msmtp

msmtp − An SMTP plugin for MUAs

msmtp is a an SMTP "plugin" for Mutt and probably other MUAs (mail user agents). It forwards mails to an SMTP server (for example at a free mail provider) which does the delivery.

To use this program, create a configuration file with your mail account(s) and tell your MUA to call msmtp instead of /usr/sbin/sendmail.

msmtp [OPTIONS] [--] rcpt1 [[rcpt2] ...]

There must be at least one recipient mail address on the command line.

Note that long options are only available on systems that support them.

-v, --version

Print version information and exit. The version information includes a note whether OpenSSL or GnuTLS is used, and whether GSASL or the built-in code is used for authentication.

-h, --help

Print help and exit.

-f, --file=conffile

Use the given file instead of $HOME/.msmtprc as configuration file.

-a, --account=account_name

Use the given account instead of the account named "default".

--

This marks the end of options. All following arguments will be treated as recipient addresses, even if they start with a ’-’.

The configuration file ($HOME/.msmtprc by default) is a simple text file.
Empty lines and comment lines are ignored. Comment lines are lines whose first non-blank character is ’#’.
Every other line must contain a command and may contain an argument to that command. The command is the first word in the line. The argument begins with the first non-blank character after the command and ends with the last non-blank character in the line.
You may enclose the argument in double quotes ("): If the first and last character of an argument are double quotes, both are ignored and the argument is truncated to the characters between these double quotes.

Commands are:

account <name>

Start a new account definition with the given name. The first account definition in the file does not need to start with this command; it will be named "default" if it does not.

host <smtpserver>

The SMTP server to send the mail to. This host is supposed to send the mail to the recipients. The argument may be a host name, an IPv4 address in dot notation, or an IPv6 address in colon notation. Every account definition must contain this command.

port <portnumber>

The port that the SMTP server listens on. The default is 25 and should always work.

from <envelope_from>

Your mail address that the SMTP server knows of (the envelope-from address). Every account definition must contain this command.

auth [<method>]

This command enables SMTP authentication. You do not need to specify a method, msmtp can choose one for you (see below).
Available methods are: plain (the AUTH PLAIN method), login (the AUTH LOGIN method), and cram-md5 (the AUTH CRAM-MD5 method). If your version of msmtp uses GSASL for authentication (see --version), you can additionally use digest-md5 (the AUTH DIGEST-MD5 method), and ntlm (the AUTH NTLM method).
The plain and login methods send your authentication data unencrypted over the net. It may be possible for an attacker to steal your username and password unless you use the tls command to encrypt all communication with the SMTP server. The cram-md5, digest-md5 and ntlm methods send your authentication data in fairly secure ways.
If you don’t choose the method yourself, msmtp chooses the best secure method that the SMTP server supports. Secure means that your authentication data will not be sent in cleartext over the net. For TLS encrypted connections, every authentication method is secure in this sense. If TLS is not active, only DIGEST-MD5, CRAM-MD5 and NTLM are secure in this sense.
If the SMTP server supports neither TLS encryption nor a secure authentication method, you have to use auth plain or auth login to force msmtp to use an insecure authentication method.
If you activate SMTP authentication, you must give your user name and password with the appropriate commands, too.

user <login>

Set your user name for SMTP authentication.
If you did not use the auth command, this command will automatically activate SMTP authentication with automatic selection of a secure method (just as if you used auth without an argument).
Be sure that your configuration file is only readable by yourself if you store authentication data in it!

password <secret>

Set your password for SMTP authentication.
If you did not use the auth command, this command will automatically activate SMTP authentication with automatic selection of a secure method (just as if you used auth without an argument).
Be sure that your configuration file is only readable by yourself if you store authentication data in it!

tls

This command enables TLS/SSL encrypted connections to the SMTP server. Mail delivery will fail if the SMTP server does not support this feature.
The connection with the SMTP server will be protected against eavesdroppers. A sanity check will be performed on the server certificate. However, to make full use of the TLS/SSL capabilities, it is recommended to use the tls_trust_file command (see below).
If the SMTP server supports TLS/SSL encrypted connections, it is generally a good idea to use this command. If you do not know whether the SMTP server supports TLS/SSL, simply try this command, you will get an appropriate message if it does not.

tls_trust_file <filename>

This command activates strict server certificate verification.
The filename must be the absolute path name of a file in PEM format containing one or more certificates of trusted Certification Authorities (CAs), one of which certified the SMTP server you want to connect to.
When using this command, msmtp can verify the authenticity of the server it connects to. This enables the maximum security TLS/SSL offers.
This command is only useful in conjunction with the tls command.

tls_key_file <file>

This command (together with the tls_cert_file command) enables msmtp to send a client certificate to the SMTP server if requested.
The filename must be the absolute path name of a file in PEM format containing a private key.
Be sure that this file is only readable by yourself!
This command is only useful in conjunction with the tls and tls_cert_file commands.

tls_cert_file <file>

This command (together with the tls_key_file command) enables msmtp to send a client certificate to the SMTP server if requested.
The filename must be the absolute path name of a file in PEM format containing a certificate.
This command is only useful in conjunction with the tls and tls_key_file commands.

nostarttls

This command tells msmtp to assume that the remote SMTP server operates exclusively under TLS/SSL and the STARTTLS command is not needed (for example a stunnel wrapped version of regular unencrypted SMTP server).
This command is only useful in conjunction with the tls command.

keep-bcc

This command tells msmtp to keep the Bcc header in the mail. The default is to remove the Bcc before sending the mail to the SMTP server. Use this command only if you know exactly what you are doing.

# Some examples.

# Use the mail transport agent running on your computer.
account default
host localhost
from me@mybox.example

# Use an external SMTP server
account provider1
host smtp.provider1.example
from me@provider1.example

# Use an external SMTP server with authentication.
# (msmtp will not choose an authentication method
# that sends your authentication data in cleartext
# over the net.)
account provider2
host smtp.provider2.example
from m_e@provider2.example
user m_e
password s!e"c%r*e/t

# Use an external SMTP server with authentication and
# TLS encryption. (msmtp can choose any supported
# authentication method, because your authentication data
# will be protected by the TLS encryption.)
account provider3
host mail.provider3.example
from me_prov3@provider3.example
user me_prov3_111238476
password stupid_password
tls

# Use an external SMTP server with authentication
# and TLS encryption.
# Enable server certificate verification with the
# tls_trust_file command.
account provider3
host mail.provider3.example
from me_prov3@provider3.example
user me_prov3_111238476
password stupid_password
tls
tls_trust_file /home/joe/certs/CAcert_of_provider3.pem

# Use an external SMTP server with insecure
# authentication.
# (manually choose an insecure authentication method.)
# Note that the password contains blanks.
account provider4
host herb.provider4.example
from xyz@provider4.example
auth login
user xyz@provider4.example
password this will be easy to read

# Use an external SMTP server.
# Force the use of CRAM-MD5 authentication.
# Assume the server runs in TLS-only mode and listens on
# port 123.
# Note that the password contains a leading blank, thus
# double quotes are necessary.
account unusual_provider
host weird.provider.example
port 123
from name@provider.example
auth cram_md5
user name-1378
password " 10340712937"
tls
nostarttls

If you want to use msmtp with Mutt, create a configuration file for msmtp and add the following line to your Mutt configuration file:
set sendmail="/path/to/msmtp"
Do not add "--" to this line, because Mutt will add "--" itself.

You might want to add
set use_from=no
my_hdr From: "Your Name" <yourmail@yourprovider.com>
to Mutt’s configuration file (see the Mutt manual).

Note that msmtp does not understand sendmail options, so some Mutt configuration options will not work. For example, avoid "set envelope_from" (which adds the -f option to msmtp’s commandline). The envelope from address is set in your msmtp configuration file anyway.

If you have multiple mail accounts in your msmtp configuration file (called "default", "work", "extra" for example), you can easily switch between them in Mutt:

Add the following lines to your Mutt configuration file:
set sendmail="/path/to/msmtp"
macro generic "<esc>1" ":set sendmail=\"/path/to/msmtp\""
macro generic "<esc>2" ":set sendmail=\"/path/to/msmtp -a work\""
macro generic "<esc>2" ":set sendmail=\"/path/to/msmtp -a extra\""
You can now switch between the accounts with <esc>1 (use "default" account), <esc>2 (use "work" account), <esc>3 (use "extra" account).

msmtp is not intended to replace /usr/sbin/sendmail. It does not understand sendmail options and can’t do local deliveries.

msmtp was written by Martin Lambers <marlam@users.sourceforge.net>

The base64enc(), base64dec(), and cram_md5() functions used by the built-in authentication code were adapted from GNU Anubis, Copyright (C) 2001, 2002 The Anubis Team.