path: root/fetchmail.man

.\" For license terms, see the file COPYING in this directory.
.TH fetchmail LOCAL
.SH NAME
fetchmail \- deliver mail fetched from a POP or IMAP server
.SH SYNOPSIS
.B fetchmail
[\fI options \fR] \fI [server-host...]\fR
.SH DESCRIPTION
.I fetchmail
is a batch mail-retrieval/forwarding utility; it fetches
mail from remote mailservers and forwards it to your local (client)
machine's delivery system.  You can then handle the retrieved mail
using normal mail user agents such as \fIelm\fR(1) or \fIMail\fR(1).
The \fBfetchmail\fR utility can be run in a daemon mode to repeatedly
poll one or more systems at a specified interval.
.PP
The
.I fetchmail
program can gather mail from servers supporting any of the common
mail-retrieval protocols: POP2 (as specified in RFC 937), POP3 (RFC
1939), IMAP2bis (as implemented by the 4.4BSD imapd program), and
IMAP4 (as specified by RFC 1730).  It can use (but does not require)
the LAST facility removed from later POP3 versions.
.PP
While
.I fetchmail
is primarily intended to be used over on-demand TCP/IP links (such as
SLIP or PPP connections), it may also be useful as a message transfer
agent for sites which refuse for security reasons to permit
(sender-initiated) SMTP transactions with sendmail.
.PP
As each message is retrieved \fIfetchmail\fR normally delivers it via SMTP to
port 25 on the machine it is running on (localhost), just as though it
were being passed in over a normal TCP/IP link.  The mail will then be
delivered locally via your system's MDA (Mail Delivery Agent, usually
\fI/usr/lib/sendmail\fR but your system may use a different one such
as \fIsmail\fR, \fImmdf\fR, or \fIqmail\fR).  All the delivery-control
mechanisms (such as \fI.forward\fR files) normally available through
your system MDA will therefore work.
.PP
The behavior of
.I fetchmail
is controlled by command-line options and a run control file,
\fI~/.fetchmailrc\fR, the syntax of which we describe below.  Command-line
options override
.I ~/.fetchmailrc
declarations.
.PP
To facilitate the use of
.I fetchmail
In scripts, pipelines, etc., it returns an appropriate exit code upon 
termination -- see EXIT CODES below.
.SH OPTIONS
The following options modify the behavior of \fIfetchmail\fR.  It is
seldom necessary to specify any of these once you have a
working \fI.fetchmailrc\fR file set up.
.TP
.B \-a, --all
Retrieve both old (seen) and new messages from the mailserver.  The
default is to fetch only messages the server has not marked seen.
Note that POP2 retrieval, and POP3 retrieval on servers without the
LAST command, behaves as though --all is always on (see RETRIEVAL
FAILURE MODES below).
.TP
.B \-S host, --smtphost host
Specify an host to forward mail to (other than localhost).
.TP
.B \-m, \--mda
You can force mail to be passed to an MDA directly (rather than
forwarded to port 25) with the -mda or -m
option (this can be useful if you don't want to run sendmail as an
SMTP listener for security or other reasons).  
Some possible MDAs are "/usr/sbin/sendmail -oem %s",
"/usr/lib/sendmail -oem %s",
"/usr/bin/formail", and "/usr/bin/deliver %s" (if the MDA command contains
%s, that escape will be expanded into your username on the client
machine). If \fIfetchmail\fR is running as root, it sets its userid to
that of the target user while delivering mail through an MDA.
.TP
.B \-F, --flush
POP3/IMAP only.  Delete old (previously retrieved) messages from the mailserver
before retrieving new messages.
.TP
.B \-c, --check
Return a status code to indicate whether there is mail waiting,
without actually fetching or deleting mail (see EXIT CODES below).
(This option doesn't play well with queries to multiple sites.)
.TP
.B \-f pathname, --fetchmailrc pathname
Specify a non-default name for the 
.I .fetchmailrc
run control file.
.TP
.B \-i pathname, --idfile pathname
Specify an alternate name for the .fetchids file used to save POP3
UIDs. 
.TP
.B \-k, --keep
Keep retrieved messages in folder on remote mailserver.  Normally, messages 
are deleted from the folder on the mailserver after they have been retrieved.
Specifying the 
.B keep 
option causes retrieved messages to remain in your folder on the mailserver.
.TP
.B \-K, --kill
Delete retrieved messages from the remote mailserver.  This
option forces retrieved mail to be deleted.  It may be useful if
you have specified a default of \fBnokill\fR in your \fI.fetchmailrc\fR.
.TP
.B \-p, \--protocol proto
Specify the protocol to used when communicating with the remote 
mailserver.  If no protocol is specified,
.I fetchmail
will try each of the supported protocols in turn, terminating after
any successful attempt.
.I proto 
may be one of the following:
.RS
.IP IMAP
IMAP2bis, a compatible subset of IMAP4.
.IP POP2
Post Office Protocol 2
.IP POP3
Post Office Protocol 3
.IP APOP
Use POP3 with MD5 authentication.
.IP KPOP
Use POP3 with Kerberos authentication on port 1109.
.RE
.TP
.B \-P, --port
The  option permits you to specify a TCP/IP port to connect on. 
This option will seldom be necessary as all the supported protocols have
well-established default port numbers.
.TP
.B \-A, --auth
This option permits you to specify an authentication type (see USER
AUTHENTICATION below for details).  The possible values are
\&`\fBpassword\fR and `\fBkerberos\fR'.  This option is provided
primarily for developers; choosing KPOP protocol automatically selects
Kerberos authentication, and all other alternatives use ordinary
password authentication (though APOP uses a generated one-time
key as the password).
.TP
.B \-r folder, --remote folder
Causes a specified non-default mail folder on the mailserver to be retrieved.
The syntax of the folder name is server dependent, as is the default
behavior when no folder is specified.
.TP
.B \-s, --silent
Silent mode.  Suppresses all progress/status messages that are normally
echoed to standard error during a fetch.  If both the 
.B silent
and
.B verbose
options are specified, the 
.B verbose
option takes precedence.
.TP
.B \-u name, --username name
Specifies the user idenfication to be used when logging-in to the mailserver.
The appropriate user identification is both server and user-dependent.  
The default is your login name on the machine that is running 
.I fetchmail.
See USER AUTHENTICATION below for a complete description.
.TP
.B \-v, --verbose
Verbose mode.  All control messages passed between 
.I fetchmail
and the mailserver are echoed to stderr.  Specifying
.B verbose
causes normal progress/status messages which would be redundant or meaningless
to be modified or omitted.
.TP
.B \-n, --norewrite
Normally,
.I fetchmail
edits RFC-822 address headers (To, From, Cc, Bcc, and Reply-To) in
fetched mail so that any mail IDs local to the server are expanded to
full addresses (@ and the mailserver hostname are appended).  This enables 
replies on the client to get addressed correctly (otherwise your
mailer might think they should be addressed to local users on the
client machine).  This option disables the rewrite.
.TP
.B \-V, --version
Displays the version information for your copy of 
.I fetchmail.
No POP connection is made.
Instead, for each server specified, all option information
that would be computed if
.I fetchmail.
were connecting to that server is displayed.  Any non-printables in
passwords or other string names are shown as backslashed C-like
escape sequences.
.PP
Each server name that you specify following the options on the
command line will be queried.  If you don't specify any servers
on the command line, each server in your 
.I ~/.fetchmailrc
file will be queried.
.SH USER AUTHENTICATION
Normal user authentication in 
.I fetchmail
is very much like the authentication mechanism of 
.I ftp(1).
The correct user-id and password depend upon the underlying security
system at the mailserver.  
.PP
If the mailserver is a Unix machine on which you have an ordinary user 
account, your regular login name and password are used with 
.I fetchmail.
If you use the same login name on both the server and the client machines,
you needn't worry about specifying a user-id with the 
.B \-u
option \-\- 
the default behavior is to use your login name on the client machine as the 
user-id on the server machine.  If you use a different login name
on the server machine, specify that login name with the
.B \-u
option.  e.g. if your login name is 'jsmith' on a machine named 'mailgrunt',
you would start 
.I fetchmail 
as follows:
.IP
fetchmail -u jsmith mailgrunt
.PP
The default behavior of 
.I fetchmail
is to prompt you for your mailserver password before the connection is
established.  This is the safest way to use 
.I fetchmail
and ensures that your password will not be compromised.  You may also specify
your password in your
.I ~/.fetchmailrc
file.  This is convenient when using 
.I fetchmail
in daemon mode or with scripts.
.PP
On mailservers that do not provide ordinary user accounts, your user-id and 
password are usually assigned by the server administrator when you apply for 
a mailbox on the server.  Contact your server administrator if you don't know 
the correct user-id and password for your mailbox account.
.PP
RFC1460 introduced APOP authentication.  In this variant of POP3,
you register an APOP password on your server host (the program
to do this with on the server is probably called \fIpopauth\fR(8)).  You
put the same password in your 
.I .fetchmailrc
file.  Each time 
.I fetchmail
logs in, it sends a cryptographically secure hash of your password and
the server greeting time to the server, which can verify it by
checking its authorization database. 
.PP
If your \fIfetchmail\fR was built with Kerberos support and you specify 
Kerberos authentication (either with --auth or the \fI.fetchmailrc\fR
option \fBauthenticate kerberos\fR) it will try to get a Kerberos
ticket from the mailserver at the start of each query. 
.SH DAEMON MODE
The 
.B --daemon
or
.B -d 
option runs 
.I fetchmail
in daemon mode.  You must specify a numeric argument which is a
polling interval in seconds.
.PP
In daemon mode, 
.I fetchmail
puts itself in background and runs forever, querying each specified
host and then sleeping for the given polling interval.
.PP
Simply invoking
.IP
fetchmail -d 900
.PP
will, therefore, poll the hosts described in your 
.I ~/.fetchmailrc
file once every fifteen minutes.
.PP
Only one daemon process is permitted per user; in daemon mode,
.I fetchmail
makes a per-user lockfile to guarantee this.  The option
.B --quit
will kill a running daemon process.  Otherwise, calling fetchmail with
a daemon in the background sends a wakeup signal to the daemon,
forcing it to poll mailservers immediately.
.PP
The 
.B -t
or
.B --timeout
option allows you to set a server-nonresponse timeout in seconds.  If
a mailserver does not send a greeting message or respond to commands for
the given number of seconds, \fIfetchmail\fR will hang up on it.
Without such a timeout \fIfetchmail\fR might hang up indefinitely
trying to fetch mail from a down host.  This would be particularly
annoying for a \fIfetchmail\fR running in background.
.PP
The
.B -L
or
.B --logfile
option allows you to redirect status messages emitted while in daemon
mode into a specified logfile (follow the option with the logfile name).
The logfile is opened for append, so previous messages aren't deleted.
This is primarily useful for debugging configurations.
.SH RETRIEVAL FAILURE MODES
The protocols \fIfetchmail\fR uses to talk to mailservers are next to
bulletproof.  In normal operation forwarding to port 25, no message is
ever deleted (or even marked for deletion) on the host until the SMTP
listener on the client has acknowledged to \fIfetchmail\fRthat the
message has been accepted for delivery.  When forwarding to an MDA,
however, there is more possibility of error (because there's no way
for fetchmail to get a reliable positive acknowledgement from the MDA).
.PP
The normal mode of \fIfetchmail\fR is to try to download only `new'
messages, leaving untouched (and undeleted) messages you have already
read directly on the server (or fetched with a previous \fIfetchmail
--keep\fR).  But you may find that messages you've already read on the
server are being fetched (and deleted) even when you don't specify
--all.  There are several reasons this can happen.
.PP
One could be that you're using POP2.  The POP2 protocol includes no
representation of `new' or `old' state in messages, so \fIfetchmail\fR
must treat all messages as new all the time.  But POP2 is obsolete, so
this is unlikely.
.PP
Under POP3, blame RFC1725.  That version of the POP3 protocol
specification removed the LAST command, and some POP servers follow it
(you can verify this by invoking \fIfetchmail -v\fR to the mailserver
and watching the response to LAST early in the query).  The
\fIfetchmail\fR code tries to compensate by using POP3's UID feature,
storing the identifiers of messages seen in each session until the
next session, in the \fI.fetchids\fR file.  But this doesn't track
messages seen with other clients, or read but not deleted directly with
a mailer on the host.  A better solution would be to switch to IMAP.
.PP
Another potential POP3 problem might be servers that insert messages
in the middle of mailboxes (some VMS implementations of mail are
rumored to do this).  The \fIfetchmail\fR code assumes that new
messages are appended to the end of the mailbox; when this is not true
it may treat some old messages as new and vice versa.  The only 
real fix for this problem is to  switch to IMAP.
.PP
The IMAP code uses the presence or absence of the server flag \eSeen
to decide whether or not a message is new.  Under Unix, it counts on
your IMAP server to notice the BSD-style Status flags set by mail user
agents and set the \Seen flag from them when appropriate.  All Unix
IMAP servers we know of do this, though it's not specified by the IMAP
RFCs.  If you ever trip over a server that doesn't, the symptom will
be that messages you have already read on your host will look new to
the server.  In this (unlikely) case, only messages you fetched with
\fIfetchmail --keep\fR will be both undeleted and marked old.
.SH THE RUN CONTROL FILE
The preferred way to set up fetchmail (and the only way if you want to
avoid specifying passwords each time it runs) is to write a
\fI.fetchmailrc\fR file in your home directory.  To protect the security
of your passwords, your \fI~/.fetchmailrc\fR may not have more than u+r,u+w
permissions;
.I fetchmail
will complain and exit otherwise.
.PP
Comments begin with a '#' and extend through the end of the line.
Otherwise the file consists of a series of free-format server entries.
Any amount of whitespace separates keywords, tokens, or strings 
in server entries but is otherwise ignored (but whitespace enclosed
in double quotes is treated as part of the string).
Keywords and identifiers are case sensitive.
You may use standard C-style escapes (\en, \et, \eb, octal, and hex)
to embed non-printable characters or string delimiters in strings.
When there is a conflict between the command-line arguments and the
arguments in this file, the command-line arguments take precedence.
.PP
Each server entry consists of the keyword \fBserver\fR, followed by a
server name, followed by server options, followed by any number of
user descriptions.
.PP
Legal server options are:

    server
    protocol (or proto)
    port
    skip
    noskip
    authenticate (or auth)
    timeout

Legal user options are

    username (or user)
    is
    to
    password (or pass)
    remotefolder (or remote)
    smtphost (or smtp)
    mda
    keep
    flush
    fetchall
    rewrite
    nokeep
    noflush
    nofetchall
    norewrite
.PP
All options correspond to the obvious command-line arguments except
four: \fBis\fR, \fBto\fR, \fBpassword\fR and \fBskip\fR.
.PP
The \fBis\fR or \fIto\fR keywords associate a following local
username with the mailserver user name in the entry.  They are intended
to be used in configurations where \fIfetchmail\fR runs as root and
retrieves mail for multiple local users.  If no \fBis\fR or \fIto\fR 
clause is present, the default local username is the calling user,
unless the calling user is root in which case it is the remote user
name of the current entry.
.PP
The \fBpassword\fR option requires a string argument, which is the password
to be used with the entry's server.
.PP
The \fBskip\fR option tells
.I fetchmail 
not to query this host unless it is explicitly named on the command
line.  A host entry with this flag will be skipped when
.I fetchmail
called with no arguments steps through all hosts in the run control file.
(This option allows you to experiment with test entries safely, or easily
disable entries for hosts that are temporarily down.)
.PP
Legal protocol identifiers are

    auto (or AUTO)
    pop2 (or POP2)
    pop3 (or POP3)
    imap (or IMAP)
    apop (or APOP)
    kpop (or KPOP)

.PP
Legal authentication types are `password' or `kerberos'.  The former
specifies authentication by normal transmission of a password (the
password may be plaintext or subject to protocol-specific encryption
as in APOP); the second tells \fIfetchmail\fR to try to get a Kerberos
ticket at the start of each query instead, and send an arbitrary
string as the password.
.PP
Specifying \fBkpop\fR sets POP3 protocol over port 1109 with Kerberos
authentication.  These defaults may be overridden by later options.
.PP
You can use the `noise' keywords \fBand\fR, \fBwith\fR,
\fBhas\fR, \fBwants\fR, and \fBoptions\fR anywhere in an entry to make
it resemble English.  They're ignored, but but can make entries much
easier to read at a glance.  The punctuation characters ':', ';' and
',' are also ignored.
.PP
The words \fBhere\fR and \fBthere\fR have useful English-like
significance.  Normally `\fBuser eric is esr\fR' would mean that 
mail for the remote user \fBeric\fR is to be delivered to \fBesr\fR,
but you can make this clearer by saying `\fBuser eric there is esr here\fR',
or reverse it by saying `\fBuser esr here is eric there\fR'
.PP
Finally, instead of saying `\fBserver fubar.com skip\fR ...' you can say
\&`\fBskip server fubar.com\fR ...'
.PP
Basic format is:

.nf
  server SERVERNAME protocol PROTOCOL username NAME password PASSWORD 
.fi
.PP
Example:

.nf
  server pop.provider.net protocol pop3 username jsmith password secret1
.fi
.PP
Or, using some abbreviations:

.nf
  server pop.provider.net proto pop3 user jsmith password secret1
.fi
.PP
Multiple servers may be listed:

.nf
  server pop.provider.net proto pop3 user jsmith pass secret1
  server other.provider.net proto pop2 user John.Smith pass My^Hat
.fi

Here's a version of those two with more whitespace and some noise words: 

.nf
  server pop.provider.net proto pop3
      user jsmith, with password secret1, is jsmith here;
  server other.provider.net proto pop2:
      user John.Smith with password My^Hat, is John.Smith here;
.fi

This version is much easier to read and doesn't cost significantly
more (parsing is done only once, at startup time).

.PP
If you need to include whitespace in a parameter string, enclose the
string in double quotes.  Thus:

.nf
  server mail.provider.net with proto pop3:
        user jsmith there has password "u can't krak this"
                    is jws here and wants mda "/bin/mail %s"
.fi

You may have an initial server description headed by the keyword
`defaults' instead of `server' followed by a name.  Such a record
is interpreted as defaults for all queries to use. It may be overwritten
by individual server descriptions.  So, you could write:

.nf
  defaults proto pop3
        user jsmith
  server pop.provider.net
        pass secret1
  server mail.provider.net
        user jjsmith there has password secret2
.fi

It's possible to specify more than one user per server (this is only
likely to be useful when running fetchmail in daemon mode as root).
The \fBuser\fR keyword leads off a user description, and every user
description except optionally the first one must include it.  (If the
first description lacks the \fBuser\fR keyword, the name of the
invoking user is used.) Here's a contrived example:

.nf
  server pop.provider.net proto pop3 port 3111
        pass gumshoe
        user jsmith with pass secret1 is smith here
        user jones with pass secret2 is jjones here
.fi

This says that the user invoking \fIfetchmail\fR has the same username
on pop.provider.net, and password `gumshoe' there.
It also associates the local username `smith' with the pop.provider.net
username `jsmith' and the local username `jones' with the pop.provider.net
username `jjones'.
.PP
This example is contrived because, in practice, you are very unlikely
to be specifying multiple users per server unless running it as root
(thus the \fBpass gumshoe\fR would try to fetch root's mail on
pop-provider.net, which is probably not what you want).
In any case, we strongly recommend always having an explicit
\fBuser\fR clause when specifying multiple users for server.
.SH EXIT CODES
To facilitate the use of 
.I fetchmail
in shell scripts, an exit code is returned to give an indication
of what occurred during a given connection.
.PP
The exit codes returned by 
.I fetchmail
are as follows:
.IP 0
One or more messages were successfully retrieved.
.IP 1
There was no mail awaiting retrieval.
.IP 2
An error was encountered when attempting to open a socket for the POP 
connection.  If you don't know what a socket is, don't worry about it --
just treat this as an 'unrecoverable error'.
.IP 3
The user authentication step failed.  This usually means that a bad 
user-id, password, or APOP id was specified.
.IP 4
Some sort of fatal protocol error was detected.
.IP 5
There was a syntax error in the arguments to 
.I fetchmail.
.IP 6
The run control file had bad permissions.
.IP 7
There was an error condition reported by the server (POP3 only).
.IP 8
Exclusion error.  This means 
.I fetchmail
either found another copy of itself already running, or failed in such
a way that it isn't sure whether another copy is running.
.IP 9
The 
.I fetchmail.
run failed while trying to do an SMTP port open or transaction.
.IP 10
Internal error.  You should see a message on standard error with
details.
.PP
When
.I fetchmail
queries more than one host, the returned status is that of the last
host queried.
.SH AUTHORS
.I fetchmail
was originated (under the name `popclient') by Carl Harris at Virginia
Polytechnic Institute and State University (a.k.a. Virginia Tech).
.PP
Version 3.0 of popclient was extensively rewritten and improved by
Eric S. Raymond <esr@snark.thyrsus.com>. The program's name was
then changed to
.I fetchmail
to reflect both the presence of IMAP support and the symmetry with sendmail
created by the new SMTP forwarding default.
.SH BACKWARD COMPATIBILITY
If called through a link named `popclient', \fIfetchmail\fR will
look in ~/.poprc for its run control file.  As long as the file does
not use the removed \fBlimit\fR or \fBlocalfolder\fR options, this
will often work.  (The new run control file syntax also has to be a
little stricter about the order of options than the old, in order to
support multiple user desriptions per server; thus you may have to
rearrange things a bit.)
.SH FILES
.TP 5
~/.fetchmailrc
default run control file
.TP 5
~/.fetchids
default location of file associating hosts with last message IDs seen
(used only with newer RFC1725-compliant POP3 servers supporting the
UIDL command).
.TP 5
${TMPDIR}/fetchmail-${USER}
lock file to help prevent concurrent runs.
.SH ENVIRONMENT
For correct initialization, 
.I fetchmail
requires either that both the USER and HOME environment variables are
correctly set, or that \fBgetpwuid\fR(3) be able to retrieve a password
entry from your user ID.
.SH BUGS AND KNOWN PROBLEMS
Use of any of the supported protocols other than APOP or KPOP requires
that the program send unencrypted passwords over the TCP/IP connection
to the mailserver.  This creates a risk that name/password pairs
might be snaffled with a packet sniffer or more sophisticated
monitoring software.
.PP
Send comments, bug reports, gripes, and the like to Eric S. Raymond
<esr@thyrsus.com>.
.SH SEE ALSO
elm(1), mail(1), sendmail(8), popd(8), imapd(8);
RFC 937, RFC 1081, RFC1176, RFC 1225, RFC 1460, RFC 1725, RFC1939.