1MPOP(1)                     General Commands Manual                    MPOP(1)
2
3
4

NAME

6       mpop - A POP3 client
7

SYNOPSIS

9       Mail retrieval mode (default):
10              mpop [option...] [--] [account...]
11              mpop --host=host [option...]
12
13       Configuration mode:
14              mpop --configure <mailaddress>
15
16       Server information mode:
17              mpop [option...] --serverinfo [account...]
18              mpop --host=host [option...] --serverinfo
19

DESCRIPTION

21       In  mail  retrieval mode of operation, mpop retrieves mails from one or
22       more POP3 mailboxes, optionally does some filtering, and delivers  them
23       through a mail delivery agent (MDA), to a maildir folder, or to an mbox
24       file.  Mails that were successfully delivered before will  not  be  re‐
25       trieved  a  second  time, even if errors occur or mpop is terminated in
26       the middle of a session.
27       In server information mode, mpop prints information about one  or  more
28       POP3 servers.
29       If  no  account  names are given on the command line, one named default
30       will be used.
31       The best way to start is probably to have a look at the  EXAMPLES  sec‐
32       tion.
33

EXIT STATUS

35       The standard sendmail exit codes are used, as defined in sysexits.h.
36

OPTIONS

38       Options override configuration file settings, for every used account.
39
40       General Options
41
42              --version
43                     Print  version  information,  including information about
44                     the libraries used.
45
46              --help Print help.
47
48              -P, --pretend
49                     Print the configuration settings that would be used,  but
50                     do  not  take  further action.  An asterisk (`*') will be
51                     printed instead of your password.
52
53              -d, --debug
54                     Print lots of debugging information, including the  whole
55                     conversation  with  the  server. Be careful with this op‐
56                     tion: the (potentially dangerous) output will not be san‐
57                     itized,  and  your  password may get printed in an easily
58                     decodable format!
59                     This option implies --half-quiet,  because  the  progress
60                     output would interfere with the debugging output.
61
62       Changing the mode of operation
63
64              --configure=mailaddress
65                     Generate  a  configuration for the given mail address and
66                     print it. This can be modified or copied unchanged to the
67                     configuration  file.   Note that this only works for mail
68                     domains that publish appropriate  SRV  records;  see  RFC
69                     8314.
70
71              -S, --serverinfo
72                     Print information about the POP3 server(s) and exit. This
73                     includes information about supported  features  (pipelin‐
74                     ing, authentication methods, TOP command, ...), about pa‐
75                     rameters (time for which mails will not be deleted, mini‐
76                     mum time between logins, ...), and about the TLS certifi‐
77                     cate (if TLS is active).
78
79       Configuration options
80
81              -C, --file=conffile
82                     Use the given file  instead  of  ~/.mpoprc  or  $XDG_CON‐
83                     FIG_HOME/mpop/config as the user configuration file.
84
85              --host=hostname
86                     Use  this  server with settings from the command line; do
87                     not use any configuration file data. This option disables
88                     loading  of  the  configuration file. You cannot use both
89                     this option and account names on the command line.
90
91              --port=number
92                     Set the port number to connect to. See the port command.
93
94              --source-ip=[IP]
95                     Set or unset an IP address to bind the socket to. See the
96                     source_ip command.
97
98              --proxy-host=[IP|hostname]
99                     Set  or  unset  a  SOCKS proxy to use. See the proxy_host
100                     command.
101
102              --proxy-port=[number]
103                     Set or unset a port number for the proxy  host.  See  the
104                     proxy_port command.
105
106              --socket=[socketname]
107                     Set  or  unset a local unix domain socket name to connect
108                     to. See the socket command.
109
110              --timeout=(off|seconds)
111                     Set a network timeout. See the timeout command.
112
113              --pipelining=(auto|on|off)
114                     Enable or disable POP3  pipelining.  See  the  pipelining
115                     command.
116
117              --received-header[=(on|off)]
118                     Enable  or  disable  the  Received  header.  See  the re‐
119                     ceived_header command.
120
121              --auth[=(on|method)]
122                     Set the authentication method to automatic (with "on") or
123                     manually  choose  an  authentication method. See the auth
124                     command.
125
126              --user=[username]
127                     Set or unset the user name for  authentication.  See  the
128                     user command.
129
130              --passwordeval=[eval]
131                     Evaluate  password for authentication. See the passworde‐
132                     val command.
133
134              --tls[=(on|off)]
135                     Enable or disable TLS/SSL. See the tls command.
136
137              --tls-starttls[=(on|off)]
138                     Enable or disable STARTTLS for TLS. See the  tls_starttls
139                     command.
140
141              --tls-trust-file=[file]
142                     Set or unset a trust file for TLS. See the tls_trust_file
143                     command.
144
145              --tls-crl-file=[file]
146                     Set or unset a certificate revocation list (CRL) file for
147                     TLS. See the tls_crl_file command.
148
149              --tls-fingerprint=[fingerprint]
150                     Set  or  unset  the fingerprint of a trusted TLS certifi‐
151                     cate. See the tls_fingerprint command.
152
153              --tls-key-file=[file]
154                     Set or unset a key file for  TLS.  See  the  tls_key_file
155                     command.
156
157              --tls-cert-file=[file]
158                     Set  or  unset a cert file for TLS. See the tls_cert_file
159                     command.
160
161              --tls-certcheck[=(on|off)]
162                     Enable or disable server certificate checks for TLS.  See
163                     the tls_certcheck command.
164
165              --tls-min-dh-prime-bits=[bits]
166                     Set or unset minimum bit size of the Diffie-Hellmann (DH)
167                     prime. See the tls_min_dh_prime_bits command.
168
169              --tls-priorities=[priorities]
170                     Set or unset TLS priorities. See the tls_priorities  com‐
171                     mand.
172
173              --tls-host-override=[host]
174                     Set  or unset override for TLS host verification. See the
175                     tls_host_override command.
176
177       Options specific to mail retrieval mode
178
179              -q, --quiet
180                     Do not print status or progress information.
181
182              -Q, --half-quiet
183                     Print status but not progress information.
184
185              -a, --all-accounts
186                     Query all accounts in the configuration file.
187
188              -A, --auth-only
189                     Authenticate only; do not retrieve mail. Useful for SMTP-
190                     after-POP.
191
192              -s, --status-only
193                     Print  number  and size of mails in each account only; do
194                     not retrieve mail.
195
196              -n, --only-new[=(on|off)]
197                     Process only new messages. See the only_new command.
198
199              -k, --keep[=(on|off)]
200                     Do not delete mails  from  POP3  servers,  regardless  of
201                     other options or settings.  See the keep command.
202
203              --killsize=(off|size)
204                     Set or unset kill size. See the killsize command.
205
206              --skipsize=(off|size)
207                     Set or unset skip size. See the skipsize command.
208
209              --filter=[program]
210                     Set a filter which will decide whether to retrieve, skip,
211                     or delete each mail by investigating the mail's  headers.
212                     See the filter command.
213
214              --delivery=method,method_arguments...
215                     How  to  deliver messages received from this account. See
216                     the delivery command. Note that a comma is  used  instead
217                     of a blank to separate the method from its arguments.
218
219              --uidls-file=filename
220                     File to store UIDLs in. See the uidls_file command.
221

USAGE

223       A  suggestion  for a suitable configuration file can be generated using
224       the --configure option.  The default configuration file is ~/.mpoprc or
225       $XDG_CONFIG_HOME/mpop/config.   Settings in this file can be changed by
226       command line options.
227       A configuration file is a simple text file.  Empty  lines  and  comment
228       lines  (first non-blank character is '#') are ignored. Every other line
229       must contain a command and may contain an  argument  to  that  command.
230       The argument may be enclosed in double quotes (").
231       If  a  file name starts with the tilde (~), this tilde will be replaced
232       by $HOME.
233       If a command accepts the argument on, it also accepts an empty argument
234       and treats that as if it was on.
235       Commands  are  organized  in accounts. Each account starts with the ac‐
236       count command and defines the settings for one POP3 account.
237
238       Commands are as follows:
239
240       defaults
241              Set defaults. The following configuration commands will set  de‐
242              fault values for all following account definitions.
243
244       account name [:account[,...]]
245              Start  a new account definition with the given name. The current
246              default values are filled in.
247              If a colon and a list of previously defined  accounts  is  given
248              after  the account name, the new account, with the filled in de‐
249              fault values, will inherit all settings from the accounts in the
250              list.
251
252       host hostname
253              The  POP3  server to retrieve mails from.  The argument may be a
254              host name or a network address.  Every account  definition  must
255              contain this command.
256
257       port number
258              The  port  that  the  POP3 server listens on. The default is 110
259              ("pop3"), unless TLS without STARTTLS is used, in which case  it
260              is 995 ("pop3s").
261
262       source_ip [IP]
263              Set a source IP address to bind the outgoing connection to. Use‐
264              ful only in special cases on multi-home systems. An empty  argu‐
265              ment disables this.
266
267       proxy_host [IP|hostname]
268              Use  a  SOCKS  proxy.  All  network traffic will go through this
269              proxy host, including DNS queries, except for a DNS  query  that
270              might  be  necessary to resolve the proxy host name itself (this
271              can be avoided by using an IP address as proxy  host  name).  An
272              empty  hostname  argument  disables  proxy usage.  The supported
273              SOCKS protocol version is 5. If you want to use this  with  Tor,
274              see also "Using mpop with Tor" below.
275
276       proxy_port [number]
277              Set the port number for the proxy host. An empty number argument
278              resets this to the default port, which is 1080 ("socks").
279
280       socket socketname
281              Set the file name of a unix domain socket to  connect  to.  This
282              overrides both host/port and proxy_host/proxy_port.
283
284       timeout (off|seconds)
285              Set  or  unset a network timeout, in seconds. The default is 180
286              seconds. The argument off means that no  timeout  will  be  set,
287              which means that the operating system default will be used.
288
289       pipelining (auto|on|off)
290              Enable  or  disable  POP3  pipelining.  You should never need to
291              change the default setting, which is auto: mpop enables pipelin‐
292              ing  for  POP3  servers that advertise this capability, and dis‐
293              ables it for all other servers.  Pipelining can speed up a  POP3
294              session substantially.
295
296       auth [(on|method)]
297              Choose an authentication method. The default argument on chooses
298              a method automatically.
299              Usually a user name and a password are used for  authentication.
300              The  user  name  is specified in the configuration file with the
301              user command. There are five different methods  to  specify  the
302              password:
303              1. Add the password to the system key ring.  Currently supported
304              key rings are the Gnome key ring and the Mac OS X Keychain.  For
305              the Gnome key ring, use the command secret-tool (part of Gnome's
306              libsecret) to store passwords:  secret-tool  store  --label=mpop
307              host  pop.freemail.example  service pop3 user joe.smith.  On Mac
308              OS X, use the following command: security  add-internet-password
309              -s  pop.freemail.example -r pop3 -a joe.smith -w.  In both exam‐
310              ples, replace pop.freemail.example with the  POP3  server  name,
311              and joe.smith with your user name.
312              2.  Store the password in an encrypted files, and use passworde‐
313              val to specify a command to decrypt that file, e.g. using GnuPG.
314              See EXAMPLES.
315              3.  Store the password in the configuration file using the pass‐
316              word command.  (Usually it is not  considered  a  good  idea  to
317              store  passwords  in  cleartext files.  If you do it anyway, you
318              must make sure that the file can only be read by yourself.)
319              4. Store the password in ~/.netrc. This method is probably obso‐
320              lete.
321              5. Type the password into the terminal when it is required.
322              It is recommended to use method 1 or 2.
323              Multiple authentication methods exist. Most servers support only
324              some of them.  Historically, sophisticated methods  were  devel‐
325              oped  to  protect  passwords  from being sent unencrypted to the
326              server, but nowadays everybody needs TLS anyway, so  the  simple
327              methods suffice since the whole session is protected. A suitable
328              authentication method is chosen automatically, and when  TLS  is
329              disabled for some reason, only methods that avoid sending clear‐
330              text passwords are considered.
331              The following user / password methods  are  supported:  user  (a
332              simple  plain  text method supported by all servers), plain (an‐
333              other simple cleartext method, supported by almost all servers),
334              scram-sha-1 (a method that avoids cleartext passwords), apop (an
335              obsolete method that avoids cleartext passwords, but is not con‐
336              sidered  secure  anymore),  cram-md5  (an  obsolete  method that
337              avoids cleartext passwords, but is not  considered  secure  any‐
338              more),  digest-md5  (an  overcomplicated  obsolete  method  that
339              avoids cleartext passwords, but is not  considered  secure  any‐
340              more),  login  (a  non-standard  cleartext method similar to but
341              worse than the plain  method),  ntlm  (an  obscure  non-standard
342              method  that  is  now considered broken; it sometimes requires a
343              special domain parameter passed via ntlmdomain).
344              There are currently three authentication methods  that  are  not
345              based on user / password information and have to be chosen manu‐
346              ally: oauthbearer (an OAuth2 token from  the  mail  provider  is
347              used  as  the  password.   See  the  documentation  of your mail
348              provider for details on how to get this token. The  passwordeval
349              command  can  be used to pass the regularly changing tokens into
350              mpop from a script or an environment  variable),  external  (the
351              authentication  happens  outside  of  the protocol, typically by
352              sending a TLS client certificate, and the method merely confirms
353              that  this  authentication  succeeded), and gssapi (the Kerberos
354              framework takes care of secure authentication, only a user  name
355              is required).
356              It depends on the underlying authentication library and its ver‐
357              sion whether a particular method is supported or not. Use --ver‐
358              sion to find out which methods are supported.
359
360       user login
361              Set  the  user name for authentication. An empty argument unsets
362              the user name.
363
364       password secret
365              Set the password for authentication. An  empty  argument  unsets
366              the  password.  Consider using the passwordeval command or a key
367              ring instead of this command, to avoid storing  cleartext  pass‐
368              words in the configuration file.
369
370       passwordeval [eval]
371              Set  the  password  for authentication to the output (stdout) of
372              the command eval.  This can be used  e.g.  to  decrypt  password
373              files  on the fly or to query key rings, and thus to avoid stor‐
374              ing cleartext passwords.
375
376       ntlmdomain [domain]
377              Set a domain for the ntlm authentication method. This  is  obso‐
378              lete.
379
380       tls [(on|off)]
381              Enable  or  disable  TLS (also known as SSL) for secured connec‐
382              tions.
383              Transport Layer Security (TLS) "... provides communications pri‐
384              vacy  over  the Internet.  The protocol allows client/server ap‐
385              plications to communicate in a way that is designed  to  prevent
386              eavesdropping,   tampering,  or  message  forgery"  (quote  from
387              RFC2246).
388              A server can use TLS in one of two modes: via a STARTTLS command
389              (the session starts with the normal protocol initialization, and
390              TLS is then started using the protocol's STARTTLS  command),  or
391              immediately  (TLS is initialized before the normal protocol ini‐
392              tialization; this requires a separate port). The first  mode  is
393              the  default, but you can switch to the second mode by disabling
394              tls_starttls.
395              When TLS is started, the server sends a certificate to  identify
396              itself.  To  verify the server identity, a client program is ex‐
397              pected to check that the certificate  is  formally  correct  and
398              that it was issued by a Certificate Authority (CA) that the user
399              trusts. (There can also be certificate chains with  intermediate
400              CAs.)
401              The  list  of  trusted CAs is specified using the tls_trust_file
402              command.  The default value ist "system" and chooses the system-
403              wide default, but you can also choose the trusted CAs yourself.
404              One practical problem with this approach is that the client pro‐
405              gram should also check if the server certificate  has  been  re‐
406              voked  for  some  reason,  using  a  Certificate Revocation List
407              (CRL). A CRL file can be specified using the  tls_crl_file  com‐
408              mand,  but getting the relevant CRL files and keeping them up to
409              date is not straightforward. You are basically on your own.
410              A much more serious and fundamental problem is that you need  to
411              trust  CAs.   Like  any other organization, a CA can be incompe‐
412              tent, malicious, subverted by bad people, or forced  by  govern‐
413              ment  agencies to compromise end users without telling them. All
414              of these things happened and continue to happen worldwide.   The
415              idea  to  have central organizations that have to be trusted for
416              your communication to be secure is fundamentally broken.
417              Instead of putting trust in a CA, you can choose to trust only a
418              single  certificate  for  the server you want to connect to. For
419              that purpose, specify the certificate fingerprint with  tls_fin‐
420              gerprint. This makes sure that no man-in-the-middle can fake the
421              identity of the server by presenting you a  fraudulent  certifi‐
422              cate  issued  by  some CA that happens to be in your trust list.
423              However, you have to update the fingerprint whenever the  server
424              certificate  changes,  and you have to make sure that the change
425              is legitimate each time, e.g. when the old certificate  expired.
426              This is inconvenient, but it's the price to pay.
427              Information  about  a  server  certificate  can be obtained with
428              --serverinfo --tls --tls-certcheck=off. This includes the issuer
429              CA   of   the   certificate  (so  you  can  trust  that  CA  via
430              tls_trust_file), and the fingerprint of the certificate (so  you
431              can trust that particular certificate via tls_fingerprint).
432              TLS also allows the server to verify the identity of the client.
433              For this purpose, the client has to present a certificate issued
434              by a CA that the server trusts. To present that certificate, the
435              client also needs the matching key file. You can  set  the  cer‐
436              tificate  and  key  files  using tls_cert_file and tls_key_file.
437              This mechanism can also be used to authenticate users,  so  that
438              traditional user / password authentication is not necessary any‐
439              more. See the external mechanism in auth.
440              You can also use client certificates stored on some external au‐
441              thentication   device   by  specifying  GnuTLS  device  URIs  in
442              tls_cert_file and tls_key_file. You can find  the  correct  URIs
443              using  p11tool  --list-privkeys --login (p11tool is bundled with
444              GnuTLS). If your device requires a PIN to access the  data,  you
445              can  specify  that  using  one  of the password mechanisms (e.g.
446              passwordeval, password).
447
448       tls_starttls [(on|off)]
449              Choose the TLS variant: start TLS from within the  session  (on,
450              default), or tunnel the session through TLS (off).
451
452       tls_trust_file file
453              Activate server certificate verification using a list of trusted
454              Certification Authorities (CAs).  The  default  is  the  special
455              value "system", which selects the system default. An empty argu‐
456              ment disables trust in CAs.  If you select a file, it must be in
457              PEM format, and you should also use tls_crl_file.
458
459       tls_crl_file [file]
460              Set  a  certificate revocation list (CRL) file for TLS, to check
461              for revoked certificates. An empty argument disables this.
462
463       tls_fingerprint [fingerprint]
464              Set the fingerprint of a single certificate to accept  for  TLS.
465              This  certificate  will  be  trusted  regardless of its contents
466              (this overrides tls_trust_file).  The fingerprint should  be  of
467              type SHA256, but can for backwards compatibility also be of type
468              SHA1  or  MD5  (please  avoid  this).   The  format  should   be
469              01:23:45:67:....   Use  --serverinfo  --tls  --tls-certcheck=off
470              --tls-fingerprint= to get the server certificate fingerprint.
471
472       tls_key_file file
473              Send a client certificate to the server (use this together  with
474              tls_cert_file}).   The  file  must  contain the private key of a
475              certificate in PEM format. An empty argument disables this  fea‐
476              ture.
477
478       tls_cert_file file
479              Send  a client certificate to the server (use this together with
480              tls_key_file).  The file must contain a certificate in PEM  for‐
481              mat. An empty argument disables this feature.
482
483       tls_certcheck [(on|off)]
484              Enable or disable checks of the server certificate. They are en‐
485              abled by default.  Disabling them will  override  tls_trust_file
486              and tls_fingerprint.  WARNING: When the checks are disabled, TLS
487              sessions will not be secure!
488
489       tls_min_dh_prime_bits [bits]
490              Set or unset the minimum number  of  Diffie-Hellman  (DH)  prime
491              bits that mpop will accept for TLS sessions.  The default is set
492              by the TLS library and can be selected by using an  empty  argu‐
493              ment  to  this  command.  Only lower the default (for example to
494              512 bits) if there is no other way to make TLS work with the re‐
495              mote server.
496
497       tls_priorities [priorities]
498              Set  the  priorities for TLS sessions. The default is set by the
499              TLS library and can be selected by using an  empty  argument  to
500              this command.  See the GnuTLS documentation of the gnutls_prior‐
501              ity_init function for a description of the priorities string.
502
503       tls_host_override [host]
504              By default, TLS host verification uses the host  name  given  by
505              the  host  command.  This command allows to use a different host
506              name for verification. This is only useful in special cases.
507
508       delivery method method_arguments...
509              How to deliver messages received from this account.
510
511              delivery mda command
512                     Deliver the mails through a mail delivery agent (MDA).
513                     All occurrences of %F in the  command  will  be  replaced
514                     with the envelope from address of the current message (or
515                     MAILER-DAEMON if none is found). Note that  this  address
516                     is guaranteed to contain only letters a-z and A-Z, digits
517                     0-9, and any of ".@_-+/", even though that is only a sub‐
518                     set  of  what is theoretically allowed in a mail address.
519                     Other characters,  including  those  interpreted  by  the
520                     shell,  are  replaced with "_".  Nevertheless, you should
521                     put %F into single quotes: '%F'.
522                     Use "delivery mda /usr/bin/procmail -f '%F' -d $USER" for
523                     the procmail MDA.
524                     Use  "delivery mda /usr/sbin/sendmail -oi -oem -f '%F' --
525                     $USER" to let your MTA handle the mail.
526                     Use "delivery mda  /usr/local/bin/msmtp  --host=localhost
527                     --from='%F'  -- $USER@`hostname`.`dnsdomainname`" to pass
528                     the mail to your MTA via SMTP.  (This is  what  fetchmail
529                     does by default.)
530
531              delivery maildir directory
532                     Deliver the mails to the given maildir directory. The di‐
533                     rectory must exist and it must have the maildir subdirec‐
534                     tories  cur,  new, and tmp; mpop will not create directo‐
535                     ries. This delivery type only works on file systems  that
536                     support hard links.
537
538              delivery mbox mbox-file
539                     Deliver  the  mails to the given file in mbox format. The
540                     file will be locked with fcntl(2). mpop uses  the  MBOXRD
541                     mbox  format  variant;  see the documentation of the mbox
542                     format.
543
544              delivery exchange directory
545                     Deliver the mails to the given Exchange pickup directory.
546                     The directory must exist.
547
548              If  the  delivery  method needs to parse the mail headers for an
549              envelope from address (the mda method if  the  command  contains
550              %F,  and  the  mbox method), then it needs to create a temporary
551              file to store the mail headers (but not the body) in.  See  $TM‐
552              PDIR in the FILES / ENVIRONMENT section.
553
554       uidls_file filename
555              The  file  to  store  UIDLs in. These are needed to identify new
556              messages.  %U in the filename will be replaced by  the  username
557              of  the current account.  %H in the filename will be replaced by
558              the hostname of the current account.  If the  filename  contains
559              directories  that  do  not  exist,  mpop will create them.  mpop
560              locks this file for exclusive access when accessing the  associ‐
561              ated POP3 account.
562              The  default value is "~/.mpop_uidls/%U_at_%H". You can also use
563              a single UIDLS file for multiple accounts, but then  you  cannot
564              poll more than one of these accounts at the same time.
565
566       only_new [(on|off)]
567              By  default,  mpop processes only new messages (new messages are
568              those that were not already successfully retrieved in an earlier
569              session).  If  this  option is turned off, mpop will process all
570              messages.
571
572       keep [(on|off)]
573              Keep all mails on the POP3 server, never delete  them.  The  de‐
574              fault  behaviour  is to delete mails that have been successfully
575              retrieved or filtered by kill filters.
576
577       killsize (off|size)
578              Mails larger than the given size will  be  deleted  (unless  the
579              keep  command is used, in which case they will just be skipped).
580              The size argument must be zero or greater. If it is followed  by
581              a `k' or an `m', the size is measured in kibibytes/mebibytes in‐
582              stead of bytes.  Note that some POP3 servers report slightly in‐
583              correct sizes for mails; see NOTES below.
584              When  killsize is set to 0 and keep is set to on, then all mails
585              are marked as retrieved, but  no  mail  gets  deleted  from  the
586              server.  This  can  be  used  to synchronize the UID list on the
587              client to the UID list on the server.
588
589       skipsize (off|size)
590              Mails larger than the given size  will  be  skipped  (not  down‐
591              loaded).   The  size  argument must be zero or greater. If it is
592              followed  by  a  `k'  or  an  `m',  the  size  is  measured   in
593              kibibytes/mebibytes  instead  of  bytes.   Note  that  some POP3
594              servers report slightly incorrect sizes for mails; see NOTES be‐
595              low.
596
597       filter [command]
598              Set  a  filter  which  will decide whether to retrieve, skip, or
599              delete each mail by investigating the mail's headers.  The  POP3
600              server  must  support the POP3 TOP command for this to work; see
601              option --serverinfo above. An empty argument disables filtering.
602              All occurrences of %F in the command will be replaced  with  the
603              envelope  from  address of the current message (or MAILER-DAEMON
604              if none is found).  Note that this address is guaranteed to con‐
605              tain  only letters a-z and A-Z, digits 0-9, and any of ".@_-+/",
606              even though that is only a subset of what is  theoretically  al‐
607              lowed  in  a mail address. Other characters, including those in‐
608              terpreted by the shell, are replaced with "_". Nevertheless, you
609              should put %F into single quotes: '%F'.
610              All  occurrences  of %S in the command will be replaced with the
611              size of the current mail as reported by the POP3 server.
612              The mail headers (plus the blank  line  separating  the  headers
613              from the body) will be piped to the command. Based on the return
614              code, mpop decides what to do with the mail:
615              0: proceed normally; no special action
616              1: delete the mail; do not retrieve it
617              2: skip the mail; do not retrieve it
618              Return codes greater than or equal to 3 mean that an  error  oc‐
619              curred.  The sysexits.h error codes may be used to give informa‐
620              tion about the kind of the error, but this is not necessary.
621
622       received_header [(on|off)]
623              Enable or disable adding a Received  header.  By  default,  mpop
624              prepends  a Received header to the mail during delivery. This is
625              required by the RFCs if the mail is subsequently further  deliv‐
626              ered e.g. via SMTP.
627

FILTERING

629       There are three filtering commands available.  They will be executed in
630       the following order:
631       killsize
632       skipsize
633       filter
634       If a filtering command applies to a mail, the  remaining  filters  will
635       not be executed.
636

EXAMPLES

638       Configuration file
639
640       # Example for a user configuration file ~/.mpoprc
641       #
642       #  This  file  focusses  on  TLS, authentication, and the mail delivery
643       method.
644       # Features not used here include mail filtering, timeouts, SOCKS  prox‐
645       ies,
646       # TLS parameters, and more.
647
648       # Set default values for all following accounts.
649       defaults
650
651       # Always use TLS.
652       tls on
653
654       #  Set a list of trusted CAs for TLS. The default is to use system set‐
655       tings, but
656       # you can select your own file.
657       #tls_trust_file /etc/ssl/certs/ca-certificates.crt
658
659       # If you select your own file, you should  also  use  the  tls_crl_file
660       command to
661       #  check for revoked certificates, but unfortunately getting revocation
662       lists and
663       # keeping them up to date is not straightforward.
664       #tls_crl_file ~/.tls-crls
665
666       # Deliver mail to an MBOX mail file:
667       delivery mbox ~/Mail/inbox
668       # Deliver mail to a maildir folder:
669       #delivery maildir ~/Mail/incoming
670       # Deliver mail via procmail:
671       #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
672       # Deliver mail via the local SMTP server:
673       #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
674       # Deliver mail to an Exchange pickup directory:
675       #delivery exchange c:\exchange\pickup
676
677       # Use an UIDLS file in ~/.local/share instead of ~/.mpop_uidls
678       uidls_file ~/.local/share/%U_at_%H
679
680       # A freemail service
681       account freemail
682
683       # Host name of the POP3 server
684       host pop.freemail.example
685
686       #  As  an  alternative  to  tls_trust_file/tls_crl_file,  you  can  use
687       tls_fingerprint
688       #  to pin a single certificate. You have to update the fingerprint when
689       the
690       # server certificate changes, but an attacker cannot trick you into ac‐
691       cepting
692       # a fraudulent certificate. Get the fingerprint with
693       # $ mpop --serverinfo --tls --tls-certcheck=off --host=pop.freemail.ex‐
694       ample
695       #tls_fingerprint  00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
696       :22:33
697
698       #  Authentication. The password is given using one of five methods, see
699       below.
700       user joe.smith
701
702       # Password method 1: Add the password to the system  keyring,  and  let
703       mpop get
704       #  it  automatically.  To set the keyring password using Gnome's libse‐
705       cret:
706       # $ secret-tool store --label=mpop \
707       #   host pop.freemail.example \
708       #   service pop3 \
709       #   user joe.smith
710
711       # Password method 2: Store the password in an encrypted file, and  tell
712       mpop
713       #  which command to use to decrypt it. This is usually used with GnuPG,
714       as in
715       # this example. Usually gpg-agent will  ask  once  for  the  decryption
716       password.
717       passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg
718
719       #  Password method 3: Store the password directly in this file. Usually
720       it is not
721       # a good idea to store passwords in cleartext files. If you do it  any‐
722       way, at
723       # least make sure that this file can only be read by yourself.
724       #password secret123
725
726       #  Password  method  4:  Store the password in ~/.netrc. This method is
727       probably not
728       # relevant anymore.
729
730       # Password method 5: Do not specify a password. Mpop will  then  prompt
731       you for
732       #  it. This means you need to be able to type into a terminal when mpop
733       runs.
734
735       # A second mail box at the same freemail service
736       account freemail2 : freemail
737       user joey
738
739       # The POP3 server of your ISP
740       account isp
741       host mail.isp.example
742       auth on
743       user 12345
744       # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status:
745       Yes"
746       #  header,  and  delete  all  mails with this header before downloading
747       them.
748       filter    if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit
749       0; fi
750
751       # Set a default account
752       account default : freemail
753
754
755       Filtering with SpamAssassin
756
757       The  command  filter "/path/to/spamc  -c  >  /dev/null" will delete all
758       mails that SpamAssassin thinks are  spam.  Since  no  message  body  is
759       passed  to  SpamAssassin, you should disable all body-specific tests in
760       the SpamAssassin configuration file; for example set use_bayes 0.
761
762       If your mail provider runs SpamAssassin for you, you just have to check
763       for  the  result. The following script can do that when used as an mpop
764       filter:
765       #!/bin/sh
766       if [ "`grep "^X-Spam-Status: Yes"`" ]; then
767           exit 1  # kill this message
768       else
769           exit 0  # proceed normally
770       fi
771       Since the filter command is passed to a shell, you can  also  use  this
772       directly:
773       filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0;
774       fi
775
776
777       Using mpop with Tor
778
779       Use the following settings:
780       proxy_host 127.0.0.1
781       proxy_port 9050
782       tls on
783       Use an IP address as proxy host name, so that mpop does not leak a  DNS
784       query when resolving it.
785       TLS is required to prevent exit hosts from reading your POP3 session.
786
787
788

FILES

790       ~/.mpoprc or $XDG_CONFIG_HOME/mpop/config
791              Default configuration file.
792
793       ~/.mpop_uidls
794              Default directory to store UIDLs files in.
795
796       ~/.netrc and SYSCONFDIR/netrc
797              The  netrc file contains login information. Before prompting for
798              a   password,   msmtp   will   search   it   in   ~/.netrc   and
799              SYSCONFDIR/netrc.
800

ENVIRONMENT

802       $USER, $LOGNAME
803              These variables override the user's login name. $LOGNAME is only
804              used if $USER is unset. The user's login name is  used  for  Re‐
805              ceived headers.
806
807       $TMPDIR
808              Directory to create temporary files in. If this is unset, a sys‐
809              tem specific default directory is used.
810

AUTHOR

812       mpop was written by Martin Lambers <marlam@marlam.de>
813       Other authors are listed in the AUTHORS file in  the  source  distribu‐
814       tion.
815

SEE ALSO

817       procmail(1), spamassassin(1), netrc(5) or ftp(1), mbox(5), fcntl(2)
818
819
820
821                                    2020-06                            MPOP(1)
Impressum