Provided by: mpop_1.2.3-1build1_amd64 bug

NAME

       mpop - A POP3 client

SYNOPSIS

       Mail retrieval mode (default):
              mpop [option...] [--] [account...]
              mpop --host=host [option...]

       Server information mode:
              mpop [option...] --serverinfo [account...]
              mpop --host=host [option...] --serverinfo

DESCRIPTION

       In mail retrieval mode of operation, mpop retrieves mails from one or more POP3 mailboxes,
       optionally does some filtering, and delivers them through a mail delivery agent (MDA),  to
       a  maildir folder, or to an mbox file.  Mails that were successfully delivered before will
       not be retrieved a second time, even if errors occur or mpop is terminated in  the  middle
       of a session.
       In server information mode, mpop prints information about one or more POP3 servers.
       If no account names are given on the command line, one named default will be used.
       The best way to start is probably to have a look at the EXAMPLES section.

EXIT STATUS

       The standard sendmail exit codes are used, as defined in sysexits.h.

OPTIONS

       Options override configuration file settings, for every used account.

       General Options

              --version
                     Print version information, including information about the libraries used.

              --help Print help.

              -P, --pretend
                     Print the configuration settings that would be used, but do not take further
                     action.  An asterisk (`*') will be printed instead of your password.

              -d, --debug
                     Print lots of debugging information, including the whole  conversation  with
                     the  server. Be careful with this option: the (potentially dangerous) output
                     will not be sanitized, and your  password  may  get  printed  in  an  easily
                     decodable format!
                     This   option  implies  --half-quiet,  because  the  progress  output  would
                     interfere with the debugging output.

       Changing the mode of operation

              -S, --serverinfo
                     Print  information  about  the  POP3  server(s)  and  exit.  This   includes
                     information  about  supported  features (pipelining, authentication methods,
                     TOP command, ...), about parameters  (time  for  which  mails  will  not  be
                     deleted,  minimum  time  between logins, ...), and about the TLS certificate
                     (if TLS is active).

       Configuration options

              -C, --file=conffile
                     Use the given file instead of ~/.mpoprc as configuration file.

              --host=hostname
                     Use this server with  settings  from  the  command  line;  do  not  use  any
                     configuration  file  data. This option disables loading of the configuration
                     file. You cannot use both this option and account names on the command line.

              --port=number
                     Set the port number to connect to. See the port command.

              --timeout=(off|seconds)
                     Set a network timeout. See the timeout command.

              --pipelining=(auto|on|off)
                     Enable or disable POP3 pipelining. See the pipelining command.

              --proxy-host=[IP|hostname]
                     Set or unset a SOCKS proxy to use. See the proxy_host command.

              --proxy-port=[number]
                     Set or unset a port number for the proxy host. See the proxy_port command.

              --received-header[=(on|off)]
                     Enable or disable the Received header. See the received_header command.

              --auth[=(on|method)]
                     Set the authentication method to automatic (with "on") or manually choose an
                     authentication method. See the auth command.

              --user=[username]
                     Set or unset the user name for authentication. See the user command.

              --passwordeval=[eval]
                     Evaluate password for authentication. See the passwordeval command.

              --tls[=(on|off)]
                     Enable or disable TLS/SSL. See the tls command.

              --tls-starttls[=(on|off)]
                     Enable or disable STARTTLS for TLS. See the tls_starttls command.

              --tls-trust-file=[file]
                     Set or unset a trust file for TLS. See the tls_trust_file command.

              --tls-crl-file=[file]
                     Set  or  unset  a  certificate  revocation  list (CRL) file for TLS. See the
                     tls_crl_file command.

              --tls-fingerprint=[fingerprint]
                     Set ot  unset  the  fingerprint  of  a  trusted  TLS  certificate.  See  the
                     tls_fingerprint command.

              --tls-key-file=[file]
                     Set or unset a key file for TLS. See the tls_key_file command.

              --tls-cert-file=[file]
                     Set or unset a cert file for TLS. See the tls_cert_file command.

              --tls-certcheck[=(on|off)]
                     Enable  or  disable server certificate checks for TLS. See the tls_certcheck
                     command.

              --tls-min-dh-prime-bits=[bits]
                     Set or unset minimum bit size of the Diffie-Hellmann  (DH)  prime.  See  the
                     tls_min_dh_prime_bits command.

              --tls-priorities=[priorities]
                     Set or unset TLS priorities. See the tls_priorities command.

       Options specific to mail retrieval mode

              -q, --quiet
                     Do not print status or progress information.

              -Q, --half-quiet
                     Print status but not progress information.

              -a, --all-accounts
                     Query all accounts in the configuration file.

              -A, --auth-only
                     Authenticate only; do not retrieve mail. Useful for SMTP-after-POP.

              -s, --status-only
                     Print number and size of mails in each account only; do not retrieve mail.

              -n, --only-new[=(on|off)]
                     Process only new messages. See the only_new command.

              -k, --keep[=(on|off)]
                     Do  not  delete  mails  from  POP3  servers,  regardless of other options or
                     settings.  See the keep command.

              --killsize=(off|size)
                     Set or unset kill size. See the killsize command.

              --skipsize=(off|size)
                     Set or unset skip size. See the skipsize command.

              --filter=[program]
                     Set a filter which will decide whether to retrieve,  skip,  or  delete  each
                     mail by investigating the mail's headers. See the filter command.

              --delivery=method,method_arguments...
                     How  to  deliver  messages  received  from  this  account.  See the delivery
                     command. Note that a comma is used instead of a blank to separate the method
                     from its arguments.

              --uidls-file=filename
                     File to store UIDLs in. See the uidls_file command.

USAGE

       The  default  configuration  file  is  ~/.mpoprc.  Settings in this file can be changed by
       command line options.
       A configuration file is a simple text file. Empty lines and comment lines (first non-blank
       character  is '#') are ignored. Every other line must contain a command and may contain an
       argument to that command.  The argument may be enclosed in double quotes (").
       If a file name starts with the tilde (~), this tilde will be replaced by $HOME.
       If a command accepts the argument on, it also accepts an empty argument and treats that as
       if it was on.
       Commands  are  organized  in  accounts.  Each  account starts with the account command and
       defines the settings for one POP3 account.

       Commands are as follows:

       defaults
              Set defaults. The following configuration commands will set default values for  all
              following account definitions.

       account name [:account[,...]]
              Start  a new account definition with the given name. The current default values are
              filled in.
              If a colon and a list of previously defined accounts is  given  after  the  account
              name, the new account, with the filled in default values, will inherit all settings
              from the accounts in the list.

       host hostname
              The POP3 server to retrieve mails from.  The argument may  be  a  host  name  or  a
              network address.  Every account definition must contain this command.

       port number
              The  port  that the POP3 server listens on. The default is 110 ("pop3"), unless TLS
              without STARTTLS is used, in which case it is 995 ("pop3s").

       timeout (off|seconds)
              Set or unset a network timeout,  in  seconds.  The  default  is  180  seconds.  The
              argument  off  means  that  no  timeout will be set, which means that the operating
              system default will be used.

       pipelining (auto|on|off)
              Enable or disable POP3 pipelining. You should never  need  to  change  the  default
              setting,  which  is  auto:  mpop enables pipelining for POP3 servers that advertise
              this capability, and disables it for all other servers.  Pipelining can speed up  a
              POP3 session substantially.

       proxy_host [IP|hostname]
              Use  a  SOCKS proxy. All network traffic will go through this proxy host, including
              DNS queries, except for a DNS query that might be necessary to  resolve  the  proxy
              host  name  itself (this can be avoided by using an IP address as proxy host name).
              An empty hostname argument disables proxy  usage.   The  supported  SOCKS  protocol
              version  is  5.  If  you  want to use this with Tor, see also "Using mpop with Tor"
              below.

       proxy_port [number]
              Set the port number for the proxy host. An empty number argument resets this to the
              default port, which is 1080 ("socks").

       auth [(on|method)]
              Choose  an  authentication  method.  The  default  argument  on  chooses  a  method
              automatically.
              Usually a user name and a password are used for authentication. The  user  name  is
              specified in the configuration file with the user command. There are five different
              methods to specify the password:
              1. Add the password to the system key ring.  Currently supported key rings are  the
              Gnome  key ring and the Mac OS X Keychain.  For the Gnome key ring, use the command
              secret-tool (part of Gnome's  libsecret)  to  store  passwords:  secret-tool  store
              --label=mpop  host  pop.freemail.example service pop3 user joe.smith.  On Mac OS X,
              use the Keychain Access GUI application.  The account name  is  same  as  the  user
              name. The keychain item name is pop3://<hostname> where <hostname> matches the host
              argument.
              2. Store the password in an encrypted files, and  use  passwordeval  to  specify  a
              command to decrypt that file, e.g. using GnuPG. See EXAMPLES.
              3.  Store  the  password  in  the  configuration  file  using the password command.
              (Usually it is not considered a good idea to store passwords in plain  text  files.
              If  you  do  it  anyway,  you  must  make  sure  that  the file can only be read by
              yourself.)
              4. Store the password in ~/.netrc. This method is probably obsolete.
              5. Type the password into the terminal when it is required.
              It is recommended to use method 1 or 2.
              Multiple authentication methods exist. Most servers  support  only  some  of  them.
              Historically,  sophisticated methods were developed to protect passwords from being
              sent unencrypted to the server, but nowadays everybody needs  TLS  anyway,  so  the
              simple   methods   suffice  since  the  whole  session  is  protected.  A  suitable
              authentication method is chosen automatically, and when TLS is  disabled  for  some
              reason, only methods that avoid sending clear text passwords are considered.
              The  following  user  /  password  methods are supported: user (a simple plain text
              method supported by all servers), plain (another simple  plain  text  method,  with
              base64  encoding,  supported  by  almost  all  servers), scram-sha-1 (a method that
              avoids clear-text passwords), cram-md5 (an obsolete method that  avoids  clear-text
              passwords),  apop  (an  obsolete  method  that  avoids clear-text passwords, but is
              vulnerable to man-in-the-middle attacks), digest-md5 (an  overcomplicated  obsolete
              method  that  avoids  clear-text  passwords, but is not considered secure anymore),
              login (a non-standard clear-text  method  similar  to  but  worse  than  the  plain
              method),  ntlm  (an  obscure  non-standard method that is now considered broken; it
              sometimes requires a special domain parameter passed via ntlmdomain).
              There are currently two authentication  methods  that  are  not  based  on  user  /
              password  information  and have to be chosen manually: external (the authentication
              happens outside of the protocol, typically by sending a TLS client certificate, and
              the  method  merely  confirms  that this authentication succeeded), and gssapi (the
              Kerberos framework takes care  of  secure  authentication,  only  a  user  name  is
              required).
              It  depends  on  the  underlying  authentication  library and its version whether a
              particular method is supported or not. Use --version to find out which methods  are
              supported.

       user login
              Set the user name for authentication. An empty argument unsets the user name.

       password secret
              Set  the  password  for  authentication.  An  empty  argument  unsets the password.
              Consider using the passwordeval command or a key ring instead of this  command,  to
              avoid storing plain text passwords in the configuration file.

       passwordeval [eval]
              Set  the  password  for  authentication to the output (stdout) of the command eval.
              This can be used e.g. to decrypt password files on the fly or to query  key  rings,
              and thus to avoid storing plain text passwords.

       ntlmdomain [domain]
              Set a domain for the ntlm authentication method. This is obsolete.

       tls [(on|off)]
              Enable  or  disable TLS (also known as SSL) for secured connections.  You also need
              tls_trust_file or tls_fingerprint, and for some servers you  may  need  to  disable
              tls_starttls.
              Transport  Layer  Security  (TLS)  "...  provides  communications  privacy over the
              Internet.  The protocol allows client/server applications to communicate in  a  way
              that  is  designed  to prevent eavesdropping, tampering, or message forgery" (quote
              from RFC2246).
              A server can use TLS in one of two modes:  via  a  STARTTLS  command  (the  session
              starts  with  the normal protocol initialization, and TLS is then started using the
              protocol's STARTTLS command), or immediately (TLS is initialized before the  normal
              protocol  initialization;  this  requires  a  separate port). The first mode is the
              default, but you can switch to the second mode by disabling tls_starttls.
              When TLS is started, the server sends a certificate to identify itself.  To  verify
              the  server identity, a client program is expected to check that the certificate is
              formally correct and that it was issued by a Certificate Authority  (CA)  that  the
              user trusts. (There can also be certificate chains with intermediate CAs.)
              The  list  of  trusted  CAs is specified using the tls_trust_file command.  Usually
              there     is     some     system-wide     default     file     available,      e.g.
              /etc/ssl/certs/ca-certificates.crt on Debian-based systems, but you can also choose
              to select the trusted CAs yourself.
              One practical problem with this approach is that the  client  program  should  also
              check  if  the  server  certificate  has  been  revoked  for  some  reason, using a
              Certificate  Revocation  List  (CRL).  A  CRL  file  can  be  specified  using  the
              tls_crl_file  command,  but  getting  the relevant CRL files and keeping them up to
              date is not straightforward. You are basically on your own.
              A much more serious and fundamental problem is is that you need to trust CAs.  Like
              any  other  organization,  a  CA  can  be  incompetent, malicious, subverted by bad
              people, or forced by government agencies to compromise end  users  without  telling
              them.  All  of these things happened and continue to happen worldwide.  The idea to
              have central organizations that have to be trusted for  your  communication  to  be
              secure is fundamentally broken.
              Instead of putting trust in a CA, you can choose to trust only a single certificate
              for the server you want to connect to. For that purpose,  specify  the  certificate
              fingerprint  with  tls_fingerprint.  This  makes sure that no man-in-the-middle can
              fake the identity of the server by presenting you a fraudulent  certificate  issued
              by  some CA that happens to be in your trust list.  However, you have to update the
              fingerprint whenever the server certificate changes, and you have to make sure that
              the  change is legitimate each time, e.g. when the old certificate expired. This is
              inconvenient, but it's the price to pay.
              Information about a server certificate can  be  obtained  with  --serverinfo  --tls
              --tls-certcheck=off.  This  includes  the  issuer CA of the certificate (so you can
              trust that CA via tls_trust_file), and the fingerprint of the certificate  (so  you
              can trust that particular certificate via tls_fingerprint).
              TLS  also allows the server to verify the identity of the client. For this purpose,
              the client has to present a certificate issued by a CA that the server  trusts.  To
              present  that certificate, the client also needs the matching key file. You can set
              the certificate and key files using tls_cert_file and tls_key_file. This  mechanism
              can  also  be  used  to  authenticate  users,  so  that traditional user / password
              authentication is not necessary anymore. See the external mechanism in auth.

       tls_starttls [(on|off)]
              Choose the TLS variant: start TLS from within the session (on, default), or  tunnel
              the session through TLS (off).

       tls_trust_file file
              Activate  server  certificate  verification  using  a  list of truted Certification
              Authorities (CAs). The file must be in PEM format. Some systems provide  a  system-
              wide  default file, e.g. /etc/ssl/certs/ca-certificates.crt on Debian-based systems
              with the ca-certificates package.  An empty argument disables this. You should also
              use tls_crl_file.

       tls_crl_file [file]
              Set  a  certificate  revocation  list  (CRL)  file  for  TLS,  to check for revoked
              certificates. An empty argument disables this.

       tls_fingerprint [fingerprint]
              Set the fingerprint of a single certificate to accept  for  TLS.  This  certificate
              will  be  trusted regardless of its contents. The fingerprint can be either an SHA1
              (recommended) or an MD5 fingerprint in the format 01:23:45:67:.... Use --serverinfo
              --tls --tls-certcheck=off to get the server certificate fingerprints.

       tls_key_file file
              Send  a  client  certificate to the server (use this together with tls_cert_file}).
              The file must contain the private key of a certificate  in  PEM  format.  An  empty
              argument disables this feature.

       tls_cert_file file
              Send a client certificate to the server (use this together with tls_key_file).  The
              file must contain a certificate in PEM format.  An  empty  argument  disables  this
              feature.

       tls_certcheck [(on|off)]
              Enable  or  disable checks of the server certificate.  WARNING: When the checks are
              disabled, TLS sessions will be vulnerable to man-in-the-middle attacks!

       tls_min_dh_prime_bits [bits]
              Set or unset the minimum number of Diffie-Hellman (DH) prime bits  that  mpop  will
              accept for TLS sessions.  The default is set by the TLS library and can be selected
              by using an empty argument to this command.  Only lower the default (for example to
              512 bits) if there is no other way to make TLS work with the remote server.

       tls_priorities [priorities]
              Set  the priorities for TLS sessions. The default is set by the TLS library and can
              be  selected  by  using  an  empty  argument  to  this  command.   See  the  GnuTLS
              documentation  of  the  gnutls_priority_init  function  for  a  description  of the
              priorities string.

       delivery method method_arguments...
              How to deliver messages received from this account.

              delivery mda command
                     Deliver the mails through a mail delivery agent (MDA).
                     All occurrences of %F in the command will be replaced with the envelope from
                     address  of  the  current  message (or MAILER-DAEMON if none is found). Note
                     that this address is guaranteed to contain only letters a-z and A-Z,  digits
                     0-9,  and  any  of  ".@_-+/",  even  though that is only a subset of what is
                     theoretically allowed in a mail address. Other characters,  including  those
                     interpreted  by  the shell, are replaced with "_".  Nevertheless, you should
                     put %F into single quotes: '%F'.
                     Use "delivery mda /usr/bin/procmail -f '%F' -d $USER" for the procmail MDA.
                     Use "delivery mda /usr/sbin/sendmail -oi -oem -f '%F' -- $USER" to let  your
                     MTA handle the mail.
                     Use  "delivery  mda  /usr/local/bin/msmtp  --host=localhost  --from='%F'  --
                     $USER@`hostname`.`dnsdomainname`" to pass the mail to  your  MTA  via  SMTP.
                     (This is what fetchmail does by default.)

              delivery maildir directory
                     Deliver  the  mails to the given maildir directory. The directory must exist
                     and it must have the maildir subdirectories cur, new, and tmp; mpop will not
                     create  directories.  This  delivery  type  only  works on file systems that
                     support hard links.

              delivery mbox mbox-file
                     Deliver the mails to the given file in mbox format. The file will be  locked
                     with   fcntl(2).   mpop  uses  the  MBOXRD  mbox  format  variant;  see  the
                     documentation of the mbox format.

              delivery exchange directory
                     Deliver the mails to the given Exchange pickup directory. The directory must
                     exist.

              If the delivery method needs to parse the mail headers for an envelope from address
              (the mda method if the command contains %F, and the mbox method), then it needs  to
              create  a  temporary  file  to  store  the  mail headers (but not the body) in. See
              $TMPDIR in the FILES / ENVIRONMENT section.

       uidls_file filename
              The file to store UIDLs in. These are needed to identify new messages.  %U  in  the
              filename  will  be  replaced  by  the  username  of the current account.  %H in the
              filename will be replaced by the hostname of the current account.  If the  filename
              contains  directories  that  do  not exist, mpop will create them.  mpop locks this
              file for exclusive access when accessing the associated POP3 account.
              The default value is "~/.mpop_uidls/%U_at_%H". You can also use a single UIDLS file
              for  multiple accounts, but then you cannot poll more than one of these accounts at
              the same time.

       only_new [(on|off)]
              By default, mpop processes only new messages (new messages are those that were  not
              already  successfully  retrieved  in  an earlier session). If this option is turned
              off, mpop will process all messages.

       keep [(on|off)]
              Keep all mails on the POP3 server, never delete them. The default behaviour  is  to
              delete mails that have been successfully retrieved or filtered by kill filters.

       killsize (off|size)
              Mails  larger than the given size will be deleted (unless the keep command is used,
              in which case they will just be skipped).   The  size  argument  must  be  zero  or
              greater.  If  it  is  followed  by  a  `k'  or  an  `m',  the  size  is measured in
              kibibytes/mebibytes instead of bytes.  Note that some POP3 servers report  slightly
              incorrect sizes for mails; see NOTES below.
              When  killsize  is  set  to  0  and keep is set to on, then all mails are marked as
              retrieved, but no  mail  gets  deleted  from  the  server.  This  can  be  used  to
              synchronize the UID list on the client to the UID list on the server.

       skipsize (off|size)
              Mails  larger  than  the  given  size  will  be skipped (not downloaded).  The size
              argument must be zero or greater. If it is followed by a `k' or an `m', the size is
              measured  in  kibibytes/mebibytes  instead  of  bytes.  Note that some POP3 servers
              report slightly incorrect sizes for mails; see NOTES below.

       filter [command]
              Set a filter which will decide whether to retrieve, skip, or delete  each  mail  by
              investigating the mail's headers. The POP3 server must support the POP3 TOP command
              for this to work;  see  option  --serverinfo  above.  An  empty  argument  disables
              filtering.
              All  occurrences  of  %F  in  the  command  will be replaced with the envelope from
              address of the current message (or MAILER-DAEMON if none is found).  Note that this
              address  is  guaranteed to contain only letters a-z and A-Z, digits 0-9, and any of
              ".@_-+/", even though that is only a subset of what is theoretically allowed  in  a
              mail  address.  Other  characters,  including  those  interpreted by the shell, are
              replaced with "_". Nevertheless, you should put %F into single quotes: '%F'.
              All occurrences of %S in the command will be replaced with the size of the  current
              mail as reported by the POP3 server.
              The mail headers (plus the blank line separating the headers from the body) will be
              piped to the command. Based on the return code, mpop decides what to  do  with  the
              mail:
              0: proceed normally; no special action
              1: delete the mail; do not retrieve it
              2: skip the mail; do not retrieve it
              Return  codes greater than or equal to 3 mean that an error occured. The sysexits.h
              error codes may be used to give information about the kind of the error,  but  this
              is not necessary.

       received_header [(on|off)]
              Enable  or  disable  adding a Received header. By default, mpop prepends a Received
              header to the mail during delivery. This is required by the RFCs  if  the  mail  is
              subsequently further delivered e.g. via SMTP.

FILTERING

       There  are  three  filtering  commands  available.  They will be executed in the following
       order:
       killsize
       skipsize
       filter
       If a filtering command applies to a mail, the remaining filters will not be executed.

EXAMPLES

       Configuration file

       # Example for a user configuration file ~/.mpoprc
       #
       # This file focusses on TLS, authentication, and the mail delivery method.
       # Features not used here include mail filtering, timeouts, SOCKS proxies,
       # TLS parameters, and more.

       # Set default values for all following accounts.
       defaults

       # Always use TLS.
       tls on

       # Set a list of trusted CAs for TLS. You can use a system-wide default file,
       # as in this example, or download the root certificate of your CA and use that.
       tls_trust_file /etc/ssl/certs/ca-certificates.crt

       # Additionally, you should use the tls_crl_file command to check for revoked
       # certificates, but unfortunately getting revocation lists and keeping them
       # up to date is not straightforward.
       #tls_crl_file ~/.tls-crls

       # Deliver mail to an MBOX mail file:
       delivery mbox ~/Mail/inbox
       # Deliver mail to a maildir folder:
       #delivery maildir ~/Mail/incoming
       # Deliver mail via procmail:
       #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
       # Deliver mail via the local SMTP server:
       #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
       # Deliver mail to an Exchange pickup directory:
       #delivery exchange c:\exchange\pickup

       # A freemail service
       account freemail

       # Host name of the POP3 server
       host pop.freemail.example

       # As an alternative to tls_trust_file/tls_crl_file, you can use tls_fingerprint
       # to pin a single certificate. You have to update the fingerprint when the
       # server certificate changes, but an attacker cannot trick you into accepting
       # a fraudulent certificate. Get the fingerprint with
       # $ mpop --serverinfo --tls --tls-certcheck=off --host=pop.freemail.example
       tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

       # Authentication. The password is given using one of five methods, see below.
       user joe.smith

       # Password method 1: Add the password to the system keyring, and let mpop get
       # it automatically. To set the keyring password using Gnome's libsecret:
       # $ secret-tool store --label=mpop \
       #   host pop.freemail.example \
       #   service pop3 \
       #   user joe.smith

       # Password method 2: Store the password in an encrypted file, and tell mpop
       # which command to use to decrypt it. This is usually used with GnuPG, as in
       # this example. Usually gpg-agent will ask once for the decryption password.
       passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg

       # Password method 3: Store the password directly in this file. Usually it is not
       # a good idea to store passwords in plain text files. If you do it anyway, at
       # least make sure that this file can only be read by yourself.
       #password secret123

       # Password method 4: Store the password in ~/.netrc. This method is probably not
       # relevant anymore.

       # Password method 5: Do not specify a password. Mpop will then prompt you for
       # it. This means you need to be able to type into a terminal when mpop runs.

       # A second mail box at the same freemail service
       account freemail2 : freemail
       user joey

       # The POP3 server of your ISP
       account isp
       host mail.isp.example
       auth on
       user 12345
       # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status: Yes"
       # header, and delete all mails with this header before downloading them.
       filter    if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       # Set a default account
       account default : freemail

       Filtering with SpamAssassin

       The command filter "/path/to/spamc -c > /dev/null" will delete all mails that SpamAssassin
       thinks  are  spam. Since no message body is passed to SpamAssassin, you should disable all
       body-specific tests in the SpamAssassin configuration file; for example set use_bayes 0.

       If your mail provider runs SpamAssassin for you, you just have to check  for  the  result.
       The following script can do that when used as an mpop filter:
       #!/bin/sh
       if [ "`grep "^X-Spam-Status: Yes"`" ]; then
           exit 1  # kill this message
       else
           exit 0  # proceed normally
       fi
       Since the filter command is passed to a shell, you can also use this directly:
       filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       Using mpop with Tor

       Use the following settings:
       proxy_host 127.0.0.1
       proxy_port 9050
       tls on
       Use  an  IP  address  as  proxy  host  name,  so  that mpop does not leak a DNS query when
       resolving it.
       TLS is required to prevent exit hosts from  reading  your  POP3  session.  You  also  need
       tls_trust_file or tls_fingerprint to check the server identity.

FILES

       ~/.mpoprc
              Default configuration file.

       ~/.mpop_uidls
              Default directory to store UIDLs files in.

       ~/.netrc and SYSCONFDIR/netrc
              The  netrc  file contains login information. Before prompting for a password, msmtp
              will search it in ~/.netrc and SYSCONFDIR/netrc.

ENVIRONMENT

       $USER, $LOGNAME
              These variables override the user's login name. $LOGNAME is only used if  $USER  is
              unset. The user's login name is used for Received headers.

       $TMPDIR
              Directory to create temporary files in. If this is unset, a system specific default
              directory is used.

AUTHOR

       mpop was written by Martin Lambers <marlam@marlam.de>
       Other authors are listed in the AUTHORS file in the source distribution.

SEE ALSO

       procmail(1), spamassassin(1), netrc(5) or ftp(1), mbox(5), fcntl(2)

                                             2015-01                                      MPOP(1)