1This is mpop.info, produced by makeinfo version 6.8 from mpop.texi.
2
3This manual was last updated 2 October 2021 for version 1.4.15 of mpop.
4
5 Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013,
62014, 2015, 2016, 2018, 2019, 2020, 2021 Martin Lambers
7
8 Copying and distribution of this file, with or without
9 modification, are permitted in any medium without royalty provided
10 the copyright notice and this notice are preserved. These files
11 are offered as-is, without any warranty.
12INFO-DIR-SECTION Individual utilities
13START-INFO-DIR-ENTRY
14* mpop: (mpop). A POP3 client.
15END-INFO-DIR-ENTRY
16
17�
18File: mpop.info, Node: Top, Next: Introduction, Up: (dir)
19
20mpop
21****
22
23This manual was last updated 2 October 2021 for version 1.4.15 of mpop.
24
25 Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013,
262014, 2015, 2016, 2018, 2019, 2020, 2021 Martin Lambers
27
28 Copying and distribution of this file, with or without
29 modification, are permitted in any medium without royalty provided
30 the copyright notice and this notice are preserved. These files
31 are offered as-is, without any warranty.
32
33* Menu:
34
35* Introduction:: Basic concepts.
36* Configuration file:: Configuration file commands.
37* Invocation:: Command line options.
38* Transport Layer Security:: How to use TLS/SSL.
39* Authentication:: How to use authentication.
40* Mail retrieval mode:: How to retrieve mail.
41* Server information mode:: How to obtain information about
42 a POP3 server.
43* Filtering:: How to filter mails.
44* Examples:: Usage examples.
45* Minimal POP3 server (mpopd):: When and how to use mpopd.
46
47�
48File: mpop.info, Node: Introduction, Next: Configuration file, Prev: Top, Up: Top
49
501 Introduction
51**************
52
53mpop is a POP3 client.
54
55 In its default mode of operation, it retrieves mails from one or more
56POP3 mailboxes, optionally does some filtering, and delivers them
57through a mail delivery agent (MDA), to a maildir folder, or to an mbox
58file. Mails that were successfully delivered before will not be
59retrieved a second time, even if errors occur or mpop is terminated in
60the middle of a session.
61
62 The best way to start is probably to have a look at the Examples
63section. *Note Examples::.
64
65 In addition to the mail retrieval mode, mpop can be used in server
66information mode. In this mode, mpop prints as much information as it
67can get about a given POP3 server (greeting, supported features, login
68delay, maximum mail size, ...).
69
70 Normally, a configuration file contains information about which POP3
71server to use and how to use it, but all settings can also be configured
72on the command line.
73
74 POP3 server information is organized in accounts. Each account
75describes one POP3 server: host name, authentication settings, TLS
76settings, and so on. Each configuration file can define multiple
77accounts.
78
79 Supported features include:
80 • Header based mail filtering: filter junk mail before downloading it
81 • Delivery to maildir folders, mbox files, Exchange pickup
82 directories, or a mail delivery agent (MDA)
83 • Very fast POP3 implementation, using command pipelining
84 • TLS secured connections (including server certificate verification
85 and the possibility to send a client certificate)
86 • Authentication methods USER/PASS, APOP, PLAIN, LOGIN and CRAM-MD5
87 (and GSSAPI, SCRAM-SHA-1, SCRAM-SHA-256, DIGEST-MD5, and NTLM when
88 GNU SASL is used)
89 • Internationalized Domain Names (IDN)
90
91�
92File: mpop.info, Node: Configuration file, Next: Invocation, Prev: Introduction, Up: Top
93
942 Configuration file
95********************
96
97A suggestion for a suitable configuration file can be generated using
98the ‘--configure’ option; see *note --configure::. The default
99configuration file is ‘~/.mpoprc’ or ‘$XDG_CONFIG_HOME/mpop/config’.
100Settings in this file can be changed by command line options.
101
102 A configuration file is a simple text file. Empty lines and comment
103lines (first non-blank character is ’#’) are ignored. Every other line
104must contain a command and may contain an argument to that command. The
105argument may be enclosed in double quotes (").
106
107 If a file name starts with the tilde (~), this tilde will be replaced
108by ‘$HOME’.
109
110 If a command accepts the argument ‘on’, it also accepts an empty
111argument and treats that as if it was ‘on’.
112
113 Commands are organized in accounts. Each account starts with the
114‘account’ command and defines the settings for one POP3 account.
115
116 *Note Examples::.
117
1182.1 General commands
119====================
120
121‘defaults’
122 Set defaults. The following commands will set default values for
123 all following account definitions.
124‘account NAME [ : ACCOUNT[,...] ]’
125 Start a new account definition with the given name. The current
126 default values are filled in (see *note defaults::).
127 If a colon and a list of previously defined accounts is given after
128 the account name, the new account, with the filled in default
129 values, will inherit all settings from the accounts in the list.
130‘host HOSTNAME’
131 The POP3 server to retrieve mails from. The argument may be a host
132 name or a network address. Every account definition must contain
133 this command.
134‘port NUMBER’
135 The port that the POP3 server listens on. The default is 110
136 ("pop3"), unless TLS without STARTTLS is used, in which case it is
137 995 ("pop3s").
138‘source_ip [IP]’
139 Set a source IP address to bind the outgoing connection to. Useful
140 only in special cases on multi-home systems. An empty argument
141 disables this.
142‘proxy_host [IP|HOSTNAME]’
143 Use a SOCKS proxy. All network traffic will go through this proxy
144 host, including DNS queries, except for a DNS query that might be
145 necessary to resolve the proxy host name itself (this can be
146 avoided by using an IP address as proxy host name). An empty
147 argument disables proxy usage. The supported SOCKS protocol
148 version is 5. If you plan to use this with Tor, see also *note
149 Using mpop with Tor::.
150‘proxy_port [NUMBER]’
151 Set the port number for the proxy host. An empty ‘number’ argument
152 resets this to the default port, which is 1080 ("socks").
153‘socket [SOCKETNAME]’
154 Set the file name of a unix domain socket to connect to. This
155 overrides both ‘host’/‘port’ and ‘proxy_host’/‘proxy_port’.
156‘timeout (off|SECONDS)’
157 Set or unset a network timeout, in seconds. The default is 180
158 seconds. The argument ‘off’ means that no timeout will be set,
159 which means that the operating system default will be used.
160‘pipelining (auto|on|off)’
161 Enable or disable POP3 pipelining. You should never need to change
162 the default setting, which is ‘auto’: mpop enables pipelining for
163 POP3 servers that advertise this capability, and disables it for
164 all other servers. Pipelining can speed up a POP3 session
165 substantially.
166
1672.2 Authentication commands
168===========================
169
170*Note Authentication::.
171
172‘auth [(on|METHOD)]’
173 Choose an authentication method. The default argument ‘on’ chooses
174 a method automatically. Accepted methods are ‘user’, ‘apop’,
175 ‘plain’, ‘scram-sha-1’, ‘scram-sha-256’, ‘oauthbearer’, ‘xoauth2’,
176 ‘cram-md5’, ‘gssapi’, ‘digest-md5’, ‘external’, ‘login’, and
177 ‘ntlm’.
178‘user [USERNAME]’
179 Set the user name for authentication. An empty argument unsets the
180 user name.
181‘password [SECRET]’
182 Set the password for authentication. An empty argument unsets the
183 password. Consider using the ‘passwordeval’ command or a key ring
184 instead of this command, to avoid storing cleartext passwords in
185 the configuration file.
186‘passwordeval [EVAL]’
187 Set the password for authentication to the output (stdout) of the
188 command EVAL. This can be used e.g. to decrypt password files on
189 the fly or to query key rings, and thus to avoid storing cleartext
190 passwords.
191‘ntlmdomain [NTLMDOMAIN]’
192 Set a domain for the ‘ntlm’ authentication method. This is
193 obsolete.
194
1952.3 TLS commands
196================
197
198*Note Transport Layer Security::.
199
200‘tls [(on|off)]’
201 Enable or disable TLS (also known as SSL) for secured connections.
202‘tls_starttls [(on|off)]’
203 Choose the TLS variant: start TLS from within the session (‘on’,
204 default), or tunnel the session through TLS (‘off’).
205‘tls_trust_file [FILE]’
206 Activate server certificate verification using a list of trusted
207 Certification Authorities (CAs). The default is the special value
208 ‘system’, which selects the system default. An empty argument
209 disables trust in CAs. If you select a file, it must be in PEM
210 format, and you should also use ‘tls_crl_file’.
211‘tls_crl_file [FILE]’
212 Deprecated. This sets a certificate revocation list (CRL) file for
213 TLS, to check for revoked certificates (an empty argument, which is
214 the default, disables this). Nowadays automatic OCSP checks
215 replace CRL file checks.
216‘tls_fingerprint [FINGERPRINT]’
217 Set the fingerprint of a single certificate to accept for TLS. This
218 certificate will be trusted regardless of its contents (this
219 overrides ‘tls_trust_file’). The fingerprint should be of type
220 SHA256, but can for backwards compatibility also be of type SHA1 or
221 MD5 (please avoid this). The format should be ‘01:23:45:67:...’.
222 Use ‘--serverinfo --tls --tls-certcheck=off --tls-fingerprint=’ to
223 get the server certificate fingerprint.
224‘tls_key_file [FILE]’
225 Send a client certificate to the server (use this together with
226 ‘tls_cert_file’). The file must contain the private key of a
227 certificate in PEM format. An empty argument disables this
228 feature.
229‘tls_cert_file [FILE]’
230 Send a client certificate to the server (use this together with
231 ‘tls_key_file’). The file must contain a certificate in PEM
232 format. An empty argument disables this feature.
233‘tls_certcheck [(on|off)]’
234 Enable or disable checks of the server certificate. They are
235 enabled by default.
236 Disabling them will override ‘tls_trust_file’ and
237 ‘tls_fingerprint’. WARNING: When the checks are disabled, TLS
238 sessions will not be secure!
239‘tls_priorities [PRIORITIES]’
240 Set priorities for TLS session parameters. The default is set by
241 the TLS library and can be selected by using an empty argument to
242 this command. The interpretation of the PRIORITIES string depends
243 on the TLS library. Use ‘--version’ to find out which TLS library
244 you use.
245 For GnuTLS, see the section on Priority Strings in the manual.
246 For libtls, the PRIORITES string is a space-separated list of
247 parameter strings prefixed with either ‘PROTOCOLS=’, ‘CIPHERS=’, or
248 ‘ECDHECURVES=’. These parameter strings will be passed to the
249 functions ‘tls_config_parse_protocols’, ‘tls_config_set_ciphers’,
250 and ‘tls_config_set_ecdhecurves’. Unrecognized parts of the
251 PRIORITIES string will be ignored. Example: ‘PROTOCOLS=TLSv1.3
252 CIPHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384’.
253‘tls_host_override [HOST]’
254 By default, TLS host verification uses the host name given by the
255 ‘host’ command. This command allows one to use a different host
256 name for verification. This is only useful in special cases.
257‘tls_min_dh_prime_bits [BITS]’
258 Deprecated, use ‘tls_priorities’ instead. Set or unset the minimum
259 number of Diffie-Hellman (DH) prime bits accepted for TLS sessions.
260 The default is set by the TLS library and can be selected by using
261 an empty argument to this command. Only lower the default (for
262 example to 512 bits) if there is no other way to make TLS work with
263 the remote server.
264
2652.4 Commands specific to mail retrieval mode
266============================================
267
268*Note Mail retrieval mode::.
269
270‘delivery METHOD METHOD_ARGUMENTS...’
271 How to deliver messages received from this account.
272 • delivery mda COMMAND
273 Deliver the mails through a mail delivery agent (MDA).
274 All occurrences of ‘%F’ in the command will be replaced with
275 the envelope from address of the current message (or
276 MAILER-DAEMON if none is found). Note that this address is
277 guaranteed to contain only letters ‘a-z’ and ‘A-Z’, digits
278 ‘0-9’, and any of ‘.@_-+/’, even though that is only a subset
279 of what is theoretically allowed in a mail address. Other
280 characters, including those interpreted by the shell, are
281 replaced with ‘_’. Nevertheless, you should put ‘%F’ into
282 single quotes: ‘'%F'’.
283 Use ‘delivery mda "/usr/bin/procmail -f '%F' -d $USER"’ for
284 the procmail MDA.
285 Use ‘delivery mda "/usr/sbin/sendmail -oi -oem -f '%F' --
286 $USER"’ to let your MTA handle the mail.
287 Use ‘delivery mda /usr/local/bin/msmtp --host=localhost
288 --from='%F' -- $USER@`hostname`.`dnsdomainname`"’ to pass the
289 mail to your MTA via SMTP.
290 • delivery maildir DIRECTORY
291 Deliver the mails to the given maildir directory. The
292 directory must exist and it must have the maildir
293 subdirectories ‘cur’, ‘new’, and ‘tmp’; mpop will not create
294 directories. This delivery type only works on file systems
295 that support hard links.
296 • delivery mbox MBOX-FILE
297 Deliver the mails to the given file in mbox format. The file
298 will be locked with ‘fcntl(2)’. mpop uses the MBOXRD mbox
299 format variant; see the documentation of the mbox format.
300 • delivery exchange DIRECTORY
301 Deliver the mails to the given Exchange pickup directory. The
302 directory must exist.
303 If the delivery method needs to parse the mail headers for an
304 envelope from address (the mda method if the command contains ‘%F’,
305 and the mbox method), then it needs to create a temporary file to
306 store the mail headers (but not the body). See ‘$TMPDIR’ in *note
307 Environment::.
308‘uidls_file FILENAME’
309 The file to store UIDLs in. These are needed to identify new
310 messages. ‘%U’ in the filename will be replaced by the username of
311 the current account. ‘%H’ in the filename will be replaced by the
312 hostname of the current account. If the filename contains
313 directories that do not exist, mpop will create them. mpop locks
314 this file for exclusive access when accessing the associated POP3
315 account.
316 The default value is ‘~/.mpop_uidls/%U_at_%H’. You can also use a
317 single UIDLS file for multiple accounts, but then you cannot poll
318 more than one of these accounts at the same time.
319‘only_new [(on|off)]’
320 By default, mpop processes only new messages (new messages are
321 those that were not already successfully retrieved in an earlier
322 session). If this option is turned off, mpop will process all
323 messages.
324‘keep [(on|off)]’
325 Keep all mails on the POP3 server, never delete them. The default
326 behavior is to delete mails that have been successfully delivered
327 or filtered by kill filters.
328‘killsize (off|SIZE)’
329 Mails larger than the given size will be deleted, not downloaded
330 (unless the keep command is used, in which case they will just be
331 skipped). The size argument must be zero or greater. If it is
332 followed by a ’k’ or an ’m’, the size is measured in
333 kibibytes/mebibytes instead of bytes. Note that some POP3 servers
334 report slightly incorrect sizes for mails. *Note Filtering::.
335 When ‘killsize’ is set to 0 and ‘keep’ is set to on, then all mails
336 are marked as retrieved, but no mail gets deleted from the server.
337 This can be used to synchronize the UID list on the client to the
338 UID list on the server.
339‘skipsize (off|SIZE)’
340 Mails larger than the given size will be skipped (not downloaded).
341 The size argument must be zero or greater. If it is followed by a
342 ’k’ or an ’m’, the size is measured in kibibytes/mebibytes instead
343 of bytes. Note that some POP3 servers report slightly incorrect
344 sizes for mails. *Note Filtering::.
345‘filter [COMMAND]’
346 Set a filter which will decide whether to retrieve, skip, or delete
347 each mail by investigating the mail’s headers. The POP3 server
348 must support the POP3 TOP command for this to work; see *note
349 Server information mode::. An empty argument disables filtering.
350 All occurrences of ‘%F’ in the command will be replaced with the
351 envelope from address of the current message (or MAILER-DAEMON if
352 none is found). Note that this address is guaranteed to contain
353 only letters ‘a-z’ and ‘A-Z’, digits ‘0-9’, and any of ‘.@_-+/’,
354 even though that is only a subset of what is theoretically allowed
355 in a mail address. Other characters, including those interpreted
356 by the shell, are replaced with ‘_’. Nevertheless, you should put
357 ‘%F’ into single quotes: ‘'%F'’.
358 All occurrences of ‘%S’ in the command will be replaced with the
359 size of the current mail as reported by the POP3 server.
360 The mail headers (plus the blank line separating the headers from
361 the body) will be piped to the command. Based on the return code,
362 mpop decides what to do with the mail:
363 • 0: proceed normally; no special action
364 • 1: delete the mail; do not retrieve it
365 • 2: skip the mail; do not retrieve it
366 Return codes greater than or equal to 3 mean that an error
367 occurred. The ‘sysexits.h’ error codes may be used to give
368 information about the kind of the error, but this is not necessary.
369 *Note Filtering::.
370‘received_header [(on|off)]’
371 Enable or disable adding a Received header. By default, mpop
372 prepends a Received header to the mail during delivery. This is
373 required by the RFCs if the mail is subsequently further delivered
374 e.g. via SMTP.
375
376�
377File: mpop.info, Node: Invocation, Next: Transport Layer Security, Prev: Configuration file, Up: Top
378
3793 Invocation
380************
381
3823.1 Synopsis
383============
384
385 • Mail retrieval mode (default):
386 ‘mpop [OPTION...] [--] [ACCOUNT...]’
387 • Configuration mode:
388 ‘mpop --configure MAILADDRESS’
389 • Server information mode:
390 ‘mpop [OPTION...] --serverinfo [ACCOUNT...]’
391
392 mpop is usually run with one or more accounts as parameters. If no
393account is provided, an account named ‘default’ is used if it exist.
394Alternatively, ‘mpop -a’ will use all accounts defined in the
395configuration file.
396
397 This can be automated by running mpop from ‘cron(8)’.
398
3993.2 Exit code
400=============
401
402The standard exit codes from ‘sysexits.h’ are used.
403
4043.3 Files
405=========
406
407‘‘~/.mpoprc’ or ‘$XDG_CONFIG_HOME/mpop/config’.’
408 The default user configuration file.
409‘‘~/.mpop_uidls’’
410 Default directory to store UIDLs files in.
411‘‘~/.netrc’ and ‘SYSCONFDIR/netrc’’
412 The ‘netrc’ file contains login information. Before prompting for
413 a password, msmtp will search it in ~/.netrc and SYSCONFDIR/netrc.
414
4153.4 Environment
416===============
417
418‘‘$USER’, ‘$LOGNAME’’
419 These variables override the user’s login name. ‘$LOGNAME’ is only
420 used if ‘$USER’ is unset. The user’s login name is used for
421 ‘Received’ headers.
422‘‘$TMPDIR’’
423 Directory to create temporary files in. If this is unset, a system
424 specific default directory is used.
425
4263.5 Options
427===========
428
429Options override configuration file settings. The following options are
430accepted:
431
4323.5.1 General options
433---------------------
434
435‘--version’
436 Print version information, including information about the
437 libraries used.
438‘--help’
439 Print help.
440‘-P’
441‘--pretend’
442 Print the configuration settings that would be used, but do not
443 take further action. An asterisk (’*’) will be printed instead of
444 the password.
445‘-d’
446‘--debug’
447 Print lots of debugging information, including the whole
448 conversation with the server. Be careful with this option: the
449 (potentially dangerous) output will not be sanitized, and your
450 password may get printed in an easily decodable format!
451 This option implies ‘--half-quiet’, because the debugging output
452 would otherwise interfere with the progress output.
453
4543.5.2 Changing the mode of operation
455------------------------------------
456
457‘--configure=MAILADDRESS’
458 Generate a configuration for the given mail address and print it.
459 This can be modified or copied unchanged to the configuration file.
460 Note that this only works for mail domains that publish appropriate
461 SRV records; see RFC 8314.
462‘-S’
463‘--serverinfo’
464 Print information about the POP3 server and exit. This includes
465 information about supported features (pipelining, authentication
466 methods, TOP command, ...), about parameters (time for which mails
467 will not be deleted, minimum time between logins, ...), and about
468 the TLS certificate (if TLS is active). *Note Server information
469 mode::.
470
4713.5.3 Configuration options
472---------------------------
473
474Most options in this category correspond to a configuration file
475command. Please refer to *note Configuration file:: for detailed
476information.
477‘-C FILENAME’
478‘--file=FILENAME’
479 Use the given file instead of ‘~/.mpoprc’ or
480 ‘XDG_CONFIG_HOME/mpop/config’ as the configuration file.
481‘--host=HOSTNAME’
482 Use this server with settings from the command line; do not use any
483 configuration file data. This option disables loading of the
484 configuration file. You cannot use both this option and account
485 names on the command line.
486‘--port=NUMBER’
487 Set the port number. *Note port::.
488‘--source-ip=[IP]’
489 Set or unset an IP address to bind the socket to. *Note
490 source_ip::.
491‘--proxy-host=[IP|HOSTNAME]’
492 Set or unset a SOCKS proxy to use. *Note proxy_host::.
493‘--proxy-port=[NUMBER]’
494 Set or unset a port number for the proxy host. *Note proxy_port::.
495‘--socket=[SOCKETNAME]’
496 Set or unset a local unix domain socket name to connect to. *Note
497 socket::.
498‘--timeout=(off|SECONDS)’
499 Set or unset a network timeout, in seconds. *Note timeout::.
500‘--pipelining=(auto|on|off)’
501 Enable or disable POP3 pipelining. *Note pipelining::.
502‘--received-header[=(on|off)]’
503 Enable or disable the Received header. *Note received_header::.
504‘--auth[=(on|METHOD)]’
505 Set the authentication method to automatic (with ‘on’) or manually
506 choose an authentication method. *Note auth::.
507‘--user=[USERNAME]’
508 Set or unset the user name for authentication. *Note user::.
509‘--passwordeval=[EVAL]’
510 Evaluate password for authentication. *Note passwordeval::.
511‘--tls[=(on|off)]’
512 Enable or disable TLS/SSL. *Note tls::.
513‘--tls-starttls[=(on|off)]’
514 Enable or disable STARTTLS for TLS. *Note tls_starttls::.
515‘--tls-trust-file=[FILE]’
516 Set or unset a trust file for TLS. *Note tls_trust_file::.
517‘--tls-crl-file=[FILE]’
518 Deprecated. Set or unset a certificate revocation list (CRL) file
519 for TLS. *Note tls_crl_file::.
520‘--tls-fingerprint=[FINGERPRINT]’
521 Set ot unset the fingerprint of a trusted TLS certificate. *Note
522 tls_fingerprint::.
523‘--tls-key-file=[FILE]’
524 Set or unset a key file for TLS. *Note tls_key_file::.
525‘--tls-cert-file=[FILE]’
526 Set or unset a cert file for TLS. *Note tls_cert_file::.
527‘--tls-certcheck[=(on|off)]’
528 Enable or disable server certificate checks for TLS. *Note
529 tls_certcheck::.
530‘--tls-priorities=[PRIORITIES]’
531 Set or unset TLS priorities. *Note tls_priorities::.
532‘--tls-host-override=[HOST]’
533 Set or unset override for TLS host verification. *Note
534 tls_host_override::.
535‘--tls-min-dh-prime-bits=[BITS]’
536 Deprecated, use ‘--tls-priorities’ instead. Set or unset minimum
537 bit size of the Diffie-Hellman (DH) prime. *Note
538 tls_min_dh_prime_bits::.
539
5403.5.4 Options specific to mail retrieval mode
541---------------------------------------------
542
543‘-q’
544‘--quiet’
545 Do not print status or progress information.
546‘-Q’
547‘--half-quiet’
548 Print status but not progress information.
549‘-a’
550‘--all-accounts’
551 Query all accounts in the configuration file.
552‘-A’
553‘--auth-only’
554 Authenticate only; do not retrieve mail. Useful for
555 SMTP-after-POP.
556‘-s’
557‘--status-only’
558 Print number and size of mails in each account only; do not
559 retrieve mail.
560‘-n’
561‘--only-new[=(on|off)]’
562 Process only new messages. *Note only_new::.
563‘-k’
564‘--keep[=(on|off)]’
565 Do not delete mails from POP3 servers, regardless of other options
566 or settings. *Note keep::.
567‘--killsize=(off|SIZE)’
568 Set or unset kill size. *Note killsize::.
569‘--skipsize=(off|SIZE)’
570 Set or unset skip size. *Note skipsize::.
571‘--filter=[COMMAND]’
572 Set a filter which will decide whether to retrieve, skip, or delete
573 each mail by investigating the mail’s headers. *Note filter::.
574‘--delivery=METHOD,METHOD_ARGUMENTS...’
575 How to deliver messages received from this account. *Note
576 delivery::. Note that a comma is used instead of a blank to
577 separate the method from its arguments.
578‘--uidls-file=FILENAME’
579 File to store UIDLs in. *Note uidls_file::.
580
581�
582File: mpop.info, Node: Transport Layer Security, Next: Authentication, Prev: Invocation, Up: Top
583
5844 Transport Layer Security
585**************************
586
587Transport Layer Security (TLS) "... provides communications privacy over
588the Internet. The protocol allows client/server applications to
589communicate in a way that is designed to prevent eavesdropping,
590tampering, or message forgery" (quote from RFC2246).
591
592 A server can use TLS in one of two modes:
593 • Via a STARTTLS command
594 The session starts with the normal protocol initialization, and TLS
595 is then started using the protocol’s STARTTLS command.
596 • Immediately
597 TLS is initialized before the normal protocol initialization. This
598 requires a separate port.
599 The first mode is the default, but you can switch to the second mode
600by disabling *note tls_starttls::.
601
602 When TLS is started, the server sends a certificate to identify
603itself. To verify the server identity, a client program is expected to
604check that the certificate is formally correct and that it was issued by
605a Certificate Authority (CA) that the user trusts. (There can also be
606certificate chains with intermediate CAs.)
607
608 The list of trusted CAs is specified using the *note tls_trust_file::
609command. The default value ist ‘system’ and chooses the system-wide
610default, but you can also choose the trusted CAs yourself.
611
612 A fundamental problem with this is that you need to trust CAs. Like
613any other organization, a CA can be incompetent, malicious, subverted by
614bad people, or forced by government agencies to compromise end users
615without telling them. All of these things happened and continue to
616happen worldwide. The idea to have central organizations that have to
617be trusted for your communication to be secure is fundamentally broken.
618
619 Instead of putting trust in a CA, you can choose to trust only a
620single certificate for the server you want to connect to. For that
621purpose, specify the certificate fingerprint with *note
622tls_fingerprint::. This makes sure that no man-in-the-middle can fake
623the identity of the server by presenting you a fraudulent certificate
624issued by some CA that happens to be in your trust list. However, you
625have to update the fingerprint whenever the server certificate changes,
626and you have to make sure that the change is legitimate each time, e.g.
627when the old certificate expired. This is inconvenient, but it’s the
628price to pay.
629
630 Information about a server certificate can be obtained with
631‘--serverinfo --tls --tls-certcheck=off’. This includes the issuer CA
632of the certificate (so you can trust that CA via ‘tls_trust_file’), and
633the fingerprint of the certificate (so you can trust that particular
634certificate via ‘tls_fingerprint’). *Note Server information mode::.
635
636 If you need to fine tune TLS parameters, have a look at the *note
637tls_priorities:: command.
638
6394.1 Client Certificates
640=======================
641
642TLS also allows the server to verify the identity of the client. For
643this purpose, the client has to present a certificate issued by a CA
644that the server trusts. To present that certificate, the client also
645needs the matching key file. You can set the certificate and key files
646using *note tls_cert_file:: and *note tls_key_file::. This mechanism
647can also be used to authenticate users, so that traditional user /
648password authentication is not necessary anymore. See the EXTERNAL
649mechanism in *note Authentication::.
650
651 # Enable TLS
652 tls on
653 # Enable TLS client certificates
654 tls_cert_file /path/to/client_cert
655 tls_key_file /path/to/client_key
656 # Enable authentication via the EXTERNAL mechanism (optional; depends on server)
657 # The user name is empty because the server should get it from the client cert
658 auth external
659 user ""
660
661 You can also use client certificates stored on some external
662authentication device by specifying GnuTLS device URIs in *note
663tls_cert_file:: and *note tls_key_file::. You can find the correct URIs
664using ‘p11tool --list-privkeys --login’ (p11tool is bundled with
665GnuTLS). If your device requires a PIN to access the data, you can
666specify that using one of the password mechanisms (e.g. *note
667passwordeval::, *note password::).
668
669 tls_cert_file pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=00000000;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=Certificate%20for%20PIV%20Authentication;type=cert
670 tls_key_file pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=00000000;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=PIV%20AUTH%20key;type=private
671 passwordeval gpg2 --no-tty -q -d ~/.smart-card-pin.gpg
672
673�
674File: mpop.info, Node: Authentication, Next: Mail retrieval mode, Prev: Transport Layer Security, Up: Top
675
6765 Authentication
677****************
678
679POP3 servers require a client to authenticate before retrieving mail.
680
681 Usually a user name and a password are used for authentication. The
682user name specified in the configuration file with the *note user::
683command. There are five different methods to specify the password:
684 1. Add the password to the system key ring.
685 Currently supported key rings are the Gnome key ring and the Mac OS
686 X Keychain. For the Gnome key ring, use the command ‘secret-tool’
687 (part of Gnome’s libsecret) to store passwords:
688 $ secret-tool store --label=mpop \
689 host pop.freemail.example \
690 service pop3 \
691 user joe.smith
692 On Mac OS X, use the following command:
693 security add-internet-password -s pop.freemail.example -r pop3 -a joe.smith -w
694 In both examples, replace pop.freemail.example with the POP3 server
695 name, and joe.smith with your user name.
696 2. Store the password in an encrypted files, and use *note
697 passwordeval:: to specify a command to decrypt that file, e.g.
698 using GnuPG. *Note Examples::.
699 3. Store the password in the configuration file using the *note
700 password:: command. (Usually it is not considered a good idea to
701 store passwords in cleartext files. If you do it anyway, you must
702 make sure that the file can only be read by yourself.)
703 4. Store the password in ‘~/.netrc’. This method is probably
704 obsolete.
705 5. Type the password into the terminal when it is required.
706 It is recommended to use method 1 or 2.
707
708 Multiple authentication methods exist. Most servers support only
709some of them. Historically, sophisticated methods were developed to
710protect passwords from being sent unencrypted to the server, but
711nowadays everybody needs *note Transport Layer Security:: anyway, so the
712simple methods suffice since the whole session is protected. A suitable
713authentication method is chosen automatically, and when TLS is disabled
714for some reason, only methods that avoid sending cleartext passwords are
715considered.
716
717 The following user / password methods are supported:
718 • ‘USER’
719 A simple cleartext method supported by all servers.
720 • ‘PLAIN’
721 Another simple cleartext method supported by almost all servers.
722 • ‘SCRAM-SHA-1’
723 A method that avoids cleartext passwords.
724 • ‘SCRAM-SHA-256’
725 A method that avoids cleartext passwords. Same family as
726 SCRAM-SHA-1 but with stronger hash function.
727 • ‘APOP’
728 An obsolete method that avoids cleartext passwords, but is not
729 considered secure anymore.
730 • ‘CRAM-MD5’
731 An obsolete method that avoids cleartext passwords, but is not
732 considered secure anymore.
733 • ‘DIGEST-MD5’
734 An overcomplicated obsolete method that avoids cleartext passwords,
735 but is not considered secure anymore.
736 • ‘LOGIN’
737 A non-standard cleartext method similar to (but worse than) PLAIN.
738 • ‘NTLM’
739 An obscure non-standard method that is now considered broken. It
740 sometimes requires a special domain parameter passed via *note
741 ntlmdomain::. Do not use it.
742
743 There are currently three authentication methods that are not based
744on user / password information and have to be chosen manually:
745 • ‘OAUTHBEARER’ or its predecessor ‘XOAUTH2’
746 An OAuth2 token from the mail provider is used as the password.
747 See the documentation of your mail provider for details on how to
748 get this token. The ‘passwordeval’ command can be used to pass the
749 regularly changing tokens into mpop from a script or an environment
750 variable.
751 • ‘EXTERNAL’
752 The authentication happens outside of the protocol, typically by
753 sending a TLS client certificate (see *note Client Certificates::).
754 The EXTERNAL method merely confirms that this authentication
755 succeeded; it does not perform the authentication. Thus it may not
756 be necessary to use it for authentication to succeed, and if the
757 server does not support the EXTERNAL method, this does not mean
758 that it does not support authentication with TLS client
759 certificates.
760 • ‘GSSAPI’
761 With this method, the Kerberos framework takes care of secure
762 authentication. Only a user name is required.
763
764 It depends on the underlying authentication library and its version
765whether a particular method is supported or not. Use ‘--version’ to
766find out which methods are supported by your version.
767
768�
769File: mpop.info, Node: Mail retrieval mode, Next: Server information mode, Prev: Authentication, Up: Top
770
7716 Mail retrieval mode
772*********************
773
774In this mode, mpop retrieves mail from one or more POP3 servers. It
775delivers each of them using the method that was given with the *note
776delivery:: command or *note --delivery:: option.
777
778 While retrieving the mail, mpop displays approximate progress
779information, which can be turned off with the *note --half-quiet:: or
780*note --quiet:: options.
781
782 If the delivery succeeded, the mail is deleted from the POP3 server
783by default. The *note keep:: command and *note --keep:: option prevent
784the deletion of mails. Some POP3 servers will delete mails without any
785user interaction. See EXPIRE in *note Server information mode::. Mpop
786can do nothing about that.
787
788 If you do not want to download certain mails, but skip them or delete
789them directly, you can do filtering based on the mail headers. *Note
790Filtering::.
791
792 If you just want to know if you have new mails (and how many), use
793the *note --status-only:: option.
794
795 If you just want to authenticate to the POP3 server, but do not want
796to look at your mails, use the *note --auth-only:: option. This can be
797useful for sending mail through SMTP servers that require SMTP-after-POP
798(aka POP-before-SMTP).
799
800 Before mpop delivers a mail, it prepends a Received header to it.
801This is necessary for example if the delivery method transmits the mail
802to an SMTP server, but can be disabled with the *note received_header::
803command. Mpop does not change the contents of the mail in any other
804way.
805
806�
807File: mpop.info, Node: Server information mode, Next: Filtering, Prev: Mail retrieval mode, Up: Top
808
8097 Server information mode
810*************************
811
812In server information mode, mpop prints as much information about the
813POP3 server as it can get and then exits.
814
815 The POP3 features that can be detected are:
816 • IMPLEMENTATION
817 The implementation string of the POP3 server.
818 • CAPA
819 Support for the POP3 CAPA command. The server sends a list of its
820 capabilities in response to this command.
821 • PIPELINING
822 Support for POP3 pipelining. *Note pipelining::.
823 • TOP
824 Support for the POP3 TOP command. This is needed for header based
825 filtering to work. *Note Filtering::.
826 • UIDL
827 Support for the POP3 UIDL command. This is needed to distinguish
828 between new and already retrieved messages.
829 • LOGIN-DELAY
830 The minimum time between two POP3 sessions. The server may refuse
831 a POP3 session if the last one was active less than this time
832 period ago.
833 • EXPIRE
834 The time after which old mails are deleted by the POP3 server.
835 • NEVER: The POP3 server will not delete mail without the user
836 requesting it.
837 • 0: The POP3 server will not keep mails; all mails will be
838 deleted after they have been downloaded, regardless of the
839 user’s wishes.
840 • NUMBER: The number of days that the POP3 server will keep
841 mails before deleting them without user interaction.
842 • STARTTLS
843 *Note Transport Layer Security::.
844 • AUTH
845 *Note Authentication::.
846 • RESP-CODES
847 If authentication fails and the POP3 server issues an error message
848 beginning with a square bracket, this message will include
849 additional information about the source of the error:
850 • ‘[LOGIN-DELAY]’: The login delay period hast not yet expired.
851 • ‘[IN-USE]’: Authentication succeeded but the mailbox is
852 currently in use, possibly by another POP3 session.
853 • AUTH-RESP-CODE
854 If authentication fails and the POP3 server issues an error message
855 beginning with a square bracket, this message will include
856 additional information about the source of the error:
857 • ‘[LOGIN-DELAY]’: The login delay period hast not yet expired.
858 • ‘[IN-USE]’: Authentication succeeded but the mailbox is
859 currently in use, possibly by another POP3 session.
860 • ‘[SYS/TEMP]’: Temporary system failure; try again later.
861 • ‘[SYS/PERM]’: Permanent system failure; ask the administrator.
862 • ‘[AUTH]’: Incorrect user name or password or some other
863 problem with the user’s credentials.
864
865 If TLS is activated for server information mode, the following
866information will be printed about the POP3 server’s TLS certificate (if
867available):
868 • Owner information
869 • Common Name
870 • Organization
871 • Organizational unit
872 • Locality
873 • State or Province
874 • Country
875 • Issuer information
876 • Common Name
877 • Organization
878 • Organizational unit
879 • Locality
880 • State or Province
881 • Country
882 • General
883 • Activation time
884 • Expiration time
885 • SHA256 fingerprint
886 • SHA1 fingerprint (deprecated)
887
888�
889File: mpop.info, Node: Filtering, Next: Examples, Prev: Server information mode, Up: Top
890
8918 Filtering
892***********
893
894There are three filtering commands available. They will be executed in
895the following order:
896
897 1. ‘killsize’
898 2. ‘skipsize’
899 3. ‘filter’
900
901 If a filtering command applies to a mail, the remaining filters will
902not be executed.
903
904 The POP3 server must support the POP3 TOP command (*note Server
905information mode::) for filtering with a filter command: It is used to
906read the mail headers (plus the blank line separating the header from
907the body) and pipe them to the filter command.
908
909 Note that, if the filter decides that the mail should be retrieved,
910the complete mail has to be downloaded, including the headers, so the
911headers will be downloaded twice. This is because there’s no way in
912POP3 to download just the mail body. Sometimes this overhead surpasses
913the savings of the filtering.
914
915 The filter command looks at the mail headers and signals with its
916exit code what mpop should do with the mail:
917 • 0: retrieve the mail
918 • 1: delete the mail; do not retrieve it
919 • 2: skip the mail; do not retrieve it
920 Return codes greater than or equal to 3 mean that an error occurred.
921The ‘sysexits.h’ error codes may be used to give information about the
922kind of the error, but this is optional.
923
924 Since the filter command will be passed to a shell, you can use all
925shell command constructs in addition to just calling a script or
926program. This allows flexible filter constructs. *Note Filtering with
927SpamAssassin::.
928
929 Some POP3 servers count end-of-line characters as two bytes (CRLF)
930instead of one (LF), so that the size of a mail as reported by the POP3
931server is slightly larger than the actual size. The filters use the
932size values reported by the POP3 server since they cannot know the
933actual size in advance. Thus you cannot rely on _exact_ size filtering.
934
935�
936File: mpop.info, Node: Examples, Next: Minimal POP3 server (mpopd), Prev: Filtering, Up: Top
937
9389 Examples
939**********
940
941* Menu:
942
943* A configuration file::
944* Filtering with SpamAssassin::
945* Using mpop with Tor::
946
947�
948File: mpop.info, Node: A configuration file, Next: Filtering with SpamAssassin, Up: Examples
949
9509.1 A configuration file
951========================
952
953 # Example for a user configuration file ~/.mpoprc
954 #
955 # This file focusses on TLS, authentication, and the mail delivery method.
956 # Features not used here include mail filtering, timeouts, SOCKS proxies,
957 # TLS parameters, and more.
958
959
960 # Set default values for all following accounts.
961 defaults
962
963 # Always use TLS.
964 tls on
965
966 # Set a list of trusted CAs for TLS. The default is to use system settings, but
967 # you can select your own file.
968 #tls_trust_file /usr/local/share/certs/ca-root-nss.crt
969
970 # Deliver mail to an MBOX mail file:
971 delivery mbox ~/Mail/inbox
972 # Deliver mail to a maildir folder:
973 #delivery maildir ~/Mail/incoming
974 # Deliver mail via procmail:
975 #delivery mda "/usr/bin/procmail -f '%F' -d $USER"
976 # Deliver mail via the local SMTP server:
977 #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
978 # Deliver mail to an Exchange pickup directory:
979 #delivery exchange c:\exchange\pickup
980
981 # Use an UIDLS file in ~/.local/share instead of ~/.mpop_uidls
982 uidls_file ~/.local/share/%U_at_%H
983
984
985 # A freemail service
986 account freemail
987
988 # Host name of the POP3 server
989 host pop.freemail.example
990
991 # As an alternative to tls_trust_file, you can use tls_fingerprint
992 # to pin a single certificate. You have to update the fingerprint when the
993 # server certificate changes, but an attacker cannot trick you into accepting
994 # a fraudulent certificate. Get the fingerprint with
995 # $ mpop --serverinfo --tls --tls-certcheck=off --host=pop.freemail.example
996 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33
997
998 # Authentication. The password is given using one of five methods, see below.
999 user joe.smith
1000
1001 # Password method 1: Add the password to the system keyring, and let mpop get
1002 # it automatically. To set the keyring password using Gnome's libsecret:
1003 # $ secret-tool store --label=mpop \
1004 # host pop.freemail.example \
1005 # service pop3 \
1006 # user joe.smith
1007
1008 # Password method 2: Store the password in an encrypted file, and tell mpop
1009 # which command to use to decrypt it. This is usually used with GnuPG, as in
1010 # this example. Usually gpg-agent will ask once for the decryption password.
1011 passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg
1012
1013 # Password method 3: Store the password directly in this file. Usually it is not
1014 # a good idea to store passwords in cleartext files. If you do it anyway, at
1015 # least make sure that this file can only be read by yourself.
1016 #password secret123
1017
1018 # Password method 4: Store the password in ~/.netrc. This method is probably not
1019 # relevant anymore.
1020
1021 # Password method 5: Do not specify a password. Mpop will then prompt you for
1022 # it. This means you need to be able to type into a terminal when mpop runs.
1023
1024
1025 # A second mail box at the same freemail service
1026 account freemail2 : freemail
1027 user joey
1028
1029
1030 # The POP3 server of your ISP
1031 account isp
1032 host mail.isp.example
1033 auth on
1034 user 12345
1035 # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status: Yes"
1036 # header, and delete all mails with this header before downloading them.
1037 filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi
1038
1039
1040 # Set a default account
1041 account default : freemail
1042
1043�
1044File: mpop.info, Node: Filtering with SpamAssassin, Next: Using mpop with Tor, Prev: A configuration file, Up: Examples
1045
10469.2 Filtering with SpamAssassin
1047===============================
1048
1049Use the following to delete all mails that SpamAssassin classifies as
1050spam:
1051 filter "/path/to/spamc -c > /dev/null"
1052 Since no message body is passed to SpamAssassin, you should disable
1053all body-specific tests in the SpamAssassin configuration file; for
1054example set use_bayes 0.
1055
1056 If your mail provider runs SpamAssassin for you, you just have to
1057check for the result. The following script can do that when used as an
1058mpop filter:
1059 #!/bin/sh
1060 if [ "`grep "^X-Spam-Status: Yes"`" ]; then
1061 exit 1 # kill this message
1062 else
1063 exit 0 # proceed normally
1064 fi
1065 Since the filter command is passed to a shell, all shell constructs
1066are usable, so you can also use this directly:
1067 filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi
1068
1069�
1070File: mpop.info, Node: Using mpop with Tor, Prev: Filtering with SpamAssassin, Up: Examples
1071
10729.3 Using mpop with Tor
1073=======================
1074
1075Use the following settings:
1076 proxy_host 127.0.0.1
1077 proxy_port 9050
1078 tls on
1079 Use an IP address as proxy host name, so that mpop does not leak a
1080DNS query when resolving it.
1081TLS is required to prevent exit hosts from reading your POP3 session.
1082You also need *note tls_trust_file:: or *note tls_fingerprint:: to check
1083the server identity.
1084
1085�
1086File: mpop.info, Node: Minimal POP3 server (mpopd), Prev: Examples, Up: Top
1087
108810 Minimal POP3 server (mpopd)
1089******************************
1090
1091Mpopd is a minimal POP3 server that delivers mails from a local mailbox
1092in maildir format. It can be used by end users as a way to handle
1093incoming mail via mpop with mail clients that insist on using POP3 (see
1094*note Example: using mpopd to handle incoming mail for a POP3-based mail
1095client::).
1096
1097 Mpopd listens on 127.0.0.1 port 1100 by default, but can also run
1098without its own network sockets in inetd mode, where it handles a single
1099POP3 session on standard input / output.
1100
1101 To prevent abuse, mpopd will allow only a limited number of
1102concurrent POP3 sessions, and if an authentication failure occurrs,
1103future authentication requests in any POP3 session will (for a limited
1104duration) only be answered after a small delay.
1105
1106 Mpopd works fine with other programs delivering additional mails into
1107the maildir folders it serves via POP3, but it expects to be the only
1108program to remove or alter mails in these folders. You can e.g. use
1109mpop to deliver new mails into the maildir folder, but you cannot use a
1110mail client to work on the maildir folder at the same time as mpopd.
1111
1112 Mpopd handles the following options:
1113‘--version’
1114 Print version information
1115‘--help’
1116 Print help.
1117‘--inetd’
1118 Start single POP3 session on stdin/stdout
1119‘--interface=IP’
1120 Listen on the given IPv6 or IPv4 address instead of 127.0.0.1
1121‘--port=NUMBER’
1122 Listen on the given port number instead of 1100
1123‘--log=NONE|SYSLOG|FILENAME’
1124 Set logging: none (default), syslog, or logging to the given file.
1125‘--auth=USER[,PASSWORDEVAL]’
1126 Require authentication with this user name. The password will be
1127 retrieved from the given PASSWORDEVAL command (this works just like
1128 *note passwordeval:: in msmtp) or, if none is given, from the key
1129 ring or, if that fails, from a prompt.
1130‘--maildir=DIR’
1131 Use this maildir as the mailbox.
1132
1133* Menu:
1134
1135* Example: using mpopd to handle incoming mail for a POP3-based mail client::
1136
1137�
1138File: mpop.info, Node: Example: using mpopd to handle incoming mail for a POP3-based mail client, Up: Minimal POP3 server (mpopd)
1139
114010.1 Example: using mpopd to handle incoming mail for a POP3-based mail client
1141==============================================================================
1142
1143Some mail clients cannot get incoming mail from local files and instead
1144insist on using a POP3 server. You can configure mpopd to be that POP3
1145server and serve your incoming mail from a local maildir folder.
1146
1147 (Similarly, some mail clients cannot send outgoing mail via a program
1148such as msmtp and instead insist on using an SMTP server. You can
1149configure msmtpd to be that SMTP server and hand the mail over to msmtp.
1150See the corresponding section in the msmtp manual
1151(https://marlam.de/msmtp/documentation/msmtp.html#Example_003a-using-msmtpd-to-handle-outgoing-mail-for-an-SMTP_002dbased-mail-client).)
1152
1153 For this purpose, mpopd should listen on an unprivileged port, e.g.
11541100 (the default). A mailbox is defined using first the ‘--auth’
1155option to set a user name and password and then using the ‘--maildir’
1156option to specify the maildir folder that holds the incoming mail.
1157Multiple such option pairs can be used to define multiple mailboxes,
1158e.g. from different remote mail accounts. Programs such as mpop can
1159deliver new mail into the maildir folders at any time, but as long as
1160mpopd is running no other programs may alter or remove mails from these
1161folders.
1162
1163 Let’s use the user name MPOPD-USER. You have two options to manage
1164the password:
1165 1. Store the password in your key ring, e.g. with
1166 secret-tool store --label=mpopd host localhost service pop3 user mpopd-user
1167 In this case, use the mpopd option ‘--auth=mpopd-user’.
1168 2. Store the password in an encrypted file and use the passwordeval
1169 mechanism. Example for gpg:
1170 mpopd ... --auth=mpopd-user,'gpg -q -d ~/.mpopd-password.gpg'
1171
1172 The complete command then is (using the keyring):
1173 mpopd --auth=mpopd-user --maildir=/path/to/your/maildir/folder
1174
1175 The mail client software must then be configured to use ‘localhost’
1176at port ‘1100’ for incoming mail via POP3, and to use authentication
1177with user ‘mpopd-user’ and the password you chose. The mail client will
1178probably complain that the POP3 server does not support TLS, but in this
1179special case that is ok since all communication between your mail client
1180and mpopd will stay on the local machine.
1181
1182
1183�
1184Tag Table:
1185Node: Top629
1186Node: Introduction1650
1187Node: Configuration file3511
1188Ref: defaults4612
1189Ref: account4737
1190Ref: host5114
1191Ref: port5297
1192Ref: source_ip5474
1193Ref: proxy_host5657
1194Ref: proxy_port6127
1195Ref: socket6293
1196Ref: timeout6468
1197Ref: pipelining6703
1198Ref: auth7120
1199Ref: user7491
1200Ref: password7602
1201Ref: passwordeval7873
1202Ref: ntlmdomain8130
1203Ref: tls8316
1204Ref: tls_starttls8409
1205Ref: tls_trust_file8574
1206Ref: tls_crl_file8942
1207Ref: tls_fingerprint9210
1208Ref: tls_key_file9727
1209Ref: tls_cert_file9972
1210Ref: tls_certcheck10193
1211Ref: tls_priorities10481
1212Ref: tls_host_override11386
1213Ref: tls_min_dh_prime_bits11629
1214Ref: delivery12175
1215Ref: uidls_file14448
1216Ref: only_new15116
1217Ref: keep15363
1218Ref: killsize15562
1219Ref: skipsize16257
1220Ref: filter16619
1221Ref: received_header18194
1222Node: Invocation18459
1223Ref: Files19238
1224Ref: Environment19633
1225Ref: --configure20979
1226Ref: --serverinfo21257
1227Ref: --pipelining22849
1228Ref: --received_header22943
1229Ref: --auth23048
1230Ref: --user23204
1231Ref: --passwordeval23295
1232Ref: --tls-starttls23457
1233Ref: --tls-trust-file23552
1234Ref: --tls-crl-file23646
1235Ref: --tls-fingerprint23782
1236Ref: --tls-key-file23915
1237Ref: --tls-cert-file24003
1238Ref: --tls-certcheck24094
1239Ref: --tls-priorities24213
1240Ref: --tls-host-override24308
1241Ref: --tls-min-dh-prime-bits24428
1242Ref: --quiet24720
1243Ref: --half-quiet24792
1244Ref: --all-accounts24868
1245Ref: --auth-only24949
1246Ref: --status-only25055
1247Ref: --only-new25169
1248Ref: --keep25257
1249Ref: --killsize25395
1250Ref: --skipsize25471
1251Ref: --filter25547
1252Ref: --delivery25716
1253Ref: --uidls-file25935
1254Node: Transport Layer Security26015
1255Ref: Client Certificates28919
1256Node: Authentication30720
1257Node: Mail retrieval mode35374
1258Node: Server information mode36986
1259Node: Filtering40374
1260Node: Examples42307
1261Node: A configuration file42521
1262Node: Filtering with SpamAssassin46113
1263Node: Using mpop with Tor47098
1264Node: Minimal POP3 server (mpopd)47596
1265Node: Example: using mpopd to handle incoming mail for a POP3-based mail client49710
1266�
1267End Tag Table
1268
1269�
1270Local Variables:
1271coding: utf-8
1272End:
1273