The behavior of
.I fetchmail
is controlled by comand-line options and a run control file,
-.I ~/.fetchrc
+.I ~/.fetchmailrc
the syntax of which we describe below. Command-line options override
-.I ~/.fetchrc
+.I ~/.fetchmailrc
declarations.
.PP
To facilitate the use of
Each server name that you specify (following the options on the
command line) will be queried. If you don't specify any servers
on the command line, each server in your
-.I ~/.fetchrc
+.I ~/.fetchmailrc
file will be queried.
.TP
.B \-2
POP3/IMAP only. Delete old (previously retrieved) messages from the mailserver
before retrieving new messages.
.TP
-.B \-f pathname, --fetchrc pathname
-Specify an alternate name for the .fetchrc run control file.
-.TP
-.B \-i pathname, --idfile pathname
-Specify an alternate name for the .fetchids file.
+.B \-f pathname, --fetchmailrc pathname
+Specify an alternate name for the .fetchmailrc run control file.
.TP
.B \-k, --keep
Keep retrieved messages in folder on remote mailserver. Normally, messages
.I fetchmail
and ensures that your password will not be compromised. You may also specify
your password in your
-.I ~/.fetchrc
+.I ~/.fetchmailrc
file. This is convenient when using
.I fetchmail
-with automated scripts.
+in daemon mode or with scripts.
.PP
On mailservers that do not provide ordinary user accounts, your user-id and
password are usually assigned by the server administrator when you apply for
POP3 versions up to the RFC1225 version supported an alternate
authentication mechanism called RPOP intended to remove the security
risk inherent in sending unencrypted account passwords across the net
-(in RFC1460 this facility was replaced with APOP). If your .fetchrc
-file specifies an RPOP id and a connection port in the privileged
-range (1..1024),
+(in RFC1460 this facility was replaced with APOP). If you specify the
+RPOP protocol and a connection port in the privileged range (1..1024),
.I fetchmail will
-ship the id with an RPOP command rather than sending a password.
+ship your password entry to the mail server as an RPOP id.
(Note: you'll need to be running fetchmail setuid root for RPOP to
work --
.I fetchmail
has to bind to a privileged port locally in order for the mail
server to believe it's allowed to bind to a privileged remote port.)
.PP
+RFC1460 introduced APOP authentication. In this variant of POP3,
+you register an APOP password on your server host (the program
+to do this with on the server is probably called \fIpopauth\fR(8)). You
+put the same password in your
+.I .fetchmailrc
+file. Each time
+.I fetchmail
+logs in, it sends a cryptographically secure hash of your password and
+the server greeting time to the server, which can verify it by
+checking its authorization database.
+.PP
.SH OUTPUT OPTIONS
The default behavior of
.I fetchmail
fetchmail -d 900
.PP
will, therefore, poll the hosts described in your
-.I ~/.fetchrc
+.I ~/.fetchmailrc
file once every fifteen minutes.
.PP
Only one daemon process is permitted per user; in daemon mode,
option allows you to redirect status messages emitted while in daemon
mode into a specified logfile (follow the option with the logfile name).
This is primarily useful for debugging configurations.
-.SH THE FETCHRC FILE
+.SH THE RUN CONTROL FILE
The preferred way to set up fetchmail (and the only way if you want to
-specify a password) is to write a .fetchrc file in your home directory.
-To protect the security of your passwords, your ~/.fetchrc may not have
+specify a password) is to write a .fetchmailrc file in your home directory.
+To protect the security of your passwords, your ~/.fetchmailrc may not have
more than u+r,u+w permissions;
.I fetchmail
will complain and exit otherwise.
protocol (or proto)
username (or user)
password (or pass)
- rpopid
remotefolder (or remote)
localfolder (or local)
mda
flush
fetchall
rewrite
+ skip
nokeep
noflush
nofetchall
norewrite
+ noskip
port
.PP
+All these correspond to the obvuious command-line arguments except
+two: \fBpassword\fR and \fBskip\fR.
+.PP
+The \fBpassword\fR option requires a string argument, which is the password
+to be used with the entry's server.
+.PP
+The \fBskip\fR option tells
+.I fetchmail
+not to query this host unless it is explicitly named on the command
+line. A host entry with this flag will be skipped when
+.I fetchmail
+called with no arguments steps through all hosts in the run control file.
+(This option allows you to experiment with test entries safely.)
+.PP
Legal protocol identifiers are
auto (or AUTO)
.PP
.SH FILES
.TP 5
-~/.fetchrc
-default configuration file
-.TP 5
-~/.fetchids
-default location of file associating hosts with last message IDs seen
-(used only with newer RFC1725-compliant servers supporting the UIDL command).
+~/.fetchmailrc
+default run control file
.TP 5
${TMPDIR}/fetchmail-${HOST}-${USER}
lock file to help prevent concurrent runs.
requires either that both the USER and HOME environment variables are
correctly set, or that \fBgetpwuid\fR(3) be able to retrieve a password
entry from your user ID.
-.SH BUGS
+.SH KNOWN PROBLEMS
+Use of any of the supported protocols other than APOP requires that
+the program send unencrypted passwords over the TCP/IP connection to
+the mail server. This creates a risk that name/password pairs might
+be snaffled with a packet sniffer or more sophisticated monitoring
+software.
+.pp
Running more than one concurrent instance of
.I fetchmail
on the same mailbox may cause messages to be lost or remain unfetched.
+(This is a design problem of the POP2, POP3 and IMAP2bis protocols.)
.PP
-The --remotefolder option doesn't work with POP3, the protocol won't
-support it.
+If, using POP3, you find that messages you've already read on the
+server are being fetched, blame RFC1725. That late version pf the
+POP3 protocol specification ill-advisedly removed the LAST command, and
+some servers (including the one distributed with at least some
+versions of SunOS) follow it (you can verify this by invoking
+.I fetchmail -v
+and watching the response to LAST early in the query). The fix is to
+install an older POP3 server with LAST or switch to an IMAP server.
.PP
-The RPOP support, and the UIDL support for RFC1725-compliant servers
-without LAST, are not yet well tested.
+The RPOP support is not yet well tested.
.PP
Send comments, bug reports, gripes, and the like to Eric S. Raymond
<esr@thyrsus.com>.
The --password option of previous (popclient) versions has been removed -- it
encouraged people to expose passwords in scripts. Passwords
must now be specified either interactively or in your
-.I ~/.fetchrc
+.I ~/.fetchmailrc
file. The short-form -p option now specifies the protocol to use.
.PP
The reason the password isn't stored encrypted is because this doesn't
actually add protection. Anyone who's acquired permissions to read your
-fetchrc file will be able to run
+fetchmailrc file will be able to run
.I fetchmail
as you anyway -- and if it's
your password they're after, they'd be able to use the necessary decoder from
projects / ~andy / fetchmail / blobdiff