msmtp 1.4.1

Table of Contents

Next: , Up: (dir)

msmtp

This manual was last updated May 27, 2005 for version 1.4.1 of msmtp.

Copyright (C) 2005 Martin Lambers

This program, including this manual, is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program, including this manual, is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

Next: , Previous: Top, Up: Top

1 Introduction

msmtp is an SMTP client.

In its main mode of operation, it reads a mail from standard input and sends it to a predefined SMTP server that takes care of proper delivery. Command line options and exit codes are compatible to sendmail.

Supported SMTP features include:

The best way to start is probably to have a look at the Examples section. See Examples.

In addition to sendmail mode, there are two other modes of operation:

Normally, a system wide configuration file and/or a user configuration file contain information about which SMTP server to use and how to use it, but almost all settings can also be configured on the command line.

The information about SMTP servers is organized in accounts. Each account describes one SMTP server: host name, authentication settings, TLS settings, and so on. Each configuration file can define multiple accounts.

Next: , Previous: Introduction, Up: Top

2 Configuration files

msmtp supports a system wide configuration file and a user configuration file. Both are optional and need not exist.

If it exists and is readable, a system wide configuration file SYSCONFDIR/msmtprc will be loaded, where SYSCONFDIR depends on your platform; the default is /usr/local/etc. Use --version to find out which directory is used.

If it exists and is readable, a user configuration file will be loaded ($HOME/.msmtprc by default). Accounts defined in the user configuration file override accounts from the system configuration file. The user configuration file must have no more permissions than user read/write. Configuration data from either file can be changed by command line options.

A configuration file is a simple text file. Empty lines and comment lines (whose first non-blank character is '#') are ignored. Every other line must contain a command and may contain an argument to that command. The argument may be enclosed in double quotes (").

If the first character of a filename is the tilde (~), this tilde will be replaced by $HOME. If a command accepts the argument on, it also accepts an empty argument and treats that the same as on.

Commands form groups. Each group starts with the account command and defines the settings for one SMTP server.

See Examples.

2.1 General commands

defaults
Set defaults. The following configuration commands will set default values for all following account definitions in the current configuration file.
account name [: account[,...]]
Start a new account definition with the given name. The current default values are filled in (see defaults).
If a colon and a list of previously defined accounts is given after the account name, the new account, with the filled in default values, will inherit all settings from the accounts in the list.
host hostname
The SMTP server to send the mail to. This server is supposed to take care of proper mail delivery. The argument may be a host name, an IPv4 address in dot notation, or an IPv6 address in colon notation. Every account definition must contain this command.
port number
The port that the SMTP server listens on. The default port will be acquired from your operating system's service database: for SMTP, the service is "smtp" (default port 25), unless TLS without STARTTLS is used, in which case it is "ssmtp" (465). For LMTP, it is "lmtp" (2003).
connect_timeout (off|seconds)
Set or unset the connect timeout, in seconds. The argument off means that no timeout will be set, which means that the operating system default will be used.
protocol (smtp|lmtp)
Set the protocol to use. Currently only SMTP and LMTP are supported. SMTP is the default. See port for default ports.
domain argument
This command sets the argument of the SMTP EHLO (or LMTP LHLO) command. The default is localhost (stupid, but working). Possible choices are the domain part of your mail address (provider.example for joe@provider.example) or the fully qualified domain name of your host (if available).

2.2 Authentication commands

See Authentication.

auth [(on|off|method)]
This command enables or disables SMTP authentication and optionally chooses an authentication method to use. It should not be necessary to choose a method; with the argument on, msmtp will choose the best one available. Accepted methods are plain, cram-md5, digest-md5, gssapi, external, login, and ntlm. See Authentication.

user [username]
Set your user name for SMTP authentication. An empty argument unsets the user name.
password [secret]
Set your password for SMTP authentication. An empty argument unsets the password. If no password is set but one is needed during authentication, msmtp will try to find it in ~/.netrc, and if that fails, msmtp will prompt you for it. See Authentication.
ntlmdomain [ntlmdomain]
Set a domain for the ntlm authentication method. The default is to use no domain (equivalent to an empty argument), but some servers seem to require one, even if it is an arbitrary string.

2.3 TLS commands

See Transport Layer Security.

tls [(on|off)]
This command enables or disables TLS/SSL encrypted connections to the SMTP server. Not every server supports TLS, and a few that do require the tls_starttls off command. See Transport Layer Security.
tls_trust_file [file]
This command activates strict server certificate verification. The file must contain one or more certificates of trusted Certification Authorities (CAs) in PEM format. An empty argument disables this feature. See Transport Layer Security.
tls_key_file [file]
This command (together with the tls_cert_file) command enables msmtp to send a client certificate to the SMTP server if requested. The file must contain the private key of a certificate in PEM format. An empty argument disables this feature. See Transport Layer Security.
tls_cert_file [file]
This command (together with the tls_key_file command) enables msmtp to send a client certificate to the SMTP server if requested. The file must contain a certificate in PEM format. An empty argument disables this feature. See Transport Layer Security.
tls_certcheck [(on|off)]
This command enables or disables sanity checks for the server certificate. These checks are enabled by default, but can cause difficulties. See Transport Layer Security. For compatibility with older versions, tls_nocertcheck is accepted as an alias for tls_certcheck off.
tls_starttls [(on|off)]
This command enables or disables the use of the STARTTLS SMTP command to start TLS encryption. It is enabled by default. See Transport Layer Security. For compatibility with older versions, tls_nostarttls is accepted as an alias for tls_starttls off.

2.4 Commands specific to sendmail mode

See Sendmail mode.

from [address]
The mail address that the mail will be sent from (the envelope from address). An empty argument unsets the envelope from address, which means that one will be generated if necessary (this is the default). See Envelope from address.
maildomain [domain]
Sets the mail domain for the construction of an envelope from address. An empty argument unsets the mail domain. See Envelope from address.
dsn_notify (off|conditions)
This command sets the condition(s) under which the mail system should send DSN (Delivery Status Notification) messages. The argument off disables explicit DSN requests, which means the mail system decides when to send DSN messages. This is the default. The condition must be never, to never request notification, or a comma separated list (no spaces!) of one or more of the following: failure, to request notification on transmission failure, delay, to be notified of message delays, success, to be notified of successful transmission. The SMTP server must support the DSN extension. See Delivery Status Notifications.
dsn_return (off|amount)
This command controls how much of a mail should be returned in DSN (Delivery Status Notification) messages. The argument off disables explicit DSN requests, which means the mail system decides how much of a mail it returns in DSN messages. This is the default. The amount must be headers, to just return the message headers, or full, to return the full mail. The SMTP server must support the DSN extension. See Delivery Status Notifications.
keepbcc [(on|off)]
This command controls whether to remove or keep the Bcc header when sending a mail. The default is to remove it. See Bcc header.
logfile [file]
This command enables or disables logging to the specified file. An empty argument disables this feature. The file name - directs the log information to standard output. See Logging.
syslog [(on|off|facility)]
This command enables or disables syslog logging. The facility can be one of LOG_USER, LOG_MAIL, LOG_LOCAL0, ..., LOG_LOCAL7. The default facility is LOG_USER. Syslog logging is disabled by default. See Logging.

Next: , Previous: Configuration files, Up: Top

3 Invocation

3.1 Synopsis

3.2 Options

Options override configuration file settings. They are compatible with sendmail where appropriate.

3.2.1 General options

--version
Print version information. This includes information about the library used for TLS/SSL support (if any), the library used for authentication, the authentication mechanisms supported by this library, and the default locations of the system and user configuration files.
--help
Print help.
-P
--pretend
Print the configuration settings that would be used, but do not take further action. An asterisk ('*') will be printed instead of the password.
-d
--debug
Print lots of debugging information, including the whole conversation with the SMTP server. Be careful with this option: the (potentially dangerous) output will not be sanitized, and your password may get printed in an easily decodable format!

3.2.2 Changing the mode of operation

-S
--serverinfo
Print information about the SMTP server and exit. This includes information about supported features (mail size limit, authentication, TLS, DSN, ...) and about the TLS certificate (if TLS is active). See Server information mode.
--rmqs=(host|@domain|#queue)
Send a Remote Message Queue Starting request for the given host, domain, or queue to the SMTP server and exit. See Remote Message Queue Starting mode.

3.2.3 Configuration options

Most options in this category correspond to a configuration file command. Please refer to Configuration files for detailed information.

-C filename
--file=filename
Use the given file instead of $HOME/.msmtprc as the user configuration file.
-a account
--account=account
Use the given account instead of the account named default. This option cannot be used together with the --host option. See Choosing an account.
--host=hostname
Use this SMTP server with settings from the command line; do not use any configuration file data. This option cannot be used together with the --account option. It disables loading of configuration files. See Choosing an account.
--port=number
Set the port number to connect to. See port.
--connect-timeout=(off|seconds)
Set a connection timeout. See connect_timeout.
--protocol=(smtp|lmtp)
Set the protocol. See protocol.
--domain=[argument]
Set the argument of the SMTP EHLO (or LMTP LHLO) command. See domain.
--auth[=(on|off|method)]
Enable or disable authentication and optionally choose the method. See auth.
--user=[username]
Set or unset the user name for authentication. See user.
--tls[=(on|off)]
Enable or disable TLS. See tls.
--tls-trust-file=[file]
Set or unset a trust file for TLS encryption. See tls_trust_file.
--tls-key-file=[file]
Set or unset a key file for TLS encryption. See tls_key_file.
--tls-cert-file=[file]
Set or unset a cert file for TLS encryption. See tls_cert_file.
--tls-certcheck[=(on|off)]
Enable or disable server certificate checks for TLS encryption. See tls_certcheck.
--tls-starttls[=(on|off)]
Enable or disable STARTTLS for TLS encryption. See tls_starttls.

3.2.4 Options specific to sendmail mode

-f address
--from=address
Set the envelope from address. See from.
If no account was chosen yet (with --account or --host), this option will choose the first account that has the given envelope from address (set with the from command). If no such account is found, "default" is used. See Choosing an account.
--maildomain=[domain]
Sets the domain part that will be used if an envelope from address is generated. See maildomain.
-N (off|condition)
--dsn-notify=(off|condition)
Set or unset DSN notification conditions. See dsn_notify.
-R (off|amount)
--dsn-return=(off|amount)
Set or unset the DSN notification amount. See dsn_return. Note that hdrs is accepted as an alias for headers to be compatible with sendmail.
--keepbcc[=(on|off)]
Enable or disable the preservation of the Bcc header. See keepbcc.
-X [file]
--logfile=[file]
Set or unset the log file. See logfile.
--syslog[=(on|off|facility)]
Enable or disable syslog logging. See syslog.
-t
--read-recipients
Send the mail to the recipients given in the To, Cc, and Bcc headers of the mail in addition to the recipients given on the command line.
This requires a temporary file to buffer the mail headers; see Environment / Files.
--
This marks the end of options. All following arguments will be treated as recipient addresses, even if they start with a '-'.

The following options are accepted but ignored for sendmail compatibility: -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value, -v

3.3 Choosing an account

There are three ways to choose the account to use. It depends on the circumstances which method is the best.

  1. --account=account
    Use the given account. Command line settings override configuration file settings.
  2. --host=hostname
    Use only the settings from the command line; do not use any configuration file data.
  3. --from=address
    Choose the first account from the system or user configuration file that has a matching envelope from address as specified by a from command. This works only when neither --account nor --host is used.
If none of the above options is used (or if --from is used but no account has a matching from command), then the account "default" is used.

3.4 Exit code

The standard exit codes from sysexits.h are used.

3.5 Environment / Files

SYSCONFDIR/msmtprc
The system configuration file. Use the --version option to find out what SYSCONFDIR is on your platform.
$HOME/.msmtprc
The default user configuration file.
$HOME/.netrc
The .netrc file contains login information. If a password is not found in the configuration file, msmtp will search it in .netrc before prompting the user for it. The syntax of .netrc is described in the netrc(5) or ftp(1) manual page.
$USER, $LOGNAME
These variables override the user's login name when constructing an envelope from address. LOGNAME is only used if USER is unset.
$TMPDIR
Directory to create temporary files in. If this is unset, a system specific default directory is used.
A temporary file is only created when the -t/--read-recipients option is used. The file is then used to buffer the headers of the mail (but not the body, so the file won't get too large).

Next: , Previous: Invocation, Up: Top

4 SMTP features

Next: , Up: SMTP features

4.1 Transport Layer Security

Quoting from RFC2246, the TLS 1.0 protocol specification:
"The TLS protocol provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery."

SMTP servers can use TLS in one of two modes:

msmtp can switch between these modes with the tls_starttls command (see tls_starttls) command or the --tls-starttls option (see –tls-starttls).

When TLS is started, the server sends a certificate to identify itself. This certificate contains information about the certificate owner, the certificate issuer, and the activation and expiration times of the certificate. This information can be displayed in server information mode. See Server information mode.

Some sanity checks are done with the server certificate. These include:

Sometimes one of these checks fail. msmtp will abort the connection in this case. If the user still wants to use this SMTP server with TLS, the sanity checks can be switched off with tls_certcheck or --tls-certcheck (see tls_certcheck, –tls-certcheck).

Note that the SMTP server cannot be fully trusted just because the certificate passes the sanity checks. To verify that the user can trust the SMTP server, it is necessary to use a (list of) certificates of Certification Authorities (CAs) that are trusted. If msmtp can verify that the server certificate was issued by one of these CAs, then the SMTP server is trusted. A file containing CA certificates can be set with tls_trust_file or --tls-trust-file (see tls_trust_file, –tls-trust-file).

If the server requests it, the client can send a certificate, too. This allows the server to verify the identity of the client. See the EXTERNAL mechanism in Authentication. The tls_key_file/tls_cert_file commands or the --tls-key-file/--tls-cert-file options can be used to set a client certificate. See tls_key_file/–tls-key-file, tls_cert_file/–tls-cert-file. Note that GnuTLS will only send a client certificate if it matches one of the CAs advertised by the server. If you set a client certificate but it is not send to the server, it probably does not match any CA that the server trusts.

Next: , Previous: Transport Layer Security, Up: SMTP features

4.2 Authentication

Many SMTP servers require a client to authenticate itself before it is allowed to send mail.

Multiple authentication methods exist. Most SMTP servers support only some of them. Some methods send authentication data in plain text (or nearly plain text) to the server. These methods should only be used when TLS is active to prevent others from stealing the password. See Transport Layer Security.

msmtp supports a subset of the following authentication methods:

It depends on the underlying authentication library and its version whether a particular method is supported or not. Use the --version to find out which methods are supported by your version of msmtp.

Authentication data can be set with the user and password commands or with the --user option. See user, password, –user. If no password is set but one is needed during authentication, msmtp will try to find it in ~/.netrc, and if that fails, msmtp will prompt you for it.

The authentication method can be chosen with the auth command or --auth option, but it is usually sufficient to just use the on argument to let msmtp choose the method itself. See auth, –auth.

If msmtp chooses the method itself, it will not choose a method that sends plain text authentication data when TLS is not active. This means that only CRAM-MD5, DIGEST-MD5, GSSAPI, and NTLM are available when TLS is inactive. PLAIN and LOGIN are only available when TLS is active. If you really want to send clear text authentication data, you have to force msmtp to do that by setting the authentication method to PLAIN or LOGIN when TLS is off.

Previous: Authentication, Up: SMTP features

4.3 Delivery Status Notifications

In situations such as delivery failure or very long delivery delay, the mail system often generates a message for the sender of the mail in question, informing him about the difficulties.

Delivery Status Notification (DSN) requests, defined in RFC 3461, try to give the sender of the mail control about how and when these DSN messages are sent. The SMTP server must support the DSN extension. See Server information mode.

A first parameter controls when such messages should be generated: never, on delivery failure, on delivery delay, and/or on success. This can be set with dsn_notify/--dsn-notify, see dsn_notify/–dsn-notify.

A second parameter controls how much of the original mail should be contained in a DSN message: only the headers, or the full mail. This can be set with dsn_return/--dsn-return, see dsn_return/–dsn-return. Note that this parameter only applies to DSNs that indicate delivery failure for at least one recipient. If a DSN contains no indications of delivery failure, only the headers of the message are returned.

Next: , Previous: SMTP features, Up: Top

5 Sendmail mode

Next: , Up: Sendmail mode

5.1 Envelope from address

The SMTP server expects a sender mail address for each mail. This is the envelope from address. It is independent of the From header (because it is part of the mail envelope, not of the mail itself), but in most cases both addresses are the same.

The from command and the --from option can explicitly set an envelope from address. See from, –from.

If no envelope from address is set, msmtp will construct one: The local part will be set to $USER or, if that fails, to $LOGNAME or, if that fails, to the login name of the current user. If that fails, too, the local part will be set to unknown. Note that the envelope from address will lack a domain part in these cases.

If a mail domain is given with the maildomain command or the --maildomain option (see maildomain/–maildomain), it will become the domain part of the envelope from address.

Example: maildomain example.com and the user name joe will result in the envelope from address joe@example.com.

Next: , Previous: Envelope from address, Up: Sendmail mode

5.2 Logging

Logging is enabled on a per account basis. If it is enabled, msmtp will generate one log line for each mail it tries to send via the account in question.

The line will include the following information:

If a logfile is given with the logfile command or --logfile option, this log line will be prepended with the current date and time and appended to the specified file. See logfile, –logfile.

If syslog logging is enabled with the syslog command or --syslog option, the log line is passed to the syslog service with the specified facility. See syslog, –syslog.

Previous: Logging, Up: Sendmail mode

5.3 Bcc header

The mail will be transmitted unaltered to the SMTP server, with one exception: the Bcc header(s) will be stripped from it before the transmission. This behavior can be changed with the keepbcc command and --keepbcc option, see keepbcc/–keepbcc.

Next: , Previous: Sendmail mode, Up: Top

6 Server information mode

In server information mode, msmtp prints as much information about the SMTP server as it can get and then exits.

The SMTP features that can be detected are:

If TLS is activated for server information mode, the following information will be printed about the SMTP server's TLS certificate (if available):

Next: , Previous: Server information mode, Up: Top

7 Remote Message Queue Starting mode

Remote Message Queue Starting (RMQS) is defined in RFC 1985. It is a way for a client to request that a server start the processing of its mail queues for messages that are waiting at the server for the client machine. If any messages are at the server for the client, then the server creates a new SMTP session and sends the messages at that time.

msmtp can send the request (using the ETRN SMTP command); a mail server on the client side should then accept the connection of the remote SMTP server to receive the mail.

Destinations defined in RFC 1985 are:

Next: , Previous: Remote Message Queue Starting mode, Up: Top

8 Examples

Next: , Up: Examples

8.1 A system wide configuration file

     # A system wide configuration is optional.
     # If it exists, it usually defines a default account.
     # This allows msmtp to be used like /usr/sbin/sendmail.
     account default
     
     # The SMTP smarthost.
     host mailhub.oursite.example
     
     # Construct envelope from addresses of the form "user@oursite.example".
     # Without this, envelope from addresses will just contain the user name,
     # without a domain part.
     #maildomain oursite.example
     
     # Use TLS.
     #tls on
     #tls_trust_file /etc/ssl/certs/ca.pem
     
     # Syslog logging with facility LOG_MAIL instead of the default LOG_USER.
     syslog LOG_MAIL

Next: , Previous: A system wide configuration file, Up: Examples

8.2 A user configuration file

     # Set default values for all following accounts.
     defaults
     tls on
     tls_trust_file /etc/ssl/certs/ca-certificates.crt
     logfile ~/.msmtp.log
     
     # A freemail service
     account freemail
     host smtp.freemail.example
     from joe_smith@freemail.example
     auth on
     user joe.smith
     password secret
     
     # A second mail address at the same freemail service
     account freemail2 : freemail
     from joey@freemail.example
     
     # The SMTP server of the provider.
     account provider
     host mail.provider.example
     from smithjoe@provider.example
     auth on
     user 123
     password pwd
     
     # Set a default account
     account default : provider

Next: , Previous: A user configuration file, Up: Examples

8.3 Using msmtp with Mutt

Create a configuration file for msmtp and add the following lines to your Mutt configuration file: 

     set sendmail="/path/to/msmtp"
     set use_from=yes
     set realname="Your Name"
     set from=you@example.com
     set envelope_from=yes

The envelope_from=yes option lets Mutt use the -f option of msmtp. Therefore msmtp chooses the first account that matches the from address you@example.com. Alternatively, you can use the -a option: 

     set sendmail="/path/to/msmtp -a my_account"

See Choosing an account.

Or set everything from the command line: 

     set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls"

If you have multiple mail accounts in your msmtp configuration file and let Mutt use the -f option to choose one, you can easily switch accounts in Mutt with the following Mutt configuration lines: 

     macro generic "<esc>1" ":set from=you@example.com"
     macro generic "<esc>2" ":set from=you@your-employer.example"
     macro generic "<esc>3" ":set from=you@some-other-provider.example"

Now you can use <esc>1, <esc>2, and <esc>3 to switch accounts.

Previous: Using msmtp with Mutt, Up: Examples

8.4 Using msmtp with mail

Define a default account, and put the following into your ~/.mailrc: 

     set sendmail="/path/to/msmtp"

You need to define a default account, because mail does not allow extra options to the msmtp command line.

Previous: Examples, Up: Top

9 Development

The homepage of msmtp is http://msmtp.sourceforge.net/; the SourceForge project page is http://sourceforge.net/projects/msmtp/.

The mailing list msmtp-users can be accessed from the project page.

Please send any questions, suggestions, and bug reports either to the mailing list or to Martin Lambers (marlam@marlam.de, OpenPGP key: http://www.marlam.de/key.txt). If you send a bug report, please include the output of msmtp --version.