man pages section 1: User Commands

Exit Print View

Updated: July 2014

fetchmail (1)


fetchmail - ble server


fetchmail [option...] [mailserver...]


fetchmail reference manual                           fetchmail(1)

     fetchmail - fetch mail from a POP, IMAP, ETRN, or ODMR-capa-
     ble server

     fetchmail [option...] [mailserver...]

     fetchmail is a mail-retrieval  and  forwarding  utility;  it
     fetches mail from remote mailservers and forwards it to your
     local (client) machine's delivery system.  You can then han-
     dle the retrieved mail using normal mail user agents such as
     mutt(1), elm(1) or Mail(1).  The fetchmail  utility  can  be
     run  in a daemon mode to repeatedly poll one or more systems
     at a specified interval.

     The fetchmail program can gather mail from servers  support-
     ing   any  of  the  common  mail-retrieval  protocols:  POP2
     (legacy, to be removed from future release), POP3, IMAP2bis,
     IMAP4, and IMAP4rev1.  It can also use the ESMTP ETRN exten-
     sion and ODMR.  (The RFCs describing all these protocols are
     listed at the end of this manual page.)

     While  fetchmail  is  primarily intended to be used over on-
     demand TCP/IP links (such as SLIP or  PPP  connections),  it
     may  also  be  useful  as a message transfer agent for sites
     which refuse for security reasons to  permit  (sender-initi-
     ated) SMTP transactions with sendmail.

     For  troubleshooting,  tracing  and  debugging,  you need to
     increase fetchmail's verbosity to actually see what happens.
     To  do  that, please run both of the two following commands,
     adding all of the options you'd normally use.

          env LC_ALL=C fetchmail -V -v --nodetach --nosyslog

          (This command line  prints  in  English  how  fetchmail
          understands your configuration.)

          env LC_ALL=C fetchmail -vvv  --nodetach --nosyslog

          (This command line actually runs fetchmail with verbose
          English output.)

fetchmail         Last change: fetchmail 6.3.22                 1

fetchmail reference manual                           fetchmail(1)

     Also see

     You can omit the LC_ALL=C part above if you want  output  in
     the  local language (if supported). However if you are post-
     ing to mailing lists, please leave it in. The maintainers do
     not   necessarily   understand  your  language,  please  use

     If fetchmail is used with a POP or an IMAP server  (but  not
     with  ETRN  or ODMR), it has two fundamental modes of opera-
     tion for each user account from  which  it  retrieves  mail:
     singledrop- and multidrop-mode.

     In singledrop-mode,
          fetchmail  assumes  that  all  messages  in  the user's
          account (mailbox) are intended for a single  recipient.
          The  identity  of  the recipient will either default to
          the local user currently executing fetchmail,  or  will
          need  to  be  explicitly specified in the configuration

          fetchmail uses  singledrop-mode  when  the  fetchmailrc
          configuration  contains  at  most  a  single local user
          specification for a given server account.

     In multidrop-mode,
          fetchmail assumes that the mail server account actually
          contains  mail  intended  for  any  number of different
          recipients.   Therefore,  fetchmail  must  attempt   to
          deduce  the  proper  "envelope recipient" from the mail
          headers of each message.  In this  mode  of  operation,
          fetchmail almost resembles a mail transfer agent (MTA).

          Note that neither  the  POP  nor  IMAP  protocols  were
          intended  for  use  in this fashion, and hence envelope
          information is often not directly available.   The  ISP
          must  stores  the  envelope information in some message
          header and. The ISP must also store  one  copy  of  the
          message  per  recipient. If either of the conditions is
          not fulfilled,  this  process  is  unreliable,  because
          fetchmail  must  then resort to guessing the true enve-
          lope recipient(s) of a message. This usually fails  for
          mailing  list messages and Bcc:d mail, or mail for mul-
          tiple recipients in your domain.

          fetchmail uses multidrop-mode when more than one  local
          user  and/or  a  wildcard is specified for a particular
          server account in the configuration file.

fetchmail         Last change: fetchmail 6.3.22                 2

fetchmail reference manual                           fetchmail(1)

     In ETRN and ODMR modes,
          these considerations do not apply, as  these  protocols
          are  based  on  SMTP,  which provides explicit envelope
          recipient information. These protocols  always  support
          multiple recipients.

     As each message is retrieved, fetchmail normally delivers it
     via SMTP to port 25 on the machine it is running on  (local-
     host),  just as though it were being passed in over a normal
     TCP/IP link.  fetchmail provides the  SMTP  server  with  an
     envelope  recipient  derived  in the manner described previ-
     ously.  The mail will then be delivered  according  to  your
     MTA's rules (the Mail Transfer Agent is usually sendmail(8),
     exim(8), or postfix(8)).  Invoking your system's  MDA  (Mail
     Delivery  Agent) is the duty of your MTA.  All the delivery-
     control mechanisms (such as .forward files) normally  avail-
     able  through your system MTA and local delivery agents will
     therefore be applied as usual.

     If your fetchmail configuration sets a local  MDA  (see  the
     --mda  option),  it will be used directly instead of talking
     SMTP to port 25.

     If the program fetchmailconf is available,  it  will  assist
     you  in  setting up and editing a fetchmailrc configuration.
     It runs under the X window system and requires that the lan-
     guage  Python  and  the Tk toolkit (with Python bindings) be
     present on your system.  If you are first setting up  fetch-
     mail  for  single-user  mode, it is recommended that you use
     Novice mode.   Expert  mode  provides  complete  control  of
     fetchmail  configuration,  including the multidrop features.
     In either case, the 'Autoprobe' button  will  tell  you  the
     most  capable protocol a given mailserver supports, and warn
     you of potential problems with that server.

     The behavior of  fetchmail  is  controlled  by  command-line
     options  and  a run control file, ~/.fetchmailrc, the syntax
     of which we describe in a later section (this file  is  what
     the  fetchmailconf  program  edits).   Command-line  options
     override ~/.fetchmailrc declarations.

     Each server name that you specify following the  options  on
     the  command line will be queried.  If you don't specify any
     servers on the command  line,  each  'poll'  entry  in  your
     ~/.fetchmailrc file will be queried.

     To facilitate the use of fetchmail in scripts and pipelines,
     it returns an appropriate exit code upon termination --  see
     EXIT CODES below.

fetchmail         Last change: fetchmail 6.3.22                 3

fetchmail reference manual                           fetchmail(1)

     The  following options modify the behavior of fetchmail.  It
     is seldom necessary to specify any of these once you have  a
     working .fetchmailrc file set up.

     Almost all options have a corresponding keyword which can be
     used to declare them in a .fetchmailrc file.

     Some special options are not covered  here,  but  are  docu-
     mented instead in sections on AUTHENTICATION and DAEMON MODE
     which follow.

  General Options
     -V | --version
          Displays the  version  information  for  your  copy  of
          fetchmail.   No  mail fetch is performed.  Instead, for
          each server specified, all the option information  that
          would  be computed if fetchmail were connecting to that
          server is displayed.  Any non-printables  in  passwords
          or  other  string names are shown as backslashed C-like
          escape sequences.  This option is useful for  verifying
          that your options are set the way you want them.

     -c | --check
          Return  a status code to indicate whether there is mail
          waiting, without actually  fetching  or  deleting  mail
          (see  EXIT  CODES below).  This option turns off daemon
          mode (in which it would be useless).  It  doesn't  play
          well  with  queries to multiple sites, and doesn't work
          with ETRN or ODMR.  It will return a false positive  if
          you  leave read but undeleted mail in your server mail-
          box and your fetch protocol can't  tell  kept  messages
          from  new ones.  This means it will work with IMAP, not
          work with POP2, and may occasionally  flake  out  under

     -s | --silent
          Silent  mode.   Suppresses all progress/status messages
          that are normally echoed to standard  output  during  a
          fetch  (but  does  not suppress actual error messages).
          The --verbose option overrides this.

     -v | --verbose
          Verbose mode.   All  control  messages  passed  between
          fetchmail  and  the  mailserver  are  echoed to stdout.
          Overrides  --silent.   Doubling  this  option  (-v  -v)
          causes extra diagnostic information to be printed.

          (since  v6.3.10,  Keyword:  set  no  softbounce,  since
          Hard bounce mode. All permanent delivery  errors  cause
          messages  to  be  deleted from the upstream server, see

fetchmail         Last change: fetchmail 6.3.22                 4

fetchmail reference manual                           fetchmail(1)

          "no softbounce" below.

          (since v6.3.10, Keyword: set softbounce, since v6.3.10)
          Soft  bounce  mode. All permanent delivery errors cause
          messages to be left on the upstream server if the  pro-
          tocol  supports  that. Default to match historic fetch-
          mail documentation, to be changed to hard  bounce  mode
          in the next fetchmail release.

  Disposal Options
     -a | --all | (since v6.3.3)
          (Keyword: fetchall, since v3.0)
          Retrieve  both  old  (seen)  and  new messages from the
          mailserver.  The default is to fetch only messages  the
          server  has  not  marked seen.  Under POP3, this option
          also forces the use of RETR rather than TOP.  Note that
          POP2  retrieval  behaves  as  though --all is always on
          (see RETRIEVAL FAILURE MODES  below)  and  this  option
          does  not  work  with  ETRN  or ODMR.  While the -a and
          --all command-line and  fetchall  rcfile  options  have
          been supported for a long time, the --fetchall command-
          line option was added in v6.3.3.

     -k | --keep
          (Keyword: keep)
          Keep retrieved messages on the remote mailserver.  Nor-
          mally,  messages  are  deleted  from  the folder on the
          mailserver after they have been retrieved.   Specifying
          the  keep option causes retrieved messages to remain in
          your folder on the mailserver.  This  option  does  not
          work with ETRN or ODMR. If used with POP3, it is recom-
          mended to also specify the --uidl option or  uidl  key-

     -K | --nokeep
          (Keyword: nokeep)
          Delete  retrieved  messages from the remote mailserver.
          This option forces retrieved mail to  be  deleted.   It
          may  be  useful if you have specified a default of keep
          in your .fetchmailrc.  This option is  forced  on  with
          ETRN and ODMR.

     -F | --flush
          (Keyword: flush)
          POP3/IMAP  only.   This  is  a dangerous option and can
          cause mail loss when used improperly.  It  deletes  old
          (seen)  messages  from the mailserver before retrieving
          new messages.  Warning: This can cause mail loss if you
          check  your mail with other clients than fetchmail, and
          cause fetchmail  to  delete  a  message  it  had  never
          fetched  before.   It  can  also cause mail loss if the

fetchmail         Last change: fetchmail 6.3.22                 5

fetchmail reference manual                           fetchmail(1)

          mail server marks  the  message  seen  after  retrieval
          (IMAP2  servers).  You  should  probably  not  use this
          option in your configuration file. If you use  it  with
          POP3, you must use the 'uidl' option. What you probably
          want is the default setting: if you don't specify '-k',
          then fetchmail will automatically delete messages after
          successful delivery.

          POP3/IMAP only, since version 6.3.0.  Delete  oversized
          messages from the mailserver before retrieving new mes-
          sages. The size limit should  be  separately  specified
          with  the  --limit  option.   This option does not work
          with ETRN or ODMR.

  Protocol and Query Options
     -p <proto> | --proto <proto> |
          (Keyword: proto[col])
          Specify the protocol to use when communicating with the
          remote  mailserver.   If  no protocol is specified, the
          default is AUTO.  proto may be one of the following:

          AUTO Tries IMAP, POP3, and POP2 (skipping any of  these
               for which support has not been compiled in).

          POP2 Post Office Protocol 2 (legacy, to be removed from
               future release)

          POP3 Post Office Protocol 3

          APOP Use POP3 with old-fashioned MD5-challenge  authen-
               tication.  Considered not resistant to man-in-the-
               middle attacks.

          RPOP Use POP3 with RPOP authentication.

          KPOP Use POP3 with Kerberos V4 authentication  on  port

          SDPS Use POP3 with Demon Internet's SDPS extensions.

          IMAP IMAP2bis, IMAP4, or IMAP4rev1 (fetchmail automati-
               cally detects their capabilities).

          ETRN Use the ESMTP ETRN option.

          ODMR Use the the On-Demand Mail Relay ESMTP profile.

     All these alternatives work in basically the same way  (com-
     municating  with  standard  server  daemons  to  fetch  mail
     already delivered to a mailbox on the  server)  except  ETRN
     and ODMR.  The ETRN mode allows you to ask a compliant ESMTP

fetchmail         Last change: fetchmail 6.3.22                 6

fetchmail reference manual                           fetchmail(1)

     server (such as BSD sendmail at release 8.8.0 or higher)  to
     immediately  open  a  sender-SMTP  connection to your client
     machine and begin forwarding any  items  addressed  to  your
     client  machine  in  the server's queue of undelivered mail.
     The ODMR mode requires an ODMR-capable server and works sim-
     ilarly  to  ETRN, except that it does not require the client
     machine to have a static DNS.

     -U | --uidl
          (Keyword: uidl)
          Force UIDL  use  (effective  only  with  POP3).   Force
          client-side  tracking  of  'newness'  of messages (UIDL
          stands for "unique ID  listing"  and  is  described  in
          RFC1939).   Use  with 'keep' to use a mailbox as a baby
          news drop for a group of users. The fact that seen mes-
          sages  are  skipped  is logged, unless error logging is
          done through syslog while running in daemon mode.  Note
          that  fetchmail  may  automatically  enable this option
          depending on upstream server capabilities.   Note  also
          that this option may be removed and forced enabled in a
          future fetchmail version. See also: --idfile.

     --idle (since 6.3.3)
          (Keyword: idle, since before 6.0.0)
          Enable IDLE use (effective only with IMAP).  Note  that
          this works with only one folder at a given time.  While
          the idle rcfile keyword had been supported for  a  long
          time,  the --idle command-line option was added in ver-
          sion 6.3.3. IDLE use means  that  fetchmail  tells  the
          IMAP server to send notice of new messages, so they can
          be retrieved sooner than would be possible with regular

     -P <portnumber> | --service <servicename>
          (Keyword: service) Since version 6.3.0.
          The  service  option  permits  you to specify a service
          name to connect to.  You can  specify  a  decimal  port
          number  here,  if  your  services  database  lacks  the
          required service-port assignments. See the FAQ item R12
          and  the --ssl documentation for details. This replaces
          the older --port option.

     --port <portnumber>
          (Keyword: port)
          Obsolete version of --service that does not  take  ser-
          vice  names.   Note:  this option may be removed from a
          future version.

     --principal <principal>
          (Keyword: principal)
          The principal option permits you to specify  a  service
          principal   for   mutual   authentication.    This   is

fetchmail         Last change: fetchmail 6.3.22                 7

fetchmail reference manual                           fetchmail(1)

          applicable to POP3 or IMAP with Kerberos 4  authentica-
          tion  only.  It does not apply to Kerberos 5 or GSSAPI.
          This option may be removed in a future  fetchmail  ver-

     -t <seconds> | --timeout <seconds>
          (Keyword: timeout)
          The  timeout  option  allows you to set a server-nonre-
          sponse timeout in seconds.  If a  mailserver  does  not
          send  a greeting message or respond to commands for the
          given number of seconds, fetchmail will drop  the  con-
          nection  to it.  Without such a timeout fetchmail might
          hang until the TCP  connection  times  out,  trying  to
          fetch  mail  from  a down host, which may be very long.
          This would be particularly  annoying  for  a  fetchmail
          running  in the background.  There is a default timeout
          which fetchmail -V will report.  If a given  connection
          receives  too  many  timeouts  in succession, fetchmail
          will consider it wedged and stop retrying.  The calling
          user will be notified by email if this happens.

          Beginning  with  fetchmail 6.3.10, the SMTP client uses
          the recommended minimum timeouts  from  RFC-5321  while
          waiting for the SMTP/LMTP server it is talking to.  You
          can raise  the  timeouts  even  more,  but  you  cannot
          shorten  them.  This  is  to  avoid a painful situation
          where fetchmail has been configured with a short  time-
          out  (a  minute  or  less),  ships a long message (many
          MBytes) to the local MTA, which then takes longer  than
          timeout to respond "OK", which it eventually will; that
          would mean the mail gets delivered properly, but fetch-
          mail  cannot  notice  it and will thus refetch this big
          message over and over again.

     --plugin <command>
          (Keyword: plugin)
          The plugin option allows you to use an external program
          to establish the TCP connection.  This is useful if you
          want to use ssh, or need some special firewalling  set-
          up.   The  program  will  be looked up in $PATH and can
          optionally be passed the hostname and port as arguments
          using  "%h" and "%p" respectively (note that the inter-
          polation logic is rather primitive,  and  these  tokens
          must be bounded by whitespace or beginning of string or
          end of string).  Fetchmail will write to  the  plugin's
          stdin and read from the plugin's stdout.

     --plugout <command>
          (Keyword: plugout)
          Identical  to  the plugin option above, but this one is
          used for the SMTP connections.

fetchmail         Last change: fetchmail 6.3.22                 8

fetchmail reference manual                           fetchmail(1)

     -r <name> | --folder <name>
          (Keyword: folder[s])
          Causes a  specified  non-default  mail  folder  on  the
          mailserver  (or  comma-separated list of folders) to be
          retrieved.  The syntax of the folder  name  is  server-
          dependent.   This  option  is not available under POP3,
          ETRN, or ODMR.

          (Keyword: tracepolls)
          Tell fetchmail to poll trace information  in  the  form
          'polling  account  %s'  and 'folder %s' to the Received
          line it generates, where the %s parts are  replaced  by
          the  user's remote name, the poll label, and the folder
          (mailbox) where available  (the  Received  header  also
          normally includes the server's true name).  This can be
          used to facilitate mail filtering based on the  account
          it  is  being  received from. The folder information is
          written only since version 6.3.4.

          (Keyword: ssl)
          Causes  the  connection  to  the  mail  server  to   be
          encrypted  via  SSL.   Connect  to the server using the
          specified base protocol over a  connection  secured  by
          SSL. This option defeats opportunistic starttls negoti-
          ation. It  is  highly  recommended  to  use  --sslproto
          'SSL3'  --sslcertck  to  validate the certificates pre-
          sented by the server  and  defeat  the  obsolete  SSLv2
          negotiation.  More  information  is  available  in  the
          README.SSL file that ships with fetchmail.

          Note that fetchmail may  still  try  to  negotiate  SSL
          through  starttls  even  if this option is omitted. You
          can use the --sslproto option to defeat  this  behavior
          or  tell fetchmail to negotiate a particular SSL proto-

          If no port is specified, the connection is attempted to
          the well known port of the SSL version of the base pro-
          tocol.  This is generally a  different  port  than  the
          port used by the base protocol.  For IMAP, this is port
          143 for the clear protocol and port  993  for  the  SSL
          secured  protocol,  for  POP3,  it  is port 110 for the
          clear text and port 995 for the encrypted variant.

          If your system lacks  the  corresponding  entries  from
          /etc/services, see the --service option and specify the
          numeric port number as given in the previous  paragraph
          (unless  your  ISP had directed you to different ports,
          which is uncommon however).

fetchmail         Last change: fetchmail 6.3.22                 9

fetchmail reference manual                           fetchmail(1)

     --sslcert <name>
          (Keyword: sslcert)
          For certificate-based client authentication.  Some  SSL
          encrypted servers require client side keys and certifi-
          cates for  authentication.   In  most  cases,  this  is
          optional.   This  specifies  the location of the public
          key certificate to be presented to the  server  at  the
          time  the  SSL  session  is  established.   It  is  not
          required (but may be provided) if the server  does  not
          require it.  It may be the same file as the private key
          (combined key and certificate file)  but  this  is  not
          recommended. Also see --sslkey below.

          NOTE:  If  you use client authentication, the user name
          is fetched from the certificate's CommonName and  over-
          rides the name set with --user.

     --sslkey <name>
          (Keyword: sslkey)
          Specifies  the file name of the client side private SSL
          key.  Some SSL encrypted servers  require  client  side
          keys  and  certificates  for  authentication.   In most
          cases, this is optional.  This specifies  the  location
          of  the  private key used to sign transactions with the
          server at the time the SSL session is established.   It
          is  not  required  (but  may be provided) if the server
          does not require it. It may be the  same  file  as  the
          public key (combined key and certificate file) but this
          is not recommended.

          If a password is required to unlock the key, it will be
          prompted for at the time just prior to establishing the
          session to the server.  This can cause  some  complica-
          tions in daemon mode.

          Also see --sslcert above.

     --sslproto <name>
          (Keyword: sslproto)
          Forces  an  SSL/TLS  protocol.  Possible values are '',
          'SSL2' (not supported on all systems), 'SSL23', (use of
          these two values is discouraged and should only be used
          as a last resort) 'SSL3', and 'TLS1'.  The default  be-
          haviour  if  this  option  is unset is: for connections
          without --ssl, use 'TLS1' so that fetchmail will oppor-
          tunistically  try  STARTTLS  negotiation with TLS1. You
          can configure this option  explicitly  if  the  default
          handshake (TLS1 if --ssl is not used) does not work for
          your server.

          Use this option with 'TLS1' value to enforce a STARTTLS
          connection.  In  this mode, it is highly recommended to

fetchmail         Last change: fetchmail 6.3.22                10

fetchmail reference manual                           fetchmail(1)

          also use --sslcertck (see below).  Note that this  will
          then cause fetchmail v6.3.19 to force STARTTLS negotia-
          tion even if it is not advertised by the server.

          To defeat  opportunistic  TLSv1  negotiation  when  the
          server advertises STARTTLS or STLS, and use a cleartext
          connection use ''.  This option, even if  the  argument
          is  the empty string, will also suppress the diagnostic
          'SERVER: opportunistic upgrade to TLS.' message in ver-
          bose  mode. The default is to try appropriate protocols
          depending on context.

          (Keyword: sslcertck)
          Causes fetchmail to strictly check the server  certifi-
          cate  against  a set of local trusted certificates (see
          the sslcertfile and sslcertpath options). If the server
          certificate  cannot be obtained or is not signed by one
          of the trusted ones (directly or indirectly),  the  SSL
          connection  will fail, regardless of the sslfingerprint

          Note that CRL (certificate revocation lists)  are  only
          supported in OpenSSL 0.9.7 and newer! Your system clock
          should also be  reasonably  accurate  when  using  this

          Note  that  this  optional  behavior may become default
          behavior in future fetchmail versions.

     --sslcertfile <file>
          (Keyword: sslcertfile, since v6.3.17)
          Sets the file fetchmail uses to look up local  certifi-
          cates.   The  default  is  empty.  This can be given in
          addition to --sslcertpath below, and certificates spec-
          ified  in  --sslcertfile will be processed before those
          in --sslcertpath.  The option can be used  in  addition
          to --sslcertpath.

          The  file is a text file. It contains the concatenation
          of trusted CA certificates in PEM format.

          Note that using this option will suppress  loading  the
          default SSL trusted CA certificates file unless you set
          the         environment         variable         FETCH-
          MAIL_INCLUDE_DEFAULT_X509_CA_CERTS   to   a   non-empty

     --sslcertpath <directory>
          (Keyword: sslcertpath)
          Sets the directory fetchmail uses to look up local cer-
          tificates.   The   default   is  your  OpenSSL  default

fetchmail         Last change: fetchmail 6.3.22                11

fetchmail reference manual                           fetchmail(1)

          directory. The directory must be hashed the way OpenSSL
          expects it - every time you add or modify a certificate
          in the directory, you need to  use  the  c_rehash  tool
          (which  comes with OpenSSL in the tools/ subdirectory).
          Also, after OpenSSL  upgrades,  you  may  need  to  run
          c_rehash;  particularly  when  upgrading  from 0.9.X to

          This can be given in addition to  --sslcertfile  above,
          which see for precedence rules.

          Note  that  using  this option will suppress adding the
          default SSL trusted CA  certificates  directory  unless
          you     set    the    environment    variable    FETCH-
          MAIL_INCLUDE_DEFAULT_X509_CA_CERTS   to   a   non-empty

     --sslcommonname <common name>
          (Keyword: sslcommonname; since v6.3.9)
          Use  of  this  option  is discouraged. Before using it,
          contact the administrator of your upstream  server  and
          ask  for  a  proper SSL certificate to be used. If that
          cannot be attained, this option can be used to  specify
          the  name  (CommonName)  that  fetchmail expects on the
          server certificate.  A correctly configured server will
          have  this  set to the hostname by which it is reached,
          and by default fetchmail will expect as much. Use  this
          option  when the CommonName is set to some other value,
          to avoid the "Server CommonName mismatch" warning,  and
          only if the upstream server can't be made to use proper

     --sslfingerprint <fingerprint>
          (Keyword: sslfingerprint)
          Specify the fingerprint of the server key (an MD5  hash
          of  the  key) in hexadecimal notation with colons sepa-
          rating groups of two digits. The letter hex digits must
          be  in  upper  case. This is the default format OpenSSL
          uses, and the one fetchmail uses to report the  finger-
          print  when an SSL connection is established. When this
          is specified, fetchmail will  compare  the  server  key
          fingerprint with the given one, and the connection will
          fail if they do not match regardless of  the  sslcertck
          setting.  The  connection  will  also fail if fetchmail
          cannot obtain an SSL certificate from the server.  This
          can  be  used to prevent man-in-the-middle attacks, but
          the finger print from the server needs to  be  obtained
          or  verified  over  a secure channel, and certainly not
          over the same Internet connection that fetchmail  would

          Using  this  option  will  prevent printing certificate

fetchmail         Last change: fetchmail 6.3.22                12

fetchmail reference manual                           fetchmail(1)

          verification errors as long as --sslcertck is unset.

          To obtain the fingerprint of a  certificate  stored  in
          the file cert.pem, try:

               openssl x509 -in cert.pem -noout -md5 -fingerprint

          For details, see x509(1ssl).

  Delivery Control Options
     -S <hosts> | --smtphost <hosts>
          (Keyword: smtp[host])
          Specify a hunt list of hosts to forward mail to (one or
          more hostnames, comma-separated). Hosts  are  tried  in
          list  order;  the first one that is up becomes the for-
          warding target for the current run.  If this option  is
          not  specified,  'localhost'  is  used  as the default.
          Each hostname may have a port number following the host
          name.   The port number is separated from the host name
          by a slash; the default port is "smtp".  If you specify
          an  absolute path name (beginning with a /), it will be
          interpreted as the name of a UNIX socket accepting LMTP
          connections  (such  as  is  supported by the Cyrus IMAP
          daemon) Example:

               --smtphost server1,server2/2525,server3,/var/imap/socket/lmtp

          This option can be used with ODMR, and will make fetch-
          mail  a  relay between the ODMR server and SMTP or LMTP

     --fetchdomains <hosts>
          (Keyword: fetchdomains)
          In ETRN or ODMR mode, this option specifies the list of
          domains  the  server should ship mail for once the con-
          nection is turned around.  The default is the  FQDN  of
          the machine running fetchmail.

     -D <domain> | --smtpaddress <domain>
          (Keyword: smtpaddress)
          Specify  the domain to be appended to addresses in RCPT
          TO lines shipped to SMTP. When this is  not  specified,
          the  name  of  the  SMTP server (as specified by --smt-
          phost) is used for SMTP/LMTP and  'localhost'  is  used
          for UNIX socket/BSMTP.

     --smtpname <user@domain>
          (Keyword: smtpname)
          Specify  the domain and user to be put in RCPT TO lines
          shipped to SMTP.  The default user is the current local

fetchmail         Last change: fetchmail 6.3.22                13

fetchmail reference manual                           fetchmail(1)

     -Z <nnn> | --antispam <nnn[, nnn]...>
          (Keyword: antispam)
          Specifies  the  list of numeric SMTP errors that are to
          be interpreted as a spam-block response from  the  lis-
          tener.   A  value  of -1 disables this option.  For the
          command-line option, the list values should  be  comma-

     -m <command> | --mda <command>
          (Keyword: mda)
          This  option  lets  fetchmail  use  a  Message or Local
          Delivery Agent (MDA or LDA) directly, rather than  for-
          ward via SMTP or LMTP.

          To  avoid  losing  mail, use this option only with MDAs
          like maildrop or MTAs like sendmail that  exit  with  a
          nonzero  status on disk-full and other delivery errors;
          the nonzero status tells fetchmail that delivery failed
          and  prevents  the  message  from  being deleted on the

          If fetchmail is running as root, it sets  its  user  id
          while  delivering  mail  through  an  MDA  as  follows:
          First, the FETCHMAILUSER, LOGNAME, and USER environment
          variables  are  checked in this order. The value of the
          first variable from his list that is defined  (even  if
          it is empty!) is looked up in the system user database.
          If none of the variables is defined, fetchmail will use
          the  real  user  id  it was started with. If one of the
          variables was defined, but the user stated there  isn't
          found,  fetchmail  continues  running  as root, without
          checking remaining variables on the list.  Practically,
          this  means that if you run fetchmail as root (not rec-
          ommended), it is  most  useful  to  define  the  FETCH-
          MAILUSER  environment variable to set the user that the
          MDA should run as. Some MDAs  (such  as  maildrop)  are
          designed  to  be  setuid root and setuid to the recipi-
          ent's user id, so you don't lose functionality this way
          even  when  running  fetchmail  as  unprivileged  user.
          Check the MDA's manual for details.

          Some possible MDAs are "/usr/sbin/sendmail -i -f %F  --
          %T"  (Note:  some several older or vendor sendmail ver-
          sions mistake -- for an address, rather than an indica-
          tor   to   mark  the  end  of  the  option  arguments),
          "/usr/bin/deliver"  and  "/usr/bin/maildrop   -d   %T".
          Local  delivery addresses will be inserted into the MDA
          command wherever you place a  %T;  the  mail  message's
          From address will be inserted where you place an %F.

          Do  NOT  enclose  the %F or %T string in single quotes!
          For both %T and %F, fetchmail encloses the addresses in

fetchmail         Last change: fetchmail 6.3.22                14

fetchmail reference manual                           fetchmail(1)

          single  quotes  ('),  after  removing any single quotes
          they may contain, before the MDA command is  passed  to
          the shell.

          Do  NOT  use  an  MDA invocation that dispatches on the
          contents of To/Cc/Bcc, like "sendmail -i -t" or "qmail-
          inject",  it  will create mail loops and bring the just
          wrath of many postmasters down upon your head.  This is
          one of the most frequent configuration errors!

          Also,  do not try to combine multidrop mode with an MDA
          such as maildrop that  can  only  accept  one  address,
          unless your upstream stores one copy of the message per
          recipient and transports the envelope  recipient  in  a
          header; you will lose mail.

          The well-known procmail(1) package is very hard to con-
          figure properly, it has a very nasty "fall  through  to
          the next rule" behavior on delivery errors (even tempo-
          rary ones, such as out of disk space if another  user's
          mail daemon copies the mailbox around to purge old mes-
          sages), so your mail will end up in the  wrong  mailbox
          sooner  or  later. The proper procmail configuration is
          outside the scope of this document.  Using  maildrop(1)
          is  usually much easier, and many users find the filter
          syntax used by maildrop easier to understand.

          Finally, we strongly advise that you do not use  qmail-
          inject.   The  command  line  interface is non-standard
          without providing benefits for typical use, and  fetch-
          mail  makes  no  attempts to accommodate qmail-inject's
          deviations from the standard.  Some  of  qmail-inject's
          command-line  and environment options are actually dan-
          gerous  and  can  cause  broken  threads,  non-detected
          duplicate messages and forwarding loops.

          (Keyword: lmtp)
          Cause delivery via LMTP (Local Mail Transfer Protocol).
          A service host and port must be explicitly specified on
          each host in the smtphost hunt list (see above) if this
          option is selected; the default port 25 will (in accor-
          dance with RFC 2033) not be accepted.

     --bsmtp <filename>
          (Keyword: bsmtp)
          Append  fetched mail to a BSMTP file.  This simply con-
          tains the SMTP commands that would normally  be  gener-
          ated by fetchmail when passing mail to an SMTP listener

fetchmail         Last change: fetchmail 6.3.22                15

fetchmail reference manual                           fetchmail(1)

          An argument of '-' causes the SMTP batch to be  written
          to  standard output, which is of limited use: this only
          makes sense for debugging, because fetchmail's  regular
          output  is  interspersed  on  the same channel, so this
          isn't suitable for mail delivery. This special mode may
          be removed in a later release.

          Note  that  fetchmail's reconstruction of MAIL FROM and
          RCPT TO lines is not guaranteed  correct;  the  caveats
          discussed  under  THE  USE AND ABUSE OF MULTIDROP MAIL-
          BOXES below apply.  This  mode  has  precedence  before
          --mda and SMTP/LMTP.

     --bad-header {reject|accept}
          (Keyword: bad-header; since v6.3.15)
          Specify  how  fetchmail  is  supposed to treat messages
          with bad headers, i. e. headers with bad syntax. Tradi-
          tionally,  fetchmail  has  rejected  such messages, but
          some distributors modified fetchmail  to  accept  them.
          You can now configure fetchmail's behaviour per server.

  Resource Limit Control Options
     -l <maxbytes> | --limit <maxbytes>
          (Keyword: limit)
          Takes a maximum octet size argument,  where  0  is  the
          default  and  also  the  special  value designating "no
          limit".  If nonzero, messages  larger  than  this  size
          will  not be fetched and will be left on the server (in
          foreground sessions, the progress  messages  will  note
          that they are "oversized").  If the fetch protocol per-
          mits (in particular, under IMAP  or  POP3  without  the
          fetchall option) the message will not be marked seen.

          An  explicit  --limit  of 0 overrides any limits set in
          your run control file.  This  option  is  intended  for
          those  needing  to  strictly  control fetch time due to
          expensive and variable phone rates.

          Combined with --limitflush, it can be  used  to  delete
          oversized  messages  waiting  on  a  server.  In daemon
          mode, oversize notifications are mailed to the  calling
          user  (see the --warnings option). This option does not
          work with ETRN or ODMR.

     -w <interval> | --warnings <interval>
          (Keyword: warnings)
          Takes an interval in seconds.  When you call  fetchmail
          with a 'limit' option in daemon mode, this controls the
          interval at which warnings about oversized messages are
          mailed  to  the  calling user (or the user specified by
          the 'postmaster' option).   One  such  notification  is

fetchmail         Last change: fetchmail 6.3.22                16

fetchmail reference manual                           fetchmail(1)

          always mailed at the end of the the first poll that the
          oversized message is detected.  Thereafter,  re-notifi-
          cation  is  suppressed until after the warning interval
          elapses (it will take place at the  end  of  the  first
          following poll).

     -b <count> | --batchlimit <count>
          (Keyword: batchlimit)
          Specify  the  maximum  number  of messages that will be
          shipped to an SMTP listener before  the  connection  is
          deliberately  torn  down  and  rebuilt  (defaults to 0,
          meaning no limit).  An explicit --batchlimit of 0 over-
          rides  any  limits set in your run control file.  While
          sendmail(8) normally initiates delivery  of  a  message
          immediately  after  receiving  the  message terminator,
          some SMTP listeners  are  not  so  prompt.   MTAs  like
          smail(8) may wait till the delivery socket is shut down
          to deliver.  This  may  produce  annoying  delays  when
          fetchmail  is  processing  very large batches.  Setting
          the batch limit to some nonzero size will prevent these
          delays.  This option does not work with ETRN or ODMR.

     -B <number> | --fetchlimit <number>
          (Keyword: fetchlimit)
          Limit  the  number  of  messages  accepted from a given
          server in a single poll.  By default there is no limit.
          An  explicit --fetchlimit of 0 overrides any limits set
          in your run control file.  This option  does  not  work
          with ETRN or ODMR.

     --fetchsizelimit <number>
          (Keyword: fetchsizelimit)
          Limit  the  number of sizes of messages accepted from a
          given server in a single transaction.  This  option  is
          useful  in  reducing the delay in downloading the first
          mail when there are too many mails in the mailbox.   By
          default,  the  limit is 100.  If set to 0, sizes of all
          messages are downloaded at the start.  This option does
          not  work  with ETRN or ODMR.  For POP3, the only valid
          non-zero value is 1.

     --fastuidl <number>
          (Keyword: fastuidl)
          Do a binary instead of  linear  search  for  the  first
          unseen  UID.  Binary search avoids downloading the UIDs
          of all mails. This saves  time  (especially  in  daemon
          mode)  where  downloading  the same set of UIDs in each
          poll is a waste of bandwidth. The number 'n'  indicates
          how  rarely  a  linear search should be done. In daemon
          mode, linear search is used  once  followed  by  binary
          searches  in  'n-1'  polls  if  'n'  is greater than 1;
          binary search is always used if 'n' is 1; linear search

fetchmail         Last change: fetchmail 6.3.22                17

fetchmail reference manual                           fetchmail(1)

          is  always used if 'n' is 0. In non-daemon mode, binary
          search is used if 'n' is 1; otherwise linear search  is
          used. The default value of 'n' is 4.  This option works
          with POP3 only.

     -e <count> | --expunge <count>
          (Keyword: expunge)
          Arrange for deletions to be made final  after  a  given
          number of messages.  Under POP2 or POP3, fetchmail can-
          not make deletions final without sending QUIT and  end-
          ing  the session -- with this option on, fetchmail will
          break a long mail retrieval session into multiple  sub-
          sessions,  sending QUIT after each sub-session. This is
          a good defense against  line  drops  on  POP3  servers.
          Under  IMAP,  fetchmail normally issues an EXPUNGE com-
          mand after each deletion in order to force the deletion
          to  be done immediately.  This is safest when your con-
          nection to the server is flaky  and  expensive,  as  it
          avoids resending duplicate mail after a line hit.  How-
          ever, on large mailboxes the  overhead  of  re-indexing
          after every message can slam the server pretty hard, so
          if your  connection  is  reliable  it  is  good  to  do
          expunges  less frequently.  Also note that some servers
          enforce a delay of a few seconds after  each  quit,  so
          fetchmail  may  not  be able to get back in immediately
          after an expunge -- you may see "lock busy"  errors  if
          this  happens. If you specify this option to an integer
          N, it tells fetchmail to only issue expunges  on  every
          Nth  delete.   An  argument of zero suppresses expunges
          entirely (so no expunges at all will be done until  the
          end  of  run).   This option does not work with ETRN or

  Authentication Options
     -u <name> | --user <name> |
          (Keyword: user[name])
          Specifies the user identification to be used when  log-
          ging  in to the mailserver.  The appropriate user iden-
          tification is  both  server  and  user-dependent.   The
          default  is  your login name on the client machine that
          is running fetchmail.  See  USER  AUTHENTICATION  below
          for a complete description.

     -I <specification> | --interface <specification>
          (Keyword: interface)
          Require that a specific interface device be up and have
          a specific local or remote IPv4 (IPv6 is not  supported
          by  this option yet) address (or range) before polling.
          Frequently fetchmail is used over a transient point-to-
          point  TCP/IP link established directly to a mailserver
          via SLIP or PPP.  That is a relatively secure  channel.

fetchmail         Last change: fetchmail 6.3.22                18

fetchmail reference manual                           fetchmail(1)

          But  when  other  TCP/IP routes to the mailserver exist
          (e.g. when the link is connected to an alternate  ISP),
          your  username and password may be vulnerable to snoop-
          ing (especially when daemon  mode  automatically  polls
          for  mail,  shipping  a  clear password over the net at
          predictable intervals).  The --interface option may  be
          used  to  prevent this.  When the specified link is not
          up or is  not  connected  to  a  matching  IP  address,
          polling will be skipped.  The format is:


          The  field before the first slash is the interface name
          (i.e. sl0, ppp0 etc.).  The  field  before  the  second
          slash  is  the  acceptable IP address.  The field after
          the second slash is a mask which specifies a  range  of
          IP   addresses  to  accept.   If  no  mask  is  present
 is assumed (i.e. an exact match).  This
          option  is  currently  only  supported  under Linux and
          FreeBSD. Please see the monitor section for  below  for
          FreeBSD specific information.

          Note  that  this  option  may  be removed from a future
          fetchmail version.

     -M <interface> | --monitor <interface>
          (Keyword: monitor)
          Daemon mode can cause transient links which  are  auto-
          matically taken down after a period of inactivity (e.g.
          PPP links) to  remain  up  indefinitely.   This  option
          identifies  a  system  TCP/IP interface to be monitored
          for activity.  After each poll interval, if the link is
          up but no other activity has occurred on the link, then
          the poll will be skipped.  However, when  fetchmail  is
          woken  up by a signal, the monitor check is skipped and
          the poll goes through unconditionally.  This option  is
          currently  only supported under Linux and FreeBSD.  For
          the monitor and interface options to work for non  root
          users  under  FreeBSD,  the  fetchmail  binary  must be
          installed SGID kmem.  This would be  a  security  hole,
          but  fetchmail  runs with the effective GID set to that
          of the kmem group only when  interface  data  is  being

          Note  that  this  option  may  be removed from a future
          fetchmail version.

     --auth <type>
          (Keyword: auth[enticate])
          This option permits you to  specify  an  authentication
          type  (see USER AUTHENTICATION below for details).  The
          possible  values  are   any,   password,   kerberos_v5,

fetchmail         Last change: fetchmail 6.3.22                19

fetchmail reference manual                           fetchmail(1)

          kerberos (or, for excruciating exactness, kerberos_v4),
          gssapi, cram-md5,  otp,  ntlm,  msn  (only  for  POP3),
          external  (only  IMAP) and ssh.  When any (the default)
          is specified, fetchmail tries first methods that  don't
          require a password (EXTERNAL, GSSAPI, KERBEROS IV, KER-
          BEROS 5); then it looks  for  methods  that  mask  your
          password (CRAM-MD5, NTLM, X-OTP - note that MSN is only
          supported for POP3, but not autoprobed);  and  only  if
          the  server  doesn't  support any of those will it ship
          your password en clair.  Other values may  be  used  to
          force  various  authentication  methods (ssh suppresses
          authentication and is thus useful  for  IMAP  PREAUTH).
          (external  suppresses authentication and is thus useful
          for IMAP EXTERNAL).  Any  value  other  than  password,
          cram-md5,  ntlm, msn or otp suppresses fetchmail's nor-
          mal inquiry for a password.  Specify ssh when  you  are
          using  an  end-to-end  secure connection such as an ssh
          tunnel; specify external when you use TLS  with  client
          authentication and specify gssapi or kerberos_v4 if you
          are using a protocol variant that employs GSSAPI or K4.
          Choosing  KPOP  protocol automatically selects Kerberos
          authentication.  This option does not work  with  ETRN.
          GSSAPI service names are in line with RFC-2743 and IANA
          registrations, see

  Miscellaneous Options
     -f <pathname> | --fetchmailrc <pathname>
          Specify a non-default name for the  ~/.fetchmailrc  run
          control file.  The pathname argument must be either "-"
          (a single dash, meaning to read the configuration  from
          standard  input)  or  a filename.  Unless the --version
          option is also on, a named file argument must have per-
          missions  no  more open than 0700 (u=rwx,g=,o=) or else
          be /dev/null.

     -i <pathname> | --idfile <pathname>
          (Keyword: idfile)
          Specify an alternate name for the .fetchids  file  used
          to  save  message  UIDs.  NOTE:  since fetchmail 6.3.0,
          write access to the directory containing the idfile  is
          required,  as  fetchmail  writes  a  temporary file and
          renames it into the place of the real  idfile  only  if
          the  temporary file has been written successfully. This
          avoids the truncation of idfiles when  running  out  of
          disk space.

     --pidfile <pathname>
          (Keyword: pidfile; since fetchmail v6.3.4)
          Override the default location of the PID file. Default:
          see "ENVIRONMENT" below.

     -n | --norewrite

fetchmail         Last change: fetchmail 6.3.22                20

fetchmail reference manual                           fetchmail(1)

          (Keyword: no rewrite)
          Normally, fetchmail edits RFC-822 address headers  (To,
          From,  Cc,  Bcc,  and Reply-To) in fetched mail so that
          any mail IDs local to the server are expanded  to  full
          addresses (@ and the mailserver hostname are appended).
          This enables replies on the  client  to  get  addressed
          correctly  (otherwise  your  mailer  might  think  they
          should be  addressed  to  local  users  on  the  client
          machine!).   This  option  disables the rewrite.  (This
          option is provided to pacify people  who  are  paranoid
          about  having an MTA edit mail headers and want to know
          they can prevent it, but it is  generally  not  a  good
          idea to actually turn off rewrite.)  When using ETRN or
          ODMR, the rewrite option is ineffective.

     -E <line> | --envelope <line>
          (Keyword: envelope; Multidrop only)
          In the configuration file, an enhanced syntax is used:
          envelope [<count>] <line>

          This option changes the header fetchmail  assumes  will
          carry  a copy of the mail's envelope address.  Normally
          this is 'X-Envelope-To'.  Other typically found headers
          to  carry  envelope information are 'X-Original-To' and
          'Delivered-To'.  Now, since these headers are not stan-
          dardized,  practice  varies. See the discussion of mul-
          tidrop address handling  below.   As  a  special  case,
          'envelope "Received"' enables parsing of sendmail-style
          Received lines.  This is the default,  but  discouraged
          because it is not fully reliable.

          Note  that fetchmail expects the Received-line to be in
          a  specific  format:  It  must  contain  "by  host  for
          address",  where  host must match one of the mailserver
          names that fetchmail  recognizes  for  the  account  in

          The optional count argument (only available in the con-
          figuration file) determines how many  header  lines  of
          this  kind  are  skipped.  A count of 1 means: skip the
          first, take the second. A count of 2  means:  skip  the
          first and second, take the third, and so on.

     -Q <prefix> | --qvirtual <prefix>
          (Keyword: qvirtual; Multidrop only)
          The  string  prefix  assigned  to  this  option will be
          removed from the user name found in the  header  speci-
          fied  with  the envelope option (before doing multidrop
          name mapping or  localdomain  checking,  if  either  is
          applicable).  This  option  is  useful if you are using
          fetchmail to collect the mail for an entire domain  and
          your  ISP  (or your mail redirection provider) is using

fetchmail         Last change: fetchmail 6.3.22                21

fetchmail reference manual                           fetchmail(1)

          qmail.  One of the  basic  features  of  qmail  is  the
          Delivered-To:  message header.  Whenever qmail delivers
          a message to a local mailbox it puts the  username  and
          hostname  of  the envelope recipient on this line.  The
          major reason for this is to prevent mail loops.  To set
          up qmail to batch mail for a disconnected site the ISP-
          mailhost will have normally put that site in its  'Vir-
          tualhosts'  control file so it will add a prefix to all
          mail addresses for this site. This results in mail sent
          to  '' having a Deliv-
          ered-To: line of the form:

          Delivered-To:      mbox-userstr-username@userhost.exam-

     The  ISP  can  make the 'mbox-userstr-' prefix anything they
     choose but a string matching the user host name  is  likely.
     By  using  the  option 'envelope Delivered-To:' you can make
     fetchmail reliably identify the original envelope recipient,
     but  you have to strip the 'mbox-userstr-' prefix to deliver
     to the correct user.  This is what this option is for.

          Parse the ~/.fetchmailrc file, interpret  any  command-
          line options specified, and dump a configuration report
          to standard output.  The configuration report is a data
          structure  assignment  in  the  language  Python.  This
          option  is  meant  to  be  used  with  an   interactive
          ~/.fetchmailrc  editor  like  fetchmailconf, written in

  Removed Options
     -T | --netsec
          Removed before version 6.3.0, the  required  underlying
          inet6_apps  library  had  been  discontinued  and is no
          longer available.

     All modes except ETRN require authentication of  the  client
     to  the  server.  Normal user authentication in fetchmail is
     very much like the authentication mechanism of ftp(1).   The
     correct  user-id  and  password  depend  upon the underlying
     security system at the mailserver.

     If the mailserver is a Unix machine on  which  you  have  an
     ordinary  user account, your regular login name and password
     are used with fetchmail.  If you use the same login name  on
     both  the  server and the client machines, you needn't worry
     about specifying a user-id with the -u option -- the default
     behavior  is to use your login name on the client machine as

fetchmail         Last change: fetchmail 6.3.22                22

fetchmail reference manual                           fetchmail(1)

     the user-id on the server machine.  If you use  a  different
     login  name  on  the server machine, specify that login name
     with the -u option.  e.g. if your login name is 'jsmith'  on
     a  machine  named  'mailgrunt', you would start fetchmail as

          fetchmail -u jsmith mailgrunt

     The default behavior of fetchmail is to prompt you for  your
     mailserver  password  before  the connection is established.
     This is the safest way to use  fetchmail  and  ensures  that
     your password will not be compromised.  You may also specify
     your password in your ~/.fetchmailrc file.  This  is  conve-
     nient when using fetchmail in daemon mode or with scripts.

  Using netrc files
     If  you  do  not  specify  a  password, and fetchmail cannot
     extract one from your ~/.fetchmailrc file, it will look  for
     a ~/.netrc file in your home directory before requesting one
     interactively; if an entry matching the mailserver is  found
     in  that  file,  the password will be used.  Fetchmail first
     looks for a match on poll name; if it finds none, it  checks
     for  a  match  on  via  name.   See  the ftp(1) man page for
     details of the syntax of the ~/.netrc file.  To show a prac-
     tical example, a .netrc might look like this:

          login joe
          password topsecret

     You can repeat this block with different user information if
     you need to provide more than one password.

     This feature may allow you  to  avoid  duplicating  password
     information in more than one file.

     On  mailservers  that do not provide ordinary user accounts,
     your user-id and password are usually assigned by the server
     administrator  when  you  apply for a mailbox on the server.
     Contact your server administrator if you don't know the cor-
     rect user-id and password for your mailbox account.

     Early  versions of POP3 (RFC1081, RFC1225) supported a crude
     form of independent authentication using the .rhosts file on
     the  mailserver side.  Under this RPOP variant, a fixed per-
     user ID equivalent to a password was sent in  clear  over  a
     link  to  a reserved port, with the command RPOP rather than
     PASS to alert the server that it should do special checking.
     RPOP  is  supported  by fetchmail (you can specify 'protocol

fetchmail         Last change: fetchmail 6.3.22                23

fetchmail reference manual                           fetchmail(1)

     RPOP' to have the program send 'RPOP'  rather  than  'PASS')
     but  its  use  is  strongly discouraged, and support will be
     removed from a future fetchmail version.  This facility  was
     vulnerable to spoofing and was withdrawn in RFC1460.

     RFC1460  introduced APOP authentication.  In this variant of
     POP3, you register an APOP password on your server host  (on
     some  servers, the program to do this is called popauth(8)).
     You put the same password in your ~/.fetchmailrc file.  Each
     time  fetchmail  logs in, it sends an MD5 hash of your pass-
     word and the server greeting time to the server,  which  can
     verify it by checking its authorization database.

     Note  that  APOP  is  no longer considered resistant against
     man-in-the-middle attacks.

     fetchmail makes some efforts to make the server believe mes-
     sages  had not been retrieved, by using the TOP command with
     a large number of lines when possible.   TOP  is  a  command
     that  retrieves  the  full  header and a fetchmail-specified
     amount of body lines.  It  is  optional  and  therefore  not
     implemented  by all servers, and some are known to implement
     it improperly. On many servers  however,  the  RETR  command
     which  retrieves the full message with header and body, sets
     the "seen" flag (for instance, in a web interface),  whereas
     the TOP command does not do that.

     fetchmail  will always use the RETR command if "fetchall" is
     set.  fetchmail will also use the RETR command if "keep"  is
     set  and  "uidl"  is unset.  Finally, fetchmail will use the
     RETR command on Maillennium POP3/PROXY servers (used by Com-
     cast)  to  avoid  a deliberate TOP misinterpretation in this
     server that causes message corruption.

     In all other cases, fetchmail will use the TOP command. This
     implies  that  in "keep" setups, "uidl" must be set if "TOP"
     is desired.

     Note that this description is true for the  current  version
     of  fetchmail,  but  the  behavior may change in future ver-
     sions. In particular, fetchmail may prefer the RETR  command
     because  the  TOP  command causes much grief on some servers
     and is only optional.

     If your fetchmail was built with Kerberos  support  and  you
     specify  Kerberos  authentication (either with --auth or the
     .fetchmailrc option authenticate kerberos_v4) it will try to
     get  a  Kerberos  ticket from the mailserver at the start of
     each query.  Note: if either the pollname  or  via  name  is
     'hesiod',  fetchmail  will  try to use Hesiod to look up the

fetchmail         Last change: fetchmail 6.3.22                24

fetchmail reference manual                           fetchmail(1)


     If you use POP3 or IMAP with GSSAPI  authentication,  fetch-
     mail will expect the server to have RFC1731- or RFC1734-con-
     forming GSSAPI capability, and will use it.  Currently  this
     has  only been tested over Kerberos V, so you're expected to
     already have a ticket-granting ticket. You may pass a  user-
     name  different  from your principal name using the standard
     --user command or by the .fetchmailrc option user.

     If your IMAP daemon returns  the  PREAUTH  response  in  its
     greeting  line, fetchmail will notice this and skip the nor-
     mal authentication step.  This can be useful,  e.g.  if  you
     start  imapd  explicitly  using  ssh.   In this case you can
     declare the authentication value 'ssh' on that site entry to
     stop  .fetchmail  from  asking  you  for  a password when it
     starts up.

     If you use client authentication with  TLS1  and  your  IMAP
     daemon  returns  the  AUTH=EXTERNAL response, fetchmail will
     notice this and will use  the  authentication  shortcut  and
     will  not  send the passphrase. In this case you can declare
     the authentication value 'external'
      on that site to stop fetchmail from asking you for a  pass-
     word when it starts up.

     If  you  are  using  POP3, and the server issues a one-time-
     password challenge conforming to RFC1938, fetchmail will use
     your  password  as  a  pass  phrase to generate the required
     response. This avoids sending secrets  over  the  net  unen-

     Compuserve's RPA authentication is supported. If you compile
     in the support, fetchmail will try to perform an  RPA  pass-
     phrase  authentication  instead of sending over the password
     en clair if it detects "" in the hostname.

     If you are using IMAP, Microsoft's NTLM authentication (used
     by  Microsoft  Exchange) is supported. If you compile in the
     support, fetchmail will try to perform an  NTLM  authentica-
     tion  (instead  of sending over the password en clair) when-
     ever  the  server  returns  AUTH=NTLM  in   its   capability
     response.  Specify  a  user  option  value  that  looks like
     'user@domain': the part to the left of the @ will be  passed
     as  the  username  and  the  part  to  the right as the NTLM

  Secure Socket Layers (SSL) and Transport
     Note that fetchmail  currently  uses  the  OpenSSL  library,
     which  is  severely  underdocumented,  so failures may occur
     just because the programmers  are  not  aware  of  OpenSSL's

fetchmail         Last change: fetchmail 6.3.22                25

fetchmail reference manual                           fetchmail(1)

     requirement of the day.  For instance, since v6.3.16, fetch-
     mail calls OpenSSL_add_all_algorithms(), which is  necessary
     to support certificates with SHA256 on OpenSSL 0.9.8 -- this
     information is deeply hidden in the documentation and not at
     all  obvious.   Please  do not hesitate to report subtle SSL

     You can access SSL  encrypted  services  by  specifying  the
     --ssl  option.   You  can  also do this using the "ssl" user
     option  in  the  .fetchmailrc  file.  With  SSL   encryption
     enabled, queries are initiated over a connection after nego-
     tiating an SSL session, and the connection fails if SSL can-
     not  be  negotiated.   Some services, such as POP3 and IMAP,
     have  different  well  known  ports  defined  for  the   SSL
     encrypted  services.   The  encrypted ports will be selected
     automatically when SSL is enabled and no  explicit  port  is
     specified.  The  --sslproto  'SSL3' option should be used to
     select the SSLv3 protocol (default  if  unset:  v2  or  v3).
     Also,  the --sslcertck command line or sslcertck run control
     file option should  be  used  to  force  strict  certificate
     checking - see below.

     If SSL is not configured, fetchmail will usually opportunis-
     tically try to use STARTTLS. STARTTLS  can  be  enforced  by
     using  --sslproto  "TLS1". TLS connections use the same port
     as the unencrypted version of the protocol and negotiate TLS
     via   special  command.  The  --sslcertck  command  line  or
     sslcertck run control file option should be  used  to  force
     strict certificate checking - see below.

     --sslcertck is recommended: When connecting to an SSL or TLS
     encrypted server, the server presents a certificate  to  the
     client for validation.  The certificate is checked to verify
     that the common name in the certificate matches the name  of
     the  server being contacted and that the effective and expi-
     ration dates in the certificate indicate  that  it  is  cur-
     rently  valid.   If any of these checks fail, a warning mes-
     sage is printed, but the connection continues.   The  server
     certificate  does not need to be signed by any specific Cer-
     tifying Authority and may be a "self-signed" certificate. If
     the --sslcertck command line option or sslcertck run control
     file option is used, fetchmail will instead abort if any  of
     these  checks  fail,  because it must assume that there is a
     man-in-the-middle attack in this scenario,  hence  fetchmail
     must not expose cleartext passwords. Use of the sslcertck or
     --sslcertck option is therefore advised.

     Some SSL encrypted servers may request a  client  side  cer-
     tificate.   A client side public SSL certificate and private
     SSL key may be specified.  If requested by the  server,  the
     client  certificate  is  sent  to the server for validation.
     Some servers may require a valid client certificate and  may

fetchmail         Last change: fetchmail 6.3.22                26

fetchmail reference manual                           fetchmail(1)

     refuse  connections  if  a certificate is not provided or if
     the certificate is not  valid.   Some  servers  may  require
     client  side certificates be signed by a recognized Certify-
     ing Authority.  The format for the key files  and  the  cer-
     tificate  files  is  that  required  by  the  underlying SSL
     libraries (OpenSSL in the general case).

     A word of care about the use of SSL: While  above  mentioned
     setup  with  self-signed  server certificates retrieved over
     the wires can protect you from a  passive  eavesdropper,  it
     doesn't  help  against  an  active attacker. It's clearly an
     improvement over sending the passwords  in  clear,  but  you
     should be aware that a man-in-the-middle attack is trivially
     possible (in particular with tools such as ).  Use of strict
     certificate  checking  with a certification authority recog-
     nized by server and client, or perhaps of an SSH tunnel (see
     below for some examples) is preferable if you care seriously
     about the security of your mailbox and passwords.

     fetchmail also supports authentication to the  ESMTP  server
     on the client side according to RFC 2554.  You can specify a
     name/password pair to be used with the keywords  'esmtpname'
     and  'esmtppassword'; the former defaults to the username of
     the calling user.

  Introducing the daemon mode
     In daemon mode, fetchmail puts itself  into  the  background
     and  runs  forever,  querying  each  specified host and then
     sleeping for a given polling interval.

  Starting the daemon mode
     There are several ways to  make  fetchmail  work  in  daemon
     mode. On the command line, --daemon <interval> or -d <inter-
     val> option runs fetchmail in daemon mode.  You must specify
     a numeric argument which is a polling interval (time to wait
     after completing a whole poll cycle with the last server and
     before  starting  the next poll cycle with the first server)
     in seconds.

     Example: simply invoking

          fetchmail -d 900

     will, therefore,  poll  all  the  hosts  described  in  your
     ~/.fetchmailrc  file  (except those explicitly excluded with
     the 'skip' verb) a bit less often than once every 15 minutes
     (exactly: 15 minutes + time that the poll takes).

fetchmail         Last change: fetchmail 6.3.22                27

fetchmail reference manual                           fetchmail(1)

     It  is  also  possible  to  set  a  polling interval in your
     ~/.fetchmailrc file by saying 'set daemon <interval>', where
     <interval> is an integer number of seconds.  If you do this,
     fetchmail will always start in daemon mode unless you  over-
     ride it with the command-line option --daemon 0 or -d0.

     Only  one  daemon  process  is permitted per user; in daemon
     mode, fetchmail sets up a  per-user  lockfile  to  guarantee
     this.   (You  can  however  cheat  and set the FETCHMAILHOME
     environment variable to overcome this setting, but  in  that
     case,  it  is  your  responsibility  to make sure you aren't
     polling the same server  with  two  processes  at  the  same

  Awakening the background daemon
     Normally,  calling fetchmail with a daemon in the background
     sends a wake-up signal to the daemon and quits without  out-
     put.  The  background daemon then starts its next poll cycle
     immediately.  The wake-up signal, SIGUSR1, can also be  sent
     manually.  The wake-up action also clears any 'wedged' flags
     indicating  that  connections  have  wedged  due  to  failed
     authentication or multiple timeouts.

  Terminating the background daemon
     The option --quit will kill a running daemon process instead
     of waking it up (if there is no such process, fetchmail will
     notify  you).  If the --quit option appears last on the com-
     mand line, fetchmail will kill the  running  daemon  process
     and  then  quit. Otherwise, fetchmail will first kill a run-
     ning daemon process and then continue running with the other

  Useful options for daemon mode
     The  -L  <filename> or --logfile <filename> option (keyword:
     set logfile) is only effective when  fetchmail  is  detached
     and  in daemon mode. Note that the logfile must exist before
     fetchmail is run, you can use the touch(1) command with  the
     filename as its sole argument to create it.
     This  option  allows  you to redirect status messages into a
     specified logfile (follow the option with the logfile name).
     The  logfile  is  opened  for  append,  so previous messages
     aren't deleted.  This is primarily useful for debugging con-
     figurations. Note that fetchmail does not detect if the log-
     file is rotated, the logfile is only opened once when fetch-
     mail  starts.  You  need to restart fetchmail after rotating
     the logfile and before compressing it (if applicable).

     The --syslog option (keyword: set syslog) allows you to  re-
     direct  status  and  error messages emitted to the syslog(3)
     system daemon if available.  Messages are logged with an  id
     of fetchmail, the facility LOG_MAIL, and priorities LOG_ERR,
     LOG_ALERT or LOG_INFO.  This option is intended for  logging

fetchmail         Last change: fetchmail 6.3.22                28

fetchmail reference manual                           fetchmail(1)

     status  and  error messages which indicate the status of the
     daemon  and  the  results  while  fetching  mail  from   the
     server(s).   Error  messages  for  command  line options and
     parsing the .fetchmailrc file are still written  to  stderr,
     or  to  the specified log file.  The --nosyslog option turns
     off use  of  syslog(3),  assuming  it's  turned  on  in  the
     ~/.fetchmailrc file.

     The  -N  or  --nodetach  option suppresses backgrounding and
     detachment of the daemon process from its control  terminal.
     This  is  useful for debugging or when fetchmail runs as the
     child of a supervisor process  such  as  init(8)  or  Gerrit
     Pape's  runit(8).   Note  that  this also causes the logfile
     option to be ignored (though perhaps it shouldn't).

     Note that while running in daemon mode  polling  a  POP2  or
     IMAP2bis  server,  transient errors (such as DNS failures or
     sendmail delivery refusals) may force the fetchall option on
     for  the  duration  of  the  next  polling cycle.  This is a
     robustness feature.  It means that if a message  is  fetched
     (and  thus  marked seen by the mailserver) but not delivered
     locally due to some transient error, it will  be  re-fetched
     during  the next poll cycle.  (The IMAP logic doesn't delete
     messages until they're delivered, so this problem  does  not

     If  you touch or change the ~/.fetchmailrc file while fetch-
     mail is running in daemon mode, this will be detected at the
     beginning  of the next poll cycle.  When a changed ~/.fetch-
     mailrc is detected, fetchmail rereads it and  restarts  from
     scratch  (using exec(2); no state information is retained in
     the new instance).  Note that if fetchmail  needs  to  query
     for  passwords,  of  that  if  you  break the ~/.fetchmailrc
     file's syntax, the new instance  will  softly  and  silently
     vanish away on startup.

     The  --postmaster  <name>  option  (keyword: set postmaster)
     specifies the last-resort username to which  multidrop  mail
     is  to  be  forwarded  if no matching local recipient can be
     found. It is also used as destination of undeliverable  mail
     if  the  'bouncemail'  global option is off and additionally
     for spam-blocked mail if the 'bouncemail' global  option  is
     off  and  the  'spambounce' global option is on. This option
     defaults to the user who invoked fetchmail.  If the invoking
     user  is  root,  then the default of this option is the user
     'postmaster'.  Setting postmaster to the empty string causes
     such  mail as described above to be discarded - this however
     is usually a bad idea.  See  also  the  description  of  the
     'FETCHMAILUSER' environment variable in the ENVIRONMENT sec-
     tion below.

fetchmail         Last change: fetchmail 6.3.22                29

fetchmail reference manual                           fetchmail(1)

     The --nobounce behaves like the "set no  bouncemail"  global
     option, which see.

     The  --invisible  option  (keyword:  set invisible) tries to
     make fetchmail invisible.  Normally, fetchmail behaves  like
     any  other  MTA would -- it generates a Received header into
     each message describing its place in the chain of  transmis-
     sion,  and  tells  the MTA it forwards to that the mail came
     from the machine fetchmail itself is  running  on.   If  the
     invisible  option  is  on, the Received header is suppressed
     and fetchmail tries to spoof the MTA  it  forwards  to  into
     thinking it came directly from the mailserver host.

     The  --showdots option (keyword: set showdots) forces fetch-
     mail to show progress dots even if the output goes to a file
     or  fetchmail  is  not in verbose mode.  Fetchmail shows the
     dots by default when run in --verbose mode and  output  goes
     to console. This option is ignored in --silent mode.

     By specifying the --tracepolls option, you can ask fetchmail
     to add information  to  the  Received  header  on  the  form
     "polling  {label}  account  {user}",  where  {label}  is the
     account label (from the specified rcfile, normally ~/.fetch-
     mailrc)  and  {user} is the username which is used to log on
     to the mail server. This header can be used to make  filter-
     ing  email  where  no useful header information is available
     and you want mail from different accounts sorted  into  dif-
     ferent mailboxes (this could, for example, occur if you have
     an account on the same server running a  mailing  list,  and
     are  subscribed to the list using that account). The default
     is not adding any such header.   In  .fetchmailrc,  this  is
     called 'tracepolls'.

     The protocols fetchmail uses to talk to mailservers are next
     to bulletproof.  In normal operation forwarding to port  25,
     no  message is ever deleted (or even marked for deletion) on
     the host until the SMTP listener  on  the  client  side  has
     acknowledged  to  fetchmail that the message has been either
     accepted for delivery or rejected due to a spam block.

     When forwarding to an MDA, however, there is more  possibil-
     ity  of  error.   Some MDAs are 'safe' and reliably return a
     nonzero status on any delivery error, even one due to tempo-
     rary resource limits.  The maildrop(1) program is like this;
     so are most programs designed as mail transport agents, such
     as  sendmail(1),  including  the sendmail wrapper of Postfix
     and exim(1).  These programs give back a  reliable  positive
     acknowledgement  and can be used with the mda option with no
     risk of mail loss.  Unsafe MDAs, though, may return  0  even
     on delivery failure.  If this happens, you will lose mail.

fetchmail         Last change: fetchmail 6.3.22                30

fetchmail reference manual                           fetchmail(1)

     The  normal  mode  of  fetchmail  is to try to download only
     'new' messages, leaving untouched (and  undeleted)  messages
     you  have  already  read  directly on the server (or fetched
     with a previous fetchmail --keep).  But you  may  find  that
     messages you've already read on the server are being fetched
     (and deleted) even when you don't specify --all.  There  are
     several reasons this can happen.

     One  could  be  that  you're  using POP2.  The POP2 protocol
     includes no representation of 'new' or 'old' state  in  mes-
     sages,  so  fetchmail must treat all messages as new all the
     time.  But POP2 is obsolete, so this is unlikely.

     A potential POP3 problem might be servers that  insert  mes-
     sages  in  the middle of mailboxes (some VMS implementations
     of mail are rumored to do this).  The fetchmail code assumes
     that  new  messages  are appended to the end of the mailbox;
     when this is not true it may treat some old messages as  new
     and  vice versa.  Using UIDL whilst setting fastuidl 0 might
     fix this, otherwise, consider switching to IMAP.

     Yet another POP3 problem is that if they  can't  make  temp-
     files  in  the user's home directory, some POP3 servers will
     hand back an undocumented response that causes fetchmail  to
     spuriously report "No mail".

     The  IMAP  code  uses  the presence or absence of the server
     flag \Seen to decide whether or not a message is new.   This
     isn't the right thing to do, fetchmail should check the UID-
     VALIDITY and use UID, but it  doesn't  do  that  yet.  Under
     Unix,  it counts on your IMAP server to notice the BSD-style
     Status flags set by mail user agents and set the \Seen  flag
     from  them  when appropriate.  All Unix IMAP servers we know
     of do this, though it's not specified by the IMAP RFCs.   If
     you  ever  trip over a server that doesn't, the symptom will
     be that messages you have already read  on  your  host  will
     look  new to the server.  In this (unlikely) case, only mes-
     sages  you  fetched  with  fetchmail  --keep  will  be  both
     undeleted and marked old.

     In ETRN and ODMR modes, fetchmail does not actually retrieve
     messages; instead, it asks the  server's  SMTP  listener  to
     start  a  queue  flush to the client via SMTP.  Therefore it
     sends only undelivered messages.

     Many SMTP listeners allow administrators  to  set  up  'spam
     filters'   that   block  unsolicited  email  from  specified
     domains.  A MAIL FROM or DATA line that triggers  this  fea-
     ture  will  elicit  an  SMTP  response which (unfortunately)
     varies according to the listener.

fetchmail         Last change: fetchmail 6.3.22                31

fetchmail reference manual                           fetchmail(1)

     Newer versions of sendmail return an error code of 571.

     According to RFC2821, the correct thing to  return  in  this
     situation  is  550  "Requested  action  not  taken:  mailbox
     unavailable" (the draft adds "[E.g., mailbox not  found,  no
     access, or command rejected for policy reasons].").

     Older  versions  of the exim MTA return 501 "Syntax error in
     parameters or arguments".

     The postfix MTA runs 554 as an antispam response.

     Zmailer may reject code with a 500 response (followed by  an
     enhanced status code that contains more information).

     Return  codes  which  fetchmail treats as antispam responses
     and discards the message can  be  set  with  the  'antispam'
     option.   This  is  one of the only three circumstance under
     which fetchmail ever discards mail (the others are  the  552
     and  553 errors described below, and the suppression of mul-
     tidropped messages with a message-ID already seen).

     If fetchmail is fetching from an IMAP server,  the  antispam
     response  will  be detected and the message rejected immedi-
     ately after the headers have been fetched,  without  reading
     the  message body.  Thus, you won't pay for downloading spam
     message bodies.

     By default, the list of antispam responses is empty.

     If the spambounce global option is on, mail  that  is  spam-
     blocked triggers an RFC1892/RFC1894 bounce message informing
     the originator that we do not accept mail from it. See  also

     Besides  the  spam-blocking described above, fetchmail takes
     special actions on the following SMTP/ESMTP error responses

     452 (insufficient system storage)
          Leave the message  in  the  server  mailbox  for  later

     552 (message exceeds fixed maximum message size)
          Delete  the  message from the server.  Send bounce-mail
          to the originator.

     553 (invalid sending domain)
          Delete the message from the server.  Don't even try  to
          send bounce-mail to the originator.

fetchmail         Last change: fetchmail 6.3.22                32

fetchmail reference manual                           fetchmail(1)

     Other errors trigger bounce mail back to the originator. See
     also BUGS.

     The preferred way to set up fetchmail is to write a  .fetch-
     mailrc  file  in  your  home  directory  (you  may  do  this
     directly, with a text editor, or indirectly  via  fetchmail-
     conf).   When  there  is a conflict between the command-line
     arguments and the arguments in this file,  the  command-line
     arguments take precedence.

     To  protect  the  security of your passwords, your ~/.fetch-
     mailrc may not normally have more  than  0700  (u=rwx,g=,o=)
     permissions;  fetchmail  will  complain  and  exit otherwise
     (this check is suppressed when --version is on).

     You may read the .fetchmailrc file as a list of commands  to
     be executed when fetchmail is called with no arguments.

  Run Control Syntax
     Comments  begin with a '#' and extend through the end of the
     line.  Otherwise the file consists of  a  series  of  server
     entries or global option statements in a free-format, token-
     oriented syntax.

     There are four kinds of tokens:  grammar  keywords,  numbers
     (i.e. decimal digit sequences), unquoted strings, and quoted
     strings.  A quoted string is bounded by  double  quotes  and
     may  contain  whitespace (and quoted digits are treated as a
     string).  Note that quoted strings will  also  contain  line
     feed characters if they run across two or more lines, unless
     you use a backslash to join lines (see below).  An  unquoted
     string  is  any  whitespace-delimited  token that is neither
     numeric, string quoted nor contains the  special  characters
     ',', ';', ':', or '='.

     Any amount of whitespace separates tokens in server entries,
     but is otherwise  ignored.  You  may  use  backslash  escape
     sequences  (\n for LF, \t for HT, \b for BS, \r for CR, \nnn
     for decimal (where nnn cannot start with  a  0),  \0ooo  for
     octal,  and  \xhh for hex) to embed non-printable characters
     or string delimiters in strings.  In quoted strings, a back-
     slash  at  the  very  end of a line will cause the backslash
     itself and the line feed (LF or NL, new line)  character  to
     be  ignored,  so that you can wrap long strings. Without the
     backslash at the line end, the  line  feed  character  would
     become part of the string.

     Warning: while these resemble C-style escape sequences, they
     are not the  same.   fetchmail  only  supports  these  eight
     styles.  C  supports  more  escape sequences that consist of

fetchmail         Last change: fetchmail 6.3.22                33

fetchmail reference manual                           fetchmail(1)

     backslash (\) and a single character, but does  not  support
     decimal  codes  and  does not require the leading 0 in octal
     notation.  Example: fetchmail interprets \233  the  same  as
     \xE9 (Latin small letter e with acute), where C would inter-
     pret \233 as octal 0233 = \x9B (CSI, control sequence intro-

     Each  server entry consists of one of the keywords 'poll' or
     'skip', followed  by  a  server  name,  followed  by  server
     options,  followed  by  any  number  of  user  (or username)
     descriptions, followed by user options.  Note: the most com-
     mon  cause  of  syntax  errors  is mixing up user and server
     options or putting user options  before  the  user  descrip-

     For  backward  compatibility, the word 'server' is a synonym
     for 'poll'.

     You  can  use  the  noise  keywords  'and',  'with',  'has',
     'wants',  and  'options'  anywhere  in  an  entry to make it
     resemble English.  They're ignored, but but can make entries
     much easier to read at a glance.  The punctuation characters
     ':', ';' and ',' are also ignored.

  Poll vs. Skip
     The 'poll' verb tells fetchmail to query this host  when  it
     is  run  with no arguments.  The 'skip' verb tells fetchmail
     not to poll this host unless it is explicitly named  on  the
     command  line.   (The  'skip'  verb allows you to experiment
     with test entries safely,  or  easily  disable  entries  for
     hosts that are temporarily down.)

  Keyword/Option Summary
     Here  are  the  legal options.  Keyword suffixes enclosed in
     square brackets are optional.  Those corresponding to  short
     command-line options are followed by '-' and the appropriate
     option letter.  If option is only relevant to a single  mode
     of  operation,  it is noted as 's' or 'm' for singledrop- or
     multidrop-mode, respectively.

     Here are the legal global options:

     Keyword             Opt   Mode   Function
     set daemon          -d           Set a background poll interval  in
     set postmaster                   Give  the  name of the last-resort
                                      mail recipient (default: user run-
                                      ning  fetchmail,  "postmaster"  if
                                      run by the root user)

fetchmail         Last change: fetchmail 6.3.22                34

fetchmail reference manual                           fetchmail(1)

     set    bouncemail                Direct error mail  to  the  sender
     set no bouncemail                Direct  error  mail  to  the local
                                      postmaster (as per  the  'postmas-
                                      ter' global option above).
     set no spambounce                Do  not  bounce  spam-blocked mail
     set    spambounce                Bounce blocked  spam-blocked  mail
                                      (as   per   the   'antispam'  user
                                      option) back to the destination as
                                      indicated   by   the  'bouncemail'
                                      global option.   Warning:  Do  not
                                      use  this  to  bounce spam back to
                                      the sender -  most  spam  is  sent
                                      with false sender address and thus
                                      this   option    hurts    innocent
     set no softbounce                Delete  permanently  undeliverable
                                      mail. It  is  recommended  to  use
                                      this  option  if the configuration
                                      has been thoroughly tested.
     set    softbounce                Keep   permanently   undeliverable
                                      mail  as  though a temporary error
                                      had occurred (default).
     set logfile         -L           Name of a file to append error and
                                      status messages to.
     set idfile          -i           Name  of  the  file  to  store UID
                                      lists in.
     set    syslog                    Do  error  logging  through   sys-
     set no syslog                    Turn  off  error  logging  through
                                      syslog(3). (default)
     set properties                   String value that  is  ignored  by
                                      fetchmail  (may  be used by exten-
                                      sion scripts).

     Here are the legal server options:

     Keyword          Opt   Mode   Function
     via                           Specify DNS  name  of  mailserver,
                                   overriding poll name
     proto[col]       -p           Specify  protocol  (case  insensi-
                                   tive):  POP2,  POP3,  IMAP,  APOP,
     local[domains]         m      Specify  domain(s)  to be regarded
                                   as local
     port                          Specify TCP/IP service port (obso-
                                   lete, use 'service' instead).

fetchmail         Last change: fetchmail 6.3.22                35

fetchmail reference manual                           fetchmail(1)

     service          -P           Specify  service  name  (a numeric
                                   value is also allowed and  consid-
                                   ered a TCP/IP port number).
     auth[enticate]                Set  authentication  type (default
     timeout          -t           Server inactivity timeout in  sec-
                                   onds (default 300)
     envelope         -E    m      Specify   envelope-address  header
     no envelope            m      Disable   looking   for   envelope
     qvirtual         -Q    m      Qmail  virtual  domain  prefix  to
                                   remove from user name
     aka                    m      Specify  alternate  DNS  names  of
     interface        -I           specify  IP interface(s) that must
                                   be up  for  server  poll  to  take
     monitor          -M           Specify  IP address to monitor for
     plugin                        Specify command through  which  to
                                   make server connections.
     plugout                       Specify  command  through which to
                                   make listener connections.
     dns                    m      Enable DNS  lookup  for  multidrop
     no dns                 m      Disable DNS lookup for multidrop
     checkalias             m      Do  comparison  by  IP address for
     no checkalias          m      Do comparison  by  name  for  mul-
                                   tidrop (default)
     uidl             -U           Force   POP3  to  use  client-side
                                   UIDLs (recommended)
     no uidl                       Turn off POP3 use  of  client-side
                                   UIDLs (default)
     interval                      Only  check this site every N poll
                                   cycles; N is a numeric argument.
     tracepolls                    Add poll  tracing  information  to
                                   the Received header
     principal                     Set  Kerberos principal (only use-
                                   ful with IMAP and kerberos)
     esmtpname                     Set name for  RFC2554  authentica-
                                   tion to the ESMTP server.
     esmtppassword                 Set password for RFC2554 authenti-
                                   cation to the ESMTP server.
     bad-header                    How to treat messages with  a  bad
                                   header. Can be reject (default) or

     Here are the legal user descriptions and options:

fetchmail         Last change: fetchmail 6.3.22                36

fetchmail reference manual                           fetchmail(1)

     Keyword            Opt   Mode   Function
     user[name]         -u           This is the user  description  and
                                     must   come   first  after  server
                                     description  and  after   possible
                                     server  options,  and  before user
                                     It sets the remote user name if by
                                     itself  or followed by 'there', or
                                     the local user name if followed by
     is                              Connect   local  and  remote  user
     to                              Connect  local  and  remote   user
     pass[word]                      Specify remote account password
     ssl                             Connect  to server over the speci-
                                     fied  base  protocol   using   SSL
     sslcert                         Specify  file for client side pub-
                                     lic SSL certificate
     sslcertfile                     Specify file with trusted CA  cer-
     sslcertpath                     Specify c_rehash-ed directory with
                                     trusted CA certificates.
     sslkey                          Specify file for client side  pri-
                                     vate SSL key
     sslproto                        Force ssl protocol for connection
     folder             -r           Specify remote folder to query
     smtphost           -S           Specify smtp host(s) to forward to
     fetchdomains             m      Specify  domains  for  which  mail
                                     should be fetched
     smtpaddress        -D           Specify  the  domain  to be put in
                                     RCPT TO lines
     smtpname                        Specify the user and domain to  be
                                     put in RCPT TO lines
     antispam           -Z           Specify   what  SMTP  returns  are
                                     interpreted as spam-policy blocks
     mda                -m           Specify MDA for local delivery
     bsmtp              -o           Specify BSMTP batch file to append
     preconnect                      Command to be executed before each
     postconnect                     Command to be executed after  each
     keep               -k           Don't  delete  seen  messages from
                                     server (for POP3, uidl  is  recom-
     flush              -F           Flush  all  seen  messages  before
                                     querying (DANGEROUS)

fetchmail         Last change: fetchmail 6.3.22                37

fetchmail reference manual                           fetchmail(1)

     limitflush                      Flush   all   oversized   messages
                                     before querying
     fetchall           -a           Fetch all messages whether seen or
     rewrite                         Rewrite destination addresses  for
                                     reply (default)
     stripcr                         Strip  carriage  returns from ends
                                     of lines
     forcecr                         Force carriage returns at ends  of
     pass8bits                       Force  BODY=8BITMIME to ESMTP lis-
     dropstatus                      Strip Status and  X-Mozilla-Status
                                     lines out of incoming mail
     dropdelivered                   Strip  Delivered-To  lines  out of
                                     incoming mail
     mimedecode                      Convert quoted-printable to  8-bit
                                     in MIME messages
     idle                            Idle   waiting  for  new  messages
                                     after each poll (IMAP only)
     no keep            -K           Delete seen messages  from  server
     no flush                        Don't   flush  all  seen  messages
                                     before querying (default)
     no fetchall                     Retrieve   only    new    messages
     no rewrite                      Don't rewrite headers
     no stripcr                      Don't   strip   carriage   returns
     no forcecr                      Don't force  carriage  returns  at
                                     EOL (default)
     no pass8bits                    Don't force BODY=8BITMIME to ESMTP
                                     listener (default)
     no dropstatus                   Don't    drop    Status    headers
     no dropdelivered                Don't  drop  Delivered-To  headers
     no mimedecode                   Don't convert quoted-printable  to
                                     8-bit in MIME messages (default)
     no idle                         Don't  idle  waiting  for new mes-
                                     sages after each poll (IMAP only)
     limit              -l           Set message size limit
     warnings           -w           Set message size warning interval
     batchlimit         -b           Max # messages to forward in  sin-
                                     gle connect
     fetchlimit         -B           Max  # messages to fetch in single
     fetchsizelimit                  Max # message sizes  to  fetch  in
                                     single transaction
     fastuidl                        Use binary search for first unseen
                                     message (POP3 only)

fetchmail         Last change: fetchmail 6.3.22                38

fetchmail reference manual                           fetchmail(1)

     expunge            -e           Perform an expunge  on  every  #th
                                     message (IMAP and POP3 only)
     properties                      String  value is ignored by fetch-
                                     mail (may  be  used  by  extension

     All user options must begin with a user description (user or
     username option) and  follow  all  server  descriptions  and

     In the .fetchmailrc file, the 'envelope' string argument may
     be preceded by a whitespace-separated number.  This  number,
     if  specified,  is  the  number of such headers to skip over
     (that is, an argument of 1 selects the second header of  the
     given  type).   This  is  sometime useful for ignoring bogus
     envelope headers created by an ISP's local delivery agent or
     internal  forwards  (through  mail  inspection  systems, for

  Keywords Not Corresponding To Option Switches
     The 'folder' and 'smtphost' options (unlike  their  command-
     line  equivalents) can take a space- or comma-separated list
     of names following them.

     All options correspond to  the  obvious  command-line  argu-
     ments, except the following: 'via', 'interval', 'aka', 'is',
     'to', 'dns'/'no dns', 'checkalias'/'no  checkalias',  'pass-
     word',    'preconnect',    'postconnect',    'localdomains',
     'stripcr'/'no     stripcr',     'forcecr'/'no      forcecr',
     'pass8bits'/'no   pass8bits'   'dropstatus/no   dropstatus',
     'dropdelivered/no  dropdelivered',  'mimedecode/no   mimede-
     code', 'no idle', and 'no envelope'.

     The  'via'  option  is for if you want to have more than one
     configuration pointing at the same site.  If it is  present,
     the  string argument will be taken as the actual DNS name of
     the mailserver host to query.  This will override the  argu-
     ment  of poll, which can then simply be a distinct label for
     the configuration (e.g. what you would give on  the  command
     line to explicitly query this host).

     The  'interval'  option  (which  takes  a  numeric argument)
     allows you to poll a server less frequently than  the  basic
     poll  interval.   If  you  say  'interval N' the server this
     option is attached to will only  be  queried  every  N  poll

  Singledrop vs. Multidrop options
     Please  ensure you read the section titled THE USE AND ABUSE
     OF MULTIDROP MAILBOXES if you intend to use multidrop  mode.

fetchmail         Last change: fetchmail 6.3.22                39

fetchmail reference manual                           fetchmail(1)

     The  'is'  or  'to'  keywords  associate the following local
     (client) name(s) (or  server-name  to  client-name  mappings
     separated  by =) with the mailserver user name in the entry.
     If an is/to list has '*'  as  its  last  name,  unrecognized
     names  are  simply passed through. Note that until fetchmail
     version 6.3.4 inclusively, these lists  could  only  contain
     local  parts of user names (fetchmail would only look at the
     part before the @ sign). fetchmail versions 6.3.5 and  newer
     support  full  addresses on the left hand side of these map-
     pings, and they take  precedence  over  any  'localdomains',
     'aka', 'via' or similar mappings.

     A  single local name can be used to support redirecting your
     mail when your username on the client machine  is  different
     from your name on the mailserver.  When there is only a sin-
     gle local name, mail is forwarded  to  that  local  username
     regardless  of the message's Received, To, Cc, and Bcc head-
     ers.  In this case, fetchmail never does DNS lookups.

     When there is more than one local name  (or  name  mapping),
     fetchmail  looks  at the envelope header, if configured, and
     otherwise at the  Received,  To,  Cc,  and  Bcc  headers  of
     retrieved  mail  (this  is  'multidrop mode').  It looks for
     addresses with hostname parts that match your poll  name  or
     your  'via',  'aka'  or  'localdomains' options, and usually
     also for hostname parts which DNS tells it  are  aliases  of
     the  mailserver.  See the discussion of 'dns', 'checkalias',
     'localdomains',  and  'aka'  for  details  on  how  matching
     addresses are handled.

     If fetchmail cannot match any mailserver usernames or local-
     domain addresses, the mail will  be  bounced.   Normally  it
     will  be  bounced  to  the  sender,  but if the 'bouncemail'
     global option is off, the mail will go to the local postmas-
     ter instead.  (see the 'postmaster' global option). See also

     The 'dns' option (normally on) controls  the  way  addresses
     from  multidrop mailboxes are checked.  On, it enables logic
     to check each host address that does not match an  'aka'  or
     'localdomains'  declaration by looking it up with DNS.  When
     a mailserver username is recognized attached to  a  matching
     hostname  part,  its  local  mapping is added to the list of
     local recipients.

     The 'checkalias' option (normally off) extends  the  lookups
     performed  by the 'dns' keyword in multidrop mode, providing
     a way to cope with  remote  MTAs  that  identify  themselves
     using  their  canonical  name, while they're polled using an
     alias.  When such a server is polled, checks to extract  the
     envelope  address  fail,  and  fetchmail reverts to delivery
     using the To/Cc/Bcc headers (See below 'Header vs.  Envelope

fetchmail         Last change: fetchmail 6.3.22                40

fetchmail reference manual                           fetchmail(1)

     addresses').   Specifying this option instructs fetchmail to
     retrieve all the IP addresses associated with both the  poll
     name and the name used by the remote MTA and to do a compar-
     ison of the IP addresses.  This comes in handy in situations
     where  the  remote  server undergoes frequent canonical name
     changes, that would otherwise require modifications  to  the
     rcfile.  'checkalias' has no effect if 'no dns' is specified
     in the rcfile.

     The 'aka' option is for use with  multidrop  mailboxes.   It
     allows  you  to  pre-declare  a  list  of  DNS aliases for a
     server.  This is an optimization hack  that  allows  you  to
     trade  space  for speed.  When fetchmail, while processing a
     multidrop mailbox, grovels through message  headers  looking
     for  names  of the mailserver, pre-declaring common ones can
     save it from having to do DNS lookups.  Note: the names  you
     give as arguments to 'aka' are matched as suffixes -- if you
     specify (say) 'aka', this will match not  just  a
     hostname,  but  any  hostname  that  ends  with
     '';   such   as   (say)    and

     The  'localdomains'  option  allows you to declare a list of
     domains which fetchmail should consider local.  When  fetch-
     mail  is  parsing  address  lines  in multidrop modes, and a
     trailing segment of a host name  matches  a  declared  local
     domain,  that  address  is passed through to the listener or
     MDA unaltered (local-name mappings are not applied).

     If you are using 'localdomains', you may also need to  spec-
     ify 'no envelope', which disables fetchmail's normal attempt
     to deduce an envelope address from the Received line  or  X-
     Envelope-To  header  or  whatever header has been previously
     set by 'envelope'.  If you set 'no envelope' in the defaults
     entry  it  is possible to undo that in individual entries by
     using 'envelope <string>'.  As  a  special  case,  'envelope
     "Received"'  restores the default parsing of Received lines.

     The password option requires a string argument, which is the
     password to be used with the entry's server.

     The  'preconnect' keyword allows you to specify a shell com-
     mand to be executed just before each time  fetchmail  estab-
     lishes  a  mailserver connection.  This may be useful if you
     are attempting to set up secure POP connections with the aid
     of  ssh(1).   If  the  command returns a nonzero status, the
     poll of that mailserver will be aborted.

     Similarly, the 'postconnect' keyword similarly allows you to
     specify  a shell command to be executed just after each time
     a mailserver connection is taken down.

fetchmail         Last change: fetchmail 6.3.22                41

fetchmail reference manual                           fetchmail(1)

     The 'forcecr' option controls whether lines terminated by LF
     only are given CRLF termination before forwarding.  Strictly
     speaking RFC821 requires this,  but  few  MTAs  enforce  the
     requirement it so this option is normally off (only one such
     MTA, qmail, is in significant use at time of writing).

     The 'stripcr' option controls whether carriage  returns  are
     stripped  out  of retrieved mail before it is forwarded.  It
     is normally not necessary to set this, because  it  defaults
     to 'on' (CR stripping enabled) when there is an MDA declared
     but 'off' (CR stripping disabled)  when  forwarding  is  via
     SMTP.   If  'stripcr'  and  'forcecr' are both on, 'stripcr'
     will override.

     The 'pass8bits' option exists to cope  with  Microsoft  mail
     programs  that  stupidly  slap a "Content-Transfer-Encoding:
     7bit" on everything.  With this option off (the default) and
     such  a  header  present, fetchmail declares BODY=7BIT to an
     ESMTP-capable listener; this causes  problems  for  messages
     actually using 8-bit ISO or KOI-8 character sets, which will
     be garbled  by  having  the  high  bits  of  all  characters
     stripped.   If  'pass8bits'  is  on,  fetchmail is forced to
     declare BODY=8BITMIME to any ESMTP-capable listener.  If the
     listener  is 8-bit-clean (as all the major ones now are) the
     right thing will probably result.

     The 'dropstatus' option controls whether nonempty Status and
     X-Mozilla-Status  lines  are  retained  in fetched mail (the
     default) or discarded.  Retaining them allows  your  MUA  to
     see  what  messages (if any) were marked seen on the server.
     On the other hand, it can confuse some  new-mail  notifiers,
     which assume that anything with a Status line in it has been
     seen.  (Note: the empty Status lines inserted by some  buggy
     POP servers are unconditionally discarded.)

     The  'dropdelivered'  option  controls  whether Delivered-To
     headers will be kept in fetched mail (the default)  or  dis-
     carded.  These  headers  are  added  by  Qmail  and  Postfix
     mailservers in order to avoid mail loops but may get in your
     way  if  you  try  to  "mirror" a mailserver within the same
     domain. Use with caution.

     The 'mimedecode' option controls whether MIME messages using
     the  quoted-printable  encoding  are automatically converted
     into pure 8-bit data. If  you  are  delivering  mail  to  an
     ESMTP-capable,  8-bit-clean  listener  (that includes all of
     the major MTAs like sendmail), then this will  automatically
     convert quoted-printable message headers and data into 8-bit
     data, making it easier to understand when reading  mail.  If
     your  e-mail  programs  know how to deal with MIME messages,
     then this option is not needed.  The  mimedecode  option  is
     off  by default, because doing RFC2047 conversion on headers

fetchmail         Last change: fetchmail 6.3.22                42

fetchmail reference manual                           fetchmail(1)

     throws away character-set information and can  lead  to  bad
     results if the encoding of the headers differs from the body

     The 'idle' option is intended to be used with  IMAP  servers
     supporting  the RFC2177 IDLE command extension, but does not
     strictly require  it.   If  it  is  enabled,  and  fetchmail
     detects  that  IDLE  is supported, an IDLE will be issued at
     the end of each poll.  This will tell  the  IMAP  server  to
     hold the connection open and notify the client when new mail
     is available.  If IDLE is not supported, fetchmail will sim-
     ulate it by periodically issuing NOOP. If you need to poll a
     link frequently, IDLE  can  save  bandwidth  by  eliminating
     TCP/IP  connects  and  LOGIN/LOGOUT  sequences. On the other
     hand, an IDLE connection will eat almost all of your  fetch-
     mail's  time,  because it will never drop the connection and
     allow other polls to occur unless the server times  out  the
     IDLE.   It also doesn't work with multiple folders; only the
     first folder will ever be polled.

     The 'properties' option is an extension mechanism.  It takes
     a  string  argument,  which  is ignored by fetchmail itself.
     The string argument  may  be  used  to  store  configuration
     information  for  scripts  which require it.  In particular,
     the output of '--configdump'  option  will  make  properties
     associated  with  a user entry readily available to a Python

  Miscellaneous Run Control Options
     The words 'here' and 'there' have useful  English-like  sig-
     nificance.  Normally 'user eric is esr' would mean that mail
     for the remote user 'eric' is to be delivered to 'esr',  but
     you  can make this clearer by saying 'user eric there is esr
     here', or reverse it by saying 'user esr here is eric there'

     Legal  protocol identifiers for use with the 'protocol' key-
     word are:

         auto (or AUTO) (legacy, to be removed from future release)
         pop2 (or POP2) (legacy, to be removed from future release)
         pop3 (or POP3)
         sdps (or SDPS)
         imap (or IMAP)
         apop (or APOP)
         kpop (or KPOP)

     Legal authentication  types  are  'any',  'password',  'ker-
     beros',    'kerberos_v4',    'kerberos_v5'   and   'gssapi',
     'cram-md5', 'otp', 'msn' (only  for  POP3),  'ntlm',  'ssh',
     'external'  (only  IMAP).   The  'password'  type  specifies

fetchmail         Last change: fetchmail 6.3.22                43

fetchmail reference manual                           fetchmail(1)

     authentication by normal transmission  of  a  password  (the
     password  may  be plain text or subject to protocol-specific
     encryption as in CRAM-MD5); 'kerberos'  tells  fetchmail  to
     try  to  get  a  Kerberos  ticket at the start of each query
     instead, and send an arbitrary string as the  password;  and
     'gssapi'  tells fetchmail to use GSSAPI authentication.  See
     the description of the 'auth' keyword for more.

     Specifying 'kpop' sets POP3 protocol  over  port  1109  with
     Kerberos  V4 authentication.  These defaults may be overrid-
     den by later options.

     There are some global option statements: 'set logfile'  fol-
     lowed  by  a string sets the same global specified by --log-
     file.  A command-line --logfile option will  override  this.
     Note  that --logfile is only effective if fetchmail detaches
     itself from the terminal  and  the  logfile  already  exists
     before  fetchmail  is run, and it overrides --syslog in this
     case.  Also, 'set daemon' sets the poll interval as --daemon
     does.   This  can  be  overridden by a command-line --daemon
     option; in particular --daemon 0 can be used to force  fore-
     ground  operation.  The  'set postmaster' statement sets the
     address to which multidrop mail defaults  if  there  are  no
     local  matches.  Finally, 'set syslog' sends log messages to

  Fetchmail crashing
     There are various ways in that fetchmail may "crash", i.  e.
     stop  operation suddenly and unexpectedly. A "crash" usually
     refers to an error condition that the software did not  han-
     dle  by  itself. A well-known failure mode is the "segmenta-
     tion fault" or "signal 11" or "SIGSEGV" or  just  "segfault"
     for  short.  These  can be caused by hardware or by software
     problems. Software-induced segfaults can usually  be  repro-
     duced easily and in the same place, whereas hardware-induced
     segfaults can go away if the computer is rebooted,  or  pow-
     ered off for a few hours, and can happen in random locations
     even if you use the software the same way.

     For solving hardware-induced segfaults, find the faulty com-
     ponent and repair or replace it.  may help you with details.

     For solving software-induced segfaults, the  developers  may
     need a "stack backtrace".

  Enabling fetchmail core dumps
     By  default,  fetchmail suppresses core dumps as these might
     contain  passwords  and  other  sensitive  information.  For
     debugging  fetchmail  crashes, obtaining a "stack backtrace"

fetchmail         Last change: fetchmail 6.3.22                44

fetchmail reference manual                           fetchmail(1)

     from a core dump is often the  quickest  way  to  solve  the
     problem,  and  when  posting your problem on a mailing list,
     the developers may ask you for a "backtrace".

     1. To get useful backtraces, fetchmail needs to be installed
     without getting stripped of its compilation symbols.  Unfor-
     tunately,  most  binary  packages  that  are  installed  are
     stripped,  and  core files from symbol-stripped programs are
     worthless. So you may need to recompile fetchmail.  On  many
     systems, you can type

             file `which fetchmail`

     to  find  out  if  fetchmail  was symbol-stripped or not. If
     yours was unstripped, fine, proceed, if it was stripped, you
     need  to recompile the source code first. You do not usually
     need to install fetchmail in order to debug it.

     2. The shell environment  that  starts  fetchmail  needs  to
     enable core dumps. The key is the "maximum core (file) size"
     that can usually be configured with a tool named "limit"  or
     "ulimit".  See the documentation for your shell for details.
     In the popular bash shell, "ulimit -Sc unlimited" will allow
     the core dump.

     3.  You need to tell fetchmail, too, to allow core dumps. To
     do this, run fetchmail with the -d0 -v options.  It is often
     easier to also add --nosyslog -N as well.

     Finally, you need to reproduce the crash. You can just start
     fetchmail from the directory where you compiled it by typing
     ./fetchmail,  so  the  complete command line will start with
     ./fetchmail -Nvd0 --nosyslog and  perhaps  list  your  other

     After  the crash, run your debugger to obtain the core dump.
     The debugger will often  be  GNU  GDB,  you  can  then  type
     (adjust  paths  as necessary) gdb ./fetchmail fetchmail.core
     and then, after GDB has started up and read all  its  files,
     type  backtrace full, save the output (copy & paste will do,
     the backtrace will be read by a human) and then type quit to
     leave  gdb.  Note: on some systems, the core files have dif-
     ferent names, they might contain a  number  instead  of  the
     program  name,  or number and name, but it will usually have
     "core" as part of their name.

     When trying to determine the originating address of  a  mes-
     sage,  fetchmail  looks  through  headers  in  the following

fetchmail         Last change: fetchmail 6.3.22                45

fetchmail reference manual                           fetchmail(1)

             Resent-Sender: (ignored if it doesn't contain an @ or !)
             Sender: (ignored if it doesn't contain an @ or !)

     The originating address is used for logging, and to set  the
     MAIL  FROM  address  when forwarding to SMTP.  This order is
     intended to cope gracefully with receiving mailing list mes-
     sages  in  multidrop  mode.  The  intent  is that if a local
     address doesn't exist, the bounce message won't be  returned
     blindly  to  the author or to the list itself, but rather to
     the list manager (which is less annoying).

     In multidrop mode, destination headers are processed as fol-
     lows: First, fetchmail looks for the header specified by the
     'envelope' option in order to determine the local  recipient
     address.  If  the mail is addressed to more than one recipi-
     ent, the Received line won't contain any information regard-
     ing recipient addresses.

     Then  fetchmail  looks  for  the Resent-To:, Resent-Cc:, and
     Resent-Bcc: lines.  If they exist, they should  contain  the
     final recipients and have precedence over their To:/Cc:/Bcc:
     counterparts.  If the Resent-* lines don't exist,  the  To:,
     Cc:,  Bcc:  and  Apparently-To:  lines  are looked for. (The
     presence of a Resent-To: is taken to imply that  the  person
     referred  by the To: address has already received the origi-
     nal copy of the mail.)

     Note that although there are password declarations in a good
     many  of the examples below, this is mainly for illustrative
     purposes.  We recommend stashing account/password  pairs  in
     your  $HOME/.netrc  file, where they can be used not just by
     fetchmail but by ftp(1) and other programs.

     The basic format is:

          poll SERVERNAME protocol PROTOCOL username  NAME  pass-
          word PASSWORD


          poll protocol pop3 username "jsmith" password "secret1"

fetchmail         Last change: fetchmail 6.3.22                46

fetchmail reference manual                           fetchmail(1)

     Or, using some abbreviations:

          poll proto pop3 user "jsmith" password "secret1"

     Multiple servers may be listed:

          poll proto pop3 user "jsmith" pass "secret1"
          poll proto pop2 user "John.Smith" pass "My^Hat"

     Here's  the same version with more whitespace and some noise

          poll proto pop3
               user "jsmith", with password secret1, is "jsmith" here;
          poll proto pop2:
               user "John.Smith", with password "My^Hat", is "John.Smith" here;

     If you need to include whitespace in a parameter  string  or
     start the latter with a number, enclose the string in double
     quotes.  Thus:

          poll with proto pop3:
               user "jsmith" there has password "4u but u can't krak this"
               is jws here and wants mda "/bin/mail"

     You may have an initial server  description  headed  by  the
     keyword  'defaults'  instead  of  'poll' followed by a name.
     Such a record is interpreted as defaults for all queries  to
     use.  It  may  be  overwritten by individual server descrip-
     tions.  So, you could write:

          defaults proto pop3
               user "jsmith"
               pass "secret1"
               user "jjsmith" there has password "secret2"

fetchmail         Last change: fetchmail 6.3.22                47

fetchmail reference manual                           fetchmail(1)

     It's possible to specify more than one user per server.  The
     'user'  keyword leads off a user description, and every user
     specification in a multi-user entry must include it.  Here's
     an example:

          poll proto pop3 port 3111
               user "jsmith" with pass "secret1" is "smith" here
               user jones with pass "secret2" is "jjones" here keep

     This   associates   the  local  username  'smith'  with  the username 'jsmith' and  the  local  username
     'jjones'  with  the username 'jones'.  Mail
     for 'jones' is kept on the server after download.

     Here's what a simple retrieval configuration for a multidrop
     mailbox looks like:

               user maildrop with pass secret1 to golux 'hurkle'='happy' snark here

     This  says  that  the  mailbox  of account 'maildrop' on the
     server is a multidrop box, and that messages in it should be
     parsed  for  the  server  user  names 'golux', 'hurkle', and
     'snark'.  It further specifies that 'golux' and 'snark' have
     the  same  name on the client as on the server, but mail for
     server user 'hurkle' should  be  delivered  to  client  user

     Note that fetchmail, until version 6.3.4, did NOT allow full
     user@domain specifications here, these  would  never  match.
     Fetchmail 6.3.5 and newer support user@domain specifications
     on the left-hand side of a user mapping.

     Here's an example of another kind of multidrop connection:

          poll localdomains
               envelope X-Envelope-To
               user maildrop with pass secret1 to * here

fetchmail         Last change: fetchmail 6.3.22                48

fetchmail reference manual                           fetchmail(1)

     This also says that the mailbox of account 'maildrop' on the
     server  is  a  multidrop  box.   It tells fetchmail that any
     address in the or domains  (includ-
     ing  sub-domain  addresses  like '')
     should be passed through to the local SMTP listener  without
     modification.  Be careful of mail loops if you do this!

     Here's  an  example  configuration  using ssh and the plugin
     option.  The queries are made directly on the stdin and std-
     out of imapd via ssh.  Note that in this setup, IMAP authen-
     tication can be skipped.

          poll with proto imap:
               plugin "ssh %h /usr/sbin/imapd" auth ssh;
               user esr is esr here

     Use the multiple-local-recipients feature with caution -- it
     can  bite.   All  multidrop features are ineffective in ETRN
     and ODMR modes.

     Also, note that in multidrop mode duplicate mails  are  sup-
     pressed.   A piece of mail is considered duplicate if it has
     the same message-ID as the message immediately preceding and
     more  than one addressee.  Such runs of messages may be gen-
     erated when copies of a message addressed to multiple  users
     are delivered to a multidrop box.

  Header vs. Envelope addresses
     The  fundamental  problem  is that by having your mailserver
     toss several peoples' mail in a single maildrop box, you may
     have  thrown  away  potentially  vital information about who
     each piece of mail was actually addressed to (the  'envelope
     address',  as  opposed to the header addresses in the RFC822
     To/Cc headers - the Bcc is not available  at  the  receiving
     end).   This  'envelope  address' is the address you need in
     order to reroute mail properly.

     Sometimes fetchmail can deduce the envelope address.  If the
     mailserver MTA is sendmail and the item of mail had just one
     recipient, the MTA will have written a 'by/for' clause  that
     gives  the  envelope addressee into its Received header. But
     this doesn't work reliably for other MTAs, nor if  there  is
     more  than  one  recipient.  By default, fetchmail looks for
     envelope addresses in these  lines;  you  can  restore  this
     default with -E "Received" or 'envelope Received'.

fetchmail         Last change: fetchmail 6.3.22                49

fetchmail reference manual                           fetchmail(1)

     As  a  better  alternative,  some SMTP listeners and/or mail
     servers insert a header in each message containing a copy of
     the  envelope  addresses.   This  header (when it exists) is
     often 'X-Original-To',  'Delivered-To'  or  'X-Envelope-To'.
     Fetchmail's assumption about this can be changed with the -E
     or 'envelope' option.  Note that writing an envelope  header
     of  this  kind  exposes  the  names of recipients (including
     blind-copy recipients) to all receivers of the messages,  so
     the  upstream must store one copy of the message per recipi-
     ent to avoid becoming a privacy problem.

     Postfix, since version 2.0, writes an X-Original-To:  header
     which contains a copy of the envelope as it was received.

     Qmail  and  Postfix  generally write a 'Delivered-To' header
     upon delivering the message to the mail spool and use it  to
     avoid mail loops.  Qmail virtual domains however will prefix
     the user name with a string that normally matches the user's
     domain.  To  remove this prefix you can use the -Q or 'qvir-
     tual' option.

     Sometimes, unfortunately, neither of  these  methods  works.
     That  is  the point when you should contact your ISP and ask
     them to provide such an envelope header, and you should  not
     use multidrop in this situation.  When they all fail, fetch-
     mail must fall back on the contents of  To/Cc  headers  (Bcc
     headers  are  not available - see below) to try to determine
     recipient addressees -- and these are unreliable.   In  par-
     ticular,  mailing-list  software  often ships mail with only
     the list broadcast address in the To header.

     Note that a future version of  fetchmail  may  remove  To/Cc

     When  fetchmail  cannot  deduce  a recipient address that is
     local, and the intended recipient address was  anyone  other
     than fetchmail's invoking user, mail will get lost.  This is
     what makes the multidrop feature risky without proper  enve-
     lope information.

     A  related  problem  is that when you blind-copy a mail mes-
     sage, the  Bcc  information  is  carried  only  as  envelope
     address  (it's  removed from the headers by the sending mail
     server, so fetchmail can see it only if there is an  X-Enve-
     lope-To  header).   Thus,  blind-copying to someone who gets
     mail over a fetchmail multidrop link will  fail  unless  the
     the  mailserver  host  routinely  writes X-Envelope-To or an
     equivalent header into messages in your maildrop.

     In conclusion, mailing lists and Bcc'd mail can only work if
     the server you're fetching from

fetchmail         Last change: fetchmail 6.3.22                50

fetchmail reference manual                           fetchmail(1)

     (1)  stores  one  copy  of the message per recipient in your
          domain and

     (2)  records the envelope information in  a  special  header
          (X-Original-To, Delivered-To, X-Envelope-To).

  Good Ways To Use Multidrop Mailboxes
     Multiple  local  names  can  be used to administer a mailing
     list from the client side of a fetchmail  collection.   Sup-
     pose  your  name is 'esr', and you want to both pick up your
     own mail and maintain a mailing list  called  (say)  "fetch-
     mail-friends",  and  you want to keep the alias list on your
     client machine.

     On your server, you can alias 'fetchmail-friends' to  'esr';
     then,   in   your   .fetchmailrc,  declare  'to  esr  fetch-
     mail-friends  here'.   Then,  when  mail  including  'fetch-
     mail-friends' as a local address gets fetched, the list name
     will be appended to the list of recipients  your  SMTP  lis-
     tener  sees.   Therefore  it  will  undergo  alias expansion
     locally.  Be sure to include 'esr' in the local alias expan-
     sion  of  fetchmail-friends,  or  you'll never see mail sent
     only to the list.  Also be sure that your listener  has  the
     "me-too"  option set (sendmail's -oXm command-line option or
     OXm declaration) so  your  name  isn't  removed  from  alias
     expansions in messages you send.

     This  trick  is  not  without its problems, however.  You'll
     begin to see this when a message comes in that is  addressed
     only  to  a mailing list you do not have declared as a local
     name.  Each such message will feature an  'X-Fetchmail-Warn-
     ing' header which is generated because fetchmail cannot find
     a valid local name in the recipient  addresses.   Such  mes-
     sages  default (as was described above) to being sent to the
     local user running fetchmail, but the program has no way  to
     know that that's actually the right thing.

  Bad Ways To Abuse Multidrop Mailboxes
     Multidrop  mailboxes and fetchmail serving multiple users in
     daemon mode do not mix.  The problem, again,  is  mail  from
     mailing  lists,  which typically does not have an individual
     recipient address on it.   Unless fetchmail  can  deduce  an
     envelope address, such mail will only go to the account run-
     ning fetchmail (probably root).   Also,  blind-copied  users
     are very likely never to see their mail at all.

     If you're tempted to use fetchmail to retrieve mail for mul-
     tiple users from a single mail drop via POP or  IMAP,  think
     again  (and  reread  the  section  on  header  and  envelope
     addresses above).  It would be smarter to just let the  mail

fetchmail         Last change: fetchmail 6.3.22                51

fetchmail reference manual                           fetchmail(1)

     sit  in  the  mailserver's queue and use fetchmail's ETRN or
     ODMR modes to trigger SMTP sends  periodically  (of  course,
     this  means  you  have  to  poll  more  frequently  than the
     mailserver's expiry period).  If you can't arrange this, try
     setting up a UUCP feed.

     If  you absolutely must use multidrop for this purpose, make
     sure your mailserver writes an envelope-address header  that
     fetchmail can see.  Otherwise you will lose mail and it will
     come back to haunt you.

  Speeding Up Multidrop Checking
     Normally,  when  multiple  users  are   declared   fetchmail
     extracts  recipient  addresses as described above and checks
     each host part with DNS to see  if  it's  an  alias  of  the
     mailserver.   If  so, the name mappings described in the "to
     ... here" declaration are done and the mail  locally  deliv-

     This  is a convenient but also slow method.  To speed it up,
     pre-declare mailserver aliases with 'aka'; these are checked
     before  DNS  lookups  are  done.  If you're certain your aka
     list contains all DNS aliases of the mailserver (and all  MX
     names pointing at it - note this may change in a future ver-
     sion) you can declare  'no  dns'  to  suppress  DNS  lookups
     entirely and only match against the aka list.

     Support for socks4/5 is a compile time configuration option.
     Once compiled  in,  fetchmail  will  always  use  the  socks
     libraries  and  configuration  on  your system, there are no
     run-time switches in fetchmail - but you can still configure
     SOCKS:  you  can  specify  which SOCKS configuration file is
     used in the SOCKS_CONF environment variable.

     For instance, if you wanted to bypass the SOCKS proxy  alto-
     gether  and  have fetchmail connect directly, you could just
     pass SOCKS_CONF=/dev/null in the  environment,  for  example
     (add  your  usual command line options - if any - to the end
     of this line):

     env SOCKS_CONF=/dev/null fetchmail

     To facilitate the use of  fetchmail  in  shell  scripts,  an
     exit status  code  is returned to give an indication of what
     occurred during a given connection.

fetchmail         Last change: fetchmail 6.3.22                52

fetchmail reference manual                           fetchmail(1)

     The exit codes returned by fetchmail are as follows:

     0    One or more messages were successfully  retrieved  (or,
          if  the  -c option was selected, were found waiting but
          not retrieved).

     1    There was no mail awaiting retrieval.  (There may  have
          been  old mail still on the server but not selected for
          retrieval.) If you do not want "no mail" to be an error
          condition  (for  instance, for cron jobs), use a POSIX-
          compliant shell and add

          || [ $? -eq 1 ]

          to the end of the fetchmail  command  line,  note  that
          this  leaves  0  untouched,  maps  1 to 0, and maps all
          other codes to 1. See also item #C8 in the FAQ.

     2    An error was encountered  when  attempting  to  open  a
          socket  to  retrieve  mail.   If  you don't know what a
          socket is, don't worry about it -- just treat  this  as
          an  'unrecoverable  error'.   This  error  can  also be
          because a protocol fetchmail wants to use is not listed
          in /etc/services.

     3    The  user  authentication  step  failed.   This usually
          means that a bad user-id,  password,  or  APOP  id  was
          specified.  Or it may mean that you tried to run fetch-
          mail under circumstances where it did not have standard
          input attached to a terminal and could not prompt for a
          missing password.

     4    Some sort of fatal protocol error was detected.

     5    There was a syntax error in the arguments to fetchmail,
          or a pre- or post-connect command failed.

     6    The run control file had bad permissions.

     7    There  was  an  error condition reported by the server.
          Can also fire if fetchmail timed out while waiting  for
          the server.

     8    Client-side  exclusion  error.   This  means  fetchmail
          either found another copy of itself already running, or
          failed in such a way that it isn't sure whether another
          copy is running.

     9    The user authentication step failed because the  server
          responded  "lock busy".  Try again after a brief pause!
          This error is not implemented for  all  protocols,  nor
          for  all  servers.  If not implemented for your server,

fetchmail         Last change: fetchmail 6.3.22                53

fetchmail reference manual                           fetchmail(1)

          "3" will  be  returned  instead,  see  above.   May  be
          returned  when talking to qpopper or other servers that
          can respond with "lock busy" or some similar text  con-
          taining the word "lock".

     10   The  fetchmail  run  failed  while trying to do an SMTP
          port open or transaction.

     11   Fatal DNS error.  Fetchmail encountered an error  while
          performing  a  DNS lookup at startup and could not pro-

     12   BSMTP batch file could not be opened.

     13   Poll terminated by a fetch limit (see the  --fetchlimit

     14   Server busy indication.

     23   Internal  error.   You should see a message on standard
          error with details.

     24 - 26, 28, 29
          These are internal codes and should not  appear  exter-

     When  fetchmail queries more than one host, return status is
     0 if any query successfully retrieved  mail.  Otherwise  the
     returned error status is that of the last host queried.

          default run control file

          default  location  of  file recording last message UIDs
          seen per host.

          lock file to help  prevent  concurrent  runs  (non-root

          your  FTP  run control file, which (if present) will be
          searched for passwords as a last resort before  prompt-
          ing for one interactively.

          lock  file  to help prevent concurrent runs (root mode,
          Linux systems).

fetchmail         Last change: fetchmail 6.3.22                54

fetchmail reference manual                           fetchmail(1)

          lock file to help prevent concurrent runs  (root  mode,
          systems without /var/run).

          If  this  environment  variable  is  set to a valid and
          existing directory name, fetchmail  will  read  $FETCH-
          MAILHOME/fetchmailrc (the dot is missing in this case),
          $FETCHMAILHOME/.fetchids   and   $FETCHMAILHOME/.fetch-
  rather  than  from the user's home directory.
          The .netrc file is always looked for in the the  invok-
          ing user's home directory regardless of FETCHMAILHOME's

          If this environment variable is set, it is used as  the
          name  of the calling user (default local name) for pur-
          poses such as mailing error notifications.   Otherwise,
          if either the LOGNAME or USER variable is correctly set
          (e.g. the corresponding UID matches  the  session  user
          ID)  then  that name is used as the default local name.
          Otherwise getpwuid(3) must be able to retrieve a  pass-
          word  entry for the session ID (this elaborate logic is
          designed to handle  the  case  of  multiple  names  per
          userid gracefully).

          (since  v6.3.22):  If  this environment variable is set
          and not empty, fetchmail will disable a  countermeasure
          against    an   SSL   CBC   IV   attack   (by   setting
          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).  This is  a  secu-
          rity  risk, but may be necessary for connecting to cer-
          tain non-standards-conforming servers.  See fetchmail's
          NEWS  file  and  fetchmail-SA-2012-01.txt  for details.
          Earlier fetchmail versions (v6.3.21 and older) used  to
          disable this countermeasure, but v6.3.22 no longer does
          that as a safety precaution.

          (since v6.3.17): If this environment  variable  is  set
          and  not  empty, fetchmail will always load the default
          X.509 trusted certificate locations for SSL/TLS CA cer-
          tificates,  even if --sslcertfile and --sslcertpath are
          given.  The latter locations take precedence  over  the
          system default locations.  This is useful in case there
          are broken certificates in the system  directories  and
          the  user has no administrator privileges to remedy the

fetchmail         Last change: fetchmail 6.3.22                55

fetchmail reference manual                           fetchmail(1)


          If the HOME_ETC variable is set,  fetchmail  will  read
          $HOME_ETC/.fetchmailrc instead of ~/.fetchmailrc.

          If  HOME_ETC  and  FETCHMAILHOME are both set, HOME_ETC
          will be ignored.

          (only if SOCKS support is compiled in) this variable is
          used  by the socks library to find out which configura-
          tion file it should read.  Set  this  to  /dev/null  to
          bypass the SOCKS proxy.

     If  a  fetchmail daemon is running as root, SIGUSR1 wakes it
     up from its sleep phase and forces a poll of all non-skipped
     servers.  For compatibility reasons, SIGHUP can also be used
     in 6.3.X but may not be available in future  fetchmail  ver-

     If  fetchmail  is  running  in  daemon mode as non-root, use
     SIGUSR1 to wake it (this is so  SIGHUP  due  to  logout  can
     retain the default action of killing it).

     Running fetchmail in foreground while a background fetchmail
     is running will do whichever of these is appropriate to wake
     it up.

     Please  check  the NEWS file that shipped with fetchmail for
     more known bugs than those listed here.

     Fetchmail cannot handle user names that contain blanks after
     a  "@"  character,  for instance "demonstr@ti on". These are
     rather uncommon and only hurt when  using  UID-based  --keep
     setups, so the 6.3.X versions of fetchmail won't be fixed.

     Fetchmail cannot handle configurations where you have multi-
     ple accounts that use the same  server  name  and  the  same
     login. Any user@server combination must be unique.

     The  assumptions  that  the DNS and in particular the check-
     alias options make are not often sustainable. For  instance,
     it has become uncommon for an MX server to be a POP3 or IMAP
     server at the same time. Therefore the  MX  lookups  may  go
     away in a future release.

fetchmail         Last change: fetchmail 6.3.22                56

fetchmail reference manual                           fetchmail(1)

     The mda and plugin options interact badly.  In order to col-
     lect error status from the MDA, fetchmail has to change  its
     normal  signal  handling so that dead plugin processes don't
     get reaped until the end of the poll cycle.  This can  cause
     resource  starvation  if  too  many  zombies accumulate.  So
     either don't deliver to a MDA using plugins  or  risk  being
     overrun by an army of undead.

     The  --interface  option  does  not  support  IPv6 and it is
     doubtful if it ever will, since there is no portable way  to
     query interface IPv6 addresses.

     The  RFC822  address parser used in multidrop mode chokes on
     some @-addresses that are  technically  legal  but  bizarre.
     Strange  uses of quoting and embedded comments are likely to
     confuse it.

     In a message with multiple envelope headers, only  the  last
     one processed will be visible to fetchmail.

     Use  of  some  of  these protocols requires that the program
     send unencrypted passwords over the TCP/IP connection to the
     mailserver.   This  creates  a risk that name/password pairs
     might be snaffled with a packet sniffer  or  more  sophisti-
     cated  monitoring  software.   Under  Linux and FreeBSD, the
     --interface option can be used to restrict polling to avail-
     ability of a specific interface device with a specific local
     or remote IP address, but snooping is still possible if  (a)
     either  host  has  a  network  device  that can be opened in
     promiscuous mode, or (b) the intervening network link can be
     tapped.   We  recommend  the use of ssh(1) tunnelling to not
     only shroud your passwords but encrypt the entire  conversa-

     Use  of  the  %F or %T escapes in an mda option could open a
     security hole, because they  pass  text  manipulable  by  an
     attacker to a shell command.  Potential shell characters are
     replaced by '_'  before  execution.   The  hole  is  further
     reduced  by the fact that fetchmail temporarily discards any
     suid privileges it may have while running the MDA.  For max-
     imum safety, however, don't use an mda command containing %F
     or %T when fetchmail is run from the root account itself.

     Fetchmail's method of sending bounces due to errors or spam-
     blocking and spam bounces requires that port 25 of localhost
     be available for sending mail via SMTP.

     If you modify ~/.fetchmailrc while a background instance  is
     running  and  break the syntax, the background instance will
     die silently.  Unfortunately, it can't die  noisily  because
     we don't yet know whether syslog should be enabled.  On some
     systems, fetchmail dies quietly even if there is  no  syntax

fetchmail         Last change: fetchmail 6.3.22                57

fetchmail reference manual                           fetchmail(1)

     error;  this seems to have something to do with buggy termi-
     nal ioctl code in the kernel.

     The -f - option (reading  a  configuration  from  stdin)  is
     incompatible with the plugin option.

     The 'principal' option only handles Kerberos IV, not V.

     Interactively entered passwords are truncated after 63 char-
     acters. If you really need to use  a  longer  password,  you
     will have to use a configuration file.

     A  backslash  as  the last character of a configuration file
     will be flagged as a syntax error rather than ignored.

     The BSMTP error handling is virtually  nonexistent  and  may
     leave broken messages behind.

     Send comments, bug reports, gripes, and the like to the

     An  is  available at the fetchmail home page, it should also
     accompany your installation.

     Fetchmail is currently maintained by Matthias Andree and Rob
     Funk  with major assistance from Sunil Shetye (for code) and
     Rob MacGregor (for the mailing lists).

     Most of the code is from .  Too many other  people  to  name
     here have contributed code and patches.

     This  program is descended from and replaces popclient, by ;
     the internals have become quite different, but some  of  its
     interface  design  is  directly  traceable to that ancestral

     This manual page  has  been  improved  by  Matthias  Andree,
     R. Hannes Beinert, and H['e]ctor Garc['i]a.

     See   attributes(5)   for   descriptions  of  the  following

fetchmail         Last change: fetchmail 6.3.22                58

fetchmail reference manual                           fetchmail(1)

     |Availability   | mail/fetchmail   |
     |Stability      | Committed        |
     README,  README.SSL,  README.SSL-SERVER,  mutt(1),   elm(1),
     mail(1), sendmail(8), popd(8), imapd(8), netrc(5).

     Note  that  this list is just a collection of references and
     not a statement as to the  actual  protocol  conformance  or
     requirements in fetchmail.

          RFC  821,  RFC  2821, RFC 1869, RFC 1652, RFC 1870, RFC
          1983, RFC 1985, RFC 2554.

          RFC 822, RFC 2822, RFC 1123, RFC 1892, RFC 1894.

          RFC 937

          RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC  1734,  RFC
          1939, RFC 1957, RFC 2195, RFC 2449.

          RFC 1939.

          RFC 1081, RFC 1225.

          RFC 1176, RFC 1732.

          RFC  1730,  RFC 1731, RFC 1732, RFC 2060, RFC 2061, RFC
          2195, RFC 2177, RFC 2683.

          RFC 1985.

          RFC 2645.

     OTP: RFC 1938.

fetchmail         Last change: fetchmail 6.3.22                59

fetchmail reference manual                           fetchmail(1)

          RFC 2033.

          RFC 1508, RFC 1734,

     TLS: RFC 2595.

     This  software  was   built   from   source   available   at    The  original
     community   source   was   downloaded   from    http://down-

     Further  information about this software can be found on the
     open   source    community    website    at    http://fetch-

fetchmail         Last change: fetchmail 6.3.22                60