1This is mpop.info, produced by makeinfo version 6.8 from mpop.texi. 2 3This manual was last updated 2 October 2021 for version 1.4.15 of mpop. 4 5 Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 62014, 2015, 2016, 2018, 2019, 2020, 2021 Martin Lambers 7 8 Copying and distribution of this file, with or without 9 modification, are permitted in any medium without royalty provided 10 the copyright notice and this notice are preserved. These files 11 are offered as-is, without any warranty. 12INFO-DIR-SECTION Individual utilities 13START-INFO-DIR-ENTRY 14* mpop: (mpop). A POP3 client. 15END-INFO-DIR-ENTRY 16 17 18File: mpop.info, Node: Top, Next: Introduction, Up: (dir) 19 20mpop 21**** 22 23This manual was last updated 2 October 2021 for version 1.4.15 of mpop. 24 25 Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 262014, 2015, 2016, 2018, 2019, 2020, 2021 Martin Lambers 27 28 Copying and distribution of this file, with or without 29 modification, are permitted in any medium without royalty provided 30 the copyright notice and this notice are preserved. These files 31 are offered as-is, without any warranty. 32 33* Menu: 34 35* Introduction:: Basic concepts. 36* Configuration file:: Configuration file commands. 37* Invocation:: Command line options. 38* Transport Layer Security:: How to use TLS/SSL. 39* Authentication:: How to use authentication. 40* Mail retrieval mode:: How to retrieve mail. 41* Server information mode:: How to obtain information about 42 a POP3 server. 43* Filtering:: How to filter mails. 44* Examples:: Usage examples. 45* Minimal POP3 server (mpopd):: When and how to use mpopd. 46 47 48File: mpop.info, Node: Introduction, Next: Configuration file, Prev: Top, Up: Top 49 501 Introduction 51************** 52 53mpop is a POP3 client. 54 55 In its default mode of operation, it retrieves mails from one or more 56POP3 mailboxes, optionally does some filtering, and delivers them 57through a mail delivery agent (MDA), to a maildir folder, or to an mbox 58file. Mails that were successfully delivered before will not be 59retrieved a second time, even if errors occur or mpop is terminated in 60the middle of a session. 61 62 The best way to start is probably to have a look at the Examples 63section. *Note Examples::. 64 65 In addition to the mail retrieval mode, mpop can be used in server 66information mode. In this mode, mpop prints as much information as it 67can get about a given POP3 server (greeting, supported features, login 68delay, maximum mail size, ...). 69 70 Normally, a configuration file contains information about which POP3 71server to use and how to use it, but all settings can also be configured 72on the command line. 73 74 POP3 server information is organized in accounts. Each account 75describes one POP3 server: host name, authentication settings, TLS 76settings, and so on. Each configuration file can define multiple 77accounts. 78 79 Supported features include: 80 • Header based mail filtering: filter junk mail before downloading it 81 • Delivery to maildir folders, mbox files, Exchange pickup 82 directories, or a mail delivery agent (MDA) 83 • Very fast POP3 implementation, using command pipelining 84 • TLS secured connections (including server certificate verification 85 and the possibility to send a client certificate) 86 • Authentication methods USER/PASS, APOP, PLAIN, LOGIN and CRAM-MD5 87 (and GSSAPI, SCRAM-SHA-1, SCRAM-SHA-256, DIGEST-MD5, and NTLM when 88 GNU SASL is used) 89 • Internationalized Domain Names (IDN) 90 91 92File: mpop.info, Node: Configuration file, Next: Invocation, Prev: Introduction, Up: Top 93 942 Configuration file 95******************** 96 97A suggestion for a suitable configuration file can be generated using 98the ‘--configure’ option; see *note --configure::. The default 99configuration file is ‘~/.mpoprc’ or ‘$XDG_CONFIG_HOME/mpop/config’. 100Settings in this file can be changed by command line options. 101 102 A configuration file is a simple text file. Empty lines and comment 103lines (first non-blank character is ’#’) are ignored. Every other line 104must contain a command and may contain an argument to that command. The 105argument may be enclosed in double quotes ("). 106 107 If a file name starts with the tilde (~), this tilde will be replaced 108by ‘$HOME’. 109 110 If a command accepts the argument ‘on’, it also accepts an empty 111argument and treats that as if it was ‘on’. 112 113 Commands are organized in accounts. Each account starts with the 114‘account’ command and defines the settings for one POP3 account. 115 116 *Note Examples::. 117 1182.1 General commands 119==================== 120 121‘defaults’ 122 Set defaults. The following commands will set default values for 123 all following account definitions. 124‘account NAME [ : ACCOUNT[,...] ]’ 125 Start a new account definition with the given name. The current 126 default values are filled in (see *note defaults::). 127 If a colon and a list of previously defined accounts is given after 128 the account name, the new account, with the filled in default 129 values, will inherit all settings from the accounts in the list. 130‘host HOSTNAME’ 131 The POP3 server to retrieve mails from. The argument may be a host 132 name or a network address. Every account definition must contain 133 this command. 134‘port NUMBER’ 135 The port that the POP3 server listens on. The default is 110 136 ("pop3"), unless TLS without STARTTLS is used, in which case it is 137 995 ("pop3s"). 138‘source_ip [IP]’ 139 Set a source IP address to bind the outgoing connection to. Useful 140 only in special cases on multi-home systems. An empty argument 141 disables this. 142‘proxy_host [IP|HOSTNAME]’ 143 Use a SOCKS proxy. All network traffic will go through this proxy 144 host, including DNS queries, except for a DNS query that might be 145 necessary to resolve the proxy host name itself (this can be 146 avoided by using an IP address as proxy host name). An empty 147 argument disables proxy usage. The supported SOCKS protocol 148 version is 5. If you plan to use this with Tor, see also *note 149 Using mpop with Tor::. 150‘proxy_port [NUMBER]’ 151 Set the port number for the proxy host. An empty ‘number’ argument 152 resets this to the default port, which is 1080 ("socks"). 153‘socket [SOCKETNAME]’ 154 Set the file name of a unix domain socket to connect to. This 155 overrides both ‘host’/‘port’ and ‘proxy_host’/‘proxy_port’. 156‘timeout (off|SECONDS)’ 157 Set or unset a network timeout, in seconds. The default is 180 158 seconds. The argument ‘off’ means that no timeout will be set, 159 which means that the operating system default will be used. 160‘pipelining (auto|on|off)’ 161 Enable or disable POP3 pipelining. You should never need to change 162 the default setting, which is ‘auto’: mpop enables pipelining for 163 POP3 servers that advertise this capability, and disables it for 164 all other servers. Pipelining can speed up a POP3 session 165 substantially. 166 1672.2 Authentication commands 168=========================== 169 170*Note Authentication::. 171 172‘auth [(on|METHOD)]’ 173 Choose an authentication method. The default argument ‘on’ chooses 174 a method automatically. Accepted methods are ‘user’, ‘apop’, 175 ‘plain’, ‘scram-sha-1’, ‘scram-sha-256’, ‘oauthbearer’, ‘xoauth2’, 176 ‘cram-md5’, ‘gssapi’, ‘digest-md5’, ‘external’, ‘login’, and 177 ‘ntlm’. 178‘user [USERNAME]’ 179 Set the user name for authentication. An empty argument unsets the 180 user name. 181‘password [SECRET]’ 182 Set the password for authentication. An empty argument unsets the 183 password. Consider using the ‘passwordeval’ command or a key ring 184 instead of this command, to avoid storing cleartext passwords in 185 the configuration file. 186‘passwordeval [EVAL]’ 187 Set the password for authentication to the output (stdout) of the 188 command EVAL. This can be used e.g. to decrypt password files on 189 the fly or to query key rings, and thus to avoid storing cleartext 190 passwords. 191‘ntlmdomain [NTLMDOMAIN]’ 192 Set a domain for the ‘ntlm’ authentication method. This is 193 obsolete. 194 1952.3 TLS commands 196================ 197 198*Note Transport Layer Security::. 199 200‘tls [(on|off)]’ 201 Enable or disable TLS (also known as SSL) for secured connections. 202‘tls_starttls [(on|off)]’ 203 Choose the TLS variant: start TLS from within the session (‘on’, 204 default), or tunnel the session through TLS (‘off’). 205‘tls_trust_file [FILE]’ 206 Activate server certificate verification using a list of trusted 207 Certification Authorities (CAs). The default is the special value 208 ‘system’, which selects the system default. An empty argument 209 disables trust in CAs. If you select a file, it must be in PEM 210 format, and you should also use ‘tls_crl_file’. 211‘tls_crl_file [FILE]’ 212 Deprecated. This sets a certificate revocation list (CRL) file for 213 TLS, to check for revoked certificates (an empty argument, which is 214 the default, disables this). Nowadays automatic OCSP checks 215 replace CRL file checks. 216‘tls_fingerprint [FINGERPRINT]’ 217 Set the fingerprint of a single certificate to accept for TLS. This 218 certificate will be trusted regardless of its contents (this 219 overrides ‘tls_trust_file’). The fingerprint should be of type 220 SHA256, but can for backwards compatibility also be of type SHA1 or 221 MD5 (please avoid this). The format should be ‘01:23:45:67:...’. 222 Use ‘--serverinfo --tls --tls-certcheck=off --tls-fingerprint=’ to 223 get the server certificate fingerprint. 224‘tls_key_file [FILE]’ 225 Send a client certificate to the server (use this together with 226 ‘tls_cert_file’). The file must contain the private key of a 227 certificate in PEM format. An empty argument disables this 228 feature. 229‘tls_cert_file [FILE]’ 230 Send a client certificate to the server (use this together with 231 ‘tls_key_file’). The file must contain a certificate in PEM 232 format. An empty argument disables this feature. 233‘tls_certcheck [(on|off)]’ 234 Enable or disable checks of the server certificate. They are 235 enabled by default. 236 Disabling them will override ‘tls_trust_file’ and 237 ‘tls_fingerprint’. WARNING: When the checks are disabled, TLS 238 sessions will not be secure! 239‘tls_priorities [PRIORITIES]’ 240 Set priorities for TLS session parameters. The default is set by 241 the TLS library and can be selected by using an empty argument to 242 this command. The interpretation of the PRIORITIES string depends 243 on the TLS library. Use ‘--version’ to find out which TLS library 244 you use. 245 For GnuTLS, see the section on Priority Strings in the manual. 246 For libtls, the PRIORITES string is a space-separated list of 247 parameter strings prefixed with either ‘PROTOCOLS=’, ‘CIPHERS=’, or 248 ‘ECDHECURVES=’. These parameter strings will be passed to the 249 functions ‘tls_config_parse_protocols’, ‘tls_config_set_ciphers’, 250 and ‘tls_config_set_ecdhecurves’. Unrecognized parts of the 251 PRIORITIES string will be ignored. Example: ‘PROTOCOLS=TLSv1.3 252 CIPHERS=ECDHE-RSA-AES128-SHA256 ECDHECURVES=P-384’. 253‘tls_host_override [HOST]’ 254 By default, TLS host verification uses the host name given by the 255 ‘host’ command. This command allows one to use a different host 256 name for verification. This is only useful in special cases. 257‘tls_min_dh_prime_bits [BITS]’ 258 Deprecated, use ‘tls_priorities’ instead. Set or unset the minimum 259 number of Diffie-Hellman (DH) prime bits accepted for TLS sessions. 260 The default is set by the TLS library and can be selected by using 261 an empty argument to this command. Only lower the default (for 262 example to 512 bits) if there is no other way to make TLS work with 263 the remote server. 264 2652.4 Commands specific to mail retrieval mode 266============================================ 267 268*Note Mail retrieval mode::. 269 270‘delivery METHOD METHOD_ARGUMENTS...’ 271 How to deliver messages received from this account. 272 • delivery mda COMMAND 273 Deliver the mails through a mail delivery agent (MDA). 274 All occurrences of ‘%F’ in the command will be replaced with 275 the envelope from address of the current message (or 276 MAILER-DAEMON if none is found). Note that this address is 277 guaranteed to contain only letters ‘a-z’ and ‘A-Z’, digits 278 ‘0-9’, and any of ‘.@_-+/’, even though that is only a subset 279 of what is theoretically allowed in a mail address. Other 280 characters, including those interpreted by the shell, are 281 replaced with ‘_’. Nevertheless, you should put ‘%F’ into 282 single quotes: ‘'%F'’. 283 Use ‘delivery mda "/usr/bin/procmail -f '%F' -d $USER"’ for 284 the procmail MDA. 285 Use ‘delivery mda "/usr/sbin/sendmail -oi -oem -f '%F' -- 286 $USER"’ to let your MTA handle the mail. 287 Use ‘delivery mda /usr/local/bin/msmtp --host=localhost 288 --from='%F' -- $USER@`hostname`.`dnsdomainname`"’ to pass the 289 mail to your MTA via SMTP. 290 • delivery maildir DIRECTORY 291 Deliver the mails to the given maildir directory. The 292 directory must exist and it must have the maildir 293 subdirectories ‘cur’, ‘new’, and ‘tmp’; mpop will not create 294 directories. This delivery type only works on file systems 295 that support hard links. 296 • delivery mbox MBOX-FILE 297 Deliver the mails to the given file in mbox format. The file 298 will be locked with ‘fcntl(2)’. mpop uses the MBOXRD mbox 299 format variant; see the documentation of the mbox format. 300 • delivery exchange DIRECTORY 301 Deliver the mails to the given Exchange pickup directory. The 302 directory must exist. 303 If the delivery method needs to parse the mail headers for an 304 envelope from address (the mda method if the command contains ‘%F’, 305 and the mbox method), then it needs to create a temporary file to 306 store the mail headers (but not the body). See ‘$TMPDIR’ in *note 307 Environment::. 308‘uidls_file FILENAME’ 309 The file to store UIDLs in. These are needed to identify new 310 messages. ‘%U’ in the filename will be replaced by the username of 311 the current account. ‘%H’ in the filename will be replaced by the 312 hostname of the current account. If the filename contains 313 directories that do not exist, mpop will create them. mpop locks 314 this file for exclusive access when accessing the associated POP3 315 account. 316 The default value is ‘~/.mpop_uidls/%U_at_%H’. You can also use a 317 single UIDLS file for multiple accounts, but then you cannot poll 318 more than one of these accounts at the same time. 319‘only_new [(on|off)]’ 320 By default, mpop processes only new messages (new messages are 321 those that were not already successfully retrieved in an earlier 322 session). If this option is turned off, mpop will process all 323 messages. 324‘keep [(on|off)]’ 325 Keep all mails on the POP3 server, never delete them. The default 326 behavior is to delete mails that have been successfully delivered 327 or filtered by kill filters. 328‘killsize (off|SIZE)’ 329 Mails larger than the given size will be deleted, not downloaded 330 (unless the keep command is used, in which case they will just be 331 skipped). The size argument must be zero or greater. If it is 332 followed by a ’k’ or an ’m’, the size is measured in 333 kibibytes/mebibytes instead of bytes. Note that some POP3 servers 334 report slightly incorrect sizes for mails. *Note Filtering::. 335 When ‘killsize’ is set to 0 and ‘keep’ is set to on, then all mails 336 are marked as retrieved, but no mail gets deleted from the server. 337 This can be used to synchronize the UID list on the client to the 338 UID list on the server. 339‘skipsize (off|SIZE)’ 340 Mails larger than the given size will be skipped (not downloaded). 341 The size argument must be zero or greater. If it is followed by a 342 ’k’ or an ’m’, the size is measured in kibibytes/mebibytes instead 343 of bytes. Note that some POP3 servers report slightly incorrect 344 sizes for mails. *Note Filtering::. 345‘filter [COMMAND]’ 346 Set a filter which will decide whether to retrieve, skip, or delete 347 each mail by investigating the mail’s headers. The POP3 server 348 must support the POP3 TOP command for this to work; see *note 349 Server information mode::. An empty argument disables filtering. 350 All occurrences of ‘%F’ in the command will be replaced with the 351 envelope from address of the current message (or MAILER-DAEMON if 352 none is found). Note that this address is guaranteed to contain 353 only letters ‘a-z’ and ‘A-Z’, digits ‘0-9’, and any of ‘.@_-+/’, 354 even though that is only a subset of what is theoretically allowed 355 in a mail address. Other characters, including those interpreted 356 by the shell, are replaced with ‘_’. Nevertheless, you should put 357 ‘%F’ into single quotes: ‘'%F'’. 358 All occurrences of ‘%S’ in the command will be replaced with the 359 size of the current mail as reported by the POP3 server. 360 The mail headers (plus the blank line separating the headers from 361 the body) will be piped to the command. Based on the return code, 362 mpop decides what to do with the mail: 363 • 0: proceed normally; no special action 364 • 1: delete the mail; do not retrieve it 365 • 2: skip the mail; do not retrieve it 366 Return codes greater than or equal to 3 mean that an error 367 occurred. The ‘sysexits.h’ error codes may be used to give 368 information about the kind of the error, but this is not necessary. 369 *Note Filtering::. 370‘received_header [(on|off)]’ 371 Enable or disable adding a Received header. By default, mpop 372 prepends a Received header to the mail during delivery. This is 373 required by the RFCs if the mail is subsequently further delivered 374 e.g. via SMTP. 375 376 377File: mpop.info, Node: Invocation, Next: Transport Layer Security, Prev: Configuration file, Up: Top 378 3793 Invocation 380************ 381 3823.1 Synopsis 383============ 384 385 • Mail retrieval mode (default): 386 ‘mpop [OPTION...] [--] [ACCOUNT...]’ 387 • Configuration mode: 388 ‘mpop --configure MAILADDRESS’ 389 • Server information mode: 390 ‘mpop [OPTION...] --serverinfo [ACCOUNT...]’ 391 392 mpop is usually run with one or more accounts as parameters. If no 393account is provided, an account named ‘default’ is used if it exist. 394Alternatively, ‘mpop -a’ will use all accounts defined in the 395configuration file. 396 397 This can be automated by running mpop from ‘cron(8)’. 398 3993.2 Exit code 400============= 401 402The standard exit codes from ‘sysexits.h’ are used. 403 4043.3 Files 405========= 406 407‘‘~/.mpoprc’ or ‘$XDG_CONFIG_HOME/mpop/config’.’ 408 The default user configuration file. 409‘‘~/.mpop_uidls’’ 410 Default directory to store UIDLs files in. 411‘‘~/.netrc’ and ‘SYSCONFDIR/netrc’’ 412 The ‘netrc’ file contains login information. Before prompting for 413 a password, msmtp will search it in ~/.netrc and SYSCONFDIR/netrc. 414 4153.4 Environment 416=============== 417 418‘‘$USER’, ‘$LOGNAME’’ 419 These variables override the user’s login name. ‘$LOGNAME’ is only 420 used if ‘$USER’ is unset. The user’s login name is used for 421 ‘Received’ headers. 422‘‘$TMPDIR’’ 423 Directory to create temporary files in. If this is unset, a system 424 specific default directory is used. 425 4263.5 Options 427=========== 428 429Options override configuration file settings. The following options are 430accepted: 431 4323.5.1 General options 433--------------------- 434 435‘--version’ 436 Print version information, including information about the 437 libraries used. 438‘--help’ 439 Print help. 440‘-P’ 441‘--pretend’ 442 Print the configuration settings that would be used, but do not 443 take further action. An asterisk (’*’) will be printed instead of 444 the password. 445‘-d’ 446‘--debug’ 447 Print lots of debugging information, including the whole 448 conversation with the server. Be careful with this option: the 449 (potentially dangerous) output will not be sanitized, and your 450 password may get printed in an easily decodable format! 451 This option implies ‘--half-quiet’, because the debugging output 452 would otherwise interfere with the progress output. 453 4543.5.2 Changing the mode of operation 455------------------------------------ 456 457‘--configure=MAILADDRESS’ 458 Generate a configuration for the given mail address and print it. 459 This can be modified or copied unchanged to the configuration file. 460 Note that this only works for mail domains that publish appropriate 461 SRV records; see RFC 8314. 462‘-S’ 463‘--serverinfo’ 464 Print information about the POP3 server and exit. This includes 465 information about supported features (pipelining, authentication 466 methods, TOP command, ...), about parameters (time for which mails 467 will not be deleted, minimum time between logins, ...), and about 468 the TLS certificate (if TLS is active). *Note Server information 469 mode::. 470 4713.5.3 Configuration options 472--------------------------- 473 474Most options in this category correspond to a configuration file 475command. Please refer to *note Configuration file:: for detailed 476information. 477‘-C FILENAME’ 478‘--file=FILENAME’ 479 Use the given file instead of ‘~/.mpoprc’ or 480 ‘XDG_CONFIG_HOME/mpop/config’ as the configuration file. 481‘--host=HOSTNAME’ 482 Use this server with settings from the command line; do not use any 483 configuration file data. This option disables loading of the 484 configuration file. You cannot use both this option and account 485 names on the command line. 486‘--port=NUMBER’ 487 Set the port number. *Note port::. 488‘--source-ip=[IP]’ 489 Set or unset an IP address to bind the socket to. *Note 490 source_ip::. 491‘--proxy-host=[IP|HOSTNAME]’ 492 Set or unset a SOCKS proxy to use. *Note proxy_host::. 493‘--proxy-port=[NUMBER]’ 494 Set or unset a port number for the proxy host. *Note proxy_port::. 495‘--socket=[SOCKETNAME]’ 496 Set or unset a local unix domain socket name to connect to. *Note 497 socket::. 498‘--timeout=(off|SECONDS)’ 499 Set or unset a network timeout, in seconds. *Note timeout::. 500‘--pipelining=(auto|on|off)’ 501 Enable or disable POP3 pipelining. *Note pipelining::. 502‘--received-header[=(on|off)]’ 503 Enable or disable the Received header. *Note received_header::. 504‘--auth[=(on|METHOD)]’ 505 Set the authentication method to automatic (with ‘on’) or manually 506 choose an authentication method. *Note auth::. 507‘--user=[USERNAME]’ 508 Set or unset the user name for authentication. *Note user::. 509‘--passwordeval=[EVAL]’ 510 Evaluate password for authentication. *Note passwordeval::. 511‘--tls[=(on|off)]’ 512 Enable or disable TLS/SSL. *Note tls::. 513‘--tls-starttls[=(on|off)]’ 514 Enable or disable STARTTLS for TLS. *Note tls_starttls::. 515‘--tls-trust-file=[FILE]’ 516 Set or unset a trust file for TLS. *Note tls_trust_file::. 517‘--tls-crl-file=[FILE]’ 518 Deprecated. Set or unset a certificate revocation list (CRL) file 519 for TLS. *Note tls_crl_file::. 520‘--tls-fingerprint=[FINGERPRINT]’ 521 Set ot unset the fingerprint of a trusted TLS certificate. *Note 522 tls_fingerprint::. 523‘--tls-key-file=[FILE]’ 524 Set or unset a key file for TLS. *Note tls_key_file::. 525‘--tls-cert-file=[FILE]’ 526 Set or unset a cert file for TLS. *Note tls_cert_file::. 527‘--tls-certcheck[=(on|off)]’ 528 Enable or disable server certificate checks for TLS. *Note 529 tls_certcheck::. 530‘--tls-priorities=[PRIORITIES]’ 531 Set or unset TLS priorities. *Note tls_priorities::. 532‘--tls-host-override=[HOST]’ 533 Set or unset override for TLS host verification. *Note 534 tls_host_override::. 535‘--tls-min-dh-prime-bits=[BITS]’ 536 Deprecated, use ‘--tls-priorities’ instead. Set or unset minimum 537 bit size of the Diffie-Hellman (DH) prime. *Note 538 tls_min_dh_prime_bits::. 539 5403.5.4 Options specific to mail retrieval mode 541--------------------------------------------- 542 543‘-q’ 544‘--quiet’ 545 Do not print status or progress information. 546‘-Q’ 547‘--half-quiet’ 548 Print status but not progress information. 549‘-a’ 550‘--all-accounts’ 551 Query all accounts in the configuration file. 552‘-A’ 553‘--auth-only’ 554 Authenticate only; do not retrieve mail. Useful for 555 SMTP-after-POP. 556‘-s’ 557‘--status-only’ 558 Print number and size of mails in each account only; do not 559 retrieve mail. 560‘-n’ 561‘--only-new[=(on|off)]’ 562 Process only new messages. *Note only_new::. 563‘-k’ 564‘--keep[=(on|off)]’ 565 Do not delete mails from POP3 servers, regardless of other options 566 or settings. *Note keep::. 567‘--killsize=(off|SIZE)’ 568 Set or unset kill size. *Note killsize::. 569‘--skipsize=(off|SIZE)’ 570 Set or unset skip size. *Note skipsize::. 571‘--filter=[COMMAND]’ 572 Set a filter which will decide whether to retrieve, skip, or delete 573 each mail by investigating the mail’s headers. *Note filter::. 574‘--delivery=METHOD,METHOD_ARGUMENTS...’ 575 How to deliver messages received from this account. *Note 576 delivery::. Note that a comma is used instead of a blank to 577 separate the method from its arguments. 578‘--uidls-file=FILENAME’ 579 File to store UIDLs in. *Note uidls_file::. 580 581 582File: mpop.info, Node: Transport Layer Security, Next: Authentication, Prev: Invocation, Up: Top 583 5844 Transport Layer Security 585************************** 586 587Transport Layer Security (TLS) "... provides communications privacy over 588the Internet. The protocol allows client/server applications to 589communicate in a way that is designed to prevent eavesdropping, 590tampering, or message forgery" (quote from RFC2246). 591 592 A server can use TLS in one of two modes: 593 • Via a STARTTLS command 594 The session starts with the normal protocol initialization, and TLS 595 is then started using the protocol’s STARTTLS command. 596 • Immediately 597 TLS is initialized before the normal protocol initialization. This 598 requires a separate port. 599 The first mode is the default, but you can switch to the second mode 600by disabling *note tls_starttls::. 601 602 When TLS is started, the server sends a certificate to identify 603itself. To verify the server identity, a client program is expected to 604check that the certificate is formally correct and that it was issued by 605a Certificate Authority (CA) that the user trusts. (There can also be 606certificate chains with intermediate CAs.) 607 608 The list of trusted CAs is specified using the *note tls_trust_file:: 609command. The default value ist ‘system’ and chooses the system-wide 610default, but you can also choose the trusted CAs yourself. 611 612 A fundamental problem with this is that you need to trust CAs. Like 613any other organization, a CA can be incompetent, malicious, subverted by 614bad people, or forced by government agencies to compromise end users 615without telling them. All of these things happened and continue to 616happen worldwide. The idea to have central organizations that have to 617be trusted for your communication to be secure is fundamentally broken. 618 619 Instead of putting trust in a CA, you can choose to trust only a 620single certificate for the server you want to connect to. For that 621purpose, specify the certificate fingerprint with *note 622tls_fingerprint::. This makes sure that no man-in-the-middle can fake 623the identity of the server by presenting you a fraudulent certificate 624issued by some CA that happens to be in your trust list. However, you 625have to update the fingerprint whenever the server certificate changes, 626and you have to make sure that the change is legitimate each time, e.g. 627when the old certificate expired. This is inconvenient, but it’s the 628price to pay. 629 630 Information about a server certificate can be obtained with 631‘--serverinfo --tls --tls-certcheck=off’. This includes the issuer CA 632of the certificate (so you can trust that CA via ‘tls_trust_file’), and 633the fingerprint of the certificate (so you can trust that particular 634certificate via ‘tls_fingerprint’). *Note Server information mode::. 635 636 If you need to fine tune TLS parameters, have a look at the *note 637tls_priorities:: command. 638 6394.1 Client Certificates 640======================= 641 642TLS also allows the server to verify the identity of the client. For 643this purpose, the client has to present a certificate issued by a CA 644that the server trusts. To present that certificate, the client also 645needs the matching key file. You can set the certificate and key files 646using *note tls_cert_file:: and *note tls_key_file::. This mechanism 647can also be used to authenticate users, so that traditional user / 648password authentication is not necessary anymore. See the EXTERNAL 649mechanism in *note Authentication::. 650 651 # Enable TLS 652 tls on 653 # Enable TLS client certificates 654 tls_cert_file /path/to/client_cert 655 tls_key_file /path/to/client_key 656 # Enable authentication via the EXTERNAL mechanism (optional; depends on server) 657 # The user name is empty because the server should get it from the client cert 658 auth external 659 user "" 660 661 You can also use client certificates stored on some external 662authentication device by specifying GnuTLS device URIs in *note 663tls_cert_file:: and *note tls_key_file::. You can find the correct URIs 664using ‘p11tool --list-privkeys --login’ (p11tool is bundled with 665GnuTLS). If your device requires a PIN to access the data, you can 666specify that using one of the password mechanisms (e.g. *note 667passwordeval::, *note password::). 668 669 tls_cert_file pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=00000000;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=Certificate%20for%20PIV%20Authentication;type=cert 670 tls_key_file pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=00000000;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=PIV%20AUTH%20key;type=private 671 passwordeval gpg2 --no-tty -q -d ~/.smart-card-pin.gpg 672 673 674File: mpop.info, Node: Authentication, Next: Mail retrieval mode, Prev: Transport Layer Security, Up: Top 675 6765 Authentication 677**************** 678 679POP3 servers require a client to authenticate before retrieving mail. 680 681 Usually a user name and a password are used for authentication. The 682user name specified in the configuration file with the *note user:: 683command. There are five different methods to specify the password: 684 1. Add the password to the system key ring. 685 Currently supported key rings are the Gnome key ring and the Mac OS 686 X Keychain. For the Gnome key ring, use the command ‘secret-tool’ 687 (part of Gnome’s libsecret) to store passwords: 688 $ secret-tool store --label=mpop \ 689 host pop.freemail.example \ 690 service pop3 \ 691 user joe.smith 692 On Mac OS X, use the following command: 693 security add-internet-password -s pop.freemail.example -r pop3 -a joe.smith -w 694 In both examples, replace pop.freemail.example with the POP3 server 695 name, and joe.smith with your user name. 696 2. Store the password in an encrypted files, and use *note 697 passwordeval:: to specify a command to decrypt that file, e.g. 698 using GnuPG. *Note Examples::. 699 3. Store the password in the configuration file using the *note 700 password:: command. (Usually it is not considered a good idea to 701 store passwords in cleartext files. If you do it anyway, you must 702 make sure that the file can only be read by yourself.) 703 4. Store the password in ‘~/.netrc’. This method is probably 704 obsolete. 705 5. Type the password into the terminal when it is required. 706 It is recommended to use method 1 or 2. 707 708 Multiple authentication methods exist. Most servers support only 709some of them. Historically, sophisticated methods were developed to 710protect passwords from being sent unencrypted to the server, but 711nowadays everybody needs *note Transport Layer Security:: anyway, so the 712simple methods suffice since the whole session is protected. A suitable 713authentication method is chosen automatically, and when TLS is disabled 714for some reason, only methods that avoid sending cleartext passwords are 715considered. 716 717 The following user / password methods are supported: 718 • ‘USER’ 719 A simple cleartext method supported by all servers. 720 • ‘PLAIN’ 721 Another simple cleartext method supported by almost all servers. 722 • ‘SCRAM-SHA-1’ 723 A method that avoids cleartext passwords. 724 • ‘SCRAM-SHA-256’ 725 A method that avoids cleartext passwords. Same family as 726 SCRAM-SHA-1 but with stronger hash function. 727 • ‘APOP’ 728 An obsolete method that avoids cleartext passwords, but is not 729 considered secure anymore. 730 • ‘CRAM-MD5’ 731 An obsolete method that avoids cleartext passwords, but is not 732 considered secure anymore. 733 • ‘DIGEST-MD5’ 734 An overcomplicated obsolete method that avoids cleartext passwords, 735 but is not considered secure anymore. 736 • ‘LOGIN’ 737 A non-standard cleartext method similar to (but worse than) PLAIN. 738 • ‘NTLM’ 739 An obscure non-standard method that is now considered broken. It 740 sometimes requires a special domain parameter passed via *note 741 ntlmdomain::. Do not use it. 742 743 There are currently three authentication methods that are not based 744on user / password information and have to be chosen manually: 745 • ‘OAUTHBEARER’ or its predecessor ‘XOAUTH2’ 746 An OAuth2 token from the mail provider is used as the password. 747 See the documentation of your mail provider for details on how to 748 get this token. The ‘passwordeval’ command can be used to pass the 749 regularly changing tokens into mpop from a script or an environment 750 variable. 751 • ‘EXTERNAL’ 752 The authentication happens outside of the protocol, typically by 753 sending a TLS client certificate (see *note Client Certificates::). 754 The EXTERNAL method merely confirms that this authentication 755 succeeded; it does not perform the authentication. Thus it may not 756 be necessary to use it for authentication to succeed, and if the 757 server does not support the EXTERNAL method, this does not mean 758 that it does not support authentication with TLS client 759 certificates. 760 • ‘GSSAPI’ 761 With this method, the Kerberos framework takes care of secure 762 authentication. Only a user name is required. 763 764 It depends on the underlying authentication library and its version 765whether a particular method is supported or not. Use ‘--version’ to 766find out which methods are supported by your version. 767 768 769File: mpop.info, Node: Mail retrieval mode, Next: Server information mode, Prev: Authentication, Up: Top 770 7716 Mail retrieval mode 772********************* 773 774In this mode, mpop retrieves mail from one or more POP3 servers. It 775delivers each of them using the method that was given with the *note 776delivery:: command or *note --delivery:: option. 777 778 While retrieving the mail, mpop displays approximate progress 779information, which can be turned off with the *note --half-quiet:: or 780*note --quiet:: options. 781 782 If the delivery succeeded, the mail is deleted from the POP3 server 783by default. The *note keep:: command and *note --keep:: option prevent 784the deletion of mails. Some POP3 servers will delete mails without any 785user interaction. See EXPIRE in *note Server information mode::. Mpop 786can do nothing about that. 787 788 If you do not want to download certain mails, but skip them or delete 789them directly, you can do filtering based on the mail headers. *Note 790Filtering::. 791 792 If you just want to know if you have new mails (and how many), use 793the *note --status-only:: option. 794 795 If you just want to authenticate to the POP3 server, but do not want 796to look at your mails, use the *note --auth-only:: option. This can be 797useful for sending mail through SMTP servers that require SMTP-after-POP 798(aka POP-before-SMTP). 799 800 Before mpop delivers a mail, it prepends a Received header to it. 801This is necessary for example if the delivery method transmits the mail 802to an SMTP server, but can be disabled with the *note received_header:: 803command. Mpop does not change the contents of the mail in any other 804way. 805 806 807File: mpop.info, Node: Server information mode, Next: Filtering, Prev: Mail retrieval mode, Up: Top 808 8097 Server information mode 810************************* 811 812In server information mode, mpop prints as much information about the 813POP3 server as it can get and then exits. 814 815 The POP3 features that can be detected are: 816 • IMPLEMENTATION 817 The implementation string of the POP3 server. 818 • CAPA 819 Support for the POP3 CAPA command. The server sends a list of its 820 capabilities in response to this command. 821 • PIPELINING 822 Support for POP3 pipelining. *Note pipelining::. 823 • TOP 824 Support for the POP3 TOP command. This is needed for header based 825 filtering to work. *Note Filtering::. 826 • UIDL 827 Support for the POP3 UIDL command. This is needed to distinguish 828 between new and already retrieved messages. 829 • LOGIN-DELAY 830 The minimum time between two POP3 sessions. The server may refuse 831 a POP3 session if the last one was active less than this time 832 period ago. 833 • EXPIRE 834 The time after which old mails are deleted by the POP3 server. 835 • NEVER: The POP3 server will not delete mail without the user 836 requesting it. 837 • 0: The POP3 server will not keep mails; all mails will be 838 deleted after they have been downloaded, regardless of the 839 user’s wishes. 840 • NUMBER: The number of days that the POP3 server will keep 841 mails before deleting them without user interaction. 842 • STARTTLS 843 *Note Transport Layer Security::. 844 • AUTH 845 *Note Authentication::. 846 • RESP-CODES 847 If authentication fails and the POP3 server issues an error message 848 beginning with a square bracket, this message will include 849 additional information about the source of the error: 850 • ‘[LOGIN-DELAY]’: The login delay period hast not yet expired. 851 • ‘[IN-USE]’: Authentication succeeded but the mailbox is 852 currently in use, possibly by another POP3 session. 853 • AUTH-RESP-CODE 854 If authentication fails and the POP3 server issues an error message 855 beginning with a square bracket, this message will include 856 additional information about the source of the error: 857 • ‘[LOGIN-DELAY]’: The login delay period hast not yet expired. 858 • ‘[IN-USE]’: Authentication succeeded but the mailbox is 859 currently in use, possibly by another POP3 session. 860 • ‘[SYS/TEMP]’: Temporary system failure; try again later. 861 • ‘[SYS/PERM]’: Permanent system failure; ask the administrator. 862 • ‘[AUTH]’: Incorrect user name or password or some other 863 problem with the user’s credentials. 864 865 If TLS is activated for server information mode, the following 866information will be printed about the POP3 server’s TLS certificate (if 867available): 868 • Owner information 869 • Common Name 870 • Organization 871 • Organizational unit 872 • Locality 873 • State or Province 874 • Country 875 • Issuer information 876 • Common Name 877 • Organization 878 • Organizational unit 879 • Locality 880 • State or Province 881 • Country 882 • General 883 • Activation time 884 • Expiration time 885 • SHA256 fingerprint 886 • SHA1 fingerprint (deprecated) 887 888 889File: mpop.info, Node: Filtering, Next: Examples, Prev: Server information mode, Up: Top 890 8918 Filtering 892*********** 893 894There are three filtering commands available. They will be executed in 895the following order: 896 897 1. ‘killsize’ 898 2. ‘skipsize’ 899 3. ‘filter’ 900 901 If a filtering command applies to a mail, the remaining filters will 902not be executed. 903 904 The POP3 server must support the POP3 TOP command (*note Server 905information mode::) for filtering with a filter command: It is used to 906read the mail headers (plus the blank line separating the header from 907the body) and pipe them to the filter command. 908 909 Note that, if the filter decides that the mail should be retrieved, 910the complete mail has to be downloaded, including the headers, so the 911headers will be downloaded twice. This is because there’s no way in 912POP3 to download just the mail body. Sometimes this overhead surpasses 913the savings of the filtering. 914 915 The filter command looks at the mail headers and signals with its 916exit code what mpop should do with the mail: 917 • 0: retrieve the mail 918 • 1: delete the mail; do not retrieve it 919 • 2: skip the mail; do not retrieve it 920 Return codes greater than or equal to 3 mean that an error occurred. 921The ‘sysexits.h’ error codes may be used to give information about the 922kind of the error, but this is optional. 923 924 Since the filter command will be passed to a shell, you can use all 925shell command constructs in addition to just calling a script or 926program. This allows flexible filter constructs. *Note Filtering with 927SpamAssassin::. 928 929 Some POP3 servers count end-of-line characters as two bytes (CRLF) 930instead of one (LF), so that the size of a mail as reported by the POP3 931server is slightly larger than the actual size. The filters use the 932size values reported by the POP3 server since they cannot know the 933actual size in advance. Thus you cannot rely on _exact_ size filtering. 934 935 936File: mpop.info, Node: Examples, Next: Minimal POP3 server (mpopd), Prev: Filtering, Up: Top 937 9389 Examples 939********** 940 941* Menu: 942 943* A configuration file:: 944* Filtering with SpamAssassin:: 945* Using mpop with Tor:: 946 947 948File: mpop.info, Node: A configuration file, Next: Filtering with SpamAssassin, Up: Examples 949 9509.1 A configuration file 951======================== 952 953 # Example for a user configuration file ~/.mpoprc 954 # 955 # This file focusses on TLS, authentication, and the mail delivery method. 956 # Features not used here include mail filtering, timeouts, SOCKS proxies, 957 # TLS parameters, and more. 958 959 960 # Set default values for all following accounts. 961 defaults 962 963 # Always use TLS. 964 tls on 965 966 # Set a list of trusted CAs for TLS. The default is to use system settings, but 967 # you can select your own file. 968 #tls_trust_file /usr/local/share/certs/ca-root-nss.crt 969 970 # Deliver mail to an MBOX mail file: 971 delivery mbox ~/Mail/inbox 972 # Deliver mail to a maildir folder: 973 #delivery maildir ~/Mail/incoming 974 # Deliver mail via procmail: 975 #delivery mda "/usr/bin/procmail -f '%F' -d $USER" 976 # Deliver mail via the local SMTP server: 977 #delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER" 978 # Deliver mail to an Exchange pickup directory: 979 #delivery exchange c:\exchange\pickup 980 981 # Use an UIDLS file in ~/.local/share instead of ~/.mpop_uidls 982 uidls_file ~/.local/share/%U_at_%H 983 984 985 # A freemail service 986 account freemail 987 988 # Host name of the POP3 server 989 host pop.freemail.example 990 991 # As an alternative to tls_trust_file, you can use tls_fingerprint 992 # to pin a single certificate. You have to update the fingerprint when the 993 # server certificate changes, but an attacker cannot trick you into accepting 994 # a fraudulent certificate. Get the fingerprint with 995 # $ mpop --serverinfo --tls --tls-certcheck=off --host=pop.freemail.example 996 #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 997 998 # Authentication. The password is given using one of five methods, see below. 999 user joe.smith 1000 1001 # Password method 1: Add the password to the system keyring, and let mpop get 1002 # it automatically. To set the keyring password using Gnome's libsecret: 1003 # $ secret-tool store --label=mpop \ 1004 # host pop.freemail.example \ 1005 # service pop3 \ 1006 # user joe.smith 1007 1008 # Password method 2: Store the password in an encrypted file, and tell mpop 1009 # which command to use to decrypt it. This is usually used with GnuPG, as in 1010 # this example. Usually gpg-agent will ask once for the decryption password. 1011 passwordeval gpg2 --no-tty -q -d ~/.mpop-password.gpg 1012 1013 # Password method 3: Store the password directly in this file. Usually it is not 1014 # a good idea to store passwords in cleartext files. If you do it anyway, at 1015 # least make sure that this file can only be read by yourself. 1016 #password secret123 1017 1018 # Password method 4: Store the password in ~/.netrc. This method is probably not 1019 # relevant anymore. 1020 1021 # Password method 5: Do not specify a password. Mpop will then prompt you for 1022 # it. This means you need to be able to type into a terminal when mpop runs. 1023 1024 1025 # A second mail box at the same freemail service 1026 account freemail2 : freemail 1027 user joey 1028 1029 1030 # The POP3 server of your ISP 1031 account isp 1032 host mail.isp.example 1033 auth on 1034 user 12345 1035 # Your ISP runs SpamAssassin, so test each mail for the "X-Spam-Status: Yes" 1036 # header, and delete all mails with this header before downloading them. 1037 filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi 1038 1039 1040 # Set a default account 1041 account default : freemail 1042 1043 1044File: mpop.info, Node: Filtering with SpamAssassin, Next: Using mpop with Tor, Prev: A configuration file, Up: Examples 1045 10469.2 Filtering with SpamAssassin 1047=============================== 1048 1049Use the following to delete all mails that SpamAssassin classifies as 1050spam: 1051 filter "/path/to/spamc -c > /dev/null" 1052 Since no message body is passed to SpamAssassin, you should disable 1053all body-specific tests in the SpamAssassin configuration file; for 1054example set use_bayes 0. 1055 1056 If your mail provider runs SpamAssassin for you, you just have to 1057check for the result. The following script can do that when used as an 1058mpop filter: 1059 #!/bin/sh 1060 if [ "`grep "^X-Spam-Status: Yes"`" ]; then 1061 exit 1 # kill this message 1062 else 1063 exit 0 # proceed normally 1064 fi 1065 Since the filter command is passed to a shell, all shell constructs 1066are usable, so you can also use this directly: 1067 filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi 1068 1069 1070File: mpop.info, Node: Using mpop with Tor, Prev: Filtering with SpamAssassin, Up: Examples 1071 10729.3 Using mpop with Tor 1073======================= 1074 1075Use the following settings: 1076 proxy_host 127.0.0.1 1077 proxy_port 9050 1078 tls on 1079 Use an IP address as proxy host name, so that mpop does not leak a 1080DNS query when resolving it. 1081TLS is required to prevent exit hosts from reading your POP3 session. 1082You also need *note tls_trust_file:: or *note tls_fingerprint:: to check 1083the server identity. 1084 1085 1086File: mpop.info, Node: Minimal POP3 server (mpopd), Prev: Examples, Up: Top 1087 108810 Minimal POP3 server (mpopd) 1089****************************** 1090 1091Mpopd is a minimal POP3 server that delivers mails from a local mailbox 1092in maildir format. It can be used by end users as a way to handle 1093incoming mail via mpop with mail clients that insist on using POP3 (see 1094*note Example: using mpopd to handle incoming mail for a POP3-based mail 1095client::). 1096 1097 Mpopd listens on 127.0.0.1 port 1100 by default, but can also run 1098without its own network sockets in inetd mode, where it handles a single 1099POP3 session on standard input / output. 1100 1101 To prevent abuse, mpopd will allow only a limited number of 1102concurrent POP3 sessions, and if an authentication failure occurrs, 1103future authentication requests in any POP3 session will (for a limited 1104duration) only be answered after a small delay. 1105 1106 Mpopd works fine with other programs delivering additional mails into 1107the maildir folders it serves via POP3, but it expects to be the only 1108program to remove or alter mails in these folders. You can e.g. use 1109mpop to deliver new mails into the maildir folder, but you cannot use a 1110mail client to work on the maildir folder at the same time as mpopd. 1111 1112 Mpopd handles the following options: 1113‘--version’ 1114 Print version information 1115‘--help’ 1116 Print help. 1117‘--inetd’ 1118 Start single POP3 session on stdin/stdout 1119‘--interface=IP’ 1120 Listen on the given IPv6 or IPv4 address instead of 127.0.0.1 1121‘--port=NUMBER’ 1122 Listen on the given port number instead of 1100 1123‘--log=NONE|SYSLOG|FILENAME’ 1124 Set logging: none (default), syslog, or logging to the given file. 1125‘--auth=USER[,PASSWORDEVAL]’ 1126 Require authentication with this user name. The password will be 1127 retrieved from the given PASSWORDEVAL command (this works just like 1128 *note passwordeval:: in msmtp) or, if none is given, from the key 1129 ring or, if that fails, from a prompt. 1130‘--maildir=DIR’ 1131 Use this maildir as the mailbox. 1132 1133* Menu: 1134 1135* Example: using mpopd to handle incoming mail for a POP3-based mail client:: 1136 1137 1138File: mpop.info, Node: Example: using mpopd to handle incoming mail for a POP3-based mail client, Up: Minimal POP3 server (mpopd) 1139 114010.1 Example: using mpopd to handle incoming mail for a POP3-based mail client 1141============================================================================== 1142 1143Some mail clients cannot get incoming mail from local files and instead 1144insist on using a POP3 server. You can configure mpopd to be that POP3 1145server and serve your incoming mail from a local maildir folder. 1146 1147 (Similarly, some mail clients cannot send outgoing mail via a program 1148such as msmtp and instead insist on using an SMTP server. You can 1149configure msmtpd to be that SMTP server and hand the mail over to msmtp. 1150See the corresponding section in the msmtp manual 1151(https://marlam.de/msmtp/documentation/msmtp.html#Example_003a-using-msmtpd-to-handle-outgoing-mail-for-an-SMTP_002dbased-mail-client).) 1152 1153 For this purpose, mpopd should listen on an unprivileged port, e.g. 11541100 (the default). A mailbox is defined using first the ‘--auth’ 1155option to set a user name and password and then using the ‘--maildir’ 1156option to specify the maildir folder that holds the incoming mail. 1157Multiple such option pairs can be used to define multiple mailboxes, 1158e.g. from different remote mail accounts. Programs such as mpop can 1159deliver new mail into the maildir folders at any time, but as long as 1160mpopd is running no other programs may alter or remove mails from these 1161folders. 1162 1163 Let’s use the user name MPOPD-USER. You have two options to manage 1164the password: 1165 1. Store the password in your key ring, e.g. with 1166 secret-tool store --label=mpopd host localhost service pop3 user mpopd-user 1167 In this case, use the mpopd option ‘--auth=mpopd-user’. 1168 2. Store the password in an encrypted file and use the passwordeval 1169 mechanism. Example for gpg: 1170 mpopd ... --auth=mpopd-user,'gpg -q -d ~/.mpopd-password.gpg' 1171 1172 The complete command then is (using the keyring): 1173 mpopd --auth=mpopd-user --maildir=/path/to/your/maildir/folder 1174 1175 The mail client software must then be configured to use ‘localhost’ 1176at port ‘1100’ for incoming mail via POP3, and to use authentication 1177with user ‘mpopd-user’ and the password you chose. The mail client will 1178probably complain that the POP3 server does not support TLS, but in this 1179special case that is ok since all communication between your mail client 1180and mpopd will stay on the local machine. 1181 1182 1183 1184Tag Table: 1185Node: Top629 1186Node: Introduction1650 1187Node: Configuration file3511 1188Ref: defaults4612 1189Ref: account4737 1190Ref: host5114 1191Ref: port5297 1192Ref: source_ip5474 1193Ref: proxy_host5657 1194Ref: proxy_port6127 1195Ref: socket6293 1196Ref: timeout6468 1197Ref: pipelining6703 1198Ref: auth7120 1199Ref: user7491 1200Ref: password7602 1201Ref: passwordeval7873 1202Ref: ntlmdomain8130 1203Ref: tls8316 1204Ref: tls_starttls8409 1205Ref: tls_trust_file8574 1206Ref: tls_crl_file8942 1207Ref: tls_fingerprint9210 1208Ref: tls_key_file9727 1209Ref: tls_cert_file9972 1210Ref: tls_certcheck10193 1211Ref: tls_priorities10481 1212Ref: tls_host_override11386 1213Ref: tls_min_dh_prime_bits11629 1214Ref: delivery12175 1215Ref: uidls_file14448 1216Ref: only_new15116 1217Ref: keep15363 1218Ref: killsize15562 1219Ref: skipsize16257 1220Ref: filter16619 1221Ref: received_header18194 1222Node: Invocation18459 1223Ref: Files19238 1224Ref: Environment19633 1225Ref: --configure20979 1226Ref: --serverinfo21257 1227Ref: --pipelining22849 1228Ref: --received_header22943 1229Ref: --auth23048 1230Ref: --user23204 1231Ref: --passwordeval23295 1232Ref: --tls-starttls23457 1233Ref: --tls-trust-file23552 1234Ref: --tls-crl-file23646 1235Ref: --tls-fingerprint23782 1236Ref: --tls-key-file23915 1237Ref: --tls-cert-file24003 1238Ref: --tls-certcheck24094 1239Ref: --tls-priorities24213 1240Ref: --tls-host-override24308 1241Ref: --tls-min-dh-prime-bits24428 1242Ref: --quiet24720 1243Ref: --half-quiet24792 1244Ref: --all-accounts24868 1245Ref: --auth-only24949 1246Ref: --status-only25055 1247Ref: --only-new25169 1248Ref: --keep25257 1249Ref: --killsize25395 1250Ref: --skipsize25471 1251Ref: --filter25547 1252Ref: --delivery25716 1253Ref: --uidls-file25935 1254Node: Transport Layer Security26015 1255Ref: Client Certificates28919 1256Node: Authentication30720 1257Node: Mail retrieval mode35374 1258Node: Server information mode36986 1259Node: Filtering40374 1260Node: Examples42307 1261Node: A configuration file42521 1262Node: Filtering with SpamAssassin46113 1263Node: Using mpop with Tor47098 1264Node: Minimal POP3 server (mpopd)47596 1265Node: Example: using mpopd to handle incoming mail for a POP3-based mail client49710 1266 1267End Tag Table 1268 1269 1270Local Variables: 1271coding: utf-8 1272End: 1273