2 .\" ** The above line should force tbl to be used as a preprocessor **
4 .\" Man page for fetchmail
6 .\" For license terms, see the file COPYING in this directory.
9 fetchmail \- fetch mail from a POP, IMAP, or ETRN-capable server
12 \fBfetchmail\fR [\fIoptions\fR] [\fImailserver...\fR]
16 is a mail-retrieval and forwarding utility; it fetches
17 mail from remote mailservers and forwards it to your local (client)
18 machine's delivery system. You can then handle the retrieved mail
19 using normal mail user agents such as \fIelm\fR(1) or \fIMail\fR(1).
20 The \fBfetchmail\fR utility can be run in a daemon mode to repeatedly
21 poll one or more systems at a specified interval.
25 program can gather mail from servers supporting any of the common
26 mail-retrieval protocols: POP2, POP3, IMAP2bis, and IMAP4. It can
27 also use the ESMTP ETRN extension. (The RFCs describing all these
28 protocols are listed at the end of this document.)
32 is primarily intended to be used over on-demand TCP/IP links (such as
33 SLIP or PPP connections), it may also be useful as a message transfer
34 agent for sites which refuse for security reasons to permit
35 (sender-initiated) SMTP transactions with sendmail.
37 As each message is retrieved \fIfetchmail\fR normally delivers it via SMTP to
38 port 25 on the machine it is running on (localhost), just as though it
39 were being passed in over a normal TCP/IP link. The mail will then be
40 delivered locally via your system's MDA (Mail Delivery Agent, usually
41 \fIsendmail\fR(8) but your system may use a different one such
42 as \fIsmail\fR, \fImmdf\fR, or \fIqmail\fR). All the delivery-control
43 mechanisms (such as \fI.forward\fR files) normally available through
44 your system MDA and local delivery agents will therefore work.
48 is controlled by command-line options and a run control file,
49 \fI~/.fetchmailrc\fR, the syntax of which we describe below. Command-line
54 Each server name that you specify following the options on the
55 command line will be queried. If you don't specify any servers
56 on the command line, each server in your
60 To facilitate the use of
62 In scripts, pipelines, etc., it returns an appropriate exit code upon
63 termination -- see EXIT CODES below.
66 The following options modify the behavior of \fIfetchmail\fR. It is
67 seldom necessary to specify any of these once you have a
68 working \fI.fetchmailrc\fR file set up.
70 Almost all options have a corresponding keyword which can be used to
75 Some special options are not covered here, but are documented insttead
76 in sections on AUTHENTICATION and DAEMON MODE which follows.
80 Displays the version information for your copy of
82 No mail fetch is performed.
83 Instead, for each server specified, all option information
84 that would be computed if
86 were connecting to that server is displayed. Any non-printables in
87 passwords or other string names are shown as backslashed C-like
88 escape sequences. This option is useful for verifying that your
89 options are set the way you want them.
92 Return a status code to indicate whether there is mail waiting,
93 without actually fetching or deleting mail (see EXIT CODES below).
94 This option turns off daemon mode (in which it would be useless). It
95 doesn't play well with queries to multiple sites, and doesn't work
96 with ETRN. It will return a false positive if you leave read but
97 undeleted mail in your server mailbox and your fetch protocol can't
98 tell kept messages from new ones. This means it will work with IMAP,
99 not work with POP2, and may occasionally flake out under POP3.
102 Silent mode. Suppresses all progress/status messages that are normally
103 echoed to standard error during a fetch. The --verbose option
107 Verbose mode. All control messages passed between
109 and the mailserver are echoed to stderr. Overrides --silent.
114 Retrieve both old (seen) and new messages from the mailserver. The
115 default is to fetch only messages the server has not marked seen.
116 Note that POP2 retrieval behaves as though --all is always on (see
117 RETRIEVAL FAILURE MODES below) and this option does not work with ETRN.
121 Keep retrieved messages on the remote mailserver. Normally, messages
122 are deleted from the folder on the mailserver after they have been retrieved.
125 option causes retrieved messages to remain in your folder on the
126 mailserver. This option does not work with ETRN.
130 Delete retrieved messages from the remote mailserver. This
131 option forces retrieved mail to be deleted. It may be useful if
132 you have specified a default of \fBkeep\fR in your
133 \&\fI.fetchmailrc\fR. This option is forced on with ETRN.
136 POP3/IMAP only. Delete old (previously retrieved) messages from the mailserver
137 before retrieving new messages. This option does not work with ETRN.
138 Warning: if your local MTA hangs and fetchmail is aborted, the next
139 time you run fetchmail, it will delete mail that was never delivered to you.
140 What you probably want is the default setting: if you don't specify `-k', then
141 fetchmail will automatically delete messages after successful delivery.
142 .SS Protocol and Query Options
144 .B \-p, \--protocol proto
145 (Keyword: proto[col])
146 Specify the protocol to used when communicating with the remote
147 mailserver. If no protocol is specified,
149 will try each of the supported protocols in turn, terminating after
150 any successful attempt.
152 may be one of the following:
155 Post Office Protocol 2
157 Post Office Protocol 3
159 Use POP3 with MD5 authentication.
161 Use POP3 with RPOP authentication.
163 Use POP3 with Kerberos V4 authentication on port 1109.
165 IMAP2bis, IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities).
167 IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities)
168 with RFC 1731 Kerberos v4 authentication.
170 IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities)
171 with RFC 1731 GSSAPI authentication.
173 Use the ESMTP ETRN option.
175 All these alternatives work in basically the same way (communicating
176 with standard server daemons to fetch mail already delivered to a
177 mailbox on the server) except ETRN. The ETRN mode allows you to ask a
178 compliant ESMTP server (such as BSD sendmail at release 8.8.0 or
179 higher) to immediately open a sender-SMTP connection to your
180 client machine and begin forwarding any items addressed to your client
181 machine in the server's queue of undelivered mail.
185 Force UIDL use (effective only with POP3). Force client-side tracking
186 of `newness' of messages (UIDL stands for ``unique ID listing'' and is
187 described in RFC1725). Use with `keep' to use a mailbox as a baby
188 news drop for a group of users.
192 The option permits you to specify a TCP/IP port to connect on.
193 This option will seldom be necessary as all the supported protocols have
194 well-established default port numbers.
196 .B \-r folder, --folder folder
198 Causes a specified non-default mail folder on the mailserver (or
199 comma-separated list of folders) to be retrieved. The syntax of the
200 folder name is server-dependent. This option is not available under
202 .SS Delivery Control Options
204 .B \-S host, --smtphost host
205 (Keyword: smtp[host])
206 Specify a hunt list of hosts to forward mail to (one or more
207 hostnames, comma-separated). In ETRN mode, set the host that the
208 mailserver is asked to ship mail to. Hosts are tried in list order;
209 the first one that is up becomes the forwarding or ETRN target for the
212 .B \-D domain, --smtpaddress domain
213 (Keyword: smtpaddress)
214 Specify the domain to be put in MAIL FROM lines shipped to SMTP. The
215 name of the SMTP server (as specified by --smtphost, or defaulted to
216 "localhost") is used when this is not specified.
220 You can force mail to be passed to an MDA directly (rather than
221 forwarded to port 25) with the -mda or -m option. If \fIfetchmail\fR
222 is running as root, it sets its userid to that of the target user
223 while delivering mail through an MDA. Some possible MDAs are
224 "/usr/sbin/sendmail -oem", "/usr/lib/sendmail -oem",
225 "/usr/bin/formail", and "/usr/bin/deliver". Local delivery addresses
226 will be inserted into the MDA command wherever you place a %T; the
227 mail message's From address will be inserted where you place an %F. Do
228 \fInot\fR use an MDA invocation like
229 "sendmail -oem -t" that dispatches on the contents of To/Cc/Bcc, it
230 will create mail loops and bring the just wrath of many postmasters
232 .SS Resource Limit Control Options
236 Takes a maximum octet size argument. Messages larger than this size
237 will not be fetched, not be marked seen, and will be left on the
238 server (in foreground sessions, the progress messages will note that
239 they are "oversized"). An explicit --limit of 0 overrides any limits set
240 in your run control file. This option is intended for those needing to
241 strictly control fetch time in interactive mode. It may not be used
242 with daemon mode, as users would never receive a notification that
243 messages were waiting. This option does not work with ETRN.
246 (Keyword: batchlimit)
247 Specify the maximum number of messages that will be shipped to an SMTP
248 listener before the connection is deliberately torn down and rebuilt
249 (defaults to 0, meaning no limit). An explicit --batchlimit of 0
250 overrides any limits set in your run control file. While
251 \fBsendmail\fR(8) normally initiates delivery of a message immediately
252 after receiving the message terminator, some SMTP listeners are not so
253 prompt. MTAs like \fIqmail\fR(8) and \fIsmail\fR(8) may wait till the
254 delivery socket is shut down to deliver. This may produce annoying
257 is processing very large batches. Setting the batch limit to some
258 nonzero size will prevent these delays.
259 This option does not work with ETRN.
262 (Keyword: fetchlimit)
263 Limit the number of messages accepted from a given server in a single
264 poll. By default there is no limit. An explicit --fetchlimit of 0
265 overrides any limits set in your run control file.
266 This option does not work with ETRN.
270 When talking to an IMAP server,
272 normally issues an EXPUNGE command after each deletion in order to
273 force the deletion to be done immediately. This is safest when your
274 connection to the server is flaky and expensive, as it avoids
275 resending duplicate mail after a line hit. However, on large
276 mailboxes the overhead of re-indexing after every message can slam the
277 server pretty hard, so if your connection is reliable it is good to do
278 expunges less frequently. If you specify this option to an integer N,
281 to only issue expunges on every Nth delete. An argument
282 of zero suppresses expunges entirely (so no expunges at all will be
283 done until the end of run).
284 This option does not work with ETRN, POP2, or POP3.
285 .SS Authentication Options
287 .B \-u name, --username name
288 (Keyword: user[name])
289 Specifies the user identification to be used when logging in to the mailserver.
290 The appropriate user identification is both server and user-dependent.
291 The default is your login name on the client machine that is running
293 See USER AUTHENTICATION below for a complete description.
295 .B \-I specification, --interface specification
297 Require that a specific interface device be up and have a specific local
298 IP address (or range) before polling. Frequently
300 is used over a transient point-to-point TCP/IP link established directly
301 to a mailserver via SLIP or PPP. That is a relatively secure channel.
302 But when other TCP/IP routes to the mailserver exist (e.g. when the link
303 is connected to an alternate ISP), your username and password may be
304 vulnerable to snooping (especially when daemon mode automatically polls
305 for mail, shipping a clear password over the net at predictable
306 intervals). The --interface option may be used to prevent this. When
307 the specified link is not up or is not connected to a matching IP
308 address, polling will be skipped. The format is:
310 interface/iii.iii.iii.iii/mmm.mmm.mmm.mmm
312 The field before the first slash is the interface name (i.e. sl0, ppp0
313 etc.). The field before the second slash is the acceptable IP address.
314 The field after the second slash is a mask which specifies a range of
315 IP addresses to accept. If no mask is present 255.255.255.255 is
316 assumed (i.e. an exact match). This option is currently only supported
319 .B \-M interface, --monitor interface
321 Daemon mode can cause transient links which are automatically taken down
322 after a period of inactivity (e.g. PPP links) to remain up
323 indefinitely. This option identifies a system TCP/IP interface to be
324 monitored for activity. After each poll interval, if the link is up but
325 no other activity has occurred on the link, then the poll will be
326 skipped. This option is currently only supported under Linux.
329 (Keyword: auth[enticate])
330 This option permits you to specify a preauthentication type (see USER
331 AUTHENTICATION below for details). The possible values are
332 \&`\fBpassword\fR' and `\fBkerberos\fR' (or, for excruciating
333 exactness, `\fBkerberos_v4\fR'). This option is provided
334 primarily for developers; choosing KPOP protocol automatically selects
335 Kerberos preauthentication, and all other alternatives use
336 password authentication (though APOP uses a generated one-time
337 key as the password and IMAP-K4 uses RFC1731 Kerberos v4 authentication).
338 This option does not work with ETRN.
339 .SS Miscellaneous Options
341 .B \-f pathname, --fetchmailrc pathname
342 Specify a non-default name for the
344 run control file. Unless the --version option is also on, the file must have
345 permissions no more open than 0600 (u=rw,g=,o=) or else be /dev/null.
347 .B \-i pathname, --idfile pathname
348 Specify an alternate name for the .fetchids file used to save POP3
352 (Keyword: no rewrite)
355 edits RFC-822 address headers (To, From, Cc, Bcc, and Reply-To) in
356 fetched mail so that any mail IDs local to the server are expanded to
357 full addresses (@ and the mailserver hostname are appended). This enables
358 replies on the client to get addressed correctly (otherwise your
359 mailer might think they should be addressed to local users on the
360 client machine!). This option disables the rewrite. (This option is
361 provided to pacify people who are paranoid about having an MTA edit
362 mail headers and want to know they can prevent it, but it is generally
363 not a good idea to actually turn off rewrite.)
364 When using ETRN, the rewrite option is ineffective.
368 This option changes the header
370 assumes will carry a copy of the mail's envelope address. Normally
371 this is `X-Envelope-To' but as this header is not standard, practice
372 varies. See the discussion of multidrop address handling below. As a
373 special case, `envelope "Received"' enables parsing of sendmail-style
374 Received lines. This is the default, and it should not be necessary
375 unless you have globally disabled Received parsing with `no envelope'
376 in the \fI.fetchmailrc\fR file.
380 The string assigned to this option will be removed from the user
381 name found in the header specified with the \fIenvelope\fR option.
382 This option is useful if you are using
384 to collect the mail for an entire domain and your ISP (or your mail
385 redirection provider) is using qmail.
386 One of the basic features of qmail is the
390 message header. Whenever qmail delivers a message to a local mailbox
391 it puts the username and hostname of the envelope recipient on this
392 line. The major reason for this is to prevent mail loops. To set up
393 qmail to batch mail for a disconnected site the ISP-mailhost will have
394 normally put that site in its `Virtualhosts' control file so it will
395 add a prefix to all mail addresses for this site. This results in mail
396 sent to 'username@userhost.userdom.dom.com' having a
397 \&`Delivered-To:' line of the form:
399 Delivered-To: mbox-userstr-username@userhost.userdom.dom.com
401 The ISP can make the 'mbox-userstr-' prefix anything they choose
402 but a string matching the user host name is likely.
403 By using the option `envelope Delivered-To:' you can make fetchmail reliably
404 identify the original envelope recipient, but you have to strip the
405 `mbox-userstr-' prefix to deliver to the correct user.
406 This is what this option is for.
408 .SH USER AUTHENTICATION
409 Every mode except ETRN requires authentication of the client.
410 Normal user authentication in
412 is very much like the authentication mechanism of
414 The correct user-id and password depend upon the underlying security
415 system at the mailserver.
417 If the mailserver is a Unix machine on which you have an ordinary user
418 account, your regular login name and password are used with
420 If you use the same login name on both the server and the client machines,
421 you needn't worry about specifying a user-id with the
424 the default behavior is to use your login name on the client machine as the
425 user-id on the server machine. If you use a different login name
426 on the server machine, specify that login name with the
428 option. e.g. if your login name is 'jsmith' on a machine named 'mailgrunt',
433 fetchmail -u jsmith mailgrunt
435 The default behavior of
437 is to prompt you for your mailserver password before the connection is
438 established. This is the safest way to use
440 and ensures that your password will not be compromised. You may also specify
441 your password in your
443 file. This is convenient when using
445 in daemon mode or with scripts.
447 If you do not specify a password, and
449 cannot extract one from your
451 file, it will look for a
453 file in your home directory before requesting one interactively; if an
454 entry matching the mailserver is found in that file, the password will
457 man page for details of the syntax of the
459 file. (This feature may allow you to avoid duplicating password
460 information in more than one file.)
462 On mailservers that do not provide ordinary user accounts, your user-id and
463 password are usually assigned by the server administrator when you apply for
464 a mailbox on the server. Contact your server administrator if you don't know
465 the correct user-id and password for your mailbox account.
467 Early versions of POP3 (RFC1081, RFC1225) supported a crude form of
468 independent authentication using the
470 file on the mailserver side. Under this RPOP variant, a fixed
471 per-user ID equivalent to a password was sent in clear over a link to
472 a reserved port, with the command RPOP rather than PASS to alert the
473 server that it should do special checking. RPOP is supported
476 (you can specify `protocol RPOP' to have the program send `RPOP'
477 rather than `PASS') but its use is strongly discouraged. This
478 facility was vulnerable to spoofing and was withdrawn in RFC1460.
480 RFC1460 introduced APOP authentication. In this variant of POP3,
481 you register an APOP password on your server host (the program
482 to do this with on the server is probably called \fIpopauth\fR(8)). You
483 put the same password in your
487 logs in, it sends a cryptographically secure hash of your password and
488 the server greeting time to the server, which can verify it by
489 checking its authorization database.
491 If your \fIfetchmail\fR was built with Kerberos support and you specify
492 Kerberos preauthentication (either with --auth or the \fI.fetchmailrc\fR
493 option \fBauthenticate kerberos_v4\fR) it will try to get a Kerberos
494 ticket from the mailserver at the start of each query.
496 If you use IMAP-K4, \fIfetchmail\fR will expect the IMAP server to have
497 RFC1731-conformant AUTHENTICATE KERBEROS_V4 capability, and will use it.
499 If you use IMAP-GSS, \fIfetchmail\fR will expect the IMAP server to have
500 RFC1731-conformant AUTHENTICATE GSSAPI capability, and will use it.
501 Currently this has only been tested over Kerberos V, so you're expected
502 to already have a ticket-granting ticket. You may pass a username different
503 from your principal name using the standard \fB--user\fR command or by
504 the \fI.fetchmailrc\fR option \fBuser\fR.
506 If you are using POP3, and the server issues a one-time-password
507 challenge conforming to RFC1938, \fIfetchmail\fR will use your
508 password as a pass phrase to generate the required response. This
509 avoids sending secrets over the net unencrypted.
511 Compuserve's RPA authentication (similar to APOP) is supported. If
512 you are using POP3, and the RPA code has been compiled into your
513 binary, and you query a server in the Compuserve csi.com domain,
514 \fIfetchmail\fR will try to perform an RPA pass-phrase authentication
515 instead of sending over the password en clair.
524 in daemon mode. You must specify a numeric argument which is a
525 polling interval in seconds.
529 puts itself in background and runs forever, querying each specified
530 host and then sleeping for the given polling interval.
536 will, therefore, poll all the hosts described in your
538 file (except those explicitly excluded with the `skip' verb) once
539 every fifteen minutes.
541 It is possible to set a polling interval
544 file by saying `set daemon <interval>', where <interval> is an
545 integer number of seconds. If you do this, fetchmail will always
546 start in daemon mode unless you override it with the command-line
547 option --daemon 0 or -d0.
549 Only one daemon process is permitted per user; in daemon mode,
551 makes a per-user lockfile to guarantee this.
553 Normally, calling fetchmail with a daemon in the background sends a
554 wakeup signal to the daemon, forcing it to poll mailservers
555 immediately. (The wakeup signal is SIGHUP if fetchmail is running as
556 root, SIGUSR1 otherwise.)
560 will kill a running daemon process instead of waking it up (if there
563 notifies you). If the --quit option is the only command-line option,
564 that's all there is to it.
566 The quit option may also be mixed with other command-line options; its
567 effect is to kill any running daemon before doing what the other
568 options specify in combination with the rc file.
574 option (keyword: timeout) allows you to set a server-nonresponse
575 timeout in seconds. If a mailserver does not send a greeting message
576 or respond to commands for the given number of seconds,
577 \fIfetchmail\fR will hang up on it. Without such a timeout
578 \fIfetchmail\fR might hang up indefinitely trying to fetch mail from a
579 down host. This would be particularly annoying for a \fIfetchmail\fR
580 running in background. There is a default timeout which fetchmail -V
587 option (keyword: set logfile) allows you to redirect status messages
588 emitted while detached into a specified logfile (follow the
589 option with the logfile name). The logfile is opened for append, so
590 previous messages aren't deleted. This is primarily useful for
591 debugging configurations.
595 option (keyword: syslog) allows you to redirect status and error
596 messages emitted to the
598 system daemon if available.
599 Messages are logged with an id of \fBfetchmail\fR, the facility \fBLOG_MAIL\fR,
600 and priorities \fBLOG_ERR\fR, \fBLOG_ALERT\fR or \fBLOG_INFO\fR.
601 This option is intended for logging status and error messages which
602 indicate the status of the daemon and the results while fetching mail
604 Error messages for command line options and parsing the \fI.fetchmailrc\fR
605 file are still written to stderr, or the specified log file if the
613 option tries to make fetchmail invisible. Normally, fetchmail behaves
614 like any other MTA would -- it generates a Received header into each
615 message describing its place in the chain of transmission, and tells
616 the MTA it forwards to that the mail came from the machine fetchmail
617 itself is running on. If the invisible option is on, the Received
618 header is suppressed and fetchmail tries to spoof the MTA it forwards
619 to into thinking it came directly from the mailserver host.
623 or --nodetach option suppresses backgrounding and detachment of the
624 daemon process from its control terminal. This is primarily useful
625 for debugging. Note that this also causes the logfile option to be
626 ignored (though perhaps it shouldn't).
628 Note that while running in daemon mode polling a POP2 or POP3 server,
629 transient errors (such as DNS failures or sendmail delivery refusals)
630 may force the fetchall option on for the duration of the next polling
631 cycle. This is a robustness feature. It means that if a message is
632 fetched (and thus marked seen by the mailserver) but not delivered
633 locally due to some transient error, it will be re-fetched during the
634 next poll cycle. (The IMAP logic doesn't delete messages until
635 they're delivered, so this problem does not arise.)
637 .SH RETRIEVAL FAILURE MODES
638 The protocols \fIfetchmail\fR uses to talk to mailservers are next to
639 bulletproof. In normal operation forwarding to port 25, no message is
640 ever deleted (or even marked for deletion) on the host until the SMTP
641 listener on the client has acknowledged to \fIfetchmail\fR that the
642 message has been accepted for delivery. When forwarding to an MDA,
643 however, there is more possibility of error (because there's no way
644 for fetchmail to get a reliable positive acknowledgement from the MDA).
646 The normal mode of \fIfetchmail\fR is to try to download only `new'
647 messages, leaving untouched (and undeleted) messages you have already
648 read directly on the server (or fetched with a previous \fIfetchmail
649 --keep\fR). But you may find that messages you've already read on the
650 server are being fetched (and deleted) even when you don't specify
651 --all. There are several reasons this can happen.
653 One could be that you're using POP2. The POP2 protocol includes no
654 representation of `new' or `old' state in messages, so \fIfetchmail\fR
655 must treat all messages as new all the time. But POP2 is obsolete, so
658 Under POP3, blame RFC1725. That version of the POP3 protocol
659 specification removed the LAST command, and some POP servers follow it
660 (you can verify this by invoking \fIfetchmail -v\fR to the mailserver
661 and watching the response to LAST early in the query). The
662 \fIfetchmail\fR code tries to compensate by using POP3's UID feature,
663 storing the identifiers of messages seen in each session until the
664 next session, in the \fI.fetchids\fR file. But this doesn't track
665 messages seen with other clients, or read directly with a mailer on
666 the host but not deleted afterward. A better solution would be to
669 Another potential POP3 problem might be servers that insert messages
670 in the middle of mailboxes (some VMS implementations of mail are
671 rumored to do this). The \fIfetchmail\fR code assumes that new
672 messages are appended to the end of the mailbox; when this is not true
673 it may treat some old messages as new and vice versa. The only
674 real fix for this problem is to switch to IMAP.
676 The IMAP code uses the presence or absence of the server flag \eSeen
677 to decide whether or not a message is new. Under Unix, it counts on
678 your IMAP server to notice the BSD-style Status flags set by mail user
679 agents and set the \eSeen flag from them when appropriate. All Unix
680 IMAP servers we know of do this, though it's not specified by the IMAP
681 RFCs. If you ever trip over a server that doesn't, the symptom will
682 be that messages you have already read on your host will look new to
683 the server. In this (unlikely) case, only messages you fetched with
684 \fIfetchmail --keep\fR will be both undeleted and marked old.
686 In ETRN mode, \fIfetchmail\fR does not actually retrieve messages;
687 instead, it asks the server's SMTP listener to start a queue flush
688 to the client via SMTP. Therefore it sends only undelivered messages.
691 Many SMTP listeners allow administrators to set up `spam filters' that
692 block unsolicited email from specified domains. A MAIL FROM line that
693 triggers this feature will elicit an SMTP response which
694 (unfortunately) varies according to the listener.
698 return an error code of 571. This return value
699 is blessed by RFC1893 as "Delivery not authorized, message refused".
701 According to current drafts of the replacement for RFC821, the correct
702 thing to return in this situation is 550 "Requested action not taken:
703 mailbox unavailable" (the draft adds "[E.g., mailbox not found, no
704 access, or command rejected for policy reasons].").
708 MTA returns 501 "Syntax error in parameters or arguments" , but will
713 code recognizes any of these error codes and discards the message. This is the
715 circumstance under which fetchmail ever discards mail.
719 is fetching from an IMAP server, the antispam response will be detected and
720 the message rejected immediately after the headers have been fetched,
721 without reading the message body. Thus, you won't pay for downloading
724 .SH THE RUN CONTROL FILE
725 The preferred way to set up fetchmail is to write a
726 \&\fI.fetchmailrc\fR file in your home directory. When there is a
727 conflict between the command-line arguments and the arguments in this
728 file, the command-line arguments take precedence.
730 To protect the security of your passwords, when --version is not on
731 your \fI~/.fetchmailrc\fR may not have more than 0600 (u=rw,g=,o=) permissions;
733 will complain and exit otherwise.
735 You may read the \fI.fetchmailrc\fR file as a list of commands to
738 is called with no arguments.
739 .SS Run Control Syntax
741 Comments begin with a '#' and extend through the end of the line.
742 Otherwise the file consists of a series of server entries or global
743 option statements in a free-format, token-oriented syntax.
745 There are four kinds of tokens: grammar keywords, numbers
746 (i.e. decimal digit sequences), unquoted strings, and quoted strings.
747 A quoted string is bounded by double quotes and may contain
748 whitespace (and quoted digits are treated as a string). An unquoted
749 string is any whitespace-delimited token that is neither numeric, string
750 quoted nor contains the special characters `,', `;', `:', or `='.
752 Any amount of whitespace separates tokens in server entries, but is
753 otherwise ignored. You may use standard C-style escapes (\en, \et,
754 \eb, octal, and hex) to embed non-printable characters or string
755 delimiters in strings.
757 Each server entry consists of one of the keywords `poll' or `skip',
758 followed by a server name, followed by server options, followed by any
759 number of user descriptions. Note: the most common cause of syntax
760 errors is mixing up user and server options.
762 For backward compatibility, the word `server' is a synonym for `poll'.
764 You can use the noise keywords `and', `with',
765 \&`has', `wants', and `options' anywhere in an entry to make
766 it resemble English. They're ignored, but but can make entries much
767 easier to read at a glance. The punctuation characters ':', ';' and
768 \&',' are also ignored.
771 The `poll' verb tells fetchmail to query this host when it is run with
772 no arguments. The `skip' verb tells
774 not to poll this host unless it is explicitly named on the command
775 line. (The `skip' verb allows you to experiment with test entries
776 safely, or easily disable entries for hosts that are temporarily down.)
778 .SS Keyword/Option Summary
779 Here are the legal server options. Keyword suffixes enclosed in
780 square brackets are optional. Those corresponding to command-line
781 options are followed by `-' and the appropriate option letter.
788 Specify DNS name of mailserver, overriding poll name
791 Specify protocol (case insensitive):
792 POP2, POP3, IMAP, IMAP-K4, IMAP-GSS, APOP, KPOP
795 Specify TCP/IP service port
798 Set preauthentication type (default `password')
801 Server inactivity timout in seconds (default 300)
804 Specify envelope-address header name
807 Disable looking for envelope address
810 Qmail virtual domain prefix to remove from user name
813 Specify alternate DNS names of mailserver
816 specify IP interface(s) that must be up for server poll to take place
819 Specify IP address to monitor for activity
822 Enable DNS lookup for multidrop (default)
825 Disable DNS lookup for multidrop
828 Force POP3 to use client-side UIDLs
831 Turn off POP3 use of client-side UIDLs (default)
835 Here are the legal user options:
843 (local user name if name followed by `here')
846 Connect local and remote user names
849 Connect local and remote user names
852 Specify remote account password
855 Specify remote folder to query
858 Specify smtp host(s) to forward to
861 Specify MDA for local delivery
864 Command to be executed before each connection
867 Command to be executed after each connection
870 Don't delete seen messages from server
873 Flush all seen messages before querying
876 Fetch all messages whether seen or not
879 Rewrite destination addresses for reply (default)
882 Strip carriage returns from ends of lines
885 Force carriage returns at ends of lines
888 Force BODY=8BITMIME to ESMTP listener
891 Strip Status lines out of incoming mail
894 Delete seen messages from server (default)
897 Don't flush all seen messages before querying (default)
900 Retrieve only new messages (default)
903 Don't rewrite headers
906 Don't strip carriage returns (default)
909 Don't force carriage returns at EOL (default)
912 Don't force BODY=8BITMIME to ESMTP listener (default)
915 Don't drop Status headers (default)
918 Set message size limit
921 Max # messages to fetch in single connect
924 Max # messages to forward in single connect
927 Perform an expunge on every #th message (IMAP only)
930 Do error logging through syslog(3).
934 Remember that all user options must \fIfollow\fR all server options.
936 In the .fetchmailrc file, the `envelope' string argument may be
937 preceded by a whitespace-separated number. This number, if specified,
938 is the number of such headers to skip (that is, an argument of 1
939 selects the second header of the given type). This is sometime useful
940 for ignoring bogus Received headers created by an ISP's local delivery
942 .SS Keywords Not Corresponding To Option Switches
944 The `folder' and `smtphost' options (unlike their command-line
945 equivalents) can take a space- or comma-separated list of names
948 All options correspond to the obvious command-line arguments, except
949 the following: `via', `interval', `aka', `is', `to', `dns'/`no dns',
950 \&`password', \&`preconnect', \&`postconnect', `localdomains',
951 \&`stripcr'/`no stripcr', \&`forcecr'/`no forcecr', `pass8bits'/`no
952 pass8bits' `dropstatus/no dropstatus', and `no envelope'.
954 The `via' option is for use with ssh, or if you want to have more
955 than one configuration pointing at the same site. If it is present,
956 the string argument will be taken as the actual DNS name of the
957 mailserver host to query.
958 This will override the argument of poll, which can then simply be a
959 distinct label for the configuration (e.g. what you would give on the
960 command line to explicitly query this host).
961 If the `via' name is `localhost', the poll name will also still be
962 used as a possible match in multidrop mode; otherwise the `via' name
963 will be used instead and the poll name will be purely a label.
965 The `interval' option (which takes a numeric argument) allows you to poll a
966 server less frequently than the basic poll interval. If you say
967 \&`interval N' the server this option is attached to will only be
968 queried every N poll intervals.
970 The `is' or `to' keywords associate the following local (client)
971 name(s) (or server-name to client-name mappings separated by =) with
972 the mailserver user name in the entry. If an is/to list has `*' as
973 its last name, unrecognized names are simply passed through.
975 A single local name can be used to support redirecting your mail when
976 your username on the client machine is different from your name on the
977 mailserver. When there is only a single local name, mail is forwarded
978 to that local username regardless of the message's Received, To, Cc,
979 and Bcc headers. In this case
981 never does DNS lookups.
983 When there is more than one local name (or name mapping) the
984 \fIfetchmail\fR code does look at the Received, To, Cc, and Bcc
985 headers of retrieved mail (this is `multidrop mode'). It looks for
986 addresses with hostname parts that match your poll name or your `via',
987 `aka' or `localdomains' options, and usually also for hostname parts
988 which DNS tells it are aliases of the mailserver. See the discussion
989 of `dns', `localdomains', and `aka' for details on how matching
990 addresses are handled. If \fIfetchmail\fR cannot match any mailserver
991 usernames or localdomain addresses, the default recipient is the
992 calling user (as set by the USER or LOGNAME variable in the
993 environment; you could use this to redirect to an alias like postmaster).
995 The `dns' option (normally on) controls the way addresses from
996 multidrop mailboxes are checked. On, it enables logic to check each
997 host address that doesn't match an `aka' or `localdomains' declaration
998 by looking it up with DNS. When a mailserver username is recognized
999 attached to a matching hostname part, its local mapping is added to
1000 the list of local recipients.
1002 The `aka' option is for use with multidrop mailboxes. It allows you
1003 to pre-declare a list of DNS aliases for a server. This is an
1004 optimization hack that allows you to trade space for speed. When
1006 while processing a multidrop mailbox, grovels through message headers
1007 looking for names of the mailserver, pre-declaring common ones can
1008 save it from having to do DNS lookups.
1010 The `localdomains' option allows you to declare a list of domains
1011 which fetchmail should consider local. When fetchmail is parsing
1012 address lines in multidrop modes, and a trailing segment of a host
1013 name matches a declared local domain, that address is passed through
1014 to the listener or MDA unaltered (local-name mappings are \fInot\fR
1017 If you are using `localdomains', you may also need to specify \&`no
1018 envelope', which disables \fIfetchmail\fR's normal attempt to deduce
1019 an envelope address from the Received line or X-Envelope-To header or
1020 whatever header has been previously set by `envelope'. If you set `no
1021 envelope' in the defaults entry it is possible to undo that in
1022 individual entries by using `envelope <string>'. As a special case,
1023 \&`envelope "Received"' restores the default parsing of
1026 The \fBpassword\fR option requires a string argument, which is the password
1027 to be used with the entry's server.
1029 The `preconnect' keyword allows you to specify a shell command to be
1030 executed just before each time
1032 establishes a mailserver connection. This may be useful if you are
1033 attempting to set up secure POP connections with the aid of
1035 If the command returns a nonzero status, the poll of that mailserver
1038 Similarly, the `postconnect' keyword similarly allows you to specify a
1039 shell command to be executed just after each time a mailserver
1040 connection is taken down.
1042 The `forcecr' option controls whether lines terminated by LF only are
1043 given CRLF termination before forwarding. Strictly speaking RFC821
1044 requires this, but few MTAs enforce the requirement it so this option
1045 is normally off (only one such MTA, qmail, is in significant use at
1048 The `stripcr' option controls whether carriage returns are stripped
1049 out of retrieved mail before it is forwarded. It is normally not
1050 necessary to set this, because it defaults to `on' (CR stripping
1051 enabled) when there is an MDA declared but `off' (CR stripping
1052 disabled) when forwarding is via SMTP. If `stripcr' and `forcecr' are
1053 both on, `stripcr' will override.
1055 The `pass8bits' option exists to cope with Microsoft mail programs that
1056 stupidly slap a "Content-Transfer-Encoding: 7bit" on everything. With
1057 this option off (the default) and such a header present,
1059 declares BODY=7BIT to an ESMTP-capable listener; this causes problems for
1060 messages actually using 8-bit ISO or KOI-8 character sets, which will
1061 be garbled by having the high bits of all characters stripped. If
1062 \&`pass8bits' is on,
1064 is forced to declare BODY=8BITMIME to any ESMTP-capable listener. If
1065 the listener is 8-bit-clean (as all the major ones now are) the right
1066 thing will probably result.
1068 The `dropstatus' option controls whether nonempty Status lines are
1069 retained in fetched mail (the default) or discarded. Retaining them
1070 allows your MUA to see what messages (if any) were marked seen on the
1071 client. On the other hand, it can confuse some new-mail notifiers,
1072 which assume that anything with a Status line in it has been seen.
1073 (Note: the empty Status lines inserted by some buggy POP servers are
1074 unconditionally discarded.)
1076 .SS Miscellaneous Run Control Options
1077 The words `here' and `there' have useful English-like
1078 significance. Normally `user eric is esr' would mean that
1079 mail for the remote user `eric' is to be delivered to `esr',
1080 but you can make this clearer by saying `user eric there is esr here',
1081 or reverse it by saying `user esr here is eric there'
1083 Legal protocol identifiers for use with the `protocol' keyword are:
1089 imap-k4 (or IMAP-K4)
1090 imap-gss (or IMAP-GSS)
1095 Legal authentication types are `password' or `kerberos'. The former
1096 specifies authentication by normal transmission of a password (the
1097 password may be plaintext or subject to protocol-specific encryption
1098 as in APOP); the second tells \fIfetchmail\fR to try to get a Kerberos
1099 ticket at the start of each query instead, and send an arbitrary
1100 string as the password.
1102 Specifying `kpop' sets POP3 protocol over port 1109 with Kerberos V4
1103 preauthentication. These defaults may be overridden by later options.
1105 There are currently three global option statements; `set logfile'
1106 followed by a string sets the same global specified by --logfile. A
1107 command-line --logfile option will override this. Also, `set daemon'
1108 sets the poll interval as --daemon does. This can be overridden by
1109 a command-line --daemon option; in particular --daemon 0 can be used
1110 to force foreground operation. Finally, `set syslog' sends log
1111 messages to syslogd(8).
1113 .SH CONFIGURATION EXAMPLES
1117 poll SERVERNAME protocol PROTOCOL username NAME password PASSWORD
1123 poll pop.provider.net protocol pop3 username jsmith password secret1
1126 Or, using some abbreviations:
1129 poll pop.provider.net proto pop3 user jsmith password secret1
1132 Multiple servers may be listed:
1135 poll pop.provider.net proto pop3 user jsmith pass secret1
1136 poll other.provider.net proto pop2 user John.Smith pass My^Hat
1139 Here's a version of those two with more whitespace and some noise words:
1142 poll pop.provider.net proto pop3
1143 user jsmith, with password secret1, is jsmith here;
1144 poll other.provider.net proto pop2:
1145 user John.Smith, with password My^Hat, is John.Smith here;
1148 This version is much easier to read and doesn't cost significantly
1149 more (parsing is done only once, at startup time).
1152 If you need to include whitespace in a parameter string, enclose the
1153 string in double quotes. Thus:
1156 poll mail.provider.net with proto pop3:
1157 user jsmith there has password "u can't krak this"
1158 is jws here and wants mda "/bin/mail"
1161 You may have an initial server description headed by the keyword
1162 `defaults' instead of `poll' followed by a name. Such a record
1163 is interpreted as defaults for all queries to use. It may be overwritten
1164 by individual server descriptions. So, you could write:
1169 poll pop.provider.net
1171 poll mail.provider.net
1172 user jjsmith there has password secret2
1175 It's possible to specify more than one user per server (this is only
1176 likely to be useful when running fetchmail in daemon mode as root).
1177 The `user' keyword leads off a user description, and every user specification
1178 in a multi-user entry must include it. Here's an example:
1181 poll pop.provider.net proto pop3 port 3111
1182 user jsmith with pass secret1 is smith here
1183 user jones with pass secret2 is jjones here
1186 This associates the local username `smith' with the pop.provider.net
1187 username `jsmith' and the local username `jjones' with the
1188 pop.provider.net username `jones'.
1190 Here's what a simple retrieval configuration for a multi-drop mailbox
1194 poll pop.provider.net:
1195 user maildrop with pass secret1 to golux hurkle=happy snark here
1198 This says that the mailbox of account `maildrop' on the server is a
1199 multi-drop box, and that messages in it should be parsed for the
1200 server user names `golux', `hurkle', and `snark'. It further
1201 specifies that `golux' and `snark' have the same name on the
1202 client as on the server, but mail for server user `hurkle' should be
1203 delivered to client user `happy'.
1205 Here's an example of another kind of multidrop connection:
1208 poll pop.provider.net localdomains loonytoons.org:
1209 user maildrop with pass secret1 to esr * here
1212 This also says that the mailbox of account `maildrop' on the server is
1213 a multi-drop box. It tells fetchmail that any address in the
1214 loonytoons.org domain (including subdomain addresses like
1215 `joe@daffy.loonytoons.org') should be passed through to the local SMTP
1216 listener without modification. Be careful of mail loops if you do this!
1218 Here's an example configuration using ssh. The queries go through an
1219 ssh connecting local port 1234 to port 110 on mailhost.net; the
1220 preconnect command sets up the ssh.
1223 poll mailhost.net via localhost port 1234 with pop3:
1224 preconnect "ssh -f -L 1234:mailhost.net:110
1225 mailhost.net sleep 20 </dev/null >/dev/null";
1228 .SH THE USE AND ABUSE OF MULTIDROP MAILBOXES
1229 Use the multiple-local-recipients feature with caution -- it can bite.
1230 Also note that all multidrop features are ineffective in ETRN mode.
1232 .SS Header vs. Envelope addresses
1233 The fundamental problem is that by having your mailserver toss several
1234 peoples' mail in a single maildrop box, you may have thrown away
1235 potentially vital information about who each piece of mail was
1236 actually addressed to (the `envelope address', as opposed to the
1237 header addresses in the RFC822 To/Cc/Bcc headers). This `envelope
1238 address' is the address you need in order to reroute mail properly.
1242 can deduce the envelope address. If the mailserver MTA is
1244 and the item of mail had just one recipient, the MTA will have written
1245 a `by/for' clause that gives the envelope addressee into its Received
1246 header. But this doesn't work reliably for other MTAs, nor if there is
1247 more than one recipient. By default, \fIfetchmail\fR looks for
1248 envelope addresses in these lines; you can restore this default with
1249 -E "Received" or \&`envelope Received'.
1251 Alternatively, some SMTP listeners and/or mail servers insert a header
1252 in each message containing a copy of the envelope addresses. This
1253 header (when it exists) is often `X-Envelope-To'. Fetchmail's
1254 assumption about this can be changed with the -E or `envelope' option.
1255 Note that writing an envelope header of this kind exposes the names of
1256 recipients (including blind-copy recopients) to all receivers of the
1257 messages; it is therefore regarded by some administrators as a
1258 security/privacy problem.
1260 A slight variation of the `X-Envelope-To' header is the `Delivered-To' put
1261 by qmail to avoid mail loops. It will probably prefix the user name with a
1262 string that normally matches the user's domain. To remove this prefix you
1263 can use the -Q or `qvirtual' option.
1265 Sometimes, unfortunately, neither of these methods works. When they
1266 all fail, fetchmail must fall back on the contents of To/Cc/Bcc
1267 headers to try to determine recipient addressees -- and these are not
1268 reliable. In particular, mailing-list software often ships mail with
1269 only the list broadcast address in the To header.
1273 cannot deduce a recipient address that is local, and the intended
1274 recipient address was anyone other than fetchmail's invoking user,
1275 mail will get lost. This is what makes the multidrop feature risky.
1277 A related problem is that when you blind-copy a mail message, the Bcc
1278 information is carried \fIonly\fR as envelope address (it's not put
1279 in the headers fetchmail can see unless there is an X-Envelope
1280 header). Thus, blind-copying to someone who gets mail over a
1281 fetchmail link will fail unless the the mailserver host routinely
1282 writes X-Envelope or an equivalent header into messages in your maildrop.
1284 .SS Good Ways To Use Multidrop Mailboxes
1285 Multiple local names can be used to administer a mailing list from the
1286 client side of a \fIfetchmail\fR collection. Suppose your name is
1287 \&`esr', and you want to both pick up your own mail and maintain a mailing
1288 list called (say) "fetchmail-friends", and you want to keep the alias
1289 list on your client machine.
1291 On your server, you can alias \&`fetchmail-friends' to `esr'; then, in
1292 your \fI.fetchmailrc\fR, declare \&`to esr fetchmail-friends here'.
1293 Then, when mail including `fetchmail-friends' as a local address
1294 gets fetched, the list name will be appended to the list of
1295 recipients your SMTP listener sees. Therefore it will undergo alias
1296 expansion locally. Be sure to include `esr' in the local alias
1297 expansion of fetchmail-friends, or you'll never see mail sent only to
1298 the list. Also be sure that your listener has the "me-too" option set
1299 (sendmail's -oXm command-line option or OXm declaration) so your name
1300 isn't removed from alias expansions in messages you send.
1302 This trick is not without its problems, however. You'll begin to see
1303 this when a message comes in that is addressed only to a mailing list
1304 you do \fInot\fR have declared as a local name. Each such message
1305 will feature an `X-Fetchmail-Warning' header which is generated
1306 because fetchmail cannot find a valid local name in the recipient
1307 addresses. Such messages default (as was described above) to being
1308 sent to the local user running
1310 but the program has no way to know that that's actually the right thing.
1312 .SS Bad Ways To Abuse Multidrop Mailboxes
1313 Multidrop mailboxes and
1315 serving multiple users in daemon mode do not mix. The problem, again, is
1316 mail from mailing lists, which typically does not have an individual
1317 recipient address on it. Unless
1319 can deduce an envelope address, such mail will only go to the account
1320 running fetchmail (probably root). Also, blind-copied users are very
1321 likely never to see their mail at all.
1323 If you're tempted to use
1325 to retrieve mail for multiple users from a single mail drop via POP or
1326 IMAP, think again (and reread the section on header and envelope
1327 addresses above). It would be smarter to just let the mail sit in the
1328 mailserver's queue and use fetchmail's ETRN mode to trigger SMTP sends
1329 periodically (of course, this means you have to poll more frequently
1330 than the mailserver's expiry period). If you can't arrange this, try
1331 setting up a UUCP feed.
1333 If you absolutely \fImust\fR use multidrop for this purpose, make sure
1334 your mailserver writes an envelope-address header that fetchmail can
1335 see. Otherwise you \fIwill\fR lose mail and it \fIwill\fR come back
1338 .SS Speeding Up Multidrop Checking
1339 Normally, when multiple user are declared
1341 extracts recipient addresses as described above and checks each host
1342 part with DNS to see if it's an alias of the mailserver. If so, the
1343 name mappings described in the to ... here declaration are done and
1344 the mail locally delivered.
1346 This is the safest but also slowest method. To speed it up,
1347 pre-declare mailserver aliases with `aka'; these are checked before
1348 DNS lookups are done. If you're certain your aka list contains
1350 DNS aliases of the mailserver (and all MX names pointing at it)
1351 you can declare `no dns' to suppress DNS lookups entirely and
1352 \fIonly\fR match against the aka list.
1355 To facilitate the use of
1357 in shell scripts, an exit code is returned to give an indication
1358 of what occurred during a given connection.
1360 The exit codes returned by
1364 One or more messages were successfully retrieved.
1366 There was no mail awaiting retrieval. (There may have been old mail still
1367 on the server but not selected for retrieval.)
1369 An error was encountered when attempting to open a socket for the POP
1370 connection. If you don't know what a socket is, don't worry about it --
1371 just treat this as an 'unrecoverable error'.
1373 The user authentication step failed. This usually means that a bad
1374 user-id, password, or APOP id was specified.
1376 Some sort of fatal protocol error was detected.
1378 There was a syntax error in the arguments to
1381 The run control file had bad permissions.
1383 There was an error condition reported by the server. Can also
1386 timed out while waiting for the server.
1388 Client-side exclusion error. This means
1390 either found another copy of itself already running, or failed in such
1391 a way that it isn't sure whether another copy is running.
1393 The user authentication step failed because the server responded "lock
1394 busy". Try again after a brief pause! This error is not implemented
1395 for all protocols, nor for all servers. If not implemented for your
1396 server, "3" will be returned instead, see above. May be returned when
1397 talking to qpopper or other servers that can respond with "lock busy"
1398 or some similar text containing the word "lock".
1402 run failed while trying to do an SMTP port open or transaction.
1404 Fatal DNS error. Fetchmail encountered an error while performing
1405 a DNS lookup at startup and could not proceed.
1407 Internal error. You should see a message on standard error with
1412 queries more than one host, return status is 0 if \fIany\fR query
1413 successfully retrieved mail. Otherwise the returned error status is
1414 that of the last host queried.
1417 Eric S. Raymond <esr@snark.thyrsus.com>.
1418 This program is descended from and replaces
1420 by Carl Harris <ceharris@mal.com>; the internals are quite different,
1421 but some of its interface design is directly traceable to that
1427 default run control file
1430 default location of file associating hosts with last message IDs seen
1431 (used only with newer RFC1725-compliant POP3 servers supporting the
1435 your FTP run control file, which (if present) will be searched for
1436 passwords as a last resort before prompting for one interactively.
1439 lock file to help prevent concurrent runs (non-root mode).
1441 /var/run/fetchmail.pid
1442 lock file to help prevent concurrent runs (root mode, Linux systems).
1445 lock file to help prevent concurrent runs (root mode, systems without /var/run).
1448 For correct initialization,
1450 requires either that both the USER and HOME environment variables are
1451 correctly set, or that \fBgetpwuid\fR(3) be able to retrieve a password
1452 entry from your user ID.
1457 daemon is running as root, SIGHUP wakes it up from its sleep phase and
1458 forces a poll of all non-skipped servers (this is in accordance with
1459 the usual conventions for system daemons).
1463 is running in daemon mode as non-root, use SIGUSR1 to wake it (this is
1464 so SIGHUP due to logout can retain the default action of killing it).
1468 in foreground while a background fetchmail is running will do
1469 whichever of these is appropriate to wake it up.
1471 .SH BUGS AND KNOWN PROBLEMS
1472 The RFC822 parser used in multidrop mode chokes on some @-addresses that
1473 are technically legal but bizarre. Strange uses of quoting and
1474 embedded comments are likely to confuse it.
1476 Use of any of the supported protocols other than POP3 with OTP or RPA, APOP,
1477 KPOP, IMAP-K4, IMAP-GSS, or ETRN requires that the program send unencrypted
1478 passwords over the TCP/IP connection to the mailserver. This creates
1479 a risk that name/password pairs might be snaffled with a packet
1480 sniffer or more sophisticated monitoring software. Under Linux, the
1481 --interface option can be used to restrict polling to availability of
1482 a specific interface device with a specific local IP address, but
1483 snooping is still possible if (a) either host has a network device
1484 that can be opened in promiscuous mode, or (b) the intervening network
1487 Send comments, bug reports, gripes, and the like to Eric S. Raymond
1488 <esr@thyrsus.com>. An HTML FAQ is available at the fetchmail home
1489 page; surf to http://www.ccil.org/~esr/fetchmail or do a WWW search
1490 for pages with `fetchmail' in their titles.
1493 elm(1), mail(1), sendmail(8), popd(8), imapd(8)
1494 .SH APPLICABLE STANDARDS
1497 RFC 821, RFC 1869, RFC 1652, RFC 1870, RFC1983, RFC 1985
1506 RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939
1509 RFC 1460, RFC 1725, RFC 1939
1518 RFC 1730, RFC 1731, RFC 1732, RFC 2060, RFC 2061