.\" Load www macros to process .URL requests, this requires groff:
.mso www.tmac
.\"
-.TH fetchmail 1 "fetchmail 6.3.18" "fetchmail" "fetchmail reference manual"
+.TH fetchmail 1 "fetchmail 6.3.19" "fetchmail" "fetchmail reference manual"
.SH NAME
fetchmail \- fetch mail from a POP, IMAP, ETRN, or ODMR-capable server
.IP
.nf
-env LC_ALL=C fetchmail -V -v --nodetach --nosyslog
+env LC_ALL=C fetchmail \-V \-v \-\-nodetach \-\-nosyslog
.fi
.IP
(This command line prints in English how fetchmail understands your
.IP
.nf
-env LC_ALL=C fetchmail -vvv --nodetach --nosyslog
+env LC_ALL=C fetchmail \-vvv \-\-nodetach \-\-nosyslog
.fi
.IP
(This command line actually runs fetchmail with verbose English output.)
.IP
Beginning with fetchmail 6.3.10, the SMTP client uses the recommended minimum
timeouts from RFC-5321 while waiting for the SMTP/LMTP server it is talking to.
-You can raise the timeouts even more, but you cannot shorten it. This is to
+You can raise the timeouts even more, but you cannot shorten them. This is to
avoid a painful situation where fetchmail has been configured with a short
timeout (a minute or less), ships a long message (many MBytes) to the local
MTA, which then takes longer than timeout to respond "OK", which it eventually
(Keyword: sslproto)
.br
Forces an SSL/TLS protocol. Possible values are \fB''\fP,
-\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged
-and should only be used as a last resort) \&'\fBSSL3\fP', and
+\&'\fBSSL23\fP' (note however that fetchmail, since v6.3.20, prohibits
+negotiation of SSLv2 -- it has been deprecated for 15 years and is
+insecure), \&'\fBSSL3\fP', and
\&'\fBTLS1\fP'. The default behaviour if this option is unset is: for
-connections without \-\-ssl, use \&'\fBTLS1\fP' that fetchmail will
+connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
opportunistically try STARTTLS negotiation with TLS1. You can configure
this option explicitly if the default handshake (TLS1 if \-\-ssl is not
-used, does not work for your server.
+used) does not work for your server.
.IP
Use this option with '\fBTLS1\fP' value to enforce a STARTTLS
connection. In this mode, it is highly recommended to also use
-\-\-sslcertck (see below).
+\-\-sslcertck (see below). Note that this will then cause fetchmail
+v6.3.19 to force STARTTLS negotiation even if it is not advertised by
+the server.
.IP
To defeat opportunistic TLSv1 negotiation when the server advertises
-STARTTLS or STLS, use \fB''\fP. This option, even if the argument is
-the empty string, will also suppress the diagnostic 'SERVER:
-opportunistic upgrade to TLS.' message in verbose mode. The default is
-to try appropriate protocols depending on context.
+STARTTLS or STLS, and use a cleartext connection use \fB''\fP. This
+option, even if the argument is the empty string, will also suppress the
+diagnostic 'SERVER: opportunistic upgrade to TLS.' message in verbose
+mode. The default is to try appropriate protocols depending on context.
.TP
.B \-\-sslcertck
(Keyword: sslcertck)
Finally, we strongly advise that you do \fBnot\fP use qmail-inject. The
command line interface is non-standard without providing benefits for
-typical use, and fetchmail makes no attempts to accomodate
+typical use, and fetchmail makes no attempts to accommodate
qmail-inject's deviations from the standard. Some of qmail-inject's
command-line and environment options are actually dangerous and can
cause broken threads, non-detected duplicate messages and forwarding
TLS with client authentication and specify \fBgssapi\fP or
\&\fBkerberos_v4\fP if you are using a protocol variant that employs
GSSAPI or K4. Choosing KPOP protocol automatically selects Kerberos
-authentication. This option does not work with ETRN.
+authentication. This option does not work with ETRN. GSSAPI service names are
+in line with RFC-2743 and IANA registrations, see
+.URL http://www.iana.org/assignments/gssapi-service-names/ "Generic Security Service Application Program Interface (GSSAPI)/Kerberos/Simple Authentication and Security Layer (SASL) Service Names" .
.SS Miscellaneous Options
.TP
.B \-f <pathname> | \-\-fetchmailrc <pathname>
POSIX-compliant shell and add
.nf
-|| [ $? -eq 1 ]
+|| [ $? \-eq 1 ]
.fi
to the end of the fetchmail command line, note that this leaves 0
session ID (this elaborate logic is designed to handle the case of
multiple names per userid gracefully).
+.IP \fBFETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN\fP
+(since v6.3.20):
+If this environment variable is set and not empty, fetchmail will NOT mark
+messages retrieved through IMAP as \\Seen as they are deleted. On some servers,
+for instance HP OpenMail and MS Exchange, this suppresses delivery
+notifications. The default (if this variable is unset or empty) is to mark
+messages as \\Seen and \\Deleted at the same time.
+
.IP \fBFETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS\fP
(since v6.3.17):
If this environment variable is set and not empty, fetchmail will always load
RFC 2033.
.TP 5
GSSAPI:
-RFC 1508.
+RFC 1508, RFC 1734,
+.URL http://www.iana.org/assignments/gssapi-service-names/ "Generic Security Service Application Program Interface (GSSAPI)/Kerberos/Simple Authentication and Security Layer (SASL) Service Names" .
.TP 5
TLS:
RFC 2595.