Provided by: mpop_1.4.18-1_amd64 bug

NAME

       mpop - A POP3 client

SYNOPSIS

       Mail retrieval mode (default):
              mpop [option...] [--] [account...]
              mpop --host=host [option...]

       Configuration mode:
              mpop --configure <mailaddress>

       Server information mode:
              mpop [option...] --serverinfo [account...]
              mpop --host=host [option...] --serverinfo

DESCRIPTION

       In mail retrieval mode of operation, mpop retrieves mails from one or more POP3 mailboxes,
       optionally does some filtering, and delivers them through a mail delivery agent (MDA),  to
       a  maildir folder, or to an mbox file.  Mails that were successfully delivered before will
       not be retrieved a second time, even if errors occur or mpop is terminated in  the  middle
       of a session.
       In server information mode, mpop prints information about one or more POP3 servers.
       If no account names are given on the command line, one named default will be used.
       The best way to start is probably to have a look at the EXAMPLES section.

EXIT STATUS

       The standard sendmail exit codes are used, as defined in sysexits.h.

OPTIONS

       Options override configuration file settings, for every used account.

       General Options

              --version
                     Print version information, including information about the libraries used.

              --help Print help.

              -P, --pretend
                     Print the configuration settings that would be used, but do not take further
                     action.  An asterisk (`*') will be printed instead of your password.

              -d, --debug
                     Print lots of debugging information, including the whole  conversation  with
                     the  server. Be careful with this option: the (potentially dangerous) output
                     will not be sanitized, and your  password  may  get  printed  in  an  easily
                     decodable format!
                     This   option  implies  --half-quiet,  because  the  progress  output  would
                     interfere with the debugging output.

       Changing the mode of operation

              --configure=mailaddress
                     Generate a configuration for the given mail address and print it.  This  can
                     be  modified  or copied unchanged to the configuration file.  Note that this
                     only works for mail domains that publish appropriate SRV  records;  see  RFC
                     8314.

              -S, --serverinfo
                     Print   information  about  the  POP3  server(s)  and  exit.  This  includes
                     information about supported features  (pipelining,  authentication  methods,
                     TOP  command,  ...),  about  parameters  (time  for  which mails will not be
                     deleted, minimum time between logins, ...), and about  the  TLS  certificate
                     (if TLS is active).

       Configuration options

              -C, --file=conffile
                     Use  the  given file instead of ~/.mpoprc or $XDG_CONFIG_HOME/mpop/config as
                     the user configuration file.

              --host=hostname
                     Use this server with  settings  from  the  command  line;  do  not  use  any
                     configuration  file  data. This option disables loading of the configuration
                     file. You cannot use both this option and account names on the command line.

              --port=number
                     Set the port number to connect to. See the port command.

              --source-ip=[IP]
                     Set or unset an IP address to bind the socket to. See the source_ip command.

              --proxy-host=[IP|hostname]
                     Set or unset a SOCKS proxy to use. See the proxy_host command.

              --proxy-port=[number]
                     Set or unset a port number for the proxy host. See the proxy_port command.

              --socket=[socketname]
                     Set or unset a local unix domain socket name to connect to. See  the  socket
                     command.

              --timeout=(off|seconds)
                     Set a network timeout. See the timeout command.

              --pipelining=(auto|on|off)
                     Enable or disable POP3 pipelining. See the pipelining command.

              --received-header[=(on|off)]
                     Enable or disable the Received header. See the received_header command.

              --auth[=(on|method)]
                     Set the authentication method to automatic (with "on") or manually choose an
                     authentication method. See the auth command.

              --user=[username]
                     Set or unset the user name for authentication. See the user command.

              --passwordeval=[cmd]
                     Evaluate password for authentication. See the passwordeval command.

              --tls[=(on|off)]
                     Enable or disable TLS/SSL. See the tls command.

              --tls-starttls[=(on|off)]
                     Enable or disable STARTTLS for TLS. See the tls_starttls command.

              --tls-trust-file=[file]
                     Set or unset a trust file for TLS. See the tls_trust_file command.

              --tls-crl-file=[file]
                     Deprecated. Set or unset a certificate revocation list (CRL) file  for  TLS.
                     See the tls_crl_file command.

              --tls-fingerprint=[fingerprint]
                     Set  or  unset  the  fingerprint  of  a  trusted  TLS  certificate.  See the
                     tls_fingerprint command.

              --tls-key-file=[file]
                     Set or unset a key file for TLS. See the tls_key_file command.

              --tls-cert-file=[file]
                     Set or unset a cert file for TLS. See the tls_cert_file command.

              --tls-certcheck[=(on|off)]
                     Enable or disable server certificate checks for TLS. See  the  tls_certcheck
                     command.

              --tls-priorities=[priorities]
                     Set or unset TLS priorities. See the tls_priorities command.

              --tls-host-override=[host]
                     Set  or  unset override for TLS host verification. See the tls_host_override
                     command.

              --tls-min-dh-prime-bits=[bits]
                     Deprecated, use --tls-priorities instead.  Set or unset minimum bit size  of
                     the Diffie-Hellmann (DH) prime. See the tls_min_dh_prime_bits command.

       Options specific to mail retrieval mode

              -q, --quiet
                     Do not print status or progress information.

              -Q, --half-quiet
                     Print status but not progress information.

              -a, --all-accounts
                     Query all accounts in the configuration file.

              -A, --auth-only
                     Authenticate only; do not retrieve mail. Useful for SMTP-after-POP.

              -s, --status-only
                     Print number and size of mails in each account only; do not retrieve mail.

              -n, --only-new[=(on|off)]
                     Process only new messages. See the only_new command.

              -k, --keep[=(on|off)]
                     Do  not  delete  mails  from  POP3  servers,  regardless of other options or
                     settings.  See the keep command.

              --killsize=(off|size)
                     Set or unset kill size. See the killsize command.

              --skipsize=(off|size)
                     Set or unset skip size. See the skipsize command.

              --filter=[program]
                     Set a filter which will decide whether to retrieve,  skip,  or  delete  each
                     mail by investigating the mail's headers. See the filter command.

              --delivery=method,method_arguments...
                     How  to  deliver  messages  received  from  this  account.  See the delivery
                     command. Note that a comma is used instead of a blank to separate the method
                     from its arguments.

              --uidls-file=filename
                     File to store UIDLs in. See the uidls_file command.

USAGE

       A  suggestion  for  a  suitable  configuration file can be generated using the --configure
       option.  The default configuration  file  is  ~/.mpoprc  or  $XDG_CONFIG_HOME/mpop/config.
       Settings in this file can be changed by command line options.
       A configuration file is a simple text file. Empty lines and comment lines (first non-blank
       character is '#') are ignored. Every other line must contain a command and may contain  an
       argument to that command.  The argument may be enclosed in double quotes (").
       If a file name starts with the tilde (~), this tilde will be replaced by $HOME.
       If a command accepts the argument on, it also accepts an empty argument and treats that as
       if it was on.
       Commands are organized in accounts. Each account  starts  with  the  account  command  and
       defines the settings for one POP3 account.

       Commands are as follows:

       defaults
              Set  defaults. The following configuration commands will set default values for all
              following account definitions.

       account name [:account[,...]]
              Start a new account definition with the given name. The current default values  are
              filled in.
              If  a  colon  and  a list of previously defined accounts is given after the account
              name, the new account, with the filled in default values, will inherit all settings
              from the accounts in the list.

       eval cmd
              Replace  the  current  configuration  file  line  with the first line of the output
              (stdout) of the command cmd. This can be used to decrypt settings or to create them
              via  scripts.  For example, eval echo host localhost replaces the current line with
              host localhost.
              Note that every eval line will be evaluated when the configuration file is read.
              Note that for passwords you can also use the passwordeval command instead  of  eval
              password cmd. This has the advantage that the command is only evaluated if needed.

       host hostname
              The  POP3  server  to  retrieve  mails  from.  The argument may be a host name or a
              network address.  Every account definition must contain this command.

       port number
              The port that the POP3 server listens on. The default is 110 ("pop3"),  unless  TLS
              without STARTTLS is used, in which case it is 995 ("pop3s").

       source_ip [IP]
              Set  a source IP address to bind the outgoing connection to. Useful only in special
              cases on multi-home systems. An empty argument disables this.

       proxy_host [IP|hostname]
              Use a SOCKS proxy. All network traffic will go through this proxy  host,  including
              DNS  queries,  except  for a DNS query that might be necessary to resolve the proxy
              host name itself (this can be avoided by using an IP address as proxy  host  name).
              An  empty  hostname  argument  disables  proxy usage.  The supported SOCKS protocol
              version is 5. If you want to use this with Tor, see  also  "Using  mpop  with  Tor"
              below.

       proxy_port [number]
              Set the port number for the proxy host. An empty number argument resets this to the
              default port, which is 1080 ("socks").

       socket socketname
              Set the file name of a unix domain  socket  to  connect  to.  This  overrides  both
              host/port and proxy_host/proxy_port.

       timeout (off|seconds)
              Set  or  unset  a  network  timeout,  in  seconds.  The default is 180 seconds. The
              argument off means that no timeout will be set,  which  means  that  the  operating
              system default will be used.

       pipelining (auto|on|off)
              Enable  or  disable  POP3  pipelining.  You should never need to change the default
              setting, which is auto: mpop enables pipelining for  POP3  servers  that  advertise
              this  capability, and disables it for all other servers.  Pipelining can speed up a
              POP3 session substantially.

       auth [(on|method)]
              Choose  an  authentication  method.  The  default  argument  on  chooses  a  method
              automatically.
              Usually  a  user  name and a password are used for authentication. The user name is
              specified in the configuration file with the user command. There are five different
              methods to specify the password:
              1.  Add the password to the system key ring.  Currently supported key rings are the
              Gnome key ring and the Mac OS X Keychain.  For the Gnome key ring, use the  command
              secret-tool  (part  of  Gnome's  libsecret)  to  store passwords: secret-tool store
              --label=mpop host pop.freemail.example service pop3 user joe.smith.  On Mac  OS  X,
              use  the  following command: security add-internet-password -s pop.freemail.example
              -r pop3 -a joe.smith -w.  In both examples, replace pop.freemail.example  with  the
              POP3 server name, and joe.smith with your user name.
              2.  Store  the  password  in  an encrypted files, and use passwordeval to specify a
              command to decrypt that file, e.g. using GnuPG. See EXAMPLES.
              3. Store the password  in  the  configuration  file  using  the  password  command.
              (Usually  it  is  not considered a good idea to store passwords in cleartext files.
              If you do it anyway, you must  make  sure  that  the  file  can  only  be  read  by
              yourself.)
              4. Store the password in ~/.netrc. This method is probably obsolete.
              5. Type the password into the terminal when it is required.
              It is recommended to use method 1 or 2.
              Multiple  authentication  methods  exist.  Most  servers support only some of them.
              Historically, sophisticated methods were developed to protect passwords from  being
              sent  unencrypted  to  the  server, but nowadays everybody needs TLS anyway, so the
              simple  methods  suffice  since  the  whole  session  is  protected.   A   suitable
              authentication  method  is  chosen automatically, and when TLS is disabled for some
              reason, only methods that avoid sending cleartext passwords are considered.
              The following user / password methods are supported:  user  (a  simple  plain  text
              method supported by all servers), plain (another simple cleartext method, supported
              by almost all servers), scram-sha-1 (a method  that  avoids  cleartext  passwords),
              scram-sha-256  (same  but with stronger hash), apop (an obsolete method that avoids
              cleartext passwords, but is not considered secure anymore), cram-md5  (an  obsolete
              method  that  avoids  cleartext  passwords,  but is not considered secure anymore),
              digest-md5 (an overcomplicated obsolete method that avoids cleartext passwords, but
              is  not  considered secure anymore), login (a non-standard cleartext method similar
              to but worse than the plain method), ntlm (an obscure non-standard method  that  is
              now  considered broken; it sometimes requires a special domain parameter passed via
              ntlmdomain).
              There are currently three authentication methods that  are  not  based  on  user  /
              password information and have to be chosen manually: oauthbearer or its predecessor
              xoauth2 (an OAuth2 token from the mail provider is used as the password.   See  the
              documentation  of  your  mail  provider  for  details on how to get this token. The
              passwordeval command can be used to pass the regularly changing  tokens  into  mpop
              from  a  script  or  an environment variable), external (the authentication happens
              outside of the protocol, typically by sending a TLS  client  certificate,  and  the
              method  merely  confirms  that  this  authentication  succeeded),  and  gssapi (the
              Kerberos framework takes care  of  secure  authentication,  only  a  user  name  is
              required).
              It  depends  on  the  underlying  authentication  library and its version whether a
              particular method is supported or not. Use --version to find out which methods  are
              supported.

       user login
              Set the user name for authentication. An empty argument unsets the user name.

       password secret
              Set  the  password  for  authentication.  An  empty  argument  unsets the password.
              Consider using the passwordeval command or a key ring instead of this  command,  to
              avoid storing cleartext passwords in the configuration file.

       passwordeval [cmd]
              Set  the  password  for  authentication  to the output (stdout) of the command cmd.
              This can be used e.g. to decrypt password files on the fly or to query  key  rings,
              and thus to avoid storing cleartext passwords.

       ntlmdomain [domain]
              Set a domain for the ntlm authentication method. This is obsolete.

       tls [(on|off)]
              Enable or disable TLS (also known as SSL) for secured connections.
              Transport  Layer  Security  (TLS)  "...  provides  communications  privacy over the
              Internet.  The protocol allows client/server applications to communicate in  a  way
              that  is  designed  to prevent eavesdropping, tampering, or message forgery" (quote
              from RFC2246).
              A server can use TLS in one of two modes:  via  a  STARTTLS  command  (the  session
              starts  with  the normal protocol initialization, and TLS is then started using the
              protocol's STARTTLS command), or immediately (TLS is initialized before the  normal
              protocol  initialization;  this  requires  a  separate port). The first mode is the
              default, but you can switch to the second mode by disabling tls_starttls.
              When TLS is started, the server sends a certificate to identify itself.  To  verify
              the  server identity, a client program is expected to check that the certificate is
              formally correct and that it was issued by a Certificate Authority  (CA)  that  the
              user trusts. (There can also be certificate chains with intermediate CAs.)
              The list of trusted CAs is specified using the tls_trust_file command.  The default
              value ist "system" and chooses the system-wide default, but you can also choose the
              trusted CAs yourself.
              A  fundamental  problem  with  this  is that you need to trust CAs.  Like any other
              organization, a CA can be incompetent,  malicious,  subverted  by  bad  people,  or
              forced  by government agencies to compromise end users without telling them. All of
              these things happened and continue to happen worldwide.  The idea to  have  central
              organizations  that  have  to  be  trusted  for  your communication to be secure is
              fundamentally broken.
              Instead of putting trust in a CA, you can choose to trust only a single certificate
              for  the  server  you want to connect to. For that purpose, specify the certificate
              fingerprint with tls_fingerprint. This makes sure  that  no  man-in-the-middle  can
              fake  the  identity of the server by presenting you a fraudulent certificate issued
              by some CA that happens to be in your trust list.  However, you have to update  the
              fingerprint whenever the server certificate changes, and you have to make sure that
              the change is legitimate each time, e.g. when the old certificate expired. This  is
              inconvenient, but it's the price to pay.
              Information  about  a  server  certificate  can be obtained with --serverinfo --tls
              --tls-certcheck=off. This includes the issuer CA of the  certificate  (so  you  can
              trust  that  CA via tls_trust_file), and the fingerprint of the certificate (so you
              can trust that particular certificate via tls_fingerprint).
              TLS also allows the server to verify the identity of the client. For this  purpose,
              the  client  has to present a certificate issued by a CA that the server trusts. To
              present that certificate, the client also needs the matching key file. You can  set
              the  certificate and key files using tls_cert_file and tls_key_file. This mechanism
              can also be used to  authenticate  users,  so  that  traditional  user  /  password
              authentication is not necessary anymore. See the external mechanism in auth.
              You  can also use client certificates stored on some external authentication device
              by specifying GnuTLS device URIs in tls_cert_file and tls_key_file.  You  can  find
              the  correct  URIs  using  p11tool --list-privkeys --login (p11tool is bundled with
              GnuTLS). If your device requires a PIN to access the data,  you  can  specify  that
              using one of the password mechanisms (e.g. passwordeval, password).

       tls_starttls [(on|off)]
              Choose  the TLS variant: start TLS from within the session (on, default), or tunnel
              the session through TLS (off).

       tls_trust_file file
              Activate server certificate verification using  a  list  of  trusted  Certification
              Authorities  (CAs).  The  default  is the special value "system", which selects the
              system default. An empty argument disables trust in CAs.  If you select a file,  it
              must be in PEM format, and you should also use tls_crl_file.

       tls_crl_file [file]
              Deprecated.  This  sets  a certificate revocation list (CRL) file for TLS, to check
              for revoked certificates (an empty argument, which is the default, disables  this).
              Nowadays automatic OCSP checks replace CRL file checks.

       tls_fingerprint [fingerprint]
              Set  the  fingerprint  of  a single certificate to accept for TLS. This certificate
              will be trusted regardless of its contents (this  overrides  tls_trust_file).   The
              fingerprint  should  be of type SHA256, but can for backwards compatibility also be
              of type SHA1 or MD5 (please avoid this).  The  format  should  be  01:23:45:67:....
              Use  --serverinfo  --tls  --tls-certcheck=off  --tls-fingerprint= to get the server
              certificate fingerprint.

       tls_key_file file
              Send a client certificate to the server (use this  together  with  tls_cert_file}).
              The  file  must  contain  the  private key of a certificate in PEM format. An empty
              argument disables this feature.

       tls_cert_file file
              Send a client certificate to the server (use this together with tls_key_file).  The
              file  must  contain  a  certificate  in PEM format. An empty argument disables this
              feature.

       tls_certcheck [(on|off)]
              Enable or disable checks of the server certificate. They are  enabled  by  default.
              Disabling them will override tls_trust_file and tls_fingerprint.  WARNING: When the
              checks are disabled, TLS sessions will not be secure!

       tls_priorities [priorities]
              Set priorities for TLS session parameters. The default is set by  the  TLS  library
              and  can be selected by using an empty argument to this command. The interpretation
              of the priorities string depends on the TLS library.  Use  --version  to  find  out
              which TLS library you use.
              For GnuTLS, see the section on Priority Strings in the manual.
              For  libtls,  the  priorites  string is a space-separated list of parameter strings
              prefixed with either PROTOCOLS=, CIPHERS=, or ECDHECURVES=. These parameter strings
              will be passed to the functions tls_config_parse_protocols, tls_config_set_ciphers,
              and tls_config_set_ecdhecurves. Unrecognized parts of the priorities string will be
              ignored.      Example:      "PROTOCOLS=TLSv1.3      CIPHERS=ECDHE-RSA-AES128-SHA256
              ECDHECURVES=P-384".

       tls_host_override [host]
              By default, TLS host verification uses the host name given  by  the  host  command.
              This command allows one to use a different host name for verification. This is only
              useful in special cases.

       tls_min_dh_prime_bits [bits]
              Deprecated, use tls_priorities instead.  Set or unset the minimum number of Diffie-
              Hellman  (DH)  prime  bits accepted for TLS sessions. The default is set by the TLS
              library and can be selected by using an empty argument to this command. Only  lower
              the  default  (for  example  to 512 bits) if there is no other way to make TLS work
              with the remote server.

       delivery method method_arguments...
              How to deliver messages received from this account.

              delivery mda command
                     Deliver the mails through a mail delivery agent (MDA).
                     All occurrences of %F in the command will be replaced with the envelope from
                     address  of  the  current  message (or MAILER-DAEMON if none is found). Note
                     that this address is guaranteed to contain only letters a-z and A-Z,  digits
                     0-9,  and  any  of  ".@_-+/",  even  though that is only a subset of what is
                     theoretically allowed in a mail address. Other characters,  including  those
                     interpreted  by  the shell, are replaced with "_".  Nevertheless, you should
                     put %F into single quotes: '%F'.
                     Use "delivery mda /usr/bin/procmail -f '%F' -d $USER" for the procmail MDA.
                     Use "delivery mda /usr/sbin/sendmail -oi -oem -f '%F' -- $USER" to let  your
                     MTA handle the mail.
                     Use  "delivery  mda  /usr/local/bin/msmtp  --host=localhost  --from='%F'  --
                     $USER@`hostname`.`dnsdomainname`" to pass the mail to  your  MTA  via  SMTP.
                     (This is what fetchmail does by default.)

              delivery maildir directory
                     Deliver  the  mails to the given maildir directory. The directory must exist
                     and it must have the maildir subdirectories cur, new, and tmp; mpop will not
                     create  directories.  This  delivery  type  only  works on file systems that
                     support hard links.

              delivery mbox mbox-file
                     Deliver the mails to the given file in mbox format. The file will be  locked
                     with   fcntl(2).   mpop  uses  the  MBOXRD  mbox  format  variant;  see  the
                     documentation of the mbox format.

              delivery exchange directory
                     Deliver the mails to the given Exchange pickup directory. The directory must
                     exist.

              If the delivery method needs to parse the mail headers for an envelope from address
              (the mda method if the command contains %F, and the mbox method), then it needs  to
              create  a  temporary  file  to  store  the  mail headers (but not the body) in. See
              $TMPDIR in the FILES / ENVIRONMENT section.

       uidls_file filename
              The file to store UIDLs in. These are needed to identify new messages.  %U  in  the
              filename  will  be  replaced  by  the  username  of the current account.  %H in the
              filename will be replaced by the hostname of the current account.  If the  filename
              contains  directories  that  do  not exist, mpop will create them.  mpop locks this
              file for exclusive access when accessing the associated POP3 account.
              The default value is "~/.mpop_uidls/%U_at_%H". You can also use a single UIDLS file
              for  multiple accounts, but then you cannot poll more than one of these accounts at
              the same time.

       only_new [(on|off)]
              By default, mpop processes only new messages (new messages are those that were  not
              already  successfully  retrieved  in  an earlier session). If this option is turned
              off, mpop will process all messages.

       keep [(on|off)]
              Keep all mails on the POP3 server, never delete them. The default behaviour  is  to
              delete mails that have been successfully retrieved or filtered by kill filters.

       killsize (off|size)
              Mails  larger than the given size will be deleted (unless the keep command is used,
              in which case they will just be skipped).   The  size  argument  must  be  zero  or
              greater.  If  it  is  followed  by  a  `k'  or  an  `m',  the  size  is measured in
              kibibytes/mebibytes instead of bytes.  Note that some POP3 servers report  slightly
              incorrect sizes for mails; see NOTES below.
              When  killsize  is  set  to  0  and keep is set to on, then all mails are marked as
              retrieved, but no  mail  gets  deleted  from  the  server.  This  can  be  used  to
              synchronize the UID list on the client to the UID list on the server.

       skipsize (off|size)
              Mails  larger  than  the  given  size  will  be skipped (not downloaded).  The size
              argument must be zero or greater. If it is followed by a `k' or an `m', the size is
              measured  in  kibibytes/mebibytes  instead  of  bytes.  Note that some POP3 servers
              report slightly incorrect sizes for mails; see NOTES below.

       filter [command]
              Set a filter which will decide whether to retrieve, skip, or delete  each  mail  by
              investigating the mail's headers. The POP3 server must support the POP3 TOP command
              for this to work;  see  option  --serverinfo  above.  An  empty  argument  disables
              filtering.
              All  occurrences  of  %F  in  the  command  will be replaced with the envelope from
              address of the current message (or MAILER-DAEMON if none is found).  Note that this
              address  is  guaranteed to contain only letters a-z and A-Z, digits 0-9, and any of
              ".@_-+/", even though that is only a subset of what is theoretically allowed  in  a
              mail  address.  Other  characters,  including  those  interpreted by the shell, are
              replaced with "_". Nevertheless, you should put %F into single quotes: '%F'.
              All occurrences of %S in the command will be replaced with the size of the  current
              mail as reported by the POP3 server.
              The mail headers (plus the blank line separating the headers from the body) will be
              piped to the command. Based on the return code, mpop decides what to  do  with  the
              mail:
              0: proceed normally; no special action
              1: delete the mail; do not retrieve it
              2: skip the mail; do not retrieve it
              Return codes greater than or equal to 3 mean that an error occurred. The sysexits.h
              error codes may be used to give information about the kind of the error,  but  this
              is not necessary.

       received_header [(on|off)]
              Enable  or  disable  adding a Received header. By default, mpop prepends a Received
              header to the mail during delivery. This is required by the RFCs  if  the  mail  is
              subsequently further delivered e.g. via SMTP.

FILTERING

       There  are  three  filtering  commands  available.  They will be executed in the following
       order:
       killsize
       skipsize
       filter
       If a filtering command applies to a mail, the remaining filters will not be executed.

EXAMPLES

       Configuration file

       # Example for a user configuration file ~/.mpoprc
       #
       # This file focusses on TLS, authentication, and the mail delivery method.
       # Features not used here include mail filtering, timeouts, SOCKS proxies,
       # TLS parameters, and more.

       # Set default values for all following accounts.
       defaults

       # Always use TLS.
       tls on

       # Set a list of trusted CAs for TLS. The default is to use system settings, but
       # you can select your own file.
       #tls_trust_file /etc/ssl/certs/ca-certificates.crt

       # Deliver mail to an MBOX mail file:
       delivery mbox ~/Mail/inbox
       # Deliver mail to a maildir folder:
       #delivery maildir ~/Mail/incoming
       # Deliver mail via procmail:
       #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
       # Deliver mail via the local SMTP server:
       #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
       # Deliver mail to an Exchange pickup directory:
       #delivery exchange c:\exchange\pickup

       # Use an UIDLS file in ~/.local/share instead of ~/.mpop_uidls
       uidls_file ~/.local/share/%U_at_%H

       # A freemail service
       account freemail

       # Host name of the POP3 server
       host pop.freemail.example

       # As an alternative to tls_trust_file, you can use tls_fingerprint
       # to pin a single certificate. You have to update the fingerprint when the
       # server certificate changes, but an attacker cannot trick you into accepting
       # a fraudulent certificate. Get the fingerprint with
       # $ mpop --serverinfo --tls --tls-certcheck=off --host=pop.freemail.example
       #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

       # Authentication. The password is given using one of five methods, see below.
       user joe.smith

       # Password method 1: Add the password to the system keyring, and let mpop get
       # it automatically. To set the keyring password using Gnome's libsecret:
       # $ secret-tool store --label=mpop \
       #   host pop.freemail.example \
       #   service pop3 \
       #   user joe.smith

       # Password method 2: Store the password in an encrypted file, and tell mpop
       # which command to use to decrypt it. This is usually used with GnuPG, as in
       # this example. Usually gpg-agent will ask once for the decryption password.
       passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg

       # Password method 3: Store the password directly in this file. Usually it is not
       # a good idea to store passwords in cleartext files. If you do it anyway, at
       # least make sure that this file can only be read by yourself.
       #password secret123

       # Password method 4: Store the password in ~/.netrc. This method is probably not
       # relevant anymore.

       # Password method 5: Do not specify a password. Mpop will then prompt you for
       # it. This means you need to be able to type into a terminal when mpop runs.

       # A second mail box at the same freemail service
       account freemail2 : freemail
       user joey

       # The POP3 server of your ISP
       account isp
       host mail.isp.example
       auth on
       user 12345
       # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status: Yes"
       # header, and delete all mails with this header before downloading them.
       filter    if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       # Set a default account
       account default : freemail

       Filtering with SpamAssassin

       The command filter "/path/to/spamc -c > /dev/null" will delete all mails that SpamAssassin
       thinks  are  spam. Since no message body is passed to SpamAssassin, you should disable all
       body-specific tests in the SpamAssassin configuration file; for example set use_bayes 0.

       If your mail provider runs SpamAssassin for you, you just have to check  for  the  result.
       The following script can do that when used as an mpop filter:
       #!/bin/sh
       if [ "`grep "^X-Spam-Status: Yes"`" ]; then
           exit 1  # kill this message
       else
           exit 0  # proceed normally
       fi
       Since the filter command is passed to a shell, you can also use this directly:
       filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       Using mpop with Tor

       Use the following settings:
       proxy_host 127.0.0.1
       proxy_port 9050
       tls on
       Use  an  IP  address  as  proxy  host  name,  so  that mpop does not leak a DNS query when
       resolving it.
       TLS is required to prevent exit hosts from reading your POP3 session.

FILES

       ~/.mpoprc or $XDG_CONFIG_HOME/mpop/config
              Default configuration file.

       ~/.mpop_uidls
              Default directory to store UIDLs files in.

       ~/.netrc and SYSCONFDIR/netrc
              The netrc file contains login information. Before prompting for a  password,  msmtp
              will search it in ~/.netrc and SYSCONFDIR/netrc.

ENVIRONMENT

       $USER, $LOGNAME
              These  variables  override the user's login name. $LOGNAME is only used if $USER is
              unset. The user's login name is used for Received headers.

       $TMPDIR
              Directory to create temporary files in. If this is unset, a system specific default
              directory is used.

AUTHOR

       mpop was written by Martin Lambers <marlam@marlam.de>
       Other authors are listed in the AUTHORS file in the source distribution.

SEE ALSO

       procmail(1), spamassassin(1), netrc(5) or ftp(1), mbox(5), fcntl(2)

                                             2022-06                                      MPOP(1)