2 .\" ** The above line should force tbl to be used as a preprocessor **
4 .\" Man page for fetchmail
6 .\" For license terms, see the file COPYING in this directory.
9 fetchmail \- fetch mail from a POP, IMAP, or ETRN-capable server
12 \fBfetchmail\fR [\fIoptions\fR] [\fImailserver...\fR]
16 is a mail-retrieval and forwarding utility; it fetches
17 mail from remote mailservers and forwards it to your local (client)
18 machine's delivery system. You can then handle the retrieved mail
19 using normal mail user agents such as \fIelm\fR(1) or \fIMail\fR(1).
20 The \fBfetchmail\fR utility can be run in a daemon mode to repeatedly
21 poll one or more systems at a specified interval.
25 program can gather mail from servers supporting any of the common
26 mail-retrieval protocols: POP2, POP3, IMAP2bis, and IMAP4. It can
27 also use the ESMTP ETRN extension. (The RFCs describing all these
28 protocols are listed at the end of this document.)
32 is primarily intended to be used over on-demand TCP/IP links (such as
33 SLIP or PPP connections), it may also be useful as a message transfer
34 agent for sites which refuse for security reasons to permit
35 (sender-initiated) SMTP transactions with sendmail.
37 As each message is retrieved \fIfetchmail\fR normally delivers it via SMTP to
38 port 25 on the machine it is running on (localhost), just as though it
39 were being passed in over a normal TCP/IP link. The mail will then be
40 delivered locally via your system's MDA (Mail Delivery Agent, usually
41 \fIsendmail\fR(8) but your system may use a different one such
42 as \fIsmail\fR, \fImmdf\fR, or \fIqmail\fR). All the delivery-control
43 mechanisms (such as \fI.forward\fR files) normally available through
44 your system MDA and local delivery agents will therefore work.
48 is controlled by command-line options and a run control file,
49 \fI~/.fetchmailrc\fR, the syntax of which we describe below. Command-line
54 Each server name that you specify following the options on the
55 command line will be queried. If you don't specify any servers
56 on the command line, each server in your
60 To facilitate the use of
62 In scripts, pipelines, etc., it returns an appropriate exit code upon
63 termination -- see EXIT CODES below.
66 The following options modify the behavior of \fIfetchmail\fR. It is
67 seldom necessary to specify any of these once you have a
68 working \fI.fetchmailrc\fR file set up.
70 Almost all options have a corresponding keyword which can be used to
75 Some special options are not covered here, but are documented insttead
76 in sections on AUTHENTICATION and DAEMON MODE which follows.
80 Displays the version information for your copy of
82 No mail fetch is performed.
83 Instead, for each server specified, all option information
84 that would be computed if
86 were connecting to that server is displayed. Any non-printables in
87 passwords or other string names are shown as backslashed C-like
88 escape sequences. This option is useful for verifying that your
89 options are set the way you want them.
92 Return a status code to indicate whether there is mail waiting,
93 without actually fetching or deleting mail (see EXIT CODES below).
94 This option turns off daemon mode (in which it would be useless). It
95 doesn't play well with queries to multiple sites, and doesn't work
96 with ETRN. It will return a false positive if you leave read but
97 undeleted mail in your server mailbox and your fetch protocol can't
98 tell kept messages from new ones. This means it will work with IMAP,
99 not work with POP2, and may occasionally flake out under POP3.
102 Silent mode. Suppresses all progress/status messages that are normally
103 echoed to standard error during a fetch. The --verbose option
107 Verbose mode. All control messages passed between
109 and the mailserver are echoed to stderr. Overrides --silent.
114 Retrieve both old (seen) and new messages from the mailserver. The
115 default is to fetch only messages the server has not marked seen.
116 Note that POP2 retrieval behaves as though --all is always on (see
117 RETRIEVAL FAILURE MODES below) and this option does not work with ETRN.
121 Keep retrieved messages on the remote mailserver. Normally, messages
122 are deleted from the folder on the mailserver after they have been retrieved.
125 option causes retrieved messages to remain in your folder on the
126 mailserver. This option does not work with ETRN.
130 Delete retrieved messages from the remote mailserver. This
131 option forces retrieved mail to be deleted. It may be useful if
132 you have specified a default of \fBkeep\fR in your
133 \&\fI.fetchmailrc\fR. This option is forced on with ETRN.
136 POP3/IMAP only. Delete old (previously retrieved) messages from the mailserver
137 before retrieving new messages. This option does not work with ETRN.
138 Warning: if your local MTA hangs and fetchmail is aborted, the next
139 time you run fetchmail, it will delete mail that was never delivered to you.
140 What you probably want is the default setting: if you don't specify `-k', then
141 fetchmail will automatically delete messages after successful delivery.
142 .SS Protocol and Query Options
144 .B \-p, \--protocol proto
145 (Keyword: proto[col])
146 Specify the protocol to used when communicating with the remote
147 mailserver. If no protocol is specified,
149 will try each of the supported protocols in turn, terminating after
150 any successful attempt.
152 may be one of the following:
155 Post Office Protocol 2
157 Post Office Protocol 3
159 Use POP3 with MD5 authentication.
161 Use POP3 with RPOP authentication.
163 Use POP3 with Kerberos V4 authentication on port 1109.
165 IMAP2bis, IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities).
167 IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities)
168 with RFC 1731 Kerberos v4 authentication.
170 IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities)
171 with RFC 1731 GSSAPI authentication.
173 Use the ESMTP ETRN option.
175 All these alternatives work in basically the same way (communicating
176 with standard server daemons to fetch mail already delivered to a
177 mailbox on the server) except ETRN. The ETRN mode allows you to ask a
178 compliant ESMTP server (such as BSD sendmail at release 8.8.0 or
179 higher) to immediately open a sender-SMTP connection to your
180 client machine and begin forwarding any items addressed to your client
181 machine in the server's queue of undelivered mail.
185 Force UIDL use (effective only with POP3). Force client-side tracking
186 of `newness' of messages (UIDL stands for ``unique ID listing'' and is
187 described in RFC1725). Use with `keep' to use a mailbox as a baby
188 news drop for a group of users.
192 The option permits you to specify a TCP/IP port to connect on.
193 This option will seldom be necessary as all the supported protocols have
194 well-established default port numbers.
196 .B \-r folder, --folder folder
198 Causes a specified non-default mail folder on the mailserver (or
199 comma-separated list of folders) to be retrieved. The syntax of the
200 folder name is server-dependent. This option is not available under
202 .SS Delivery Control Options
204 .B \-S host, --smtphost host
205 (Keyword: smtp[host])
206 Specify a hunt list of hosts to forward mail to (one or more
207 hostnames, comma-separated). In ETRN mode, set the host that the
208 mailserver is asked to ship mail to. Hosts are tried in list order;
209 the first one that is up becomes the forwarding or ETRN target for the
210 current run. Each hostname may have a '/'-delimited suffix specifying
211 a port or service to forward to; the default is 25 (or "smtp" under
214 .B \-D domain, --smtpaddress domain
215 (Keyword: smtpaddress)
216 Specify the domain to be put in RCPT TO lines shipped to SMTP. The
217 name of the SMTP server (as specified by --smtphost, or defaulted to
218 "localhost") is used when this is not specified.
220 .B \-Z nnn, --antispam nnn
222 Specifies the numeric SMTP error that is to be interpreted as a
223 spam-block response from the listener. A value of -1 disables
228 You can force mail to be passed to an MDA directly (rather than
229 forwarded to port 25) with the -mda or -m option. If \fIfetchmail\fR
230 is running as root, it sets its userid to that of the target user
231 while delivering mail through an MDA. Some possible MDAs are
232 "/usr/sbin/sendmail -oem", "/usr/lib/sendmail -oem",
233 "/usr/bin/formail", and "/usr/bin/deliver". Local delivery addresses
234 will be inserted into the MDA command wherever you place a %T; the
235 mail message's From address will be inserted where you place an %F. Do
236 \fInot\fR use an MDA invocation like
237 "sendmail -oem -t" that dispatches on the contents of To/Cc/Bcc, it
238 will create mail loops and bring the just wrath of many postmasters
240 .SS Resource Limit Control Options
244 Takes a maximum octet size argument. Messages larger than this size
245 will not be fetched, not be marked seen, and will be left on the
246 server (in foreground sessions, the progress messages will note that
247 they are "oversized"). An explicit --limit of 0 overrides any limits set
248 in your run control file. This option is intended for those needing to
249 strictly control fetch time in interactive mode. It may not be used
250 with daemon mode, as users would never receive a notification that
251 messages were waiting. This option does not work with ETRN.
254 (Keyword: batchlimit)
255 Specify the maximum number of messages that will be shipped to an SMTP
256 listener before the connection is deliberately torn down and rebuilt
257 (defaults to 0, meaning no limit). An explicit --batchlimit of 0
258 overrides any limits set in your run control file. While
259 \fBsendmail\fR(8) normally initiates delivery of a message immediately
260 after receiving the message terminator, some SMTP listeners are not so
261 prompt. MTAs like \fIqmail\fR(8) and \fIsmail\fR(8) may wait till the
262 delivery socket is shut down to deliver. This may produce annoying
265 is processing very large batches. Setting the batch limit to some
266 nonzero size will prevent these delays.
267 This option does not work with ETRN.
270 (Keyword: fetchlimit)
271 Limit the number of messages accepted from a given server in a single
272 poll. By default there is no limit. An explicit --fetchlimit of 0
273 overrides any limits set in your run control file.
274 This option does not work with ETRN.
278 When talking to an IMAP server,
280 normally issues an EXPUNGE command after each deletion in order to
281 force the deletion to be done immediately. This is safest when your
282 connection to the server is flaky and expensive, as it avoids
283 resending duplicate mail after a line hit. However, on large
284 mailboxes the overhead of re-indexing after every message can slam the
285 server pretty hard, so if your connection is reliable it is good to do
286 expunges less frequently. If you specify this option to an integer N,
289 to only issue expunges on every Nth delete. An argument
290 of zero suppresses expunges entirely (so no expunges at all will be
291 done until the end of run).
292 This option does not work with ETRN, POP2, or POP3.
293 .SS Authentication Options
295 .B \-u name, --username name
296 (Keyword: user[name])
297 Specifies the user identification to be used when logging in to the mailserver.
298 The appropriate user identification is both server and user-dependent.
299 The default is your login name on the client machine that is running
301 See USER AUTHENTICATION below for a complete description.
303 .B \-I specification, --interface specification
305 Require that a specific interface device be up and have a specific local
306 IP address (or range) before polling. Frequently
308 is used over a transient point-to-point TCP/IP link established directly
309 to a mailserver via SLIP or PPP. That is a relatively secure channel.
310 But when other TCP/IP routes to the mailserver exist (e.g. when the link
311 is connected to an alternate ISP), your username and password may be
312 vulnerable to snooping (especially when daemon mode automatically polls
313 for mail, shipping a clear password over the net at predictable
314 intervals). The --interface option may be used to prevent this. When
315 the specified link is not up or is not connected to a matching IP
316 address, polling will be skipped. The format is:
318 interface/iii.iii.iii.iii/mmm.mmm.mmm.mmm
320 The field before the first slash is the interface name (i.e. sl0, ppp0
321 etc.). The field before the second slash is the acceptable IP address.
322 The field after the second slash is a mask which specifies a range of
323 IP addresses to accept. If no mask is present 255.255.255.255 is
324 assumed (i.e. an exact match). This option is currently only supported
327 .B \-M interface, --monitor interface
329 Daemon mode can cause transient links which are automatically taken down
330 after a period of inactivity (e.g. PPP links) to remain up
331 indefinitely. This option identifies a system TCP/IP interface to be
332 monitored for activity. After each poll interval, if the link is up but
333 no other activity has occurred on the link, then the poll will be
334 skipped. This option is currently only supported under Linux.
337 (Keyword: auth[enticate])
338 This option permits you to specify a preauthentication type (see USER
339 AUTHENTICATION below for details). The possible values are
340 \&`\fBpassword\fR', `\fBkerberos_v5\fR' and `\fBkerberos\fR' (or, for
341 excruciating exactness, `\fBkerberos_v4\fR'). This option is provided
342 primarily for developers; choosing KPOP protocol automatically selects
343 Kerberos preauthentication, and all other alternatives use password
344 authentication (though APOP uses a generated one-time key as the
345 password and IMAP-K4 uses RFC1731 Kerberos v4 authentication). This
346 option does not work with ETRN.
347 .SS Miscellaneous Options
349 .B \-f pathname, --fetchmailrc pathname
350 Specify a non-default name for the
352 run control file. Unless the --version option is also on, the file must have
353 permissions no more open than 0600 (u=rw,g=,o=) or else be /dev/null.
355 .B \-i pathname, --idfile pathname
356 Specify an alternate name for the .fetchids file used to save POP3
360 (Keyword: no rewrite)
363 edits RFC-822 address headers (To, From, Cc, Bcc, and Reply-To) in
364 fetched mail so that any mail IDs local to the server are expanded to
365 full addresses (@ and the mailserver hostname are appended). This enables
366 replies on the client to get addressed correctly (otherwise your
367 mailer might think they should be addressed to local users on the
368 client machine!). This option disables the rewrite. (This option is
369 provided to pacify people who are paranoid about having an MTA edit
370 mail headers and want to know they can prevent it, but it is generally
371 not a good idea to actually turn off rewrite.)
372 When using ETRN, the rewrite option is ineffective.
376 This option changes the header
378 assumes will carry a copy of the mail's envelope address. Normally
379 this is `X-Envelope-To' but as this header is not standard, practice
380 varies. See the discussion of multidrop address handling below. As a
381 special case, `envelope "Received"' enables parsing of sendmail-style
382 Received lines. This is the default, and it should not be necessary
383 unless you have globally disabled Received parsing with `no envelope'
384 in the \fI.fetchmailrc\fR file.
388 The string assigned to this option will be removed from the user
389 name found in the header specified with the \fIenvelope\fR option.
390 This option is useful if you are using
392 to collect the mail for an entire domain and your ISP (or your mail
393 redirection provider) is using qmail.
394 One of the basic features of qmail is the
398 message header. Whenever qmail delivers a message to a local mailbox
399 it puts the username and hostname of the envelope recipient on this
400 line. The major reason for this is to prevent mail loops. To set up
401 qmail to batch mail for a disconnected site the ISP-mailhost will have
402 normally put that site in its `Virtualhosts' control file so it will
403 add a prefix to all mail addresses for this site. This results in mail
404 sent to 'username@userhost.userdom.dom.com' having a
405 \&`Delivered-To:' line of the form:
407 Delivered-To: mbox-userstr-username@userhost.userdom.dom.com
409 The ISP can make the 'mbox-userstr-' prefix anything they choose
410 but a string matching the user host name is likely.
411 By using the option `envelope Delivered-To:' you can make fetchmail reliably
412 identify the original envelope recipient, but you have to strip the
413 `mbox-userstr-' prefix to deliver to the correct user.
414 This is what this option is for.
416 .SH USER AUTHENTICATION AND ENCRYPTION
417 Every mode except ETRN requires authentication of the client.
418 Normal user authentication in
420 is very much like the authentication mechanism of
422 The correct user-id and password depend upon the underlying security
423 system at the mailserver.
425 If the mailserver is a Unix machine on which you have an ordinary user
426 account, your regular login name and password are used with
428 If you use the same login name on both the server and the client machines,
429 you needn't worry about specifying a user-id with the
432 the default behavior is to use your login name on the client machine as the
433 user-id on the server machine. If you use a different login name
434 on the server machine, specify that login name with the
436 option. e.g. if your login name is 'jsmith' on a machine named 'mailgrunt',
441 fetchmail -u jsmith mailgrunt
443 The default behavior of
445 is to prompt you for your mailserver password before the connection is
446 established. This is the safest way to use
448 and ensures that your password will not be compromised. You may also specify
449 your password in your
451 file. This is convenient when using
453 in daemon mode or with scripts.
455 If you do not specify a password, and
457 cannot extract one from your
459 file, it will look for a
461 file in your home directory before requesting one interactively; if an
462 entry matching the mailserver is found in that file, the password will
465 man page for details of the syntax of the
467 file. (This feature may allow you to avoid duplicating password
468 information in more than one file.)
470 On mailservers that do not provide ordinary user accounts, your user-id and
471 password are usually assigned by the server administrator when you apply for
472 a mailbox on the server. Contact your server administrator if you don't know
473 the correct user-id and password for your mailbox account.
475 Early versions of POP3 (RFC1081, RFC1225) supported a crude form of
476 independent authentication using the
478 file on the mailserver side. Under this RPOP variant, a fixed
479 per-user ID equivalent to a password was sent in clear over a link to
480 a reserved port, with the command RPOP rather than PASS to alert the
481 server that it should do special checking. RPOP is supported
484 (you can specify `protocol RPOP' to have the program send `RPOP'
485 rather than `PASS') but its use is strongly discouraged. This
486 facility was vulnerable to spoofing and was withdrawn in RFC1460.
488 RFC1460 introduced APOP authentication. In this variant of POP3,
489 you register an APOP password on your server host (the program
490 to do this with on the server is probably called \fIpopauth\fR(8)). You
491 put the same password in your
495 logs in, it sends a cryptographically secure hash of your password and
496 the server greeting time to the server, which can verify it by
497 checking its authorization database.
499 If your \fIfetchmail\fR was built with Kerberos support and you specify
500 Kerberos preauthentication (either with --auth or the \fI.fetchmailrc\fR
501 option \fBauthenticate kerberos_v4\fR) it will try to get a Kerberos
502 ticket from the mailserver at the start of each query.
504 If you use IMAP-K4, \fIfetchmail\fR will expect the IMAP server to have
505 RFC1731-conformant AUTHENTICATE KERBEROS_V4 capability, and will use it.
507 If you use IMAP-GSS, \fIfetchmail\fR will expect the IMAP server to have
508 RFC1731-conformant AUTHENTICATE GSSAPI capability, and will use it.
509 Currently this has only been tested over Kerberos V, so you're expected
510 to already have a ticket-granting ticket. You may pass a username different
511 from your principal name using the standard \fB--user\fR command or by
512 the \fI.fetchmailrc\fR option \fBuser\fR.
514 If you are using POP3, and the server issues a one-time-password
515 challenge conforming to RFC1938, \fIfetchmail\fR will use your
516 password as a pass phrase to generate the required response. This
517 avoids sending secrets over the net unencrypted.
519 Compuserve's RPA authentication (similar to APOP) is supported. If
520 you are using POP3, and the RPA code has been compiled into your
521 binary, and you query a server in the Compuserve csi.com domain,
522 \fIfetchmail\fR will try to perform an RPA pass-phrase authentication
523 instead of sending over the password en clair.
525 If you are using IPsec, the -T (--netsec) option can be used to pass
526 an IP security request to be used when outgoing IP connections are
527 initialized. You can also do this using the `netsec' server option
528 in the .fetchmailrc file. In either case, the option value is a
529 string in the format accepted by the net_security_strtorequest()
530 function of the inet6_apps library.
539 in daemon mode. You must specify a numeric argument which is a
540 polling interval in seconds.
544 puts itself in background and runs forever, querying each specified
545 host and then sleeping for the given polling interval.
551 will, therefore, poll all the hosts described in your
553 file (except those explicitly excluded with the `skip' verb) once
554 every fifteen minutes.
556 It is possible to set a polling interval
559 file by saying `set daemon <interval>', where <interval> is an
560 integer number of seconds. If you do this, fetchmail will always
561 start in daemon mode unless you override it with the command-line
562 option --daemon 0 or -d0.
564 Only one daemon process is permitted per user; in daemon mode,
566 makes a per-user lockfile to guarantee this.
568 Normally, calling fetchmail with a daemon in the background sends a
569 wakeup signal to the daemon, forcing it to poll mailservers
570 immediately. (The wakeup signal is SIGHUP if fetchmail is running as
571 root, SIGUSR1 otherwise.)
575 will kill a running daemon process instead of waking it up (if there
578 notifies you). If the --quit option is the only command-line option,
579 that's all there is to it.
581 The quit option may also be mixed with other command-line options; its
582 effect is to kill any running daemon before doing what the other
583 options specify in combination with the rc file.
589 option (keyword: timeout) allows you to set a server-nonresponse
590 timeout in seconds. If a mailserver does not send a greeting message
591 or respond to commands for the given number of seconds,
592 \fIfetchmail\fR will hang up on it. Without such a timeout
593 \fIfetchmail\fR might hang up indefinitely trying to fetch mail from a
594 down host. This would be particularly annoying for a \fIfetchmail\fR
595 running in background. There is a default timeout which fetchmail -V
602 option (keyword: set logfile) allows you to redirect status messages
603 emitted while detached into a specified logfile (follow the
604 option with the logfile name). The logfile is opened for append, so
605 previous messages aren't deleted. This is primarily useful for
606 debugging configurations.
610 option (keyword: syslog) allows you to redirect status and error
611 messages emitted to the
613 system daemon if available.
614 Messages are logged with an id of \fBfetchmail\fR, the facility \fBLOG_MAIL\fR,
615 and priorities \fBLOG_ERR\fR, \fBLOG_ALERT\fR or \fBLOG_INFO\fR.
616 This option is intended for logging status and error messages which
617 indicate the status of the daemon and the results while fetching mail
619 Error messages for command line options and parsing the \fI.fetchmailrc\fR
620 file are still written to stderr, or the specified log file if the
628 option tries to make fetchmail invisible. Normally, fetchmail behaves
629 like any other MTA would -- it generates a Received header into each
630 message describing its place in the chain of transmission, and tells
631 the MTA it forwards to that the mail came from the machine fetchmail
632 itself is running on. If the invisible option is on, the Received
633 header is suppressed and fetchmail tries to spoof the MTA it forwards
634 to into thinking it came directly from the mailserver host.
638 or --nodetach option suppresses backgrounding and detachment of the
639 daemon process from its control terminal. This is primarily useful
640 for debugging. Note that this also causes the logfile option to be
641 ignored (though perhaps it shouldn't).
643 Note that while running in daemon mode polling a POP2 or POP3 server,
644 transient errors (such as DNS failures or sendmail delivery refusals)
645 may force the fetchall option on for the duration of the next polling
646 cycle. This is a robustness feature. It means that if a message is
647 fetched (and thus marked seen by the mailserver) but not delivered
648 locally due to some transient error, it will be re-fetched during the
649 next poll cycle. (The IMAP logic doesn't delete messages until
650 they're delivered, so this problem does not arise.)
652 .SH RETRIEVAL FAILURE MODES
653 The protocols \fIfetchmail\fR uses to talk to mailservers are next to
654 bulletproof. In normal operation forwarding to port 25, no message is
655 ever deleted (or even marked for deletion) on the host until the SMTP
656 listener on the client has acknowledged to \fIfetchmail\fR that the
657 message has been accepted for delivery. When forwarding to an MDA,
658 however, there is more possibility of error (because there's no way
659 for fetchmail to get a reliable positive acknowledgement from the MDA).
661 The normal mode of \fIfetchmail\fR is to try to download only `new'
662 messages, leaving untouched (and undeleted) messages you have already
663 read directly on the server (or fetched with a previous \fIfetchmail
664 --keep\fR). But you may find that messages you've already read on the
665 server are being fetched (and deleted) even when you don't specify
666 --all. There are several reasons this can happen.
668 One could be that you're using POP2. The POP2 protocol includes no
669 representation of `new' or `old' state in messages, so \fIfetchmail\fR
670 must treat all messages as new all the time. But POP2 is obsolete, so
673 Under POP3, blame RFC1725. That version of the POP3 protocol
674 specification removed the LAST command, and some POP servers follow it
675 (you can verify this by invoking \fIfetchmail -v\fR to the mailserver
676 and watching the response to LAST early in the query). The
677 \fIfetchmail\fR code tries to compensate by using POP3's UID feature,
678 storing the identifiers of messages seen in each session until the
679 next session, in the \fI.fetchids\fR file. But this doesn't track
680 messages seen with other clients, or read directly with a mailer on
681 the host but not deleted afterward. A better solution would be to
684 Another potential POP3 problem might be servers that insert messages
685 in the middle of mailboxes (some VMS implementations of mail are
686 rumored to do this). The \fIfetchmail\fR code assumes that new
687 messages are appended to the end of the mailbox; when this is not true
688 it may treat some old messages as new and vice versa. The only
689 real fix for this problem is to switch to IMAP.
691 The IMAP code uses the presence or absence of the server flag \eSeen
692 to decide whether or not a message is new. Under Unix, it counts on
693 your IMAP server to notice the BSD-style Status flags set by mail user
694 agents and set the \eSeen flag from them when appropriate. All Unix
695 IMAP servers we know of do this, though it's not specified by the IMAP
696 RFCs. If you ever trip over a server that doesn't, the symptom will
697 be that messages you have already read on your host will look new to
698 the server. In this (unlikely) case, only messages you fetched with
699 \fIfetchmail --keep\fR will be both undeleted and marked old.
701 In ETRN mode, \fIfetchmail\fR does not actually retrieve messages;
702 instead, it asks the server's SMTP listener to start a queue flush
703 to the client via SMTP. Therefore it sends only undelivered messages.
706 Many SMTP listeners allow administrators to set up `spam filters' that
707 block unsolicited email from specified domains. A MAIL FROM line that
708 triggers this feature will elicit an SMTP response which
709 (unfortunately) varies according to the listener.
713 return an error code of 571. This return value
714 is blessed by RFC1893 as "Delivery not authorized, message refused".
716 According to current drafts of the replacement for RFC821, the correct
717 thing to return in this situation is 550 "Requested action not taken:
718 mailbox unavailable" (the draft adds "[E.g., mailbox not found, no
719 access, or command rejected for policy reasons].").
723 MTA returns 501 "Syntax error in parameters or arguments" , but will
728 code recognizes and discards the message on a code that defaults to
729 sendmail's 571 but can be set with the `antispam' option. This is the
731 circumstance under which fetchmail ever discards mail.
735 is fetching from an IMAP server, the antispam response will be detected and
736 the message rejected immediately after the headers have been fetched,
737 without reading the message body. Thus, you won't pay for downloading
740 .SH THE RUN CONTROL FILE
741 The preferred way to set up fetchmail is to write a
742 \&\fI.fetchmailrc\fR file in your home directory. When there is a
743 conflict between the command-line arguments and the arguments in this
744 file, the command-line arguments take precedence.
746 To protect the security of your passwords, when --version is not on
747 your \fI~/.fetchmailrc\fR may not have more than 0600 (u=rw,g=,o=) permissions;
749 will complain and exit otherwise.
751 You may read the \fI.fetchmailrc\fR file as a list of commands to
754 is called with no arguments.
755 .SS Run Control Syntax
757 Comments begin with a '#' and extend through the end of the line.
758 Otherwise the file consists of a series of server entries or global
759 option statements in a free-format, token-oriented syntax.
761 There are four kinds of tokens: grammar keywords, numbers
762 (i.e. decimal digit sequences), unquoted strings, and quoted strings.
763 A quoted string is bounded by double quotes and may contain
764 whitespace (and quoted digits are treated as a string). An unquoted
765 string is any whitespace-delimited token that is neither numeric, string
766 quoted nor contains the special characters `,', `;', `:', or `='.
768 Any amount of whitespace separates tokens in server entries, but is
769 otherwise ignored. You may use standard C-style escapes (\en, \et,
770 \eb, octal, and hex) to embed non-printable characters or string
771 delimiters in strings.
773 Each server entry consists of one of the keywords `poll' or `skip',
774 followed by a server name, followed by server options, followed by any
775 number of user descriptions. Note: the most common cause of syntax
776 errors is mixing up user and server options.
778 For backward compatibility, the word `server' is a synonym for `poll'.
780 You can use the noise keywords `and', `with',
781 \&`has', `wants', and `options' anywhere in an entry to make
782 it resemble English. They're ignored, but but can make entries much
783 easier to read at a glance. The punctuation characters ':', ';' and
784 \&',' are also ignored.
787 The `poll' verb tells fetchmail to query this host when it is run with
788 no arguments. The `skip' verb tells
790 not to poll this host unless it is explicitly named on the command
791 line. (The `skip' verb allows you to experiment with test entries
792 safely, or easily disable entries for hosts that are temporarily down.)
794 .SS Keyword/Option Summary
795 Here are the legal server options. Keyword suffixes enclosed in
796 square brackets are optional. Those corresponding to command-line
797 options are followed by `-' and the appropriate option letter.
804 Specify DNS name of mailserver, overriding poll name
807 Specify protocol (case insensitive):
808 POP2, POP3, IMAP, IMAP-K4, IMAP-GSS, APOP, KPOP
811 Specify TCP/IP service port
814 Set preauthentication type (default `password')
817 Server inactivity timout in seconds (default 300)
820 Specify envelope-address header name
823 Disable looking for envelope address
826 Qmail virtual domain prefix to remove from user name
829 Specify alternate DNS names of mailserver
832 specify IP interface(s) that must be up for server poll to take place
835 Specify IP address to monitor for activity
838 Enable DNS lookup for multidrop (default)
841 Disable DNS lookup for multidrop
844 Force POP3 to use client-side UIDLs
847 Turn off POP3 use of client-side UIDLs (default)
851 Here are the legal user options:
859 (local user name if name followed by `here')
862 Connect local and remote user names
865 Connect local and remote user names
868 Specify remote account password
871 Specify remote folder to query
874 Specify smtp host(s) to forward to
877 Specify the domain to be put in RCPT TO lines
880 Specify what SMTP return is interpreted as a spam-policy block
883 Specify MDA for local delivery
886 Command to be executed before each connection
889 Command to be executed after each connection
892 Don't delete seen messages from server
895 Flush all seen messages before querying
898 Fetch all messages whether seen or not
901 Rewrite destination addresses for reply (default)
904 Strip carriage returns from ends of lines
907 Force carriage returns at ends of lines
910 Force BODY=8BITMIME to ESMTP listener
913 Strip Status and X-Mozilla-Status lines out of incoming mail
916 Convert quoted-printable to 8-bit in MIME messages (default)
919 Delete seen messages from server (default)
922 Don't flush all seen messages before querying (default)
925 Retrieve only new messages (default)
928 Don't rewrite headers
931 Don't strip carriage returns (default)
934 Don't force carriage returns at EOL (default)
937 Don't force BODY=8BITMIME to ESMTP listener (default)
940 Don't drop Status headers (default)
943 Don't convert quoted-printable to 8-bit in MIME messages
946 Set message size limit
949 Max # messages to fetch in single connect
952 Max # messages to forward in single connect
955 Perform an expunge on every #th message (IMAP only)
958 Do error logging through syslog(3).
962 Remember that all user options must \fIfollow\fR all server options.
964 In the .fetchmailrc file, the `envelope' string argument may be
965 preceded by a whitespace-separated number. This number, if specified,
966 is the number of such headers to skip (that is, an argument of 1
967 selects the second header of the given type). This is sometime useful
968 for ignoring bogus Received headers created by an ISP's local delivery
970 .SS Keywords Not Corresponding To Option Switches
972 The `folder' and `smtphost' options (unlike their command-line
973 equivalents) can take a space- or comma-separated list of names
976 All options correspond to the obvious command-line arguments, except
977 the following: `via', `interval', `aka', `is', `to', `dns'/`no dns',
978 \&`password', \&`preconnect', \&`postconnect', `localdomains',
979 \&`stripcr'/`no stripcr', \&`forcecr'/`no forcecr', `pass8bits'/`no
980 pass8bits' `dropstatus/no dropstatus', `mimedecode/no mimedecode',
983 The `via' option is for use with ssh, or if you want to have more
984 than one configuration pointing at the same site. If it is present,
985 the string argument will be taken as the actual DNS name of the
986 mailserver host to query.
987 This will override the argument of poll, which can then simply be a
988 distinct label for the configuration (e.g. what you would give on the
989 command line to explicitly query this host).
990 If the `via' name is `localhost', the poll name will also still be
991 used as a possible match in multidrop mode; otherwise the `via' name
992 will be used instead and the poll name will be purely a label.
994 The `interval' option (which takes a numeric argument) allows you to poll a
995 server less frequently than the basic poll interval. If you say
996 \&`interval N' the server this option is attached to will only be
997 queried every N poll intervals.
999 The `is' or `to' keywords associate the following local (client)
1000 name(s) (or server-name to client-name mappings separated by =) with
1001 the mailserver user name in the entry. If an is/to list has `*' as
1002 its last name, unrecognized names are simply passed through.
1004 A single local name can be used to support redirecting your mail when
1005 your username on the client machine is different from your name on the
1006 mailserver. When there is only a single local name, mail is forwarded
1007 to that local username regardless of the message's Received, To, Cc,
1008 and Bcc headers. In this case
1010 never does DNS lookups.
1012 When there is more than one local name (or name mapping) the
1013 \fIfetchmail\fR code does look at the Received, To, Cc, and Bcc
1014 headers of retrieved mail (this is `multidrop mode'). It looks for
1015 addresses with hostname parts that match your poll name or your `via',
1016 `aka' or `localdomains' options, and usually also for hostname parts
1017 which DNS tells it are aliases of the mailserver. See the discussion
1018 of `dns', `localdomains', and `aka' for details on how matching
1019 addresses are handled. If \fIfetchmail\fR cannot match any mailserver
1020 usernames or localdomain addresses, the default recipient is the
1021 calling user (as set by the USER or LOGNAME variable in the
1022 environment; you could use this to redirect to an alias like postmaster).
1024 The `dns' option (normally on) controls the way addresses from
1025 multidrop mailboxes are checked. On, it enables logic to check each
1026 host address that doesn't match an `aka' or `localdomains' declaration
1027 by looking it up with DNS. When a mailserver username is recognized
1028 attached to a matching hostname part, its local mapping is added to
1029 the list of local recipients.
1031 The `aka' option is for use with multidrop mailboxes. It allows you
1032 to pre-declare a list of DNS aliases for a server. This is an
1033 optimization hack that allows you to trade space for speed. When
1035 while processing a multidrop mailbox, grovels through message headers
1036 looking for names of the mailserver, pre-declaring common ones can
1037 save it from having to do DNS lookups.
1039 The `localdomains' option allows you to declare a list of domains
1040 which fetchmail should consider local. When fetchmail is parsing
1041 address lines in multidrop modes, and a trailing segment of a host
1042 name matches a declared local domain, that address is passed through
1043 to the listener or MDA unaltered (local-name mappings are \fInot\fR
1046 If you are using `localdomains', you may also need to specify \&`no
1047 envelope', which disables \fIfetchmail\fR's normal attempt to deduce
1048 an envelope address from the Received line or X-Envelope-To header or
1049 whatever header has been previously set by `envelope'. If you set `no
1050 envelope' in the defaults entry it is possible to undo that in
1051 individual entries by using `envelope <string>'. As a special case,
1052 \&`envelope "Received"' restores the default parsing of
1055 The \fBpassword\fR option requires a string argument, which is the password
1056 to be used with the entry's server.
1058 The `preconnect' keyword allows you to specify a shell command to be
1059 executed just before each time
1061 establishes a mailserver connection. This may be useful if you are
1062 attempting to set up secure POP connections with the aid of
1064 If the command returns a nonzero status, the poll of that mailserver
1067 Similarly, the `postconnect' keyword similarly allows you to specify a
1068 shell command to be executed just after each time a mailserver
1069 connection is taken down.
1071 The `forcecr' option controls whether lines terminated by LF only are
1072 given CRLF termination before forwarding. Strictly speaking RFC821
1073 requires this, but few MTAs enforce the requirement it so this option
1074 is normally off (only one such MTA, qmail, is in significant use at
1077 The `stripcr' option controls whether carriage returns are stripped
1078 out of retrieved mail before it is forwarded. It is normally not
1079 necessary to set this, because it defaults to `on' (CR stripping
1080 enabled) when there is an MDA declared but `off' (CR stripping
1081 disabled) when forwarding is via SMTP. If `stripcr' and `forcecr' are
1082 both on, `stripcr' will override.
1084 The `pass8bits' option exists to cope with Microsoft mail programs that
1085 stupidly slap a "Content-Transfer-Encoding: 7bit" on everything. With
1086 this option off (the default) and such a header present,
1088 declares BODY=7BIT to an ESMTP-capable listener; this causes problems for
1089 messages actually using 8-bit ISO or KOI-8 character sets, which will
1090 be garbled by having the high bits of all characters stripped. If
1091 \&`pass8bits' is on,
1093 is forced to declare BODY=8BITMIME to any ESMTP-capable listener. If
1094 the listener is 8-bit-clean (as all the major ones now are) the right
1095 thing will probably result.
1097 The `dropstatus' option controls whether nonempty Status and
1098 X-Mozilla-Status lines are retained in fetched mail (the default) or
1099 discarded. Retaining them allows your MUA to see what messages (if
1100 any) were marked seen on the server. On the other hand, it can
1101 confuse some new-mail notifiers, which assume that anything with a
1102 Status line in it has been seen. (Note: the empty Status lines
1103 inserted by some buggy POP servers are unconditionally discarded.)
1105 The `mimedecode' option controls whether MIME messages using the
1106 quoted-printable encoding are automatically converted into pure
1107 8-bit data. If you are delivering mail to an ESMTP-capable,
1108 8-bit-clean listener (that includes all of the major programs
1109 like sendmail), then this will automatically convert quoted-printable
1110 message headers and data into 8-bit data, making it easier to
1111 understand when reading mail. If your e-mail programs know how to
1112 deal with MIME messages, then this option is not needed.
1114 .SS Miscellaneous Run Control Options
1115 The words `here' and `there' have useful English-like
1116 significance. Normally `user eric is esr' would mean that
1117 mail for the remote user `eric' is to be delivered to `esr',
1118 but you can make this clearer by saying `user eric there is esr here',
1119 or reverse it by saying `user esr here is eric there'
1121 Legal protocol identifiers for use with the `protocol' keyword are:
1127 imap-k4 (or IMAP-K4)
1128 imap-gss (or IMAP-GSS)
1133 Legal authentication types are `password' or `kerberos'. The former
1134 specifies authentication by normal transmission of a password (the
1135 password may be plaintext or subject to protocol-specific encryption
1136 as in APOP); the second tells \fIfetchmail\fR to try to get a Kerberos
1137 ticket at the start of each query instead, and send an arbitrary
1138 string as the password.
1140 Specifying `kpop' sets POP3 protocol over port 1109 with Kerberos V4
1141 preauthentication. These defaults may be overridden by later options.
1143 There are currently three global option statements; `set logfile'
1144 followed by a string sets the same global specified by --logfile. A
1145 command-line --logfile option will override this. Also, `set daemon'
1146 sets the poll interval as --daemon does. This can be overridden by
1147 a command-line --daemon option; in particular --daemon 0 can be used
1148 to force foreground operation. Finally, `set syslog' sends log
1149 messages to syslogd(8).
1151 .SH INTERACTION WITH RFC 822
1152 When trying to detertmine the originating address of a message,
1153 fetchmail looks through headers in the following order:
1163 The originating address is used for logging, and to set the MAIL FROM
1164 address when forwarding to SMTP. This order is intended to cope
1165 gracefully with receiving mailing list messages in multidrop mode. The
1166 intent is that if a local address doesn't exist, the bounce message
1167 won't be returned blindly to the author or to the list itself, but
1168 rather to the list manager (which is less annoying).
1170 In multidrop mode, destination headers are processed as follows:
1171 First, fetchmail looks for the Received: header (or whichever one is
1172 specified by the `envelope' option) to determine the local
1173 recipient adress. If the mail is addressed to more than one recipient,
1174 the Received line won't contain any information regarding recipient adresses.
1176 Then fetchmail looks for the Resent-To:, Resent-Cc:, and Resent-Bcc:
1177 lines. If they exists, they should contain the final recipients and
1178 have precedence over their To:/Cc:/Bcc: counterparts. If the Resent-*
1179 lines doesn't exist, the To:, Cc:, Bcc: and Apparently-To: lines are
1180 looked for. (The presence of a Resent-To: is taken to impluy that the
1181 person referred by the To: address has already received the original
1184 .SH CONFIGURATION EXAMPLES
1188 poll SERVERNAME protocol PROTOCOL username NAME password PASSWORD
1194 poll pop.provider.net protocol pop3 username jsmith password secret1
1197 Or, using some abbreviations:
1200 poll pop.provider.net proto pop3 user jsmith password secret1
1203 Multiple servers may be listed:
1206 poll pop.provider.net proto pop3 user jsmith pass secret1
1207 poll other.provider.net proto pop2 user John.Smith pass My^Hat
1210 Here's a version of those two with more whitespace and some noise words:
1213 poll pop.provider.net proto pop3
1214 user jsmith, with password secret1, is jsmith here;
1215 poll other.provider.net proto pop2:
1216 user John.Smith, with password My^Hat, is John.Smith here;
1219 This version is much easier to read and doesn't cost significantly
1220 more (parsing is done only once, at startup time).
1223 If you need to include whitespace in a parameter string, enclose the
1224 string in double quotes. Thus:
1227 poll mail.provider.net with proto pop3:
1228 user jsmith there has password "u can't krak this"
1229 is jws here and wants mda "/bin/mail"
1232 You may have an initial server description headed by the keyword
1233 `defaults' instead of `poll' followed by a name. Such a record
1234 is interpreted as defaults for all queries to use. It may be overwritten
1235 by individual server descriptions. So, you could write:
1240 poll pop.provider.net
1242 poll mail.provider.net
1243 user jjsmith there has password secret2
1246 It's possible to specify more than one user per server (this is only
1247 likely to be useful when running fetchmail in daemon mode as root).
1248 The `user' keyword leads off a user description, and every user specification
1249 in a multi-user entry must include it. Here's an example:
1252 poll pop.provider.net proto pop3 port 3111
1253 user jsmith with pass secret1 is smith here
1254 user jones with pass secret2 is jjones here
1257 This associates the local username `smith' with the pop.provider.net
1258 username `jsmith' and the local username `jjones' with the
1259 pop.provider.net username `jones'.
1261 Here's what a simple retrieval configuration for a multi-drop mailbox
1265 poll pop.provider.net:
1266 user maildrop with pass secret1 to golux hurkle=happy snark here
1269 This says that the mailbox of account `maildrop' on the server is a
1270 multi-drop box, and that messages in it should be parsed for the
1271 server user names `golux', `hurkle', and `snark'. It further
1272 specifies that `golux' and `snark' have the same name on the
1273 client as on the server, but mail for server user `hurkle' should be
1274 delivered to client user `happy'.
1276 Here's an example of another kind of multidrop connection:
1279 poll pop.provider.net localdomains loonytoons.org:
1280 user maildrop with pass secret1 to esr * here
1283 This also says that the mailbox of account `maildrop' on the server is
1284 a multi-drop box. It tells fetchmail that any address in the
1285 loonytoons.org domain (including subdomain addresses like
1286 `joe@daffy.loonytoons.org') should be passed through to the local SMTP
1287 listener without modification. Be careful of mail loops if you do this!
1289 Here's an example configuration using ssh. The queries go through an
1290 ssh connecting local port 1234 to port 110 on mailhost.net; the
1291 preconnect command sets up the ssh.
1294 poll mailhost.net via localhost port 1234 with proto pop3:
1295 preconnect "ssh -f -L 1234:mailhost.net:110
1296 mailhost.net sleep 20 </dev/null >/dev/null";
1299 .SH THE USE AND ABUSE OF MULTIDROP MAILBOXES
1300 Use the multiple-local-recipients feature with caution -- it can bite.
1301 Also note that all multidrop features are ineffective in ETRN mode.
1303 .SS Header vs. Envelope addresses
1304 The fundamental problem is that by having your mailserver toss several
1305 peoples' mail in a single maildrop box, you may have thrown away
1306 potentially vital information about who each piece of mail was
1307 actually addressed to (the `envelope address', as opposed to the
1308 header addresses in the RFC822 To/Cc/Bcc headers). This `envelope
1309 address' is the address you need in order to reroute mail properly.
1313 can deduce the envelope address. If the mailserver MTA is
1315 and the item of mail had just one recipient, the MTA will have written
1316 a `by/for' clause that gives the envelope addressee into its Received
1317 header. But this doesn't work reliably for other MTAs, nor if there is
1318 more than one recipient. By default, \fIfetchmail\fR looks for
1319 envelope addresses in these lines; you can restore this default with
1320 -E "Received" or \&`envelope Received'.
1322 Alternatively, some SMTP listeners and/or mail servers insert a header
1323 in each message containing a copy of the envelope addresses. This
1324 header (when it exists) is often `X-Envelope-To'. Fetchmail's
1325 assumption about this can be changed with the -E or `envelope' option.
1326 Note that writing an envelope header of this kind exposes the names of
1327 recipients (including blind-copy recopients) to all receivers of the
1328 messages; it is therefore regarded by some administrators as a
1329 security/privacy problem.
1331 A slight variation of the `X-Envelope-To' header is the `Delivered-To' put
1332 by qmail to avoid mail loops. It will probably prefix the user name with a
1333 string that normally matches the user's domain. To remove this prefix you
1334 can use the -Q or `qvirtual' option.
1336 Sometimes, unfortunately, neither of these methods works. When they
1337 all fail, fetchmail must fall back on the contents of To/Cc/Bcc
1338 headers to try to determine recipient addressees -- and these are not
1339 reliable. In particular, mailing-list software often ships mail with
1340 only the list broadcast address in the To header.
1344 cannot deduce a recipient address that is local, and the intended
1345 recipient address was anyone other than fetchmail's invoking user,
1346 mail will get lost. This is what makes the multidrop feature risky.
1348 A related problem is that when you blind-copy a mail message, the Bcc
1349 information is carried \fIonly\fR as envelope address (it's not put
1350 in the headers fetchmail can see unless there is an X-Envelope
1351 header). Thus, blind-copying to someone who gets mail over a
1352 fetchmail link will fail unless the the mailserver host routinely
1353 writes X-Envelope or an equivalent header into messages in your maildrop.
1355 .SS Good Ways To Use Multidrop Mailboxes
1356 Multiple local names can be used to administer a mailing list from the
1357 client side of a \fIfetchmail\fR collection. Suppose your name is
1358 \&`esr', and you want to both pick up your own mail and maintain a mailing
1359 list called (say) "fetchmail-friends", and you want to keep the alias
1360 list on your client machine.
1362 On your server, you can alias \&`fetchmail-friends' to `esr'; then, in
1363 your \fI.fetchmailrc\fR, declare \&`to esr fetchmail-friends here'.
1364 Then, when mail including `fetchmail-friends' as a local address
1365 gets fetched, the list name will be appended to the list of
1366 recipients your SMTP listener sees. Therefore it will undergo alias
1367 expansion locally. Be sure to include `esr' in the local alias
1368 expansion of fetchmail-friends, or you'll never see mail sent only to
1369 the list. Also be sure that your listener has the "me-too" option set
1370 (sendmail's -oXm command-line option or OXm declaration) so your name
1371 isn't removed from alias expansions in messages you send.
1373 This trick is not without its problems, however. You'll begin to see
1374 this when a message comes in that is addressed only to a mailing list
1375 you do \fInot\fR have declared as a local name. Each such message
1376 will feature an `X-Fetchmail-Warning' header which is generated
1377 because fetchmail cannot find a valid local name in the recipient
1378 addresses. Such messages default (as was described above) to being
1379 sent to the local user running
1381 but the program has no way to know that that's actually the right thing.
1383 .SS Bad Ways To Abuse Multidrop Mailboxes
1384 Multidrop mailboxes and
1386 serving multiple users in daemon mode do not mix. The problem, again, is
1387 mail from mailing lists, which typically does not have an individual
1388 recipient address on it. Unless
1390 can deduce an envelope address, such mail will only go to the account
1391 running fetchmail (probably root). Also, blind-copied users are very
1392 likely never to see their mail at all.
1394 If you're tempted to use
1396 to retrieve mail for multiple users from a single mail drop via POP or
1397 IMAP, think again (and reread the section on header and envelope
1398 addresses above). It would be smarter to just let the mail sit in the
1399 mailserver's queue and use fetchmail's ETRN mode to trigger SMTP sends
1400 periodically (of course, this means you have to poll more frequently
1401 than the mailserver's expiry period). If you can't arrange this, try
1402 setting up a UUCP feed.
1404 If you absolutely \fImust\fR use multidrop for this purpose, make sure
1405 your mailserver writes an envelope-address header that fetchmail can
1406 see. Otherwise you \fIwill\fR lose mail and it \fIwill\fR come back
1409 .SS Speeding Up Multidrop Checking
1410 Normally, when multiple user are declared
1412 extracts recipient addresses as described above and checks each host
1413 part with DNS to see if it's an alias of the mailserver. If so, the
1414 name mappings described in the to ... here declaration are done and
1415 the mail locally delivered.
1417 This is the safest but also slowest method. To speed it up,
1418 pre-declare mailserver aliases with `aka'; these are checked before
1419 DNS lookups are done. If you're certain your aka list contains
1421 DNS aliases of the mailserver (and all MX names pointing at it)
1422 you can declare `no dns' to suppress DNS lookups entirely and
1423 \fIonly\fR match against the aka list.
1426 To facilitate the use of
1428 in shell scripts, an exit code is returned to give an indication
1429 of what occurred during a given connection.
1431 The exit codes returned by
1435 One or more messages were successfully retrieved.
1437 There was no mail awaiting retrieval. (There may have been old mail still
1438 on the server but not selected for retrieval.)
1440 An error was encountered when attempting to open a socket for the POP
1441 connection. If you don't know what a socket is, don't worry about it --
1442 just treat this as an 'unrecoverable error'.
1444 The user authentication step failed. This usually means that a bad
1445 user-id, password, or APOP id was specified.
1447 Some sort of fatal protocol error was detected.
1449 There was a syntax error in the arguments to
1452 The run control file had bad permissions.
1454 There was an error condition reported by the server. Can also
1457 timed out while waiting for the server.
1459 Client-side exclusion error. This means
1461 either found another copy of itself already running, or failed in such
1462 a way that it isn't sure whether another copy is running.
1464 The user authentication step failed because the server responded "lock
1465 busy". Try again after a brief pause! This error is not implemented
1466 for all protocols, nor for all servers. If not implemented for your
1467 server, "3" will be returned instead, see above. May be returned when
1468 talking to qpopper or other servers that can respond with "lock busy"
1469 or some similar text containing the word "lock".
1473 run failed while trying to do an SMTP port open or transaction.
1475 Fatal DNS error. Fetchmail encountered an error while performing
1476 a DNS lookup at startup and could not proceed.
1478 Internal error. You should see a message on standard error with
1483 queries more than one host, return status is 0 if \fIany\fR query
1484 successfully retrieved mail. Otherwise the returned error status is
1485 that of the last host queried.
1488 Eric S. Raymond <esr@snark.thyrsus.com>.
1489 This program is descended from and replaces
1491 by Carl Harris <ceharris@mal.com>; the internals are quite different,
1492 but some of its interface design is directly traceable to that
1498 default run control file
1501 default location of file associating hosts with last message IDs seen
1502 (used only with newer RFC1725-compliant POP3 servers supporting the
1506 your FTP run control file, which (if present) will be searched for
1507 passwords as a last resort before prompting for one interactively.
1510 lock file to help prevent concurrent runs (non-root mode).
1512 /var/run/fetchmail.pid
1513 lock file to help prevent concurrent runs (root mode, Linux systems).
1516 lock file to help prevent concurrent runs (root mode, systems without /var/run).
1519 For correct initialization,
1521 requires either that both the USER and HOME environment variables are
1522 correctly set, or that \fBgetpwuid\fR(3) be able to retrieve a password
1523 entry from your user ID.
1528 daemon is running as root, SIGHUP wakes it up from its sleep phase and
1529 forces a poll of all non-skipped servers (this is in accordance with
1530 the usual conventions for system daemons).
1534 is running in daemon mode as non-root, use SIGUSR1 to wake it (this is
1535 so SIGHUP due to logout can retain the default action of killing it).
1539 in foreground while a background fetchmail is running will do
1540 whichever of these is appropriate to wake it up.
1542 .SH BUGS AND KNOWN PROBLEMS
1543 The RFC822 address parser used in multidrop mode chokes on some
1544 @-addresses that are technically legal but bizarre. Strange uses of
1545 quoting and embedded comments are likely to confuse it.
1547 Use of any of the supported protocols other than POP3 with OTP or RPA, APOP,
1548 KPOP, IMAP-K4, IMAP-GSS, or ETRN requires that the program send unencrypted
1549 passwords over the TCP/IP connection to the mailserver. This creates
1550 a risk that name/password pairs might be snaffled with a packet
1551 sniffer or more sophisticated monitoring software. Under Linux, the
1552 --interface option can be used to restrict polling to availability of
1553 a specific interface device with a specific local IP address, but
1554 snooping is still possible if (a) either host has a network device
1555 that can be opened in promiscuous mode, or (b) the intervening network
1558 Use of the %F or %T escapes in an mda option could open a security
1559 hole, because they pass text manipulable by an attacker to a shell
1560 command. The hole is reduced by the fact that fetchmail temporarily
1561 discards any suid privileges it may have while running the MDA. To
1562 avoid potential problems, (1) enclose the %F and %T escapes in single
1563 quotes within the option, and (2) never use an mda command containing
1564 %F or %T when fetchmail is run from the root account itself.
1566 Send comments, bug reports, gripes, and the like to Eric S. Raymond
1567 <esr@thyrsus.com>. An HTML FAQ is available at the fetchmail home
1568 page; surf to http://www.ccil.org/~esr/fetchmail or do a WWW search
1569 for pages with `fetchmail' in their titles.
1572 elm(1), mail(1), sendmail(8), popd(8), imapd(8)
1573 .SH APPLICABLE STANDARDS
1576 RFC 821, RFC 1869, RFC 1652, RFC 1870, RFC1983, RFC 1985
1585 RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939
1588 RFC 1460, RFC 1725, RFC 1939
1597 RFC 1730, RFC 1731, RFC 1732, RFC 2060, RFC 2061