1MSMTP(1) General Commands Manual MSMTP(1)
2
6 msmtp - An SMTP client
7
9 Sendmail mode (default):
10 msmtp [option...] [--] recipient...
11 msmtp [option...] -t [--] [recipient...]
12 Configuration mode:
14 msmtp --configure <mailaddress>
15 Server information mode:
17 msmtp [option...] --serverinfo
18 Remote Message Queue Starting mode:
20 msmtp [option...] --rmqs=host|@domain|#queue
21
23 In the default sendmail mode, msmtp reads a mail from standard input
24 and sends it to an SMTP server for delivery.
25 In server information mode, msmtp prints information about an SMTP
26 server.
27 In Remote Message Queue Starting mode, msmtp sends a Remote Message
28 Queue Starting request for a host, domain, or queue to an SMTP server.
29
31 The standard sendmail exit status codes are used, as defined in sysex‐
32 its.h.
33
35 Options override configuration file settings.
36 They are compatible with sendmail where appropriate.
37 General options
39 --version
41 Print version information, including information about
42 the libraries used.
43 --help Print help.
45 -P, --pretend
47 Print the configuration settings that would be used, but
48 do not take further action. An asterisk (`*') will be
49 printed instead of your password.
50 -v, -d, --debug
52 Print lots of debugging information, including the whole
53 conversation with the SMTP server. Be careful with this
54 option: the (potentially dangerous) output will not be
55 sanitized, and your password may get printed in an easily
56 decodable format!
57 Changing the mode of operation
59 --configure=mailaddress
61 Generate a configuration for the given mail address and
62 print it. This can be modified or copied unchanged to the
63 configuration file. Note that this only works for mail
64 domains that publish appropriate SRV records; see RFC
65 8314.
66 -S, --serverinfo
68 Print information about the SMTP server and exit. This
69 includes information about supported features (mail size
70 limit, authentication, TLS, DSN, ...) and about the TLS
71 certificate (if TLS is active).
72 --rmqs=(host|@domain|#queue)
74 Send a Remote Message Queue Starting request for the
75 given host, domain, or queue to the SMTP server and exit.
76 Configuration options
78 -C, --file=filename
80 Use the given file instead of ~/.msmtprc or $XDG_CON‐
81 FIG_HOME/msmtp/config as the user configuration file.
82 -a, --account=account_name
84 Use the given account instead of the account named "de‐
85 fault". The settings of this account may be changed with
86 command line options. This option cannot be used together
87 with the --host option.
88 --host=hostname
90 Use this SMTP server with settings from the command line;
91 do not use any configuration file data. This option can‐
92 not be used together with the --account option.
93 --port=number
95 Set the port number to connect to. See the port command.
96 --source-ip=[IP]
98 Set or unset an IP address to bind the socket to. See the
99 source_ip command.
100 --proxy-host=[IP|hostname]
102 Set or unset a SOCKS proxy to use. See the proxy_host
103 command.
104 --proxy-port=[number]
106 Set or unset a port number for the proxy host. See the
107 proxy_port command.
108 --socket=[socketname]
110 Set or unset a local unix domain socket name to connect
111 to. See the socket command.
112 --timeout=(off|seconds)
114 Set or unset a network timeout, in seconds. See the time‐
115 out command.
116 --protocol=(smtp|lmtp)
118 Set the protocol. See the protocol command.
119 --domain=[string]
121 Set the argument of the SMTP EHLO (or LMTP LHLO) command.
122 See the domain command.
123 --auth[=(on|off|method)]
125 Enable or disable authentication and optionally choose
126 the method. See the auth command.
127 --user=[username]
129 Set or unset the user name for authentication. See the
130 user command.
131 --passwordeval=[eval]
133 Evaluate password for authentication. See the passworde‐
134 val command.
135 --tls[=(on|off)]
137 Enable or disable TLS/SSL. See the tls command.
138 --tls-starttls[=(on|off)]
140 Enable or disable STARTTLS for TLS. See the tls_starttls
141 command.
142 --tls-trust-file=[file]
144 Set or unset a trust file for TLS. See the tls_trust_file
145 command.
146 --tls-crl-file=[file]
148 Deprecated. Set or unset a certificate revocation list
149 (CRL) file for TLS. See the tls_crl_file command.
150 --tls-fingerprint=[fingerprint]
152 Set or unset the fingerprint of a trusted TLS certifi‐
153 cate. See the tls_fingerprint command.
154 --tls-key-file=[file]
156 Set or unset a key file for TLS. See the tls_key_file
157 command.
158 --tls-cert-file=[file]
160 Set or unset a cert file for TLS. See the tls_cert_file
161 command.
162 --tls-certcheck[=(on|off)]
164 Enable or disable server certificate checks for TLS. See
165 the tls_certcheck command.
166 --tls-priorities=[priorities]
168 Set or unset TLS priorities. See the tls_priorities com‐
169 mand.
170 --tls-host-override=[host]
172 Set or unset override for TLS host verification. See the
173 tls_host_override command.
174 --tls-min-dh-prime-bits=[bits]
176 Deprecated, use --tls-priorities instead. Set or unset
177 minimum bit size of the Diffie-Hellman (DH) prime. See
178 the tls_min_dh_prime_bits command.
179 Options specific to sendmail mode
181 -f, --from=address
183 Set the envelope-from address.
184 If no account was chosen yet (with --account or --host),
185 this option will choose the first account that has the
186 given envelope-from address (set with the from command).
187 If no such account is found, "default" is used.
188 See the from command for substitution patterns supported
189 in address.
190 -N, --dsn-notify=(off|cond)
192 Set or unset DSN notification conditions. See the dsn_no‐
193 tify command.
194 -R, --dsn-return=(off|ret)
196 Set or unset the DSN notification amount. See the dsn_re‐
197 turn command. Note that hdrs is accepted as an alias for
198 headers to be compatible with sendmail.
199 --set-from-header[=(auto|on|off)]
201 Set From header handling. See the set_from_header com‐
202 mand.
203 --set-date-header[=(auto|off)]
205 Set Date header handling. See the set_date_header com‐
206 mand.
207 --remove-bcc-headers[=(on|off)]
209 Enable or disable the removal of Bcc headers. See the re‐
210 move_bcc_headers command.
211 --undisclosed-recipients[=(on|off)]
213 Enable or disable the replacement of To/Cc/Bcc with "To:
214 undisclosed-recipients:;". See the undisclosed_recipi‐
215 ents command.
216 -X, --logfile=[file]
218 Set or unset the log file. See the logfile command.
219 --logfile-time-format=[fmt]
221 Set or unset the log file time format. See the log‐
222 file_time_format command.
223 --syslog[=(on|off|facility)]
225 Enable or disable syslog logging. See the syslog command.
226 -t, --read-recipients
228 Read recipient addresses from the To, Cc, and Bcc headers
229 of the mail in addition to the recipients given on the
230 command line. If any Resent- headers are present, then
231 the addresses from any Resent-To, Resent-Cc, and Resent-
232 Bcc headers in the first block of Resent- headers are
233 used instead.
234 --read-envelope-from
236 Read the envelope from address from the From header of
237 the mail.
238 --aliases=[file]
240 Set or unset an aliases file. See the aliases command.
241 -Fname Msmtp adds a From header to mails that lack it, using the
243 envelope from address. This option allows one to set a
244 full name to be used in that header.
245 --auto-from[=(on|off)]
247 Obsolete. See the auto_from command.
248 --maildomain=[domain]
250 Obsolete. See the maildomain command.
251 -- This marks the end of options. All following arguments
253 will be treated as recipient addresses, even if they
254 start with a `-'.
255 The following options are accepted but ignored for sendmail compatibil‐
257 ity:
258 -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value
259
261 A suggestion for a suitable configuration file can be generated using
262 the --configure option. Normally, a system wide configuration file
263 and/or a user configuration file contain information about which SMTP
264 server to use and how to use it, but all settings can also be config‐
265 ured on the command line.
266 The information about SMTP servers is organized in accounts. Each ac‐
267 count describes one SMTP server: host name, authentication settings,
268 TLS settings, and so on. Each configuration file can define multiple
269 accounts.
270 The user can choose which account to use in one of three ways:
272 --account=id
274 Use the given account. Command line settings override configura‐
275 tion file settings.
276 --host=hostname
278 Use only the settings from the command line; do not use any con‐
279 figuration file data.
280 --from=address or --read-envelope-from
282 Choose the first account from the system or user configuration
283 file that has a matching envelope-from address as specified by a
284 from command. This works only when neither --account nor --host
285 is used.
286 Subadresses are supported. For example, the envelope from ad‐
287 dress user+detail@example.com will match the account for
288 user@example.com.
289 If none of the above options is used (or if no account has a matching
291 from command), then the account "default" is used.
292 Msmtp transmits mails unaltered to the SMTP server, with the following
294 exceptions:
295 - The Bcc header(s) will be removed. This behavior can be changed with
296 the remove_bcc_headers command and --remove-bcc-headers option.
297 - A From header will be added if the mail does not have one. This can
298 be changed with the set_from_header command and --set-from-header op‐
299 tion. The header will use the envelope from address and optionally a
300 full name set with the -F option.
301 - A Date header will be added if the mail does not have one. This can
302 be changed with the set_date_header command and --set-date-header op‐
303 tion.
304 - When undisclosed_recipients is set, the original To, Cc, and Bcc
305 headers are removed and replaced with "To: undisclosed-recipients:;".
306 Skip to the EXAMPLES section for a quick start.
308
310 If it exists and is readable, a system wide configuration file
311 SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your
312 platform. Use --version to find out which directory is used.
313 If it exists and is readable, a user configuration file will be loaded
314 (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
315 fig by default, but see --version). Accounts defined in the user con‐
316 figuration file override accounts from the system configuration file.
317 Configuration data from either file can be changed by command line op‐
318 tions.
319 A configuration file is a simple text file. Empty lines and comment
321 lines (whose first non-blank character is `#') are ignored.
322 Every other line must contain a command and may contain an argument to
323 that command.
324 The argument may be enclosed in double quotes ("), for example if its
325 first or last character is a blank.
326 If a file name starts with the tilde (~), this tilde will be replaced
327 by $HOME. If a command accepts the argument on, it also accepts an
328 empty argument and treats that as if it was on.
329 Commands are organized in accounts. Each account starts with the ac‐
330 count command and defines the settings for one SMTP account.
331 Skip to the EXAMPLES section for a quick start.
333 Commands are as follows:
335 defaults
337 Set defaults. The following configuration commands will set de‐
338 fault values for all following account definitions in the cur‐
339 rent configuration file.
340 account name [:account[,...]]
342 Start a new account definition with the given name. The current
343 default values are filled in.
344 If a colon and a list of previously defined accounts is given
345 after the account name, the new account, with the filled in de‐
346 fault values, will inherit all settings from the accounts in the
347 list.
348 host hostname
350 The SMTP server to send the mail to. The argument may be a host
351 name or a network address. Every account definition must con‐
352 tain this command.
353 port number
355 The port that the SMTP server listens on. The default is 25
356 ("smtp"), unless TLS without STARTTLS is used, in which case it
357 is 465 ("smtps").
358 source_ip [IP]
360 Set a source IP address to bind the outgoing connection to. Use‐
361 ful only in special cases on multi-home systems. An empty argu‐
362 ment disables this.
363 proxy_host [IP|hostname]
365 Use a SOCKS proxy. All network traffic will go through this
366 proxy host, including DNS queries, except for a DNS query that
367 might be necessary to resolve the proxy host name itself (this
368 can be avoided by using an IP address as proxy host name). An
369 empty hostname argument disables proxy usage. The supported
370 SOCKS protocol version is 5. If you want to use this with Tor,
371 see also "Using msmtp with Tor" below.
372 proxy_port [number]
374 Set the port number for the proxy host. An empty number argument
375 resets this to the default port.
376 socket socketname
378 Set the file name of a unix domain socket to connect to. This
379 overrides both host/port and proxy_host/proxy_port.
380 timeout (off|seconds)
382 Set or unset a network timeout, in seconds. The argument off
383 means that no timeout will be set, which means that the operat‐
384 ing system default will be used.
385 protocol (smtp|lmtp)
387 Set the protocol to use. Currently only SMTP and LMTP are sup‐
388 ported. SMTP is the default. See the port command above for de‐
389 fault ports.
390 domain argument
392 Use this command to set the argument of the SMTP EHLO (or LMTP
393 LHLO) command. The default is localhost, which is stupid but
394 usually works. Try to change the default if mails get rejected
395 due to anti-SPAM measures. Possible choices are the domain part
396 of your mail address (provider.example for joe@provider.example)
397 or the fully qualified domain name of your host (if available).
398 auth [(on|off|method)]
400 Enable or disable authentication and optionally choose a method
401 to use. The argument on chooses a method automatically.
402 Usually a user name and a password are used for authentication.
403 The user name is specified in the configuration file with the
404 user command. There are five different methods to specify the
405 password:
406 1. Add the password to the system key ring. Currently supported
407 key rings are the Gnome key ring and the Mac OS X Keychain. For
408 the Gnome key ring, use the command secret-tool (part of Gnome's
409 libsecret) to store passwords: secret-tool store --label=msmtp
410 host mail.freemail.example service smtp user joe.smith. On Mac
411 OS X, use the following command: security add-internet-password
412 -s mail.freemail.example -r smtp -a joe.smith -w. In both exam‐
413 ples, replace mail.freemail.example with the SMTP server name,
414 and joe.smith with your user name.
415 2. Store the password in an encrypted files, and use passworde‐
416 val to specify a command to decrypt that file, e.g. using GnuPG.
417 See EXAMPLES.
418 3. Store the password in the configuration file using the pass‐
419 word command. (Usually it is not considered a good idea to
420 store passwords in cleartext files. If you do it anyway, you
421 must make sure that the file can only be read by yourself.)
422 4. Store the password in ~/.netrc. This method is probably obso‐
423 lete.
424 5. Type the password into the terminal when it is required.
425 It is recommended to use method 1 or 2.
426 Multiple authentication methods exist. Most servers support only
427 some of them. Historically, sophisticated methods were devel‐
428 oped to protect passwords from being sent unencrypted to the
429 server, but nowadays everybody needs TLS anyway, so the simple
430 methods suffice since the whole session is protected. A suitable
431 authentication method is chosen automatically, and when TLS is
432 disabled for some reason, only methods that avoid sending clear‐
433 text passwords are considered.
434 The following user / password methods are supported: plain (a
435 simple cleartext method, with base64 encoding, supported by al‐
436 most all servers), scram-sha-1 (a method that avoids cleartext
437 passwords), scram-sha-256 (same but with stronger hash),
438 cram-md5 (an obsolete method that avoids cleartext passwords,
439 but is not considered secure anymore), digest-md5 (an overcom‐
440 plicated obsolete method that avoids cleartext passwords, but is
441 not considered secure anymore), login (a non-standard cleartext
442 method similar to but worse than the plain method), ntlm (an ob‐
443 scure non-standard method that is now considered broken; it
444 sometimes requires a special domain parameter passed via ntlmdo‐
445 main).
446 There are currently three authentication methods that are not
447 based on user / password information and have to be chosen manu‐
448 ally: oauthbearer or its predecessor xoauth2 (an OAuth2 token
449 from the mail provider is used as the password. See the docu‐
450 mentation of your mail provider for details on how to get this
451 token. The passwordeval command can be used to pass the regu‐
452 larly changing tokens into msmtp from a script or an environment
453 variable), external (the authentication happens outside of the
454 protocol, typically by sending a TLS client certificate, and the
455 method merely confirms that this authentication succeeded), and
456 gssapi (the Kerberos framework takes care of secure authentica‐
457 tion, only a user name is required).
458 It depends on the underlying authentication library and its ver‐
459 sion whether a particular method is supported or not. Use --ver‐
460 sion to find out which methods are supported.
461 user login
463 Set the user name for authentication. An empty argument unsets
464 the user name.
465 password secret
467 Set the password for authentication. An empty argument unsets
468 the password. Consider using the passwordeval command or a key
469 ring instead of this command, to avoid storing cleartext pass‐
470 words in the configuration file.
471 passwordeval [eval]
473 Set the password for authentication to the output (stdout) of
474 the command eval. This can be used e.g. to decrypt password
475 files on the fly or to query key rings, and thus to avoid stor‐
476 ing cleartext passwords.
477 Note that the eval command must not mess with standard input
478 (stdin) because that is where msmtp reads the mail from. If in
479 doubt, append </dev/null to eval.
480 ntlmdomain [domain]
482 Set a domain for the ntlm authentication method. This is obso‐
483 lete.
484 tls [(on|off)]
486 Enable or disable TLS (also known as SSL) for secured connec‐
487 tions.
488 Transport Layer Security (TLS) "... provides communications pri‐
489 vacy over the Internet. The protocol allows client/server ap‐
490 plications to communicate in a way that is designed to prevent
491 eavesdropping, tampering, or message forgery" (quote from
492 RFC2246).
493 A server can use TLS in one of two modes: via a STARTTLS command
494 (the session starts with the normal protocol initialization, and
495 TLS is then started using the protocol's STARTTLS command), or
496 immediately (TLS is initialized before the normal protocol ini‐
497 tialization; this requires a separate port). The first mode is
498 the default, but you can switch to the second mode by disabling
499 tls_starttls.
500 When TLS is started, the server sends a certificate to identify
501 itself. To verify the server identity, a client program is ex‐
502 pected to check that the certificate is formally correct and
503 that it was issued by a Certificate Authority (CA) that the user
504 trusts. (There can also be certificate chains with intermediate
505 CAs.)
506 The list of trusted CAs is specified using the tls_trust_file
507 command. The default value ist "system" and chooses the system-
508 wide default, but you can also choose the trusted CAs yourself.
509 A fundamental problem with this is that you need to trust CAs.
510 Like any other organization, a CA can be incompetent, malicious,
511 subverted by bad people, or forced by government agencies to
512 compromise end users without telling them. All of these things
513 happened and continue to happen worldwide. The idea to have
514 central organizations that have to be trusted for your communi‐
515 cation to be secure is fundamentally broken.
516 Instead of putting trust in a CA, you can choose to trust only a
517 single certificate for the server you want to connect to. For
518 that purpose, specify the certificate fingerprint with tls_fin‐
519 gerprint. This makes sure that no man-in-the-middle can fake the
520 identity of the server by presenting you a fraudulent certifi‐
521 cate issued by some CA that happens to be in your trust list.
522 However, you have to update the fingerprint whenever the server
523 certificate changes, and you have to make sure that the change
524 is legitimate each time, e.g. when the old certificate expired.
525 This is inconvenient, but it's the price to pay.
526 Information about a server certificate can be obtained with
527 --serverinfo --tls --tls-certcheck=off. This includes the issuer
528 CA of the certificate (so you can trust that CA via
529 tls_trust_file), and the fingerprint of the certificate (so you
530 can trust that particular certificate via tls_fingerprint).
531 TLS also allows the server to verify the identity of the client.
532 For this purpose, the client has to present a certificate issued
533 by a CA that the server trusts. To present that certificate, the
534 client also needs the matching key file. You can set the cer‐
535 tificate and key files using tls_cert_file and tls_key_file.
536 This mechanism can also be used to authenticate users, so that
537 traditional user / password authentication is not necessary any‐
538 more. See the external mechanism in auth.
539 You can also use client certificates stored on some external au‐
540 thentication device by specifying GnuTLS device URIs in
541 tls_cert_file and tls_key_file. You can find the correct URIs
542 using p11tool --list-privkeys --login (p11tool is bundled with
543 GnuTLS). If your device requires a PIN to access the data, you
544 can specify that using one of the password mechanisms (e.g.
545 passwordeval, password).
546 tls_starttls [(on|off)]
548 Choose the TLS variant: start TLS from within the session (on,
549 default), or tunnel the session through TLS (off).
550 tls_trust_file file
552 Activate server certificate verification using a list of trusted
553 Certification Authorities (CAs). The default is the special
554 value "system", which selects the system default. An empty argu‐
555 ment disables trust in CAs. If you select a file, it must be in
556 PEM format, and you should also use tls_crl_file.
557 tls_crl_file [file]
559 Deprecated. This sets a certificate revocation list (CRL) file
560 for TLS, to check for revoked certificates (an empty argument,
561 which is the default, disables this). Nowadays automatic OCSP
562 checks replace CRL file checks.
563 tls_fingerprint [fingerprint]
565 Set the fingerprint of a single certificate to accept for TLS.
566 This certificate will be trusted regardless of its contents
567 (this overrides tls_trust_file). The fingerprint should be of
568 type SHA256, but can for backwards compatibility also be of type
569 SHA1 or MD5 (please avoid this). The format should be
570 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
571 --tls-fingerprint= to get the server certificate fingerprint.
572 tls_key_file file
574 Send a client certificate to the server (use this together with
575 tls_cert_file}). The file must contain the private key of a
576 certificate in PEM format. An empty argument disables this fea‐
577 ture.
578 tls_cert_file file
580 Send a client certificate to the server (use this together with
581 tls_key_file). The file must contain a certificate in PEM for‐
582 mat. An empty argument disables this feature.
583 tls_certcheck [(on|off)]
585 Enable or disable checks of the server certificate. They are en‐
586 abled by default. Disabling them will override tls_trust_file
587 and tls_fingerprint. WARNING: When the checks are disabled, TLS
588 sessions will not be secure!
589 tls_priorities [priorities]
591 Set priorities for TLS session parameters. The default is set by
592 the TLS library and can be selected by using an empty argument
593 to this command. The interpretation of the priorities string de‐
594 pends on the TLS library. Use --version to find out which TLS
595 library you use.
596 For GnuTLS, see the section on Priority Strings in the manual.
597 For libtls, the priorites string is a space-separated list of
598 parameter strings prefixed with either PROTOCOLS=, CIPHERS=, or
599 ECDHECURVES=. These parameter strings will be passed to the
600 functions tls_config_parse_protocols, tls_config_set_ciphers,
601 and tls_config_set_ecdhecurves. Unrecognized parts of the prior‐
602 ities string will be ignored. Example: "PROTOCOLS=TLSv1.3 CI‐
603 PHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384".
604 tls_host_override [host]
606 By default, TLS host verification uses the host name given by
607 the host command. This command allows one to use a different
608 host name for verification. This is only useful in special
609 cases.
610 tls_min_dh_prime_bits [bits]
612 Deprecated, use tls_priorities instead. Set or unset the mini‐
613 mum number of Diffie-Hellman (DH) prime bits accepted for TLS
614 sessions. The default is set by the TLS library and can be se‐
615 lected by using an empty argument to this command. Only lower
616 the default (for example to 512 bits) if there is no other way
617 to make TLS work with the remote server.
618 from envelope_from
620 Set the envelope-from address. The following substitution pat‐
621 terns are supported:
622 %U will be replaced by $USER, or if that fails by $LOGNAME, or
623 if that fails by the login name of the user running msmtp.
624 %H will be replaced by $HOSTNAME, or if that fails by the host
625 name of the system.
626 %C will be replaced by the canonical name of %H.
627 %M will be replaced by the contents of /etc/mailname (poten‐
628 tially a different directory is used depending on the build con‐
629 figuration; see the output of msmtp --version and look for the
630 location of the system configuration file).
631 Note that the obsolete auto_from command replaces this envelope-
632 from address.
633 dsn_notify (off|condition)
635 This command sets the condition(s) under which the mail system
636 should send DSN (Delivery Status Notification) messages. The ar‐
637 gument off disables explicit DSN requests, which means the mail
638 system decides when to send DSN messages. This is the default.
639 The condition must be never, to never request notification, or a
640 comma separated list (no spaces!) of one or more of the follow‐
641 ing: failure, to request notification on transmission failure,
642 delay, to be notified of message delays, success, to be notified
643 of successful transmission. The SMTP server must support the DSN
644 extension.
645 dsn_return (off|amount)
647 This command controls how much of a mail should be returned in
648 DSN (Delivery Status Notification) messages. The argument off
649 disables explicit DSN requests, which means the mail system de‐
650 cides how much of a mail it returns in DSN messages. This is the
651 default. The amount must be headers, to just return the message
652 headers, or full, to return the full mail. The SMTP server must
653 support the DSN extension.
654 set_from_header [(auto|on|off)]
656 When to set a From header: auto adds a From header if the mail
657 does not have one (this is the default), on always sets a From
658 header and overrides any existing one, and off never sets a From
659 header.
660 If the mail server rejects the mail because its From header does
661 not match the envelope from address (a common anti-spam mea‐
662 sure), then you might want to set this option to on.
663 For compatibility with older versions, add_missing_from_header
664 [(on|off)] is still supported and corresponds to the auto and
665 off settings.
666 set_date_header [(on|off)]
668 When to set a Date header: auto adds a Date header if the mail
669 does not have one (this is the default), and off never sets a
670 Date header.
671 For compatibility with older versions, add_missing_date_header
672 [(on|off)] is still supported and corresponds to the auto and
673 off settings.
674 remove_bcc_headers [(on|off)]
676 This command controls whether to remove Bcc headers. The default
677 is to remove them.
678 undisclosed_recipients [(on|off)]
680 When set, the original To, Cc, and Bcc headers of the mail are
681 removed and a single new header line "To: undisclosed-recipi‐
682 ents:;" is added. The default setting is off.
683 logfile [file]
685 An empty argument disables logging (this is the default).
686 When logging is enabled by choosing a log file, msmtp will ap‐
687 pend one line to the log file for each mail it tries to send via
688 the account that this log file was chosen for.
689 The line will include the following information: date and time
690 in the format specified by logfile_time_format, host name of the
691 SMTP server, whether TLS was used, whether authentication was
692 used, authentication user name (only if authentication is used),
693 envelope-from address, recipient addresses, size of the mail as
694 transferred to the server (only if the delivery succeeded), SMTP
695 status code and SMTP error message (only in case of failure and
696 only if available), error message (only in case of failure and
697 only if available), exit code (from sysexits.h; EX_OK indicates
698 success).
699 If the filename is a dash (-), msmtp prints the log line to the
700 standard output.
701 logfile_time_format [fmt]
703 Set or unset the log file time format. This will be used as the
704 format string for the strftime() function. An empty argument
705 chooses the default ("%b %d %H:%M:%S").
706 syslog [(on|off|facility)]
708 Enable or disable syslog logging. The facility can be one of
709 LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default is
710 LOG_USER.
711 Each time msmtp tries to send a mail via the account that con‐
712 tains this syslog command, it will log one entry to the syslog
713 service with the chosen facility.
714 The line will include the following information: host name of
715 the SMTP server, whether TLS was used, whether authentication
716 was used, envelope-from address, recipient addresses, size of
717 the mail as transferred to the server (only if the delivery suc‐
718 ceeded), SMTP status code and SMTP error message (only in case
719 of failure and only if available), error message (only in case
720 of failure and only if available), exit code (from sysexits.h;
721 EX_OK indicates success).
722 aliases [file]
724 Replace local recipients with addresses in the aliases file.
725 The aliases file is a cleartext file containing mappings between
726 a local address and a list of replacement addresses. The map‐
727 pings are of the form:
728 local: someone@example.com, person@domain.example
729 Multiple replacement addresses are separated with commas. Com‐
730 ments start with `#' and continue to the end of the line.
731 The local address default has special significance and is
732 matched if the local address is not found in the aliases file.
733 If no default alias is found, then the local address is left as
734 is.
735 An empty argument to the aliases command disables the replace‐
736 ment of local addresses. This is the default.
737 auto_from [(on|off)]
739 Obsolete; you can achieve the same and more using the substitu‐
740 tion patterns of the from command.
741 Enable or disable automatic envelope-from addresses. The default
742 is off. When enabled, an envelope-from address of the form
743 user@domain will be generated. The local part will be set to
744 USER or, if that fails, to LOGNAME or, if that fails, to the lo‐
745 gin name of the current user. The domain part can be set with
746 the maildomain command. If the maildomain is empty, the enve‐
747 lope-from address will only consist of the user name and not
748 have a domain part. When auto_from is disabled, the envelope-
749 from address must be set explicitly.
750 maildomain [domain]
752 Obsolete; you can achieve the same and more using the substitu‐
753 tion patterns of the from command.
754 Set a domain part for the generation of an envelope-from ad‐
755 dress. This is only used when auto_from is on. The domain may be
756 empty.
757
759 Configuration file
760 # Example for a user configuration file ~/.msmtprc
762 #
763 # This file focusses on TLS and authentication. Features not used here
764 include
765 # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status No‐
766 tification
767 # (DSN) settings, and more.
768 # Set default values for all following accounts.
770 defaults
771 # Use the mail submission port 587 instead of the SMTP port 25.
773 port 587
774 # Always use TLS.
776 tls on
777 # Set a list of trusted CAs for TLS. The default is to use system set‐
779 tings, but
780 # you can select your own file.
781 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
782 # A freemail service
784 account freemail
785 # Host name of the SMTP server
787 host smtp.freemail.example
788 # As an alternative to tls_trust_file, you can use tls_fingerprint
790 # to pin a single certificate. You have to update the fingerprint when
791 the
792 # server certificate changes, but an attacker cannot trick you into ac‐
793 cepting
794 # a fraudulent certificate. Get the fingerprint with
795 # $ msmtp --serverinfo --tls --tls-certcheck=off
796 --host=smtp.freemail.example
797 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
798 :22:33
799 # Envelope-from address
801 from joe_smith@freemail.example
802 # Authentication. The password is given using one of five methods, see
804 below.
805 auth on
806 user joe.smith
807 # Password method 1: Add the password to the system keyring, and let
809 msmtp get
810 # it automatically. To set the keyring password using Gnome's libse‐
811 cret:
812 # $ secret-tool store --label=msmtp \
813 # host smtp.freemail.example \
814 # service smtp \
815 # user joe.smith
816 # Password method 2: Store the password in an encrypted file, and tell
818 msmtp
819 # which command to use to decrypt it. This is usually used with GnuPG,
820 as in
821 # this example. Usually gpg-agent will ask once for the decryption
822 password.
823 passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
824 # Password method 3: Store the password directly in this file. Usually
826 it is not
827 # a good idea to store passwords in cleartext files. If you do it any‐
828 way, at
829 # least make sure that this file can only be read by yourself.
830 #password secret123
831 # Password method 4: Store the password in ~/.netrc. This method is
833 probably not
834 # relevant anymore.
835 # Password method 5: Do not specify a password. Msmtp will then prompt
837 you for
838 # it. This means you need to be able to type into a terminal when msmtp
839 runs.
840 # A second mail address at the same freemail service
842 account freemail2 : freemail
843 from joey@freemail.example
844 # The SMTP server of your ISP
846 account isp
847 host mail.isp.example
848 from smithjoe@isp.example
849 auth on
850 user 12345
851 # Set a default account
853 account default : freemail
854 Using msmtp with Mutt
857 Create a configuration file for msmtp and add the following lines to
859 your Mutt configuration file:
860 set sendmail="/path/to/msmtp"
861 set use_from=yes
862 set realname="Your Name"
863 set from=you@example.com
864 set envelope_from=yes
865 The envelope_from=yes option lets Mutt use the -f option of msmtp.
866 Therefore msmtp chooses the first account that matches the from address
867 you@example.com.
868 Alternatively, you can use the -a option:
869 set sendmail="/path/to/msmtp -a my-account"
870 Or set everything from the command line (but note that you cannot set a
871 password this way):
872 set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls
873 --tls-trust-file=trust.crt"
874 If you have multiple mail accounts in your msmtp configuration file and
876 let Mutt use the -f option to choose the right one, you can easily
877 switch accounts in Mutt with the following Mutt configuration lines:
878 macro generic "<esc>1" ":set from=you@example.com"
879 macro generic "<esc>2" ":set from=you@your-employer.example"
880 macro generic "<esc>3" ":set from=you@some-other-provider.example"
881 Using msmtp with mail
884 Define a default account, and put the following in your ~/.mailrc:
886 set sendmail="/path/to/msmtp"
887 Using msmtp with Tor
890 Use the following settings:
892 proxy_host 127.0.0.1
893 proxy_port 9050
894 tls on
895 Use an IP address as proxy host name, so that msmtp does not leak a DNS
896 query when resolving it.
897 TLS is required to prevent exit hosts from reading your SMTP session.
898 Do not set domain to something that you do not want to reveal (do not
899 set it at all if possible).
900 Aliases file
903 # Example aliases file
905 # Send root to Joe and Jane
907 root: joe_smith@example.com, jane_chang@example.com
908 # Send cron to Mark
910 cron: mark_jones@example.com
911 # Send everything else to admin
913 default: admin@domain.example
914
917 SYSCONFDIR/msmtprc
918 System configuration file. Use --version to find out what
919 SYSCONFDIR is on your platform.
920 ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
922 User configuration file.
923 ~/.netrc and SYSCONFDIR/netrc
925 The netrc file contains login information. Before prompting for
926 a password, msmtp will search it in ~/.netrc and
927 SYSCONFDIR/netrc.
928
930 USER, LOGNAME
931 These variables override the user's login name when constructing
932 an envelope-from address. LOGNAME is only used if USER is unset.
933 TMPDIR Directory to create temporary files in. If this is unset, a sys‐
935 tem specific default directory is used.
936 A temporary file is only created when the -t/--read-recipients
937 or --read-envelope-from option is used. The file is then used to
938 buffer the headers of the mail (but not the body, so the file
939 won't get very large).
940 EMAIL, SMTPSERVER
942 These environment variables are used only if neither --host nor
943 --account is used and there is no default account defined in the
944 configuration files. In this case, the host name is taken from
945 SMTPSERVER, and the envelope from address is taken from EMAIL,
946 unless overridden by --from or --read-envelope-from. Currently
947 SMTPSERVER must contain a plain host name (no URL), and EMAIL
948 must contain a plain address (no names or additional informa‐
949 tion).
950
952 msmtp was written by Martin Lambers <marlam@marlam.de>.
953 Other authors are listed in the AUTHORS file in the source distribu‐
954 tion.
955
957 sendmail(8), netrc(5) or ftp(1)
958 2021-03 MSMTP(1)