xenial (1) mpop.1.gz

Provided by: mpop_1.2.3-1build1_amd64 bug

NAME

       mpop - A POP3 client

SYNOPSIS

       Mail retrieval mode (default):
              mpop [option...] [--] [account...]
              mpop --host=host [option...]

       Server information mode:
              mpop [option...] --serverinfo [account...]
              mpop --host=host [option...] --serverinfo

DESCRIPTION

       In  mail  retrieval  mode  of operation, mpop retrieves mails from one or more POP3 mailboxes, optionally
       does some filtering, and delivers them through a mail delivery agent (MDA), to a maildir folder, or to an
       mbox  file.   Mails  that were successfully delivered before will not be retrieved a second time, even if
       errors occur or mpop is terminated in the middle of a session.
       In server information mode, mpop prints information about one or more POP3 servers.
       If no account names are given on the command line, one named default will be used.
       The best way to start is probably to have a look at the EXAMPLES section.

EXIT STATUS

       The standard sendmail exit codes are used, as defined in sysexits.h.

OPTIONS

       Options override configuration file settings, for every used account.

       General Options

              --version
                     Print version information, including information about the libraries used.

              --help Print help.

              -P, --pretend
                     Print the configuration settings that would be used, but do not take  further  action.   An
                     asterisk (`*') will be printed instead of your password.

              -d, --debug
                     Print  lots  of debugging information, including the whole conversation with the server. Be
                     careful with this option: the (potentially dangerous) output will  not  be  sanitized,  and
                     your password may get printed in an easily decodable format!
                     This  option  implies  --half-quiet,  because  the progress output would interfere with the
                     debugging output.

       Changing the mode of operation

              -S, --serverinfo
                     Print information about the POP3  server(s)  and  exit.  This  includes  information  about
                     supported features (pipelining, authentication methods, TOP command, ...), about parameters
                     (time for which mails will not be deleted, minimum time between logins, ...), and about the
                     TLS certificate (if TLS is active).

       Configuration options

              -C, --file=conffile
                     Use the given file instead of ~/.mpoprc as configuration file.

              --host=hostname
                     Use  this  server  with  settings  from the command line; do not use any configuration file
                     data. This option disables loading of the configuration file.  You  cannot  use  both  this
                     option and account names on the command line.

              --port=number
                     Set the port number to connect to. See the port command.

              --timeout=(off|seconds)
                     Set a network timeout. See the timeout command.

              --pipelining=(auto|on|off)
                     Enable or disable POP3 pipelining. See the pipelining command.

              --proxy-host=[IP|hostname]
                     Set or unset a SOCKS proxy to use. See the proxy_host command.

              --proxy-port=[number]
                     Set or unset a port number for the proxy host. See the proxy_port command.

              --received-header[=(on|off)]
                     Enable or disable the Received header. See the received_header command.

              --auth[=(on|method)]
                     Set the authentication method to automatic (with "on") or manually choose an authentication
                     method. See the auth command.

              --user=[username]
                     Set or unset the user name for authentication. See the user command.

              --passwordeval=[eval]
                     Evaluate password for authentication. See the passwordeval command.

              --tls[=(on|off)]
                     Enable or disable TLS/SSL. See the tls command.

              --tls-starttls[=(on|off)]
                     Enable or disable STARTTLS for TLS. See the tls_starttls command.

              --tls-trust-file=[file]
                     Set or unset a trust file for TLS. See the tls_trust_file command.

              --tls-crl-file=[file]
                     Set or unset a certificate revocation  list  (CRL)  file  for  TLS.  See  the  tls_crl_file
                     command.

              --tls-fingerprint=[fingerprint]
                     Set ot unset the fingerprint of a trusted TLS certificate. See the tls_fingerprint command.

              --tls-key-file=[file]
                     Set or unset a key file for TLS. See the tls_key_file command.

              --tls-cert-file=[file]
                     Set or unset a cert file for TLS. See the tls_cert_file command.

              --tls-certcheck[=(on|off)]
                     Enable or disable server certificate checks for TLS. See the tls_certcheck command.

              --tls-min-dh-prime-bits=[bits]
                     Set   or   unset   minimum   bit   size   of   the  Diffie-Hellmann  (DH)  prime.  See  the
                     tls_min_dh_prime_bits command.

              --tls-priorities=[priorities]
                     Set or unset TLS priorities. See the tls_priorities command.

       Options specific to mail retrieval mode

              -q, --quiet
                     Do not print status or progress information.

              -Q, --half-quiet
                     Print status but not progress information.

              -a, --all-accounts
                     Query all accounts in the configuration file.

              -A, --auth-only
                     Authenticate only; do not retrieve mail. Useful for SMTP-after-POP.

              -s, --status-only
                     Print number and size of mails in each account only; do not retrieve mail.

              -n, --only-new[=(on|off)]
                     Process only new messages. See the only_new command.

              -k, --keep[=(on|off)]
                     Do not delete mails from POP3 servers, regardless of other options or  settings.   See  the
                     keep command.

              --killsize=(off|size)
                     Set or unset kill size. See the killsize command.

              --skipsize=(off|size)
                     Set or unset skip size. See the skipsize command.

              --filter=[program]
                     Set  a  filter  which  will  decide  whether  to  retrieve,  skip,  or  delete each mail by
                     investigating the mail's headers. See the filter command.

              --delivery=method,method_arguments...
                     How to deliver messages received from this account. See the delivery command. Note  that  a
                     comma is used instead of a blank to separate the method from its arguments.

              --uidls-file=filename
                     File to store UIDLs in. See the uidls_file command.

USAGE

       The  default  configuration  file  is  ~/.mpoprc.   Settings  in this file can be changed by command line
       options.
       A configuration file is a simple text file. Empty lines and comment lines (first non-blank  character  is
       '#')  are  ignored.  Every other line must contain a command and may contain an argument to that command.
       The argument may be enclosed in double quotes (").
       If a file name starts with the tilde (~), this tilde will be replaced by $HOME.
       If a command accepts the argument on, it also accepts an empty argument and treats that as if it was on.
       Commands are organized in accounts. Each account starts with the account command and defines the settings
       for one POP3 account.

       Commands are as follows:

       defaults
              Set  defaults.  The  following  configuration  commands  will set default values for all following
              account definitions.

       account name [:account[,...]]
              Start a new account definition with the given name. The current default values are filled in.
              If a colon and a list of previously defined accounts is given after  the  account  name,  the  new
              account,  with  the  filled  in default values, will inherit all settings from the accounts in the
              list.

       host hostname
              The POP3 server to retrieve mails from.  The argument may be a host name  or  a  network  address.
              Every account definition must contain this command.

       port number
              The port that the POP3 server listens on. The default is 110 ("pop3"), unless TLS without STARTTLS
              is used, in which case it is 995 ("pop3s").

       timeout (off|seconds)
              Set or unset a network timeout, in seconds. The default is 180 seconds.  The  argument  off  means
              that no timeout will be set, which means that the operating system default will be used.

       pipelining (auto|on|off)
              Enable  or  disable POP3 pipelining. You should never need to change the default setting, which is
              auto: mpop enables pipelining for POP3 servers that advertise this capability, and disables it for
              all other servers.  Pipelining can speed up a POP3 session substantially.

       proxy_host [IP|hostname]
              Use  a  SOCKS  proxy.  All network traffic will go through this proxy host, including DNS queries,
              except for a DNS query that might be necessary to resolve the proxy host name itself (this can  be
              avoided  by  using  an  IP  address as proxy host name). An empty hostname argument disables proxy
              usage.  The supported SOCKS protocol version is 5. If you want to use  this  with  Tor,  see  also
              "Using mpop with Tor" below.

       proxy_port [number]
              Set  the port number for the proxy host. An empty number argument resets this to the default port,
              which is 1080 ("socks").

       auth [(on|method)]
              Choose an authentication method. The default argument on chooses a method automatically.
              Usually a user name and a password are used for authentication. The user name is specified in  the
              configuration  file  with  the  user  command.  There  are  five  different methods to specify the
              password:
              1. Add the password to the system key ring.  Currently supported key rings are the Gnome key  ring
              and  the  Mac OS X Keychain.  For the Gnome key ring, use the command secret-tool (part of Gnome's
              libsecret) to store passwords: secret-tool store --label=mpop  host  pop.freemail.example  service
              pop3  user  joe.smith.  On Mac OS X, use the Keychain Access GUI application.  The account name is
              same as the user name. The keychain item name is pop3://<hostname> where  <hostname>  matches  the
              host argument.
              2.  Store the password in an encrypted files, and use passwordeval to specify a command to decrypt
              that file, e.g. using GnuPG. See EXAMPLES.
              3. Store the password in the configuration file using the password command.  (Usually  it  is  not
              considered a good idea to store passwords in plain text files.  If you do it anyway, you must make
              sure that the file can only be read by yourself.)
              4. Store the password in ~/.netrc. This method is probably obsolete.
              5. Type the password into the terminal when it is required.
              It is recommended to use method 1 or 2.
              Multiple authentication methods exist. Most servers support  only  some  of  them.   Historically,
              sophisticated  methods  were  developed  to  protect  passwords from being sent unencrypted to the
              server, but nowadays everybody needs TLS anyway, so the simple methods  suffice  since  the  whole
              session  is  protected.  A suitable authentication method is chosen automatically, and when TLS is
              disabled for some reason, only methods that avoid sending clear text passwords are considered.
              The following user / password methods are supported: user (a simple plain text method supported by
              all  servers),  plain (another simple plain text method, with base64 encoding, supported by almost
              all servers), scram-sha-1 (a method that  avoids  clear-text  passwords),  cram-md5  (an  obsolete
              method  that  avoids  clear-text  passwords),  apop  (an  obsolete  method  that avoids clear-text
              passwords, but  is  vulnerable  to  man-in-the-middle  attacks),  digest-md5  (an  overcomplicated
              obsolete  method that avoids clear-text passwords, but is not considered secure anymore), login (a
              non-standard clear-text method similar to but worse than the plain method), ntlm (an obscure  non-
              standard  method  that  is now considered broken; it sometimes requires a special domain parameter
              passed via ntlmdomain).
              There are currently two authentication methods that are not based on user /  password  information
              and  have  to  be  chosen  manually: external (the authentication happens outside of the protocol,
              typically by sending  a  TLS  client  certificate,  and  the  method  merely  confirms  that  this
              authentication succeeded), and gssapi (the Kerberos framework takes care of secure authentication,
              only a user name is required).
              It depends on the underlying authentication library and its version whether a particular method is
              supported or not. Use --version to find out which methods are supported.

       user login
              Set the user name for authentication. An empty argument unsets the user name.

       password secret
              Set  the  password  for authentication. An empty argument unsets the password.  Consider using the
              passwordeval command or a key ring instead of this command, to avoid storing plain text  passwords
              in the configuration file.

       passwordeval [eval]
              Set  the password for authentication to the output (stdout) of the command eval.  This can be used
              e.g. to decrypt password files on the fly or to query key rings, and thus to avoid  storing  plain
              text passwords.

       ntlmdomain [domain]
              Set a domain for the ntlm authentication method. This is obsolete.

       tls [(on|off)]
              Enable  or  disable TLS (also known as SSL) for secured connections.  You also need tls_trust_file
              or tls_fingerprint, and for some servers you may need to disable tls_starttls.
              Transport Layer Security (TLS) "...  provides  communications  privacy  over  the  Internet.   The
              protocol  allows  client/server  applications  to communicate in a way that is designed to prevent
              eavesdropping, tampering, or message forgery" (quote from RFC2246).
              A server can use TLS in one of two modes: via a STARTTLS command  (the  session  starts  with  the
              normal protocol initialization, and TLS is then started using the protocol's STARTTLS command), or
              immediately (TLS is initialized  before  the  normal  protocol  initialization;  this  requires  a
              separate  port). The first mode is the default, but you can switch to the second mode by disabling
              tls_starttls.
              When TLS is started, the server sends a certificate to  identify  itself.  To  verify  the  server
              identity,  a client program is expected to check that the certificate is formally correct and that
              it was issued by a Certificate Authority (CA) that the user trusts. (There can also be certificate
              chains with intermediate CAs.)
              The  list  of  trusted  CAs  is specified using the tls_trust_file command.  Usually there is some
              system-wide default  file  available,  e.g.   /etc/ssl/certs/ca-certificates.crt  on  Debian-based
              systems, but you can also choose to select the trusted CAs yourself.
              One  practical  problem  with  this  approach  is that the client program should also check if the
              server certificate has been revoked for some reason, using a Certificate Revocation List (CRL).  A
              CRL  file  can be specified using the tls_crl_file command, but getting the relevant CRL files and
              keeping them up to date is not straightforward. You are basically on your own.
              A much more serious and fundamental problem is is that you need to  trust  CAs.   Like  any  other
              organization, a CA can be incompetent, malicious, subverted by bad people, or forced by government
              agencies to compromise end users without telling them. All of these things happened  and  continue
              to  happen  worldwide.   The  idea  to have central organizations that have to be trusted for your
              communication to be secure is fundamentally broken.
              Instead of putting trust in a CA, you can choose to trust only a single certificate for the server
              you   want   to   connect   to.  For  that  purpose,  specify  the  certificate  fingerprint  with
              tls_fingerprint. This makes sure that no man-in-the-middle can fake the identity of the server  by
              presenting  you  a fraudulent certificate issued by some CA that happens to be in your trust list.
              However, you have to update the fingerprint whenever the server certificate changes, and you  have
              to  make sure that the change is legitimate each time, e.g. when the old certificate expired. This
              is inconvenient, but it's the price to pay.
              Information   about   a   server   certificate   can   be   obtained   with   --serverinfo   --tls
              --tls-certcheck=off.  This includes the issuer CA of the certificate (so you can trust that CA via
              tls_trust_file), and the fingerprint  of  the  certificate  (so  you  can  trust  that  particular
              certificate via tls_fingerprint).
              TLS  also allows the server to verify the identity of the client. For this purpose, the client has
              to present a certificate issued by a CA that the server trusts. To present that  certificate,  the
              client  also  needs  the  matching  key  file.  You  can  set  the certificate and key files using
              tls_cert_file and tls_key_file. This mechanism can also be used to  authenticate  users,  so  that
              traditional user / password authentication is not necessary anymore. See the external mechanism in
              auth.

       tls_starttls [(on|off)]
              Choose the TLS variant: start TLS from within the session (on, default),  or  tunnel  the  session
              through TLS (off).

       tls_trust_file file
              Activate  server  certificate verification using a list of truted Certification Authorities (CAs).
              The file  must  be  in  PEM  format.  Some  systems  provide  a  system-wide  default  file,  e.g.
              /etc/ssl/certs/ca-certificates.crt  on  Debian-based systems with the ca-certificates package.  An
              empty argument disables this. You should also use tls_crl_file.

       tls_crl_file [file]
              Set a certificate revocation list (CRL) file for TLS, to check for revoked certificates. An  empty
              argument disables this.

       tls_fingerprint [fingerprint]
              Set  the  fingerprint  of a single certificate to accept for TLS. This certificate will be trusted
              regardless of its contents. The fingerprint  can  be  either  an  SHA1  (recommended)  or  an  MD5
              fingerprint  in  the format 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off to get the
              server certificate fingerprints.

       tls_key_file file
              Send a client certificate to the server (use this together with tls_cert_file}).   The  file  must
              contain the private key of a certificate in PEM format. An empty argument disables this feature.

       tls_cert_file file
              Send  a  client  certificate  to  the server (use this together with tls_key_file).  The file must
              contain a certificate in PEM format. An empty argument disables this feature.

       tls_certcheck [(on|off)]
              Enable or disable checks of the server certificate.  WARNING: When the checks  are  disabled,  TLS
              sessions will be vulnerable to man-in-the-middle attacks!

       tls_min_dh_prime_bits [bits]
              Set  or  unset  the minimum number of Diffie-Hellman (DH) prime bits that mpop will accept for TLS
              sessions.  The default is set by the TLS library and can be selected by using an empty argument to
              this  command.   Only lower the default (for example to 512 bits) if there is no other way to make
              TLS work with the remote server.

       tls_priorities [priorities]
              Set the priorities for TLS sessions. The default is set by the TLS library and can be selected  by
              using an empty argument to this command.  See the GnuTLS documentation of the gnutls_priority_init
              function for a description of the priorities string.

       delivery method method_arguments...
              How to deliver messages received from this account.

              delivery mda command
                     Deliver the mails through a mail delivery agent (MDA).
                     All occurrences of %F in the command will be replaced with the envelope from address of the
                     current  message  (or MAILER-DAEMON if none is found). Note that this address is guaranteed
                     to contain only letters a-z and A-Z, digits 0-9, and any of ".@_-+/", even though  that  is
                     only  a  subset  of  what  is  theoretically  allowed  in a mail address. Other characters,
                     including those interpreted by the shell, are replaced with "_".  Nevertheless, you  should
                     put %F into single quotes: '%F'.
                     Use "delivery mda /usr/bin/procmail -f '%F' -d $USER" for the procmail MDA.
                     Use  "delivery mda /usr/sbin/sendmail -oi -oem -f '%F' -- $USER" to let your MTA handle the
                     mail.
                     Use    "delivery    mda    /usr/local/bin/msmtp     --host=localhost     --from='%F'     --
                     $USER@`hostname`.`dnsdomainname`"  to  pass  the  mail to your MTA via SMTP.  (This is what
                     fetchmail does by default.)

              delivery maildir directory
                     Deliver the mails to the given maildir directory. The directory must exist and it must have
                     the  maildir  subdirectories  cur,  new,  and  tmp;  mpop will not create directories. This
                     delivery type only works on file systems that support hard links.

              delivery mbox mbox-file
                     Deliver the mails to the given file in mbox format. The file will be locked with  fcntl(2).
                     mpop uses the MBOXRD mbox format variant; see the documentation of the mbox format.

              delivery exchange directory
                     Deliver the mails to the given Exchange pickup directory. The directory must exist.

              If  the  delivery  method  needs  to  parse the mail headers for an envelope from address (the mda
              method if the command contains %F, and the mbox method), then it needs to create a temporary  file
              to store the mail headers (but not the body) in. See $TMPDIR in the FILES / ENVIRONMENT section.

       uidls_file filename
              The file to store UIDLs in. These are needed to identify new messages.  %U in the filename will be
              replaced by the username of the current account.  %H in the  filename  will  be  replaced  by  the
              hostname  of  the  current  account.  If the filename contains directories that do not exist, mpop
              will create them.  mpop locks this file for exclusive access when accessing  the  associated  POP3
              account.
              The  default  value is "~/.mpop_uidls/%U_at_%H". You can also use a single UIDLS file for multiple
              accounts, but then you cannot poll more than one of these accounts at the same time.

       only_new [(on|off)]
              By default, mpop processes only new messages  (new  messages  are  those  that  were  not  already
              successfully retrieved in an earlier session). If this option is turned off, mpop will process all
              messages.

       keep [(on|off)]
              Keep all mails on the POP3 server, never delete them. The default behaviour  is  to  delete  mails
              that have been successfully retrieved or filtered by kill filters.

       killsize (off|size)
              Mails  larger  than the given size will be deleted (unless the keep command is used, in which case
              they will just be skipped).  The size argument must be zero or greater. If it is followed by a `k'
              or  an  `m',  the  size  is measured in kibibytes/mebibytes instead of bytes.  Note that some POP3
              servers report slightly incorrect sizes for mails; see NOTES below.
              When killsize is set to 0 and keep is set to on, then all mails are marked as  retrieved,  but  no
              mail  gets  deleted from the server. This can be used to synchronize the UID list on the client to
              the UID list on the server.

       skipsize (off|size)
              Mails larger than the given size will be skipped (not downloaded).  The size argument must be zero
              or  greater.  If  it  is  followed by a `k' or an `m', the size is measured in kibibytes/mebibytes
              instead of bytes.  Note that some POP3 servers report slightly  incorrect  sizes  for  mails;  see
              NOTES below.

       filter [command]
              Set a filter which will decide whether to retrieve, skip, or delete each mail by investigating the
              mail's headers. The POP3 server must support the POP3 TOP command for this  to  work;  see  option
              --serverinfo above. An empty argument disables filtering.
              All  occurrences  of  %F  in  the  command  will be replaced with the envelope from address of the
              current message (or MAILER-DAEMON if none is found).  Note that  this  address  is  guaranteed  to
              contain  only  letters  a-z  and  A-Z, digits 0-9, and any of ".@_-+/", even though that is only a
              subset of what is theoretically allowed in a  mail  address.  Other  characters,  including  those
              interpreted  by  the  shell,  are  replaced  with "_". Nevertheless, you should put %F into single
              quotes: '%F'.
              All occurrences of %S in the command will be replaced  with  the  size  of  the  current  mail  as
              reported by the POP3 server.
              The  mail  headers (plus the blank line separating the headers from the body) will be piped to the
              command. Based on the return code, mpop decides what to do with the mail:
              0: proceed normally; no special action
              1: delete the mail; do not retrieve it
              2: skip the mail; do not retrieve it
              Return codes greater than or equal to 3 mean that an error occured. The sysexits.h error codes may
              be used to give information about the kind of the error, but this is not necessary.

       received_header [(on|off)]
              Enable  or  disable  adding  a Received header. By default, mpop prepends a Received header to the
              mail during delivery. This is required by the RFCs if the mail is subsequently  further  delivered
              e.g. via SMTP.

FILTERING

       There are three filtering commands available.  They will be executed in the following order:
       killsize
       skipsize
       filter
       If a filtering command applies to a mail, the remaining filters will not be executed.

EXAMPLES

       Configuration file

       # Example for a user configuration file ~/.mpoprc
       #
       # This file focusses on TLS, authentication, and the mail delivery method.
       # Features not used here include mail filtering, timeouts, SOCKS proxies,
       # TLS parameters, and more.

       # Set default values for all following accounts.
       defaults

       # Always use TLS.
       tls on

       # Set a list of trusted CAs for TLS. You can use a system-wide default file,
       # as in this example, or download the root certificate of your CA and use that.
       tls_trust_file /etc/ssl/certs/ca-certificates.crt

       # Additionally, you should use the tls_crl_file command to check for revoked
       # certificates, but unfortunately getting revocation lists and keeping them
       # up to date is not straightforward.
       #tls_crl_file ~/.tls-crls

       # Deliver mail to an MBOX mail file:
       delivery mbox ~/Mail/inbox
       # Deliver mail to a maildir folder:
       #delivery maildir ~/Mail/incoming
       # Deliver mail via procmail:
       #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
       # Deliver mail via the local SMTP server:
       #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
       # Deliver mail to an Exchange pickup directory:
       #delivery exchange c:\exchange\pickup

       # A freemail service
       account freemail

       # Host name of the POP3 server
       host pop.freemail.example

       # As an alternative to tls_trust_file/tls_crl_file, you can use tls_fingerprint
       # to pin a single certificate. You have to update the fingerprint when the
       # server certificate changes, but an attacker cannot trick you into accepting
       # a fraudulent certificate. Get the fingerprint with
       # $ mpop --serverinfo --tls --tls-certcheck=off --host=pop.freemail.example
       tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

       # Authentication. The password is given using one of five methods, see below.
       user joe.smith

       # Password method 1: Add the password to the system keyring, and let mpop get
       # it automatically. To set the keyring password using Gnome's libsecret:
       # $ secret-tool store --label=mpop \
       #   host pop.freemail.example \
       #   service pop3 \
       #   user joe.smith

       # Password method 2: Store the password in an encrypted file, and tell mpop
       # which command to use to decrypt it. This is usually used with GnuPG, as in
       # this example. Usually gpg-agent will ask once for the decryption password.
       passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg

       # Password method 3: Store the password directly in this file. Usually it is not
       # a good idea to store passwords in plain text files. If you do it anyway, at
       # least make sure that this file can only be read by yourself.
       #password secret123

       # Password method 4: Store the password in ~/.netrc. This method is probably not
       # relevant anymore.

       # Password method 5: Do not specify a password. Mpop will then prompt you for
       # it. This means you need to be able to type into a terminal when mpop runs.

       # A second mail box at the same freemail service
       account freemail2 : freemail
       user joey

       # The POP3 server of your ISP
       account isp
       host mail.isp.example
       auth on
       user 12345
       # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status: Yes"
       # header, and delete all mails with this header before downloading them.
       filter    if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       # Set a default account
       account default : freemail

       Filtering with SpamAssassin

       The  command  filter "/path/to/spamc  -c  > /dev/null" will delete all mails that SpamAssassin thinks are
       spam. Since no message body is passed to SpamAssassin, you should disable all body-specific tests in  the
       SpamAssassin configuration file; for example set use_bayes 0.

       If  your  mail  provider  runs SpamAssassin for you, you just have to check for the result. The following
       script can do that when used as an mpop filter:
       #!/bin/sh
       if [ "`grep "^X-Spam-Status: Yes"`" ]; then
           exit 1  # kill this message
       else
           exit 0  # proceed normally
       fi
       Since the filter command is passed to a shell, you can also use this directly:
       filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi

       Using mpop with Tor

       Use the following settings:
       proxy_host 127.0.0.1
       proxy_port 9050
       tls on
       Use an IP address as proxy host name, so that mpop does not leak a DNS query when resolving it.
       TLS is required to prevent exit hosts from reading your POP3 session. You  also  need  tls_trust_file  or
       tls_fingerprint to check the server identity.

FILES

       ~/.mpoprc
              Default configuration file.

       ~/.mpop_uidls
              Default directory to store UIDLs files in.

       ~/.netrc and SYSCONFDIR/netrc
              The  netrc  file contains login information. Before prompting for a password, msmtp will search it
              in ~/.netrc and SYSCONFDIR/netrc.

ENVIRONMENT

       $USER, $LOGNAME
              These variables override the user's login name. $LOGNAME is only  used  if  $USER  is  unset.  The
              user's login name is used for Received headers.

       $TMPDIR
              Directory  to  create temporary files in. If this is unset, a system specific default directory is
              used.

AUTHOR

       mpop was written by Martin Lambers <marlam@marlam.de>
       Other authors are listed in the AUTHORS file in the source distribution.

SEE ALSO

       procmail(1), spamassassin(1), netrc(5) or ftp(1), mbox(5), fcntl(2)

                                                     2015-01                                             MPOP(1)