1MSMTP(1)                    General Commands Manual                   MSMTP(1)
2
3
4

NAME

6       msmtp - An SMTP client
7

SYNOPSIS

9       Sendmail mode (default):
10              msmtp [option...] [--] recipient...
11              msmtp [option...] -t [--] [recipient...]
12
13       Configuration mode:
14              msmtp --configure <mailaddress>
15
16       Server information mode:
17              msmtp [option...] --serverinfo
18
19       Remote Message Queue Starting mode:
20              msmtp [option...] --rmqs=host|@domain|#queue
21

DESCRIPTION

23       In  the  default  sendmail mode, msmtp reads a mail from standard input
24       and sends it to an SMTP server for delivery.
25       In server information mode, msmtp  prints  information  about  an  SMTP
26       server.
27       In  Remote  Message  Queue  Starting mode, msmtp sends a Remote Message
28       Queue Starting request for a host, domain, or queue to an SMTP server.
29

EXIT STATUS

31       The standard sendmail exit status codes are used, as defined in  sysex‐
32       its.h.
33

OPTIONS

35       Options override configuration file settings.
36       They are compatible with sendmail where appropriate.
37
38       General options
39
40              --version
41                     Print  version  information,  including information about
42                     the libraries used.
43
44              --help Print help.
45
46              -P, --pretend
47                     Print the configuration settings that would be used,  but
48                     do  not  take  further action.  An asterisk (`*') will be
49                     printed instead of your password.
50
51              -v, -d, --debug
52                     Print lots of debugging information, including the  whole
53                     conversation  with  the SMTP server. Be careful with this
54                     option: the (potentially dangerous) output  will  not  be
55                     sanitized, and your password may get printed in an easily
56                     decodable format!
57
58       Changing the mode of operation
59
60              --configure=mailaddress
61                     Generate a configuration for the given mail  address  and
62                     print it. This can be modified or copied unchanged to the
63                     configuration file.  Note that this only works  for  mail
64                     domains  that  publish  appropriate  SRV records; see RFC
65                     8314.
66
67              -S, --serverinfo
68                     Print information about the SMTP server  and  exit.  This
69                     includes  information about supported features (mail size
70                     limit, authentication, TLS, DSN, ...) and about  the  TLS
71                     certificate (if TLS is active).
72
73              --rmqs=(host|@domain|#queue)
74                     Send  a  Remote  Message  Queue  Starting request for the
75                     given host, domain, or queue to the SMTP server and exit.
76
77       Configuration options
78
79              -C, --file=filename
80                     Use the given file instead  of  ~/.msmtprc  or  $XDG_CON‐
81                     FIG_HOME/msmtp/config as the user configuration file.
82
83              -a, --account=account_name
84                     Use  the  given account instead of the account named "de‐
85                     fault". The settings of this account may be changed  with
86                     command line options. This option cannot be used together
87                     with the --host option.
88
89              --host=hostname
90                     Use this SMTP server with settings from the command line;
91                     do  not use any configuration file data. This option can‐
92                     not be used together with the --account option.
93
94              --port=number
95                     Set the port number to connect to. See the port command.
96
97              --source-ip=[IP]
98                     Set or unset an IP address to bind the socket to. See the
99                     source_ip command.
100
101              --proxy-host=[IP|hostname]
102                     Set  or  unset  a  SOCKS proxy to use. See the proxy_host
103                     command.
104
105              --proxy-port=[number]
106                     Set or unset a port number for the proxy  host.  See  the
107                     proxy_port command.
108
109              --socket=[socketname]
110                     Set  or  unset a local unix domain socket name to connect
111                     to. See the socket command.
112
113              --timeout=(off|seconds)
114                     Set or unset a network timeout, in seconds. See the time‐
115                     out command.
116
117              --protocol=(smtp|lmtp)
118                     Set the protocol. See the protocol command.
119
120              --domain=[string]
121                     Set the argument of the SMTP EHLO (or LMTP LHLO) command.
122                     See the domain command.
123
124              --auth[=(on|off|method)]
125                     Enable or disable authentication  and  optionally  choose
126                     the method.  See the auth command.
127
128              --user=[username]
129                     Set  or  unset  the user name for authentication. See the
130                     user command.
131
132              --passwordeval=[eval]
133                     Evaluate password for authentication. See the  passworde‐
134                     val command.
135
136              --tls[=(on|off)]
137                     Enable or disable TLS/SSL. See the tls command.
138
139              --tls-starttls[=(on|off)]
140                     Enable  or disable STARTTLS for TLS. See the tls_starttls
141                     command.
142
143              --tls-trust-file=[file]
144                     Set or unset a trust file for TLS. See the tls_trust_file
145                     command.
146
147              --tls-crl-file=[file]
148                     Deprecated.  Set  or  unset a certificate revocation list
149                     (CRL) file for TLS. See the tls_crl_file command.
150
151              --tls-fingerprint=[fingerprint]
152                     Set or unset the fingerprint of a  trusted  TLS  certifi‐
153                     cate. See the tls_fingerprint command.
154
155              --tls-key-file=[file]
156                     Set  or  unset  a  key file for TLS. See the tls_key_file
157                     command.
158
159              --tls-cert-file=[file]
160                     Set or unset a cert file for TLS. See  the  tls_cert_file
161                     command.
162
163              --tls-certcheck[=(on|off)]
164                     Enable  or disable server certificate checks for TLS. See
165                     the tls_certcheck command.
166
167              --tls-priorities=[priorities]
168                     Set or unset TLS priorities. See the tls_priorities  com‐
169                     mand.
170
171              --tls-host-override=[host]
172                     Set  or unset override for TLS host verification. See the
173                     tls_host_override command.
174
175              --tls-min-dh-prime-bits=[bits]
176                     Deprecated, use --tls-priorities instead.  Set  or  unset
177                     minimum  bit  size  of the Diffie-Hellman (DH) prime. See
178                     the tls_min_dh_prime_bits command.
179
180       Options specific to sendmail mode
181
182              -f, --from=address
183                     Set the envelope-from address.
184                     If no account was chosen yet (with --account or  --host),
185                     this  option  will  choose the first account that has the
186                     given envelope-from address (set with the from  command).
187                     If no such account is found, "default" is used.
188                     See  the from command for substitution patterns supported
189                     in address.
190
191              -N, --dsn-notify=(off|cond)
192                     Set or unset DSN notification conditions. See the dsn_no‐
193                     tify command.
194
195              -R, --dsn-return=(off|ret)
196                     Set or unset the DSN notification amount. See the dsn_re‐
197                     turn command.  Note that hdrs is accepted as an alias for
198                     headers to be compatible with sendmail.
199
200              --set-from-header[=(auto|on|off)]
201                     Set  From  header  handling. See the set_from_header com‐
202                     mand.
203
204              --set-date-header[=(auto|off)]
205                     Set Date header handling. See  the  set_date_header  com‐
206                     mand.
207
208              --remove-bcc-headers[=(on|off)]
209                     Enable or disable the removal of Bcc headers. See the re‐
210                     move_bcc_headers command.
211
212              --undisclosed-recipients[=(on|off)]
213                     Enable or disable the replacement of To/Cc/Bcc with  "To:
214                     undisclosed-recipients:;".   See  the undisclosed_recipi‐
215                     ents command.
216
217              -X, --logfile=[file]
218                     Set or unset the log file. See the logfile command.
219
220              --logfile-time-format=[fmt]
221                     Set or unset the log  file  time  format.  See  the  log‐
222                     file_time_format command.
223
224              --syslog[=(on|off|facility)]
225                     Enable or disable syslog logging. See the syslog command.
226
227              -t, --read-recipients
228                     Read recipient addresses from the To, Cc, and Bcc headers
229                     of the mail in addition to the recipients  given  on  the
230                     command  line.   If any Resent- headers are present, then
231                     the addresses from any Resent-To, Resent-Cc, and  Resent-
232                     Bcc  headers  in  the  first block of Resent- headers are
233                     used instead.
234
235              --read-envelope-from
236                     Read the envelope from address from the  From  header  of
237                     the mail.
238
239              --aliases=[file]
240                     Set or unset an aliases file. See the aliases command.
241
242              -Fname Msmtp adds a From header to mails that lack it, using the
243                     envelope from address. This option allows one  to  set  a
244                     full name to be used in that header.
245
246              --auto-from[=(on|off)]
247                     Obsolete. See the auto_from command.
248
249              --maildomain=[domain]
250                     Obsolete. See the maildomain command.
251
252              --     This  marks  the  end of options. All following arguments
253                     will be treated as  recipient  addresses,  even  if  they
254                     start with a `-'.
255
256       The following options are accepted but ignored for sendmail compatibil‐
257       ity:
258       -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
259

USAGE

261       A suggestion for a suitable configuration file can be  generated  using
262       the  --configure  option.   Normally,  a system wide configuration file
263       and/or a user configuration file contain information about  which  SMTP
264       server  to  use and how to use it, but all settings can also be config‐
265       ured on the command line.
266       The information about SMTP servers is organized in accounts.  Each  ac‐
267       count  describes  one  SMTP server: host name, authentication settings,
268       TLS settings, and so on. Each configuration file  can  define  multiple
269       accounts.
270
271       The user can choose which account to use in one of three ways:
272
273       --account=id
274              Use the given account. Command line settings override configura‐
275              tion file settings.
276
277       --host=hostname
278              Use only the settings from the command line; do not use any con‐
279              figuration file data.
280
281       --from=address or --read-envelope-from
282              Choose  the  first account from the system or user configuration
283              file that has a matching envelope-from address as specified by a
284              from  command. This works only when neither --account nor --host
285              is used.
286              Subadresses are supported. For example, the  envelope  from  ad‐
287              dress   user+detail@example.com   will  match  the  account  for
288              user@example.com.
289
290       If none of the above options is used (or if no account has  a  matching
291       from command), then the account "default" is used.
292
293       Msmtp  transmits mails unaltered to the SMTP server, with the following
294       exceptions:
295       - The Bcc header(s) will be removed. This behavior can be changed  with
296       the remove_bcc_headers command and --remove-bcc-headers option.
297       -  A  From header will be added if the mail does not have one. This can
298       be changed with the set_from_header command and  --set-from-header  op‐
299       tion.   The  header will use the envelope from address and optionally a
300       full name set with the -F option.
301       - A Date header will be added if the mail does not have one.  This  can
302       be  changed  with the set_date_header command and --set-date-header op‐
303       tion.
304       - When undisclosed_recipients is set, the  original  To,  Cc,  and  Bcc
305       headers are removed and replaced with "To: undisclosed-recipients:;".
306
307       Skip to the EXAMPLES section for a quick start.
308

CONFIGURATION FILES

310       If  it  exists  and  is  readable,  a  system  wide  configuration file
311       SYSCONFDIR/msmtprc will be loaded, where  SYSCONFDIR  depends  on  your
312       platform.  Use --version to find out which directory is used.
313       If  it exists and is readable, a user configuration file will be loaded
314       (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
315       fig  by  default, but see --version). Accounts defined in the user con‐
316       figuration file override accounts from the system configuration file.
317       Configuration data from either file can be changed by command line  op‐
318       tions.
319
320       A  configuration  file  is a simple text file.  Empty lines and comment
321       lines (whose first non-blank character is `#') are ignored.
322       Every other line must contain a command and may contain an argument  to
323       that command.
324       The  argument  may be enclosed in double quotes ("), for example if its
325       first or last character is a blank.
326       If a file name starts with the tilde (~), this tilde will  be  replaced
327       by  $HOME.   If  a  command accepts the argument on, it also accepts an
328       empty argument and treats that as if it was on.
329       Commands are organized in accounts. Each account starts  with  the  ac‐
330       count command and defines the settings for one SMTP account.
331
332       Skip to the EXAMPLES section for a quick start.
333
334       Commands are as follows:
335
336       defaults
337              Set  defaults. The following configuration commands will set de‐
338              fault values for all following account definitions in  the  cur‐
339              rent configuration file.
340
341       account name [:account[,...]]
342              Start  a new account definition with the given name. The current
343              default values are filled in.
344              If a colon and a list of previously defined  accounts  is  given
345              after  the account name, the new account, with the filled in de‐
346              fault values, will inherit all settings from the accounts in the
347              list.
348
349       host hostname
350              The SMTP server to send the mail to.  The argument may be a host
351              name or a network address.  Every account definition  must  con‐
352              tain this command.
353
354       port number
355              The  port  that  the  SMTP server listens on.  The default is 25
356              ("smtp"), unless TLS without STARTTLS is used, in which case  it
357              is 465 ("smtps").
358
359       source_ip [IP]
360              Set a source IP address to bind the outgoing connection to. Use‐
361              ful only in special cases on multi-home systems. An empty  argu‐
362              ment disables this.
363
364       proxy_host [IP|hostname]
365              Use  a  SOCKS  proxy.  All  network traffic will go through this
366              proxy host, including DNS queries, except for a DNS  query  that
367              might  be  necessary to resolve the proxy host name itself (this
368              can be avoided by using an IP address as proxy  host  name).  An
369              empty  hostname  argument  disables  proxy usage.  The supported
370              SOCKS protocol version is 5. If you want to use this  with  Tor,
371              see also "Using msmtp with Tor" below.
372
373       proxy_port [number]
374              Set the port number for the proxy host. An empty number argument
375              resets this to the default port.
376
377       socket socketname
378              Set the file name of a unix domain socket to  connect  to.  This
379              overrides both host/port and proxy_host/proxy_port.
380
381       timeout (off|seconds)
382              Set  or  unset  a  network timeout, in seconds. The argument off
383              means that no timeout will be set, which means that the  operat‐
384              ing system default will be used.
385
386       protocol (smtp|lmtp)
387              Set  the  protocol to use. Currently only SMTP and LMTP are sup‐
388              ported. SMTP is the default. See the port command above for  de‐
389              fault ports.
390
391       domain argument
392              Use  this  command to set the argument of the SMTP EHLO (or LMTP
393              LHLO) command.  The default is localhost, which  is  stupid  but
394              usually  works.  Try to change the default if mails get rejected
395              due to anti-SPAM measures. Possible choices are the domain  part
396              of your mail address (provider.example for joe@provider.example)
397              or the fully qualified domain name of your host (if available).
398
399       auth [(on|off|method)]
400              Enable or disable authentication and optionally choose a  method
401              to use. The argument on chooses a method automatically.
402              Usually  a user name and a password are used for authentication.
403              The user name is specified in the configuration  file  with  the
404              user  command.  There  are five different methods to specify the
405              password:
406              1. Add the password to the system key ring.  Currently supported
407              key rings are the Gnome key ring and the Mac OS X Keychain.  For
408              the Gnome key ring, use the command secret-tool (part of Gnome's
409              libsecret)  to  store passwords: secret-tool store --label=msmtp
410              host mail.freemail.example service smtp user joe.smith.  On  Mac
411              OS  X, use the following command: security add-internet-password
412              -s mail.freemail.example -r smtp -a joe.smith -w.  In both exam‐
413              ples,  replace  mail.freemail.example with the SMTP server name,
414              and joe.smith with your user name.
415              2. Store the password in an encrypted files, and use  passworde‐
416              val to specify a command to decrypt that file, e.g. using GnuPG.
417              See EXAMPLES.
418              3. Store the password in the configuration file using the  pass‐
419              word  command.   (Usually  it  is  not considered a good idea to
420              store passwords in cleartext files.  If you do  it  anyway,  you
421              must make sure that the file can only be read by yourself.)
422              4. Store the password in ~/.netrc. This method is probably obso‐
423              lete.
424              5. Type the password into the terminal when it is required.
425              It is recommended to use method 1 or 2.
426              Multiple authentication methods exist. Most servers support only
427              some  of  them.  Historically, sophisticated methods were devel‐
428              oped to protect passwords from being  sent  unencrypted  to  the
429              server,  but  nowadays everybody needs TLS anyway, so the simple
430              methods suffice since the whole session is protected. A suitable
431              authentication  method  is chosen automatically, and when TLS is
432              disabled for some reason, only methods that avoid sending clear‐
433              text passwords are considered.
434              The  following  user  / password methods are supported: plain (a
435              simple cleartext method, with base64 encoding, supported by  al‐
436              most  all  servers), scram-sha-1 (a method that avoids cleartext
437              passwords),  scram-sha-256  (same  but  with   stronger   hash),
438              cram-md5  (an  obsolete  method that avoids cleartext passwords,
439              but is not considered secure anymore), digest-md5  (an  overcom‐
440              plicated obsolete method that avoids cleartext passwords, but is
441              not considered secure anymore), login (a non-standard  cleartext
442              method similar to but worse than the plain method), ntlm (an ob‐
443              scure non-standard method that  is  now  considered  broken;  it
444              sometimes requires a special domain parameter passed via ntlmdo‐
445              main).
446              There are currently three authentication methods  that  are  not
447              based on user / password information and have to be chosen manu‐
448              ally: oauthbearer or its predecessor xoauth2  (an  OAuth2  token
449              from  the  mail provider is used as the password.  See the docu‐
450              mentation of your mail provider for details on how to  get  this
451              token.  The  passwordeval  command can be used to pass the regu‐
452              larly changing tokens into msmtp from a script or an environment
453              variable),  external  (the authentication happens outside of the
454              protocol, typically by sending a TLS client certificate, and the
455              method  merely confirms that this authentication succeeded), and
456              gssapi (the Kerberos framework takes care of secure  authentica‐
457              tion, only a user name is required).
458              It depends on the underlying authentication library and its ver‐
459              sion whether a particular method is supported or not. Use --ver‐
460              sion to find out which methods are supported.
461
462       user login
463              Set  the  user name for authentication. An empty argument unsets
464              the user name.
465
466       password secret
467              Set the password for authentication. An  empty  argument  unsets
468              the  password.  Consider using the passwordeval command or a key
469              ring instead of this command, to avoid storing  cleartext  pass‐
470              words in the configuration file.
471
472       passwordeval [eval]
473              Set  the  password  for authentication to the output (stdout) of
474              the command eval.  This can be used  e.g.  to  decrypt  password
475              files  on the fly or to query key rings, and thus to avoid stor‐
476              ing cleartext passwords.
477              Note that the eval command must not  mess  with  standard  input
478              (stdin)  because  that is where msmtp reads the mail from. If in
479              doubt, append </dev/null to eval.
480
481       ntlmdomain [domain]
482              Set a domain for the ntlm authentication method. This  is  obso‐
483              lete.
484
485       tls [(on|off)]
486              Enable  or  disable  TLS (also known as SSL) for secured connec‐
487              tions.
488              Transport Layer Security (TLS) "... provides communications pri‐
489              vacy  over  the Internet.  The protocol allows client/server ap‐
490              plications to communicate in a way that is designed  to  prevent
491              eavesdropping,   tampering,  or  message  forgery"  (quote  from
492              RFC2246).
493              A server can use TLS in one of two modes: via a STARTTLS command
494              (the session starts with the normal protocol initialization, and
495              TLS is then started using the protocol's STARTTLS  command),  or
496              immediately  (TLS is initialized before the normal protocol ini‐
497              tialization; this requires a separate port). The first  mode  is
498              the  default, but you can switch to the second mode by disabling
499              tls_starttls.
500              When TLS is started, the server sends a certificate to  identify
501              itself.  To  verify the server identity, a client program is ex‐
502              pected to check that the certificate  is  formally  correct  and
503              that it was issued by a Certificate Authority (CA) that the user
504              trusts. (There can also be certificate chains with  intermediate
505              CAs.)
506              The  list  of  trusted CAs is specified using the tls_trust_file
507              command.  The default value ist "system" and chooses the system-
508              wide default, but you can also choose the trusted CAs yourself.
509              A  fundamental  problem with this is that you need to trust CAs.
510              Like any other organization, a CA can be incompetent, malicious,
511              subverted  by  bad  people,  or forced by government agencies to
512              compromise end users without telling them. All of  these  things
513              happened  and  continue  to  happen worldwide.  The idea to have
514              central organizations that have to be trusted for your  communi‐
515              cation to be secure is fundamentally broken.
516              Instead of putting trust in a CA, you can choose to trust only a
517              single certificate for the server you want to  connect  to.  For
518              that  purpose, specify the certificate fingerprint with tls_fin‐
519              gerprint. This makes sure that no man-in-the-middle can fake the
520              identity  of  the server by presenting you a fraudulent certifi‐
521              cate issued by some CA that happens to be in  your  trust  list.
522              However,  you have to update the fingerprint whenever the server
523              certificate changes, and you have to make sure that  the  change
524              is  legitimate each time, e.g. when the old certificate expired.
525              This is inconvenient, but it's the price to pay.
526              Information about a server  certificate  can  be  obtained  with
527              --serverinfo --tls --tls-certcheck=off. This includes the issuer
528              CA  of  the  certificate  (so  you  can  trust   that   CA   via
529              tls_trust_file),  and the fingerprint of the certificate (so you
530              can trust that particular certificate via tls_fingerprint).
531              TLS also allows the server to verify the identity of the client.
532              For this purpose, the client has to present a certificate issued
533              by a CA that the server trusts. To present that certificate, the
534              client  also  needs  the matching key file. You can set the cer‐
535              tificate and key files  using  tls_cert_file  and  tls_key_file.
536              This  mechanism  can also be used to authenticate users, so that
537              traditional user / password authentication is not necessary any‐
538              more. See the external mechanism in auth.
539              You can also use client certificates stored on some external au‐
540              thentication  device  by  specifying  GnuTLS  device   URIs   in
541              tls_cert_file  and  tls_key_file.  You can find the correct URIs
542              using p11tool --list-privkeys --login (p11tool is  bundled  with
543              GnuTLS).  If  your device requires a PIN to access the data, you
544              can specify that using one  of  the  password  mechanisms  (e.g.
545              passwordeval, password).
546
547       tls_starttls [(on|off)]
548              Choose  the  TLS variant: start TLS from within the session (on,
549              default), or tunnel the session through TLS (off).
550
551       tls_trust_file file
552              Activate server certificate verification using a list of trusted
553              Certification  Authorities  (CAs).  The  default  is the special
554              value "system", which selects the system default. An empty argu‐
555              ment disables trust in CAs.  If you select a file, it must be in
556              PEM format, and you should also use tls_crl_file.
557
558       tls_crl_file [file]
559              Deprecated. This sets a certificate revocation list  (CRL)  file
560              for  TLS,  to check for revoked certificates (an empty argument,
561              which is the default, disables this).  Nowadays  automatic  OCSP
562              checks replace CRL file checks.
563
564       tls_fingerprint [fingerprint]
565              Set  the  fingerprint of a single certificate to accept for TLS.
566              This certificate will be  trusted  regardless  of  its  contents
567              (this  overrides  tls_trust_file).  The fingerprint should be of
568              type SHA256, but can for backwards compatibility also be of type
569              SHA1   or  MD5  (please  avoid  this).   The  format  should  be
570              01:23:45:67:....   Use  --serverinfo  --tls  --tls-certcheck=off
571              --tls-fingerprint= to get the server certificate fingerprint.
572
573       tls_key_file file
574              Send  a client certificate to the server (use this together with
575              tls_cert_file}).  The file must contain the  private  key  of  a
576              certificate  in PEM format. An empty argument disables this fea‐
577              ture.
578
579       tls_cert_file file
580              Send a client certificate to the server (use this together  with
581              tls_key_file).   The file must contain a certificate in PEM for‐
582              mat. An empty argument disables this feature.
583
584       tls_certcheck [(on|off)]
585              Enable or disable checks of the server certificate. They are en‐
586              abled  by  default.  Disabling them will override tls_trust_file
587              and tls_fingerprint.  WARNING: When the checks are disabled, TLS
588              sessions will not be secure!
589
590       tls_priorities [priorities]
591              Set priorities for TLS session parameters. The default is set by
592              the TLS library and can be selected by using an  empty  argument
593              to this command. The interpretation of the priorities string de‐
594              pends on the TLS library. Use --version to find  out  which  TLS
595              library you use.
596              For GnuTLS, see the section on Priority Strings in the manual.
597              For  libtls,  the  priorites string is a space-separated list of
598              parameter strings prefixed with either PROTOCOLS=, CIPHERS=,  or
599              ECDHECURVES=.  These  parameter  strings  will  be passed to the
600              functions  tls_config_parse_protocols,   tls_config_set_ciphers,
601              and tls_config_set_ecdhecurves. Unrecognized parts of the prior‐
602              ities string will be ignored.  Example:  "PROTOCOLS=TLSv1.3  CI‐
603              PHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384".
604
605       tls_host_override [host]
606              By  default,  TLS  host verification uses the host name given by
607              the host command.  This command allows one to  use  a  different
608              host  name  for  verification.  This  is  only useful in special
609              cases.
610
611       tls_min_dh_prime_bits [bits]
612              Deprecated, use tls_priorities instead.  Set or unset the  mini‐
613              mum  number  of  Diffie-Hellman (DH) prime bits accepted for TLS
614              sessions. The default is set by the TLS library and can  be  se‐
615              lected  by  using  an empty argument to this command. Only lower
616              the default (for example to 512 bits) if there is no  other  way
617              to make TLS work with the remote server.
618
619       from envelope_from
620              Set  the  envelope-from address. The following substitution pat‐
621              terns are supported:
622              %U will be replaced by $USER, or if that fails by  $LOGNAME,  or
623              if that fails by the login name of the user running msmtp.
624              %H  will  be replaced by $HOSTNAME, or if that fails by the host
625              name of the system.
626              %C will be replaced by the canonical name of %H.
627              %M will be replaced by the  contents  of  /etc/mailname  (poten‐
628              tially a different directory is used depending on the build con‐
629              figuration; see the output of msmtp --version and look  for  the
630              location of the system configuration file).
631              Note that the obsolete auto_from command replaces this envelope-
632              from address.
633
634       dsn_notify (off|condition)
635              This command sets the condition(s) under which the  mail  system
636              should send DSN (Delivery Status Notification) messages. The ar‐
637              gument off disables explicit DSN requests, which means the  mail
638              system  decides  when to send DSN messages. This is the default.
639              The condition must be never, to never request notification, or a
640              comma  separated list (no spaces!) of one or more of the follow‐
641              ing: failure, to request notification on  transmission  failure,
642              delay, to be notified of message delays, success, to be notified
643              of successful transmission. The SMTP server must support the DSN
644              extension.
645
646       dsn_return (off|amount)
647              This  command  controls how much of a mail should be returned in
648              DSN (Delivery Status Notification) messages.  The  argument  off
649              disables  explicit DSN requests, which means the mail system de‐
650              cides how much of a mail it returns in DSN messages. This is the
651              default.  The amount must be headers, to just return the message
652              headers, or full, to return the full mail.  The SMTP server must
653              support the DSN extension.
654
655       set_from_header [(auto|on|off)]
656              When  to  set a From header: auto adds a From header if the mail
657              does not have one (this is the default), on always sets  a  From
658              header and overrides any existing one, and off never sets a From
659              header.
660              If the mail server rejects the mail because its From header does
661              not  match  the  envelope  from address (a common anti-spam mea‐
662              sure), then you might want to set this option to on.
663              For compatibility with older  versions,  add_missing_from_header
664              [(on|off)]  is  still  supported and corresponds to the auto and
665              off settings.
666
667       set_date_header [(on|off)]
668              When to set a Date header: auto adds a Date header if  the  mail
669              does  not  have  one (this is the default), and off never sets a
670              Date header.
671              For compatibility with older  versions,  add_missing_date_header
672              [(on|off)]  is  still  supported and corresponds to the auto and
673              off settings.
674
675       remove_bcc_headers [(on|off)]
676              This command controls whether to remove Bcc headers. The default
677              is to remove them.
678
679       undisclosed_recipients [(on|off)]
680              When  set,  the original To, Cc, and Bcc headers of the mail are
681              removed and a single new header  line  "To:  undisclosed-recipi‐
682              ents:;" is added. The default setting is off.
683
684       logfile [file]
685              An empty argument disables logging (this is the default).
686              When  logging  is enabled by choosing a log file, msmtp will ap‐
687              pend one line to the log file for each mail it tries to send via
688              the account that this log file was chosen for.
689              The  line  will include the following information: date and time
690              in the format specified by logfile_time_format, host name of the
691              SMTP  server,  whether  TLS was used, whether authentication was
692              used, authentication user name (only if authentication is used),
693              envelope-from  address, recipient addresses, size of the mail as
694              transferred to the server (only if the delivery succeeded), SMTP
695              status  code and SMTP error message (only in case of failure and
696              only if available), error message (only in case of  failure  and
697              only  if available), exit code (from sysexits.h; EX_OK indicates
698              success).
699              If the filename is a dash (-), msmtp prints the log line to  the
700              standard output.
701
702       logfile_time_format [fmt]
703              Set  or unset the log file time format. This will be used as the
704              format string for the strftime()  function.  An  empty  argument
705              chooses the default ("%b %d %H:%M:%S").
706
707       syslog [(on|off|facility)]
708              Enable  or  disable  syslog  logging. The facility can be one of
709              LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default  is
710              LOG_USER.
711              Each  time  msmtp tries to send a mail via the account that con‐
712              tains this syslog command, it will log one entry to  the  syslog
713              service with the chosen facility.
714              The  line  will  include the following information: host name of
715              the SMTP server, whether TLS was  used,  whether  authentication
716              was  used,  envelope-from  address, recipient addresses, size of
717              the mail as transferred to the server (only if the delivery suc‐
718              ceeded),  SMTP  status code and SMTP error message (only in case
719              of failure and only if available), error message (only  in  case
720              of  failure  and only if available), exit code (from sysexits.h;
721              EX_OK indicates success).
722
723       aliases [file]
724              Replace local recipients with addresses  in  the  aliases  file.
725              The aliases file is a cleartext file containing mappings between
726              a local address and a list of replacement  addresses.  The  map‐
727              pings are of the form:
728                  local: someone@example.com, person@domain.example
729              Multiple  replacement addresses are separated with commas.  Com‐
730              ments start with `#' and continue to the end of the line.
731              The local  address  default  has  special  significance  and  is
732              matched  if  the local address is not found in the aliases file.
733              If no default alias is found, then the local address is left  as
734              is.
735              An  empty  argument to the aliases command disables the replace‐
736              ment of local addresses.  This is the default.
737
738       auto_from [(on|off)]
739              Obsolete; you can achieve the same and more using the  substitu‐
740              tion patterns of the from command.
741              Enable or disable automatic envelope-from addresses. The default
742              is off.  When enabled, an  envelope-from  address  of  the  form
743              user@domain  will  be  generated.  The local part will be set to
744              USER or, if that fails, to LOGNAME or, if that fails, to the lo‐
745              gin  name  of the current user.  The domain part can be set with
746              the maildomain command.  If the maildomain is empty,  the  enve‐
747              lope-from  address  will  only  consist of the user name and not
748              have a domain part. When auto_from is  disabled,  the  envelope-
749              from address must be set explicitly.
750
751       maildomain [domain]
752              Obsolete;  you can achieve the same and more using the substitu‐
753              tion patterns of the from command.
754              Set a domain part for the generation  of  an  envelope-from  ad‐
755              dress. This is only used when auto_from is on. The domain may be
756              empty.
757

EXAMPLES

759       Configuration file
760
761       # Example for a user configuration file ~/.msmtprc
762       #
763       # This file focusses on TLS and authentication. Features not used  here
764       include
765       # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status No‐
766       tification
767       # (DSN) settings, and more.
768
769       # Set default values for all following accounts.
770       defaults
771
772       # Use the mail submission port 587 instead of the SMTP port 25.
773       port 587
774
775       # Always use TLS.
776       tls on
777
778       # Set a list of trusted CAs for TLS. The default is to use system  set‐
779       tings, but
780       # you can select your own file.
781       #tls_trust_file /etc/ssl/certs/ca-certificates.crt
782
783       # A freemail service
784       account freemail
785
786       # Host name of the SMTP server
787       host smtp.freemail.example
788
789       # As an alternative to tls_trust_file, you can use tls_fingerprint
790       #  to pin a single certificate. You have to update the fingerprint when
791       the
792       # server certificate changes, but an attacker cannot trick you into ac‐
793       cepting
794       # a fraudulent certificate. Get the fingerprint with
795       #      $      msmtp      --serverinfo     --tls     --tls-certcheck=off
796       --host=smtp.freemail.example
797       #tls_fingerprint  00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
798       :22:33
799
800       # Envelope-from address
801       from joe_smith@freemail.example
802
803       #  Authentication. The password is given using one of five methods, see
804       below.
805       auth on
806       user joe.smith
807
808       # Password method 1: Add the password to the system  keyring,  and  let
809       msmtp get
810       #  it  automatically.  To set the keyring password using Gnome's libse‐
811       cret:
812       # $ secret-tool store --label=msmtp \
813       #   host smtp.freemail.example \
814       #   service smtp \
815       #   user joe.smith
816
817       # Password method 2: Store the password in an encrypted file, and  tell
818       msmtp
819       #  which command to use to decrypt it. This is usually used with GnuPG,
820       as in
821       # this example. Usually gpg-agent will  ask  once  for  the  decryption
822       password.
823       passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
824
825       #  Password method 3: Store the password directly in this file. Usually
826       it is not
827       # a good idea to store passwords in cleartext files. If you do it  any‐
828       way, at
829       # least make sure that this file can only be read by yourself.
830       #password secret123
831
832       #  Password  method  4:  Store the password in ~/.netrc. This method is
833       probably not
834       # relevant anymore.
835
836       # Password method 5: Do not specify a password. Msmtp will then  prompt
837       you for
838       # it. This means you need to be able to type into a terminal when msmtp
839       runs.
840
841       # A second mail address at the same freemail service
842       account freemail2 : freemail
843       from joey@freemail.example
844
845       # The SMTP server of your ISP
846       account isp
847       host mail.isp.example
848       from smithjoe@isp.example
849       auth on
850       user 12345
851
852       # Set a default account
853       account default : freemail
854
855
856       Using msmtp with Mutt
857
858       Create a configuration file for msmtp and add the  following  lines  to
859       your Mutt configuration file:
860       set sendmail="/path/to/msmtp"
861       set use_from=yes
862       set realname="Your Name"
863       set from=you@example.com
864       set envelope_from=yes
865       The  envelope_from=yes  option  lets  Mutt  use the -f option of msmtp.
866       Therefore msmtp chooses the first account that matches the from address
867       you@example.com.
868       Alternatively, you can use the -a option:
869       set sendmail="/path/to/msmtp -a my-account"
870       Or set everything from the command line (but note that you cannot set a
871       password this way):
872       set sendmail="/path/to/msmtp  --host=mailhub  -f  me@example.com  --tls
873       --tls-trust-file=trust.crt"
874
875       If you have multiple mail accounts in your msmtp configuration file and
876       let Mutt use the -f option to choose the  right  one,  you  can  easily
877       switch accounts in Mutt with the following Mutt configuration lines:
878       macro generic "<esc>1" ":set from=you@example.com"
879       macro generic "<esc>2" ":set from=you@your-employer.example"
880       macro generic "<esc>3" ":set from=you@some-other-provider.example"
881
882
883       Using msmtp with mail
884
885       Define a default account, and put the following in your ~/.mailrc:
886       set sendmail="/path/to/msmtp"
887
888
889       Using msmtp with Tor
890
891       Use the following settings:
892       proxy_host 127.0.0.1
893       proxy_port 9050
894       tls on
895       Use an IP address as proxy host name, so that msmtp does not leak a DNS
896       query when resolving it.
897       TLS is required to prevent exit hosts from reading your SMTP session.
898       Do not set domain to something that you do not want to reveal  (do  not
899       set it at all if possible).
900
901
902       Aliases file
903
904       # Example aliases file
905
906       # Send root to Joe and Jane
907       root: joe_smith@example.com, jane_chang@example.com
908
909       # Send cron to Mark
910       cron: mark_jones@example.com
911
912       # Send everything else to admin
913       default: admin@domain.example
914
915

FILES

917       SYSCONFDIR/msmtprc
918              System  configuration  file.  Use  --version  to  find  out what
919              SYSCONFDIR is on your platform.
920
921       ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
922              User configuration file.
923
924       ~/.netrc and SYSCONFDIR/netrc
925              The netrc file contains login information. Before prompting  for
926              a   password,   msmtp   will   search   it   in   ~/.netrc   and
927              SYSCONFDIR/netrc.
928

ENVIRONMENT

930       USER, LOGNAME
931              These variables override the user's login name when constructing
932              an envelope-from address. LOGNAME is only used if USER is unset.
933
934       TMPDIR Directory to create temporary files in. If this is unset, a sys‐
935              tem specific default directory is used.
936              A temporary file is only created when  the  -t/--read-recipients
937              or --read-envelope-from option is used. The file is then used to
938              buffer the headers of the mail (but not the body,  so  the  file
939              won't get very large).
940
941       EMAIL, SMTPSERVER
942              These  environment variables are used only if neither --host nor
943              --account is used and there is no default account defined in the
944              configuration  files.  In this case, the host name is taken from
945              SMTPSERVER, and the envelope from address is taken  from  EMAIL,
946              unless  overridden  by --from or --read-envelope-from. Currently
947              SMTPSERVER must contain a plain host name (no  URL),  and  EMAIL
948              must  contain  a  plain address (no names or additional informa‐
949              tion).
950

AUTHORS

952       msmtp was written by Martin Lambers <marlam@marlam.de>.
953       Other authors are listed in the AUTHORS file in  the  source  distribu‐
954       tion.
955

SEE ALSO

957       sendmail(8), netrc(5) or ftp(1)
958
959
960
961                                    2021-03                           MSMTP(1)
Impressum