Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MSMTP(1)		    General Commands Manual		      MSMTP(1)

NAME
       msmtp - An SMTP client

SYNOPSIS
       Sendmail	mode (default):
	      msmtp [option...]	[--] recipient...
	      msmtp [option...]	-t [--]	[recipient...]

       Configuration mode:
	      msmtp --configure	<mailaddress>

       Server information mode:
	      msmtp [option...]	--serverinfo

       Remote Message Queue Starting mode:
	      msmtp [option...]	--rmqs=host|@domain|#queue

DESCRIPTION
       In  the	default	 sendmail mode,	msmtp reads a mail from	standard input
       and sends it to an SMTP server for delivery.
       In server information mode, msmtp  prints  information  about  an  SMTP
       server.
       In  Remote  Message  Queue  Starting mode, msmtp	sends a	Remote Message
       Queue Starting request for a host, domain, or queue to an SMTP server.

EXIT STATUS
       The standard sendmail exit status codes are used, as defined in	sysex-
       its.h.

OPTIONS
       Options override	configuration file settings.
       They are	compatible with	sendmail where appropriate.

       General options

	      --version
		     Print  version  information,  including information about
		     the libraries used.

	      --help Print help.

	      -P, --pretend
		     Print the configuration settings that would be used,  but
		     do	 not  take  further action.  An	asterisk (`*') will be
		     printed instead of	your password.

	      -v, -d, --debug
		     Print lots	of debugging information, including the	 whole
		     conversation  with	 the SMTP server. Be careful with this
		     option: the (potentially dangerous) output	 will  not  be
		     sanitized,	and your password may get printed in an	easily
		     decodable format!

       Changing	the mode of operation

	      --configure=mailaddress
		     Generate a	configuration for the given mail  address  and
		     print it. This can	be modified or copied unchanged	to the
		     configuration file.  Note that this only works  for  mail
		     domains  that  publish  appropriate  SRV records; see RFC
		     8314.

	      -S, --serverinfo
		     Print information about the SMTP server  and  exit.  This
		     includes  information about supported features (mail size
		     limit, authentication, TLS, DSN, ...) and about  the  TLS
		     certificate (if TLS is active).

	      --rmqs=(host|@domain|#queue)
		     Send  a  Remote  Message  Queue  Starting request for the
		     given host, domain, or queue to the SMTP server and exit.

       Configuration options

	      -C, --file=filename
		     Use the given file	instead	 of  ~/.msmtprc	 or  $XDG_CON-
		     FIG_HOME/msmtp/config as the user configuration file.

	      -a, --account=account_name
		     Use  the  given account instead of	the account named "de-
		     fault". The settings of this account may be changed  with
		     command line options. This	option cannot be used together
		     with the --host option.

	      --host=hostname
		     Use this SMTP server with settings	from the command line;
		     do	 not use any configuration file	data. This option can-
		     not be used together with the --account option.

	      --port=number
		     Set the port number to connect to.	See the	port command.

	      --source-ip=[IP]
		     Set or unset an IP	address	to bind	the socket to. See the
		     source_ip command.

	      --proxy-host=[IP|hostname]
		     Set  or  unset  a	SOCKS proxy to use. See	the proxy_host
		     command.

	      --proxy-port=[number]
		     Set or unset a port number	for the	proxy  host.  See  the
		     proxy_port	command.

	      --socket=[socketname]
		     Set  or  unset a local unix domain	socket name to connect
		     to. See the socket	command.

	      --timeout=(off|seconds)
		     Set or unset a network timeout, in	seconds. See the time-
		     out command.

	      --protocol=(smtp|lmtp)
		     Set the protocol. See the protocol	command.

	      --domain=[string]
		     Set the argument of the SMTP EHLO (or LMTP	LHLO) command.
		     See the domain command.

	      --auth[=(on|off|method)]
		     Enable or disable authentication  and  optionally	choose
		     the method.  See the auth command.

	      --user=[username]
		     Set  or  unset  the user name for authentication. See the
		     user command.

	      --passwordeval=[eval]
		     Evaluate password for authentication. See the  passworde-
		     val command.

	      --tls[=(on|off)]
		     Enable or disable TLS/SSL.	See the	tls command.

	      --tls-starttls[=(on|off)]
		     Enable  or	disable	STARTTLS for TLS. See the tls_starttls
		     command.

	      --tls-trust-file=[file]
		     Set or unset a trust file for TLS.	See the	tls_trust_file
		     command.

	      --tls-crl-file=[file]
		     Deprecated.  Set  or  unset a certificate revocation list
		     (CRL) file	for TLS. See the tls_crl_file command.

	      --tls-fingerprint=[fingerprint]
		     Set or unset the fingerprint of a	trusted	 TLS  certifi-
		     cate. See the tls_fingerprint command.

	      --tls-key-file=[file]
		     Set  or  unset  a	key file for TLS. See the tls_key_file
		     command.

	      --tls-cert-file=[file]
		     Set or unset a cert file for TLS. See  the	 tls_cert_file
		     command.

	      --tls-certcheck[=(on|off)]
		     Enable  or	disable	server certificate checks for TLS. See
		     the tls_certcheck command.

	      --tls-priorities=[priorities]
		     Set or unset TLS priorities. See the tls_priorities  com-
		     mand.

	      --tls-host-override=[host]
		     Set  or unset override for	TLS host verification. See the
		     tls_host_override command.

	      --tls-min-dh-prime-bits=[bits]
		     Deprecated, use --tls-priorities instead.	Set  or	 unset
		     minimum  bit  size	 of the	Diffie-Hellman (DH) prime. See
		     the tls_min_dh_prime_bits command.

       Options specific	to sendmail mode

	      -f, --from=address
		     Set the envelope-from address.
		     If	no account was chosen yet (with	--account or  --host),
		     this  option  will	 choose	the first account that has the
		     given envelope-from address (set with the from  command).
		     If	no such	account	is found, "default" is used.
		     See  the from command for substitution patterns supported
		     in	address.

	      -N, --dsn-notify=(off|cond)
		     Set or unset DSN notification conditions. See the dsn_no-
		     tify command.

	      -R, --dsn-return=(off|ret)
		     Set or unset the DSN notification amount. See the dsn_re-
		     turn command.  Note that hdrs is accepted as an alias for
		     headers to	be compatible with sendmail.

	      --set-from-header[=(auto|on|off)]
		     Set  From	header	handling. See the set_from_header com-
		     mand.

	      --set-date-header[=(auto|off)]
		     Set Date header handling. See  the	 set_date_header  com-
		     mand.

	      --remove-bcc-headers[=(on|off)]
		     Enable or disable the removal of Bcc headers. See the re-
		     move_bcc_headers command.

	      --undisclosed-recipients[=(on|off)]
		     Enable or disable the replacement of To/Cc/Bcc with  "To:
		     undisclosed-recipients:;".	  See  the undisclosed_recipi-
		     ents command.

	      -X, --logfile=[file]
		     Set or unset the log file.	See the	logfile	command.

	      --logfile-time-format=[fmt]
		     Set or unset the log  file	 time  format.	See  the  log-
		     file_time_format command.

	      --syslog[=(on|off|facility)]
		     Enable or disable syslog logging. See the syslog command.

	      -t, --read-recipients
		     Read recipient addresses from the To, Cc, and Bcc headers
		     of	the mail in addition to	the recipients	given  on  the
		     command  line.   If any Resent- headers are present, then
		     the addresses from	any Resent-To, Resent-Cc, and  Resent-
		     Bcc  headers  in  the  first block	of Resent- headers are
		     used instead.

	      --read-envelope-from
		     Read the envelope from address from the  From  header  of
		     the mail.

	      --aliases=[file]
		     Set or unset an aliases file. See the aliases command.

	      -Fname Msmtp adds	a From header to mails that lack it, using the
		     envelope from address. This option	allows one  to	set  a
		     full name to be used in that header.

	      --auto-from[=(on|off)]
		     Obsolete. See the auto_from command.

	      --maildomain=[domain]
		     Obsolete. See the maildomain command.

	      --     This  marks  the  end of options. All following arguments
		     will be treated as	 recipient  addresses,	even  if  they
		     start with	a `-'.

       The following options are accepted but ignored for sendmail compatibil-
       ity:
       -Btype, -bm, -G,	-hN, -i, -L tag, -m, -n, -O option=value, -ox value

USAGE
       A suggestion for	a suitable configuration file can be  generated	 using
       the  --configure	 option.   Normally,  a	system wide configuration file
       and/or a	user configuration file	contain	information about  which  SMTP
       server  to  use and how to use it, but all settings can also be config-
       ured on the command line.
       The information about SMTP servers is organized in accounts.  Each  ac-
       count  describes	 one  SMTP server: host	name, authentication settings,
       TLS settings, and so on.	Each configuration file	 can  define  multiple
       accounts.

       The user	can choose which account to use	in one of three	ways:

       --account=id
	      Use the given account. Command line settings override configura-
	      tion file	settings.

       --host=hostname
	      Use only the settings from the command line; do not use any con-
	      figuration file data.

       --from=address or --read-envelope-from
	      Choose  the  first account from the system or user configuration
	      file that	has a matching envelope-from address as	specified by a
	      from  command. This works	only when neither --account nor	--host
	      is used.
	      Subadresses are supported. For example, the  envelope  from  ad-
	      dress   user+detail@example.com	will  match  the  account  for
	      user@example.com.

       If none of the above options is used (or	if no account has  a  matching
       from command), then the account "default" is used.

       Msmtp  transmits	mails unaltered	to the SMTP server, with the following
       exceptions:
       - The Bcc header(s) will	be removed. This behavior can be changed  with
       the remove_bcc_headers command and --remove-bcc-headers option.
       -  A  From header will be added if the mail does	not have one. This can
       be changed with the set_from_header command and	--set-from-header  op-
       tion.   The  header will	use the	envelope from address and optionally a
       full name set with the -F option.
       - A Date	header will be added if	the mail does not have one.  This  can
       be  changed  with the set_date_header command and --set-date-header op-
       tion.
       - When undisclosed_recipients is	set, the  original  To,	 Cc,  and  Bcc
       headers are removed and replaced	with "To: undisclosed-recipients:;".

       Skip to the EXAMPLES section for	a quick	start.

CONFIGURATION FILES
       If  it  exists  and  is	readable,  a  system  wide  configuration file
       SYSCONFDIR/msmtprc will be loaded, where	 SYSCONFDIR  depends  on  your
       platform.  Use --version	to find	out which directory is used.
       If  it exists and is readable, a	user configuration file	will be	loaded
       (~/.msmtprc will	be tried first followed	by $XDG_CONFIG_HOME/msmtp/con-
       fig  by	default, but see --version). Accounts defined in the user con-
       figuration file override	accounts from the system configuration file.
       Configuration data from either file can be changed by command line  op-
       tions.

       A  configuration	 file  is a simple text	file.  Empty lines and comment
       lines (whose first non-blank character is `#') are ignored.
       Every other line	must contain a command and may contain an argument  to
       that command.
       The  argument  may be enclosed in double	quotes ("), for	example	if its
       first or	last character is a blank.
       If a file name starts with the tilde (~), this tilde will  be  replaced
       by  $HOME.   If	a  command accepts the argument	on, it also accepts an
       empty argument and treats that as if it was on.
       Commands	are organized in accounts. Each	account	starts	with  the  ac-
       count command and defines the settings for one SMTP account.

       Skip to the EXAMPLES section for	a quick	start.

       Commands	are as follows:

       defaults
	      Set  defaults. The following configuration commands will set de-
	      fault values for all following account definitions in  the  cur-
	      rent configuration file.

       account name [:account[,...]]
	      Start  a new account definition with the given name. The current
	      default values are filled	in.
	      If a colon and a list of previously defined  accounts  is	 given
	      after  the account name, the new account,	with the filled	in de-
	      fault values, will inherit all settings from the accounts	in the
	      list.

       host hostname
	      The SMTP server to send the mail to.  The	argument may be	a host
	      name or a	network	address.  Every	account	definition  must  con-
	      tain this	command.

       port number
	      The  port	 that  the  SMTP server	listens	on.  The default is 25
	      ("smtp"),	unless TLS without STARTTLS is used, in	which case  it
	      is 465 ("smtps").

       source_ip [IP]
	      Set a source IP address to bind the outgoing connection to. Use-
	      ful only in special cases	on multi-home systems. An empty	 argu-
	      ment disables this.

       proxy_host [IP|hostname]
	      Use  a  SOCKS  proxy.  All  network traffic will go through this
	      proxy host, including DNS	queries, except	for a DNS  query  that
	      might  be	 necessary to resolve the proxy	host name itself (this
	      can be avoided by	using an IP address as proxy  host  name).  An
	      empty  hostname  argument	 disables  proxy usage.	 The supported
	      SOCKS protocol version is	5. If you want to use this  with  Tor,
	      see also "Using msmtp with Tor" below.

       proxy_port [number]
	      Set the port number for the proxy	host. An empty number argument
	      resets this to the default port.

       socket socketname
	      Set the file name	of a unix domain socket	to  connect  to.  This
	      overrides	both host/port and proxy_host/proxy_port.

       timeout (off|seconds)
	      Set  or  unset  a	 network timeout, in seconds. The argument off
	      means that no timeout will be set, which means that the  operat-
	      ing system default will be used.

       protocol	(smtp|lmtp)
	      Set  the	protocol to use. Currently only	SMTP and LMTP are sup-
	      ported. SMTP is the default. See the port	command	above for  de-
	      fault ports.

       domain argument
	      Use  this	 command to set	the argument of	the SMTP EHLO (or LMTP
	      LHLO) command.  The default is localhost,	which  is  stupid  but
	      usually  works.  Try to change the default if mails get rejected
	      due to anti-SPAM measures. Possible choices are the domain  part
	      of your mail address (provider.example for joe@provider.example)
	      or the fully qualified domain name of your host (if available).

       auth [(on|off|method)]
	      Enable or	disable	authentication and optionally choose a	method
	      to use. The argument on chooses a	method automatically.
	      Usually  a user name and a password are used for authentication.
	      The user name is specified in the	configuration  file  with  the
	      user  command.  There  are five different	methods	to specify the
	      password:
	      1. Add the password to the system	key ring.  Currently supported
	      key rings	are the	Gnome key ring and the Mac OS X	Keychain.  For
	      the Gnome	key ring, use the command secret-tool (part of Gnome's
	      libsecret)  to  store passwords: secret-tool store --label=msmtp
	      host mail.freemail.example service smtp user joe.smith.  On  Mac
	      OS  X, use the following command:	security add-internet-password
	      -s mail.freemail.example -r smtp -a joe.smith -w.	 In both exam-
	      ples,  replace  mail.freemail.example with the SMTP server name,
	      and joe.smith with your user name.
	      2. Store the password in an encrypted files, and use  passworde-
	      val to specify a command to decrypt that file, e.g. using	GnuPG.
	      See EXAMPLES.
	      3. Store the password in the configuration file using the	 pass-
	      word  command.   (Usually	 it  is	 not considered	a good idea to
	      store passwords in cleartext files.  If you do  it  anyway,  you
	      must make	sure that the file can only be read by yourself.)
	      4. Store the password in ~/.netrc. This method is	probably obso-
	      lete.
	      5. Type the password into	the terminal when it is	required.
	      It is recommended	to use method 1	or 2.
	      Multiple authentication methods exist. Most servers support only
	      some  of	them.  Historically, sophisticated methods were	devel-
	      oped to protect passwords	from being  sent  unencrypted  to  the
	      server,  but  nowadays everybody needs TLS anyway, so the	simple
	      methods suffice since the	whole session is protected. A suitable
	      authentication  method  is chosen	automatically, and when	TLS is
	      disabled for some	reason,	only methods that avoid	sending	clear-
	      text passwords are considered.
	      The  following  user  / password methods are supported: plain (a
	      simple cleartext method, with base64 encoding, supported by  al-
	      most  all	 servers), scram-sha-1 (a method that avoids cleartext
	      passwords), cram-md5 (an obsolete	method that  avoids  cleartext
	      passwords, but is	not considered secure anymore),	digest-md5 (an
	      overcomplicated obsolete method that avoids cleartext passwords,
	      but  is  not  considered	secure anymore), login (a non-standard
	      cleartext	method similar to but worse than  the  plain  method),
	      ntlm (an obscure non-standard method that	is now considered bro-
	      ken; it sometimes	requires a special domain parameter passed via
	      ntlmdomain).
	      There  are  currently  three authentication methods that are not
	      based on user / password information and have to be chosen manu-
	      ally:  oauthbearer  or  its predecessor xoauth2 (an OAuth2 token
	      from the mail provider is	used as	the password.  See  the	 docu-
	      mentation	 of  your mail provider	for details on how to get this
	      token. The passwordeval command can be used to  pass  the	 regu-
	      larly changing tokens into msmtp from a script or	an environment
	      variable), external (the authentication happens outside  of  the
	      protocol,	typically by sending a TLS client certificate, and the
	      method merely confirms that this authentication succeeded),  and
	      gssapi  (the Kerberos framework takes care of secure authentica-
	      tion, only a user	name is	required).
	      It depends on the	underlying authentication library and its ver-
	      sion whether a particular	method is supported or not. Use	--ver-
	      sion to find out which methods are supported.

       user login
	      Set the user name	for authentication. An empty  argument	unsets
	      the user name.

       password	secret
	      Set  the	password  for authentication. An empty argument	unsets
	      the password.  Consider using the	passwordeval command or	a  key
	      ring  instead  of	this command, to avoid storing cleartext pass-
	      words in the configuration file.

       passwordeval [eval]
	      Set the password for authentication to the  output  (stdout)  of
	      the  command  eval.   This  can be used e.g. to decrypt password
	      files on the fly or to query key rings, and thus to avoid	 stor-
	      ing cleartext passwords.
	      Note  that  the  eval  command must not mess with	standard input
	      (stdin) because that is where msmtp reads	the mail from.	If  in
	      doubt, append _/dev/null to eval.

       ntlmdomain [domain]
	      Set  a  domain for the ntlm authentication method. This is obso-
	      lete.

       tls [(on|off)]
	      Enable or	disable	TLS (also known	as SSL)	 for  secured  connec-
	      tions.
	      Transport	Layer Security (TLS) "... provides communications pri-
	      vacy over	the Internet.  The protocol allows  client/server  ap-
	      plications  to  communicate in a way that	is designed to prevent
	      eavesdropping,  tampering,  or  message  forgery"	 (quote	  from
	      RFC2246).
	      A	server can use TLS in one of two modes:	via a STARTTLS command
	      (the session starts with the normal protocol initialization, and
	      TLS  is  then started using the protocol's STARTTLS command), or
	      immediately (TLS is initialized before the normal	protocol  ini-
	      tialization;  this  requires a separate port). The first mode is
	      the default, but you can switch to the second mode by  disabling
	      tls_starttls.
	      When  TLS	is started, the	server sends a certificate to identify
	      itself. To verify	the server identity, a client program  is  ex-
	      pected  to  check	 that  the certificate is formally correct and
	      that it was issued by a Certificate Authority (CA) that the user
	      trusts.  (There can also be certificate chains with intermediate
	      CAs.)
	      The list of trusted CAs is specified  using  the	tls_trust_file
	      command.	The default value ist "system" and chooses the system-
	      wide default, but	you can	also choose the	trusted	CAs yourself.
	      A	fundamental problem with this is that you need to  trust  CAs.
	      Like any other organization, a CA	can be incompetent, malicious,
	      subverted	by bad people, or forced  by  government  agencies  to
	      compromise  end  users without telling them. All of these	things
	      happened and continue to happen worldwide.   The	idea  to  have
	      central  organizations that have to be trusted for your communi-
	      cation to	be secure is fundamentally broken.
	      Instead of putting trust in a CA,	you can	choose to trust	only a
	      single  certificate  for	the server you want to connect to. For
	      that purpose, specify the	certificate fingerprint	with  tls_fin-
	      gerprint.	This makes sure	that no	man-in-the-middle can fake the
	      identity of the server by	presenting you a  fraudulent  certifi-
	      cate  issued  by	some CA	that happens to	be in your trust list.
	      However, you have	to update the fingerprint whenever the	server
	      certificate  changes,  and you have to make sure that the	change
	      is legitimate each time, e.g. when the old certificate  expired.
	      This is inconvenient, but	it's the price to pay.
	      Information  about  a  server  certificate  can be obtained with
	      --serverinfo --tls --tls-certcheck=off. This includes the	issuer
	      CA   of	the   certificate  (so	you  can  trust	 that  CA  via
	      tls_trust_file), and the fingerprint of the certificate (so  you
	      can trust	that particular	certificate via	tls_fingerprint).
	      TLS also allows the server to verify the identity	of the client.
	      For this purpose,	the client has to present a certificate	issued
	      by a CA that the server trusts. To present that certificate, the
	      client also needs	the matching key file. You can	set  the  cer-
	      tificate	and  key  files	 using tls_cert_file and tls_key_file.
	      This mechanism can also be used to authenticate users,  so  that
	      traditional user / password authentication is not	necessary any-
	      more. See	the external mechanism in auth.
	      You can also use client certificates stored on some external au-
	      thentication   device   by  specifying  GnuTLS  device  URIs  in
	      tls_cert_file and	tls_key_file. You can find  the	 correct  URIs
	      using  p11tool  --list-privkeys --login (p11tool is bundled with
	      GnuTLS). If your device requires a PIN to	access the  data,  you
	      can  specify  that  using	 one  of the password mechanisms (e.g.
	      passwordeval, password).

       tls_starttls [(on|off)]
	      Choose the TLS variant: start TLS	from within the	 session  (on,
	      default),	or tunnel the session through TLS (off).

       tls_trust_file file
	      Activate server certificate verification using a list of trusted
	      Certification Authorities	(CAs).	The  default  is  the  special
	      value "system", which selects the	system default.	An empty argu-
	      ment disables trust in CAs.  If you select a file, it must be in
	      PEM format, and you should also use tls_crl_file.

       tls_crl_file [file]
	      Deprecated.  This	 sets a	certificate revocation list (CRL) file
	      for TLS, to check	for revoked certificates (an  empty  argument,
	      which  is	 the default, disables this).  Nowadays	automatic OCSP
	      checks replace CRL file checks.

       tls_fingerprint [fingerprint]
	      Set the fingerprint of a single certificate to accept  for  TLS.
	      This  certificate	 will  be  trusted  regardless of its contents
	      (this overrides tls_trust_file).	The fingerprint	should	be  of
	      type SHA256, but can for backwards compatibility also be of type
	      SHA1  or	MD5  (please  avoid  this).   The  format  should   be
	      01:23:45:67:....	 Use  --serverinfo  --tls  --tls-certcheck=off
	      --tls-fingerprint= to get	the server certificate fingerprint.

       tls_key_file file
	      Send a client certificate	to the server (use this	together  with
	      tls_cert_file}).	 The  file  must  contain the private key of a
	      certificate in PEM format. An empty argument disables this  fea-
	      ture.

       tls_cert_file file
	      Send  a client certificate to the	server (use this together with
	      tls_key_file).  The file must contain a certificate in PEM  for-
	      mat. An empty argument disables this feature.

       tls_certcheck [(on|off)]
	      Enable or	disable	checks of the server certificate. They are en-
	      abled by default.	 Disabling them	will  override	tls_trust_file
	      and tls_fingerprint.  WARNING: When the checks are disabled, TLS
	      sessions will not	be secure!

       tls_priorities [priorities]
	      Set priorities for TLS session parameters. The default is	set by
	      the  TLS	library	and can	be selected by using an	empty argument
	      to this command. The interpretation of the priorities string de-
	      pends  on	 the  TLS library. Use --version to find out which TLS
	      library you use.
	      For GnuTLS, see the section on Priority Strings in the manual.
	      For libtls, the priorites	string is a  space-separated  list  of
	      parameter	 strings prefixed with either PROTOCOLS=, CIPHERS=, or
	      ECDHECURVES=. These parameter strings  will  be  passed  to  the
	      functions	  tls_config_parse_protocols,  tls_config_set_ciphers,
	      and tls_config_set_ecdhecurves. Unrecognized parts of the	prior-
	      ities  string  will  be ignored. Example:	"PROTOCOLS=TLSv1.3 CI-
	      PHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384".

       tls_host_override [host]
	      By default, TLS host verification	uses the host  name  given  by
	      the  host	 command.   This command allows	one to use a different
	      host name	for verification.  This	 is  only  useful  in  special
	      cases.

       tls_min_dh_prime_bits [bits]
	      Deprecated,  use tls_priorities instead.	Set or unset the mini-
	      mum number of Diffie-Hellman (DH)	prime bits  accepted  for  TLS
	      sessions.	 The  default is set by	the TLS	library	and can	be se-
	      lected by	using an empty argument	to this	 command.  Only	 lower
	      the  default  (for example to 512	bits) if there is no other way
	      to make TLS work with the	remote server.

       from envelope_from
	      Set the envelope-from address. The following  substitution  pat-
	      terns are	supported:
	      %U  will	be replaced by $USER, or if that fails by $LOGNAME, or
	      if that fails by the login name of the user running msmtp.
	      %H will be replaced by $HOSTNAME,	or if that fails by  the  host
	      name of the system.
	      %C will be replaced by the canonical name	of %H.
	      %M  will	be  replaced  by the contents of /etc/mailname (poten-
	      tially a different directory is used depending on	the build con-
	      figuration;  see	the output of msmtp --version and look for the
	      location of the system configuration file).
	      Note that	the obsolete auto_from command replaces	this envelope-
	      from address.

       dsn_notify (off|condition)
	      This  command  sets the condition(s) under which the mail	system
	      should send DSN (Delivery	Status Notification) messages. The ar-
	      gument  off disables explicit DSN	requests, which	means the mail
	      system decides when to send DSN messages.	This is	 the  default.
	      The condition must be never, to never request notification, or a
	      comma separated list (no spaces!)	of one or more of the  follow-
	      ing:  failure,  to request notification on transmission failure,
	      delay, to	be notified of message delays, success,	to be notified
	      of successful transmission. The SMTP server must support the DSN
	      extension.

       dsn_return (off|amount)
	      This command controls how	much of	a mail should be  returned  in
	      DSN  (Delivery  Status  Notification) messages. The argument off
	      disables explicit	DSN requests, which means the mail system  de-
	      cides how	much of	a mail it returns in DSN messages. This	is the
	      default.	The amount must	be headers, to just return the message
	      headers, or full,	to return the full mail.  The SMTP server must
	      support the DSN extension.

       set_from_header [(auto|on|off)]
	      When to set a From header: auto adds a From header if  the  mail
	      does  not	 have one (this	is the default), on always sets	a From
	      header and overrides any existing	one, and off never sets	a From
	      header.
	      If the mail server rejects the mail because its From header does
	      not match	the envelope from address  (a  common  anti-spam  mea-
	      sure), then you might want to set	this option to on.
	      For  compatibility  with older versions, add_missing_from_header
	      [(on|off)] is still supported and	corresponds to	the  auto  and
	      off settings.

       set_date_header [(on|off)]
	      When  to	set a Date header: auto	adds a Date header if the mail
	      does not have one	(this is the default), and off	never  sets  a
	      Date header.
	      For  compatibility  with older versions, add_missing_date_header
	      [(on|off)] is still supported and	corresponds to	the  auto  and
	      off settings.

       remove_bcc_headers [(on|off)]
	      This command controls whether to remove Bcc headers. The default
	      is to remove them.

       undisclosed_recipients [(on|off)]
	      When set,	the original To, Cc, and Bcc headers of	the  mail  are
	      removed  and  a  single new header line "To: undisclosed-recipi-
	      ents:;" is added.	The default setting is off.

       logfile [file]
	      An empty argument	disables logging (this is the default).
	      When logging is enabled by choosing a log	file, msmtp  will  ap-
	      pend one line to the log file for	each mail it tries to send via
	      the account that this log	file was chosen	for.
	      The line will include the	following information: date  and  time
	      in the format specified by logfile_time_format, host name	of the
	      SMTP server, whether TLS was used,  whether  authentication  was
	      used, authentication user	name (only if authentication is	used),
	      envelope-from address, recipient addresses, size of the mail  as
	      transferred to the server	(only if the delivery succeeded), SMTP
	      status code and SMTP error message (only in case of failure  and
	      only  if	available), error message (only	in case	of failure and
	      only if available), exit code (from sysexits.h; EX_OK  indicates
	      success).
	      If  the filename is a dash (-), msmtp prints the log line	to the
	      standard output.

       logfile_time_format [fmt]
	      Set or unset the log file	time format. This will be used as  the
	      format  string  for  the	strftime() function. An	empty argument
	      chooses the default ("%b %d %H:%M:%S").

       syslog [(on|off|facility)]
	      Enable or	disable	syslog logging.	The facility  can  be  one  of
	      LOG_USER,	 LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7.	The default is
	      LOG_USER.
	      Each time	msmtp tries to send a mail via the account  that  con-
	      tains  this  syslog command, it will log one entry to the	syslog
	      service with the chosen facility.
	      The line will include the	following information:	host  name  of
	      the  SMTP	 server,  whether TLS was used,	whether	authentication
	      was used,	envelope-from address, recipient  addresses,  size  of
	      the mail as transferred to the server (only if the delivery suc-
	      ceeded), SMTP status code	and SMTP error message (only  in  case
	      of  failure  and only if available), error message (only in case
	      of failure and only if available), exit code  (from  sysexits.h;
	      EX_OK indicates success).

       aliases [file]
	      Replace  local  recipients  with	addresses in the aliases file.
	      The aliases file is a cleartext file containing mappings between
	      a	 local	address	 and a list of replacement addresses. The map-
	      pings are	of the form:
		  local: someone@example.com, person@domain.example
	      Multiple replacement addresses are separated with	commas.	  Com-
	      ments start with `#' and continue	to the end of the line.
	      The  local  address  default  has	 special  significance	and is
	      matched if the local address is not found	in the	aliases	 file.
	      If  no default alias is found, then the local address is left as
	      is.
	      An empty argument	to the aliases command disables	 the  replace-
	      ment of local addresses.	This is	the default.

       auto_from [(on|off)]
	      Obsolete;	 you can achieve the same and more using the substitu-
	      tion patterns of the from	command.
	      Enable or	disable	automatic envelope-from	addresses. The default
	      is  off.	 When  enabled,	 an  envelope-from address of the form
	      user@domain will be generated.  The local	part will  be  set  to
	      USER or, if that fails, to LOGNAME or, if	that fails, to the lo-
	      gin name of the current user.  The domain	part can be  set  with
	      the  maildomain  command.	 If the	maildomain is empty, the enve-
	      lope-from	address	will only consist of the  user	name  and  not
	      have  a  domain  part. When auto_from is disabled, the envelope-
	      from address must	be set explicitly.

       maildomain [domain]
	      Obsolete;	you can	achieve	the same and more using	the  substitu-
	      tion patterns of the from	command.
	      Set  a  domain  part  for	the generation of an envelope-from ad-
	      dress. This is only used when auto_from is on. The domain	may be
	      empty.

EXAMPLES
       Configuration file

       # Example for a user configuration file ~/.msmtprc
       #
       #  This file focusses on	TLS and	authentication.	Features not used here
       include
       # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status No-
       tification
       # (DSN) settings, and more.

       # Set default values for	all following accounts.
       defaults

       # Use the mail submission port 587 instead of the SMTP port 25.
       port 587

       # Always	use TLS.
       tls on

       #  Set a	list of	trusted	CAs for	TLS. The default is to use system set-
       tings, but
       # you can select	your own file.
       #tls_trust_file /usr/local/share/certs/ca-root-nss.crt

       # A freemail service
       account freemail

       # Host name of the SMTP server
       host smtp.freemail.example

       # As an alternative to tls_trust_file, you can use tls_fingerprint
       # to pin	a single certificate. You have to update the fingerprint  when
       the
       # server	certificate changes, but an attacker cannot trick you into ac-
       cepting
       # a fraudulent certificate. Get the fingerprint with
       #     $	   msmtp      --serverinfo	--tls	   --tls-certcheck=off
       --host=smtp.freemail.example
       #tls_fingerprint	 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11
       :22:33

       # Envelope-from address
       from joe_smith@freemail.example

       # Authentication. The password is given using one of five methods,  see
       below.
       auth on
       user joe.smith

       #  Password  method  1: Add the password	to the system keyring, and let
       msmtp get
       # it automatically. To set the keyring password	using  Gnome's	libse-
       cret:
       # $ secret-tool store --label=msmtp \
       #   host	smtp.freemail.example \
       #   service smtp	\
       #   user	joe.smith

       #  Password method 2: Store the password	in an encrypted	file, and tell
       msmtp
       # which command to use to decrypt it. This is usually used with	GnuPG,
       as in
       #  this	example.  Usually  gpg-agent  will ask once for	the decryption
       password.
       passwordeval gpg2 --no-tty -q -d	~/.msmtp-password.gpg

       # Password method 3: Store the password directly	in this	file.  Usually
       it is not
       #  a good idea to store passwords in cleartext files. If	you do it any-
       way, at
       # least make sure that this file	can only be read by yourself.
       #password secret123

       # Password method 4: Store the password in  ~/.netrc.  This  method  is
       probably	not
       # relevant anymore.

       #  Password method 5: Do	not specify a password.	Msmtp will then	prompt
       you for
       # it. This means	you need to be able to type into a terminal when msmtp
       runs.

       # A second mail address at the same freemail service
       account freemail2 : freemail
       from joey@freemail.example

       # The SMTP server of your ISP
       account isp
       host mail.isp.example
       from smithjoe@isp.example
       auth on
       user 12345

       # Set a default account
       account default : freemail

       Using msmtp with	Mutt

       Create  a  configuration	 file for msmtp	and add	the following lines to
       your Mutt configuration file:
       set sendmail="/path/to/msmtp"
       set use_from=yes
       set realname="Your Name"
       set from=you@example.com
       set envelope_from=yes
       The envelope_from=yes option lets Mutt use  the	-f  option  of	msmtp.
       Therefore msmtp chooses the first account that matches the from address
       you@example.com.
       Alternatively, you can use the -a option:
       set sendmail="/path/to/msmtp -a my-account"
       Or set everything from the command line (but note that you cannot set a
       password	this way):
       set  sendmail="/path/to/msmtp  --host=mailhub  -f  me@example.com --tls
       --tls-trust-file=trust.crt"

       If you have multiple mail accounts in your msmtp	configuration file and
       let  Mutt  use  the  -f	option to choose the right one,	you can	easily
       switch accounts in Mutt with the	following Mutt configuration lines:
       macro generic "<esc>1" ":set from=you@example.com"
       macro generic "<esc>2" ":set from=you@your-employer.example"
       macro generic "<esc>3" ":set from=you@some-other-provider.example"

       Using msmtp with	mail

       Define a	default	account, and put the following in your ~/.mailrc:
       set sendmail="/path/to/msmtp"

       Using msmtp with	Tor

       Use the following settings:
       proxy_host 127.0.0.1
       proxy_port 9050
       tls on
       Use an IP address as proxy host name, so	that msmtp does	not leak a DNS
       query when resolving it.
       TLS is required to prevent exit hosts from reading your SMTP session.
       Do  not	set domain to something	that you do not	want to	reveal (do not
       set it at all if	possible).

       Aliases file

       # Example aliases file

       # Send root to Joe and Jane
       root: joe_smith@example.com, jane_chang@example.com

       # Send cron to Mark
       cron: mark_jones@example.com

       # Send everything else to admin
       default:	admin@domain.example

FILES
       SYSCONFDIR/msmtprc
	      System configuration  file.  Use	--version  to  find  out  what
	      SYSCONFDIR is on your platform.

       ~/.msmtprc or $XDG_CONFIG_HOME/msmtp/config
	      User configuration file.

       ~/.netrc	and SYSCONFDIR/netrc
	      The  netrc file contains login information. Before prompting for
	      a	  password,   msmtp   will   search   it   in	~/.netrc   and
	      SYSCONFDIR/netrc.

ENVIRONMENT
       USER, LOGNAME
	      These variables override the user's login	name when constructing
	      an envelope-from address.	LOGNAME	is only	used if	USER is	unset.

       TMPDIR Directory	to create temporary files in. If this is unset,	a sys-
	      tem specific default directory is	used.
	      A	 temporary  file is only created when the -t/--read-recipients
	      or --read-envelope-from option is	used. The file is then used to
	      buffer  the  headers  of the mail	(but not the body, so the file
	      won't get	very large).

       EMAIL, SMTPSERVER
	      These environment	variables are used only	if neither --host  nor
	      --account	is used	and there is no	default	account	defined	in the
	      configuration files. In this case, the host name is  taken  from
	      SMTPSERVER,  and	the envelope from address is taken from	EMAIL,
	      unless overridden	by --from or  --read-envelope-from.  Currently
	      SMTPSERVER  must	contain	 a plain host name (no URL), and EMAIL
	      must contain a plain address (no names  or  additional  informa-
	      tion).

AUTHORS
       msmtp was written by Martin Lambers <marlam@marlam.de>.
       Other  authors  are  listed in the AUTHORS file in the source distribu-
       tion.

SEE ALSO
       sendmail(8), netrc(5) or	ftp(1)

				    2020-10			      MSMTP(1)

NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | OPTIONS | USAGE | CONFIGURATION FILES | EXAMPLES | FILES | ENVIRONMENT | AUTHORS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=msmtp&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help