2 .\" ** The above line should force tbl to be used as a preprocessor **
4 .\" Manual page in man(7) format with tbl(1) macros for fetchmail
6 .\" For license terms, see the file COPYING in this directory.
8 .TH fetchmail 1 "fetchmail 6.3.2" "fetchmail" "fetchmail reference manual"
10 fetchmail \- fetch mail from a POP, IMAP, ETRN, or ODMR-capable server
13 \fBfetchmail\fR [\fIoption...\fR] [\fImailserver...\fR]
19 is a mail-retrieval and forwarding utility; it fetches mail from
20 remote mailservers and forwards it to your local (client) machine's
21 delivery system. You can then handle the retrieved mail using normal
22 mail user agents such as \fImutt\fR(1), \fIelm\fR(1) or \fIMail\fR(1).
23 The \fIfetchmail\fR utility can be run in a daemon mode to repeatedly
24 poll one or more systems at a specified interval.
28 program can gather mail from servers supporting any of the common
29 mail-retrieval protocols: POP2 (legacy, to be removed from future
30 release), POP3, IMAP2bis, IMAP4, and IMAP4rev1.
31 It can also use the ESMTP ETRN extension and ODMR. (The RFCs describing all
32 these protocols are listed at the end of this manual page.)
36 is primarily intended to be used over on-demand TCP/IP links (such as
37 SLIP or PPP connections), it may also be useful as a message transfer
38 agent for sites which refuse for security reasons to permit
39 (sender-initiated) SMTP transactions with sendmail.
43 is used with a POP or an IMAP server, it has two fundamental modes of
44 operation for each user account from which it retrieves mail:
45 \fIsingledrop\fR- and \fImultidrop\fR-mode. In singledrop-mode,
47 assumes that all messages in the user's account are intended for a single
48 recipient. An individual mail message will not be inspected for recipient
49 information, rather, the identity of the recipient will either default to
50 the local user currently executing \fIfetchmail\fR,
51 or else will need to be explicitly specified in the configuration file.
52 Singledrop-mode is used when the fetchmailrc configuration contains at
53 most a single local user specification for a given server account.
57 is not able to assume that there is only a single recipient, but rather
58 that the mail server account actually contains mail intended for any
59 number of different recipients. Therefore,
61 must attempt to deduce the proper "envelope recipient" from the mail
62 headers of each message. In this mode of operation
64 almost resembles an MTA, however it is important to note that neither
65 the POP nor IMAP protocols were intended for use in this fashion, and
66 hence envelope information is not directly available. Instead,
68 must resort to a process of informed guess-work in an attempt to
69 discover the true envelope recipient of a message. Even if this
70 information is present in the headers, the process can
71 be error-prone and is dependent upon the specific mail server used
72 for mail retrieval. Multidrop-mode is used when more than one local
73 user is specified for a particular server account in the configuration
74 file. Note that the forgoing discussion of singledrop- and
75 multidrop-modes does not apply to the ESMTP ETRN or ODMR retrieval
76 methods, since they are based upon the SMTP protocol which
77 specifically provides the envelope recipient to \fIfetchmail\fR.
79 As each message is retrieved \fIfetchmail\fR normally delivers it via SMTP to
80 port 25 on the machine it is running on (localhost), just as though it
81 were being passed in over a normal TCP/IP link. \fIfetchmail\fR provides
82 the SMTP server with an envelope recipient derived in the manner described
83 previously. The mail will then be
84 delivered locally via your system's MDA (Mail Delivery Agent, usually
85 \fIsendmail\fR(8) but your system may use a different one such
86 as \fIsmail\fR, \fImmdf\fR, \fIexim\fR, \fIpostfix\fR, or \fIqmail\fR). All the
87 delivery-control mechanisms (such as \fI.forward\fR files) normally
88 available through your system MDA and local delivery agents will
89 therefore work automatically.
91 If no port 25 listener is available, but your fetchmail configuration
92 was told about a reliable local MDA, it will use that MDA for local
97 is available, it will assist you in setting up and editing a
98 fetchmailrc configuration. It runs under the X window system and
99 requires that the language Python and the Tk toolkit be present on your
100 system. If you are first setting up fetchmail for single-user mode, it
101 is recommended that you use Novice mode. Expert mode provides complete
102 control of fetchmail configuration, including the multidrop features.
103 In either case, the 'Autoprobe' button will tell you the most capable
104 protocol a given mailserver supports, and warn you of potential problems
107 .SH GENERAL OPERATION
110 is controlled by command-line options and a run control file,
111 .IR ~/.fetchmailrc\fR ,
112 the syntax of which we describe in a later section (this file is what
113 the \fIfetchmailconf\fR program edits). Command-line options override
117 Each server name that you specify following the options on the
118 command line will be queried. If you don't specify any servers
119 on the command line, each 'poll' entry in your
121 file will be queried.
123 To facilitate the use of
125 in scripts and pipelines, it returns an appropriate exit code upon
126 termination -- see EXIT CODES below.
128 The following options modify the behavior of \fIfetchmail\fR. It is
129 seldom necessary to specify any of these once you have a
130 working \fI.fetchmailrc\fR file set up.
132 Almost all options have a corresponding keyword which can be used to
137 Some special options are not covered here, but are documented instead
138 in sections on AUTHENTICATION and DAEMON MODE which follow.
142 Displays the version information for your copy of
144 No mail fetch is performed.
145 Instead, for each server specified, all the option information
146 that would be computed if
148 were connecting to that server is displayed. Any non-printables in
149 passwords or other string names are shown as backslashed C-like
150 escape sequences. This option is useful for verifying that your
151 options are set the way you want them.
154 Return a status code to indicate whether there is mail waiting,
155 without actually fetching or deleting mail (see EXIT CODES below).
156 This option turns off daemon mode (in which it would be useless). It
157 doesn't play well with queries to multiple sites, and doesn't work
158 with ETRN or ODMR. It will return a false positive if you leave read but
159 undeleted mail in your server mailbox and your fetch protocol can't
160 tell kept messages from new ones. This means it will work with IMAP,
161 not work with POP2, and may occasionally flake out under POP3.
164 Silent mode. Suppresses all progress/status messages that are
165 normally echoed to standard output during a fetch (but does not
166 suppress actual error messages). The \-\-verbose option overrides this.
169 Verbose mode. All control messages passed between
171 and the mailserver are echoed to stdout. Overrides \-\-silent.
172 Doubling this option (\-v \-v) causes extra diagnostic information
176 .B \-a | \-\-all | (since v6.3.3) \-\-fetchall
178 Retrieve both old (seen) and new messages from the mailserver. The
179 default is to fetch only messages the server has not marked seen.
180 Under POP3, this option also forces the use of RETR rather than TOP.
181 Note that POP2 retrieval behaves as though \-\-all is always on (see
182 RETRIEVAL FAILURE MODES below) and this option does not work with ETRN
183 or ODMR. While the \-a and \-\-all command-line and fetchall rcfile
184 options have been supported for a long time, the \-\-fetchall
185 command-line option was added in v6.3.3.
189 Keep retrieved messages on the remote mailserver. Normally, messages
190 are deleted from the folder on the mailserver after they have been retrieved.
193 option causes retrieved messages to remain in your folder on the
194 mailserver. This option does not work with ETRN or ODMR.
198 Delete retrieved messages from the remote mailserver. This
199 option forces retrieved mail to be deleted. It may be useful if
200 you have specified a default of \fBkeep\fR in your
201 \&\fI.fetchmailrc\fR. This option is forced on with ETRN and ODMR.
204 POP3/IMAP only. This is a dangerous option and can cause mail loss when
205 used improperly. It deletes old (seen) messages from the mailserver
206 before retrieving new messages. Warning: This can cause mail loss if
207 you check your mail with other clients than fetchmail, and cause
208 fetchmail to delete a message it had never fetched before. Similarly, if
209 your local MTA hangs and fetchmail is aborted, the next time you run
210 fetchmail, it will delete mail that was never delivered to you. You
211 should probably not use this option in your configuration file. What you
212 probably want is the default setting: if you don't specify '\-k', then
213 fetchmail will automatically delete messages after successful
214 delivery. This option does not work with ETRN and ODMR.
217 POP3/IMAP only, since version 6.3.0. Delete oversized messages from the
218 mailserver before retrieving new messages. The size limit should be
219 separately specified with the \-\-limit option. This option does not
220 work with ETRN or ODMR.
221 .SS Protocol and Query Options
223 .B \-p <proto> | \-\-proto <proto> | \-\-protocol <proto>
224 (Keyword: proto[col])
225 Specify the protocol to use when communicating with the remote
226 mailserver. If no protocol is specified, the default is AUTO.
228 may be one of the following:
231 Tries IMAP, POP3, and POP2 (skipping any of these for which support
232 has not been compiled in).
234 Post Office Protocol 2 (legacy, to be removed from future release)
236 Post Office Protocol 3
238 Use POP3 with old-fashioned MD5-challenge authentication.
240 Use POP3 with RPOP authentication.
242 Use POP3 with Kerberos V4 authentication on port 1109.
244 Use POP3 with Demon Internet's SDPS extensions.
246 IMAP2bis, IMAP4, or IMAP4rev1 (\fIfetchmail\fR automatically detects their capabilities).
248 Use the ESMTP ETRN option.
250 Use the the On-Demand Mail Relay ESMTP profile.
253 All these alternatives work in basically the same way (communicating
254 with standard server daemons to fetch mail already delivered to a
255 mailbox on the server) except ETRN and ODMR. The ETRN mode
256 allows you to ask a compliant ESMTP server (such as BSD sendmail at
257 release 8.8.0 or higher) to immediately open a sender-SMTP connection
258 to your client machine and begin forwarding any items addressed to
259 your client machine in the server's queue of undelivered mail. The
260 ODMR mode requires an ODMR-capable server and works similarly to
261 ETRN, except that it does not require the client machine to have
266 Force UIDL use (effective only with POP3). Force client-side tracking
267 of 'newness' of messages (UIDL stands for "unique ID listing" and is
268 described in RFC1939). Use with 'keep' to use a mailbox as a baby
269 news drop for a group of users. The fact that seen messages are skipped
270 is logged, unless error logging is done through syslog while running in
271 daemon mode. Note that fetchmail may automatically enable this option
272 depending on upstream server capabilities. Note also that this option
273 may be removed and forced enabled in a future fetchmail version. See
276 .B \-\-idle (since 6.3.3)
278 Enable IDLE use (effective only with IMAP). Note that this works with
279 only one folder at a given time. While the idle rcfile keyword had been
280 supported for a long time, the \-\-idle command-line option was added in
283 .B \-P <portnumber> | \-\-service <servicename>
284 (Keyword: service) Since version 6.3.0.
285 The service option permits you to specify a service name to connect to.
286 You can specify a decimal port number here, if your services database
287 lacks the required service-port assignments. See the FAQ item R12 and
288 the \-\-ssl documentation for details. This replaces the older \-\-port
291 .B \-\-port <portnumber>
293 Obsolete version of \-\-service that does not take service names.
295 this option may be removed from a future version.
297 .B \-\-principal <principal>
299 The principal option permits you to specify a service principal for
300 mutual authentication. This is applicable to POP3 or IMAP with Kerberos
303 .B \-t <seconds> | \-\-timeout <seconds>
305 The timeout option allows you to set a server-nonresponse
306 timeout in seconds. If a mailserver does not send a greeting message
307 or respond to commands for the given number of seconds,
308 \fIfetchmail\fR will hang up on it. Without such a timeout
309 \fIfetchmail\fR might hang up indefinitely trying to fetch mail from a
310 down host. This would be particularly annoying for a \fIfetchmail\fR
311 running in background. There is a default timeout which fetchmail\~\-V
312 will report. If a given connection receives too many timeouts in
313 succession, fetchmail will consider it wedged and stop retrying,
314 the calling user will be notified by email if this happens.
316 .B \-\-plugin <command>
317 (Keyword: plugin) The plugin option allows you to use an external
318 program to establish the TCP connection. This is useful if you want
319 to use socks, SSL, ssh, or need some special firewalling setup. The
320 program will be looked up in $PATH and can optionally be passed the
321 hostname and port as arguments using "%h" and "%p" respectively (note
322 that the interpolation logic is rather primitive, and these token must
323 be bounded by whitespace or beginning of string or end of string).
324 Fetchmail will write to the plugin's stdin and read from the plugin's
327 .B \-\-plugout <command>
329 Identical to the plugin option above, but this one is used for the SMTP
330 connections (which will probably not need it, so it has been separated
333 .B \-r <name> | \-\-folder <name>
335 Causes a specified non-default mail folder on the mailserver (or
336 comma-separated list of folders) to be retrieved. The syntax of the
337 folder name is server-dependent. This option is not available under
341 (Keyword: tracepolls)
342 Tell fetchmail to poll trace information in the form 'polling %s
343 account %s' and 'folder %s' to the Received line it generates,
344 where the %s parts are replaced by the user's remote name, the poll
345 label, and the folder (mailbox) where available (the Received header
346 also normally includes the server's true name). This can be used to
347 facilitate mail filtering based on the account it is being received
348 from. The folder information is written only since version 6.3.4.
352 Causes the connection to the mail server to be encrypted via SSL. Connect
353 to the server using the specified base protocol over a connection secured
354 by SSL. SSL support must be present at the server.
356 Note that fetchmail may still try to negotiate TLS even if this option
357 is not given. You can use the \-\-sslproto option to defeat this
358 behavior or tell fetchmail to negotiate a particular SSL protocol.
360 If no port is specified, the connection is attempted to the well known
361 port of the SSL version of the base protocol. This is generally a
362 different port than the port used by the base protocol. For IMAP, this
363 is port 143 for the clear protocol and port 993 for the SSL secured
364 protocol, for POP3, it is port 110 for the clear text and port 995 for
365 the encrypted variant.
367 If your system lacks the corresponding entries from /etc/services, see
368 the \-\-service option and specify the numeric port number as given in
369 the previous paragraph (unless your ISP had directed you to different
370 ports, which is uncommon however).
372 .B \-\-sslcert <name>
374 Specifies the file name of the client side public SSL certificate. Some
375 SSL encrypted servers may require client side keys and certificates for
376 authentication. In most cases, this is optional. This specifies
377 the location of the public key certificate to be presented to the server
378 at the time the SSL session is established. It is not required (but may
379 be provided) if the server does not require it. Some servers may
380 require it, some servers may request it but not require it, and some
381 servers may not request it at all. It may be the same file
382 as the private key (combined key and certificate file) but this is not
387 Specifies the file name of the client side private SSL key. Some SSL
388 encrypted servers may require client side keys and certificates for
389 authentication. In most cases, this is optional. This specifies
390 the location of the private key used to sign transactions with the server
391 at the time the SSL session is established. It is not required (but may
392 be provided) if the server does not require it. Some servers may
393 require it, some servers may request it but not require it, and some
394 servers may not request it at all. It may be the same file
395 as the public key (combined key and certificate file) but this is not
396 recommended. If a password is required to unlock the key, it will be
397 prompted for at the time just prior to establishing the session to the
398 server. This can cause some complications in daemon mode.
400 .B \-\-sslproto <name>
402 Forces an SSL protocol. Possible values are '\fBssl2\fR',
403 \&'\fBssl3\fR', '\fBssl23\fR', and '\fBtls1\fR'. Try this if the default
404 handshake does not work for your server. To defeat automatic TLSv1
405 negotiation when the server advertises STARTTLS or STLS, use \fB''\fR or
406 \&'\fBssl23\fR'. The default is to try appropriate protocols depending
411 Causes fetchmail to strictly check the server certificate against a set of
412 local trusted certificates (see the \fBsslcertpath\fR option). If the server
413 certificate is not signed by one of the trusted ones (directly or indirectly),
414 the SSL connection will fail. This checking should prevent man-in-the-middle
415 attacks against the SSL connection. Note that CRLs are seemingly not currently
416 supported by OpenSSL in certificate verification! Your system clock should
417 be reasonably accurate when using this option!
419 .B \-\-sslcertpath <directory>
420 (Keyword: sslcertpath)
421 Sets the directory fetchmail uses to look up local certificates. The default
422 is your OpenSSL default one. The directory must be hashed as OpenSSL expects
423 it - every time you add or modify a certificate in the directory, you need
424 to use the \fBc_rehash\fR tool (which comes with OpenSSL in the tools/
427 .B \-\-sslfingerprint <fingerprint>
428 (Keyword: sslfingerprint)
429 Specify the fingerprint of the server key (an MD5 hash of the key) in
430 hexadecimal notation with colons separating groups of two digits. The letter
431 hex digits must be in upper case. This is the default format OpenSSL uses,
432 and the one fetchmail uses to report the fingerprint when an SSL connection
433 is established. When this is specified, fetchmail will compare the server key
434 fingerprint with the given one, and the connection will fail if they do not
435 match. This can be used to prevent man-in-the-middle attacks.
437 To obtain the fingerprint of a certificate stored in the file cert.pem,
441 openssl x509 \-in cert.pem \-noout \-md5 \-fingerprint
446 .SS Delivery Control Options
448 .B \-S <hosts> | \-\-smtphost <hosts>
449 (Keyword: smtp[host])
450 Specify a hunt list of hosts to forward mail to (one or more
451 hostnames, comma-separated). Hosts are tried in list order; the first
452 one that is up becomes the forwarding target for the current run. If
453 this option is not specified, 'localhost' is used as the default.
454 Each hostname may have a port number following the host name. The
455 port number is separated from the host name by a slash; the default
456 port is "smtp". If you specify an absolute path name (beginning with
457 a /), it will be interpreted as the name of a UNIX socket accepting
458 LMTP connections (such as is supported by the Cyrus IMAP daemon)
462 \-\-smtphost server1,server2/2525,server3,/var/imap/socket/lmtp
465 This option can be used with ODMR, and will make fetchmail a relay
466 between the ODMR server and SMTP or LMTP receiver.
468 .B \-\-fetchdomains <hosts>
469 (Keyword: fetchdomains)
470 In ETRN or ODMR mode, this option specifies the list of domains the
471 server should ship mail for once the connection is turned around. The
472 default is the FQDN of the machine running
475 .B \-D <domain> | \-\-smtpaddress <domain>
476 (Keyword: smtpaddress) Specify the domain to be appended to addresses
477 in RCPT TO lines shipped to SMTP. When this is not specified, the name
478 of the SMTP server (as specified by \-\-smtphost) is used for SMTP/LMTP
479 and 'localhost' is used for UNIX socket/BSMTP.
481 .B \-\-smtpname <user@domain>
483 Specify the domain and user to be put in RCPT TO lines shipped to SMTP.
484 The default user is the current local user.
486 .B \-Z <nnn> | \-\-antispam <nnn[, nnn]...>
488 Specifies the list of numeric SMTP errors that are to be interpreted
489 as a spam-block response from the listener. A value of \-1 disables
490 this option. For the command-line option, the list values should
493 .B \-m <command> | \-\-mda <command>
494 (Keyword: mda) You can force mail to be passed to an MDA directly
495 (rather than forwarded to port 25) with the \-\-mda or \-m option. To
496 avoid losing mail, use this option only with MDAs like maildrop or
497 MTAs like sendmail that return a nonzero status on disk-full and other
498 resource-exhaustion errors; the nonzero status tells fetchmail that
499 delivery failed and prevents the message from being deleted off the
500 server. If \fIfetchmail\fR is running as root, it sets its user id to
501 that of the target user while delivering mail through an MDA. Some
502 possible MDAs are "/usr/sbin/sendmail \-i \-f %F \-\- %T" (\fBNote:\fR
503 some several older or vendor sendmail versions mistake \-\- for an
504 address, rather than an indicator to mark the end of the option arguments),
505 "/usr/bin/deliver" and "/usr/bin/maildrop \-d %T". Local delivery
506 addresses will be inserted into the MDA command wherever you place a
507 %T; the mail message's From address will be inserted where you place
508 an %F. \fBDO NOT ENCLOSE THE %F OR %T STRING IN SINGLE QUOTES!\fR For
509 both %T and %F, fetchmail encloses the addresses in single quotes ('),
510 after removing any single quotes they may contain, before the MDA
511 command is passed to the shell. Do \fINOT\fR use an MDA invocation
512 like "sendmail \-i \-t" that dispatches on the contents of To/Cc/Bcc, it
513 will create mail loops and bring the just wrath of many postmasters
514 down upon your head. Also, do \fInot\fR try to combine multidrop
515 mode with an MDA such as maildrop or procmail that can only accept one
516 address; you will lose mail.
518 A word of warning: the well-known
520 package is very hard to configure properly, it has a very nasty "fall
521 through to the next rule" behavior on delivery errors (even temporary
522 ones, such as out of disk space if another user's mail daemon copies the
523 mailbox around to purge old messages), so your mail will end up in the
524 wrong mailbox sooner or later. The proper procmail configuration is
525 outside the scope of this document though. Using
527 is usually much easier, and many users find the filter syntax used by
528 maildrop easier to understand.
533 Cause delivery via LMTP (Local Mail Transfer Protocol). A service
534 host and port \fBmust\fR be explicitly specified on each host in the
535 smtphost hunt list (see above) if this option is selected; the default
536 port 25 will (in accordance with RFC 2033) not be accepted.
538 .B \-\-bsmtp <filename>
540 Append fetched mail to a BSMTP file. This simply contains the SMTP
541 commands that would normally be generated by fetchmail when passing
542 mail to an SMTP listener daemon. An argument of '\-' causes the mail
543 to be written to standard output. Note that fetchmail's
544 reconstruction of MAIL FROM and RCPT TO lines is not guaranteed
545 correct; the caveats discussed under THE USE AND ABUSE OF MULTIDROP
546 MAILBOXES below apply.
547 .SS Resource Limit Control Options
549 .B \-l <maxbytes> | \-\-limit <maxbytes>
550 (Keyword: limit) Takes a maximum octet size argument. Messages larger
551 than this size will not be fetched and will be left on the server (in
552 foreground sessions, the progress messages will note that they are
553 "oversized"). If the fetch protocol permits (in particular, under
554 IMAP or POP3 without the fetchall option) the message will not be
557 An explicit \-\-limit of 0 overrides any limits set in your
558 run control file. This option is intended for those needing to
559 strictly control fetch time due to expensive and variable phone rates.
561 Combined with \-\-limitflush, it can be used to delete oversized
562 messages waiting on a server. In daemon mode, oversize notifications
563 are mailed to the calling user (see the \-\-warnings option). This
564 option does not work with ETRN or ODMR.
566 .B \-w <interval> | \-\-warnings <interval>
568 Takes an interval in seconds. When you call
570 with a 'limit' option in daemon mode, this controls the interval at
571 which warnings about oversized messages are mailed to the calling user
572 (or the user specified by the 'postmaster' option). One such
573 notification is always mailed at the end of the the first poll that
574 the oversized message is detected. Thereafter, re-notification is
575 suppressed until after the warning interval elapses (it will take
576 place at the end of the first following poll).
578 .B \-b <count> | \-\-batchlimit <count>
579 (Keyword: batchlimit)
580 Specify the maximum number of messages that will be shipped to an SMTP
581 listener before the connection is deliberately torn down and rebuilt
582 (defaults to 0, meaning no limit). An explicit \-\-batchlimit of 0
583 overrides any limits set in your run control file. While
584 \fBsendmail\fR(8) normally initiates delivery of a message immediately
585 after receiving the message terminator, some SMTP listeners are not so
586 prompt. MTAs like \fIsmail\fR(8) may wait till the
587 delivery socket is shut down to deliver. This may produce annoying
588 delays when \fIfetchmail\fR is processing very large batches. Setting
589 the batch limit to some nonzero size will prevent these delays. This
590 option does not work with ETRN or ODMR.
592 .B \-B <number> | \-\-fetchlimit <number>
593 (Keyword: fetchlimit)
594 Limit the number of messages accepted from a given server in a single
595 poll. By default there is no limit. An explicit \-\-fetchlimit of 0
596 overrides any limits set in your run control file.
597 This option does not work with ETRN or ODMR.
599 .B \-\-fetchsizelimit <number>
600 (Keyword: fetchsizelimit)
601 Limit the number of sizes of messages accepted from a given server in
602 a single transaction. This option is useful in reducing the delay in
603 downloading the first mail when there are too many mails in the
604 mailbox. By default, the limit is 100. If set to 0, sizes of all
605 messages are downloaded at the start.
606 This option does not work with ETRN or ODMR. For POP3, the only valid
609 .B \-\-fastuidl <number>
611 Do a binary instead of linear search for the first unseen UID. Binary
612 search avoids downloading the UIDs of all mails. This saves time
613 (especially in daemon mode) where downloading the same set of UIDs in
614 each poll is a waste of bandwidth. The number 'n' indicates how rarely
615 a linear search should be done. In daemon mode, linear search is used
616 once followed by binary searches in 'n-1' polls if 'n' is greater than
617 1; binary search is always used if 'n' is 1; linear search is always
618 used if 'n' is 0. In non-daemon mode, binary search is used if 'n' is
619 1; otherwise linear search is used. The default value of 'n' is 4.
620 This option works with POP3 only.
622 .B \-e <count> | \-\-expunge <count>
624 Arrange for deletions to be made final after a given number of
625 messages. Under POP2 or POP3, fetchmail cannot make deletions final
626 without sending QUIT and ending the session -- with this option on,
627 fetchmail will break a long mail retrieval session into multiple
628 sub-sessions, sending QUIT after each sub-session. This is a good
629 defense against line drops on POP3 servers that do not do the
630 equivalent of a QUIT on hangup. Under IMAP,
632 normally issues an EXPUNGE command after each deletion in order to
633 force the deletion to be done immediately. This is safest when your
634 connection to the server is flaky and expensive, as it avoids
635 resending duplicate mail after a line hit. However, on large
636 mailboxes the overhead of re-indexing after every message can slam the
637 server pretty hard, so if your connection is reliable it is good to do
638 expunges less frequently. Also note that some servers enforce a delay
639 of a few seconds after each quit, so fetchmail may not be able to get
640 back in immediately after an expunge -- you may see "lock busy" errors
641 if this happens. If you specify this option to an integer N,
644 to only issue expunges on every Nth delete. An argument of zero
645 suppresses expunges entirely (so no expunges at all will be done until
646 the end of run). This option does not work with ETRN or ODMR.
647 .SS Authentication Options
649 .B \-u <name> | \-\-user <name> | \-\-username <name>
650 (Keyword: user[name])
651 Specifies the user identification to be used when logging in to the mailserver.
652 The appropriate user identification is both server and user-dependent.
653 The default is your login name on the client machine that is running
655 See USER AUTHENTICATION below for a complete description.
657 .B \-I <specification> | \-\-interface <specification>
659 Require that a specific interface device be up and have a specific local
660 or remote IPv4 (IPv6 is not supported by this option yet) address (or
661 range) before polling. Frequently \fIfetchmail\fP
662 is used over a transient point-to-point TCP/IP link established directly
663 to a mailserver via SLIP or PPP. That is a relatively secure channel.
664 But when other TCP/IP routes to the mailserver exist (e.g. when the link
665 is connected to an alternate ISP), your username and password may be
666 vulnerable to snooping (especially when daemon mode automatically polls
667 for mail, shipping a clear password over the net at predictable
668 intervals). The \-\-interface option may be used to prevent this. When
669 the specified link is not up or is not connected to a matching IP
670 address, polling will be skipped. The format is:
673 interface/iii.iii.iii.iii[/mmm.mmm.mmm.mmm]
676 The field before the first slash is the interface name (i.e. sl0, ppp0
677 etc.). The field before the second slash is the acceptable IP address.
678 The field after the second slash is a mask which specifies a range of
679 IP addresses to accept. If no mask is present 255.255.255.255 is
680 assumed (i.e. an exact match). This option is currently only supported
681 under Linux and FreeBSD. Please see the
683 section for below for FreeBSD specific information.
685 Note that this option may be removed from a future fetchmail version.
687 .B \-M <interface> | \-\-monitor <interface>
689 Daemon mode can cause transient links which are automatically taken down
690 after a period of inactivity (e.g. PPP links) to remain up
691 indefinitely. This option identifies a system TCP/IP interface to be
692 monitored for activity. After each poll interval, if the link is up but
693 no other activity has occurred on the link, then the poll will be
694 skipped. However, when fetchmail is woken up by a signal, the
695 monitor check is skipped and the poll goes through unconditionally.
696 This option is currently only supported under Linux and FreeBSD.
701 options to work for non root users under FreeBSD, the fetchmail binary
702 must be installed SGID kmem. This would be a security hole, but
703 fetchmail runs with the effective GID set to that of the kmem group
705 when interface data is being collected.
707 Note that this option may be removed from a future fetchmail version.
710 (Keyword: auth[enticate])
711 This option permits you to specify an authentication type (see USER
712 AUTHENTICATION below for details). The possible values are \fBany\fR,
713 \&\fBpassword\fR, \fBkerberos_v5\fR, \fBkerberos\fR (or, for
714 excruciating exactness, \fBkerberos_v4\fR), \fBgssapi\fR,
715 \fBcram\-md5\fR, \fBotp\fR, \fBntlm\fR, \fBmsn\fR (only for POP3) and
716 \fBssh\fR. When \fBany\fR (the default) is specified, fetchmail tries
717 first methods that don't require a password (GSSAPI, KERBEROS\ IV,
718 KERBEROS\ 5); then it looks for methods that mask your password
719 (CRAM-MD5, X\-OTP - note that NTLM and MSN are not autoprobed for POP3
720 and MSN is only supported for POP3); and only if the server doesn't
721 support any of those will it ship your password en clair. Other values
722 may be used to force various authentication methods
723 (\fBssh\fR suppresses authentication and is thus good for IMAP PREAUTH).
724 Any value other than \fBpassword\fR, \fBcram\-md5\fR, \fBntlm\fR,
725 \&\fBmsn\fR or \fBotp\fR suppresses fetchmail's normal inquiry for a
726 password. Specify \fBssh\fR when you are using an end-to-end secure
727 connection such as an ssh tunnel; specify \fBgssapi\fR or
728 \&\fBkerberos_v4\fR if you are using a protocol variant that employs
729 GSSAPI or K4. Choosing KPOP protocol automatically selects Kerberos
730 authentication. This option does not work with ETRN.
731 .SS Miscellaneous Options
733 .B \-f <pathname> | \-\-fetchmailrc <pathname>
734 Specify a non-default name for the
736 run control file. The pathname argument must be either "-" (a single
737 dash, meaning to read the configuration from standard input) or a
738 filename. Unless the \-\-version option is also on, a named file
739 argument must have permissions no more open than 0600 (u=rw,g=,o=) or
742 .B \-i <pathname> | \-\-idfile <pathname>
744 Specify an alternate name for the .fetchids file used to save POP3
745 UIDs. NOTE: since fetchmail 6.3.0, write access to the directory
746 containing the idfile is required, as fetchmail writes a temporary file
747 and renames it into the place of the real idfile only if the temporary
748 file has been written successfully. This avoids the truncation of
749 idfiles when running out of disk space.
751 .B \--pidfile <pathname>
752 (Keyword: pidfile; since fetchmail v6.3.4)
753 Override the default location of the PID file. Default: see
756 .B \-n | \-\-norewrite
757 (Keyword: no rewrite)
760 edits RFC-822 address headers (To, From, Cc, Bcc, and Reply\-To) in
761 fetched mail so that any mail IDs local to the server are expanded to
762 full addresses (@ and the mailserver hostname are appended). This enables
763 replies on the client to get addressed correctly (otherwise your
764 mailer might think they should be addressed to local users on the
765 client machine!). This option disables the rewrite. (This option is
766 provided to pacify people who are paranoid about having an MTA edit
767 mail headers and want to know they can prevent it, but it is generally
768 not a good idea to actually turn off rewrite.)
769 When using ETRN or ODMR, the rewrite option is ineffective.
771 .B \-E <line> | \-\-envelope <line>
772 (Keyword: envelope; Multidrop only)
774 In the configuration file, an enhanced syntax is used:
776 .B envelope [<count>] <line>
778 This option changes the header
780 assumes will carry a copy of the mail's envelope address. Normally
781 this is 'X\-Envelope\-To', but as this header is not standard, practice
782 varies. See the discussion of multidrop address handling below. As a
783 special case, 'envelope "Received"' enables parsing of sendmail-style
784 Received lines. This is the default, and it should not be necessary
785 unless you have globally disabled Received parsing with 'no envelope'
786 in the \fI.fetchmailrc\fR file.
788 The optional count argument (only available in the configuration file)
789 determines how many header lines of this kind are skipped. A count of 1
790 means: skip the first, take the second. A count of 2 means: skip the
791 first and second, take the third, and so on.
793 .B \-Q <prefix> | \-\-qvirtual <prefix>
794 (Keyword: qvirtual; Multidrop only)
795 The string prefix assigned to this option will be removed from the user
796 name found in the header specified with the \fIenvelope\fR option
797 (\fIbefore\fR doing multidrop name mapping or localdomain checking,
798 if either is applicable). This option is useful if you are using
800 to collect the mail for an entire domain and your ISP (or your mail
801 redirection provider) is using qmail.
802 One of the basic features of qmail is the
806 message header. Whenever qmail delivers a message to a local mailbox
807 it puts the username and hostname of the envelope recipient on this
808 line. The major reason for this is to prevent mail loops. To set up
809 qmail to batch mail for a disconnected site the ISP-mailhost will have
810 normally put that site in its 'Virtualhosts' control file so it will
811 add a prefix to all mail addresses for this site. This results in mail
812 .\" The \&@\& tries to stop HTML converters from making a mailto URL here.
813 sent to 'username\&@\&userhost.userdom.dom.com' having a
814 \&'Delivered\-To:' line of the form:
816 Delivered\-To: mbox\-userstr\-username\&@\&userhost.example.com
818 The ISP can make the 'mbox\-userstr\-' prefix anything they choose
819 but a string matching the user host name is likely.
820 By using the option 'envelope Delivered\-To:' you can make fetchmail reliably
821 identify the original envelope recipient, but you have to strip the
822 \&'mbox\-userstr\-' prefix to deliver to the correct user.
823 This is what this option is for.
828 file, interpret any command-line options specified, and dump a
829 configuration report to standard output. The configuration report is
830 a data structure assignment in the language Python. This option
831 is meant to be used with an interactive
839 Removed before version 6.3.0, the required underlying inet6_apps library
840 had been discontinued and is no longer available.
842 .SH USER AUTHENTICATION AND ENCRYPTION
843 All modes except ETRN require authentication of the client to the server.
844 Normal user authentication in
846 is very much like the authentication mechanism of
848 The correct user-id and password depend upon the underlying security
849 system at the mailserver.
851 If the mailserver is a Unix machine on which you have an ordinary user
852 account, your regular login name and password are used with
854 If you use the same login name on both the server and the client machines,
855 you needn't worry about specifying a user-id with the
857 option -- the default behavior is to use your login name on the
858 client machine as the user-id on the server machine. If you use a
859 different login name on the server machine, specify that login name
862 option. e.g. if your login name is 'jsmith' on a machine named 'mailgrunt',
867 fetchmail \-u jsmith mailgrunt
869 The default behavior of
871 is to prompt you for your mailserver password before the connection is
872 established. This is the safest way to use
874 and ensures that your password will not be compromised. You may also specify
875 your password in your
877 file. This is convenient when using
879 in daemon mode or with scripts.
880 .SS Using netrc files
882 If you do not specify a password, and
884 cannot extract one from your
886 file, it will look for a
888 file in your home directory before requesting one interactively; if an
889 entry matching the mailserver is found in that file, the password will
890 be used. Fetchmail first looks for a match on poll name; if it finds none,
891 it checks for a match on via name. See the
893 man page for details of the syntax of the
895 file. To show a practical example, a .netrc might look like
899 machine hermes.example.org
904 You can repeat this block with different user information if you need to
905 provide more than one password.
907 This feature may allow you to avoid duplicating password
908 information in more than one file.
910 On mailservers that do not provide ordinary user accounts, your user-id and
911 password are usually assigned by the server administrator when you apply for
912 a mailbox on the server. Contact your server administrator if you don't know
913 the correct user-id and password for your mailbox account.
916 Early versions of POP3 (RFC1081, RFC1225) supported a crude form of
917 independent authentication using the
919 file on the mailserver side. Under this RPOP variant, a fixed
920 per-user ID equivalent to a password was sent in clear over a link to
921 a reserved port, with the command RPOP rather than PASS to alert the
922 server that it should do special checking. RPOP is supported
925 (you can specify 'protocol RPOP' to have the program send 'RPOP'
926 rather than 'PASS') but its use is strongly discouraged, and support
927 will be removed from a future fetchmail version. This
928 facility was vulnerable to spoofing and was withdrawn in RFC1460.
930 RFC1460 introduced APOP authentication. In this variant of POP3,
931 you register an APOP password on your server host (the program
932 to do this with on the server is probably called \fIpopauth\fR(8)). You
933 put the same password in your
937 logs in, it sends a cryptographically secure hash of your password and
938 the server greeting time to the server, which can verify it by
939 checking its authorization database.
942 makes some efforts to make the server believe messages had not been
943 retrieved, by using the TOP command with a large number of lines when
944 possible. TOP is a command that retrieves the full header and
945 a \fIfetchmail\fP-specified amount of body lines. It is optional and
946 therefore not implemented by all servers, and some are known to
947 implement it improperly. On many servers however, the RETR command which
948 retrieves the full message with header and body, sets the "seen" flag
949 (for instance, in a web interface), whereas the TOP command does not do
953 will always use the RETR command if "fetchall" is set.
955 will also use the RETR command if "keep" is set and "uidl" is unset.
958 will use the RETR command on Maillennium POP3/PROXY
959 servers (used by Comcast) to avoid a deliberate TOP misinterpretation in
960 this server that causes message corruption.
964 will use the TOP command. This implies that in "keep" setups, "uidl"
965 must be set if "TOP" is desired.
968 that this description is true for the current version of fetchmail, but
969 the behavior may change in future versions. In particular, fetchmail may
970 prefer the RETR command because the TOP command causes much grief on
971 some servers and is only optional.
972 .SH ALTERNATE AUTHENTICATION FORMS
974 If your \fIfetchmail\fR was built with Kerberos support and you specify
975 Kerberos authentication (either with \-\-auth or the \fI.fetchmailrc\fR
976 option \fBauthenticate kerberos_v4\fR) it will try to get a Kerberos
977 ticket from the mailserver at the start of each query. Note: if
978 either the pollname or via name is 'hesiod', fetchmail will try to use
979 Hesiod to look up the mailserver.
981 If you use POP3 or IMAP with GSSAPI authentication, \fIfetchmail\fR will
982 expect the server to have RFC1731- or RFC1734-conforming GSSAPI
983 capability, and will use it. Currently this has only been tested over
984 Kerberos V, so you're expected to already have a ticket-granting
985 ticket. You may pass a username different from your principal name
986 using the standard \fB\-\-user\fR command or by the \fI.fetchmailrc\fR
989 If your IMAP daemon returns the PREAUTH response in its greeting line,
990 fetchmail will notice this and skip the normal authentication step.
991 This can be useful, e.g. if you start imapd explicitly using ssh.
992 In this case you can declare the authentication value 'ssh' on that
993 site entry to stop \fI.fetchmail\fR from asking you for a password
996 If you are using POP3, and the server issues a one-time-password
997 challenge conforming to RFC1938, \fIfetchmail\fR will use your
998 password as a pass phrase to generate the required response. This
999 avoids sending secrets over the net unencrypted.
1001 Compuserve's RPA authentication (similar to APOP) is supported. If you
1002 compile in the support, \fIfetchmail\fR will try to perform an RPA pass-phrase
1003 authentication instead of sending over the password en clair if it
1004 detects "@compuserve.com" in the hostname.
1006 If you are using IMAP, Microsoft's NTLM authentication (used by Microsoft
1007 Exchange) is supported. If you compile in the support, \fIfetchmail\fR
1008 will try to perform an NTLM authentication (instead of sending over the
1009 password en clair) whenever the server returns AUTH=NTLM in its
1010 capability response. Specify a user option value that looks like
1011 \&'user@domain': the part to the left of the @ will be passed as the
1012 username and the part to the right as the NTLM domain.
1013 .SS Secure Socket Layers (SSL) and Transport Layer Security (TLS)
1015 You can access SSL encrypted services by specifying the \-\-ssl option.
1016 You can also do this using the "ssl" user option in the .fetchmailrc
1017 file. With SSL encryption enabled, queries are initiated over a connection
1018 after negotiating an SSL session. Some services, such as POP3 and IMAP,
1019 have different well known ports defined for the SSL encrypted services.
1020 The encrypted ports will be selected automatically when SSL is enabled and
1021 no explicit port is specified.
1023 When connecting to an SSL encrypted server, the server presents a certificate
1024 to the client for validation. The certificate is checked to verify that
1025 the common name in the certificate matches the name of the server being
1026 contacted and that the effective and expiration dates in the certificate
1027 indicate that it is currently valid. If any of these checks fail, a warning
1028 message is printed, but the connection continues. The server certificate
1029 does not need to be signed by any specific Certifying Authority and may
1030 be a "self-signed" certificate.
1032 Some SSL encrypted servers may request a client side certificate. A client
1033 side public SSL certificate and private SSL key may be specified. If
1034 requested by the server, the client certificate is sent to the server for
1035 validation. Some servers may require a valid client certificate and may
1036 refuse connections if a certificate is not provided or if the certificate
1037 is not valid. Some servers may require client side certificates be signed
1038 by a recognized Certifying Authority. The format for the key files and
1039 the certificate files is that required by the underlying SSL libraries
1040 (OpenSSL in the general case).
1042 A word of care about the use of SSL: While above mentioned
1043 setup with self-signed server certificates retrieved over the wires
1044 can protect you from a passive eavesdropper it doesn't help against an
1045 active attacker. It's clearly an improvement over sending the
1046 passwords in clear but you should be aware that a man-in-the-middle
1047 attack is trivially possible (in particular with tools such as dsniff,
1048 http://monkey.org/~dugsong/dsniff/). Use of an ssh tunnel (see
1049 below for some examples) is preferable if you care seriously about the
1050 security of your mailbox.
1054 also supports authentication to the ESMTP server on the client side
1055 according to RFC 2554. You can specify a name/password pair to be
1056 used with the keywords 'esmtpname' and 'esmtppassword'; the former
1057 defaults to the username of the calling user.
1061 .B \-\-daemon <interval>
1066 in daemon mode. You must specify a numeric argument which is a
1067 polling interval in seconds.
1071 puts itself in background and runs forever, querying each specified
1072 host and then sleeping for the given polling interval.
1078 will, therefore, poll all the hosts described in your
1080 file (except those explicitly excluded with the 'skip' verb) once
1081 every fifteen minutes.
1083 It is possible to set a polling interval
1086 file by saying 'set daemon <interval>', where <interval> is an
1087 integer number of seconds. If you do this, fetchmail will always
1088 start in daemon mode unless you override it with the command-line
1089 option \-\-daemon 0 or \-d0.
1091 Only one daemon process is permitted per user; in daemon mode,
1093 makes a per-user lockfile to guarantee this.
1095 Normally, calling fetchmail with a daemon in the background sends a
1096 wake-up signal to the daemon, forcing it to poll mailservers
1097 immediately. (The wake-up signal is SIGHUP if fetchmail is running as
1098 root, SIGUSR1 otherwise.) The wake-up action also clears any 'wedged'
1099 flags indicating that connections have wedged due to failed
1100 authentication or multiple timeouts.
1104 will kill a running daemon process instead of waking it up (if there
1105 is no such process, \fIfetchmail\fP will notify you.
1106 If the \-\-quit option appears last on the command line, \fIfetchmail\fP
1107 will kill the running daemon process and then quit. Otherwise,
1108 \fIfetchmail\fP will first kill a running daemon process and then
1109 continue running with the other options.
1114 .B \-\-logfile <filename>
1115 option (keyword: set logfile) is only effective when fetchmail is
1116 detached. This option allows you to redirect status messages
1117 into a specified logfile (follow the option with the logfile name). The
1118 logfile is opened for append, so previous messages aren't deleted. This
1119 is primarily useful for debugging configurations.
1123 option (keyword: set syslog) allows you to redirect status and error
1124 messages emitted to the
1126 system daemon if available.
1127 Messages are logged with an id of \fBfetchmail\fR, the facility \fBLOG_MAIL\fR,
1128 and priorities \fBLOG_ERR\fR, \fBLOG_ALERT\fR or \fBLOG_INFO\fR.
1129 This option is intended for logging status and error messages which
1130 indicate the status of the daemon and the results while fetching mail
1132 Error messages for command line options and parsing the \fI.fetchmailrc\fR
1133 file are still written to stderr, or to the specified log file.
1136 option turns off use of
1138 assuming it's turned on in the
1143 .B \-\-logfile <file>
1150 option suppresses backgrounding and detachment of the
1151 daemon process from its control terminal. This is useful
1152 for debugging or when fetchmail runs as the child of a supervisor
1157 Note that this also causes the logfile option to be
1158 ignored (though perhaps it shouldn't).
1160 Note that while running in daemon mode polling a POP2 or IMAP2bis server,
1161 transient errors (such as DNS failures or sendmail delivery refusals)
1162 may force the fetchall option on for the duration of the next polling
1163 cycle. This is a robustness feature. It means that if a message is
1164 fetched (and thus marked seen by the mailserver) but not delivered
1165 locally due to some transient error, it will be re-fetched during the
1166 next poll cycle. (The IMAP logic doesn't delete messages until
1167 they're delivered, so this problem does not arise.)
1169 If you touch or change the
1171 file while fetchmail is running in daemon mode, this will be detected
1172 at the beginning of the next poll cycle. When a changed
1174 is detected, fetchmail rereads it and restarts from scratch (using
1175 exec(2); no state information is retained in the new instance). Note also
1176 that if you break the
1178 file's syntax, the new instance will softly and silently vanish away
1181 .SH ADMINISTRATIVE OPTIONS
1184 .B \-\-postmaster <name>
1185 option (keyword: set postmaster) specifies the last-resort username to
1186 which multidrop mail is to be forwarded if no matching local recipient
1187 can be found. It is also used as destination of undeliverable mail if
1188 the 'bouncemail' global option is off and additionally for spam-blocked
1189 mail if the 'bouncemail' global option is off and the 'spambounce'
1190 global option is on. This option defaults to the user who invoked
1192 If the invoking user is root, then the default of this option is
1193 the user 'postmaster'. Setting postmaster to the empty string causes
1194 such mail as described above to be discarded - this however is usually a
1196 See also the description of the 'FETCHMAILUSER' environment variable in
1197 the ENVIRONMENT section below.
1201 behaves like the "set no bouncemail" global option, which see.
1205 option (keyword: set invisible) tries to make fetchmail invisible.
1206 Normally, fetchmail behaves like any other MTA would -- it generates a
1207 Received header into each message describing its place in the chain of
1208 transmission, and tells the MTA it forwards to that the mail came from
1209 the machine fetchmail itself is running on. If the invisible option
1210 is on, the Received header is suppressed and fetchmail tries to spoof
1211 the MTA it forwards to into thinking it came directly from the
1216 option (keyword: set showdots) forces fetchmail to show progress dots
1217 even if the current tty is not stdout (for example logfiles).
1218 Fetchmail shows the dots by default when run in nodetach mode or when
1219 daemon mode is not enabled.
1223 option, you can ask fetchmail to add information to the Received
1224 header on the form "polling {label} account {user}", where {label} is
1225 the account label (from the specified rcfile, normally ~/.fetchmailrc)
1226 and {user} is the username which is used to log on to the mail
1227 server. This header can be used to make filtering email where no
1228 useful header information is available and you want mail from
1229 different accounts sorted into different mailboxes (this could, for
1230 example, occur if you have an account on the same server running a
1231 mailing list, and are subscribed to the list using that account). The
1232 default is not adding any such header. In
1234 this is called 'tracepolls'.
1236 .SH RETRIEVAL FAILURE MODES
1237 The protocols \fIfetchmail\fR uses to talk to mailservers are next to
1238 bulletproof. In normal operation forwarding to port 25, no message is
1239 ever deleted (or even marked for deletion) on the host until the SMTP
1240 listener on the client side has acknowledged to \fIfetchmail\fR that
1241 the message has been either accepted for delivery or rejected due to a
1244 When forwarding to an MDA, however, there is more possibility
1245 of error. Some MDAs are 'safe' and reliably return a nonzero status
1246 on any delivery error, even one due to temporary resource limits.
1249 program is like this; so are most programs designed as mail transport
1252 including the sendmail wrapper of Postfix and
1254 These programs give back a reliable positive acknowledgement and
1255 can be used with the mda option with no risk of mail loss. Unsafe
1256 MDAs, though, may return 0 even on delivery failure. If this
1257 happens, you will lose mail.
1259 The normal mode of \fIfetchmail\fR is to try to download only 'new'
1260 messages, leaving untouched (and undeleted) messages you have already
1261 read directly on the server (or fetched with a previous \fIfetchmail
1262 --keep\fR). But you may find that messages you've already read on the
1263 server are being fetched (and deleted) even when you don't specify
1264 --all. There are several reasons this can happen.
1266 One could be that you're using POP2. The POP2 protocol includes no
1267 representation of 'new' or 'old' state in messages, so \fIfetchmail\fR
1268 must treat all messages as new all the time. But POP2 is obsolete, so
1271 A potential POP3 problem might be servers that insert messages
1272 in the middle of mailboxes (some VMS implementations of mail are
1273 rumored to do this). The \fIfetchmail\fR code assumes that new
1274 messages are appended to the end of the mailbox; when this is not true
1275 it may treat some old messages as new and vice versa. Using UIDL whilst
1276 setting fastuidl 0 might fix this, otherwise, consider switching to IMAP.
1278 Yet another POP3 problem is that if they can't make tempfiles in the
1279 user's home directory, some POP3 servers will hand back an
1280 undocumented response that causes fetchmail to spuriously report "No
1283 The IMAP code uses the presence or absence of the server flag \eSeen
1284 to decide whether or not a message is new. This isn't the right thing
1285 to do, fetchmail should check the UIDVALIDITY and use UID, but it
1286 doesn't do that yet. Under Unix, it counts on your IMAP server to notice
1287 the BSD-style Status flags set by mail user agents and set the \eSeen
1288 flag from them when appropriate. All Unix IMAP servers we know of do
1289 this, though it's not specified by the IMAP RFCs. If you ever trip over
1290 a server that doesn't, the symptom will be that messages you have
1291 already read on your host will look new to the server. In this
1292 (unlikely) case, only messages you fetched with \fIfetchmail \-\-keep\fR
1293 will be both undeleted and marked old.
1295 In ETRN and ODMR modes, \fIfetchmail\fR does not actually retrieve messages;
1296 instead, it asks the server's SMTP listener to start a queue flush
1297 to the client via SMTP. Therefore it sends only undelivered messages.
1300 Many SMTP listeners allow administrators to set up 'spam filters' that
1301 block unsolicited email from specified domains. A MAIL FROM or DATA line that
1302 triggers this feature will elicit an SMTP response which
1303 (unfortunately) varies according to the listener.
1307 return an error code of 571.
1309 According to RFC2821, the correct thing to return in this situation is
1310 550 "Requested action not taken: mailbox unavailable" (the draft adds
1311 "[E.g., mailbox not found, no access, or command rejected for policy
1314 Older versions of the
1316 MTA return 501 "Syntax error in parameters or arguments".
1320 MTA runs 554 as an antispam response.
1323 may reject code with a 500 response (followed by an enhanced status
1324 code that contains more information).
1328 treats as antispam responses and discards
1329 the message can be set with the 'antispam' option. This is one of the
1331 three circumstance under which fetchmail ever discards mail (the others
1332 are the 552 and 553 errors described below, and the suppression of
1333 multidropped messages with a message-ID already seen).
1337 is fetching from an IMAP server, the antispam response will be detected and
1338 the message rejected immediately after the headers have been fetched,
1339 without reading the message body. Thus, you won't pay for downloading
1340 spam message bodies.
1342 By default, the list of antispam responses is empty.
1344 If the \fIspambounce\fR global option is on, mail that is spam-blocked
1345 triggers an RFC1892/RFC1894 bounce message informing the originator that
1346 we do not accept mail from it. See also BUGS.
1348 .SH SMTP/ESMTP ERROR HANDLING
1349 Besides the spam-blocking described above, fetchmail takes special
1350 actions on the following SMTP/ESMTP error responses
1352 452 (insufficient system storage)
1353 Leave the message in the server mailbox for later retrieval.
1355 552 (message exceeds fixed maximum message size)
1356 Delete the message from the server. Send bounce-mail to the
1359 553 (invalid sending domain)
1360 Delete the message from the server. Don't even try to send
1361 bounce-mail to the originator.
1363 Other errors trigger bounce mail back to the originator. See also BUGS.
1365 .SH THE RUN CONTROL FILE
1366 The preferred way to set up fetchmail is to write a
1367 \&\fI.fetchmailrc\fR file in your home directory (you may do this
1368 directly, with a text editor, or indirectly via \fIfetchmailconf\fR).
1369 When there is a conflict between the command-line arguments and the
1370 arguments in this file, the command-line arguments take precedence.
1372 To protect the security of your passwords,
1373 your \fI~/.fetchmailrc\fR may not normally have more than 0600 (u=rw,g=,o=) permissions;
1375 will complain and exit otherwise (this check is suppressed when
1378 You may read the \fI.fetchmailrc\fR file as a list of commands to
1381 is called with no arguments.
1382 .SS Run Control Syntax
1384 Comments begin with a '#' and extend through the end of the line.
1385 Otherwise the file consists of a series of server entries or global
1386 option statements in a free-format, token-oriented syntax.
1388 There are four kinds of tokens: grammar keywords, numbers
1389 (i.e. decimal digit sequences), unquoted strings, and quoted strings.
1390 A quoted string is bounded by double quotes and may contain
1391 whitespace (and quoted digits are treated as a string). Note that
1392 quoted strings will also contain line feed characters if they run across
1393 two or more lines, unless you use a backslash to join lines (see below).
1394 An unquoted string is any whitespace-delimited token that is neither
1395 numeric, string quoted nor contains the special characters ',', ';',
1398 Any amount of whitespace separates tokens in server entries, but is
1399 otherwise ignored. You may use backslash escape sequences (\en for LF,
1400 \&\et for HT, \eb for BS, \er for CR, \e\fInnn\fP for decimal (where
1401 nnn cannot start with a 0), \e0\fIooo\fP for octal, and \ex\fIhh\fP for
1402 hex) to embed non-printable characters or string delimiters in strings.
1403 In quoted strings, a backslash at the very end of a line will cause the
1404 backslash itself and the line feed (LF or NL, new line) character to be
1405 ignored, so that you can wrap long strings. Without the backslash at the
1406 line end, the line feed character would become part of the string.
1409 while these resemble C-style escape sequences, they are not the same.
1410 fetchmail only supports these eight styles. C supports more escape
1411 sequences that consist of backslash (\e) and a single character, but
1412 does not support decimal codes and does not require the leading 0 in
1413 octal notation. Example: fetchmail interprets \e233 the same as \exE9
1414 (Latin small letter e with acute), where C would interpret \e233 as
1415 octal 0233 = \ex9B (CSI, control sequence introducer).
1417 Each server entry consists of one of the keywords 'poll' or 'skip',
1418 followed by a server name, followed by server options, followed by any
1419 number of user descriptions. Note: the most common cause of syntax
1420 errors is mixing up user and server options.
1422 For backward compatibility, the word 'server' is a synonym for 'poll'.
1424 You can use the noise keywords 'and', 'with',
1425 \&'has', 'wants', and 'options' anywhere in an entry to make
1426 it resemble English. They're ignored, but but can make entries much
1427 easier to read at a glance. The punctuation characters ':', ';' and
1428 \&',' are also ignored.
1431 The 'poll' verb tells fetchmail to query this host when it is run with
1432 no arguments. The 'skip' verb tells
1434 not to poll this host unless it is explicitly named on the command
1435 line. (The 'skip' verb allows you to experiment with test entries
1436 safely, or easily disable entries for hosts that are temporarily down.)
1438 .SS Keyword/Option Summary
1439 Here are the legal options. Keyword suffixes enclosed in
1440 square brackets are optional. Those corresponding to short command-line
1441 options are followed by '\-' and the appropriate option letter. If
1442 option is only relevant to a single mode of operation, it is noted as
1443 \&'s' or 'm' for singledrop- or multidrop-mode, respectively.
1445 Here are the legal global options:
1449 Keyword Opt Mode Function
1451 set daemon \-d \& T{
1452 Set a background poll interval in seconds.
1454 set postmaster \& \& T{
1455 Give the name of the last-resort mail recipient (default: user running
1456 fetchmail, "postmaster" if run by the root user)
1458 set bouncemail \& \& T{
1459 Direct error mail to the sender (default)
1461 set no bouncemail \& \& T{
1462 Direct error mail to the local postmaster (as per the 'postmaster'
1463 global option above).
1465 set no spambounce \& \& T{
1466 Do not bounce spam-blocked mail (default).
1468 set spambounce \& \& T{
1469 Bounce blocked spam-blocked mail (as per the 'antispam' user option)
1470 back to the destination as indicated by the 'bouncemail' global option.
1471 Warning: Do not use this to bounce spam back to the sender - most spam
1472 is sent with false sender address and thus this option hurts innocent
1475 set logfile \-L \& T{
1476 Name of a file to append error and status messages to.
1478 set idfile \-i \& T{
1479 Name of the file to store UID lists in.
1482 Do error logging through syslog(3).
1484 set no syslog \& \& T{
1485 Turn off error logging through syslog(3). (default)
1487 set properties \& \& T{
1488 String value that is ignored by fetchmail (may be used by extension
1493 Here are the legal server options:
1497 Keyword Opt Mode Function
1500 Specify DNS name of mailserver, overriding poll name
1502 proto[col] \-p \& T{
1503 Specify protocol (case insensitive):
1504 POP2, POP3, IMAP, APOP, KPOP
1506 local[domains] \& m T{
1507 Specify domain(s) to be regarded as local
1510 Specify TCP/IP service port (obsolete, use 'service' instead).
1513 Specify service name (a numeric value is also allowed and
1514 considered a TCP/IP port number).
1516 auth[enticate] \& \& T{
1517 Set authentication type (default 'any')
1520 Server inactivity timeout in seconds (default 300)
1523 Specify envelope-address header name
1526 Disable looking for envelope address
1529 Qmail virtual domain prefix to remove from user name
1532 Specify alternate DNS names of mailserver
1535 specify IP interface(s) that must be up for server poll to take place
1538 Specify IP address to monitor for activity
1541 Specify command through which to make server connections.
1544 Specify command through which to make listener connections.
1547 Enable DNS lookup for multidrop (default)
1550 Disable DNS lookup for multidrop
1553 Do comparison by IP address for multidrop
1555 no checkalias \& m T{
1556 Do comparison by name for multidrop (default)
1559 Force POP3 to use client-side UIDLs (recommended)
1562 Turn off POP3 use of client-side UIDLs (default)
1565 Only check this site every N poll cycles; N is a numeric argument.
1568 Add poll tracing information to the Received header
1571 Set Kerberos principal (only useful with imap and kerberos)
1574 Set name for RFC2554 authentication to the ESMTP server.
1576 esmtppassword \& \& T{
1577 Set password for RFC2554 authentication to the ESMTP server.
1581 Here are the legal user options:
1585 Keyword Opt Mode Function
1587 user[name] \-u \& T{
1588 Set remote user name
1589 (local user name if name followed by 'here')
1592 Connect local and remote user names
1595 Connect local and remote user names
1598 Specify remote account password
1601 Connect to server over the specified base protocol using SSL encryption
1604 Specify file for client side public SSL certificate
1607 Specify file for client side private SSL key
1610 Force ssl protocol for connection
1613 Specify remote folder to query
1616 Specify smtp host(s) to forward to
1618 fetchdomains \& m T{
1619 Specify domains for which mail should be fetched
1621 smtpaddress \-D \& T{
1622 Specify the domain to be put in RCPT TO lines
1625 Specify the user and domain to be put in RCPT TO lines
1628 Specify what SMTP returns are interpreted as spam-policy blocks
1631 Specify MDA for local delivery
1634 Specify BSMTP batch file to append to
1637 Command to be executed before each connection
1639 postconnect \& \& T{
1640 Command to be executed after each connection
1643 Don't delete seen messages from server
1646 Flush all seen messages before querying (DANGEROUS)
1649 Flush all oversized messages before querying
1652 Fetch all messages whether seen or not
1655 Rewrite destination addresses for reply (default)
1658 Strip carriage returns from ends of lines
1661 Force carriage returns at ends of lines
1664 Force BODY=8BITMIME to ESMTP listener
1667 Strip Status and X-Mozilla-Status lines out of incoming mail
1669 dropdelivered \& \& T{
1670 Strip Delivered-To lines out of incoming mail
1673 Convert quoted-printable to 8-bit in MIME messages
1676 Idle waiting for new messages after each poll (IMAP only)
1679 Delete seen messages from server (default)
1682 Don't flush all seen messages before querying (default)
1684 no fetchall \& \& T{
1685 Retrieve only new messages (default)
1688 Don't rewrite headers
1691 Don't strip carriage returns (default)
1694 Don't force carriage returns at EOL (default)
1696 no pass8bits \& \& T{
1697 Don't force BODY=8BITMIME to ESMTP listener (default)
1699 no dropstatus \& \& T{
1700 Don't drop Status headers (default)
1702 no dropdelivered \& \& T{
1703 Don't drop Delivered\-To headers (default)
1705 no mimedecode \& \& T{
1706 Don't convert quoted-printable to 8-bit in MIME messages (default)
1709 Don't idle waiting for new messages after each poll (IMAP only)
1712 Set message size limit
1715 Set message size warning interval
1717 batchlimit \-b \& T{
1718 Max # messages to forward in single connect
1720 fetchlimit \-B \& T{
1721 Max # messages to fetch in single connect
1723 fetchsizelimit \& \& T{
1724 Max # message sizes to fetch in single transaction
1727 Use binary search for first unseen message (POP3 only)
1730 Perform an expunge on every #th message (IMAP and POP3 only)
1733 String value is ignored by fetchmail (may be used by extension scripts)
1737 Remember that all user options must \fIfollow\fR all server options.
1739 In the .fetchmailrc file, the 'envelope' string argument may be
1740 preceded by a whitespace-separated number. This number, if specified,
1741 is the number of such headers to skip over (that is, an argument of 1
1742 selects the second header of the given type). This is sometime useful
1743 for ignoring bogus envelope headers created by an ISP's local delivery
1744 agent or internal forwards (through mail inspection systems, for
1746 .SS Keywords Not Corresponding To Option Switches
1748 The 'folder' and 'smtphost' options (unlike their command-line
1749 equivalents) can take a space- or comma-separated list of names
1752 All options correspond to the obvious command-line arguments, except
1753 the following: 'via', 'interval', 'aka', 'is', 'to', 'dns'/'no dns',
1754 \&'checkalias'/'no checkalias', 'password', 'preconnect', 'postconnect',
1755 \&'localdomains', 'stripcr'/'no stripcr', 'forcecr'/'no forcecr',
1756 \&'pass8bits'/'no pass8bits' 'dropstatus/no dropstatus',
1757 \&'dropdelivered/no dropdelivered', 'mimedecode/no mimedecode', 'no idle',
1760 The 'via' option is for if you want to have more
1761 than one configuration pointing at the same site. If it is present,
1762 the string argument will be taken as the actual DNS name of the
1763 mailserver host to query.
1764 This will override the argument of poll, which can then simply be a
1765 distinct label for the configuration (e.g. what you would give on the
1766 command line to explicitly query this host).
1768 The 'interval' option (which takes a numeric argument) allows you to poll a
1769 server less frequently than the basic poll interval. If you say
1770 \&'interval N' the server this option is attached to will only be
1771 queried every N poll intervals.
1773 The 'is' or 'to' keywords associate the following local (client)
1774 name(s) (or server-name to client-name mappings separated by =) with
1775 the mailserver user name in the entry. If an is/to list has '*' as
1776 its last name, unrecognized names are simply passed through.
1778 A single local name can be used to support redirecting your mail when
1779 your username on the client machine is different from your name on the
1780 mailserver. When there is only a single local name, mail is forwarded
1781 to that local username regardless of the message's Received, To, Cc,
1782 and Bcc headers. In this case
1784 never does DNS lookups.
1786 When there is more than one local name (or name mapping) the
1787 \fIfetchmail\fR code does look at the Received, To, Cc, and Bcc
1788 headers of retrieved mail (this is 'multidrop mode'). It looks for
1789 addresses with hostname parts that match your poll name or your 'via',
1790 \&'aka' or 'localdomains' options, and usually also for hostname parts
1791 which DNS tells it are aliases of the mailserver. See the discussion
1792 of 'dns', 'checkalias', 'localdomains', and 'aka' for details on how
1793 matching addresses are handled.
1795 If \fIfetchmail\fR cannot match any mailserver usernames or
1796 localdomain addresses, the mail will be bounced.
1797 Normally it will be bounced to the sender, but if the 'bouncemail'
1798 global option is off, the mail will go to the local postmaster instead.
1799 (see the 'postmaster' global option). See also BUGS.
1801 The 'dns' option (normally on) controls the way addresses from
1802 multidrop mailboxes are checked. On, it enables logic to check each
1803 host address that does not match an 'aka' or 'localdomains' declaration
1804 by looking it up with DNS. When a mailserver username is recognized
1805 attached to a matching hostname part, its local mapping is added to
1806 the list of local recipients.
1808 The 'checkalias' option (normally off) extends the lookups performed
1809 by the 'dns' keyword in multidrop mode, providing a way to cope with
1810 remote MTAs that identify themselves using their canonical name, while
1811 they're polled using an alias.
1812 When such a server is polled, checks to extract the envelope address
1815 reverts to delivery using the To/Cc/Bcc headers (See below
1816 \&'Header vs. Envelope addresses').
1817 Specifying this option instructs
1819 to retrieve all the IP addresses associated with both the poll name
1820 and the name used by the remote MTA and to do a comparison of the IP
1821 addresses. This comes in handy in situations where the remote server
1822 undergoes frequent canonical name changes, that would otherwise
1823 require modifications to the rcfile. 'checkalias' has no effect if
1824 \&'no dns' is specified in the rcfile.
1826 The 'aka' option is for use with multidrop mailboxes. It allows you
1827 to pre-declare a list of DNS aliases for a server. This is an
1828 optimization hack that allows you to trade space for speed. When
1830 while processing a multidrop mailbox, grovels through message headers
1831 looking for names of the mailserver, pre-declaring common ones can
1832 save it from having to do DNS lookups. Note: the names you give
1833 as arguments to 'aka' are matched as suffixes -- if you specify
1834 (say) 'aka netaxs.com', this will match not just a hostname
1835 netaxs.com, but any hostname that ends with '.netaxs.com'; such as
1836 (say) pop3.netaxs.com and mail.netaxs.com.
1838 The 'localdomains' option allows you to declare a list of domains
1839 which fetchmail should consider local. When fetchmail is parsing
1840 address lines in multidrop modes, and a trailing segment of a host
1841 name matches a declared local domain, that address is passed through
1842 to the listener or MDA unaltered (local-name mappings are \fInot\fR
1845 If you are using 'localdomains', you may also need to specify 'no
1846 envelope', which disables \fIfetchmail\fR's normal attempt to deduce
1847 an envelope address from the Received line or X-Envelope-To header or
1848 whatever header has been previously set by 'envelope'. If you set 'no
1849 envelope' in the defaults entry it is possible to undo that in
1850 individual entries by using 'envelope <string>'. As a special case,
1851 \&'envelope "Received"' restores the default parsing of
1854 The \fBpassword\fR option requires a string argument, which is the password
1855 to be used with the entry's server.
1857 The 'preconnect' keyword allows you to specify a shell command to be
1858 executed just before each time
1860 establishes a mailserver connection. This may be useful if you are
1861 attempting to set up secure POP connections with the aid of
1863 If the command returns a nonzero status, the poll of that mailserver
1866 Similarly, the 'postconnect' keyword similarly allows you to specify a
1867 shell command to be executed just after each time a mailserver
1868 connection is taken down.
1870 The 'forcecr' option controls whether lines terminated by LF only are
1871 given CRLF termination before forwarding. Strictly speaking RFC821
1872 requires this, but few MTAs enforce the requirement it so this option
1873 is normally off (only one such MTA, qmail, is in significant use at
1876 The 'stripcr' option controls whether carriage returns are stripped
1877 out of retrieved mail before it is forwarded. It is normally not
1878 necessary to set this, because it defaults to 'on' (CR stripping
1879 enabled) when there is an MDA declared but 'off' (CR stripping
1880 disabled) when forwarding is via SMTP. If 'stripcr' and 'forcecr' are
1881 both on, 'stripcr' will override.
1883 The 'pass8bits' option exists to cope with Microsoft mail programs that
1884 stupidly slap a "Content-Transfer-Encoding: 7bit" on everything. With
1885 this option off (the default) and such a header present,
1887 declares BODY=7BIT to an ESMTP-capable listener; this causes problems for
1888 messages actually using 8-bit ISO or KOI-8 character sets, which will
1889 be garbled by having the high bits of all characters stripped. If
1890 \&'pass8bits' is on,
1892 is forced to declare BODY=8BITMIME to any ESMTP-capable listener. If
1893 the listener is 8-bit-clean (as all the major ones now are) the right
1894 thing will probably result.
1896 The 'dropstatus' option controls whether nonempty Status and
1897 X-Mozilla-Status lines are retained in fetched mail (the default) or
1898 discarded. Retaining them allows your MUA to see what messages (if
1899 any) were marked seen on the server. On the other hand, it can
1900 confuse some new-mail notifiers, which assume that anything with a
1901 Status line in it has been seen. (Note: the empty Status lines
1902 inserted by some buggy POP servers are unconditionally discarded.)
1904 The 'dropdelivered' option controls whether Delivered\-To headers will
1905 be kept in fetched mail (the default) or discarded. These headers are
1906 added by Qmail and Postfix mailservers in order to avoid mail loops but
1907 may get in your way if you try to "mirror" a mailserver within the same
1908 domain. Use with caution.
1910 The 'mimedecode' option controls whether MIME messages using the
1911 quoted-printable encoding are automatically converted into pure 8-bit
1912 data. If you are delivering mail to an ESMTP-capable, 8-bit-clean
1913 listener (that includes all of the major MTAs like sendmail), then
1914 this will automatically convert quoted-printable message headers and
1915 data into 8-bit data, making it easier to understand when reading
1916 mail. If your e-mail programs know how to deal with MIME messages,
1917 then this option is not needed. The mimedecode option is off by
1918 default, because doing RFC2047 conversion on headers throws away
1919 character-set information and can lead to bad results if the encoding
1920 of the headers differs from the body encoding.
1922 The 'idle' option is intended to be used with IMAP servers supporting
1923 the RFC2177 IDLE command extension, but does not strictly require it.
1924 If it is enabled, and fetchmail detects that IDLE is supported, an
1925 IDLE will be issued at the end of each poll. This will tell the IMAP
1926 server to hold the connection open and notify the client when new mail
1927 is available. If IDLE is not supported, fetchmail will simulate it by
1928 periodically issuing NOOP. If you need to poll a link frequently, IDLE
1929 can save bandwidth by eliminating TCP/IP connects and LOGIN/LOGOUT
1930 sequences. On the other hand, an IDLE connection will eat almost all
1931 of your fetchmail's time, because it will never drop the connection
1932 and allow other polls to occur unless the server times out the IDLE.
1933 It also doesn't work with multiple folders; only the first folder will
1937 The 'properties' option is an extension mechanism. It takes a string
1938 argument, which is ignored by fetchmail itself. The string argument may be
1939 used to store configuration information for scripts which require it.
1940 In particular, the output of '\-\-configdump' option will make properties
1941 associated with a user entry readily available to a Python script.
1943 .SS Miscellaneous Run Control Options
1944 The words 'here' and 'there' have useful English-like
1945 significance. Normally 'user eric is esr' would mean that
1946 mail for the remote user 'eric' is to be delivered to 'esr',
1947 but you can make this clearer by saying 'user eric there is esr here',
1948 or reverse it by saying 'user esr here is eric there'
1950 Legal protocol identifiers for use with the 'protocol' keyword are:
1953 auto (or AUTO) (legacy, to be removed from future release)
1954 pop2 (or POP2) (legacy, to be removed from future release)
1963 Legal authentication types are 'any', 'password', 'kerberos',
1964 \&'kerberos_v4', 'kerberos_v5' and 'gssapi', 'cram\-md5', 'otp', 'msn'
1965 (only for POP3), 'ntlm', 'ssh'. The 'password' type specifies
1966 authentication by normal transmission of a password (the password may be
1967 plain text or subject to protocol-specific encryption as in APOP);
1968 \&'kerberos' tells \fIfetchmail\fR to try to get a Kerberos ticket at the
1969 start of each query instead, and send an arbitrary string as the
1970 password; and 'gssapi' tells fetchmail to use GSSAPI authentication.
1971 See the description of the 'auth' keyword for more.
1973 Specifying 'kpop' sets POP3 protocol over port 1109 with Kerberos V4
1974 authentication. These defaults may be overridden by later options.
1976 There are some global option statements: 'set logfile'
1977 followed by a string sets the same global specified by \-\-logfile. A
1978 command-line \-\-logfile option will override this. Note that \-\-logfile is
1979 only effective if fetchmail detaches itself from the terminal. Also,
1980 \&'set daemon' sets the poll interval as \-\-daemon does. This can be
1981 overridden by a command-line \-\-daemon option; in particular \-\-daemon\~0
1982 can be used to force foreground operation. The 'set postmaster'
1983 statement sets the address to which multidrop mail defaults if there are
1984 no local matches. Finally, 'set syslog' sends log messages to
1987 .SH DEBUGGING FETCHMAIL
1988 .SS Fetchmail crashing
1989 There are various ways in that fetchmail may "crash", i. e. stop
1990 operation suddenly and unexpectedly. A "crash" usually refers to an
1991 error condition that the software did not handle by itself. A well-known
1992 failure mode is the "segmentation fault" or "signal 11" or "SIGSEGV" or
1993 just "segfault" for short. These can be caused by hardware or by software
1994 problems. Software-induced segfaults can usually be reproduced easily
1995 and in the same place, whereas hardware-induced segfaults can go away if
1996 the computer is rebooted, or powered off for a few hours, and can happen
1997 in random locations even if you use the software the same way.
1999 For solving hardware-induced segfaults, find the faulty component and repair or
2000 replace it. <http://www.bitwizard.nl/sig11/> may help you with details.
2002 For solving software-induced segfaults, the developers may need a "stack
2005 .SS Enabling fetchmail core dumps
2006 By default, fetchmail suppresses core dumps as these might contain
2007 passwords and other sensitive information. For debugging fetchmail
2008 crashes, obtaining a "stack backtrace" from a core dump is often the
2009 quickest way to solve the problem, and when posting your problem on a
2010 mailing list, the developers may ask you for a "backtrace".
2012 1. To get useful backtraces, fetchmail needs to be installed without
2013 getting stripped of its compilation symbols. Unfortunately, most
2014 binary packages that are installed are stripped, and core files from
2015 symbol-stripped programs are worthless. So you may need to recompile
2016 fetchmail. On many systems, you can type
2019 file `which fetchmail`
2022 to find out if fetchmail was symbol-stripped or not. If yours was
2023 unstripped, fine, proceed, if it was stripped, you need to recompile the
2024 source code first. You do not usually need to install fetchmail in order
2027 2. The shell environment that starts fetchmail needs to enable core
2028 dumps. The key is the "maximum core (file) size" that can usually be
2029 configured with a tool named "limit" or "ulimit". See the documentation
2030 for your shell for details. In the popular bash shell, "ulimit \-Sc
2031 unlimited" will allow the core dump.
2033 3. You need to tell fetchmail, too, to allow core dumps. To do
2034 this, run fetchmail with the \fB\-d0 \-v\fP options. It is often easier
2035 to also add \fB\-\-nosyslog \-N\fR as well.
2037 Finally, you need to reproduce the crash. You can just start fetchmail
2038 from the directory where you compiled it by typing \fB./fetchmail\fR,
2039 so the complete command line will start with \fB./fetchmail \-Nvd0
2040 \&\-\-nosyslog\fR and perhaps list your other options.
2042 After the crash, run your debugger to obtain the core dump. The
2043 debugger will often be GNU GDB, you can then type (adjust paths as
2044 necessary) \fBgdb ./fetchmail fetchmail.core\fR and then, after GDB
2045 has started up and read all its files, type \fBbacktrace full\fR, save
2046 the output (copy & paste will do, the backtrace will be read by a human)
2047 and then type \fBquit\fR to leave gdb.
2049 on some systems, the core
2050 files have different names, they might contain a number instead of the
2051 program name, or number and name, but it will usually have "core" as
2054 .SH INTERACTION WITH RFC 822
2055 When trying to determine the originating address of a message,
2056 fetchmail looks through headers in the following order:
2060 Resent-Sender: (ignored if it doesn't contain an @ or !)
2061 Sender: (ignored if it doesn't contain an @ or !)
2068 The originating address is used for logging, and to set the MAIL FROM
2069 address when forwarding to SMTP. This order is intended to cope
2070 gracefully with receiving mailing list messages in multidrop mode. The
2071 intent is that if a local address doesn't exist, the bounce message
2072 won't be returned blindly to the author or to the list itself, but
2073 rather to the list manager (which is less annoying).
2075 In multidrop mode, destination headers are processed as follows:
2076 First, fetchmail looks for the Received: header (or whichever one is
2077 specified by the 'envelope' option) to determine the local
2078 recipient address. If the mail is addressed to more than one recipient,
2079 the Received line won't contain any information regarding recipient addresses.
2081 Then fetchmail looks for the Resent-To:, Resent-Cc:, and Resent-Bcc:
2082 lines. If they exist, they should contain the final recipients and
2083 have precedence over their To:/Cc:/Bcc: counterparts. If the Resent\-*
2084 lines don't exist, the To:, Cc:, Bcc: and Apparently-To: lines are
2085 looked for. (The presence of a Resent\-To: is taken to imply that the
2086 person referred by the To: address has already received the original
2089 .SH CONFIGURATION EXAMPLES
2090 Note that although there are password declarations in a good many
2091 of the examples below, this is mainly for illustrative purposes.
2092 We recommend stashing account/password pairs in your $HOME/.netrc
2093 file, where they can be used not just by fetchmail but by ftp(1) and
2099 poll SERVERNAME protocol PROTOCOL username NAME password PASSWORD
2105 poll pop.provider.net protocol pop3 username "jsmith" password "secret1"
2108 Or, using some abbreviations:
2111 poll pop.provider.net proto pop3 user "jsmith" password "secret1"
2114 Multiple servers may be listed:
2117 poll pop.provider.net proto pop3 user "jsmith" pass "secret1"
2118 poll other.provider.net proto pop2 user "John.Smith" pass "My^Hat"
2121 Here's a version of those two with more whitespace and some noise words:
2124 poll pop.provider.net proto pop3
2125 user "jsmith", with password secret1, is "jsmith" here;
2126 poll other.provider.net proto pop2:
2127 user "John.Smith", with password "My^Hat", is "John.Smith" here;
2130 This version is much easier to read and doesn't cost significantly
2131 more (parsing is done only once, at startup time).
2134 If you need to include whitespace in a parameter string, enclose the
2135 string in double quotes. Thus:
2138 poll mail.provider.net with proto pop3:
2139 user "jsmith" there has password "u can't krak this"
2140 is jws here and wants mda "/bin/mail"
2143 You may have an initial server description headed by the keyword
2144 \&'defaults' instead of 'poll' followed by a name. Such a record
2145 is interpreted as defaults for all queries to use. It may be overwritten
2146 by individual server descriptions. So, you could write:
2151 poll pop.provider.net
2153 poll mail.provider.net
2154 user "jjsmith" there has password "secret2"
2157 It's possible to specify more than one user per server (this is only
2158 likely to be useful when running fetchmail in daemon mode as root).
2159 The 'user' keyword leads off a user description, and every user specification
2160 in a multi-user entry must include it. Here's an example:
2163 poll pop.provider.net proto pop3 port 3111
2164 user "jsmith" with pass "secret1" is "smith" here
2165 user jones with pass "secret2" is "jjones" here keep
2168 This associates the local username 'smith' with the pop.provider.net
2169 username 'jsmith' and the local username 'jjones' with the
2170 pop.provider.net username 'jones'. Mail for 'jones' is kept on the
2171 server after download.
2173 Here's what a simple retrieval configuration for a multi-drop mailbox
2177 poll pop.provider.net:
2178 user maildrop with pass secret1 to golux 'hurkle'='happy' snark here
2181 This says that the mailbox of account 'maildrop' on the server is a
2182 multi-drop box, and that messages in it should be parsed for the
2183 server user names 'golux', 'hurkle', and 'snark'. It further
2184 specifies that 'golux' and 'snark' have the same name on the
2185 client as on the server, but mail for server user 'hurkle' should be
2186 delivered to client user 'happy'.
2188 Here's an example of another kind of multidrop connection:
2191 poll pop.provider.net localdomains loonytoons.org toons.org:
2192 user maildrop with pass secret1 to * here
2195 This also says that the mailbox of account 'maildrop' on the server is
2196 a multi-drop box. It tells fetchmail that any address in the
2197 loonytoons.org or toons.org domains (including sub-domain addresses like
2198 \&'joe@daffy.loonytoons.org') should be passed through to the local SMTP
2199 listener without modification. Be careful of mail loops if you do this!
2201 Here's an example configuration using ssh and the plugin option. The
2202 queries are made directly on the stdin and stdout of imapd via ssh.
2203 Note that in this setup, IMAP authentication can be skipped.
2206 poll mailhost.net with proto imap:
2207 plugin "ssh %h /usr/sbin/imapd" auth ssh;
2208 user esr is esr here
2211 .SH THE USE AND ABUSE OF MULTIDROP MAILBOXES
2212 Use the multiple-local-recipients feature with caution -- it can bite.
2213 All multidrop features are ineffective in ETRN and ODMR modes.
2215 Also, note that in multidrop mode duplicate mails are suppressed. A
2216 piece of mail is considered duplicate if it has the same message-ID as
2217 the message immediately preceding and more than one addressee. Such
2218 runs of messages may be generated when copies of a message addressed
2219 to multiple users are delivered to a multidrop box.
2221 .SS Header vs. Envelope addresses
2222 The fundamental problem is that by having your mailserver toss several
2223 peoples' mail in a single maildrop box, you may have thrown away
2224 potentially vital information about who each piece of mail was
2225 actually addressed to (the 'envelope address', as opposed to the
2226 header addresses in the RFC822 To/Cc headers - the Bcc is not available
2227 at the receiving end). This 'envelope address' is the address you need
2228 in order to reroute mail properly.
2232 can deduce the envelope address. If the mailserver MTA is
2234 and the item of mail had just one recipient, the MTA will have written
2235 a 'by/for' clause that gives the envelope addressee into its Received
2236 header. But this doesn't work reliably for other MTAs, nor if there is
2237 more than one recipient. By default, \fIfetchmail\fR looks for
2238 envelope addresses in these lines; you can restore this default with
2239 \&\-E "Received" or 'envelope Received'.
2241 .B As a better alternative,
2242 some SMTP listeners and/or mail servers insert a header
2243 in each message containing a copy of the envelope addresses. This
2244 header (when it exists) is often 'X\-Original\-To', 'Delivered\-To' or
2245 \&'X\-Envelope\-To'. Fetchmail's assumption about this can be changed with
2246 the \-E or 'envelope' option. Note that writing an envelope header of
2247 this kind exposes the names of recipients (including blind-copy
2248 recipients) to all receivers of the messages, so the upstream must store
2249 one copy of the message per recipient to avoid becoming a privacy problem.
2251 Postfix, since version 2.0, writes an X\-Original\-To: header which
2252 contains a copy of the envelope as it was received.
2254 Qmail and Postfix generally write a 'Delivered\-To' header upon
2255 delivering the message to the mail spool and use it to avoid mail loops.
2256 Qmail virtual domains however will prefix the user name with a string
2257 that normally matches the user's domain. To remove this prefix you can
2258 use the \-Q or 'qvirtual' option.
2260 Sometimes, unfortunately, neither of these methods works. That is the
2261 point when you should contact your ISP and ask them to provide such an
2262 envelope header, and you should not use multidrop in this situation.
2263 When they all fail, fetchmail must fall back on the contents of To/Cc
2264 headers (Bcc headers are not available - see below) to try to determine
2265 recipient addressees -- and these are unreliable.
2266 In particular, mailing-list software often ships mail with only
2267 the list broadcast address in the To header.
2269 .B Note that a future version of fetchmail may remove To/Cc parsing!
2273 cannot deduce a recipient address that is local, and the intended
2274 recipient address was anyone other than fetchmail's invoking user,
2275 .B mail will get lost.
2276 This is what makes the multidrop feature risky without proper envelope
2279 A related problem is that when you blind-copy a mail message, the Bcc
2280 information is carried \fIonly\fR as envelope address (it's removed from
2281 the headers by the sending mail server, so fetchmail can see it only if
2282 there is an X-\Envelope\-To header). Thus, blind-copying to someone who
2283 gets mail over a fetchmail multidrop link will fail unless the the
2284 mailserver host routinely writes X\-Envelope\-To or an equivalent header
2285 into messages in your maildrop.
2287 \fBIn conclusion, mailing lists and Bcc'd mail can only work if the
2288 server you're fetching from (1) stores one copy of the message per
2289 recipient in \fBIyour\fP domain and (2) records the envelope
2290 information in a special header (X\-Original\-To, Delivered\-To,
2291 X\-Envelope\-To).\fR
2293 .SS Good Ways To Use Multidrop Mailboxes
2294 Multiple local names can be used to administer a mailing list from the
2295 client side of a \fIfetchmail\fR collection. Suppose your name is
2296 \&'esr', and you want to both pick up your own mail and maintain a mailing
2297 list called (say) "fetchmail-friends", and you want to keep the alias
2298 list on your client machine.
2300 On your server, you can alias 'fetchmail\-friends' to 'esr'; then, in
2301 your \fI.fetchmailrc\fR, declare 'to esr fetchmail\-friends here'.
2302 Then, when mail including 'fetchmail\-friends' as a local address
2303 gets fetched, the list name will be appended to the list of
2304 recipients your SMTP listener sees. Therefore it will undergo alias
2305 expansion locally. Be sure to include 'esr' in the local alias
2306 expansion of fetchmail\-friends, or you'll never see mail sent only to
2307 the list. Also be sure that your listener has the "me-too" option set
2308 (sendmail's \-oXm command-line option or OXm declaration) so your name
2309 isn't removed from alias expansions in messages you send.
2311 This trick is not without its problems, however. You'll begin to see
2312 this when a message comes in that is addressed only to a mailing list
2313 you do \fInot\fR have declared as a local name. Each such message
2314 will feature an 'X\-Fetchmail\-Warning' header which is generated
2315 because fetchmail cannot find a valid local name in the recipient
2316 addresses. Such messages default (as was described above) to being
2317 sent to the local user running
2319 but the program has no way to know that that's actually the right thing.
2321 .SS Bad Ways To Abuse Multidrop Mailboxes
2322 Multidrop mailboxes and
2324 serving multiple users in daemon mode do not mix. The problem, again, is
2325 mail from mailing lists, which typically does not have an individual
2326 recipient address on it. Unless
2328 can deduce an envelope address, such mail will only go to the account
2329 running fetchmail (probably root). Also, blind-copied users are very
2330 likely never to see their mail at all.
2332 If you're tempted to use
2334 to retrieve mail for multiple users from a single mail drop via POP or
2335 IMAP, think again (and reread the section on header and envelope
2336 addresses above). It would be smarter to just let the mail sit in the
2337 mailserver's queue and use fetchmail's ETRN or ODMR modes to trigger
2338 SMTP sends periodically (of course, this means you have to poll more
2339 frequently than the mailserver's expiry period). If you can't arrange
2340 this, try setting up a UUCP feed.
2342 If you absolutely \fImust\fR use multidrop for this purpose, make sure
2343 your mailserver writes an envelope-address header that fetchmail can
2344 see. Otherwise you \fIwill\fR lose mail and it \fIwill\fR come back
2347 .SS Speeding Up Multidrop Checking
2348 Normally, when multiple users are declared
2350 extracts recipient addresses as described above and checks each host
2351 part with DNS to see if it's an alias of the mailserver. If so, the
2352 name mappings described in the "to ... here" declaration are done and
2353 the mail locally delivered.
2355 This is a convenient but also slow method. To speed
2356 it up, pre-declare mailserver aliases with 'aka'; these are checked
2357 before DNS lookups are done. If you're certain your aka list contains
2359 DNS aliases of the mailserver (and all MX names pointing at it - note
2360 this may change in a future version)
2361 you can declare 'no dns' to suppress DNS lookups entirely and
2362 \fIonly\fR match against the aka list.
2365 To facilitate the use of
2367 in shell scripts, an exit code is returned to give an indication
2368 of what occurred during a given connection.
2370 The exit codes returned by
2374 One or more messages were successfully retrieved (or, if the \-c option
2375 was selected, were found waiting but not retrieved).
2377 There was no mail awaiting retrieval. (There may have been old mail still
2378 on the server but not selected for retrieval.)
2380 An error was encountered when attempting to open a socket to retrieve
2381 mail. If you don't know what a socket is, don't worry about it --
2382 just treat this as an 'unrecoverable error'. This error can also be
2383 because a protocol fetchmail wants to use is not listed in /etc/services.
2385 The user authentication step failed. This usually means that a bad
2386 user-id, password, or APOP id was specified. Or it may mean that you
2387 tried to run fetchmail under circumstances where it did not have
2388 standard input attached to a terminal and could not prompt for a
2391 Some sort of fatal protocol error was detected.
2393 There was a syntax error in the arguments to
2396 The run control file had bad permissions.
2398 There was an error condition reported by the server. Can also
2401 timed out while waiting for the server.
2403 Client-side exclusion error. This means
2405 either found another copy of itself already running, or failed in such
2406 a way that it isn't sure whether another copy is running.
2408 The user authentication step failed because the server responded "lock
2409 busy". Try again after a brief pause! This error is not implemented
2410 for all protocols, nor for all servers. If not implemented for your
2411 server, "3" will be returned instead, see above. May be returned when
2412 talking to qpopper or other servers that can respond with "lock busy"
2413 or some similar text containing the word "lock".
2417 run failed while trying to do an SMTP port open or transaction.
2419 Fatal DNS error. Fetchmail encountered an error while performing
2420 a DNS lookup at startup and could not proceed.
2422 BSMTP batch file could not be opened.
2424 Poll terminated by a fetch limit (see the \-\-fetchlimit option).
2426 Server busy indication.
2428 Server timed out during an IMAP IDLE.
2430 Internal error. You should see a message on standard error with
2435 queries more than one host, return status is 0 if \fIany\fR query
2436 successfully retrieved mail. Otherwise the returned error status is
2437 that of the last host queried.
2442 default run control file
2445 default location of file associating hosts with last message IDs seen
2446 (used only with newer RFC1939-compliant POP3 servers supporting the
2450 lock file to help prevent concurrent runs (non-root mode).
2453 your FTP run control file, which (if present) will be searched for
2454 passwords as a last resort before prompting for one interactively.
2456 /var/run/fetchmail.pid
2457 lock file to help prevent concurrent runs (root mode, Linux systems).
2460 lock file to help prevent concurrent runs (root mode, systems without /var/run).
2463 If the FETCHMAILUSER variable is set, it is used as the name of the
2464 calling user (default local name) for purposes such as mailing error
2465 notifications. Otherwise, if either the LOGNAME or USER variable is
2466 correctly set (e.g. the corresponding UID matches the session user ID)
2467 then that name is used as the default local name. Otherwise
2468 \fBgetpwuid\fR(3) must be able to retrieve a password entry for the
2469 session ID (this elaborate logic is designed to handle the case of
2470 multiple names per userid gracefully).
2472 If the environment variable FETCHMAILHOME is set to a valid and
2473 existing directory name, fetchmail will read $FETCHMAILHOME/fetchmailrc
2474 (the dot is missing in this case), $FETCHMAILHOME/.fetchids and
2475 $FETCHMAILHOME/.fetchmail.pid rather than from the user's home
2476 directory. The .netrc file is always looked for in the the invoking
2477 user's home directory regardless of FETCHMAILHOME's setting.
2479 If the HOME_ETC variable is set, fetchmail will read
2480 $HOME_ETC/.fetchmailrc instead of ~/.fetchmailrc.
2482 If HOME_ETC and FETCHMAILHOME are set, HOME_ETC will be ignored.
2487 daemon is running as root, SIGHUP wakes it up from its sleep phase and
2488 forces a poll of all non-skipped servers (this is in accordance with
2489 the usual conventions for system daemons).
2493 is running in daemon mode as non-root, use SIGUSR1 to wake it (this is
2494 so SIGHUP due to logout can retain the default action of killing it).
2498 in foreground while a background fetchmail is running will do
2499 whichever of these is appropriate to wake it up.
2501 .SH BUGS AND KNOWN PROBLEMS
2503 Please check the \fBNEWS\fP file that shipped with fetchmail for more
2504 known bugs than those listed here.
2506 The assumptions that the DNS and in particular the checkalias options
2507 make are not often sustainable. For instance, it has become uncommon for
2508 an MX server to be a POP3 or IMAP server at the same time. Therefore the
2509 MX lookups may go away in a future release.
2511 The mda and plugin options interact badly. In order to collect error
2512 status from the MDA, fetchmail has to change its normal signal
2513 handling so that dead plugin processes don't get reaped until the end
2514 of the poll cycle. This can cause resource starvation if too many
2515 zombies accumulate. So either don't deliver to a MDA using plugins or
2516 risk being overrun by an army of undead.
2518 The \-\-interface option does not support IPv6 and it is doubtful if it
2519 ever will, since there is no portable way to query interface IPv6
2522 The RFC822 address parser used in multidrop mode chokes on some
2523 @-addresses that are technically legal but bizarre. Strange uses of
2524 quoting and embedded comments are likely to confuse it.
2526 In a message with multiple envelope headers, only the last one
2527 processed will be visible to fetchmail.
2529 Use of some of these protocols requires that the program send
2530 unencrypted passwords over the TCP/IP connection to the mailserver.
2531 This creates a risk that name/password pairs might be snaffled with a
2532 packet sniffer or more sophisticated monitoring software. Under Linux
2533 and FreeBSD, the \-\-interface option can be used to restrict polling to
2534 availability of a specific interface device with a specific local or
2535 remote IP address, but snooping is still possible if (a) either host
2536 has a network device that can be opened in promiscuous mode, or (b)
2537 the intervening network link can be tapped. We recommend the use of
2539 tunnelling to not only shroud your passwords but encrypt the entire
2542 Use of the %F or %T escapes in an mda option could open a security
2543 hole, because they pass text manipulable by an attacker to a shell
2544 command. Potential shell characters are replaced by '_' before
2545 execution. The hole is further reduced by the fact that fetchmail
2546 temporarily discards any suid privileges it may have while running the
2547 MDA. For maximum safety, however, don't use an mda command containing
2548 %F or %T when fetchmail is run from the root account itself.
2550 Fetchmail's method of sending bounces due to errors or spam-blocking and
2551 spam bounces requires that port 25 of localhost be available for sending
2556 while a background instance is running and break the syntax, the
2557 background instance will die silently. Unfortunately, it can't
2558 die noisily because we don't yet know whether syslog should be enabled.
2559 On some systems, fetchmail dies quietly even if there is no syntax
2560 error; this seems to have something to do with buggy terminal ioctl
2563 The \-f\~\- option (reading a configuration from stdin) is incompatible
2564 with the plugin option.
2566 The 'principal' option only handles Kerberos IV, not V.
2568 Interactively entered passwords are truncated after 63 characters. If
2569 you really need to use a longer password, you will have to use a
2572 A backslash as the last character of a configuration file will be
2573 flagged as a syntax error rather than ignored.
2575 Send comments, bug reports, gripes, and the like to the
2576 fetchmail\-devel list <fetchmail\-devel@lists.berlios.de>. An HTML FAQ is
2577 available at the fetchmail home page; surf to
2578 http://fetchmail.berlios.de/ or do a WWW search for pages with
2579 \&'fetchmail' in their titles.
2582 Fetchmail is currently maintained by Matthias Andree and Rob Funk with
2583 major assistance from Sunil Shetye (for code) and Rob MacGregor (for the
2586 Most of the code is from Eric S. Raymond <esr@snark.thyrsus.com>. Too
2587 many other people to name here have contributed code and patches.
2589 This program is descended from and replaces
2591 by Carl Harris <ceharris@mal.com>; the internals have become quite different,
2592 but some of its interface design is directly traceable to that
2595 This manual page has been improved by R.\ Hannes Beinert and H\['e]ctor
2599 mutt(1), elm(1), mail(1), sendmail(8), popd(8), imapd(8), netrc(5)
2601 The fetchmail home page: <http://fetchmail.berlios.de/>
2603 The maildrop home page: <http://www.courier-mta.org/maildrop/>
2604 .SH APPLICABLE STANDARDS
2606 Note that this list is just a collection of references and not a
2607 statement as to the actual protocol conformance or requirements in
2611 RFC 821, RFC 2821, RFC 1869, RFC 1652, RFC 1870, RFC 1983, RFC 1985,
2615 RFC 822, RFC 2822, RFC 1123, RFC 1892, RFC 1894.
2621 RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1734, RFC 1939, RFC 1957,
2625 RFC 1460, RFC 1725, RFC 1939.
2634 RFC 1730, RFC 1731, RFC 1732, RFC 2060, RFC 2061, RFC 2195, RFC 2177,