msmtp 1.6.0rc2

Table of Contents

Next: , Up: (dir)   [Contents]

msmtp

This manual was last updated 9 December 2014 for version 1.6.0rc2 of msmtp.

Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Martin Lambers
Copyright (C) 2011 Scott Shumate

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. These files are offered as-is, without any warranty.


Next: , Previous: , Up: Top   [Contents]

1 Introduction

msmtp is an SMTP client.

In its default mode of operation, it reads a mail from standard input and sends it to a predefined SMTP server that takes care of proper delivery. Command line options and exit codes are compatible to sendmail.

Supported SMTP features include:

The best way to start is probably to have a look at the Examples section. See Examples.

In addition to sendmail mode, there are two other modes of operation:

Normally, a system wide configuration file and/or a user configuration file contain information about which SMTP server to use and how to use it, but almost all settings can also be configured on the command line.

The information about SMTP servers is organized in accounts. Each account describes one SMTP server: host name, authentication settings, TLS settings, and so on. Each configuration file can define multiple accounts.


Next: , Previous: , Up: Top   [Contents]

2 Configuration files

msmtp supports a system wide configuration file and a user configuration file. Both are optional and need not exist.

If it exists and is readable, a system wide configuration file SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your platform. The default is /usr/local/etc. Use --version to find out which directory your version uses.

If it exists and is readable, a user configuration file will be loaded (~/.msmtprc by default). Accounts defined in the user configuration file override accounts from the system configuration file. The user configuration file must have no more permissions than user read/write. Configuration data from either file can be changed by command line options.

A configuration file is a simple text file. Empty lines and comment lines (whose first non-blank character is ’#’) are ignored. Every other line must contain a command and may contain an argument to that command. The argument may be enclosed in double quotes (").

If the first character of a filename is the tilde (~), this tilde will be replaced by HOME. If a command accepts the argument ‘on’, it also accepts an empty argument and treats that as if it was ‘on’.

Commands form groups. Each group starts with the ‘account’ command and defines the settings for one SMTP server.

See Examples.

2.1 General commands

defaults

Set defaults. The following configuration commands will set default values for all following account definitions in the current configuration file.

account name [: account[,…]]

Start a new account definition with the given name. The current default values are filled in (see defaults).
If a colon and a list of previously defined accounts is given after the account name, the new account, with the filled in default values, will inherit all settings from the accounts in the list.

host hostname

The SMTP server to send the mail to. The argument may be a host name or a network address. Every account definition must contain this command.

port number

The port that the SMTP server listens on. The default port will be acquired from your operating system’s service database: for SMTP, the service is "smtp" (default port 25), unless TLS without STARTTLS is used, in which case it is "smtps" (465). For LMTP, it is "lmtp".

timeout (off|seconds)

Set or unset a network timeout, in seconds. The argument ‘off’ means that no timeout will be set, which means that the operating system default will be used. For compatibility with older versions, ‘connect_timeout’ is accepted as an alias for this command.

protocol (smtp|lmtp)

Set the protocol to use. Currently only SMTP and LMTP are supported. SMTP is the default. See port for default ports.

domain argument

This command sets the argument of the SMTP EHLO (or LMTP LHLO) command. The default is ‘localhost’, which is stupid but usually works. Try to change the default if mails get rejected due to anti-SPAM measures. Possible choices are the domain part of your mail address (provider.example for joe@provider.example) or the fully qualified domain name of your host (if available).

proxy_host [IP|hostname]

Use a SOCKS proxy. All network traffic will go through this proxy host, including DNS queries, except for a DNS query that might be necessary to resolve the proxy host name itself (this can be avoided by using an IP address as proxy host name). An empty ‘hostname’ argument disables proxy usage. The supported SOCKS protocol version is 5. If you plan to use this with Tor, see also Using msmtp with Tor.

proxy_port [number]

Set the port number for the proxy host. An empty ‘number’ argument resets this to the default port.

2.2 Authentication commands

See Authentication.

auth [(on|off|method)]

This command enables or disables SMTP authentication and optionally chooses an authentication method to use. It should not be necessary to choose a method; with the argument ‘on’, msmtp will choose the best one available. Accepted methods are ‘plain’, ‘scram-sha-1’, ‘cram-md5’, ‘gssapi’, ‘external’, ‘digest-md5’, ‘login’, and ‘ntlm’. See Authentication.

user [username]

Set your user name for SMTP authentication. An empty argument unsets the user name. Authentication must be activated with the ‘auth’ command.

password [secret]

Set your password for SMTP authentication. An empty argument unsets the password. Authentication must be activated with the ‘auth’ command. If no password is set but one is needed during authentication, msmtp will try to find it. First, if ‘passwordeval’ is set, it will evaluate that command. If ‘passwordeval’ is not set, msmtp will try to find the password in ~/.netrc. If that fails, it will try to find it in SYSCONFDIR/netrc (use --version to find out what SYSCONFDIR is on your platform). If that fails, it will try to get it from a system specific keyring (if available). If that fails but a controlling terminal is available, msmtp will prompt you for it. See Authentication.

passwordeval [eval]

Set your password for SMTP authentication to the output (stdout) of the execution of eval.

ntlmdomain [ntlmdomain]

Set a domain for the ‘ntlm’ authentication method. The default is to use no domain (equivalent to an empty argument), but some servers seem to require one, even if it is an arbitrary string.

2.3 TLS commands

See Transport Layer Security.

tls [(on|off)]

This command enables or disables TLS/SSL encrypted connections to the SMTP server. Not every server supports TLS, and a few that support it require the ‘tls_starttls off’ command.
To use TLS/SSL, it is required to either use the ‘tls_trust_file’ command (highly recommended) or to disable ‘tls_certcheck’. See Transport Layer Security.

tls_trust_file [file]

This command activates strict server certificate verification. The given file must contain one or more certificates of trusted Certification Authorities (CAs) in PEM format.
On Debian based systems, you can install the ‘ca-certificates’ package and use the file /etc/ssl/certs/ca-certificates.crt.
An empty argument disables this feature.

tls_crl_file [file]

This command sets or unsets a certificate revocation list (CRL) file for TLS, to be used during strict server certificate verification as enabled by the tls_trust_file command. This allows the verification procedure to detect revoked certificates. See Transport Layer Security.

tls_fingerprint [fingerprint]

This command sets or unsets the fingerprint of a particular TLS certificate. This certificate will then be trusted, regardless of its contents. This can be used to trust broken certificates (e.g. with a non-matching hostname) or in situations where ‘tls_trust_file’ cannot be used for some reason. You can give either an SHA1 (recommended) or an MD5 fingerprint in the format 01:23:45:67:…. You can use ‘--serverinfo --tls --tls-certcheck=off’ to get the peer certificate’s fingerprints. See Transport Layer Security.

tls_key_file [file]

This command (together with the ‘tls_cert_file’) command enables msmtp to send a client certificate to the SMTP server if requested. The file must contain the private key of a certificate in PEM format. An empty argument disables this feature. See Transport Layer Security.

tls_cert_file [file]

This command (together with the ‘tls_key_file’ command) enables msmtp to send a client certificate to the SMTP server if requested. The file must contain a certificate in PEM format. An empty argument disables this feature. See Transport Layer Security.

tls_certcheck [(on|off)]

This command enables or disables checks for the server certificate.
WARNING: When the checks are disabled, TLS/SSL sessions will be vulnerable to man-in-the-middle attacks! See Transport Layer Security.
For compatibility with older versions, ‘tls_nocertcheck’ is accepted as an alias for ‘tls_certcheck off’.

tls_starttls [(on|off)]

This command enables or disables the use of the STARTTLS SMTP command to start TLS encryption. It is enabled by default. See Transport Layer Security. For compatibility with older versions, ‘tls_nostarttls’ is accepted as an alias for ‘tls_starttls off’. See Transport Layer Security.

tls_min_dh_prime_bits [bits]

Set or unset the minimum number of Diffie-Hellman (DH) prime bits that msmtp will accept for TLS sessions. The default is set by the TLS library and can be selected by using an empty argument to this command. Only lower the default (for example to 512 bits) if there is no other way to make TLS work with the remote server. See Transport Layer Security.

tls_priorities [priorities]

Set the priorities for TLS sessions. The default is set by the TLS library and can be selected by using an empty argument to this command. Currently this command only works with sufficiently recent GnuTLS releases. See the GnuTLS documentation of the ‘gnutls_priority_init’ function for a description of the priorities string. See Transport Layer Security.

2.4 Commands specific to sendmail mode

See Sendmail mode.

auto_from [(on|off)]

Enable or disable automatic envelope-from addresses. The default is ‘off’.
When enabled, an envelope-from address of the form user@domain will be generated. The local part will be set to USER or, if that fails, to LOGNAME or, if that fails, to the login name of the current user. The domain part can be set with the ‘maildomain’ command (see maildomain). If the maildomain is empty, the envelope-from address will only consist of the user name and not have a domain part.
When disabled, the envelope-from address must be set explicitly with the ‘from’ command (see from).
See Envelope-from address.

from [address]

Set the envelope-from address. This address will only be used when ‘auto_from’ is disabled. See Envelope-from address.

maildomain [domain]

Set a domain part for the generation of an envelope-from address. This is only used when ‘auto_from’ is enabled. The domain may be empty. See Envelope-from address.

dsn_notify (off|condition)

This command sets the condition(s) under which the mail system should send DSN (Delivery Status Notification) messages. The argument off disables explicit DSN requests, which means the mail system decides when to send DSN messages. This is the default. The condition must be ‘never’, to never request notification, or a comma separated list (no spaces!) of one or more of the following: ‘failure’, to request notification on transmission failure, ‘delay’, to be notified of message delays, ‘success’, to be notified of successful transmission. The SMTP server must support the DSN extension. See Delivery Status Notifications.

dsn_return (off|amount)

This command controls how much of a mail should be returned in DSN (Delivery Status Notification) messages. The argument off disables explicit DSN requests, which means the mail system decides how much of a mail it returns in DSN messages. This is the default. The amount must be ‘headers’, to just return the message headers, or ‘full’, to return the full mail. The SMTP server must support the DSN extension. See Delivery Status Notifications.

add_missing_from_header [(on|off)]

This command controls whether to add a From header if the mail does not have one. The default is to add it. See Header handling.

add_missing_date_header [(on|off)]

This command controls whether to add a Date header if the mail does not have one. The default is to add it. See Header handling.

remove_bcc_headers [(on|off)]

This command controls whether to remove Bcc headers. The default is to remove them. See Header handling.

logfile [file]

This command enables or disables logging to the specified file. An empty argument disables this feature. The file name ‘-’ directs the log information to standard output. See Logging.

syslog [(on|off|facility)]

This command enables or disables syslog logging. The facility can be one of ‘LOG_USER’, ‘LOG_MAIL’, ‘LOG_LOCAL0’, …, ‘LOG_LOCAL7’. The default facility is ‘LOG_USER’. Syslog logging is disabled by default. See Logging.

aliases [file]

Replace local recipients with addresses in the aliases file. The aliases file is a plain text file containing mappings between a local address and a list of domain addresses. A local address is defined as one without an ’@’ character and a domain address is one with an ’@’ character. The mappings are of the form:

local: someone@example.com, person@domain.example

Multiple domain addresses are separated with commas. Comments start with ’#’ and continue to the end of the line.
The local address ‘default’ has special significance and is matched if the local address is not found in the aliases file. If no ‘default’ alias is found, then the local address is left as is.
An empty argument to the aliases command disables the replacement of local addresses. This is the default.


Next: , Previous: , Up: Top   [Contents]

3 Invocation

3.1 Synopsis

3.2 Options

Options override configuration file settings. They are compatible with sendmail where appropriate.

3.2.1 General options

--version

Print version information. This includes information about the library used for TLS/SSL support (if any), the library used for authentication, the authentication mechanisms supported by this library, and the default locations of the system and user configuration files.

--help

Print help.

-P
--pretend

Print the configuration settings that would be used, but do not take further action. An asterisk (’*’) will be printed instead of the password.

-v
-d
--debug

Print lots of debugging information, including the whole conversation with the SMTP server. Be careful with this option: the (potentially dangerous) output will not be sanitized, and your password may get printed in an easily decodable format!

3.2.2 Changing the mode of operation

-S
--serverinfo

Print information about the SMTP server and exit. This includes information about supported features (mail size limit, authentication, TLS, DSN, …) and about the TLS certificate (if TLS is active). See Server information mode.

--rmqs=(host|@domain|#queue)

Send a Remote Message Queue Starting request for the given host, domain, or queue to the SMTP server and exit. See Remote Message Queue Starting mode.

3.2.3 Configuration options

Most options in this category correspond to a configuration file command. Please refer to Configuration files for detailed information.

-C filename
--file=filename

Use the given file instead of ~/.msmtprc as the user configuration file.

-a account
--account=account

Use the given account instead of the account named ‘default’. This option cannot be used together with the ‘--host’ option. See Choosing an account.

--host=hostname

Use this SMTP server with settings from the command line; do not use any configuration file data. This option cannot be used together with the ‘--account’ option. It disables loading of configuration files. See Choosing an account.

--port=number

Set the port number to connect to. See port.

--timeout=(off|seconds)

Set a network timeout. See timeout. For compatibility with older versions, ‘--connect-timeout’ is accepted as an alias for this option.

--protocol=(smtp|lmtp)

Set the protocol. See protocol.

--domain=[argument]

Set the argument of the SMTP EHLO (or LMTP LHLO) command. See domain.

--proxy-host=[IP|hostname]

Set or unset a SOCKS proxy to use. See proxy_host.

--proxy-port=[number]

Set or unset a port number for the proxy host. See proxy_port.

--auth[=(on|off|method)]

Enable or disable authentication and optionally choose the method. See auth.

--user=[username]

Set or unset the user name for authentication. See user.

--passwordeval=[eval]

Evaluate password for authentication. See passwordeval.

--tls[=(on|off)]

Enable or disable TLS/SSL. See tls.

--tls-starttls[=(on|off)]

Enable or disable STARTTLS for TLS encryption. See tls_starttls.

--tls-trust-file=[file]

Set or unset a trust file for TLS encryption. See tls_trust_file.

--tls-crl-file=[file]

Set or unset a certificate revocation list (CRL) file for TLS. See tls_crl_file.

--tls-fingerprint=[fingerprint]

Set ot unset the fingerprint of a trusted TLS certificate. See tls_fingerprint.

--tls-key-file=[file]

Set or unset a key file for TLS encryption. See tls_key_file.

--tls-cert-file=[file]

Set or unset a cert file for TLS encryption. See tls_cert_file.

--tls-certcheck[=(on|off)]

Enable or disable server certificate checks for TLS encryption. See tls_certcheck.

--tls-min-dh-prime-bits=[bits]

Set or unset minimum bit size of the Diffie-Hellman (DH) prime. See tls_min_dh_prime_bits.

--tls-priorities=[priorities]

Set or unset TLS priorities. See tls_priorities.

3.2.4 Options specific to sendmail mode

--auto-from[=(on|off)]

Enable or disable automatic envelope-from addresses. The default is off. See auto_from.

-f address
--from=address

Set the envelope-from address. It is only used when ‘auto_from’ is off. See from.
If no account was chosen yet (with ‘--account’ or ‘--host’), this option will choose the first account that has the given envelope-from address (set with the ‘from’ command). If no such account is found, "default" is used. See Choosing an account.

--maildomain=[domain]

Set the domain part for generated envelope-from addresses. It is only used when ‘auto_from’ is on. See maildomain.

-N (off|condition)
--dsn-notify=(off|condition)

Set or unset DSN notification conditions. See dsn_notify.

-R (off|amount)
--dsn-return=(off|amount)

Set or unset the DSN notification amount. See dsn_return. Note that ‘hdrs’ is accepted as an alias for ‘headers’ to be compatible with sendmail.

--add-missing-from-header[=(on|off)]

Enable or disable the addition of a missing From header. See add_missing_from_header.

--add-missing-date-header[=(on|off)]

Enable or disable the addition of a missing Date header. See add_missing_date_header.

--remove-bcc-headers[=(on|off)]

Enable or disable the removal of Bcc headers. See remove_bcc_headers.

-X [file]
--logfile=[file]

Set or unset the log file. See logfile.

--syslog[=(on|off|facility)]

Enable or disable syslog logging. See syslog.

-t
--read-recipients

Send the mail to the recipients given in the To, Cc, and Bcc headers of the mail in addition to the recipients given on the command line.
If any Resent- headers are present, then the addresses from any Resent-To, Resent-Cc, and Resent-Bcc headers in the first block of Resent- headers are used instead.

--read-envelope-from

Read the envelope from address from the From header of the mail. Currently this header must be on a single line for this option to work correctly.

--aliases=[file]

Set or unset an aliases file. See aliases.

--

This marks the end of options. All following arguments will be treated as recipient addresses, even if they start with a ’-’.

The following options are accepted but ignored for sendmail compatibility: ‘-Btype’, ‘-bm’, ‘-Fname’, ‘-G’, ‘-hN’, ‘-i’, ‘-L tag’, ‘-m’, ‘-n’, ‘-O option=value’, ‘-ox value

3.3 Choosing an account

There are three ways to choose the account to use. It depends on the circumstances which method is the best.

  1. --account=account
    Use the given account. Command line settings override configuration file settings.
  2. --host=hostname
    Use only the settings from the command line; do not use any configuration file data.
  3. --from=address’ or ‘--read-envelope-from
    Choose the first account from the system or user configuration file that has a matching envelope-from address as specified by a ‘from’ command. This works only when neither ‘--account’ nor ‘--host’ is used.

If none of the above options is used (or if no account has a matching ‘from’ command), then the account "default" is used.

3.4 Exit code

The standard exit codes from sysexits.h are used.

3.5 Files

SYSCONFDIR/msmtprc

The system configuration file. Use the ‘--version’ option to find out what SYSCONFDIR is on your platform.

~/.msmtprc

The default user configuration file.

~/.netrc and SYSCONFDIR/netrc

The netrc file contains login information. If a password is not found in the configuration file, msmtp will search it in ~/.netrc and SYSCONFDIR before prompting the user for it. The syntax of netrc files is described in the netrc(5) or ftp(1) manual page.

3.6 Environment

USER, LOGNAME

These variables override the user’s login name when constructing an envelope-from address. LOGNAME is only used if USER is unset.

TMPDIR

Directory to create temporary files in. If this is unset, a system specific default directory is used.
A temporary file is only created when the ‘-t’/‘--read-recipients’ or ‘--read-envelope-from’ option is used. The file is then used to buffer the headers of the mail (but not the body, so the file won’t get very large).

EMAIL, SMTPSERVER

These environment variables are used only if neither ‘--host’ nor ‘--account’ is used and there is no default account defined in the configuration files. In this case, the host name is taken from SMTPSERVER, and the envelope from address is taken from EMAIL, unless overridden by ‘--from’ or ‘--read-envelope-from’. Currently SMTPSERVER must contain a plain host name (no URL), and EMAIL must contain a plain address (no names or additional information).


Next: , Previous: , Up: Top   [Contents]

4 Transport Layer Security

Transport Layer Security (TLS) is a new name for Secure Socket Layer (SSL). The TLS 1.0 protocol is an updated version of the SSL 3.0 protocol. TLS and SSL mean the same thing.

Quoting from RFC2246, the TLS 1.0 protocol specification:
"The TLS protocol provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery."

SMTP servers can use TLS in one of two modes:

msmtp can switch between these modes with the ‘tls_starttls’ command (see tls_starttls) command or the ‘--tls-starttls’ option (see --tls-starttls).

When TLS is started, the server sends a certificate to identify itself. This certificate contains information about the certificate owner, the certificate issuer, and the activation and expiration times of the certificate. This information can be displayed in server information mode. See Server information mode.

To use TLS, it is required to either enable full server certificate verification using the ‘tls_trust_file’ command or ‘--tls-trust-file’ option, or to trust one particular peer certificate using the ‘tls_fingerprint’ command or ‘--tls-fingerprint’ option, or to disable all certificate checks using ‘tls_certcheck off’ or ‘--tls-certcheck=off’. WARNING: When certificate checks are disabled, TLS/SSL sessions are vulnerable to man-in-the-middle attacks! See tls_trust_file, --tls-trust-file, tls_fingerprint, --tls-fingerprint, tls_certcheck, --tls-certcheck.

If your system has a file that collects all system-wide trusted CA certificates, it is easiest to just use this in the ‘defaults’ section of your configuration file. On Debian-based systems, for example, the adequate command would be ‘tls_trust_file /etc/ssl/certs/ca-certificates.crt’.

But you can also find out manually which CA certificate you need to trust. First, issue the following command:

$ msmtp --serverinfo --host=smtp.example.com --tls=on --tls-certcheck=off

The option ‘--tls-certcheck=off’ allows msmtp to accept any certificate, so that it can print some information about it. The output of this command tells you the common name of the server certificate issuer. You have to trust this issuer to use full TLS security. Usually you can find the CA certificate on the issuer’s homepage. With this CA certificate, the following should succeed:

$ msmtp --serverinfo --host=smtp.example.com --tls=on \
  --tls-trust-file=ca_cert.txt

If the server requests it, the client can send a certificate, too. This allows the server to verify the identity of the client. See the EXTERNAL mechanism in Authentication. The ‘tls_key_file’/‘tls_cert_file’ commands or the ‘--tls-key-file’/‘--tls-cert-file’ options can be used to set a client certificate. See tls_key_file/--tls-key-file, tls_cert_file/--tls-cert-file. Note that GnuTLS will only send a client certificate if it matches one of the CAs advertised by the server. If you set a client certificate but it is not sent to the server, it probably was not issued by any CA that the server trusts.

If you need to fine tune TLS parameters, have a look at the tls_min_dh_prime_bits and tls_priorities commands.


Next: , Previous: , Up: Top   [Contents]

5 Authentication

Many SMTP servers require a client to authenticate itself before it is allowed to send mail.

Multiple authentication methods exist. Most SMTP servers support only some of them. Some methods send authentication data in plain text (or nearly plain text) to the server. These methods should only be used when TLS is active to prevent others from stealing the password. See Transport Layer Security.

By default, msmtp chooses a method automatically, and it will never choose one that puts the authentication data at risk. See below for details.

msmtp supports the following authentication methods:

It depends on the underlying authentication library and its version whether a particular method is supported or not. Use the --version to find out which methods are supported by your version of msmtp.

Authentication data can be set with the ‘user’ and ‘password’ commands or with the ‘--user’ option. See user, password, --user. If no password is set but one is needed during authentication, msmtp will try to find it. First, if ‘passwordeval’ is set, it will evaluate that command. If ‘passwordeval’ is not set, msmtp will try to find the password in ~/.netrc. If that fails, it will try to find it in SYSCONFDIR/netrc (use --version to find out what SYSCONFDIR is on your platform). If that fails, it will try to get it from a system specific keyring (if available). If that fails but a controlling terminal is available, msmtp will prompt you for it.

Currently supported keyrings are the Gnome Keyring and the Mac OS X Keychain.

The command ‘secret-tool’ (part of Gnome’s libsecret) can be used to manage Gnome Keyring passwords for msmtp. For that purpose, specify the attributes "user" (user name), "protocol" (always "smtp"), and "server" (name of the SMTP server). You can also use ‘secret-tool’ via the ‘passwordeval’ command if your version of msmtp does not have builtin support for libsecret.

To manage Mac OS X Keychain passwords, use the Keychain Access GUI application. The ‘account name’ is same as the msmtp ‘user’ argument. The ‘keychain item name’ is smtp://<hostname> where <hostname> matches the msmtp ‘host’ argument.

The authentication method can be chosen with the ‘auth’ command or ‘--auth’ option, but it is usually sufficient to just use the ‘on’ argument to let msmtp choose the method itself. See auth, --auth.

If msmtp chooses the method itself, it will never choose an insecure method. If TLS is active, all methods are considered secure in this context, because the connection to the server is protected by TLS. If TLS is not active, only the SCRAM-SHA-1, CRAM-MD5, and GSSAPI methods are considered secure in this context, because all the others methods put the authentication data at risk.

If you really want to risk your authentication data, you have to force msmtp to do that by manually setting the authentication method while TLS is off.


Next: , Previous: , Up: Top   [Contents]

6 Delivery Status Notifications

In situations such as delivery failure or very long delivery delay, the mail system often generates a message for the sender of the mail in question, informing him about the difficulties.

Delivery Status Notification (DSN) requests, defined in RFC 3461, try to give the sender of the mail control about how and when these DSN messages are sent. The SMTP server must support the DSN extension. See Server information mode.

A first parameter controls when such messages should be generated: never, on delivery failure, on delivery delay, and/or on success. This can be set with ‘dsn_notify’/‘--dsn-notify’, see dsn_notify/--dsn-notify.

A second parameter controls how much of the original mail should be contained in a DSN message: only the headers, or the full mail. This can be set with ‘dsn_return’/‘--dsn-return’, see dsn_return/--dsn-return. Note that this parameter only applies to DSNs that indicate delivery failure for at least one recipient. If a DSN contains no indications of delivery failure, only the headers of the message are returned.


Next: , Previous: , Up: Top   [Contents]

7 Sendmail mode


Next: , Up: Sendmail mode   [Contents]

7.1 Envelope-from address

The SMTP server expects a sender mail address for each mail. This is the envelope-from address. It is independent of the From header (because it is part of the mail envelope, not of the mail itself), but in most cases both addresses are the same.

Envelope-from addresses can be generated automatically (when ‘auto_from’ is enabled with the ‘auto_from’ command or ‘--auto-from’ option) or set explicitly with the ‘from’ command and ‘--from’ option. See auto_from, from.

When ‘auto_from’ is enabled, an envelope-from address of the form user@domain will be generated. The local part will be set to USER or, if that fails, to LOGNAME or, if that fails, to the login name of the current user. The domain part can be set with the ‘maildomain’ command and ‘--maildomain’ option (see maildomain). If the maildomain is empty, the envelope-from address will only consist of the user name and not have a domain part.


Next: , Previous: , Up: Sendmail mode   [Contents]

7.2 Logging

Logging is enabled on a per account basis. If it is enabled, msmtp will generate one log line for each mail it tries to send via the account in question.

The line will include the following information:

If a logfile is given with the ‘logfile’ command or ‘--logfile’ option, this log line will be prepended with the current date and time and appended to the specified file. See logfile, --logfile.

If syslog logging is enabled with the ‘syslog’ command or ‘--syslog’ option, the log line is passed to the syslog service with the specified facility. See syslog, --syslog.


Previous: , Up: Sendmail mode   [Contents]

7.3 Header handling

Msmtp transmits mails unaltered to the SMTP server, with the following exceptions:


Next: , Previous: , Up: Top   [Contents]

8 Server information mode

In server information mode, msmtp prints as much information about the SMTP server as it can get and then exits.

The SMTP features that can be detected are:

If TLS is activated for server information mode, the following information will be printed about the SMTP server’s TLS certificate (if available):


Next: , Previous: , Up: Top   [Contents]

9 Remote Message Queue Starting mode

Remote Message Queue Starting (RMQS) is defined in RFC 1985. It is a way for a client to request that a server start the processing of its mail queues for messages that are waiting at the server for the client machine. If any messages are at the server for the client, then the server creates a new SMTP session and sends the messages at that time.

msmtp can only send the request (using the ETRN SMTP command); a mail server on the client side should then accept the connection of the remote SMTP server to receive the mail.

RMQS requests can be sent with the ‘--rmqs’ option (see --rmqs). Destinations defined in RFC 1985 are:


Previous: , Up: Top   [Contents]

10 Examples


Next: , Up: Examples   [Contents]

10.1 A system wide configuration file

# A system wide configuration is optional.
# If it exists, it usually defines a default account.
# This allows msmtp to be used like /usr/sbin/sendmail.
account default

# The SMTP smarthost.
host mailhub.oursite.example

# Construct envelope-from addresses of the form "user@oursite.example".
#auto_from on
#maildomain oursite.example

# Use TLS.
#tls on
#tls_trust_file /etc/ssl/certs/ca-certificates.crt

# Syslog logging with facility LOG_MAIL instead of the default LOG_USER.
syslog LOG_MAIL

Next: , Previous: , Up: Examples   [Contents]

10.2 A user configuration file

# Set default values for all following accounts.
defaults
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log

# A freemail service
account freemail
host smtp.freemail.example
from joe_smith@freemail.example
auth on
user joe.smith
password secret

# A second mail address at the same freemail service
account freemail2 : freemail
from joey@freemail.example

# The SMTP server of the provider. 
account provider
host mail.provider.example
from smithjoe@provider.example
auth on
user 123
passwordeval gpg -d ~/.msmtp.password.gpg

# Set a default account
account default : provider

Next: , Previous: , Up: Examples   [Contents]

10.3 Using msmtp with Mutt

Create a configuration file for msmtp and add the following lines to your Mutt configuration file:

set sendmail="/path/to/msmtp"
set use_from=yes
set realname="Your Name"
set from=you@example.com
set envelope_from=yes

The ‘envelope_from=yes’ option lets Mutt use the -f option of msmtp. Therefore msmtp chooses the first account that matches the from address you@example.com. Alternatively, you can use the -a option:

set sendmail="/path/to/msmtp -a my_account"

Or set everything from the command line:

set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls"

See Choosing an account.

If you have multiple mail accounts in your msmtp configuration file and let Mutt use the -f option to choose one, you can easily switch accounts in Mutt with the following Mutt configuration lines:

macro generic "<esc>1" ":set from=you@example.com"
macro generic "<esc>2" ":set from=you@your-employer.example"
macro generic "<esc>3" ":set from=you@some-other-provider.example"

Now you can use <esc>1, <esc>2, and <esc>3 to switch accounts.

The following example uses a different approach: it maps the single key <tab> in Compose context for switching between the various account in a handy visual way. In the same Compose context, = is mapped in order to show the current msmtp account. This example was contributed by Thomas Baruchel.

# Define <tab> and = in order to switch or see the current msmtp account
# Don't forget to put the right path for msmtp binary
macro compose \Cx_ ":set sendmail"
macro compose \Cx| "\Cx_ = \"/usr/local/bin/msmtp"
macro compose \Cx& ":macro compose \\t \\Cx"
macro compose <tab> "\Cx0"
macro compose = "\Cx_\n"
# Put the account in the following lines (here three accounts)
# Don't forget to put the number of the account at the beginning
# of the line, and the number of the next account after the '&'
macro compose \Cx0 "\Cx|\"\n\Cx&1\n\Cx_\n" # default and switch to 1
macro compose \Cx1 "\Cx| -a example_account\"\n\Cx&2\n\Cx_\n" # switch to 2
macro compose \Cx2 "\Cx| -a gmail\"\n\Cx&0\n\Cx_\n" # switch to 0
# End of the accounts

Next: , Previous: , Up: Examples   [Contents]

10.4 Using msmtp with mail

Define a default account, and put the following into ~/.mailrc:

set sendmail="/path/to/msmtp"

You need to define a default account, because mail does not allow extra options to the msmtp command line.


Next: , Previous: , Up: Examples   [Contents]

10.5 Using msmtp with Tor

Use the following settings:

proxy_host 127.0.0.1
proxy_port 9050
tls on

Use an IP address as proxy host name, so that msmtp does not leak a DNS query when resolving it.
TLS is required to prevent exit hosts from reading your SMTP session. You also need ‘tls_trust_file’ or ‘tls_fingerprint’ to check the server identity.
Do not set ‘domain’ to something that you do not want to reveal (do not set it at all if possible).


Previous: , Up: Examples   [Contents]

10.6 Aliases file

# Example aliases file

# Send root to Joe and Jane
root: joe_smith@example.com, jane_chang@example.com

# Send cron to Mark
cron: mark_jones@example.com

# Send everything else to admin
default: admin@domain.example