xenial (1) msmtp.1.gz

Provided by: msmtp_1.6.3-1build1_amd64 bug

NAME

       msmtp - An SMTP client

SYNOPSIS

       Sendmail mode (default):
              msmtp [option...] [--] recipient...
              msmtp [option...] -t [--] [recipient...]

       Server information mode:
              msmtp [option...] --serverinfo

       Remote Message Queue Starting mode:
              msmtp [option...] --rmqs=host|@domain|#queue

DESCRIPTION

       In  the  default sendmail mode, msmtp reads a mail from standard input and sends it to an SMTP server for
       delivery.
       In server information mode, msmtp prints information about an SMTP server.
       In Remote Message Queue Starting mode, msmtp sends a Remote Message Queue Starting request  for  a  host,
       domain, or queue to an SMTP server.

EXIT STATUS

       The standard sendmail exit status codes are used, as defined in sysexits.h.

OPTIONS

       Options override configuration file settings.
       They are compatible with sendmail where appropriate.

       General options

              --version
                     Print version information, including information about the libraries used.

              --help Print help.

              -P, --pretend
                     Print  the  configuration  settings that would be used, but do not take further action.  An
                     asterisk (`*') will be printed instead of your password.

              -v, -d, --debug
                     Print lots of debugging information, including the whole conversation with the SMTP server.
                     Be  careful with this option: the (potentially dangerous) output will not be sanitized, and
                     your password may get printed in an easily decodable format!

       Changing the mode of operation

              -S, --serverinfo
                     Print information about the SMTP server and exit. This includes information about supported
                     features (mail size limit, authentication, TLS, DSN, ...) and about the TLS certificate (if
                     TLS is active).

              --rmqs=(host|@domain|#queue)
                     Send a Remote Message Queue Starting request for the given host, domain, or  queue  to  the
                     SMTP server and exit.

       Configuration options

              -C, --file=filename
                     Use the given file instead of ~/.msmtprc as the user configuration file.

              -a, --account=account_name
                     Use  the given account instead of the account named "default". The settings of this account
                     may be changed with command line options. This option cannot  be  used  together  with  the
                     --host option.

              --host=hostname
                     Use this SMTP server with settings from the command line; do not use any configuration file
                     data. This option cannot be used together with the --account option.

              --port=number
                     Set the port number to connect to. See the port command.

              --timeout=(off|seconds)
                     Set or unset a network timeout, in seconds. See the timeout command.

              --proxy-host=[IP|hostname]
                     Set or unset a SOCKS proxy to use. See the proxy_host command.

              --proxy-port=[number]
                     Set or unset a port number for the proxy host. See the proxy_port command.

              --protocol=(smtp|lmtp)
                     Set the protocol. See the protocol command.

              --domain=[string]
                     Set the argument of the SMTP EHLO (or LMTP LHLO) command. See the domain command.

              --auth[=(on|off|method)]
                     Enable or disable authentication and optionally choose the method.  See the auth command.

              --user=[username]
                     Set or unset the user name for authentication. See the user command.

              --passwordeval=[eval]
                     Evaluate password for authentication. See the passwordeval command.

              --tls[=(on|off)]
                     Enable or disable TLS/SSL. See the tls command.

              --tls-starttls[=(on|off)]
                     Enable or disable STARTTLS for TLS. See the tls_starttls command.

              --tls-trust-file=[file]
                     Set or unset a trust file for TLS. See the tls_trust_file command.

              --tls-crl-file=[file]
                     Set or unset a certificate revocation  list  (CRL)  file  for  TLS.  See  the  tls_crl_file
                     command.

              --tls-fingerprint=[fingerprint]
                     Set ot unset the fingerprint of a trusted TLS certificate. See the tls_fingerprint command.

              --tls-key-file=[file]
                     Set or unset a key file for TLS. See the tls_key_file command.

              --tls-cert-file=[file]
                     Set or unset a cert file for TLS. See the tls_cert_file command.

              --tls-certcheck[=(on|off)]
                     Enable or disable server certificate checks for TLS. See the tls_certcheck command.

              --tls-min-dh-prime-bits=[bits]
                     Set   or   unset   minimum   bit   size   of   the   Diffie-Hellman  (DH)  prime.  See  the
                     tls_min_dh_prime_bits command.

              --tls-priorities=[priorities]
                     Set or unset TLS priorities. See the tls_priorities command.

       Options specific to sendmail mode

              -f, --from=address
                     Set the envelope-from address. It is only used when auto_from is off.
                     If no account was chosen yet (with --account or --host), this option will choose the  first
                     account  that  has  the given envelope-from address (set with the from command). If no such
                     account is found, "default" is used.

              --auto-from[=(on|off)]
                     Enable or disable automatic envelope-from addresses. The default is off.  See the auto_from
                     command.

              --maildomain=[domain]
                     Set the domain part for the --auto-from address. See the maildomain command.

              -N, --dsn-notify=(off|cond)
                     Set or unset DSN notification conditions. See the dsn_notify command.

              -R, --dsn-return=(off|ret)
                     Set  or  unset  the DSN notification amount. See the dsn_return command.  Note that hdrs is
                     accepted as an alias for headers to be compatible with sendmail.

              --add-missing-from-header[=(on|off)]
                     Enable or disable the addition of a missing From header.  See  the  add_missing_from_header
                     command.

              --add-missing-date-header[=(on|off)]
                     Enable  or  disable  the addition of a missing Date header. See the add_missing_date_header
                     command.

              --remove-bcc-headers[=(on|off)]
                     Enable or disable the removal of Bcc headers. See the remove_bcc_headers command.

              -X, --logfile=[file]
                     Set or unset the log file. See the logfile command.

              --syslog[=(on|off|facility)]
                     Enable or disable syslog logging. See the syslog command.

              -t, --read-recipients
                     Read recipient addresses from the To, Cc, and Bcc headers of the mail in  addition  to  the
                     recipients  given  on  the  command  line.   If  any  Resent- headers are present, then the
                     addresses from any Resent-To, Resent-Cc, and Resent-Bcc  headers  in  the  first  block  of
                     Resent- headers are used instead.

              --read-envelope-from
                     Read  the  envelope  from  address from the From header of the mail.  Currently this header
                     must be on a single line for this option to work correctly.

              --aliases=[file]
                     Set or unset an aliases file. See the aliases command.

              -Fname Msmtp adds a From header to mails that lack it,  using  the  envelope  from  address.  This
                     option allows one to set a full name to be used in that header.

              --     This  marks  the  end  of  options.  All  following  arguments will be treated as recipient
                     addresses, even if they start with a `-'.

       The following options are accepted but ignored for sendmail compatibility:
       -Btype, -bm, -G, -hN, -i, -L tag, -m, -n, -O option=value, -ox value

USAGE

       Normally, a system wide configuration file and/or a user configuration  file  contain  information  about
       which SMTP server to use and how to use it, but all settings can also be configured on the command line.
       The information about SMTP servers is organized in accounts. Each account describes one SMTP server: host
       name, authentication settings, TLS settings, and so on.  Each  configuration  file  can  define  multiple
       accounts.

       The user can choose which account to use in one of three ways:

       --account=id
              Use the given account. Command line settings override configuration file settings.

       --host=hostname
              Use only the settings from the command line; do not use any configuration file data.

       --from=address or --read-envelope-from
              Choose  the first account from the system or user configuration file that has a matching envelope-
              from address as specified by a from command. This works only when neither --account nor --host  is
              used.

       If  none  of  the  above options is used (or if no account has a matching from command), then the account
       "default" is used.

       Msmtp transmits mails unaltered to the SMTP server, with the following exceptions:
       - The Bcc header(s) will be removed. This behavior can be changed with the remove_bcc_headers command and
       --remove-bcc-headers option.
       -  A  From  header  will  be  added  if  the  mail  does  not  have  one.  This  can  be changed with the
       add_missing_from_header command and --add-missing-from-header option.  The header will use  the  envelope
       from address and optionally a full name set with the -F option.
       -  A  Date  header  will  be  added  if  the  mail  does  not  have  one.  This  can  be changed with the
       add_missing_date_header command and --add-missing-date-header option.

       Skip to the EXAMPLES section for a quick start.

CONFIGURATION FILES

       If it exists and is readable, a system wide configuration file SYSCONFDIR/msmtprc will be  loaded,  where
       SYSCONFDIR depends on your platform.  Use --version to find out which directory is used.
       If  it  exists  and is readable, a user configuration file will be loaded (~/.msmtprc by default, but see
       --version).  Accounts  defined  in  the  user  configuration  file  override  accounts  from  the  system
       configuration file.
       Configuration data from either file can be changed by command line options.

       A  configuration  file  is  a  simple  text  file.   Empty lines and comment lines (whose first non-blank
       character is `#') are ignored.
       Every other line must contain a command and may contain an argument to that command.
       The argument may be enclosed in double quotes ("), for example if its first or last character is a blank.
       If a file name starts with the tilde (~), this tilde will be replaced by $HOME.  If a command accepts the
       argument on, it also accepts an empty argument and treats that as if it was on.
       Commands are organized in accounts. Each account starts with the account command and defines the settings
       for one SMTP account.

       Skip to the EXAMPLES section for a quick start.

       Commands are as follows:

       defaults
              Set defaults. The following configuration commands will  set  default  values  for  all  following
              account definitions in the current configuration file.

       account name [:account[,...]]
              Start a new account definition with the given name. The current default values are filled in.
              If  a  colon  and  a  list of previously defined accounts is given after the account name, the new
              account, with the filled in default values, will inherit all settings from  the  accounts  in  the
              list.

       host hostname
              The SMTP server to send the mail to.  The argument may be a host name or a network address.  Every
              account definition must contain this command.

       port number
              The port that the SMTP server listens on.  The default is 25 ("smtp"), unless TLS without STARTTLS
              is used, in which case it is 465 ("smtps").

       timeout (off|seconds)
              Set  or  unset  a network timeout, in seconds. The argument off means that no timeout will be set,
              which means that the operating system default will be used.

       proxy_host [IP|hostname]
              Use a SOCKS proxy. All network traffic will go through this proxy  host,  including  DNS  queries,
              except  for a DNS query that might be necessary to resolve the proxy host name itself (this can be
              avoided by using an IP address as proxy host name). An  empty  hostname  argument  disables  proxy
              usage.   The  supported  SOCKS  protocol  version is 5. If you want to use this with Tor, see also
              "Using msmtp with Tor" below.

       proxy_port [number]
              Set the port number for the proxy host. An empty number argument resets this to the default port.

       protocol (smtp|lmtp)
              Set the protocol to use. Currently only SMTP and LMTP are supported. SMTP is the default. See  the
              port command above for default ports.

       domain argument
              Use  this  command  to  set  the argument of the SMTP EHLO (or LMTP LHLO) command.  The default is
              localhost, which is stupid but usually works. Try to change the default if mails get rejected  due
              to anti-SPAM measures. Possible choices are the domain part of your mail address (provider.example
              for joe@provider.example) or the fully qualified domain name of your host (if available).

       auth [(on|off|method)]
              Enable or disable authentication and optionally choose a method to use. The argument on chooses  a
              method automatically.
              Usually  a user name and a password are used for authentication. The user name is specified in the
              configuration file with the user  command.  There  are  five  different  methods  to  specify  the
              password:
              1.  Add the password to the system key ring.  Currently supported key rings are the Gnome key ring
              and the Mac OS X Keychain.  For the Gnome key ring, use the command secret-tool (part  of  Gnome's
              libsecret)  to store passwords: secret-tool store --label=msmtp host mail.freemail.example service
              smtp user joe.smith.  On Mac OS X, use the Keychain Access GUI application.  The account  name  is
              same  as  the  user name. The keychain item name is smtp://<hostname> where <hostname> matches the
              host argument.
              2. Store the password in an encrypted files, and use passwordeval to specify a command to  decrypt
              that file, e.g. using GnuPG. See EXAMPLES.
              3.  Store  the  password in the configuration file using the password command.  (Usually it is not
              considered a good idea to store passwords in plain text files.  If you do it anyway, you must make
              sure that the file can only be read by yourself.)
              4. Store the password in ~/.netrc. This method is probably obsolete.
              5. Type the password into the terminal when it is required.
              It is recommended to use method 1 or 2.
              Multiple  authentication  methods  exist.  Most  servers support only some of them.  Historically,
              sophisticated methods were developed to protect passwords  from  being  sent  unencrypted  to  the
              server,  but  nowadays  everybody  needs TLS anyway, so the simple methods suffice since the whole
              session is protected. A suitable authentication method is chosen automatically, and  when  TLS  is
              disabled for some reason, only methods that avoid sending clear text passwords are considered.
              The  following  user  /  password  methods  are supported: plain (a simple plain text method, with
              base64 encoding, supported by almost all servers), scram-sha-1 (a method  that  avoids  clear-text
              passwords),  cram-md5  (an  obsolete  method  that  avoids  clear-text  passwords), digest-md5 (an
              overcomplicated obsolete method that avoids clear-text passwords, but  is  not  considered  secure
              anymore),  login  (a  non-standard  clear-text method similar to but worse than the plain method),
              ntlm (an obscure non-standard method that is  now  considered  broken;  it  sometimes  requires  a
              special domain parameter passed via ntlmdomain).
              There  are  currently two authentication methods that are not based on user / password information
              and have to be chosen manually: external (the authentication  happens  outside  of  the  protocol,
              typically  by  sending  a  TLS  client  certificate,  and  the  method  merely  confirms that this
              authentication succeeded), and gssapi (the Kerberos framework takes care of secure authentication,
              only a user name is required).
              It depends on the underlying authentication library and its version whether a particular method is
              supported or not. Use --version to find out which methods are supported.

       user login
              Set the user name for authentication. An empty argument unsets the user name.

       password secret
              Set the password for authentication. An empty argument unsets the password.   Consider  using  the
              passwordeval  command or a key ring instead of this command, to avoid storing plain text passwords
              in the configuration file.

       passwordeval [eval]
              Set the password for authentication to the output (stdout) of the command eval.  This can be  used
              e.g.  to  decrypt password files on the fly or to query key rings, and thus to avoid storing plain
              text passwords.

       ntlmdomain [domain]
              Set a domain for the ntlm authentication method. This is obsolete.

       tls [(on|off)]
              Enable or disable TLS (also known as SSL) for secured connections.  You also  need  tls_trust_file
              or tls_fingerprint, and for some servers you may need to disable tls_starttls.
              Transport  Layer  Security  (TLS)  "...  provides  communications  privacy over the Internet.  The
              protocol allows client/server applications to communicate in a way that  is  designed  to  prevent
              eavesdropping, tampering, or message forgery" (quote from RFC2246).
              A  server  can  use  TLS  in one of two modes: via a STARTTLS command (the session starts with the
              normal protocol initialization, and TLS is then started using the protocol's STARTTLS command), or
              immediately  (TLS  is  initialized  before  the  normal  protocol  initialization; this requires a
              separate port). The first mode is the default, but you can switch to the second mode by  disabling
              tls_starttls.
              When  TLS  is  started,  the  server  sends a certificate to identify itself. To verify the server
              identity, a client program is expected to check that the certificate is formally correct and  that
              it was issued by a Certificate Authority (CA) that the user trusts. (There can also be certificate
              chains with intermediate CAs.)
              The list of trusted CAs is specified using the tls_trust_file  command.   Usually  there  is  some
              system-wide  default  file  available,  e.g.   /etc/ssl/certs/ca-certificates.crt  on Debian-based
              systems, but you can also choose to select the trusted CAs yourself.
              One practical problem with this approach is that the client  program  should  also  check  if  the
              server  certificate has been revoked for some reason, using a Certificate Revocation List (CRL). A
              CRL file can be specified using the tls_crl_file command, but getting the relevant CRL  files  and
              keeping them up to date is not straightforward. You are basically on your own.
              A  much  more  serious  and  fundamental problem is is that you need to trust CAs.  Like any other
              organization, a CA can be incompetent, malicious, subverted by bad people, or forced by government
              agencies  to  compromise end users without telling them. All of these things happened and continue
              to happen worldwide.  The idea to have central organizations that have  to  be  trusted  for  your
              communication to be secure is fundamentally broken.
              Instead of putting trust in a CA, you can choose to trust only a single certificate for the server
              you  want  to  connect  to.  For  that  purpose,  specify   the   certificate   fingerprint   with
              tls_fingerprint.  This makes sure that no man-in-the-middle can fake the identity of the server by
              presenting you a fraudulent certificate issued by some CA that happens to be in your  trust  list.
              However,  you have to update the fingerprint whenever the server certificate changes, and you have
              to make sure that the change is legitimate each time, e.g. when the old certificate expired.  This
              is inconvenient, but it's the price to pay.
              Information   about   a   server   certificate   can   be   obtained   with   --serverinfo   --tls
              --tls-certcheck=off. This includes the issuer CA of the certificate (so you can trust that CA  via
              tls_trust_file),  and  the  fingerprint  of  the  certificate  (so  you  can trust that particular
              certificate via tls_fingerprint).
              TLS also allows the server to verify the identity of the client. For this purpose, the client  has
              to  present  a certificate issued by a CA that the server trusts. To present that certificate, the
              client also needs the matching key  file.  You  can  set  the  certificate  and  key  files  using
              tls_cert_file  and  tls_key_file.  This  mechanism can also be used to authenticate users, so that
              traditional user / password authentication is not necessary anymore. See the external mechanism in
              auth.

       tls_starttls [(on|off)]
              Choose  the  TLS  variant:  start TLS from within the session (on, default), or tunnel the session
              through TLS (off).

       tls_trust_file file
              Activate server certificate verification using a list of truted Certification  Authorities  (CAs).
              The  file  must  be  in  PEM  format.  Some  systems  provide  a  system-wide  default  file, e.g.
              /etc/ssl/certs/ca-certificates.crt on Debian-based systems with the ca-certificates  package.   An
              empty argument disables this. You should also use tls_crl_file.

       tls_crl_file [file]
              Set  a certificate revocation list (CRL) file for TLS, to check for revoked certificates. An empty
              argument disables this.

       tls_fingerprint [fingerprint]
              Set the fingerprint of a single certificate to accept for TLS. This certificate  will  be  trusted
              regardless  of  its  contents.  The  fingerprint  can  be  either  an SHA1 (recommended) or an MD5
              fingerprint in the format 01:23:45:67:.... Use --serverinfo --tls --tls-certcheck=off to  get  the
              server certificate fingerprints.

       tls_key_file file
              Send  a  client  certificate to the server (use this together with tls_cert_file}).  The file must
              contain the private key of a certificate in PEM format. An empty argument disables this feature.

       tls_cert_file file
              Send a client certificate to the server (use this together  with  tls_key_file).   The  file  must
              contain a certificate in PEM format. An empty argument disables this feature.

       tls_certcheck [(on|off)]
              Enable  or  disable  checks of the server certificate.  WARNING: When the checks are disabled, TLS
              sessions will be vulnerable to man-in-the-middle attacks!

       tls_min_dh_prime_bits [bits]
              Set or unset the minimum number of Diffie-Hellman (DH) prime bits that mpop will  accept  for  TLS
              sessions.  The default is set by the TLS library and can be selected by using an empty argument to
              this command.  Only lower the default (for example to 512 bits) if there is no other way  to  make
              TLS work with the remote server.

       tls_priorities [priorities]
              Set  the priorities for TLS sessions. The default is set by the TLS library and can be selected by
              using an empty argument to this command.  See the GnuTLS documentation of the gnutls_priority_init
              function for a description of the priorities string.

       from envelope_from
              Set the envelope-from address. This address will only be used when auto_from is off.

       auto_from [(on|off)]
              Enable  or  disable  automatic  envelope-from  addresses.  The  default  is off.  When enabled, an
              envelope-from address of the form user@domain will be generated.  The local part will  be  set  to
              USER  or, if that fails, to LOGNAME or, if that fails, to the login name of the current user.  The
              domain part can be set with the maildomain command.  If the maildomain is empty, the envelope-from
              address will only consist of the user name and not have a domain part. When auto_from is disabled,
              the envelope-from address must be set explicitly.

       maildomain [domain]
              Set a domain part for the generation of an envelope-from address. This is only used when auto_from
              is on. The domain may be empty.

       dsn_notify (off|condition)
              This  command  sets  the condition(s) under which the mail system should send DSN (Delivery Status
              Notification) messages. The argument off disables explicit DSN  requests,  which  means  the  mail
              system  decides  when  to send DSN messages. This is the default.  The condition must be never, to
              never request notification, or a comma  separated  list  (no  spaces!)  of  one  or  more  of  the
              following:  failure,  to  request  notification  on transmission failure, delay, to be notified of
              message delays, success, to be notified of successful transmission. The SMTP server  must  support
              the DSN extension.

       dsn_return (off|amount)
              This  command controls how much of a mail should be returned in DSN (Delivery Status Notification)
              messages. The argument off disables explicit DSN requests, which means the mail system decides how
              much  of  a  mail it returns in DSN messages. This is the default.  The amount must be headers, to
              just return the message headers, or full, to return the full mail.  The SMTP server  must  support
              the DSN extension.

       add_missing_from_header [(on|off)]
              This  command controls whether to add a From header if the mail does not have one.  The default is
              to add it.

       add_missing_date_header [(on|off)]
              This command controls whether to add a Date header if the mail does not have one.  The default  is
              to add it.

       remove_bcc_headers [(on|off)]
              This command controls whether to remove Bcc headers. The default is to remove them.

       logfile [file]
              An empty argument disables logging (this is the default).
              When  logging  is  enabled  by choosing a log file, msmtp will append one line to the log file for
              each mail it tries to send via the account that this log file was chosen for.
              The line will include the following information: date and time, host  name  of  the  SMTP  server,
              whether  TLS  was  used,  whether  authentication  was  used,  authentication  user  name (only if
              authentication is  used),  envelope-from  address,  recipient  addresses,  size  of  the  mail  as
              transferred  to  the  server  (only  if  the  delivery succeeded), SMTP status code and SMTP error
              message (only in case of failure and only if available), error message (only in  case  of  failure
              and only if available), exit code (from sysexits.h; EX_OK indicates success).
              If the filename is a dash (-), msmtp prints the log line to the standard output.

       syslog [(on|off|facility)]
              Enable  or disable syslog logging. The facility can be one of LOG_USER, LOG_MAIL, LOG_LOCAL0, ...,
              LOG_LOCAL7. The default is LOG_USER.
              Each time msmtp tries to send a mail via the account that contains this syslog  command,  it  will
              log one entry to the syslog service with the chosen facility.
              The  line  will  include  the following information: host name of the SMTP server, whether TLS was
              used, whether authentication was used, envelope-from address, recipient  addresses,  size  of  the
              mail  as  transferred  to  the  server (only if the delivery succeeded), SMTP status code and SMTP
              error message (only in case of failure and only if available), error  message  (only  in  case  of
              failure and only if available), exit code (from sysexits.h; EX_OK indicates success).

       aliases [file]
              Replace  local  recipients  with  addresses in the aliases file.  The aliases file is a plain text
              file containing mappings between a local address and a list of domain addresses.  A local  address
              is defined as one without an `@' character and a domain address is one with an `@' character.  The
              mappings are of the form:
                  local: someone@example.com, person@domain.example
              Multiple domain addresses are separated with commas.  Comments start with `#' and continue to  the
              end of the line.
              The  local  address  default  has  special significance and is matched if the local address is not
              found in the aliases file.  If no default alias is found, then the local address is left as is.
              An empty argument to the aliases command disables the replacement of local addresses.  This is the
              default.

EXAMPLES

       Configuration file

       # Example for a user configuration file ~/.msmtprc
       #
       # This file focusses on TLS and authentication. Features not used here include
       # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status Notification
       # (DSN) settings, and more.

       # Set default values for all following accounts.
       defaults

       # Use the mail submission port 587 instead of the SMTP port 25.
       port 587

       # Always use TLS.
       tls on

       # Set a list of trusted CAs for TLS. You can use a system-wide default file,
       # as in this example, or download the root certificate of your CA and use that.
       tls_trust_file /etc/ssl/certs/ca-certificates.crt

       # Additionally, you should use the tls_crl_file command to check for revoked
       # certificates, but unfortunately getting revocation lists and keeping them
       # up to date is not straightforward.
       #tls_crl_file ~/.tls-crls

       # A freemail service
       account freemail

       # Host name of the SMTP server
       host smtp.freemail.example

       # As an alternative to tls_trust_file/tls_crl_file, you can use tls_fingerprint
       # to pin a single certificate. You have to update the fingerprint when the
       # server certificate changes, but an attacker cannot trick you into accepting
       # a fraudulent certificate. Get the fingerprint with
       # $ msmtp --serverinfo --tls --tls-certcheck=off --host=smtp.freemail.example
       tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

       # Envelope-from address
       from joe_smith@freemail.example

       # Authentication. The password is given using one of five methods, see below.
       auth on
       user joe.smith

       # Password method 1: Add the password to the system keyring, and let msmtp get
       # it automatically. To set the keyring password using Gnome's libsecret:
       # $ secret-tool store --label=msmtp \
       #   host smtp.freemail.example \
       #   service smtp \
       #   user joe.smith

       # Password method 2: Store the password in an encrypted file, and tell msmtp
       # which command to use to decrypt it. This is usually used with GnuPG, as in
       # this example. Usually gpg-agent will ask once for the decryption password.
       passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg

       # Password method 3: Store the password directly in this file. Usually it is not
       # a good idea to store passwords in plain text files. If you do it anyway, at
       # least make sure that this file can only be read by yourself.
       #password secret123

       # Password method 4: Store the password in ~/.netrc. This method is probably not
       # relevant anymore.

       # Password method 5: Do not specify a password. Msmtp will then prompt you for
       # it. This means you need to be able to type into a terminal when msmtp runs.

       # A second mail address at the same freemail service
       account freemail2 : freemail
       from joey@freemail.example

       # The SMTP server of your ISP
       account isp
       host mail.isp.example
       from smithjoe@isp.example
       auth on
       user 12345

       # Set a default account
       account default : freemail

       Using msmtp with Mutt

       Create a configuration file for msmtp and add the following lines to your Mutt configuration file:
       set sendmail="/path/to/msmtp"
       set use_from=yes
       set realname="Your Name"
       set from=you@example.com
       set envelope_from=yes
       The  envelope_from=yes  option  lets  Mutt  use the -f option of msmtp. Therefore msmtp chooses the first
       account that matches the from address you@example.com.
       Alternatively, you can use the -a option:
       set sendmail="/path/to/msmtp -a my-account"
       Or set everything from the command line (but note that you cannot set a password this way):
       set sendmail="/path/to/msmtp --host=mailhub -f me@example.com --tls --tls-trust-file=trust.crt"

       If you have multiple mail accounts in your msmtp configuration file and let Mutt use  the  -f  option  to
       choose the right one, you can easily switch accounts in Mutt with the following Mutt configuration lines:
       macro generic "<esc>1" ":set from=you@example.com"
       macro generic "<esc>2" ":set from=you@your-employer.example"
       macro generic "<esc>3" ":set from=you@some-other-provider.example"

       Using msmtp with mail

       Define a default account, and put the following in your ~/.mailrc:
       set sendmail="/path/to/msmtp"

       Using msmtp with Tor

       Use the following settings:
       proxy_host 127.0.0.1
       proxy_port 9050
       tls on
       Use an IP address as proxy host name, so that msmtp does not leak a DNS query when resolving it.
       TLS  is  required  to  prevent exit hosts from reading your SMTP session. You also need tls_trust_file or
       tls_fingerprint to check the server identity.
       Do not set domain to something that you do not want to reveal (do not set it at all if possible).

       Aliases file

       # Example aliases file

       # Send root to Joe and Jane
       root: joe_smith@example.com, jane_chang@example.com

       # Send cron to Mark
       cron: mark_jones@example.com

       # Send everything else to admin
       default: admin@domain.example

FILES

       SYSCONFDIR/msmtprc
              System configuration file. Use --version to find out what SYSCONFDIR is on your platform.

       ~/.msmtprc
              User configuration file.

       ~/.netrc and SYSCONFDIR/netrc
              The netrc file contains login information. Before prompting for a password, msmtp will  search  it
              in ~/.netrc and SYSCONFDIR/netrc.

ENVIRONMENT

       USER, LOGNAME
              These variables override the user's login name when constructing an envelope-from address. LOGNAME
              is only used if USER is unset.

       TMPDIR Directory to create temporary files in. If this is unset, a system specific default  directory  is
              used.
              A  temporary  file is only created when the -t/--read-recipients or --read-envelope-from option is
              used. The file is then used to buffer the headers of the mail (but not the body, so the file won't
              get very large).

       EMAIL, SMTPSERVER
              These  environment variables are used only if neither --host nor --account is used and there is no
              default account defined in the configuration files. In this case, the  host  name  is  taken  from
              SMTPSERVER,  and  the  envelope  from  address is taken from EMAIL, unless overridden by --from or
              --read-envelope-from. Currently SMTPSERVER must contain a plain host name (no URL), and EMAIL must
              contain a plain address (no names or additional information).

AUTHORS

       msmtp was written by Martin Lambers <marlam@marlam.de>.
       Other authors are listed in the AUTHORS file in the source distribution.

SEE ALSO

       sendmail(8), netrc(5) or ftp(1)

                                                     2015-01                                            MSMTP(1)