avoids cleartext
438 passwords, but is not considered secure anymore), digest-md5 (an
439 overcomplicated obsolete method that avoids cleartext passwords,
440 but is not considered secure anymore), login (a non-standard
441 cleartext method similar to but worse than the plain method),
442 ntlm (an obscure non-standard method that is now considered bro‐
443 ken; it sometimes requires a special domain parameter passed via
444 ntlmdomain).
445 There are currently three authentication methods that are not
446 based on user / password information and have to be chosen manu‐
447 ally: oauthbearer or its predecessor xoauth2 (an OAuth2 token
448 from the mail provider is used as the password. See the docu‐
449 mentation of your mail provider for details on how to get this
450 token. The passwordeval command can be used to pass the regu‐
451 larly changing tokens into msmtp from a script or an environment
452 variable), external (the authentication happens outside of the
453 protocol, typically by sending a TLS client certificate, and the
454 method merely confirms that this authentication succeeded), and
455 gssapi (the Kerberos framework takes care of secure authentica‐
456 tion, only a user name is required).
457 It depends on the underlying authentication library and its ver‐
458 sion whether a particular method is supported or not. Use --ver‐
459 sion to find out which methods are supported.
460
461 user login
462 Set the user name for authentication. An empty argument unsets
463 the user name.
464
465 password secret
466 Set the password for authentication. An empty argument unsets
467 the password. Consider using the passwordeval command or a key
468 ring instead of this command, to avoid storing cleartext pass‐
469 words in the configuration file.
470
471 passwordeval [eval]
472 Set the password for authentication to the output (stdout) of
473 the command eval. This can be used e.g. to decrypt password
474 files on the fly or to query key rings, and thus to avoid stor‐
475 ing cleartext passwords.
476 Note that the eval command must not mess with standard input
477 (stdin) because that is where msmtp reads the mail from. If in
478 doubt, append </dev/null to eval.
479
480 ntlmdomain [domain]
481 Set a domain for the ntlm authentication method. This is obso‐
482 lete.
483
484 tls [(on|off)]
485 Enable or disable TLS (also known as SSL) for secured connec‐
486 tions.
487 Transport Layer Security (TLS) "... provides communications pri‐
488 vacy over the Internet. The protocol allows client/server
489 applications to communicate in a way that is designed to prevent
490 eavesdropping, tampering, or message forgery" (quote from
491 RFC2246).
492 A server can use TLS in one of two modes: via a STARTTLS command
493 (the session starts with the normal protocol initialization, and
494 TLS is then started using the protocol's STARTTLS command), or
495 immediately (TLS is initialized before the normal protocol ini‐
496 tialization; this requires a separate port). The first mode is
497 the default, but you can switch to the second mode by disabling
498 tls_starttls.
499 When TLS is started, the server sends a certificate to identify
500 itself. To verify the server identity, a client program is
501 expected to check that the certificate is formally correct and
502 that it was issued by a Certificate Authority (CA) that the user
503 trusts. (There can also be certificate chains with intermediate
504 CAs.)
505 The list of trusted CAs is specified using the tls_trust_file
506 command. The default value ist "system" and chooses the system-
507 wide default, but you can also choose the trusted CAs yourself.
508 A fundamental problem with this is that you need to trust CAs.
509 Like any other organization, a CA can be incompetent, malicious,
510 subverted by bad people, or forced by government agencies to
511 compromise end users without telling them. All of these things
512 happened and continue to happen worldwide. The idea to have
513 central organizations that have to be trusted for your communi‐
514 cation to be secure is fundamentally broken.
515 Instead of putting trust in a CA, you can choose to trust only a
516 single certificate for the server you want to connect to. For
517 that purpose, specify the certificate fingerprint with tls_fin‐
518 gerprint. This makes sure that no man-in-the-middle can fake the
519 identity of the server by presenting you a fraudulent certifi‐
520 cate issued by some CA that happens to be in your trust list.
521 However, you have to update the fingerprint whenever the server
522 certificate changes, and you have to make sure that the change
523 is legitimate each time, e.g. when the old certificate expired.
524 This is inconvenient, but it's the price to pay.
525 Information about a server certificate can be obtained with
526 --serverinfo --tls --tls-certcheck=off. This includes the issuer
527 CA of the certificate (so you can trust that CA via
528 tls_trust_file), and the fingerprint of the certificate (so you
529 can trust that particular certificate via tls_fingerprint).
530 TLS also allows the server to verify the identity of the client.
531 For this purpose, the client has to present a certificate issued
532 by a CA that the server trusts. To present that certificate, the
533 client also needs the matching key file. You can set the cer‐
534 tificate and key files using tls_cert_file and tls_key_file.
535 This mechanism can also be used to authenticate users, so that
536 traditional user / password authentication is not necessary any‐
537 more. See the external mechanism in auth.
538 You can also use client certificates stored on some external
539 authentication device by specifying GnuTLS device URIs in
540 tls_cert_file and tls_key_file. You can find the correct URIs
541 using p11tool --list-privkeys --login (p11tool is bundled with
542 GnuTLS). If your device requires a PIN to access the data, you
543 can specify that using one of the password mechanisms (e.g.
544 passwordeval, password).
545
546 tls_starttls [(on|off)]
547 Choose the TLS variant: start TLS from within the session (on,
548 default), or tunnel the session through TLS (off).
549
550 tls_trust_file file
551 Activate server certificate verification using a list of trusted
552 Certification Authorities (CAs). The default is the special
553 value "system", which selects the system default. An empty argu‐
554 ment disables trust in CAs. If you select a file, it must be in
555 PEM format, and you should also use tls_crl_file.
556
557 tls_crl_file [file]
558 Deprecated. This sets a certificate revocation list (CRL) file
559 for TLS, to check for revoked certificates (an empty argument,
560 which is the default, disables this). Nowadays automatic OCSP
561 checks replace CRL file checks.
562
563 tls_fingerprint [fingerprint]
564 Set the fingerprint of a single certificate to accept for TLS.
565 This certificate will be trusted regardless of its contents
566 (this overrides tls_trust_file). The fingerprint should be of
567 type SHA256, but can for backwards compatibility also be of type
568 SHA1 or MD5 (please avoid this). The format should be
569 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
570 --tls-fingerprint= to get the server certificate fingerprint.
571
572 tls_key_file file
573 Send a client certificate to the server (use this together with
574 tls_cert_file}). The file must contain the private key of a
575 certificate in PEM format. An empty argument disables this fea‐
576 ture.
577
578 tls_cert_file file
579 Send a client certificate to the server (use this together with
580 tls_key_file). The file must contain a certificate in PEM for‐
581 mat. An empty argument disables this feature.
582
583 tls_certcheck [(on|off)]
584 Enable or disable checks of the server certificate. They are
585 enabled by default. Disabling them will override tls_trust_file
586 and tls_fingerprint. WARNING: When the checks are disabled, TLS
587 sessions will not be secure!
588
589 tls_priorities [priorities]
590 Set priorities for TLS session parameters. The default is set by
591 the TLS library and can be selected by using an empty argument
592 to this command. The interpretation of the priorities string
593 depends on the TLS library. Use --version to find out which TLS
594 library you use.
595 For GnuTLS, see the section on Priority Strings in the manual.
596 For libtls, the priorites string is a space-separated list of
597 parameter strings prefixed with either PROTOCOLS=, CIPHERS=, or
598 ECDHECURVES=. These parameter strings will be passed to the
599 functions tls_config_parse_protocols, tls_config_set_ciphers,
600 and tls_config_set_ecdhecurves. Unrecognized parts of the prior‐
601 ities string will be ignored. Example: "PROTOCOLS=TLSv1.3
602 CIPHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384".
603
604 tls_host_override [host]
605 By default, TLS host verification uses the host name given by
606 the host command. This command allows one to use a different
607 host name for verification. This is only useful in special
608 cases.
609
610 tls_min_dh_prime_bits [bits]
611 Deprecated, use tls_priorities instead. Set or unset the mini‐
612 mum number of Diffie-Hellman (DH) prime bits accepted for TLS
613 sessions. The default is set by the TLS library and can be
614 selected by using an empty argument to this command. Only lower
615 the default (for example to 512 bits) if there is no other way
616 to make TLS work with the remote server.
617
618 from envelope_from
619 Set the envelope-from address. The following substitution pat‐
620 terns are supported:
621 %U will be replaced by $USER, or if that fails by $LOGNAME, or
622 if that fails by the login name of the user running msmtp.
623 %H will be replaced by $HOSTNAME, or if that fails by the host
624 name of the system.
625 %C will be replaced by the canonical name of %H.
626 %M will be replaced by the contents of /etc/mailname (poten‐
627 tially a different directory is used depending on the build con‐
628 figuration; see the output of msmtp --version and look for the
629 location of the system configuration file).
630 Note that the obsolete auto_from command replaces this envelope-
631 from address.
632
633 dsn_notify (off|condition)
634 This command sets the condition(s) under which the mail system
635 should send DSN (Delivery Status Notification) messages. The
636 argument off disables explicit DSN requests, which means the
637 mail system decides when to send DSN messages. This is the
638 default. The condition must be never, to never request notifi‐
639 cation, or a comma separated list (no spaces!) of one or more of
640 the following: failure, to request notification on transmission
641 failure, delay, to be notified of message delays, success, to be
642 notified of successful transmission. The SMTP server must sup‐
643 port the DSN extension.
644
645 dsn_return (off|amount)
646 This command controls how much of a mail should be returned in
647 DSN (Delivery Status Notification) messages. The argument off
648 disables explicit DSN requests, which means the mail system
649 decides how much of a mail it returns in DSN messages. This is
650 the default. The amount must be headers, to just return the
651 message headers, or full, to return the full mail. The SMTP
652 server must support the DSN extension.
653
654 set_from_header [(auto|on|off)]
655 When to set a From header: auto adds a From header if the mail
656 does not have one (this is the default), on always sets a From
657 header and overrides any existing one, and off never sets a From
658 header.
659 If the mail server rejects the mail because its From header does
660 not match the envelope from address (a common anti-spam mea‐
661 sure), then you might want to set this option to on.
662 For compatibility with older versions, add_missing_from_header
663 [(on|off)] is still supported and corresponds to the auto and
664 off settings.
665
666 set_date_header [(on|off)]
667 When to set a Date header: auto adds a Date header if the mail
668 does not have one (this is the default), and off never sets a
669 Date header.
670 For compatibility with older versions, add_missing_date_header
671 [(on|off)] is still supported and corresponds to the auto and
672 off settings.
673
674 remove_bcc_headers [(on|off)]
675 This command controls whether to remove Bcc headers. The default
676 is to remove them.
677
678 undisclosed_recipients [(on|off)]
679 When set, the original To, Cc, and Bcc headers of the mail are
680 removed and a single new header line "To: undisclosed-recipi‐
681 ents:;" is added. The default setting is off.
682
683 logfile [file]
684 An empty argument disables logging (this is the default).
685 When logging is enabled by choosing a log file, msmtp will
686 append one line to the log file for each mail it tries to send
687 via the account that this log file was chosen for.
688 The line will include the following information: date and time
689 in the format specified by logfile_time_format, host name of the
690 SMTP server, whether TLS was used, whether authentication was
691 used, authentication user name (only if authentication is used),
692 envelope-from address, recipient addresses, size of the mail as
693 transferred to the server (only if the delivery succeeded), SMTP
694 status code and SMTP error message (only in case of failure and
695 only if available), error message (only in case of failure and
696 only if available), exit code (from sysexits.h; EX_OK indicates
697 success).
698 If the filename is a dash (-), msmtp prints the log line to the
699 standard output.
700
701 logfile_time_format [fmt]
702 Set or unset the log file time format. This will be used as the
703 format string for the strftime() function. An empty argument
704 chooses the default ("%b %d %H:%M:%S").
705
706 syslog [(on|off|facility)]
707 Enable or disable syslog logging. The facility can be one of
708 LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default is
709 LOG_USER.
710 Each time msmtp tries to send a mail via the account that con‐
711 tains this syslog command, it will log one entry to the syslog
712 service with the chosen facility.
713 The line will include the following information: host name of
714 the SMTP server, whether TLS was used, whether authentication
715 was used, envelope-from address, recipient addresses, size of
716 the mail as transferred to the server (only if the delivery suc‐
717 ceeded), SMTP status code and SMTP error message (only in case
718 of failure and only if available), error message (only in case
719 of failure and only if available), exit code (from sysexits.h;
720 EX_OK indicates success).
721
722 aliases [file]
723 Replace local recipients with addresses in the aliases file.
724 The aliases file is a cleartext file containing mappings between
725 a local address and a list of replacement addresses. The map‐
726 pings are of the form:
727 local: someone@example.com, person@domain.example
728 Multiple replacement addresses are separated with commas. Com‐
729 ments start with `#' and continue to the end of the line.
730 The local address default has special significance and is
731 matched if the local address is not found in the aliases file.
732 If no default alias is found, then the local address is left as
733 is.
734 An empty argument to the aliases command disables the replace‐
735 ment of local addresses. This is the default.
736
737 auto_from [(on|off)]
738 Obsolete; you can achieve the same and more using the substitu‐
739 tion patterns of the from command.
740 Enable or disable automatic envelope-from addresses. The default
741 is off. When enabled, an envelope-from address of the form
742 user@domain will be generated. The local part will be set to
743 USER or, if that fails, to LOGNAME or, if that fails, to the
744 login name of the current user. The domain part can be set with
745 the maildomain command. If the maildomain is empty, the enve‐
746 lope-from address will only consist of the user name and not
747 have a domain part. When auto_from is disabled, the envelope-
748 from address must be set explicitly.
749
750 maildomain [domain]
751 Obsolete; you can achieve the same and more using the substitu‐
752 tion patterns of the from command.
753 Set a domain part for the generation of an envelope-from
754 address. This is only used when auto_from is on. The domain may
755 be empty.
756
758 Configuration file
759
760 # Example for a user configuration file ~/.msmtprc
761 #
762 # This file focusses on TLS and authentication. Features not used here
763 include
764 # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status
765 Notification
766 # (DSN) settings, and more.
767
768 # Set default values for all following accounts.
769 defaults
770
771 # Use the mail submission port 587 instead of the SMTP port 25.
772 port 587
773
774 # Always use TLS.
775 tls on
776
777 # Set a list of trusted CAs for TLS. The default is to use system set‐
778 tings, but
779 # you can select your own file.
780 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
781
782 # A freemail service
783 account freemail
784
785 # Host name of the SMTP server
786 host smtp.freemail.example
787
788 # As an alternative to tls_trust_file, you can use tls_fingerprint
789 # to pin a single certificate. You have to update the fingerprint when
790 the
791 # server certificate changes, but an attacker cannot trick you into
792 accepting
793 # a fraudulent certificate. Get the fingerprint with
794 # $ msmtp --serverinfo --tls --tls-certcheck=off
795 --host=smtp.freemail.example
796 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
797 :22:33
798
799 # Envelope-from address
800 from joe_smith@freemail.example
801
802 # Authentication. The password is given using one of five methods, see
803 below.
804 auth on
805 user joe.smith
806
807 # Password method 1: Add the password to the system keyring, and let
808 msmtp get
809 # it automatically. To set the keyring password using Gnome's libse‐
810 cret:
811 # $ secret-tool store --label=msmtp \
812 # host smtp.freemail.example \
813 # service smtp \
814 # user joe.smith
815
816 # Password method 2: Store the password in an encrypted file, and tell
817 msmtp
818 # which command to use to decrypt it. This is usually used with GnuPG,
819 as in
820 # this example. Usually gpg-agent will ask once for the decryption
821 password.
822 passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
823
824 # Password method 3: Store the password directly in this file. Usually
825 it is not
826 # a good idea to store passwords in cleartext files. If you do it any‐
827 way, at
828 # least make sure that this file can only be read by yourself.
829 #password secret123
830
831 # Password method 4: Store the password in ~/.netrc. This method is
832 probably not
833 # relevant anymore.
834
835 # Password method 5: Do not specify a password. Msmtp will then prompt
836 you for
837 # it. This means you need to be able to type into a terminal when msmtp
838 runs.
839
840 # A second mail address at the same freemail service
841 account freemail2 : freemail
842 from joey@freemail.example
843
844 # The SMTP server of your ISP
845 account isp
846 host mail.isp.example
847 from smithjoe@isp.example
848 auth on
849 user 12345
850
851 # Set a default account
852 account default : freemail
853
854
855 Using msmtp with Mutt
856
857 Create a configuration file for msmtp and add the following lines to
858 your Mutt configuration file:
859 set sendmail="/path/to/msmtp"
860 set use_from=yes
861 set realname="Your Name"
862 set from=you@example.com
863 set envelope_from=yes
864 The envelope_from=yes option lets Mutt use the -f option of msmtp.
865 Therefore msmtp chooses the first account that matches the from address
866 you@example.com.
867 Alternatively, you can use the -a option:
868 set sendmail="/path/to/msmtp -a my-account"
869 Or set everything from the command line (but note that you cannot set a
870 password this way):
871 set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls
872 --tls-trust-file=trust.crt"
873
874 If you have multiple mail accounts in your msmtp configuration file and
875 let Mutt use the -f option to choose the right one, you can easily
876 switch accounts in Mutt with the following Mutt configuration lines:
877 macro generic "<esc>1" ":set from=you@example.com"
878 macro generic "<esc>2" ":set from=you@your-employer.example"
879 macro generic "<esc>3" ":set from=you@some-other-provider.example"
880
881
882 Using msmtp with mail
883
884 Define a default account, and put the following in your ~/.mailrc:
885 set sendmail="/path/to/msmtp"
886
887
888 Using msmtp with Tor
889
890 Use the following settings:
891 proxy_host 127.0.0.1
892 proxy_port 9050
893 tls on
894 Use an IP address as proxy host name, so that msmtp does not leak a DNS
895 query when resolving it.
896 TLS is required to prevent exit hosts from reading your SMTP session.
897 Do not set domain to something that you do not want to reveal (do not
898 set it at all if possible).
899
900
901 Aliases file
902
903 # Example aliases file
904
905 # Send root to Joe and Jane
906 root: joe_smith@example.com, jane_chang@example.com
907
908 # Send cron to Mark
909 cron: mark_jones@example.com
910
911 # Send everything else to admin
912 default: admin@domain.example
913
914
916 SYSCONFDIR/msmtprc
917 System configuration file. Use --version to find out what
918 SYSCONFDIR is on your platform.
919
920 ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
921 User configuration file.
922
923 ~/.netrc and SYSCONFDIR/netrc
924 The netrc file contains login information. Before prompting for
925 a password, msmtp will search it in ~/.netrc and
926 SYSCONFDIR/netrc.
927
929 USER, LOGNAME
930 These variables override the user's login name when constructing
931 an envelope-from address. LOGNAME is only used if USER is unset.
932
933 TMPDIR Directory to create temporary files in. If this is unset, a sys‐
934 tem specific default directory is used.
935 A temporary file is only created when the -t/--read-recipients
936 or --read-envelope-from option is used. The file is then used to
937 buffer the headers of the mail (but not the body, so the file
938 won't get very large).
939
940 EMAIL, SMTPSERVER
941 These environment variables are used only if neither --host nor
942 --account is used and there is no default account defined in the
943 configuration files. In this case, the host name is taken from
944 SMTPSERVER, and the envelope from address is taken from EMAIL,
945 unless overridden by --from or --read-envelope-from. Currently
946 SMTPSERVER must contain a plain host name (no URL), and EMAIL
947 must contain a plain address (no names or additional informa‐
948 tion).
949
951 msmtp was written by Martin Lambers <marlam@marlam.de>.
952 Other authors are listed in the AUTHORS file in the source distribu‐
953 tion.
954
956 sendmail(8), netrc(5) or ftp(1)
957
958
959
960 2020-10 MSMTP(1)