Provided by: mpop_1.4.3-1_amd64 bug

NAME

       mpop - A POP3 client

SYNOPSIS

       Mail retrieval mode (default):
              mpop [option...] [--] [account...]
              mpop --host=host [option...]

       Configuration mode:
              mpop --configure <mailaddress>

       Server information mode:
              mpop [option...] --serverinfo [account...]
              mpop --host=host [option...] --serverinfo

DESCRIPTION

       In mail retrieval mode of operation, mpop retrieves mails from one or more POP3 mailboxes,
       optionally does some filtering, and delivers them through a mail delivery agent (MDA),  to
       a  maildir folder, or to an mbox file.  Mails that were successfully delivered before will
       not be retrieved a second time, even if errors occur or mpop is terminated in  the  middle
       of a session.
       In server information mode, mpop prints information about one or more POP3 servers.
       If no account names are given on the command line, one named default will be used.
       The best way to start is probably to have a look at the EXAMPLES section.

EXIT STATUS

       The standard sendmail exit codes are used, as defined in sysexits.h.

OPTIONS

       Options override configuration file settings, for every used account.

       General Options

              --version
                     Print version information, including information about the libraries used.

              --help Print help.

              -P, --pretend
                     Print the configuration settings that would be used, but do not take further
                     action.  An asterisk (`*') will be printed instead of your password.

              -d, --debug
                     Print lots of debugging information, including the whole  conversation  with
                     the  server. Be careful with this option: the (potentially dangerous) output
                     will not be sanitized, and your  password  may  get  printed  in  an  easily
                     decodable format!
                     This   option  implies  --half-quiet,  because  the  progress  output  would
                     interfere with the debugging output.

       Changing the mode of operation

              --configure=mailaddress
                     Generate a configuration for the given mail address and print it.  This  can
                     be  modified  or copied unchanged to the configuration file.  Note that this
                     only works for mail domains that publish appropriate SRV  records;  see  RFC
                     8314.

              -S, --serverinfo
                     Print   information  about  the  POP3  server(s)  and  exit.  This  includes
                     information about supported features  (pipelining,  authentication  methods,
                     TOP  command,  ...),  about  parameters  (time  for  which mails will not be
                     deleted, minimum time between logins, ...), and about  the  TLS  certificate
                     (if TLS is active).

       Configuration options

              -C, --file=conffile
                     Use  the  given file instead of ~/.mpoprc or $XDG_CONFIG_HOME/mpop/config as
                     the user configuration file.

              --host=hostname
                     Use this server with  settings  from  the  command  line;  do  not  use  any
                     configuration  file  data. This option disables loading of the configuration
                     file. You cannot use both this option and account names on the command line.

              --port=number
                     Set the port number to connect to. See the port command.

              --source-ip=[IP]
                     Set or unset an IP address to bind the socket to. See the source_ip command.

              --proxy-host=[IP|hostname]
                     Set or unset a SOCKS proxy to use. See the proxy_host command.

              --proxy-port=[number]
                     Set or unset a port number for the proxy host. See the proxy_port command.

              --timeout=(off|seconds)
                     Set a network timeout. See the timeout command.

              --pipelining=(auto|on|off)
                     Enable or disable POP3 pipelining. See the pipelining command.

              --received-header[=(on|off)]
                     Enable or disable the Received header. See the received_header command.

              --auth[=(on|method)]
                     Set the authentication method to automatic (with "on") or manually choose an
                     authentication method. See the auth command.

              --user=[username]
                     Set or unset the user name for authentication. See the user command.

              --passwordeval=[eval]
                     Evaluate password for authentication. See the passwordeval command.

              --tls[=(on|off)]
                     Enable or disable TLS/SSL. See the tls command.

              --tls-starttls[=(on|off)]
                     Enable or disable STARTTLS for TLS. See the tls_starttls command.

              --tls-trust-file=[file]
                     Set or unset a trust file for TLS. See the tls_trust_file command.

              --tls-crl-file=[file]
                     Set  or  unset  a  certificate  revocation  list (CRL) file for TLS. See the
                     tls_crl_file command.

              --tls-fingerprint=[fingerprint]
                     Set or  unset  the  fingerprint  of  a  trusted  TLS  certificate.  See  the
                     tls_fingerprint command.

              --tls-key-file=[file]
                     Set or unset a key file for TLS. See the tls_key_file command.

              --tls-cert-file=[file]
                     Set or unset a cert file for TLS. See the tls_cert_file command.

              --tls-certcheck[=(on|off)]
                     Enable  or  disable server certificate checks for TLS. See the tls_certcheck
                     command.

              --tls-min-dh-prime-bits=[bits]
                     Set or unset minimum bit size of the Diffie-Hellmann  (DH)  prime.  See  the
                     tls_min_dh_prime_bits command.

              --tls-priorities=[priorities]
                     Set or unset TLS priorities. See the tls_priorities command.

       Options specific to mail retrieval mode

              -q, --quiet
                     Do not print status or progress information.

              -Q, --half-quiet
                     Print status but not progress information.

              -a, --all-accounts
                     Query all accounts in the configuration file.

              -A, --auth-only
                     Authenticate only; do not retrieve mail. Useful for SMTP-after-POP.

              -s, --status-only
                     Print number and size of mails in each account only; do not retrieve mail.

              -n, --only-new[=(on|off)]
                     Process only new messages. See the only_new command.

              -k, --keep[=(on|off)]
                     Do  not  delete  mails  from  POP3  servers,  regardless of other options or
                     settings.  See the keep command.

              --killsize=(off|size)
                     Set or unset kill size. See the killsize command.

              --skipsize=(off|size)
                     Set or unset skip size. See the skipsize command.

              --filter=[program]
                     Set a filter which will decide whether to retrieve,  skip,  or  delete  each
                     mail by investigating the mail's headers. See the filter command.

              --delivery=method,method_arguments...
                     How  to  deliver  messages  received  from  this  account.  See the delivery
                     command. Note that a comma is used instead of a blank to separate the method
                     from its arguments.

              --uidls-file=filename
                     File to store UIDLs in. See the uidls_file command.

USAGE

       A  suggestion  for  a  suitable  configuration file can be generated using the --configure
       option.  The default configuration  file  is  ~/.mpoprc  or  $XDG_CONFIG_HOME/mpop/config.
       Settings in this file can be changed by command line options.
       A configuration file is a simple text file. Empty lines and comment lines (first non-blank
       character is '#') are ignored. Every other line must contain a command and may contain  an
       argument to that command.  The argument may be enclosed in double quotes (").
       If a file name starts with the tilde (~), this tilde will be replaced by $HOME.
       If a command accepts the argument on, it also accepts an empty argument and treats that as
       if it was on.
       Commands are organized in accounts. Each account  starts  with  the  account  command  and
       defines the settings for one POP3 account.

       Commands are as follows:

       defaults
              Set  defaults. The following configuration commands will set default values for all
              following account definitions.

       account name [:account[,...]]
              Start a new account definition with the given name. The current default values  are
              filled in.
              If  a  colon  and  a list of previously defined accounts is given after the account
              name, the new account, with the filled in default values, will inherit all settings
              from the accounts in the list.

       host hostname
              The  POP3  server  to  retrieve  mails  from.  The argument may be a host name or a
              network address.  Every account definition must contain this command.

       port number
              The port that the POP3 server listens on. The default is 110 ("pop3"),  unless  TLS
              without STARTTLS is used, in which case it is 995 ("pop3s").

       source_ip [IP]
              Set  a source IP address to bind the outgoing connection to. Useful only in special
              cases on multi-home systems. An empty argument disables this.

       proxy_host [IP|hostname]
              Use a SOCKS proxy. All network traffic will go through this proxy  host,  including
              DNS  queries,  except  for a DNS query that might be necessary to resolve the proxy
              host name itself (this can be avoided by using an IP address as proxy  host  name).
              An  empty  hostname  argument  disables  proxy usage.  The supported SOCKS protocol
              version is 5. If you want to use this with Tor, see  also  "Using  mpop  with  Tor"
              below.

       proxy_port [number]
              Set the port number for the proxy host. An empty number argument resets this to the
              default port, which is 1080 ("socks").

       timeout (off|seconds)
              Set or unset a network timeout,  in  seconds.  The  default  is  180  seconds.  The
              argument  off  means  that  no  timeout will be set, which means that the operating
              system default will be used.

       pipelining (auto|on|off)
              Enable or disable POP3 pipelining. You should never  need  to  change  the  default
              setting,  which  is  auto:  mpop enables pipelining for POP3 servers that advertise
              this capability, and disables it for all other servers.  Pipelining can speed up  a
              POP3 session substantially.

       auth [(on|method)]
              Choose  an  authentication  method.  The  default  argument  on  chooses  a  method
              automatically.
              Usually a user name and a password are used for authentication. The  user  name  is
              specified in the configuration file with the user command. There are five different
              methods to specify the password:
              1. Add the password to the system key ring.  Currently supported key rings are  the
              Gnome  key ring and the Mac OS X Keychain.  For the Gnome key ring, use the command
              secret-tool (part of Gnome's  libsecret)  to  store  passwords:  secret-tool  store
              --label=mpop  host  pop.freemail.example service pop3 user joe.smith.  On Mac OS X,
              use the following command: security add-internet-password  -s  pop.freemail.example
              -r  pop3  -a joe.smith -w.  In both examples, replace pop.freemail.example with the
              POP3 server name, and joe.smith with your user name.
              2. Store the password in an encrypted files, and  use  passwordeval  to  specify  a
              command to decrypt that file, e.g. using GnuPG. See EXAMPLES.
              3.  Store  the  password  in  the  configuration  file  using the password command.
              (Usually it is not considered a good idea to store passwords in plain  text  files.
              If  you  do  it  anyway,  you  must  make  sure  that  the file can only be read by
              yourself.)
              4. Store the password in ~/.netrc. This method is probably obsolete.
              5. Type the password into the terminal when it is required.
              It is recommended to use method 1 or 2.
              Multiple authentication methods exist. Most servers  support  only  some  of  them.
              Historically,  sophisticated methods were developed to protect passwords from being
              sent unencrypted to the server, but nowadays everybody needs  TLS  anyway,  so  the
              simple   methods   suffice  since  the  whole  session  is  protected.  A  suitable
              authentication method is chosen automatically, and when TLS is  disabled  for  some
              reason, only methods that avoid sending clear text passwords are considered.
              The  following  user  /  password  methods are supported: user (a simple plain text
              method supported  by  all  servers),  plain  (another  simple  plain  text  method,
              supported  by  almost  all  servers),  scram-sha-1 (a method that avoids clear-text
              passwords), apop (an obsolete method that avoids clear-text passwords, but  is  not
              considered  secure  anymore),  cram-md5  (an obsolete method that avoids clear-text
              passwords, but is not considered secure anymore),  digest-md5  (an  overcomplicated
              obsolete  method  that  avoids  clear-text  passwords, but is not considered secure
              anymore), login (a non-standard clear-text method similar to  but  worse  than  the
              plain  method), ntlm (an obscure non-standard method that is now considered broken;
              it sometimes requires a special domain parameter passed via ntlmdomain).
              There are currently two authentication  methods  that  are  not  based  on  user  /
              password  information  and have to be chosen manually: external (the authentication
              happens outside of the protocol, typically by sending a TLS client certificate, and
              the  method  merely  confirms  that this authentication succeeded), and gssapi (the
              Kerberos framework takes care  of  secure  authentication,  only  a  user  name  is
              required).
              It  depends  on  the  underlying  authentication  library and its version whether a
              particular method is supported or not. Use --version to find out which methods  are
              supported.

       user login
              Set the user name for authentication. An empty argument unsets the user name.

       password secret
              Set  the  password  for  authentication.  An  empty  argument  unsets the password.
              Consider using the passwordeval command or a key ring instead of this  command,  to
              avoid storing plain text passwords in the configuration file.

       passwordeval [eval]
              Set  the  password  for  authentication to the output (stdout) of the command eval.
              This can be used e.g. to decrypt password files on the fly or to query  key  rings,
              and thus to avoid storing plain text passwords.

       ntlmdomain [domain]
              Set a domain for the ntlm authentication method. This is obsolete.

       tls [(on|off)]
              Enable or disable TLS (also known as SSL) for secured connections.
              Transport  Layer  Security  (TLS)  "...  provides  communications  privacy over the
              Internet.  The protocol allows client/server applications to communicate in  a  way
              that  is  designed  to prevent eavesdropping, tampering, or message forgery" (quote
              from RFC2246).
              A server can use TLS in one of two modes:  via  a  STARTTLS  command  (the  session
              starts  with  the normal protocol initialization, and TLS is then started using the
              protocol's STARTTLS command), or immediately (TLS is initialized before the  normal
              protocol  initialization;  this  requires  a  separate port). The first mode is the
              default, but you can switch to the second mode by disabling tls_starttls.
              When TLS is started, the server sends a certificate to identify itself.  To  verify
              the  server identity, a client program is expected to check that the certificate is
              formally correct and that it was issued by a Certificate Authority  (CA)  that  the
              user trusts. (There can also be certificate chains with intermediate CAs.)
              The list of trusted CAs is specified using the tls_trust_file command.  The default
              value ist "system" and chooses the system-wide default, but you can also choose the
              trusted CAs yourself.
              One  practical  problem  with  this approach is that the client program should also
              check if the  server  certificate  has  been  revoked  for  some  reason,  using  a
              Certificate  Revocation  List  (CRL).  A  CRL  file  can  be  specified  using  the
              tls_crl_file command, but getting the relevant CRL files and  keeping  them  up  to
              date is not straightforward. You are basically on your own.
              A much more serious and fundamental problem is is that you need to trust CAs.  Like
              any other organization, a CA  can  be  incompetent,  malicious,  subverted  by  bad
              people,  or  forced  by government agencies to compromise end users without telling
              them. All of these things happened and continue to happen worldwide.  The  idea  to
              have  central  organizations  that  have to be trusted for your communication to be
              secure is fundamentally broken.
              Instead of putting trust in a CA, you can choose to trust only a single certificate
              for  the  server  you want to connect to. For that purpose, specify the certificate
              fingerprint with tls_fingerprint. This makes sure  that  no  man-in-the-middle  can
              fake  the  identity of the server by presenting you a fraudulent certificate issued
              by some CA that happens to be in your trust list.  However, you have to update  the
              fingerprint whenever the server certificate changes, and you have to make sure that
              the change is legitimate each time, e.g. when the old certificate expired. This  is
              inconvenient, but it's the price to pay.
              Information  about  a  server  certificate  can be obtained with --serverinfo --tls
              --tls-certcheck=off. This includes the issuer CA of the  certificate  (so  you  can
              trust  that  CA via tls_trust_file), and the fingerprint of the certificate (so you
              can trust that particular certificate via tls_fingerprint).
              TLS also allows the server to verify the identity of the client. For this  purpose,
              the  client  has to present a certificate issued by a CA that the server trusts. To
              present that certificate, the client also needs the matching key file. You can  set
              the  certificate and key files using tls_cert_file and tls_key_file. This mechanism
              can also be used to  authenticate  users,  so  that  traditional  user  /  password
              authentication is not necessary anymore. See the external mechanism in auth.

       tls_starttls [(on|off)]
              Choose  the TLS variant: start TLS from within the session (on, default), or tunnel
              the session through TLS (off).

       tls_trust_file file
              Activate server certificate verification using  a  list  of  trusted  Certification
              Authorities  (CAs).  The  default  is the special value "system", which selects the
              system default. An empty argument disables trust in CAs.  If you select a file,  it
              must be in PEM format, and you should also use tls_crl_file.

       tls_crl_file [file]
              Set  a  certificate  revocation  list  (CRL)  file  for  TLS,  to check for revoked
              certificates. An empty argument disables this.

       tls_fingerprint [fingerprint]
              Set the fingerprint of a single certificate to accept  for  TLS.  This  certificate
              will  be  trusted  regardless of its contents (this overrides tls_trust_file).  The
              fingerprint should be of type SHA256, but can for backwards compatibility  also  be
              of  type  SHA1  or  MD5 (please avoid this).  The format should be 01:23:45:67:....
              Use --serverinfo --tls --tls-certcheck=off --tls-fingerprint=  to  get  the  server
              certificate fingerprint.

       tls_key_file file
              Send  a  client  certificate to the server (use this together with tls_cert_file}).
              The file must contain the private key of a certificate  in  PEM  format.  An  empty
              argument disables this feature.

       tls_cert_file file
              Send a client certificate to the server (use this together with tls_key_file).  The
              file must contain a certificate in PEM format.  An  empty  argument  disables  this
              feature.

       tls_certcheck [(on|off)]
              Enable  or  disable  checks of the server certificate. They are enabled by default.
              Disabling them will override tls_trust_file and tls_fingerprint.  WARNING: When the
              checks are disabled, TLS sessions will not be secure!

       tls_min_dh_prime_bits [bits]
              Set  or  unset  the minimum number of Diffie-Hellman (DH) prime bits that mpop will
              accept for TLS sessions.  The default is set by the TLS library and can be selected
              by using an empty argument to this command.  Only lower the default (for example to
              512 bits) if there is no other way to make TLS work with the remote server.

       tls_priorities [priorities]
              Set the priorities for TLS sessions. The default is set by the TLS library and  can
              be  selected  by  using  an  empty  argument  to  this  command.   See  the  GnuTLS
              documentation of  the  gnutls_priority_init  function  for  a  description  of  the
              priorities string.

       delivery method method_arguments...
              How to deliver messages received from this account.

              delivery mda command
                     Deliver the mails through a mail delivery agent (MDA).
                     All occurrences of %F in the command will be replaced with the envelope from
                     address of the current message (or MAILER-DAEMON if  none  is  found).  Note
                     that  this address is guaranteed to contain only letters a-z and A-Z, digits
                     0-9, and any of ".@_-+/", even though that is  only  a  subset  of  what  is
                     theoretically  allowed  in a mail address. Other characters, including those
                     interpreted by the shell, are replaced with "_".  Nevertheless,  you  should
                     put %F into single quotes: '%F'.
                     Use "delivery mda /usr/bin/procmail -f '%F' -d $USER" for the procmail MDA.
                     Use  "delivery mda /usr/sbin/sendmail -oi -oem -f '%F' -- $USER" to let your
                     MTA handle the mail.
                     Use  "delivery  mda  /usr/local/bin/msmtp  --host=localhost  --from='%F'  --
                     $USER@`hostname`.`dnsdomainname`"  to  pass  the  mail to your MTA via SMTP.
                     (This is what fetchmail does by default.)

              delivery maildir directory
                     Deliver the mails to the given maildir directory. The directory  must  exist
                     and it must have the maildir subdirectories cur, new, and tmp; mpop will not
                     create directories. This delivery type  only  works  on  file  systems  that
                     support hard links.

              delivery mbox mbox-file
                     Deliver  the mails to the given file in mbox format. The file will be locked
                     with  fcntl(2).  mpop  uses  the  MBOXRD  mbox  format  variant;   see   the
                     documentation of the mbox format.

              delivery exchange directory
                     Deliver the mails to the given Exchange pickup directory. The directory must
                     exist.

              If the delivery method needs to parse the mail headers for an envelope from address
              (the  mda method if the command contains %F, and the mbox method), then it needs to
              create a temporary file to store the mail  headers  (but  not  the  body)  in.  See
              $TMPDIR in the FILES / ENVIRONMENT section.

       uidls_file filename
              The  file  to store UIDLs in. These are needed to identify new messages.  %U in the
              filename will be replaced by the username  of  the  current  account.   %H  in  the
              filename  will be replaced by the hostname of the current account.  If the filename
              contains directories that do not exist, mpop will create  them.   mpop  locks  this
              file for exclusive access when accessing the associated POP3 account.
              The default value is "~/.mpop_uidls/%U_at_%H". You can also use a single UIDLS file
              for multiple accounts, but then you cannot poll more than one of these accounts  at
              the same time.

       only_new [(on|off)]
              By  default, mpop processes only new messages (new messages are those that were not
              already successfully retrieved in an earlier session). If  this  option  is  turned
              off, mpop will process all messages.

       keep [(on|off)]
              Keep  all  mails on the POP3 server, never delete them. The default behaviour is to
              delete mails that have been successfully retrieved or filtered by kill filters.

       killsize (off|size)
              Mails larger than the given size will be deleted (unless the keep command is  used,
              in  which  case  they  will  just  be  skipped).  The size argument must be zero or
              greater. If it  is  followed  by  a  `k'  or  an  `m',  the  size  is  measured  in
              kibibytes/mebibytes  instead of bytes.  Note that some POP3 servers report slightly
              incorrect sizes for mails; see NOTES below.
              When killsize is set to 0 and keep is set to on,  then  all  mails  are  marked  as
              retrieved,  but  no  mail  gets  deleted  from  the  server.  This  can  be used to
              synchronize the UID list on the client to the UID list on the server.

       skipsize (off|size)
              Mails larger than the given size  will  be  skipped  (not  downloaded).   The  size
              argument must be zero or greater. If it is followed by a `k' or an `m', the size is
              measured in kibibytes/mebibytes instead of bytes.   Note  that  some  POP3  servers
              report slightly incorrect sizes for mails; see NOTES below.

       filter [command]
              Set  a  filter  which will decide whether to retrieve, skip, or delete each mail by
              investigating the mail's headers. The POP3 server must support the POP3 TOP command
              for  this  to  work;  see  option  --serverinfo  above.  An empty argument disables
              filtering.
              All occurrences of %F in the command  will  be  replaced  with  the  envelope  from
              address of the current message (or MAILER-DAEMON if none is found).  Note that this
              address is guaranteed to contain only letters a-z and A-Z, digits 0-9, and  any  of
              ".@_-+/",  even  though that is only a subset of what is theoretically allowed in a
              mail address. Other characters, including  those  interpreted  by  the  shell,  are
              replaced with "_". Nevertheless, you should put %F into single quotes: '%F'.
              All  occurrences of %S in the command will be replaced with the size of the current
              mail as reported by the POP3 server.
              The mail headers (plus the blank line separating the headers from the body) will be
              piped  to  the  command. Based on the return code, mpop decides what to do with the
              mail:
              0: proceed normally; no special action
              1: delete the mail; do not retrieve it
              2: skip the mail; do not retrieve it
              Return codes greater than or equal to 3 mean that an error occurred. The sysexits.h
              error  codes  may be used to give information about the kind of the error, but this
              is not necessary.

       received_header [(on|off)]
              Enable or disable adding a Received header. By default, mpop  prepends  a  Received
              header  to  the  mail  during delivery. This is required by the RFCs if the mail is
              subsequently further delivered e.g. via SMTP.

FILTERING

       There are three filtering commands available.  They will  be  executed  in  the  following
       order:
       killsize
       skipsize
       filter
       If a filtering command applies to a mail, the remaining filters will not be executed.

EXAMPLES

       Configuration file

       # Example for a user configuration file ~/.mpoprc
       #
       # This file focusses on TLS, authentication, and the mail delivery method.
       # Features not used here include mail filtering, timeouts, SOCKS proxies,
       # TLS parameters, and more.

       # Set default values for all following accounts.
       defaults

       # Always use TLS.
       tls on

       # Set a list of trusted CAs for TLS. The default is to use system settings, but
       # you can select your own file.
       #tls_trust_file /etc/ssl/certs/ca-certificates.crt

       # If you select your own file, you should also use the tls_crl_file command to
       # check for revoked certificates, but unfortunately getting revocation lists and
       # keeping them up to date is not straightforward.
       #tls_crl_file ~/.tls-crls

       # Deliver mail to an MBOX mail file:
       delivery mbox ~/Mail/inbox
       # Deliver mail to a maildir folder:
       #delivery maildir ~/Mail/incoming
       # Deliver mail via procmail:
       #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
       # Deliver mail via the local SMTP server:
       #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
       # Deliver mail to an Exchange pickup directory:
       #delivery exchange c:\exchange\pickup

       # Use an UIDLS file in ~/.local/share instead of ~/.mpop_uidls
       uidls_file ~/.local/share/%U_at_%H

       # A freemail service
       account freemail

       # Host name of the POP3 server
       host pop.freemail.example

       # As an alternative to tls_trust_file/tls_crl_file, you can use tls_fingerprint
       # to pin a single certificate. You have to update the fingerprint when the
       # server certificate changes, but an attacker cannot trick you into accepting
       # a fraudulent certificate. Get the fingerprint with
       # $ mpop --serverinfo --tls --tls-certcheck=off --host=pop.freemail.example
       #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

       # Authentication. The password is given using one of five methods, see below.
       user joe.smith

       # Password method 1: Add the password to the system keyring, and let mpop get
       # it automatically. To set the keyring password using Gnome's libsecret:
       # $ secret-tool store --label=mpop \
       #   host pop.freemail.example \
       #   service pop3 \
       #   user joe.smith

       # Password method 2: Store the password in an encrypted file, and tell mpop
       # which command to use to decrypt it. This is usually used with GnuPG, as in
       # this example. Usually gpg-agent will ask once for the decryption password.
       passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg

       # Password method 3: Store the password directly in this file. Usually it is not
       # a good idea to store passwords in plain text files. If you do it anyway, at
       # least make sure that this file can only be read by yourself.
       #password secret123

       # Password method 4: Store the password in ~/.netrc. This method is probably not
       # relevant anymore.

       # Password method 5: Do not specify a password. Mpop will then prompt you for
       # it. This means you need to be able to type into a terminal when mpop runs.

       # A second mail box at the same freemail service
       account freemail2 : freemail
       user joey

       # The POP3 server of your ISP
       account isp
       host mail.isp.example
       auth on
       user 12345
       # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status: Yes"
       # header, and delete all mails with this header before downloading them.
       filter    if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       # Set a default account
       account default : freemail

       Filtering with SpamAssassin

       The command filter "/path/to/spamc -c > /dev/null" will delete all mails that SpamAssassin
       thinks are spam. Since no message body is passed to SpamAssassin, you should  disable  all
       body-specific tests in the SpamAssassin configuration file; for example set use_bayes 0.

       If  your  mail  provider runs SpamAssassin for you, you just have to check for the result.
       The following script can do that when used as an mpop filter:
       #!/bin/sh
       if [ "`grep "^X-Spam-Status: Yes"`" ]; then
           exit 1  # kill this message
       else
           exit 0  # proceed normally
       fi
       Since the filter command is passed to a shell, you can also use this directly:
       filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       Using mpop with Tor

       Use the following settings:
       proxy_host 127.0.0.1
       proxy_port 9050
       tls on
       Use an IP address as proxy host name, so  that  mpop  does  not  leak  a  DNS  query  when
       resolving it.
       TLS is required to prevent exit hosts from reading your POP3 session.

FILES

       ~/.mpoprc or $XDG_CONFIG_HOME/mpop/config
              Default configuration file.

       ~/.mpop_uidls
              Default directory to store UIDLs files in.

       ~/.netrc and SYSCONFDIR/netrc
              The  netrc  file contains login information. Before prompting for a password, msmtp
              will search it in ~/.netrc and SYSCONFDIR/netrc.

ENVIRONMENT

       $USER, $LOGNAME
              These variables override the user's login name. $LOGNAME is only used if  $USER  is
              unset. The user's login name is used for Received headers.

       $TMPDIR
              Directory to create temporary files in. If this is unset, a system specific default
              directory is used.

AUTHOR

       mpop was written by Martin Lambers <marlam@marlam.de>
       Other authors are listed in the AUTHORS file in the source distribution.

SEE ALSO

       procmail(1), spamassassin(1), netrc(5) or ftp(1), mbox(5), fcntl(2)

                                             2019-01                                      MPOP(1)