1MSMTP(1) General Commands Manual MSMTP(1)
2
6 msmtp - An SMTP client
7
9 Sendmail mode (default):
10 msmtp [option...] [--] recipient...
11 msmtp [option...] -t [--] [recipient...]
12 Configuration mode:
14 msmtp --configure <mailaddress>
15 Server information mode:
17 msmtp [option...] --serverinfo
18 Remote Message Queue Starting mode:
20 msmtp [option...] --rmqs=host|@domain|#queue
21
23 In the default sendmail mode, msmtp reads a mail from standard input
24 and sends it to an SMTP server for delivery.
25 In server information mode, msmtp prints information about an SMTP
26 server.
27 In Remote Message Queue Starting mode, msmtp sends a Remote Message
28 Queue Starting request for a host, domain, or queue to an SMTP server.
29
31 The standard sendmail exit status codes are used, as defined in sysex‐
32 its.h.
33
35 Options override configuration file settings.
36 They are compatible with sendmail where appropriate.
37 General options
39 --version
41 Print version information, including information about
42 the libraries used.
43 --help Print help.
45 -P, --pretend
47 Print the configuration settings that would be used, but
48 do not take further action. An asterisk (`*') will be
49 printed instead of your password.
50 -v, -d, --debug
52 Print lots of debugging information, including the whole
53 conversation with the SMTP server. Be careful with this
54 option: the (potentially dangerous) output will not be
55 sanitized, and your password may get printed in an easily
56 decodable format!
57 Changing the mode of operation
59 --configure=mailaddress
61 Generate a configuration for the given mail address and
62 print it. This can be modified or copied unchanged to the
63 configuration file. Note that this only works for mail
64 domains that publish appropriate SRV records; see RFC
65 8314.
66 -S, --serverinfo
68 Print information about the SMTP server and exit. This
69 includes information about supported features (mail size
70 limit, authentication, TLS, DSN, ...) and about the TLS
71 certificate (if TLS is active).
72 --rmqs=(host|@domain|#queue)
74 Send a Remote Message Queue Starting request for the
75 given host, domain, or queue to the SMTP server and exit.
76 Configuration options
78 -C, --file=filename
80 Use the given file instead of ~/.msmtprc or $XDG_CON‐
81 FIG_HOME/msmtp/config as the user configuration file.
82 -a, --account=account_name
84 Use the given account instead of the account named "de‐
85 fault". The settings of this account may be changed with
86 command line options. This option cannot be used together
87 with the --host option.
88 --host=hostname
90 Use this SMTP server with settings from the command line;
91 do not use any configuration file data. This option can‐
92 not be used together with the --account option.
93 --port=number
95 Set the port number to connect to. See the port command.
96 --source-ip=[IP]
98 Set or unset an IP address to bind the socket to. See the
99 source_ip command.
100 --proxy-host=[IP|hostname]
102 Set or unset a SOCKS proxy to use. See the proxy_host
103 command.
104 --proxy-port=[number]
106 Set or unset a port number for the proxy host. See the
107 proxy_port command.
108 --socket=[socketname]
110 Set or unset a local unix domain socket name to connect
111 to. See the socket command.
112 --timeout=(off|seconds)
114 Set or unset a network timeout, in seconds. See the time‐
115 out command.
116 --protocol=(smtp|lmtp)
118 Set the protocol. See the protocol command.
119 --domain=[string]
121 Set the argument of the SMTP EHLO (or LMTP LHLO) command,
122 and the domain part for the Message-ID header. See the
123 domain command.
124 --auth[=(on|off|method)]
126 Enable or disable authentication and optionally choose
127 the method. See the auth command.
128 --user=[username]
130 Set or unset the user name for authentication. See the
131 user command.
132 --passwordeval=[cmd]
134 Evaluate password for authentication. See the passworde‐
135 val command.
136 --tls[=(on|off)]
138 Enable or disable TLS/SSL. See the tls command.
139 --tls-starttls[=(on|off)]
141 Enable or disable STARTTLS for TLS. See the tls_starttls
142 command.
143 --tls-trust-file=[file]
145 Set or unset a trust file for TLS. See the tls_trust_file
146 command.
147 --tls-crl-file=[file]
149 Deprecated. Set or unset a certificate revocation list
150 (CRL) file for TLS. See the tls_crl_file command.
151 --tls-fingerprint=[fingerprint]
153 Set or unset the fingerprint of a trusted TLS certifi‐
154 cate. See the tls_fingerprint command.
155 --tls-key-file=[file]
157 Set or unset a key file for TLS. See the tls_key_file
158 command.
159 --tls-cert-file=[file]
161 Set or unset a cert file for TLS. See the tls_cert_file
162 command.
163 --tls-certcheck[=(on|off)]
165 Enable or disable server certificate checks for TLS. See
166 the tls_certcheck command.
167 --tls-priorities=[priorities]
169 Set or unset TLS priorities. See the tls_priorities com‐
170 mand.
171 --tls-host-override=[host]
173 Set or unset override for TLS host verification. See the
174 tls_host_override command.
175 --tls-min-dh-prime-bits=[bits]
177 Deprecated, use --tls-priorities instead. Set or unset
178 minimum bit size of the Diffie-Hellman (DH) prime. See
179 the tls_min_dh_prime_bits command.
180 Options specific to sendmail mode
182 -f, --from=address
184 Set the envelope-from address.
185 If no account was chosen yet (with --account or --host),
186 this option will choose the first account that has the
187 given envelope-from address (set with the from command).
188 If no such account is found, "default" is used.
189 See the from and allow_from_override commands.
190 -N, --dsn-notify=(off|cond)
192 Set or unset DSN notification conditions. See the dsn_no‐
193 tify command.
194 -R, --dsn-return=(off|ret)
196 Set or unset the DSN notification amount. See the dsn_re‐
197 turn command. Note that hdrs is accepted as an alias for
198 headers to be compatible with sendmail.
199 --set-from-header[=(auto|on|off)]
201 Set From header handling. See the set_from_header com‐
202 mand.
203 --set-date-header[=(auto|off)]
205 Set Date header handling. See the set_date_header com‐
206 mand.
207 --set-msgid-header[=(auto|off)]
209 Set Message-ID header handling. See the set_msgid_header
210 command.
211 --remove-bcc-headers[=(on|off)]
213 Enable or disable the removal of Bcc headers. See the re‐
214 move_bcc_headers command.
215 --undisclosed-recipients[=(on|off)]
217 Enable or disable the replacement of To/Cc/Bcc with "To:
218 undisclosed-recipients:;". See the undisclosed_recipi‐
219 ents command.
220 -X, --logfile=[file]
222 Set or unset the log file. See the logfile command.
223 --logfile-time-format=[fmt]
225 Set or unset the log file time format. See the log‐
226 file_time_format command.
227 --syslog[=(on|off|facility)]
229 Enable or disable syslog logging. See the syslog command.
230 -t, --read-recipients
232 Read recipient addresses from the To, Cc, and Bcc headers
233 of the mail in addition to the recipients given on the
234 command line. If any Resent- headers are present, then
235 the addresses from any Resent-To, Resent-Cc, and Resent-
236 Bcc headers in the first block of Resent- headers are
237 used instead.
238 --read-envelope-from
240 Read the envelope from address from the From header of
241 the mail.
242 --aliases=[file]
244 Set or unset an aliases file. See the aliases command.
245 -Fname Set a full name to be used in a From header if msmtp adds
247 one. See the from_full_name command.
248 --auto-from[=(on|off)]
250 Obsolete. See the auto_from command.
251 --maildomain=[domain]
253 Obsolete. See the maildomain command.
254 -- This marks the end of options. All following arguments
256 will be treated as recipient addresses, even if they
257 start with a `-'.
258 The following options are accepted but ignored for sendmail compatibil‐
260 ity:
261 -Amode, -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox
262 value
263
265 A suggestion for a suitable configuration file can be generated using
266 the --configure option. Normally, a system wide configuration file
267 and/or a user configuration file contain information about which SMTP
268 server to use and how to use it, but all settings can also be config‐
269 ured on the command line.
270 The information about SMTP servers is organized in accounts. Each ac‐
271 count describes one SMTP server: host name, authentication settings,
272 TLS settings, and so on. Each configuration file can define multiple
273 accounts.
274 The user can choose which account to use in one of three ways:
276 --account=id
278 Use the given account. Command line settings override configura‐
279 tion file settings.
280 --host=hostname
282 Use only the settings from the command line; do not use any con‐
283 figuration file data.
284 --from=address or --read-envelope-from
286 Choose the first account from the system or user configuration
287 file that has a matching envelope-from address as specified by a
288 from command. This works only when neither --account nor --host
289 is used.
290 Subadresses are supported. For example, the envelope from ad‐
291 dress user+detail@example.com will match the account for
292 user@example.com.
293 Furthermore, the envelope-from address of the account may be a
294 wildcard pattern. See the from command.
295 If none of the above options is used (or if no account has a matching
297 from command), then the account "default" is used.
298 Msmtp transmits mails unaltered to the SMTP server, with the following
300 exceptions:
301 - The Bcc header(s) will be removed. This behavior can be changed with
302 the remove_bcc_headers command and --remove-bcc-headers option.
303 - A From header will be added if the mail does not have one. This can
304 be changed with the set_from_header command and --set-from-header op‐
305 tion. The header will use the envelope from address and optionally a
306 full name set with the -F option or from_full_name command.
307 - A Date header will be added if the mail does not have one. This can
308 be changed with the set_date_header command and --set-date-header op‐
309 tion.
310 - A Message-ID header will be added if the mail does not have one. This
311 can be changed with the set_msgid_header command and --set-msgid-header
312 option.
313 - When undisclosed_recipients is set, the original To, Cc, and Bcc
314 headers are removed and replaced with "To: undisclosed-recipients:;".
315 Skip to the EXAMPLES section for a quick start.
317
319 If it exists and is readable, a system wide configuration file
320 SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your
321 platform. Use --version to find out which directory is used.
322 If it exists and is readable, a user configuration file will be loaded
323 (~/.msmtprc will be tried first followed by $XDG_CONFIG_HOME/msmtp/con‐
324 fig by default, but see --version). Accounts defined in the user con‐
325 figuration file override accounts from the system configuration file.
326 Configuration data from either file can be changed by command line op‐
327 tions.
328 A configuration file is a simple text file. Empty lines and comment
330 lines (whose first non-blank character is `#') are ignored.
331 Every other line must contain a command and may contain an argument to
332 that command.
333 The argument may be enclosed in double quotes ("), for example if its
334 first or last character is a blank.
335 If a file name starts with the tilde (~), this tilde will be replaced
336 by $HOME. If a command accepts the argument on, it also accepts an
337 empty argument and treats that as if it was on.
338 Commands are organized in accounts. Each account starts with the ac‐
339 count command and defines the settings for one SMTP account.
340 Skip to the EXAMPLES section for a quick start.
342 Commands are as follows:
344 defaults
346 Set defaults. The following configuration commands will set de‐
347 fault values for all following account definitions in the cur‐
348 rent configuration file.
349 account name [:account[,...]]
351 Start a new account definition with the given name. The current
352 default values are filled in.
353 If a colon and a list of previously defined accounts is given
354 after the account name, the new account, with the filled in de‐
355 fault values, will inherit all settings from the accounts in the
356 list.
357 eval cmd
359 Replace the current configuration file line with the first line
360 of the output (stdout) of the command cmd. This can be used to
361 decrypt settings or to create them via scripts. For example,
362 eval echo host localhost replaces the current line with host lo‐
363 calhost.
364 Note that every eval line will be evaluated when the configura‐
365 tion file is read.
366 The cmd command must not mess with standard input; if in doubt,
367 append < /dev/null.
368 Note that for passwords you can also use the passwordeval com‐
369 mand instead of eval password cmd. This has the advantage that
370 the command is only evaluated if needed.
371 host hostname
373 The SMTP server to send the mail to. The argument may be a host
374 name or a network address. Every account definition must con‐
375 tain this command.
376 port number
378 The port that the SMTP server listens on. The default is 25
379 ("smtp"), unless TLS without STARTTLS is used, in which case it
380 is 465 ("smtps").
381 source_ip [IP]
383 Set a source IP address to bind the outgoing connection to. Use‐
384 ful only in special cases on multi-home systems. An empty argu‐
385 ment disables this.
386 proxy_host [IP|hostname]
388 Use a SOCKS proxy. All network traffic will go through this
389 proxy host, including DNS queries, except for a DNS query that
390 might be necessary to resolve the proxy host name itself (this
391 can be avoided by using an IP address as proxy host name). An
392 empty hostname argument disables proxy usage. The supported
393 SOCKS protocol version is 5. If you want to use this with Tor,
394 see also "Using msmtp with Tor" below.
395 proxy_port [number]
397 Set the port number for the proxy host. An empty number argument
398 resets this to the default port.
399 socket socketname
401 Set the file name of a unix domain socket to connect to. This
402 overrides both host/port and proxy_host/proxy_port.
403 timeout (off|seconds)
405 Set or unset a network timeout, in seconds. The argument off
406 means that no timeout will be set, which means that the operat‐
407 ing system default will be used.
408 protocol (smtp|lmtp)
410 Set the protocol to use. Currently only SMTP and LMTP are sup‐
411 ported. SMTP is the default. See the port command above for de‐
412 fault ports.
413 domain argument
415 Use this command to set the argument of the SMTP EHLO (or LMTP
416 LHLO) command, and the domain part of Message-ID headers if
417 msmtp generates them (see the set_msgid_header command).
418 The default value localhost is stupid but usually works for
419 EHLO. However it does not make sense for Message-ID headers. See
420 the set_msgid_header command for details.
421 Possible choices are the domain part of your mail address
422 (provider.example for joe@provider.example) or the fully quali‐
423 fied domain name of your host (if available).
424 The following substitution patterns are supported:
425 %H will be replaced by $HOSTNAME, or if that fails by the host
426 name of the system.
427 %C will be replaced by the canonical name of %H.
428 %M will be replaced by the contents of /etc/mailname (poten‐
429 tially a different directory is used depending on the build con‐
430 figuration; see the output of msmtp --version and look for the
431 location of the system configuration file).
432 auth [(on|off|method)]
434 Enable or disable authentication and optionally choose a method
435 to use. The argument on chooses a method automatically.
436 Usually a user name and a password are used for authentication.
437 The user name is specified in the configuration file with the
438 user command. There are five different methods to specify the
439 password:
440 1. Add the password to the system key ring. Currently supported
441 key rings are the Gnome key ring and the Mac OS X Keychain. For
442 the Gnome key ring, use the command secret-tool (part of Gnome's
443 libsecret) to store passwords: secret-tool store --label=msmtp
444 host mail.freemail.example service smtp user joe.smith. On Mac
445 OS X, use the following command: security add-internet-password
446 -s mail.freemail.example -r smtp -a joe.smith -w. In both exam‐
447 ples, replace mail.freemail.example with the SMTP server name,
448 and joe.smith with your user name.
449 2. Store the password in an encrypted files, and use passworde‐
450 val to specify a command to decrypt that file, e.g. using GnuPG.
451 See EXAMPLES.
452 3. Store the password in the configuration file using the pass‐
453 word command. (Usually it is not considered a good idea to
454 store passwords in cleartext files. If you do it anyway, you
455 must make sure that the file can only be read by yourself.)
456 4. Store the password in ~/.netrc. This method is probably obso‐
457 lete.
458 5. Type the password into the terminal when it is required.
459 It is recommended to use method 1 or 2.
460 Multiple authentication methods exist. Most servers support only
461 some of them. Historically, sophisticated methods were devel‐
462 oped to protect passwords from being sent unencrypted to the
463 server, but nowadays everybody needs TLS anyway, so the simple
464 methods suffice since the whole session is protected. A suitable
465 authentication method is chosen automatically, and when TLS is
466 disabled for some reason, only methods that avoid sending clear‐
467 text passwords are considered.
468 The following user / password methods are supported: plain (a
469 simple cleartext method, with base64 encoding, supported by al‐
470 most all servers), scram-sha-1 (a method that avoids cleartext
471 passwords), scram-sha-256 (same but with stronger hash),
472 cram-md5 (an obsolete method that avoids cleartext passwords,
473 but is not considered secure anymore), digest-md5 (an overcom‐
474 plicated obsolete method that avoids cleartext passwords, but is
475 not considered secure anymore), login (a non-standard cleartext
476 method similar to but worse than the plain method), ntlm (an ob‐
477 scure non-standard method that is now considered broken; it
478 sometimes requires a special domain parameter passed via ntlmdo‐
479 main).
480 There are currently three authentication methods that are not
481 based on user / password information and have to be chosen manu‐
482 ally: oauthbearer or its predecessor xoauth2 (an OAuth2 token
483 from the mail provider is used as the password. See the docu‐
484 mentation of your mail provider for details on how to get this
485 token. The passwordeval command can be used to pass the regu‐
486 larly changing tokens into msmtp from a script or an environment
487 variable), external (the authentication happens outside of the
488 protocol, typically by sending a TLS client certificate, and the
489 method merely confirms that this authentication succeeded), and
490 gssapi (the Kerberos framework takes care of secure authentica‐
491 tion, only a user name is required).
492 It depends on the underlying authentication library and its ver‐
493 sion whether a particular method is supported or not. Use --ver‐
494 sion to find out which methods are supported.
495 user login
497 Set the user name for authentication. An empty argument unsets
498 the user name.
499 password secret
501 Set the password for authentication. An empty argument unsets
502 the password. Consider using the passwordeval command or a key
503 ring instead of this command, to avoid storing cleartext pass‐
504 words in the configuration file.
505 passwordeval [cmd]
507 Set the password for authentication to the output (stdout) of
508 the command cmd. This can be used e.g. to decrypt password
509 files on the fly or to query key rings, and thus to avoid stor‐
510 ing cleartext passwords.
511 The cmd command must not mess with standard input; if in doubt,
512 append < /dev/null.
513 ntlmdomain [domain]
515 Set a domain for the ntlm authentication method. This is obso‐
516 lete.
517 tls [(on|off)]
519 Enable or disable TLS (also known as SSL) for secured connec‐
520 tions.
521 Transport Layer Security (TLS) "... provides communications pri‐
522 vacy over the Internet. The protocol allows client/server ap‐
523 plications to communicate in a way that is designed to prevent
524 eavesdropping, tampering, or message forgery" (quote from
525 RFC2246).
526 A server can use TLS in one of two modes: via a STARTTLS command
527 (the session starts with the normal protocol initialization, and
528 TLS is then started using the protocol's STARTTLS command), or
529 immediately (TLS is initialized before the normal protocol ini‐
530 tialization; this requires a separate port). The first mode is
531 the default, but you can switch to the second mode by disabling
532 tls_starttls.
533 When TLS is started, the server sends a certificate to identify
534 itself. To verify the server identity, a client program is ex‐
535 pected to check that the certificate is formally correct and
536 that it was issued by a Certificate Authority (CA) that the user
537 trusts. (There can also be certificate chains with intermediate
538 CAs.)
539 The list of trusted CAs is specified using the tls_trust_file
540 command. The default value ist "system" and chooses the system-
541 wide default, but you can also choose the trusted CAs yourself.
542 A fundamental problem with this is that you need to trust CAs.
543 Like any other organization, a CA can be incompetent, malicious,
544 subverted by bad people, or forced by government agencies to
545 compromise end users without telling them. All of these things
546 happened and continue to happen worldwide. The idea to have
547 central organizations that have to be trusted for your communi‐
548 cation to be secure is fundamentally broken.
549 Instead of putting trust in a CA, you can choose to trust only a
550 single certificate for the server you want to connect to. For
551 that purpose, specify the certificate fingerprint with tls_fin‐
552 gerprint. This makes sure that no man-in-the-middle can fake the
553 identity of the server by presenting you a fraudulent certifi‐
554 cate issued by some CA that happens to be in your trust list.
555 However, you have to update the fingerprint whenever the server
556 certificate changes, and you have to make sure that the change
557 is legitimate each time, e.g. when the old certificate expired.
558 This is inconvenient, but it's the price to pay.
559 Information about a server certificate can be obtained with
560 --serverinfo --tls --tls-certcheck=off. This includes the issuer
561 CA of the certificate (so you can trust that CA via
562 tls_trust_file), and the fingerprint of the certificate (so you
563 can trust that particular certificate via tls_fingerprint).
564 TLS also allows the server to verify the identity of the client.
565 For this purpose, the client has to present a certificate issued
566 by a CA that the server trusts. To present that certificate, the
567 client also needs the matching key file. You can set the cer‐
568 tificate and key files using tls_cert_file and tls_key_file.
569 This mechanism can also be used to authenticate users, so that
570 traditional user / password authentication is not necessary any‐
571 more. See the external mechanism in auth.
572 You can also use client certificates stored on some external au‐
573 thentication device by specifying GnuTLS device URIs in
574 tls_cert_file and tls_key_file. You can find the correct URIs
575 using p11tool --list-privkeys --login (p11tool is bundled with
576 GnuTLS). If your device requires a PIN to access the data, you
577 can specify that using one of the password mechanisms (e.g.
578 passwordeval, password).
579 tls_starttls [(on|off)]
581 Choose the TLS variant: start TLS from within the session (on,
582 default), or tunnel the session through TLS (off).
583 tls_trust_file file
585 Activate server certificate verification using a list of trusted
586 Certification Authorities (CAs). The default is the special
587 value "system", which selects the system default. An empty argu‐
588 ment disables trust in CAs. If you select a file, it must be in
589 PEM format, and you should also use tls_crl_file.
590 tls_crl_file [file]
592 Deprecated. This sets a certificate revocation list (CRL) file
593 for TLS, to check for revoked certificates (an empty argument,
594 which is the default, disables this). Nowadays automatic OCSP
595 checks replace CRL file checks.
596 tls_fingerprint [fingerprint]
598 Set the fingerprint of a single certificate to accept for TLS.
599 This certificate will be trusted regardless of its contents
600 (this overrides tls_trust_file). The fingerprint should be of
601 type SHA256, but can for backwards compatibility also be of type
602 SHA1 or MD5 (please avoid this). The format should be
603 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off
604 --tls-fingerprint= to get the server certificate fingerprint.
605 tls_key_file file
607 Send a client certificate to the server (use this together with
608 tls_cert_file}). The file must contain the private key of a
609 certificate in PEM format. An empty argument disables this fea‐
610 ture.
611 tls_cert_file file
613 Send a client certificate to the server (use this together with
614 tls_key_file). The file must contain a certificate in PEM for‐
615 mat. An empty argument disables this feature.
616 tls_certcheck [(on|off)]
618 Enable or disable checks of the server certificate. They are en‐
619 abled by default. Disabling them will override tls_trust_file
620 and tls_fingerprint. WARNING: When the checks are disabled, TLS
621 sessions will not be secure!
622 tls_priorities [priorities]
624 Set priorities for TLS session parameters. The default is set by
625 the TLS library and can be selected by using an empty argument
626 to this command. The interpretation of the priorities string de‐
627 pends on the TLS library. Use --version to find out which TLS
628 library you use.
629 For GnuTLS, see the section on Priority Strings in the manual.
630 For libtls, the priorites string is a space-separated list of
631 parameter strings prefixed with either PROTOCOLS=, CIPHERS=, or
632 ECDHECURVES=. These parameter strings will be passed to the
633 functions tls_config_parse_protocols, tls_config_set_ciphers,
634 and tls_config_set_ecdhecurves. Unrecognized parts of the prior‐
635 ities string will be ignored. Example: "PROTOCOLS=TLSv1.3 CI‐
636 PHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384".
637 tls_host_override [host]
639 By default, TLS host verification uses the host name given by
640 the host command. This command allows one to use a different
641 host name for verification. This is only useful in special
642 cases.
643 tls_min_dh_prime_bits [bits]
645 Deprecated, use tls_priorities instead. Set or unset the mini‐
646 mum number of Diffie-Hellman (DH) prime bits accepted for TLS
647 sessions. The default is set by the TLS library and can be se‐
648 lected by using an empty argument to this command. Only lower
649 the default (for example to 512 bits) if there is no other way
650 to make TLS work with the remote server.
651 from envelope_from
653 Set the envelope-from address. The following substitution pat‐
654 terns are supported:
655 %U will be replaced by $USER, or if that fails by $LOGNAME, or
656 if that fails by the login name of the user running msmtp.
657 %H will be replaced by $HOSTNAME, or if that fails by the host
658 name of the system.
659 %C will be replaced by the canonical name of %H.
660 %M will be replaced by the contents of /etc/mailname (poten‐
661 tially a different directory is used depending on the build con‐
662 figuration; see the output of msmtp --version and look for the
663 location of the system configuration file).
664 Note that the obsolete auto_from command replaces this envelope-
665 from address.
666 To enforce the use of this envelope-from address and ignore the
667 -f / --from option, see the allow_from_override command.
668 Furthermore, the envelope-from address may be a wildcard pattern
669 as used for file name matching in the shell. This is the case if
670 it contains one of the characters ?, * or [. This allows a va‐
671 riety of envelope-from addresses given with the --from option to
672 match a single account.
673 from_full_name name
675 Set a full name to be used in a From header if msmtp adds one.
676 See the set_from_header command.
677 allow_from_override (on|off)
679 By default, the --from option overrides the from command. Set
680 to off to disable this.
681 dsn_notify (off|condition)
683 This command sets the condition(s) under which the mail system
684 should send DSN (Delivery Status Notification) messages. The ar‐
685 gument off disables explicit DSN requests, which means the mail
686 system decides when to send DSN messages. This is the default.
687 The condition must be never, to never request notification, or a
688 comma separated list (no spaces!) of one or more of the follow‐
689 ing: failure, to request notification on transmission failure,
690 delay, to be notified of message delays, success, to be notified
691 of successful transmission. The SMTP server must support the DSN
692 extension.
693 dsn_return (off|amount)
695 This command controls how much of a mail should be returned in
696 DSN (Delivery Status Notification) messages. The argument off
697 disables explicit DSN requests, which means the mail system de‐
698 cides how much of a mail it returns in DSN messages. This is the
699 default. The amount must be headers, to just return the message
700 headers, or full, to return the full mail. The SMTP server must
701 support the DSN extension.
702 set_from_header [(auto|on|off)]
704 When to set a From header: auto adds a From header if the mail
705 does not have one (this is the default), on always sets a From
706 header and overrides any existing one, and off never sets a From
707 header.
708 If the mail server rejects the mail because its From header does
709 not match the envelope-from address (a common anti-spam mea‐
710 sure), then you might want to set this option to on.
711 The From header is created based on the envelope-from address.
712 Disable allow_from_override to prevent programs from setting
713 their own envelope-from address.
714 For compatibility with older versions, add_missing_from_header
715 [(on|off)] is still supported and corresponds to the auto and
716 off settings.
717 set_date_header [(auto|off)]
719 When to set a Date header: auto adds a Date header if the mail
720 does not have one (this is the default), and off never sets a
721 Date header.
722 For compatibility with older versions, add_missing_date_header
723 [(on|off)] is still supported and corresponds to the auto and
724 off settings.
725 set_msgid_header [(auto|off)]
727 When to set a Message-ID header: auto adds a Message-ID header
728 if the mail does not have one (this is the default), and off
729 never sets a Message-ID header.
730 Message-IDs have the form hash@domain, where hash is a hash over
731 some values that uniquely identify the mail, and domain is ei‐
732 ther the value of the domain command (unless that is the default
733 value localhost), or the domain part of the envelope-from ad‐
734 dress (if available), or the host name of the SMTP server.
735 remove_bcc_headers [(on|off)]
737 This command controls whether to remove Bcc headers. The default
738 is to remove them.
739 undisclosed_recipients [(on|off)]
741 When set, the original To, Cc, and Bcc headers of the mail are
742 removed and a single new header line "To: undisclosed-recipi‐
743 ents:;" is added. The default setting is off.
744 logfile [file]
746 An empty argument disables logging (this is the default).
747 When logging is enabled by choosing a log file, msmtp will ap‐
748 pend one line to the log file for each mail it tries to send via
749 the account that this log file was chosen for.
750 The line will include the following information: date and time
751 in the format specified by logfile_time_format, host name of the
752 SMTP server, whether TLS was used, whether authentication was
753 used, authentication user name (only if authentication is used),
754 envelope-from address, recipient addresses, size of the mail as
755 transferred to the server (only if the delivery succeeded), SMTP
756 status code and SMTP error message (only in case of failure and
757 only if available), error message (only in case of failure and
758 only if available), exit code (from sysexits.h; EX_OK indicates
759 success).
760 If the filename is a dash (-), msmtp prints the log line to the
761 standard output.
762 logfile_time_format [fmt]
764 Set or unset the log file time format. This will be used as the
765 format string for the strftime() function. An empty argument
766 chooses the default ("%b %d %H:%M:%S").
767 syslog [(on|off|facility)]
769 Enable or disable syslog logging. The facility can be one of
770 LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default is
771 LOG_USER.
772 Each time msmtp tries to send a mail via the account that con‐
773 tains this syslog command, it will log one entry to the syslog
774 service with the chosen facility.
775 The line will include the following information: host name of
776 the SMTP server, whether TLS was used, whether authentication
777 was used, envelope-from address, recipient addresses, size of
778 the mail as transferred to the server (only if the delivery suc‐
779 ceeded), SMTP status code and SMTP error message (only in case
780 of failure and only if available), error message (only in case
781 of failure and only if available), exit code (from sysexits.h;
782 EX_OK indicates success).
783 aliases [file]
785 Replace local recipients with addresses in the aliases file.
786 The aliases file is a cleartext file containing mappings between
787 a local address and a list of replacement addresses. The map‐
788 pings are of the form:
789 local: someone@example.com, person@domain.example
790 Multiple replacement addresses are separated with commas. Com‐
791 ments start with `#' and continue to the end of the line.
792 The local address default has special significance and is
793 matched if the local address is not found in the aliases file.
794 If no default alias is found, then the local address is left as
795 is.
796 Note that alias expansion only affects the mail envelope. The To
797 and Cc headers are not modified.
798 An empty argument to the aliases command disables the replace‐
799 ment of local addresses. This is the default.
800 auto_from [(on|off)]
802 Obsolete; you can achieve the same and more using the substitu‐
803 tion patterns of the from command.
804 Enable or disable automatic envelope-from addresses. The default
805 is off. When enabled, an envelope-from address of the form
806 user@domain will be generated. The local part will be set to
807 USER or, if that fails, to LOGNAME or, if that fails, to the lo‐
808 gin name of the current user. The domain part can be set with
809 the maildomain command. If the maildomain is empty, the enve‐
810 lope-from address will only consist of the user name and not
811 have a domain part. When auto_from is disabled, the envelope-
812 from address must be set explicitly.
813 maildomain [domain]
815 Obsolete; you can achieve the same and more using the substitu‐
816 tion patterns of the from command.
817 Set a domain part for the generation of an envelope-from ad‐
818 dress. This is only used when auto_from is on. The domain may be
819 empty.
820
822 Configuration file
823 # Example for a user configuration file ~/.msmtprc
825 #
826 # This file focusses on TLS and authentication. Features not used here
827 include
828 # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status No‐
829 tification
830 # (DSN) settings, and more.
831 # Set default values for all following accounts.
833 defaults
834 # Use the mail submission port 587 instead of the SMTP port 25.
836 port 587
837 # Always use TLS.
839 tls on
840 # Set a list of trusted CAs for TLS. The default is to use system set‐
842 tings, but
843 # you can select your own file.
844 #tls_trust_file /etc/ssl/certs/ca-certificates.crt
845 # A freemail service
847 account freemail
848 # Host name of the SMTP server
850 host smtp.freemail.example
851 # As an alternative to tls_trust_file, you can use tls_fingerprint
853 # to pin a single certificate. You have to update the fingerprint when
854 the
855 # server certificate changes, but an attacker cannot trick you into ac‐
856 cepting
857 # a fraudulent certificate. Get the fingerprint with
858 # $ msmtp --serverinfo --tls --tls-certcheck=off
859 --host=smtp.freemail.example
860 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
861 :22:33
862 # Envelope-from address
864 from joe_smith@freemail.example
865 # Authentication. The password is given using one of five methods, see
867 below.
868 auth on
869 user joe.smith
870 # Password method 1: Add the password to the system keyring, and let
872 msmtp get
873 # it automatically. To set the keyring password using Gnome's libse‐
874 cret:
875 # $ secret-tool store --label=msmtp \
876 # host smtp.freemail.example \
877 # service smtp \
878 # user joe.smith
879 # Password method 2: Store the password in an encrypted file, and tell
881 msmtp
882 # which command to use to decrypt it. This is usually used with GnuPG,
883 as in
884 # this example. Usually gpg-agent will ask once for the decryption
885 password.
886 passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg
887 # Password method 3: Store the password directly in this file. Usually
889 it is not
890 # a good idea to store passwords in cleartext files. If you do it any‐
891 way, at
892 # least make sure that this file can only be read by yourself.
893 #password secret123
894 # Password method 4: Store the password in ~/.netrc. This method is
896 probably not
897 # relevant anymore.
898 # Password method 5: Do not specify a password. Msmtp will then prompt
900 you for
901 # it. This means you need to be able to type into a terminal when msmtp
902 runs.
903 # A second mail address at the same freemail service
905 account freemail2 : freemail
906 from joey@freemail.example
907 # The SMTP server of your ISP
909 account isp
910 host mail.isp.example
911 from smithjoe@isp.example
912 auth on
913 user 12345
914 # Set a default account
916 account default : freemail
917 Using msmtp with Mutt
920 Create a configuration file for msmtp and add the following lines to
922 your Mutt configuration file:
923 set sendmail="/path/to/msmtp"
924 set use_from=yes
925 set realname="Your Name"
926 set from=you@example.com
927 set envelope_from=yes
928 The envelope_from=yes option lets Mutt use the -f option of msmtp.
929 Therefore msmtp chooses the first account that matches the from address
930 you@example.com.
931 Alternatively, you can use the -a option:
932 set sendmail="/path/to/msmtp -a my-account"
933 Or set everything from the command line (but note that you cannot set a
934 password this way):
935 set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls
936 --tls-trust-file=trust.crt"
937 If you have multiple mail accounts in your msmtp configuration file and
939 let Mutt use the -f option to choose the right one, you can easily
940 switch accounts in Mutt with the following Mutt configuration lines:
941 macro generic "<esc>1" ":set from=you@example.com"
942 macro generic "<esc>2" ":set from=you@your-employer.example"
943 macro generic "<esc>3" ":set from=you@some-other-provider.example"
944 Using msmtp with mail
947 Define a default account, and put the following in your ~/.mailrc:
949 set sendmail="/path/to/msmtp"
950 Using msmtp with Tor
953 Use the following settings:
955 proxy_host 127.0.0.1
956 proxy_port 9050
957 tls on
958 Use an IP address as proxy host name, so that msmtp does not leak a DNS
959 query when resolving it.
960 TLS is required to prevent exit hosts from reading your SMTP session.
961 Do not set domain to something that you do not want to reveal (do not
962 set it at all if possible).
963 Aliases file
966 # Example aliases file
968 # Send root to Joe and Jane
970 root: joe_smith@example.com, jane_chang@example.com
971 # Send cron to Mark
973 cron: mark_jones@example.com
974 # Send everything else to admin
976 default: admin@domain.example
977
980 SYSCONFDIR/msmtprc
981 System configuration file. Use --version to find out what
982 SYSCONFDIR is on your platform.
983 ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
985 User configuration file.
986 ~/.netrc and SYSCONFDIR/netrc
988 The netrc file contains login information. Before prompting for
989 a password, msmtp will search it in ~/.netrc and
990 SYSCONFDIR/netrc.
991
993 USER, LOGNAME
994 These variables override the user's login name when constructing
995 an envelope-from address. LOGNAME is only used if USER is unset.
996 TMPDIR Directory to create temporary files in. If this is unset, a sys‐
998 tem specific default directory is used.
999 A temporary file is only created when the -t/--read-recipients
1000 or --read-envelope-from option is used. The file is then used to
1001 buffer the headers of the mail (but not the body, so the file
1002 won't get very large).
1003 EMAIL, SMTPSERVER
1005 These environment variables are used only if neither --host nor
1006 --account is used and there is no default account defined in the
1007 configuration files. In this case, the host name is taken from
1008 SMTPSERVER, and the envelope from address is taken from EMAIL,
1009 unless overridden by --from or --read-envelope-from. Currently
1010 SMTPSERVER must contain a plain host name (no URL), and EMAIL
1011 must contain a plain address (no names or additional informa‐
1012 tion).
1013
1015 msmtp was written by Martin Lambers <marlam@marlam.de>.
1016 Other authors are listed in the AUTHORS file in the source distribu‐
1017 tion.
1018
1020 sendmail(8), netrc(5) or ftp(1)
1021 2023-04 MSMTP(1)