https://wiki.archlinux.org/api.php?action=feedcontributions&user=Sdaoden&feedformat=atomArchWiki - User contributions [en]2024-03-29T09:34:11ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=S-nail&diff=485948S-nail2017-08-19T12:55:27Z<p>Sdaoden: oh, sorry, no bug: adjacent single quotes! And some typo fixes</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}} is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
{{ic|mail}} is MIME capable and supports line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers.<br />
<br />
Since v14.9.0 and above the syntax of the software slowly drifts towards being shell compatible, now {{ic|define}}d macros can take arguments, can return values etc., an error status is available in {{ic|!}}...<br />
Compose-mode hooks have been introduced, so creation of custom headers is now easy -- we see examples of that below.<br />
<br />
== Setting up a working environment ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}} debug option results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, ''On sending mail, and non-interactive mode''):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status reflects that of the started (builtin or not) MTA.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables, as in<br />
<br />
# TOYOU="-Sexpandaddr /etc/password"; echo 'Dance Track' | mail -d -s Ubject $TOYOU<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the usual {{ic|-d}} debug dry-run, of course.<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Sttycharset=utf8 \<br />
# -Ssendwait -Snosave \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -a somefile.txt \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
<br />
The ''no''{{ic|save}} option disables writing dead letters to {{ic|DEAD}} in case of errors.<br />
The manual sections ''A starter'', ''On sending mail, and non-interactive mode'' and ''On reading mail, and interactive mode'' could be worth a glance already today.<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
<br />
All shown examples are upward compatible.<br />
To ensure {{ic|mail}} acts accordingly too, this variable must be set.<br />
<br />
set v15-compat<br />
<br />
Wait for the MTA exit status when sending messages, to be able to recognize its errors.<br />
<br />
set sendwait<br />
<br />
The default directory for saving mails.<br />
Unless an absolute path is set this is interpreted relative to {{ic|HOME}}.<br />
User-specified filenames which start with a ''+'' plus-sign refer to paths below this variable.<br />
<br />
set folder=mail<br />
<br />
More paths of interest:<br />
{{ic|inbox}} is the user's system mailbox (else {{ic|MAIL}} or a system-specific storage, {{ic|/var/mail/LOGNAME}} in ArchLinux, are used for this purpose).<br />
{{ic|record}} is used to save copies of sent messages.<br />
{{ic|DEAD}} is a standardized variable used to describe a target to dump unsent messages on error, if the {{ic|save}} option is set; unfortunately this is not a straight defined content, i.e., it is ''not'' a postponing option; a later version of {{ic|mail}} may change this.<br />
{{ic|MBOX}} is the user's secondary mailbox, a standardized target for storage of already read etc. messages (of the system mailbox).<br />
<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
Compressed or otherwise "wrapped" storage can also be used:<br />
<br />
filetype xz 'xz -dc' 'xz -zc'<br />
set record=+sent.mbox.xz<br />
<br />
For security reasons {{ic|mail}} will actively set a restrictive user-only file mode creation mask ({{ic|umask(1)}}), but here we exemplarily inherit the one set in the shell that started {{ic|mail}}:<br />
<br />
set umask=<br />
<br />
Looking at something more ''e-mailish'', let us specify the author of messages sent out.<br />
If sending over a local MTA this may be unnecessary, on the other hand specific use cases can be more complicated than that, the manual entries for the {{ic|-r}} command line option as well as for the {{ic|from}} variable go into more detail.<br />
<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
{{ic|mail}} needs to know which character sets may be used when sending messages.<br />
It deduces the character set of text from the {{ic|locale(1)}} environment, from the internal variable {{ic|ttycharset}}, to be exact.<br />
It is possible to "bend" reality with this variable, as it allows to specify just any input character set environment, as long as that exists;<br />
For example, above this has been used to send Unicode/UTF-8 data in a clean and detached script environment (or ''could'', as the example used english text).<br />
The input text, supposed to represent {{ic|ttycharset}} character data, can optionally be converted to any specified character data.<br />
<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
This says that first of all {{ic|mail}} shall try to send data in the UTF-8 character set, but if that fails, it shall try to do so in LATIN-1.<br />
What happens is that the text is converted via {{ic|iconv(1)}} as necessary.<br />
It is also possible to specify<br />
<br />
#set sendcharsets-else-ttycharset<br />
<br />
This would use {{ic|sendcharsets}} if this variable is set, but otherwise uses {{ic|ttycharset}}.<br />
More details on this in the manual, section ''Character sets''.<br />
<br />
When replying to or forwarding a message the comment and name parts of email addresses are removed unless this variable is set.<br />
<br />
set fullnames<br />
<br />
When replying, do not merge {{ic|From:}} and {{ic|To:}} of the original message into the new {{ic|To:}} header.<br />
Instead use the old {{ic|From:}} as the new {{ic|To:}}, and merge the old {{ic|To:}} with addressees found in {{ic|Cc:}}.<br />
This also works with {{ic|Reply-To:}} and {{ic|Mail-Followup-To:}} ''honouring'', as below<br />
<br />
set recipients-in-cc<br />
<br />
When composing a message, start directly into {{ic|EDITOR}}:<br />
<br />
set editalong<br />
<br />
There is the (''usual'' in practice) special support for mailing-lists.<br />
Mailing-lists can be made only ''known'', or they can be ''subscribed'' to.<br />
Subscribing to a list makes {{ic|mail}} think that a message posted to the list can be read by the person reading this Wiki anyway, because she or he will get her or his regular copy via the list, for example.<br />
<br />
mlist one@alpha.lists.example '^.*@lists\.example$'<br />
mlsubscribe three@lists.example<br />
<br />
Politeness dictates that {{ic|Reply-To:}} and/or {{ic|Mail-Followup-To:}} headers are honoured.<br />
And for mailing-list contexts they shall be generated.<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
When messages are send any attachments need to be MIME classified, so that a correct Multipurpose Internet Mail Extensions media type can be specified.<br />
As a part of this step so-called {{ic|mime.types(5)}} files are read, which are often bloated and contain useless entries (without file extension).<br />
The variable {{ic|mimetypes-load-control}} can be used to specify which files shall be read.<br />
But since {{ic|mail}} contains a set of builtin media types, not loading any file is often applicable; is this a sufficient list:<br />
<br />
# mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so here there is T(ransport) L(ayer) S(ecurity) configuration.<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
On ArchLinux the core system provides an extensive set of certificates which are subject to the usual update mechanisms.<br />
Use those, and exclusively, do not load the OpenSSL shipped certificate list; be specific and use the TLS certificate set (see {{ic|update-ca-trust(8)}}).<br />
<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
When creating a secured connection, require strict security checks.<br />
<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, ''URL''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more specific specifications of, e.g., {{ic|password}} variables:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='oildrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to feed user credentials into it, ''variable chains'' are one of them and often the easiest solution.<br />
The manual section ''On URL syntax and credential lookup'' makes known the others.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{{Tip|Do not forget that {{ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc e SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers {{ic|STLS}},<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
But if a server fails this, only this very server should be relaxed.<br />
Again variable chains offer a quick solution to this problem.<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a ''Lion'' which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program {{ic|ciphers(1)}} can be used and should be referred to when creating a custom cipher list.<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
With {{ic|password}} already defined as above it can be as easy as<br />
<br />
set user=lada mta=smtp://bakery.exam.ple smtp-use-starttls<br />
<br />
or<br />
<br />
set mta=smtp://lada@bakery.exam.ple smtp-use-starttls<br />
<br />
or, also, with user and password in the URL:<br />
<br />
set mta=smtp://lada:bred%20and%20butter@bakery.exam.ple smtp-use-starttls<br />
<br />
More obfuscation:<br />
<br />
# mail -:/ -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? set my_user=lada my_pass=bred%20and%20butter<br />
? wysh set mta=smtp://${my_user}:${my_pass}@bakery.exam.ple smtp-use-starttls<br />
? echo $mta;xit<br />
smtp://lada:bred%20and%20butter@bakery.exam.ple<br />
<br />
The {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
This works as such, immediately:<br />
<br />
# echo Hesse |<br />
LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait \<br />
-Smta=smtp://lada:bred%20and%20butter@bakery.exam.ple -Ssmtp-use-starttls \<br />
-s test -. hey@you<br />
<br />
Often the {{ic|smtp-auth}} variable needs to be set in addition.<br />
And it may be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} (if set) use different hostnames, there is an example managing this problem below.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated from the command line via {{ic|mailx -A name}}, or by calling {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider, to be stored in the personal {{ic|$HOME/.mailrc}}:<br />
<br />
account XooglX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=gmail.com \<br />
mta=smtps://smtp.gmail.com:465 \<br />
pop3-no-apop<br />
shortcut myimap imaps://imap.gmail.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.gmail.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
This should be ready for a command sequence like the following<br />
<br />
# echo test1-body.| mail -A XooglX -s test1-subject my-XooglX-address<br />
# mail -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? account XooglX<br />
? set debug<br />
? mail my-XooglX-address<br />
Subject: test2-subject<br />
test2-body.<br />
~.<br />
? goimap<br />
...<br />
? xit<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large free mail provider which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned above:<br />
<br />
account XandeX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
Storing passwords in {{ic|$HOME/.mailrc}} is usually not a good idea, but if it is done that way appropriate user-only permissions via {{ic|chmod 0600 $HOME/.mailrc}} are desirable.<br />
{{ic|mail}} supports loading of files via pipes (e.g., {{ic|source "date|"}}), so user credentials may be loaded from encrypted files like that.<br />
It also supports the traditional login information ''.netrc'' files, and as an extension supports loading them via pipes so that encrypted ''.netrc'' files can be used.<br />
So then let us modify the account to perform ''.netrc'' lookups,<br />
<br />
account XandeX {<br />
set netrc-lookup netrc-pipe='gpg -qd ~/.netrc.gpg' \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
place the user and password in {{ic|$HOME/.netrc}},<br />
<br />
machine *.yandex.com login '''USER''' password '''PASS'''<br />
<br />
and encrypt this storage to the wanted {{ic|~/.netrc.gpg}}:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
This example is now functional because there is no ambiguity, only one user for {{ic|*.yandex.com}} will be found;<br />
An explicit {{ic|1=set user=...}} in an {{ic|account}} definition will remove ambiguities from other cases.<br />
It is also possible to specify only the password in {{ic|.netrc}}, reading the manual section ''On URL syntax and credential lookup'' should show the complete picture.<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject ex@am.ple<br />
<br />
In {{ic|mail}} the implicit {{ic|account}} ''null'' exists.<br />
This may be interesting for testing purposes, to ensure that no variable settings established in an account exist once the account has been left.<br />
<br />
# mail -X'account XooglX;varshow mta;\acc null;echo $mta;xit' <br />
set mta=smtps://smtp.gmail.com:465<br />
/usr/sbin/sendmail<br />
<br />
Option localization (as via the {{ic|localopts}} command) is implicitly enabled in all {{ic|account}}s.<br />
<br />
It is very common or even necessary to inject some text in newly generated messages, for example signatures or a fortune cookies.<br />
With {{ic|mail}} this can be realized in a(n increasing) number of ways.<br />
For example, if there is only some text to inject at the head or bottom of a message, setting some variables seems to be the easiest solution.<br />
<br />
wysh set message-inject-head=$'And love.\nLove will tear us apart.\n'<br />
set message-inject-tail='--Bye.'<br />
<br />
Again, the {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
<br />
Entire files are best included by using {{ic|on-compose-splice}} hooks (later versions will add more options).<br />
These hooks can do anything a user could do interactively.<br />
The shell hook is done quickly:<br />
<br />
set on-compose-splice-shell="read splice_protocol_version; cat ~/.mysig"<br />
<br />
Even better is possibly using normal compose mode commands to accomplish the same.<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~< ~/.mysig\' '<br />
<br />
or<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~<! fortune\' '<br />
<br />
or the maybe strange<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v;\<br />
i=`cat ~/.mysig`;\<br />
echo \'~:set message-inject-tail=\'\"${i}\"\<br />
'<br />
<br />
Most of this does not really need the shell, normal {{ic|mail}} macros can also be used.<br />
<br />
define h_ocs {<br />
read s_p_v;echo '~<! cat ~/.mysig'<br />
}<br />
set on-compose-splice=h_ocs<br />
<br />
There are exactly two options to automatically create custom headers.<br />
One is the variable {{ic|customhdr}}.<br />
<br />
wysh set customhdr='OpenPGP: id=MYID; url=https://MYURL'<br />
<br />
Multiple headers can be separated with commas, commas in header bodies need to be escaped by a reverse solidus:<br />
<br />
wysh set customhdr='Head-1: A\, B and C , Head-2: D\,e and F'<br />
<br />
The other option is again {{ic|on-compose-splice}}.<br />
In conjunction with the command escape {{ic|~^}} that has been especially designed for automated use cases via the splice hooks, message headers and attachments can be controlled completely.<br />
This includes creation of custom headers.<br />
For example, here is a complicated version which uses the reverse solidus command modifier to avoid {{ic|commandalias}} expansion (what you see is what you get) and creates an OpenPGP header unless the message already contains one (it thus has been explicitly added before by the interactive user).<br />
With error checking.<br />
<br />
\set on-compose-splice=h_ocs<br />
\define h_ocs {<br />
\read splice_protocol_version<br />
# Read current list of header<br />
\echo '~^header list'<br />
\read hl<br />
# Create a one-byte substring of $hl, and store it in variable "es"<br />
\vput vexpr es substr "$hl" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'ocs: cannot list headers'; \echo '~x'; \xit<br />
\end<br />
# Is there already an OpenPGP header? Case-insensitively!<br />
\if [ "${hl}" @i!% ' openpgp' ]<br />
\echo '~^header insert OpenPGP id=MYID; url=https://MYURL'<br />
\read es<br />
\vput vexpr es substr "$es" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'Cannot insert OpenPGP: header'<br />
\echo '~x'<br />
# (no xit, macro finishs anyway)<br />
\end<br />
\end<br />
}<br />
<br />
Interactive usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
There are two bits of need to configure it before this is a bit of fun. <br />
First of all it has to start up even if the initially opened mailbox is empty.<br />
<br />
set emptystart<br />
<br />
Looking at messages in the {{ic|PAGER}}, so that they do not scroll by.<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
Again, the {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
More entries for the history, that shall persist in between sessions.<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
While here, configure which headers shall be contained when {{ic|forward}}ing messages,<br />
<br />
headerpick forward retain subject date from to cc<br />
<br />
and which shall be ignored when saving messages.<br />
<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
It could display HTML parts inline, nicer than what the builtin viewer can achieve, that is to say.<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
Context-dependent key bindings can be established.<br />
<br />
\bind base a,b,c echo key bindings in mail!<br />
<br />
Successively typing the three characters a, b and c will now echo something.<br />
<br />
\bind base $'\e',d mle-snarf-word-fwd<br />
\bind base $'\e',$'\c?' mle-snarf-word-bwd<br />
\bind base $'\e',f mle-go-word-fwd<br />
\bind base $'\e',b mle-go-word-bwd<br />
<br />
Colours can be used, for example for the {{ic|prompt}}.<br />
<br />
\colour 256 mle-prompt fg=red<br />
\colour iso mle-prompt fg=red<br />
\colour mono mle-prompt ft=bold<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section ''Specifying messages''.<br />
E.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}), and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux'}} will print the header summary of all messages that contain the string ''arch linux'' in some message header, whereas {{ic|f '@arch linux'}} will only match those with ''arch linux'' in their subject.<br />
Quoting is necessary when there is whitespace in search expressions.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
Composition is started by typing {{ic|mail user@host}} or by {{ic|reply}}ing to a message.<br />
If {{ic|editalong}} is set you then enter the {{ic|EDITOR}} of choice.<br />
Otherwise, or after you have left the {{ic|EDITOR}}, you will find yourself in the native editor, where many operations can be performed using command escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (shell-token and optionally comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
<br />
Assuming there is the private S/MIME key and signed certificate available already, using S/MIME is very simple.<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
# chmod 0400 ~/pair.pem<br />
<br />
The following goes to {{ic|$HOME/.mailrc}}.<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
Note S/MIME always works relative to the setting of the variable {{ic|from}}.<br />
For signing and decryption purposes it is possible to use password-protected keys, and the pseudo-host(s) ''USER@HOST.smime-cert-key'' for the private key (and ''USER@HOST.smime-cert-cert'' for the certificate stored in the same file) will be used for performing any necessary password lookup, therefore the lookup can be automatized via the mechanisms described in ''On URL syntax and credential lookup''.<br />
<br />
The {{ic|verify}} command verifies S/MIME messages, but S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
<br />
The manual contains a more complete overview in ''Signed and encrypted messages with S/MIME'' as well as a more telling step-by-step example in ''S/MIME step by step''.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail does not yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=Talk:S-nail&diff=485946Talk:S-nail2017-08-19T12:06:14Z<p>Sdaoden: /* Article cleanup */ All done now.</p>
<hr />
<div>== Article cleanup ==<br />
<br />
Current thoughts:<br />
<br />
* <s>Although the current headers are creative, they need to be descriptive of what each section contains. See [[Help:Effective use of headers]].</s><br />
* <s>All inline code should use [[Template:ic]], especially in the [[S-nail#I'm in!]] section. See [[Help:Style#Code formatting]].</s><br />
* There are several configuration files and scripts within the article that could possibly be linked from elsewhere. The biggest use case, mail forwarding from a server, isn't easy for newcommers to see.<br />
* <s>It's difficult and unnecessary to include a changelog of the software in the introduction. I think this should be removed.</s><br />
* <s>Personal comments should be removed (''e.g.'', "well, a complaint of the ArchWiki maintainer about the content of this page, ugh;").</s><br />
<br />
[[User:Rdeckard|Rdeckard]] ([[User talk:Rdeckard|talk]]) 12:25, 19 March 2016 (UTC)<br />
<br />
: Updated [[User:Rdeckard|Rdeckard]] ([[User talk:Rdeckard|talk]]) 12:11, 20 March 2016 (UTC)<br />
<br />
: I'm working on an updated version here: [[User:Carpetsmoker/S-nail]]. [[User:Carpetsmoker|Carpetsmoker]] ([[User talk:Carpetsmoker|talk]]) 16:26, 29 July 2017 (UTC)<br />
<br />
I think this should be worked now. Thank you.</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=485945S-nail2017-08-19T12:00:52Z<p>Sdaoden: Fixes Wiki bugs in examples (that is something an admin could take care about, if doing no real contributions himself anyway)</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}} is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
{{ic|mail}} is MIME capable and supports line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers.<br />
<br />
Since v14.9.0 and above the syntax of the software slowly drifts towards being shell compatible, now {{ic|define}}d macros can take arguments, can return values etc., an error status is available in {{ic|!}}...<br />
Compose-mode hooks have been introduced, so creation of custom headers is now easy.<br />
<br />
== Setting up a working environment ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}} debug option results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, ''On sending mail, and non-interactive mode''):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status reflects that of the started (builtin or not) MTA.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables, as in<br />
<br />
# TOYOU="-Sexpandaddr /etc/password"; echo 'Dance Track' | mail -d -s Ubject $TOYOU<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the usual {{ic|-d}} debug dry-run, of course.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we can take a look at the generated message thereafter:<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mail -Rf /tmp/out.mbox<br />
<br />
The manual sections ''A starter'', ''On sending mail, and non-interactive mode'' and ''On reading mail, and interactive mode'' could be worth a glance already today.<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
<br />
All shown examples are upward compatible.<br />
To ensure {{ic|mail}} acts accordingly too, this variable must be set.<br />
<br />
set v15-compat<br />
<br />
Wait for the MTA exit status when sending messages, to be able to recognize its errors.<br />
<br />
set sendwait<br />
<br />
The default directory for saving mails.<br />
Unless an absolute path is set this is interpreted relative to {{ic|HOME}}.<br />
User-specified filesnames which start with a ''+'' plus-sign refer to paths below this variable.<br />
<br />
set folder=mail<br />
<br />
More paths of interest:<br />
{{ic|inbox}} is the user's system mailbox (else {{ic|MAIL}} or a system-specific storage, {{ic|/var/mail/$LOGNAME}} in ArchLinux, are used for this purpose).<br />
{{ic|record}} is used to save copies of sent messages, {{ic|DEAD}} is error storage.<br />
{{ic|MBOX}} is the user's secondary mailbox, a standardized target for storage of already read etc. messages (of the system mailbox).<br />
<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
Compressed or otherwise "wrapped" storage can also be used:<br />
<br />
filetype xz 'xz -dc' 'xz -zc'<br />
set record=+sent.mbox.xz<br />
<br />
For security reasons {{ic|mail}} will actively set a restrictive user-only file mode creation mask ({{ic|umask(1)}}), but here we exemplarily inherit the one set in the shell that started {{ic|mail}}:<br />
<br />
set umask=<br />
<br />
Looking at something more ''e-mailish'', let us specify the author of messages sent out.<br />
If sending over a local MTA this may be unnecessary, on the other hand specific use cases can be more complicated than that, the manual entries for the {{ic|-r}} command line option as well as for the {{ic|from}} variable go into more detail.<br />
<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
{{ic|mail}} needs to know which character sets may be used when sending messages.<br />
It deduces the character set of text from the {{ic|locale(1)}} environment, from the internal variable {{ic|ttycharset}}, to be exact.<br />
It is possible to "bend" reality with this variable, as it allows to specify just any input character set environment, as long as that exists;<br />
For example, above this has been used to send Unicode/UTF-8 data in a clean and detached script environment (or ''could'', as the example used english text).<br />
The input text, supposed to represent {{ic|ttycharset}} character data, can optionally be converted to any specified character data.<br />
<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
This says that first of all {{ic|mail}} shall try to send data in the UTF-8 character set, but if that fails, it shall try to do so in LATIN-1.<br />
What happens is that the text is converted via {{ic|iconv(1)}} as necessary.<br />
It is also possible to specify<br />
<br />
#set sendcharsets-else-ttycharset<br />
<br />
This would use {{ic|sendcharsets}} if this variable is set, but otherwise uses {{ic|ttycharset}}.<br />
More details on this in the manual, section ''Character sets''.<br />
<br />
When replying to or forwarding a message the comment and name parts of email addresses are removed unless this variable is set.<br />
<br />
set fullnames<br />
<br />
When replying, do not merge {{ic|From:}} and {{ic|To:}} of the original message into the new {{ic|To:}} header.<br />
Instead use the old {{ic|From:}} as the new {{ic|To:}}, and merge the old {{ic|To:}} with addressees found in {{ic|Cc:}}.<br />
This also works with {{ic|Reply-To:}} and {{ic|Mail-Followup-To:}} ''honouring'', as below<br />
<br />
set recipients-in-cc<br />
<br />
When composing a message, start directly into {{ic|EDITOR}}:<br />
<br />
set editalong<br />
<br />
There is the (''usual'' in practice) special support for mailing-lists.<br />
Mailing-lists can be made only ''known'', or they can be ''subscribed'' to.<br />
Subscribing to a list makes {{ic|mail}} think that a message posted to the list can be read by the person reading this Wiki anyway, because she or he will get her or his regular copy via the list, for example.<br />
<br />
mlist one@alpha.lists.example '^.*@lists\.example$'<br />
mlsubscribe three@lists.example<br />
<br />
Politeness dictates that {{ic|Reply-To:}} and/or {{ic|Mail-Followup-To:}} headers are honoured.<br />
And for mailing-list contexts they shall be generated.<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
When messages are send any attachments need to be MIME classified, so that a correct Multipurpose Internet Mail Extensions media type can be specified.<br />
As a part of this step so-called {{ic|mime.types(5)}} files are read, which are often bloated and contain useless entries (without file extension).<br />
The variable {{ic|mimetypes-load-control}} can be used to specify which files shall be read.<br />
But since {{ic|mail}} contains a set of builtin media types, not loading any file is often applicable; is this a sufficient list:<br />
<br />
# mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so here there is T(ransport) L(ayer) S(ecurity) configuration.<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
On ArchLinux the core system provides an extensive set of certificates which are subject to the usual update mechanisms.<br />
Use those, and exclusively, do not load the OpenSSL shipped certificate list; be specific and use the TLS certificate set (see {{ic|update-ca-trust(8)}}).<br />
<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
When creating a secured connection, require strict security checks.<br />
<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, ''URL''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more specific specifications of, e.g., {{ic|password}} variables:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='oildrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to feed user credentials into it, ''variable chains'' are one of them and often the easiest solution.<br />
The manual section ''On URL syntax and credential lookup'' makes known the others.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{{Tip|Do not forget that {{ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc e SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers {{ic|STLS}},<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
But if a server fails this, only this very server should be relaxed.<br />
Again variable chains offer a quick solution to this problem.<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a ''Lion'' which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program {{ic|ciphers(1)}} can be used and should be referred to when creating a custom cipher list.<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
With {{ic|password}} already defined as above it can be as easy as<br />
<br />
set user=lada mta=smtp://bakery.exam.ple smtp-use-starttls<br />
<br />
or<br />
<br />
set mta=smtp://lada@bakery.exam.ple smtp-use-starttls<br />
<br />
or, also, with user and password in the URL:<br />
<br />
set mta=smtp://lada:bred%20and%20butter@bakery.exam.ple smtp-use-starttls<br />
<br />
More obfuscation:<br />
<br />
# mail -:/ -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? set my_user=lada my_pass=bred%20and%20butter<br />
? wysh set mta=smtp://${my_user}:${my_pass}@bakery.exam.ple smtp-use-starttls<br />
? echo $mta;xit<br />
smtp://lada:bred%20and%20butter@bakery.exam.ple<br />
<br />
The {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
This works as such, immediately:<br />
<br />
# echo Hesse |<br />
LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait \<br />
-Smta=smtp://lada:bred%20and%20butter@bakery.exam.ple -Ssmtp-use-starttls \<br />
-s test -. hey@you<br />
<br />
Often the {{ic|smtp-auth}} variable needs to be set in addition.<br />
And it may be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} (if set) use different hostnames, there is an example managing this problem below.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated from the command line via {{ic|mailx -A name}}, or by calling {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider, to be stored in the personal {{ic|$HOME/.mailrc}}:<br />
<br />
account XooglX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=gmail.com \<br />
mta=smtps://smtp.gmail.com:465 \<br />
pop3-no-apop<br />
shortcut myimap imaps://imap.gmail.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.gmail.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
This should be ready for a command sequence like the following<br />
<br />
# echo test1-body.| mail -A XooglX -s test1-subject my-XooglX-address<br />
# mail -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? account XooglX<br />
? set debug<br />
? mail my-XooglX-address<br />
Subject: test2-subject<br />
test2-body.<br />
~.<br />
? goimap<br />
...<br />
? xit<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large free mail provider which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned above:<br />
<br />
account XandeX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
Storing passwords in {{ic|$HOME/.mailrc}} is usually not a good idea, but if it is done that way appropriate user-only permissions via {{ic|chmod 0600 $HOME/.mailrc}} are desirable.<br />
{{ic|mail}} supports loading of files via pipes, so user credentials may be loaded from encrypted files like that.<br />
It also supports the traditional login information ''.netrc'' files, and as an extension supports loading them via pipes, i.e., encrypted ''.netrc'' files can be used.<br />
So then let us modify the account to perform ''.netrc'' lookups,<br />
<br />
account XandeX {<br />
set netrc-lookup netrc-pipe='gpg -qd ~/.netrc.gpg' \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
place the user and password in {{ic|$HOME/.netrc}},<br />
<br />
machine *.yandex.com login '''USER''' password '''PASS'''<br />
<br />
and encrypt this storage to the wanted {{ic|~/.netrc.gpg}}:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
This example is now functional because there is no ambiguity, only one user for {{ic|*.yandex.com}} will be found;<br />
An explicit {{ic|1=set user=...}} in an {{ic|account}} definition will remove ambiguities from other cases.<br />
It is also possible to specify only the password in {{ic|.netrc}}, reading the manual section ''On URL syntax and credential lookup'' should show the complete picture.<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
In {{ic|mail}} the implicit {{ic|account}} ''null'' exists.<br />
This may be interesting for testing purposes, to ensure that no variable settings established in an account exist once the account has been left.<br />
<br />
# mail -X'account XooglX;varshow mta;\acc null;echo $mta;xit' <br />
set mta=smtps://smtp.gmail.com:465<br />
/usr/sbin/sendmail<br />
<br />
Option localization (as via the {{ic|localopts}} command) is implicitly enabled in all {{ic|account}}s.<br />
<br />
It is very common or even necessary to inject some text in newly generated messages, for example signatures or a fortune cookies.<br />
With {{ic|mail}} this can be realized in a(n increasing) number of ways.<br />
For example, if there is only some text to inject at the head or bottom of a message, setting some variables seems to be the easiest solution.<br />
<br />
wysh set message-inject-head=$'And love.\nLove will tear us apart.\n'<br />
set message-inject-tail='--Bye.'<br />
<br />
Again, the {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
<br />
Entire files are best included by using {{ic|on-compose-splice}} hooks (later versions will add more options).<br />
These hooks can do anything a user could do interactively.<br />
The shell hook is done quickly:<br />
<br />
set on-compose-splice-shell="read splice_protocol_version; cat ~/.mysig"<br />
<br />
Even better is possibly using normal compose mode commands to accomplish the same.<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~< ~/.mysig \' '<br />
<br />
or<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~<! fortune \' '<br />
<br />
or the maybe strange<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v;\<br />
i=`cat ~/.mysig`;\<br />
echo \'~:set message-inject-tail=\'\"${i}\"\<br />
'<br />
<br />
All this does not really need the shell.<br />
(Or at least most as of the time of this writing.)<br />
<br />
define h_ocs {<br />
read s_p_v;echo '~<! cat ~/.mysig'<br />
}<br />
set on-compose-splice=h_ocs<br />
<br />
There are exactly two options to automatically create custom headers.<br />
One is the variable {{ic|customhdr}}.<br />
<br />
set customhdr='OpenPGP: id=MYID; url=https://MYURL'<br />
<br />
Multiple headers can be separated with commas, commas in header bodies need to be escaped by a reverse solidus:<br />
<br />
set customhdr='Head-1: A\, B and C , Head-2: D\,e and F'<br />
<br />
The other option is again a {{ic|on-compose-splice}} hook.<br />
In conjunction with the command escape {{ic|~^}} that has been especially designed for automated use cases via the splice hooks, message headers and attachments can be controlled completely.<br />
This includes creation of custom headers.<br />
For example, here is a complicated version which uses the reverse solidus command modifier to avoid {{ic|commandalias}} expansion (what you see is what you get) and creates a OpenPGP header unless the message already contains one (it has been explicitly added before).<br />
With error checking.<br />
<br />
\set on-compose-splice=h_ocs<br />
\define h_ocs {<br />
\read splice_protocol_version<br />
# Read current list of header<br />
\echo '~^header list'<br />
\read hl<br />
# Create a one-byte substring of $hl, and store it in variable "es"<br />
\vput vexpr es substr "$hl" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'ocs: cannot list headers'; \echo '~x'; \xit<br />
\end<br />
# Is there already an OpenPGP header? Case-insensitively!<br />
\if [ "${hl}" @i!% ' openpgp' ]<br />
\echo '~^header insert OpenPGP id=MYID; url=https://MYURL'<br />
\read es<br />
\vput vexpr es substr "$es" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'Cannot insert OpenPGP: header'<br />
\echo '~x'<br />
# (no xit, macro finishs anyway)<br />
\end<br />
\end<br />
}<br />
<br />
Interactive usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
There are two bits of need to configure it before this is a bit of fun. <br />
First of all it has to start up even if the initially opened mailbox is empty.<br />
<br />
set emptystart<br />
<br />
Looking at messages in the {{ic|PAGER}}, so that they do not scroll by.<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
Again, the {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
More entries for the history, that shall persist in between sessions.<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
These are standardized commands, {{ic|headerpick}} is a generalization worth looking at.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
While here, configure which headers shall be contained when {{ic|forward}}ing messages,<br />
<br />
headerpick forward retain subject date from to cc<br />
<br />
and which shall be ignored when saving messages.<br />
<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
It could display HTML parts inline, nicer than what the builtin viewer can achieve, that is to say.<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
Context-dependent key bindings can be established.<br />
<br />
\bind base a,b,c echo key bindings in mail!<br />
<br />
Successively typing the three characters a, b and c will now echo something.<br />
<br />
\bind base $'\e',d mle-snarf-word-fwd<br />
\bind base $'\e',$'\c?' mle-snarf-word-bwd<br />
\bind base $'\e',f mle-go-word-fwd<br />
\bind base $'\e',b mle-go-word-bwd<br />
<br />
Colours can be used, for example for the {{ic|prompt}}.<br />
<br />
\colour 256 mle-prompt fg=red<br />
\colour iso mle-prompt fg=red<br />
\colour mono mle-prompt ft=bold<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section ''Specifying messages''.<br />
E.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}), and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux'}} will print the header summary of all messages that contain the string ''arch linux'' in some message header, whereas {{ic|f '@arch linux'}} will only match those with ''arch linux'' in their subject.<br />
Quoting is necessary when there is whitespace in search expressions.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
Composition is started by typing {{ic|mail user@host}} or by {{ic|reply}}ing to a message.<br />
If {{ic|editalong}} is set you then enter the {{ic|EDITOR}} of choice.<br />
Otherwise, or after you have left the {{ic|EDITOR}}, you will find yourself in the native editor, where many operations can be performed using command escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (shell-token and optionally comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
<br />
Assuming there is the private S/MIME key and signed certificate available already, using S/MIME is very simple.<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
# chmod 0400 ~/pair.pem<br />
<br />
The following goes to {{ic|$HOME/.mailrc}}.<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
Note S/MIME always works relative to the setting of the variable {{ic|from}}.<br />
For signing and decryption purposes it is possible to use password-protected keys, and the pseudo-host(s) ''USER@HOST.smime-cert-key'' for the private key (and ''USER@HOST.smime-cert-cert'' for the certificate stored in the same file) will be used for performing any necessary password lookup, therefore the lookup can be automatized via the mechanisms described in ''On URL syntax and credential lookup''.<br />
<br />
The {{ic|verify}} command verifies S/MIME messages, but S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
<br />
The manual contains a more complete overview in ''Signed and encrypted messages with S/MIME'' as well as a more telling step-by-step example in ''S/MIME step by step''.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail does not yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=485899S-nail2017-08-18T21:25:03Z<p>Sdaoden: arg, wikis. and copy+paste. and non-native english. i can't go for that.</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}} is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
{{ic|mail}} is MIME capable and supports line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers.<br />
<br />
Since v14.9.0 and above the syntax of the software slowly drifts towards being shell compatible, now {{ic|define}}d macros can take arguments, can return values etc., an error status is available in {{ic|!}}...<br />
Compose-mode hooks have been introduced, so creation of custom headers is now easy.<br />
<br />
== Setting up a working environment ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}} debug option results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, ''On sending mail, and non-interactive mode''):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status reflects that of the started (builtin or not) MTA.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables, as in<br />
<br />
# TOYOU="-Sexpandaddr /etc/password"; echo 'Dance Track' | mail -d -s Ubject $TOYOU<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the usual {{ic|-d}} debug dry-run, of course.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we can take a look at the generated message thereafter:<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mail -Rf /tmp/out.mbox<br />
<br />
The manual sections ''A starter'', ''On sending mail, and non-interactive mode'' and ''On reading mail, and interactive mode'' could be worth a glance already today.<br />
<br />
=== ===<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
<br />
=== ===<br />
<br />
All shown examples are upward compatible.<br />
To ensure {{ic|mail}} acts accordingly too, this variable must be set.<br />
<br />
set v15-compat<br />
<br />
Wait for the MTA exit status when sending messages, to be able to recognize its errors.<br />
<br />
set sendwait<br />
<br />
The default directory for saving mails.<br />
Unless an absolute path is set this is interpreted relative to {{ic|HOME}}.<br />
User-specified filesnames which start with a ''+'' plus-sign refer to paths below this variable.<br />
<br />
set folder=mail<br />
<br />
More paths of interest:<br />
{{ic|inbox}} is the user's system mailbox (else {{ic|MAIL}} or a system-specific storage, {{ic|/var/mail/$LOGNAME}} in ArchLinux, are used for this purpose).<br />
{{ic|record}} is used to save copies of sent messages, {{ic|DEAD}} is error storage.<br />
{{ic|MBOX}} is the user's secondary mailbox, a standardized target for storage of already read etc. messages (of the system mailbox).<br />
<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
Compressed or otherwise "wrapped" storage can also be used:<br />
<br />
filetype xz 'xz -dc' 'xz -zc'<br />
set record=+sent.mbox.xz<br />
<br />
For security reasons {{ic|mail}} will actively set a restrictive user-only file mode creation mask ({{ic|umask(1)}}), but here we exemplarily inherit the one set in the shell that started {{ic|mail}}:<br />
<br />
set umask=<br />
<br />
Looking at something more ''e-mailish'', let us specify the author of messages sent out.<br />
If sending over a local MTA this may be unnecessary, on the other hand specific use cases can be more complicated than that, the manual entries for the {{ic|-r}} command line option as well as for the {{ic|from}} variable go into more detail.<br />
<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
{{ic|mail}} needs to know which character sets may be used when sending messages.<br />
It deduces the character set of text from the {{ic|locale(1)}} environment, from the internal variable {{ic|ttycharset}}, to be exact.<br />
It is possible to "bend" reality with this variable, as it allows to specify just any input character set environment, as long as that exists;<br />
For example, above this has been used to send Unicode/UTF-8 data in a clean and detached script environment (or ''could'', as the example used english text).<br />
The input text, supposed to represent {{ic|ttycharset}} character data, can optionally be converted to any specified character data.<br />
<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
This says that first of all {{ic|mail}} shall try to send data in the UTF-8 character set, but if that fails, it shall try to do so in LATIN-1.<br />
What happens is that the text is converted via {{ic|iconv(1)}} as necessary.<br />
It is also possible to specify<br />
<br />
#set sendcharsets-else-ttycharset<br />
<br />
This would use {{ic|sendcharsets}} if this variable is set, but otherwise uses {{ic|ttycharset}}.<br />
More details on this in the manual, section ''Character sets''.<br />
<br />
When replying to or forwarding a message the comment and name parts of email addresses are removed unless this variable is set.<br />
<br />
set fullnames<br />
<br />
When replying, do not merge {{ic|From:}} and {{ic|To:}} of the original message into the new {{ic|To:}} header.<br />
Instead use the old {{ic|From:}} as the new {{ic|To:}}, and merge the old {{ic|To:}} with addressees found in {{ic|Cc:}}.<br />
This also works with {{ic|Reply-To:}} and {{ic|Mail-Followup-To:}} ''honouring'', as below<br />
<br />
set recipients-in-cc<br />
<br />
When composing a message, start directly into {{ic|EDITOR}}:<br />
<br />
set editalong<br />
<br />
There is the (''usual'' in practice) special support for mailing-lists.<br />
Mailing-lists can be made only ''known'', or they can be ''subscribed'' to.<br />
Subscribing to a list makes {{ic|mail}} think that a message posted to the list can be read by the person reading this Wiki anyway, because she or he will get her or his regular copy via the list, for example.<br />
<br />
mlist one@alpha.lists.example '^.*@lists\.example$'<br />
mlsubscribe three@lists.example<br />
<br />
Politeness dictates that {{ic|Reply-To:}} and/or {{ic|Mail-Followup-To:}} headers are honoured.<br />
And for mailing-list contexts they shall be generated.<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
When messages are send any attachments need to be MIME classified, so that a correct Multipurpose Internet Mail Extensions media type can be specified.<br />
As a part of this step so-called {{ic|mime.types(5)}} files are read, which are often bloated and contain useless entries (without file extension).<br />
The variable {{ic|mimetypes-load-control}} can be used to specify which files shall be read.<br />
But since {{ic|mail}} contains a set of builtin media types, not loading any file is often applicable; is this a sufficient list:<br />
<br />
# mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
=== ===<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so here there is T(ransport) L(ayer) S(ecurity) configuration.<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
On ArchLinux the core system provides an extensive set of certificates which are subject to the usual update mechanisms.<br />
Use those, and exclusively, do not load the OpenSSL shipped certificate list; be specific and use the TLS certificate set (see {{ic|update-ca-trust(8)}}).<br />
<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
When creating a secured connection, require strict security checks.<br />
<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, ''URL''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more specific specifications of, e.g., {{ic|password}} variables:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='oildrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to feed user credentials into it, ''variable chains'' are one of them and often the easiest solution.<br />
The manual section ''On URL syntax and credential lookup'' makes known the others.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{{Tip|Do not forget that {{ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc e SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers {{ic|STLS}},<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
But if a server fails this, only this very server should be relaxed.<br />
Again variable chains offer a quick solution to this problem.<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a ''Lion'' which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program {{ic|ciphers(1)}} can be used and should be referred to when creating a custom cipher list.<br />
<br />
=== ===<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
With {{ic|password}} already defined as above it can be as easy as<br />
<br />
set user=lada mta=smtp://bakery.exam.ple smtp-use-starttls<br />
<br />
or<br />
<br />
set mta=smtp://lada@bakery.exam.ple smtp-use-starttls<br />
<br />
or, also, with user and password in the URL:<br />
<br />
set mta=smtp://lada:bred%20and%20butter@bakery.exam.ple smtp-use-starttls<br />
<br />
More obfuscation:<br />
<br />
# mail -:/ -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? set my_user=lada my_pass=bred%20and%20butter<br />
? wysh set mta=smtp://${my_user}:${my_pass}@bakery.exam.ple smtp-use-starttls<br />
? echo $mta;xit<br />
smtp://lada:bred%20and%20butter@bakery.exam.ple<br />
<br />
The {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
This works as such, immediately:<br />
<br />
# echo Hesse |<br />
LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait \<br />
-Smta=smtp://lada:bred%20and%20butter@bakery.exam.ple -Ssmtp-use-starttls \<br />
-s test -. hey@you<br />
<br />
Often the {{ic|smtp-auth}} variable needs to be set in addition.<br />
And it may be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} (if set) use different hostnames, there is an example managing this problem below.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated from the command line via {{ic|mailx -A name}}, or by calling {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider, to be stored in the personal {{ic|$HOME/.mailrc}}:<br />
<br />
account XooglX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=gmail.com \<br />
mta=smtps://smtp.gmail.com:465 \<br />
pop3-no-apop<br />
shortcut myimap imaps://imap.gmail.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.gmail.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
This should be ready for a command sequence like the following<br />
<br />
# echo test1-body.| mail -A XooglX -s test1-subject my-XooglX-address<br />
# mail -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? account XooglX<br />
? set debug<br />
? mail my-XooglX-address<br />
Subject: test2-subject<br />
test2-body.<br />
~.<br />
? goimap<br />
...<br />
? xit<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large free mail provider which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned above:<br />
<br />
account XandeX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
Storing passwords in {{ic|$HOME/.mailrc}} is usually not a good idea, but if it is done that way appropriate user-only permissions via {{ic|chmod 0600 $HOME/.mailrc}} are desirable.<br />
{{ic|mail}} supports loading of files via pipes, so user credentials may be loaded from encrypted files like that.<br />
It also supports the traditional login information ''.netrc'' files, and as an extension supports loading them via pipes, i.e., encrypted ''.netrc'' files can be used.<br />
So then let us modify the account to perform ''.netrc'' lookups,<br />
<br />
account XandeX {<br />
set netrc-lookup netrc-pipe='gpg -qd ~/.netrc.gpg' \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
place the user and password in {{ic|$HOME/.netrc}},<br />
<br />
machine *.yandex.com login '''USER''' password '''PASS'''<br />
<br />
and encrypt this storage to the wanted {{ic|~/.netrc.gpg}}:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
This example is now functional because there is no ambiguity, only one user for {{ic|*.yandex.com}} will be found;<br />
An explicit {{ic|1=set user=...}} in an {{ic|account}} definition will remove ambiguities from other cases.<br />
It is also possible to specify only the password in {{ic|.netrc}}, reading the manual section ''On URL syntax and credential lookup'' should show the complete picture.<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
In {{ic|mail}} the implicit {{ic|account}} ''null'' exists.<br />
This may be interesting for testing purposes, to ensure that no variable settings established in an account exist once the account has been left.<br />
<br />
# mail -X'account XooglX;varshow mta;\acc null;echo $mta;xit' <br />
set mta=smtps://smtp.gmail.com:465<br />
/usr/sbin/sendmail<br />
<br />
Option localization (as via the {{ic|localopts}} command) is implicitly enabled in all {{ic|account}}s.<br />
<br />
=== ===<br />
<br />
It is very common or even necessary to inject some text in newly generated messages, for example signatures or a fortune cookies.<br />
With {{ic|mail}} this can be realized in a(n increasing) number of ways.<br />
For example, if there is only some text to inject at the head or bottom of a message, setting some variables seems to be the easiest solution.<br />
<br />
wysh set message-inject-head=$'And love.\nLove will tear us apart.\n'<br />
set message-inject-tail='--Bye.'<br />
<br />
Again, the {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
<br />
Entire files are best included by using {{ic|on-compose-splice}} hooks (later versions will add more options).<br />
These hooks can do anything a user could do interactively.<br />
The shell hook is done quickly:<br />
<br />
set on-compose-splice-shell="read splice_protocol_version; cat ~/.mysig"<br />
<br />
Even better is possibly using normal compose mode commands to accomplish the same.<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~< ~/.mysig\''<br />
<br />
or<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~<! fortune\''<br />
<br />
or the maybe strange<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v;\<br />
i=`cat ~/.mysig`;\<br />
echo \'~:set message-inject-tail=\'\"${i}\"\<br />
'<br />
<br />
All this does not really need the shell.<br />
(Or at least most as of the time of this writing.)<br />
<br />
define h_ocs {<br />
read s_p_v;echo '~<! cat ~/.mysig'<br />
}<br />
set on-compose-splice=h_ocs<br />
<br />
=== ===<br />
<br />
There are exactly two options to automatically create custom headers.<br />
One is the variable {{ic|customhdr}}.<br />
<br />
set customhdr='OpenPGP: id=MYID; url=https://MYURL'<br />
<br />
Multiple headers can be separated with commas, commas in header bodies need to be escaped by a reverse solidus:<br />
<br />
set customhdr='Head-1: A\, B and C , Head-2: D\,e and F'<br />
<br />
The other option is again a {{ic|on-compose-splice}} hook.<br />
In conjunction with the command escape {{ic|~^}} that has been especially designed for automated use cases via the splice hooks, message headers and attachments can be controlled completely.<br />
This includes creation of custom headers.<br />
For example, here is a complicated version which uses the reverse solidus command modifier to avoid {{ic|commandalias}} expansion (what you see is what you get) and creates a OpenPGP header unless the message already contains one (it has been explicitly added before).<br />
With error checking.<br />
<br />
\set on-compose-splice=h_ocs<br />
\define h_ocs {<br />
\read splice_protocol_version<br />
# Read current list of header<br />
\echo '~^header list'<br />
\read hl<br />
# Create a one-byte substring of $hl, and store it in variable "es"<br />
\vput vexpr es substr "$hl" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'ocs: cannot list headers'; \echo '~x'; \xit<br />
\end<br />
# Is there already an OpenPGP header? Case-insensitively!<br />
\if [ "${hl}" @i!% ' openpgp' ]<br />
\echo '~^header insert OpenPGP id=MYID; url=https://MYURL'<br />
\read es<br />
\vput vexpr es substr "$es" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'Cannot insert OpenPGP: header'<br />
\echo '~x'<br />
# (no xit, macro finishs anyway)<br />
\end<br />
\end<br />
}<br />
<br />
=== ===<br />
<br />
Interactive usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
There are two bits of need to configure it before this is a bit of fun. <br />
First of all it has to start up even if the initially opened mailbox is empty.<br />
<br />
set emptystart<br />
<br />
Looking at messages in the {{ic|PAGER}}, so that they do not scroll by.<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
Again, the {{ic|wysh}} command modifier will no longer be necessary in v15.<br />
More entries for the history, that shall persist in between sessions.<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
These are standardized commands, {{ic|headerpick}} is a generalization worth looking at.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
While here, configure which headers shall be contained when {{ic|forward}}ing messages,<br />
<br />
headerpick forward retain subject date from to cc<br />
<br />
and which shall be ignored when saving messages.<br />
<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
It could display HTML parts inline, nicer than what the builtin viewer can achieve, that is to say.<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
Context-dependent key bindings can be established.<br />
<br />
\bind base a,b,c echo key bindings in mail!<br />
<br />
Successively typing the three characters a, b and c will now echo something.<br />
<br />
\bind base $'\e',d mle-snarf-word-fwd<br />
\bind base $'\e',$'\c?' mle-snarf-word-bwd<br />
\bind base $'\e',f mle-go-word-fwd<br />
\bind base $'\e',b mle-go-word-bwd<br />
<br />
Colours can be used, for example for the {{ic|prompt}}.<br />
<br />
\colour 256 mle-prompt fg=red<br />
\colour iso mle-prompt fg=red<br />
\colour mono mle-prompt ft=bold<br />
<br />
=== ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section ''Specifying messages''.<br />
E.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}), and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux'}} will print the header summary of all messages that contain the string ''arch linux'' in some message header, whereas {{ic|f '@arch linux'}} will only match those with ''arch linux'' in their subject.<br />
Quoting is necessary when there is whitespace in search expressions.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
=== ===<br />
<br />
Composition is started by typing {{ic|mail user@host}} or by {{ic|reply}}ing to a message.<br />
If {{ic|editalong}} is set you then enter the {{ic|EDITOR}} of choice.<br />
Otherwise, or after you have left the {{ic|EDITOR}}, you will find yourself in the native editor, where many operations can be performed using command escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (shell-token and optionally comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
<br />
Assuming there is the private S/MIME key and signed certificate available already, using S/MIME is very simple.<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
# chmod 0400 ~/pair.pem<br />
<br />
The following goes to {{ic|$HOME/.mailrc}}.<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
Note S/MIME always works relative to the setting of the variable {{ic|from}}.<br />
For signing and decryption purposes it is possible to use password-protected keys, and the pseudo-host(s) ''USER@HOST.smime-cert-key'' for the private key (and ''USER@HOST.smime-cert-cert'' for the certificate stored in the same file) will be used for performing any necessary password lookup, therefore the lookup can be automatized via the mechanisms described in ''On URL syntax and credential lookup''.<br />
<br />
The {{ic|verify}} command verifies S/MIME messages, but S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
<br />
The manual contains a more complete overview in ''Signed and encrypted messages with S/MIME'' as well as a more telling step-by-step example in ''S/MIME step by step''.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail does not yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=485895S-nail2017-08-18T21:04:39Z<p>Sdaoden: Chlorine bath our chicken so that it is clean and does no-no Me and Mrs. Jones when asked for TLS!</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}} is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
{{ic|mail}} is MIME capable and supports line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers.<br />
<br />
Since v14.9.0 and above the syntax of the software slowly drifts towards being shell compatible, now {{ic|define}}d macros can take arguments, can return values etc., an error status is available in {{ic|!}}...<br />
Compose-mode hooks have been introduced, so creation of custom headers is now easy.<br />
<br />
== Setting up a working environment ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}} debug option results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, ''On sending mail, and non-interactive mode''):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status reflects that of the started (builtin or not) MTA.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables, as in<br />
<br />
# TOYOU="-Sexpandaddr /etc/password"; echo 'Dance Track' | mail -d -s Ubject $TOYOU<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the usual {ic|-d}} debug dry-run, of course.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we can take a look at the generated message thereafter:<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mail -Rf /tmp/out.mbox<br />
<br />
The manual sections ''A starter'', ''On sending mail, and non-interactive mode'' and ''On reading mail, and interactive mode'' could be worth a glance already today.<br />
<br />
=== ===<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
<br />
=== ===<br />
<br />
All shown examples are upward compatible.<br />
To ensure {{ic|mail}} acts accordingly too, this variable must be set.<br />
<br />
set v15-compat<br />
<br />
Wait for the MTA exit status when sending messages, to be able to recognize its errors.<br />
<br />
set sendwait<br />
<br />
The default directory for saving mails.<br />
Unless an absolute path is set this is interpreted relative to {{ic|HOME}}.<br />
User-specified filesnames which start with a ''+'' plus-sign refer to paths below this variable.<br />
<br />
set folder=mail<br />
<br />
More paths of interest:<br />
{{ic|inbox} is the user's system mailbox (else {{ic|MAIL}} or a system-specific storage, {{ic|/var/mail/$LOGNAME}} in ArchLinux, are used for this purpose).<br />
{{ic|record}} is used to save copies of sent messages, {{ic|DEAD}} is error storage.<br />
{{ic|MBOX}} is the user's secondary mailbox, a standardized target for storage of already read etc. messages (of the system mailbox).<br />
<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
Compressed or otherwise "wrapped" storage can also be used:<br />
<br />
filetype xz 'xz -dc' 'xz -zc'<br />
set record=+sent.mbox.xz<br />
<br />
For security reasons {{ic|mail}} will actively set a restrictive user-only file mode creation mask ({{ic|umask(1)}}, but here we examplarily inherit the one set in the shell that started {{ic|mail}}:<br />
<br />
set umask=<br />
<br />
Looking at something more ''e-mailish'', let us specify the author of messages sent out.<br />
If sending over a local MTA this may be unnecessary, on the other hand specific use cases can be more complicated than that, the manual entries for the {{ic|-r}} command line option as well as for the {{ic|from}} variable go into more detail.<br />
<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
{{ic|mail}} needs to know which character sets may be used when sending messages.<br />
It deduces the character set of text from the {{ic|locale(1)}} environment, from the internal variable {{ic|ttycharset}}, to be exact.<br />
It is possible to "bend" reality with this variable, as it allows to specify just any input character set environment, as long as that exists;<br />
For example, above this has been used to send Unicode/UTF-8 data in a clean and detached script environment (or ''could'', as the example used english text).<br />
The input text, supposed to represent {{ic|ttycharset}} character data, can optionally be converted to any specified character data.<br />
<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
This says that first of all {{ic|mail}} shall try to send data in the UTF-8 character set, but if that fails, it shall try to do so in LATIN-1.<br />
What happens is that the text is converted via {{ic|iconv(1)}} as necessary.<br />
It is also possible to specify<br />
<br />
#set sendcharsets-else-ttycharset<br />
<br />
This would use {{ic|sendcharsets}} if this variable is set, but otherwise uses {{ic|ttycharset}}.<br />
More details on this in the manual, sections ''Character sets''.<br />
<br />
When replying to or forwarding a message the comment and name parts of email addresses are removed unless this variable is set.<br />
<br />
set fullnames<br />
<br />
When replying, do not merge {{ic|From:}} and {{ic|To:}} of the original message into the new {{ic|To:}} header.<br />
Instead use the old {{ic|From:}} as the new {{ic|To:}}, and merge the old {{ic|To:}} with addressees found in {{ic|Cc:}}.<br />
This also works with {{ic|Reply-To:}} and {{ic|Mail-Followup-To:}} ''honouring'', as below<br />
<br />
set recipients-in-cc<br />
<br />
When composing a message, start directly into {{ic|EDITOR}}:<br />
<br />
set editalong<br />
<br />
There is the (''usual'' in practice) special support for mailing-lists.<br />
Mailing-lists can be made only ''known'', or they can be ''subscribed'' to.<br />
Subscribing to a list makes {{ic|mail}} think that a message posted to the list can be read by the person reading this Wiki anyway, because she or he will get her or his regular copy via the list, for example.<br />
<br />
mlist one@alpha.lists.example '^.*@lists\.example$'<br />
mlsubscribe three@lists.example<br />
<br />
Politeness dictates that {{ic|Reply-To:}} and/or {{ic|Mail-Followup-To:}} headers are honoured.<br />
And for mailing-list contexts they shall be generated.<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
When messages are sent any attachments need to be MIME classified, so that a correct Multipurpose Internet Mail Extensions media type can be specified.<br />
As a part of this step so-called {{ic|mime.types(5)}} files are read, which are often bloated and contain useless entries (without file extension).<br />
The variable {{ic|mimetypes-load-control}} can be used to specify which files shall be read.<br />
But since {{ic|mail}} contains a set of builtin media types, not loading any file is often applicable; is this a sufficient list:<br />
<br />
# mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
=== ===<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so here there is T(ransport) L(ayer) S(ecurity) configuration.<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
On ArchLinux the core system provides an extensive set of certificates which are subject to the usual update mechanisms.<br />
Use those, and exclusively, do not load the OpenSSL shipped certificate list; be specific and use the TLS certificate set (see {{ic|update-ca-trust(8)}}).<br />
<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
When creating a secured connection, require strict security checks.<br />
<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, ''URL''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more specific specifications of, e.g., {{ic|password}} variables:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='oildrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to feed user credentials into it, ''variable chains'' are one of them and often the easiest solution.<br />
The manual section ''On URL syntax and credential lookup'' makes known the others.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{{Tip|Do not forget that {{ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc e SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers {{ic|STLS}},<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
But if a server fails this, only this very server should be relaxed.<br />
Again variable chains offer a quick solution to this problem.<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a ''Lion'' which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program {{ic|ciphers(1)}} can be used and should be referred to when creating a custom cipher list.<br />
<br />
=== ===<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
With {{ic|password}} already defined as above it can be as easy as<br />
<br />
set user=lada mta=smtp://bakery.exam.ple smtp-use-starttls<br />
<br />
or<br />
<br />
set mta=smtp://lada@bakery.exam.ple smtp-use-starttls<br />
<br />
or, also, with user and password in the URL:<br />
<br />
set mta=smtp://lada:bred%20and%20butter@bakery.exam.ple smtp-use-starttls<br />
<br />
More obfuscation:<br />
<br />
# mail -:/ -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? set my_user=lada my_pass=bred%20and%20butter<br />
? wysh set mta=smtp://${my_user}:${my_pass}@bakery.exam.ple smtp-use-starttls<br />
? echo $mta;xit<br />
smtp://lada:bred%20and%20butter@bakery.exam.ple<br />
<br />
The {{ic|wysh} command modifier will no longer be necessary in v15.<br />
This works as such, immediately:<br />
<br />
# echo Hesse |<br />
LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait \<br />
-Smta=smtp://lada:bred%20and%20butter@bakery.exam.ple -Ssmtp-use-starttls \<br />
-s test -. hey@you<br />
<br />
Often the {{ic|smtp-auth}} variable needs to be set in addition.<br />
And it may be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} (if set) use different hostnames, there is an example managing this problem below.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated from the command line via {{ic|mailx -A name}}, or by calling {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider, to be stored in the personal {{ic|$HOME/.mailrc}}:<br />
<br />
account XooglX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=gmail.com \<br />
mta=smtps://smtp.gmail.com:465 \<br />
pop3-no-apop<br />
shortcut myimap imaps://imap.gmail.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.gmail.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
This should be ready for a command sequence like the following<br />
<br />
# echo test1-body.| mail -A XooglX -s test1-subject my-XooglX-address<br />
# mail -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? account XooglX<br />
? set debug<br />
? mail my-XooglX-address<br />
Subject: test2-subject<br />
test2-body.<br />
~.<br />
? goimap<br />
...<br />
? xit<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large free mail provider which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned above:<br />
<br />
account XandeX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
Storing passwords in {{ic|$HOME/.mailrc}} is usually not a good idea, but if it is done that way appropriate user-only permissions via {{ic|chmod 0600 $HOME/.mailrc}} are desirable.<br />
{{ic|mail}} supports loading of files via pipes, so user credentials may be loaded from encrypted files like that.<br />
It also supports the traditional login information ''.netrc'' files, and as an extension supports loading them via pipes, i.e., encrypted ''.netrc'' files can be used.<br />
So then let us modify the account to perform ''.netrc'' lookups,<br />
<br />
account XandeX {<br />
set netrc-lookup netrc-pipe='gpg -qd ~/.netrc.gpg' \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
place the user and password in {{ic|$HOME/.netrc}},<br />
<br />
machine *.yandex.com login '''USER''' password '''PASS'''<br />
<br />
and encrypt this storage to the wanted {{ic|~/.netrc.gpg}}:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
This example is now functional because there is no ambiguity, only one user for {{ic|*.yandex.com}} will be found;<br />
An explicit {{ic|1=set user=...}} in an {{ic|account}} definition will remove ambiguities from other cases.<br />
It is also possible to specify only the password in {{ic|.netrc}}, reading the manual section ''On URL syntax and credential lookup'' should show the complete picture.<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
In {{ic|mail}} the implicit {{ic|account}} ''null'' exists.<br />
This may be interesting for testing purposes, to ensure that no variable settings established in an account exist once the account has been left.<br />
<br />
# mail -X'account XooglX;varshow mta;\acc null;echo $mta;xit' <br />
set mta=smtps://smtp.gmail.com:465<br />
/usr/sbin/sendmail<br />
<br />
Option localization (as via the {{ic|localopts}} command) is implicitly enabled in all {{ic|account}}s.<br />
<br />
=== ===<br />
<br />
It is very common or even necessary to inject some text in newly generated messages, for example signatures or a fortune cookies.<br />
With {{ic|mail}} this can be realized in a(n increasing) number of ways.<br />
For example, if there is only some text to inject at the head or bottom of a message, setting some variables seems to be the easiest solution.<br />
<br />
wysh set message-inject-head=$'And love.\nLove will tear us apart.\n'<br />
set message-inject-tail='--Bye.'<br />
<br />
Again, the {{ic|wysh} command modifier will no longer be necessary in v15.<br />
<br />
Entire files are best included by using {{ic|on-compose-splice}} hooks (later versions will add more options).<br />
These hooks can do anything a user could do interactively.<br />
The shell hook is done quickly:<br />
<br />
set on-compose-splice-shell="read splice_protocol_version; cat ~/.mysig"<br />
<br />
Even better is possibly using normal compose mode commands to accomplish the same.<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~< ~/.mysig\''<br />
<br />
or<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~<! fortune\''<br />
<br />
or the maybe strange<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v;\<br />
i=`cat ~/.mysig`;\<br />
echo \'~:set message-inject-tail=\'\"${i}\"\<br />
'<br />
<br />
All this does not really need the shell.<br />
(Or at least most as of the time of this writing.)<br />
<br />
define h_ocs {<br />
read s_p_v;echo '~<! cat ~/.mysig'<br />
}<br />
set on-compose-splice=h_ocs<br />
<br />
=== ===<br />
<br />
There are exactly two options to automatically create custom headers.<br />
One is the variable {{ic|customhdr}}.<br />
<br />
set customhdr='OpenPGP: id=MYID; url=https://MYURL'<br />
<br />
Multiple headers can be separated with commas, commas in header bodies need to be escaped by a reverse solidus:<br />
<br />
set customhdr='Head-1: A\, B and C , Head-2: D\,e and F'<br />
<br />
The other option is again a {{ic|on-compose-splice}} hook.<br />
In conjunction with the command escape {{ic|~^}} that has been especially designed for automated use cases via the splice hooks, message headers and attachments can be controlled completely.<br />
This includes creation of custom headers.<br />
For example, here is a complicated version which uses the reverse solidus command modifier to avoid {{ic|commandalias}} expansion (what you see is what you get) and creates a OpenPGP header unless the message already contains one (it has been explicitly added before).<br />
With error checking.<br />
<br />
\set on-compose-splice=h_ocs<br />
\define h_ocs {<br />
\read splice_protocol_version<br />
# Read current list of header<br />
\echo '~^header list'<br />
\read hl<br />
# Create a one-byte substring of $hl, and store it in variable "es"<br />
\vput vexpr es substr "$hl" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'ocs: cannot list headers'; \echo '~x'; \xit<br />
\end<br />
# Is there already an OpenPGP header? Case-insensitively!<br />
\if [ "${hl}" @i!% ' openpgp' ]<br />
\echo '~^header insert OpenPGP id=MYID; url=https://MYURL'<br />
\read es<br />
\vput vexpr es substr "$es" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'Cannot insert OpenPGP: header'<br />
\echo '~x'<br />
# (no xit, macro finishs anyway)<br />
\end<br />
\end<br />
}<br />
<br />
=== ===<br />
<br />
Interactive usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
There are two bits of need to configure it before this is a bit of fun. <br />
First of all it has to start up even if the initially opened mailbox is empty.<br />
<br />
set emptystart<br />
<br />
Looking at messages in the {{ic|PAGER}}, so that they do not scroll by.<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
Again, the {{ic|wysh} command modifier will no longer be necessary in v15.<br />
More entries for the history, that shall persist in between sessions.<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
These are standardized commands, {{ic|headerpick}} is a generalization worth looking at.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
While here, configure which headers shall be contained when {{ic|forward}}ing messages,<br />
<br />
headerpick forward retain subject date from to cc<br />
<br />
and which shall be ignored when saving messages.<br />
<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
It could display HTML parts inline, nicer than what the builtin viewer can achieve, that is to say.<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
Context-dependent key bindings can be established.<br />
<br />
\bind base a,b,c echo key bindings in mail!<br />
<br />
Successively typing the three characters a, b and c will now echo something.<br />
<br />
\bind base $'\e',d mle-snarf-word-fwd<br />
\bind base $'\e',$'\c?' mle-snarf-word-bwd<br />
\bind base $'\e',f mle-go-word-fwd<br />
\bind base $'\e',b mle-go-word-bwd<br />
<br />
Colours can be used, for example for the {{ic|prompt}}.<br />
<br />
\colour 256 mle-prompt fg=red<br />
\colour iso mle-prompt fg=red<br />
\colour mono mle-prompt ft=bold<br />
<br />
=== ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section ''Specifying messages''.<br />
E.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}), and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux'}} will print the header summary of all messages that contain the string ''arch linux'' in some message header, whereas {{ic|f '@arch linux'}} will only match those with ''arch linux'' in their subject.<br />
Quoting is necessary when there is whitespace in search expressions.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
=== ===<br />
<br />
Composition is started by typing {{ic|mail user@host}} or by {{ic|reply}}ing to a message.<br />
If {{ic|editalong}} is set you then enter the {{ic|EDITOR}} of choice.<br />
Otherwise, or after you have left the {{ic|EDITOR}}, you will find yourself in the native editor, where many operations can be performed using command escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (shell-token and optionally comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
<br />
Assuming there is the private S/MIME key and signed certificate available already, using S/MIME is very simple.<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
# chmod 0400 ~/pair.pem<br />
<br />
The following goes to {{ic|$HOME/.mailrc}}.<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
Note S/MIME always works relative to the setting of the variable {{ic|from}}.<br />
For signing and decryption purposes it is possible to use password-protected keys, and the pseudo-host(s) ''USER@HOST.smime-cert-key'' for the private key (and ''USER@HOST.smime-cert-cert'' for the certificate stored in the same file) will be used for performing any necessary password lookup, therefore the lookup can be automatized via the mechanisms described in ''On URL syntax and credential lookup''.<br />
<br />
The {{ic|verify}} command verifies S/MIME messages, but S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
<br />
The manual contains a more complete overview in ''Signed and encrypted messages with S/MIME'' as well as a more telling step-by-step example in ''S/MIME step by step''.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail does not yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=485892S-nail2017-08-18T21:02:59Z<p>Sdaoden: Final step v14.9.3</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}} is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
{{ic|mail}} is MIME capable and supports line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers.<br />
<br />
Since v14.9.0 and above the syntax of the software slowly drifts towards being shell compatible, now {{ic|define}}d macros can take arguments, can return values etc., an error status is available in {{ic|!}}...<br />
Compose-mode hooks have been introduced, so creation of custom headers is now easy.<br />
<br />
== Moon over Havana ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}} debug option results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, ''On sending mail, and non-interactive mode''):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status reflects that of the started (builtin or not) MTA.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables, as in<br />
<br />
# TOYOU="-Sexpandaddr /etc/password"; echo 'Dance Track' | mail -d -s Ubject $TOYOU<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the usual {ic|-d}} debug dry-run, of course.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we can take a look at the generated message thereafter:<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mail -Rf /tmp/out.mbox<br />
<br />
The manual sections ''A starter'', ''On sending mail, and non-interactive mode'' and ''On reading mail, and interactive mode'' could be worth a glance already today.<br />
<br />
=== ===<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
<br />
=== ===<br />
<br />
All shown examples are upward compatible.<br />
To ensure {{ic|mail}} acts accordingly too, this variable must be set.<br />
<br />
set v15-compat<br />
<br />
Wait for the MTA exit status when sending messages, to be able to recognize its errors.<br />
<br />
set sendwait<br />
<br />
The default directory for saving mails.<br />
Unless an absolute path is set this is interpreted relative to {{ic|HOME}}.<br />
User-specified filesnames which start with a ''+'' plus-sign refer to paths below this variable.<br />
<br />
set folder=mail<br />
<br />
More paths of interest:<br />
{{ic|inbox} is the user's system mailbox (else {{ic|MAIL}} or a system-specific storage, {{ic|/var/mail/$LOGNAME}} in ArchLinux, are used for this purpose).<br />
{{ic|record}} is used to save copies of sent messages, {{ic|DEAD}} is error storage.<br />
{{ic|MBOX}} is the user's secondary mailbox, a standardized target for storage of already read etc. messages (of the system mailbox).<br />
<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
Compressed or otherwise "wrapped" storage can also be used:<br />
<br />
filetype xz 'xz -dc' 'xz -zc'<br />
set record=+sent.mbox.xz<br />
<br />
For security reasons {{ic|mail}} will actively set a restrictive user-only file mode creation mask ({{ic|umask(1)}}, but here we examplarily inherit the one set in the shell that started {{ic|mail}}:<br />
<br />
set umask=<br />
<br />
Looking at something more ''e-mailish'', let us specify the author of messages sent out.<br />
If sending over a local MTA this may be unnecessary, on the other hand specific use cases can be more complicated than that, the manual entries for the {{ic|-r}} command line option as well as for the {{ic|from}} variable go into more detail.<br />
<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
{{ic|mail}} needs to know which character sets may be used when sending messages.<br />
It deduces the character set of text from the {{ic|locale(1)}} environment, from the internal variable {{ic|ttycharset}}, to be exact.<br />
It is possible to "bend" reality with this variable, as it allows to specify just any input character set environment, as long as that exists;<br />
For example, above this has been used to send Unicode/UTF-8 data in a clean and detached script environment (or ''could'', as the example used english text).<br />
The input text, supposed to represent {{ic|ttycharset}} character data, can optionally be converted to any specified character data.<br />
<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
This says that first of all {{ic|mail}} shall try to send data in the UTF-8 character set, but if that fails, it shall try to do so in LATIN-1.<br />
What happens is that the text is converted via {{ic|iconv(1)}} as necessary.<br />
It is also possible to specify<br />
<br />
#set sendcharsets-else-ttycharset<br />
<br />
This would use {{ic|sendcharsets}} if this variable is set, but otherwise uses {{ic|ttycharset}}.<br />
More details on this in the manual, sections ''Character sets''.<br />
<br />
When replying to or forwarding a message the comment and name parts of email addresses are removed unless this variable is set.<br />
<br />
set fullnames<br />
<br />
When replying, do not merge {{ic|From:}} and {{ic|To:}} of the original message into the new {{ic|To:}} header.<br />
Instead use the old {{ic|From:}} as the new {{ic|To:}}, and merge the old {{ic|To:}} with addressees found in {{ic|Cc:}}.<br />
This also works with {{ic|Reply-To:}} and {{ic|Mail-Followup-To:}} ''honouring'', as below<br />
<br />
set recipients-in-cc<br />
<br />
When composing a message, start directly into {{ic|EDITOR}}:<br />
<br />
set editalong<br />
<br />
There is the (''usual'' in practice) special support for mailing-lists.<br />
Mailing-lists can be made only ''known'', or they can be ''subscribed'' to.<br />
Subscribing to a list makes {{ic|mail}} think that a message posted to the list can be read by the person reading this Wiki anyway, because she or he will get her or his regular copy via the list, for example.<br />
<br />
mlist one@alpha.lists.example '^.*@lists\.example$'<br />
mlsubscribe three@lists.example<br />
<br />
Politeness dictates that {{ic|Reply-To:}} and/or {{ic|Mail-Followup-To:}} headers are honoured.<br />
And for mailing-list contexts they shall be generated.<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
When messages are sent any attachments need to be MIME classified, so that a correct Multipurpose Internet Mail Extensions media type can be specified.<br />
As a part of this step so-called {{ic|mime.types(5)}} files are read, which are often bloated and contain useless entries (without file extension).<br />
The variable {{ic|mimetypes-load-control}} can be used to specify which files shall be read.<br />
But since {{ic|mail}} contains a set of builtin media types, not loading any file is often applicable; is this a sufficient list:<br />
<br />
# mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
=== ===<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so here there is T(ransport) L(ayer) S(ecurity) configuration.<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
On ArchLinux the core system provides an extensive set of certificates which are subject to the usual update mechanisms.<br />
Use those, and exclusively, do not load the OpenSSL shipped certificate list; be specific and use the TLS certificate set (see {{ic|update-ca-trust(8)}}).<br />
<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
When creating a secured connection, require strict security checks.<br />
<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, ''URL''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more specific specifications of, e.g., {{ic|password}} variables:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='oildrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to feed user credentials into it, ''variable chains'' are one of them and often the easiest solution.<br />
The manual section ''On URL syntax and credential lookup'' makes known the others.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{{Tip|Do not forget that {{ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc e SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers {{ic|STLS}},<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
But if a server fails this, only this very server should be relaxed.<br />
Again variable chains offer a quick solution to this problem.<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a ''Lion'' which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program {{ic|ciphers(1)}} can be used and should be referred to when creating a custom cipher list.<br />
<br />
=== ===<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
With {{ic|password}} already defined as above it can be as easy as<br />
<br />
set user=lada mta=smtp://bakery.exam.ple smtp-use-starttls<br />
<br />
or<br />
<br />
set mta=smtp://lada@bakery.exam.ple smtp-use-starttls<br />
<br />
or, also, with user and password in the URL:<br />
<br />
set mta=smtp://lada:bred%20and%20butter@bakery.exam.ple smtp-use-starttls<br />
<br />
More obfuscation:<br />
<br />
# mail -:/ -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? set my_user=lada my_pass=bred%20and%20butter<br />
? wysh set mta=smtp://${my_user}:${my_pass}@bakery.exam.ple smtp-use-starttls<br />
? echo $mta;xit<br />
smtp://lada:bred%20and%20butter@bakery.exam.ple<br />
<br />
The {{ic|wysh} command modifier will no longer be necessary in v15.<br />
This works as such, immediately:<br />
<br />
# echo Hesse |<br />
LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait \<br />
-Smta=smtp://lada:bred%20and%20butter@bakery.exam.ple -Ssmtp-use-starttls \<br />
-s test -. hey@you<br />
<br />
Often the {{ic|smtp-auth}} variable needs to be set in addition.<br />
And it may be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} (if set) use different hostnames, there is an example managing this problem below.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated from the command line via {{ic|mailx -A name}}, or by calling {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider, to be stored in the personal {{ic|$HOME/.mailrc}}:<br />
<br />
account XooglX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=gmail.com \<br />
mta=smtps://smtp.gmail.com:465 \<br />
pop3-no-apop<br />
shortcut myimap imaps://imap.gmail.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.gmail.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
This should be ready for a command sequence like the following<br />
<br />
# echo test1-body.| mail -A XooglX -s test1-subject my-XooglX-address<br />
# mail -Semptystart<br />
mail version v14.9.3. Type `?' for help<br />
/var/spool/mail/steffen: 0 messages<br />
No more mail.<br />
? account XooglX<br />
? set debug<br />
? mail my-XooglX-address<br />
Subject: test2-subject<br />
test2-body.<br />
~.<br />
? goimap<br />
...<br />
? xit<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large free mail provider which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned above:<br />
<br />
account XandeX {<br />
set user=... password=... \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
Storing passwords in {{ic|$HOME/.mailrc}} is usually not a good idea, but if it is done that way appropriate user-only permissions via {{ic|chmod 0600 $HOME/.mailrc}} are desirable.<br />
{{ic|mail}} supports loading of files via pipes, so user credentials may be loaded from encrypted files like that.<br />
It also supports the traditional login information ''.netrc'' files, and as an extension supports loading them via pipes, i.e., encrypted ''.netrc'' files can be used.<br />
So then let us modify the account to perform ''.netrc'' lookups,<br />
<br />
account XandeX {<br />
set netrc-lookup netrc-pipe='gpg -qd ~/.netrc.gpg' \<br />
from="... <an@exam.ple>" \<br />
hostname=yandex.com smtp-hostname= \<br />
mta=smtps://smtp.yandex.com:465 \<br />
pop3-keepalive=55<br />
shortcut myimap imaps://imap.yandex.com<br />
commandalias goimap file myimap<br />
shortcut mypop pop3s://pop.yandex.com<br />
commandalias gopop file mypop<br />
}<br />
<br />
place the user and password in {{ic|$HOME/.netrc}},<br />
<br />
machine *.yandex.com login '''USER''' password '''PASS'''<br />
<br />
and encrypt this storage to the wanted {{ic|~/.netrc.gpg}}:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
This example is now functional because there is no ambiguity, only one user for {{ic|*.yandex.com}} will be found;<br />
An explicit {{ic|1=set user=...}} in an {{ic|account}} definition will remove ambiguities from other cases.<br />
It is also possible to specify only the password in {{ic|.netrc}}, reading the manual section ''On URL syntax and credential lookup'' should show the complete picture.<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
In {{ic|mail}} the implicit {{ic|account}} ''null'' exists.<br />
This may be interesting for testing purposes, to ensure that no variable settings established in an account exist once the account has been left.<br />
<br />
# mail -X'account XooglX;varshow mta;\acc null;echo $mta;xit' <br />
set mta=smtps://smtp.gmail.com:465<br />
/usr/sbin/sendmail<br />
<br />
Option localization (as via the {{ic|localopts}} command) is implicitly enabled in all {{ic|account}}s.<br />
<br />
=== ===<br />
<br />
It is very common or even necessary to inject some text in newly generated messages, for example signatures or a fortune cookies.<br />
With {{ic|mail}} this can be realized in a(n increasing) number of ways.<br />
For example, if there is only some text to inject at the head or bottom of a message, setting some variables seems to be the easiest solution.<br />
<br />
wysh set message-inject-head=$'And love.\nLove will tear us apart.\n'<br />
set message-inject-tail='--Bye.'<br />
<br />
Again, the {{ic|wysh} command modifier will no longer be necessary in v15.<br />
<br />
Entire files are best included by using {{ic|on-compose-splice}} hooks (later versions will add more options).<br />
These hooks can do anything a user could do interactively.<br />
The shell hook is done quickly:<br />
<br />
set on-compose-splice-shell="read splice_protocol_version; cat ~/.mysig"<br />
<br />
Even better is possibly using normal compose mode commands to accomplish the same.<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~< ~/.mysig\''<br />
<br />
or<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v; echo \'~<! fortune\''<br />
<br />
or the maybe strange<br />
<br />
wysh set on-compose-splice-shell=$'read s_p_v;\<br />
i=`cat ~/.mysig`;\<br />
echo \'~:set message-inject-tail=\'\"${i}\"\<br />
'<br />
<br />
All this does not really need the shell.<br />
(Or at least most as of the time of this writing.)<br />
<br />
define h_ocs {<br />
read s_p_v;echo '~<! cat ~/.mysig'<br />
}<br />
set on-compose-splice=h_ocs<br />
<br />
=== ===<br />
<br />
There are exactly two options to automatically create custom headers.<br />
One is the variable {{ic|customhdr}}.<br />
<br />
set customhdr='OpenPGP: id=MYID; url=https://MYURL'<br />
<br />
Multiple headers can be separated with commas, commas in header bodies need to be escaped by a reverse solidus:<br />
<br />
set customhdr='Head-1: A\, B and C , Head-2: D\,e and F'<br />
<br />
The other option is again a {{ic|on-compose-splice}} hook.<br />
In conjunction with the command escape {{ic|~^}} that has been especially designed for automated use cases via the splice hooks, message headers and attachments can be controlled completely.<br />
This includes creation of custom headers.<br />
For example, here is a complicated version which uses the reverse solidus command modifier to avoid {{ic|commandalias}} expansion (what you see is what you get) and creates a OpenPGP header unless the message already contains one (it has been explicitly added before).<br />
With error checking.<br />
<br />
\set on-compose-splice=h_ocs<br />
\define h_ocs {<br />
\read splice_protocol_version<br />
# Read current list of header<br />
\echo '~^header list'<br />
\read hl<br />
# Create a one-byte substring of $hl, and store it in variable "es"<br />
\vput vexpr es substr "$hl" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'ocs: cannot list headers'; \echo '~x'; \xit<br />
\end<br />
# Is there already an OpenPGP header? Case-insensitively!<br />
\if [ "${hl}" @i!% ' openpgp' ]<br />
\echo '~^header insert OpenPGP id=MYID; url=https://MYURL'<br />
\read es<br />
\vput vexpr es substr "$es" 0 1<br />
\if [ "$es" != 2 ]<br />
\echoerr 'Cannot insert OpenPGP: header'<br />
\echo '~x'<br />
# (no xit, macro finishs anyway)<br />
\end<br />
\end<br />
}<br />
<br />
=== ===<br />
<br />
Interactive usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
There are two bits of need to configure it before this is a bit of fun. <br />
First of all it has to start up even if the initially opened mailbox is empty.<br />
<br />
set emptystart<br />
<br />
Looking at messages in the {{ic|PAGER}}, so that they do not scroll by.<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
Again, the {{ic|wysh} command modifier will no longer be necessary in v15.<br />
More entries for the history, that shall persist in between sessions.<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
These are standardized commands, {{ic|headerpick}} is a generalization worth looking at.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
While here, configure which headers shall be contained when {{ic|forward}}ing messages,<br />
<br />
headerpick forward retain subject date from to cc<br />
<br />
and which shall be ignored when saving messages.<br />
<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
It could display HTML parts inline, nicer than what the builtin viewer can achieve, that is to say.<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
Context-dependent key bindings can be established.<br />
<br />
\bind base a,b,c echo key bindings in mail!<br />
<br />
Successively typing the three characters a, b and c will now echo something.<br />
<br />
\bind base $'\e',d mle-snarf-word-fwd<br />
\bind base $'\e',$'\c?' mle-snarf-word-bwd<br />
\bind base $'\e',f mle-go-word-fwd<br />
\bind base $'\e',b mle-go-word-bwd<br />
<br />
Colours can be used, for example for the {{ic|prompt}}.<br />
<br />
\colour 256 mle-prompt fg=red<br />
\colour iso mle-prompt fg=red<br />
\colour mono mle-prompt ft=bold<br />
<br />
=== ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section ''Specifying messages''.<br />
E.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}), and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux'}} will print the header summary of all messages that contain the string ''arch linux'' in some message header, whereas {{ic|f '@arch linux'}} will only match those with ''arch linux'' in their subject.<br />
Quoting is necessary when there is whitespace in search expressions.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
=== ===<br />
<br />
Composition is started by typing {{ic|mail user@host}} or by {{ic|reply}}ing to a message.<br />
If {{ic|editalong}} is set you then enter the {{ic|EDITOR}} of choice.<br />
Otherwise, or after you have left the {{ic|EDITOR}}, you will find yourself in the native editor, where many operations can be performed using command escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (shell-token and optionally comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
<br />
Assuming there is the private S/MIME key and signed certificate available already, using S/MIME is very simple.<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
# chmod 0400 ~/pair.pem<br />
<br />
The following goes to {{ic|$HOME/.mailrc}}.<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
Note S/MIME always works relative to the setting of the variable {{ic|from}}.<br />
For signing and decryption purposes it is possible to use password-protected keys, and the pseudo-host(s) ''USER@HOST.smime-cert-key'' for the private key (and ''USER@HOST.smime-cert-cert'' for the certificate stored in the same file) will be used for performing any necessary password lookup, therefore the lookup can be automatized via the mechanisms described in ''On URL syntax and credential lookup''.<br />
<br />
The {{ic|verify}} command verifies S/MIME messages, but S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
<br />
The manual contains a more complete overview in ''Signed and encrypted messages with S/MIME'' as well as a more telling step-by-step example in ''S/MIME step by step''.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail does not yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=484985S-nail2017-08-11T20:09:05Z<p>Sdaoden: OH. MY. GOD. Better so.</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}}(x) is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
S-nail is MIME capable and offers extensions for line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers, so no local MTA is required.<br />
<br />
Version 14.9.0 released in July 2017 brought a lot of changes and improvements, reading the [https://www.sdaoden.eu/code-nail-ann.html announcement] may be helpful. (Usage obsoletion warnings can be enabled with the {{ic|-v}} command line option.)<br />
In short: the syntax of the software slowly drifts towards being [[sh]]ell compatible, the {{ic|define}}d macros can take arguments, can return values etc.<br />
Compose-mode hooks have been introduced, so custom headers can now be created easily.<br />
<br />
== Quickstart ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, "On sending mail, and non-interactive mode"):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status of the started (builtin or not) MTA will be used as the message delivery "success" or "failure" status.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables, as in<br />
<br />
# TOYOU="-Sexpandaddr /etc/password"; echo 'Dance Track' | mail -d -s Ubject $TOYOU<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" (and not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the {ic|-d}}ebug dry-run, of course, provided that you have a ''somefile.pdf'' somewhere.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we can take a look at the generated message thereafter:<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mail -Rf /tmp/out.mbox<br />
<br />
The manual sections "A starter", "On sending mail, and non-interactive mode" and "On reading mail, and interactive mode" should be worth a glance when looking for more ''quick shots''.<br />
<br />
== Up, Up And Away ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
''All the remaining examples in this article are based upon the configuration template we generate in this section.''<br />
<br />
=== Just Friends ===<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# When sending messages, report MTA exit status<br />
set sendwait<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
<br />
# More paths. A leading "+" (often) means: under $folder<br />
# $record is used to save copies of sent messages, $DEAD is error storage<br />
# $inbox: system mailbox, by default /var/mail/$USER<br />
# $MBOX: secondary mailbox<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Do not change umask(1) settings, use that found on startup<br />
set umask=<br />
<br />
# Optional, but "the big picture first" better is<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
# Essential: allowed character sets for sending<br />
# (See manual section "Character sets")<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When replying, do not merge From: and To: of the original message<br />
# into To:. Instead old From: -> new To:, old To: -> merge Cc:.<br />
set recipients-in-cc<br />
<br />
# When composing a message, start directly into $EDITOR<br />
set editalong<br />
<br />
# Keep the given headers when forwarding messages,<br />
headerpick forward retain subject date from to cc<br />
# ..and ignore others when saving messages<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
Adding some mailing-list specifics:<br />
<br />
mlist one@lists.example two@lists.example<br />
mlsubscribe three@lists.example<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
Now sending to any of the configured lists will add the appropriate {{ic|Mail-Followup-To:}} header, and replying (see below) will act sensitively, too.<br />
Compressed (single-file) MBOX mailboxes can be used.<br />
<br />
filetype xz 'xz -dc' 'xz -zc' xz.pgp 'gpg -d | xz -dc' 'xz -zc | gpg -e' <br />
<br />
set record=+sent.mbox.xz<br />
<br />
It is possible to avoid loading and using of mime.types(5) files; is this a sufficient list:<br />
<br />
# LC_ALL=C mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
=== Me And Mrs Jones ===<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so configure T(ransport) L(ayer) S(ecurity).<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, do not even try to load OpenSSL built-in ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
# Request strict security checks<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, '''URL'''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more exact specifications of, e.g., the {{ic|password}} variable:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='raindrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to define exact specifications, ''variable chains'' are one of them and often the easiest solution.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{Tip|Do not forget that {ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers ‘STLS’,<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
If a server fails this, only this server should be changed:<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a “Lion” which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program ciphers(1) can be used and should be referred to<br />
when creating a custom cipher list.<br />
<br />
=== Double Trouble ===<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
It can be as easy as<br />
<br />
set mta=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
But most often {{ic|smtp-auth}} needs to be set in addition.<br />
It may also be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} use different hostnames, below is an example.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated via {{ic|mailx -A name}} from the command line, or via {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider.<br />
<br />
account XooglX {<br />
set mta=smtps://'''USER:PASS'''@smtp.gmail.com:465<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large one which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned before:<br />
<br />
account XandeX {<br />
set mta=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
When storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
But alternatives of specifying account credentials in the URL exist.<br />
For example, if the {{ic|netrc-lookup}} variable is set credentials can be specified in {{ic|$HOME/.netrc}} (or {{ic|NETRC}}) instead.<br />
<br />
account XandeX {<br />
set from="Your Name <youremail@domain>"<br />
wysh set netrc-lookup # netrc-pipe='gpg -qd ~/.netrc.gpg'<br />
set mta=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
commandalias gopop 'file pop3s://pop.yXXXXx.ru'<br />
set imap-keepalive=240<br />
commandalias goimap 'file imaps://imap.yXXXXx.ru'<br />
}<br />
<br />
And then place '''USER''' and '''PASS''' in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
Lets further diversify things and use encrypted password storage.<br />
For this, encrypt the {{ic|~/.netrc}} file with OpenPGP and uncomment the {{ic|netrc-pipe}} statement above.<br />
The encrypted storage {{ic|~/.netrc.gpg}} can be created like this:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Then test the configuration:<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
=== I Can't Go For That (No Can Do) ===<br />
<br />
Interactively usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
But first of all it has to start up even if the initially opened mailbox is empty:<br />
<br />
set emptystart<br />
<br />
We always want to see messages in the {{ic|PAGER}}:<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
See the manual section ''Command modifiers'' for that {{ic|wysh}} thing.<br />
We can have a more gabby, and persistent, history:<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
These are standardized commands, {{ic|headerpick}} is a generalization worth looking at.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
Here is how to display HTML parts inline, nicer than what the builtin viewer can achieve:<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
=== Using it ===<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}) and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux}} will print the header summary of all messages that contain the string "arch linux" in some message header, whereas {{ic|f '@arch linux}} will only match those with "arch linux" in their subject;<br />
finally, the regular expression {{ic|f @^A[^[:space:]]+}} finds...<br />
That is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
Composition is started by typing {{ic|mail user@host}} or by replying to a message.<br />
When you return from {{ic|$EDITOR}} (assuming {{ic|editalong}} is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME" as well as "S/MIME step by step").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an {{Ic|account}}.<br />
The {{Ic|verify}} command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=484984S-nail2017-08-11T20:05:24Z<p>Sdaoden: Fix wiki (grrrr)</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}}(x) is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
S-nail is MIME capable and offers extensions for line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers, so no local MTA is required.<br />
<br />
Version 14.9.0 released in July 2017 brought a lot of changes and improvements, reading the [https://www.sdaoden.eu/code-nail-ann.html announcement] may be helpful. (Usage obsoletion warnings can be enabled with the {{ic|-v}} command line option.)<br />
In short: the syntax of the software slowly drifts towards being [[sh]]ell compatible, the {{ic|define}}d macros can take arguments, can return values etc.<br />
Compose-mode hooks have been introduced, so custom headers can now be created easily.<br />
<br />
== Quickstart ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, "On sending mail, and non-interactive mode"):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status of the started (builtin or not) MTA will be used as the message delivery "success" or "failure" status.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables, as in<br />
<br />
# echo 'Dance Track' | mail -s Ubject $TOYOU<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" (and not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the {ic|-d}}ebug dry-run, of course, provided that you have a ''somefile.pdf'' somewhere.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we can take a look at the generated message thereafter:<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mail -Rf /tmp/out.mbox<br />
<br />
The manual sections "A starter", "On sending mail, and non-interactive mode" and "On reading mail, and interactive mode" should be worth a glance when looking for more ''quick shots''.<br />
<br />
== Up, Up And Away ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
''All the remaining examples in this article are based upon the configuration template we generate in this section.''<br />
<br />
=== Just Friends ===<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# When sending messages, report MTA exit status<br />
set sendwait<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
<br />
# More paths. A leading "+" (often) means: under $folder<br />
# $record is used to save copies of sent messages, $DEAD is error storage<br />
# $inbox: system mailbox, by default /var/mail/$USER<br />
# $MBOX: secondary mailbox<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Do not change umask(1) settings, use that found on startup<br />
set umask=<br />
<br />
# Optional, but "the big picture first" better is<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
# Essential: allowed character sets for sending<br />
# (See manual section "Character sets")<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When replying, do not merge From: and To: of the original message<br />
# into To:. Instead old From: -> new To:, old To: -> merge Cc:.<br />
set recipients-in-cc<br />
<br />
# When composing a message, start directly into $EDITOR<br />
set editalong<br />
<br />
# Keep the given headers when forwarding messages,<br />
headerpick forward retain subject date from to cc<br />
# ..and ignore others when saving messages<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
Adding some mailing-list specifics:<br />
<br />
mlist one@lists.example two@lists.example<br />
mlsubscribe three@lists.example<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
Now sending to any of the configured lists will add the appropriate {{ic|Mail-Followup-To:}} header, and replying (see below) will act sensitively, too.<br />
Compressed (single-file) MBOX mailboxes can be used.<br />
<br />
filetype xz 'xz -dc' 'xz -zc' xz.pgp 'gpg -d | xz -dc' 'xz -zc | gpg -e' <br />
<br />
set record=+sent.mbox.xz<br />
<br />
It is possible to avoid loading and using of mime.types(5) files; is this a sufficient list:<br />
<br />
# LC_ALL=C mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
=== Me And Mrs Jones ===<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so configure T(ransport) L(ayer) S(ecurity).<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, do not even try to load OpenSSL built-in ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
# Request strict security checks<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, '''URL'''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more exact specifications of, e.g., the {{ic|password}} variable:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='raindrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to define exact specifications, ''variable chains'' are one of them and often the easiest solution.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{Tip|Do not forget that {ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers ‘STLS’,<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
If a server fails this, only this server should be changed:<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a “Lion” which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program ciphers(1) can be used and should be referred to<br />
when creating a custom cipher list.<br />
<br />
=== Double Trouble ===<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
It can be as easy as<br />
<br />
set mta=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
But most often {{ic|smtp-auth}} needs to be set in addition.<br />
It may also be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} use different hostnames, below is an example.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated via {{ic|mailx -A name}} from the command line, or via {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider.<br />
<br />
account XooglX {<br />
set mta=smtps://'''USER:PASS'''@smtp.gmail.com:465<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large one which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned before:<br />
<br />
account XandeX {<br />
set mta=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
When storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
But alternatives of specifying account credentials in the URL exist.<br />
For example, if the {{ic|netrc-lookup}} variable is set credentials can be specified in {{ic|$HOME/.netrc}} (or {{ic|NETRC}}) instead.<br />
<br />
account XandeX {<br />
set from="Your Name <youremail@domain>"<br />
wysh set netrc-lookup # netrc-pipe='gpg -qd ~/.netrc.gpg'<br />
set mta=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
commandalias gopop 'file pop3s://pop.yXXXXx.ru'<br />
set imap-keepalive=240<br />
commandalias goimap 'file imaps://imap.yXXXXx.ru'<br />
}<br />
<br />
And then place '''USER''' and '''PASS''' in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
Lets further diversify things and use encrypted password storage.<br />
For this, encrypt the {{ic|~/.netrc}} file with OpenPGP and uncomment the {{ic|netrc-pipe}} statement above.<br />
The encrypted storage {{ic|~/.netrc.gpg}} can be created like this:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Then test the configuration:<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
=== I Can't Go For That (No Can Do) ===<br />
<br />
Interactively usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
But first of all it has to start up even if the initially opened mailbox is empty:<br />
<br />
set emptystart<br />
<br />
We always want to see messages in the {{ic|PAGER}}:<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
See the manual section ''Command modifiers'' for that {{ic|wysh}} thing.<br />
We can have a more gabby, and persistent, history:<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
These are standardized commands, {{ic|headerpick}} is a generalization worth looking at.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
Here is how to display HTML parts inline, nicer than what the builtin viewer can achieve:<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
=== Using it ===<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}) and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux}} will print the header summary of all messages that contain the string "arch linux" in some message header, whereas {{ic|f '@arch linux}} will only match those with "arch linux" in their subject;<br />
finally, the regular expression {{ic|f @^A[^[:space:]]+}} finds...<br />
That is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
Composition is started by typing {{ic|mail user@host}} or by replying to a message.<br />
When you return from {{ic|$EDITOR}} (assuming {{ic|editalong}} is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME" as well as "S/MIME step by step").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an {{Ic|account}}.<br />
The {{Ic|verify}} command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=484983S-nail2017-08-11T19:43:54Z<p>Sdaoden: Second step v14.9.x. And many thanks to Carpetsmoker of Goodwood!</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses S-nail as its POSIX {{ic|mailx}} (the standardized variant of the Unix {{ic|mail}} program) incarnation: {{ic|mail}}(x) is the ''user side'' of the Unix mail system, the ''system side'' -- the '''M'''ail-'''T'''ransfer-'''A'''gent -- traditionally being [[sendmail]].<br />
S-nail is MIME capable and offers extensions for line editing, S/MIME, SMTP, POP3, and more.<br />
It can also send directly to external SMTP servers, so no local MTA is required.<br />
<br />
Version 14.9.0 released in July 2017 brought a lot of changes and improvements, reading the [https://www.sdaoden.eu/code-nail-ann.html announcement] may be helpful. (Usage obsoletion warnings can be enabled with the {{ic|-v}} command line option.)<br />
In short: the syntax of the software slowly drifts towards being [[sh]]ell compatible, the {{ic|define}}d macros can take arguments, can return values etc.<br />
Compose-mode hooks have been introduced, so custom headers can now be created easily.<br />
<br />
== Quickstart ==<br />
<br />
The system-wide configuration file ({{ic|/etc/mail.rc}}) brings in some useful defaults, therefore sending mail through a locally installed MTA, such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mail -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a sandbox dry-run.<br />
A short summary of the most useful command line flags can be reached via {{ic|-h}}:<br />
<br />
# mail -h<br />
<br />
The actually used MTA, like many other behavioral aspects of {{ic|mail}}, can be adjusted by setting a variable: {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}; also see the manual, "On sending mail, and non-interactive mode"):<br />
<br />
# < /etc/passwd LC_ALL=C mail -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
Message delivery is asynchronous, and {{ic|mail}} will exit as soon as the prepared message has been passed over to the MTA, only stating whether message preparation was successful (or not).<br />
If the variable {{ic|sendwait}} is set, however, the exit status of the started (builtin or not) MTA will be used as the message delivery "success" or "failure" status.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode, therefore preventing possible option injection attacks if, e.g., receiver addresses are passed in via shell variables (as in {{ic|# echo 'Dance Track' | mail -s Ubject $TOYOU}}).<br />
<br />
Scripts can (and should) detach from environmental shell settings and configuration files in order to create their own and therefore reproducible runtime environment.<br />
Usage of any configuration file can be suppressed with the {{ic|-:/}} command line option;<br />
And the locale should be forced to the very basic standardized default, {{ic|1=LC_ALL=C}}, though a completely cleaned {{ic|env(1)}}ironment may also be an option.<br />
Into this runtime variables and settings can be placed reproducibly by using the {{ic|-S}} and {{ic|-X}} command line options, as shown above.<br />
(For best results it should be ensured that the variable {{ic|ttycharset}} names the character set that the input data is expected to be in, then.)<br />
<br />
Sending messages to file and command "addressees" (and not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mail -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mail -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mail -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can also be given a value, for example to enforce strict address verification, e.g., the following example ''only'' allows network addressees.<br />
It can be used as is, except for the {ic|-d}}ebug dry-run, of course, provided that you have a ''somefile.pdf'' somewhere.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we can take a look at the generated message thereafter:<br />
<br />
# echo Body |<br />
# LC_ALL=C mail -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf \<br />
# -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mail -Rf /tmp/out.mbox<br />
<br />
The manual sections "A starter", "On sending mail, and non-interactive mode" and "On reading mail, and interactive mode" should be worth a glance when looking for more ''quick shots''.<br />
<br />
== Up, Up And Away ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism and therefore volatile and not the right place for modifications.<br />
''All the remaining examples in this article are based upon the configuration template we generate in this section.''<br />
<br />
=== Just Friends ===<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# When sending messages, report MTA exit status<br />
set sendwait<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
<br />
# More paths. A leading "+" (often) means: under $folder<br />
# $record is used to save copies of sent messages, $DEAD is error storage<br />
# $inbox: system mailbox, by default /var/mail/$USER<br />
# $MBOX: secondary mailbox<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Do not change umask(1) settings, use that found on startup<br />
set umask=<br />
<br />
# Optional, but "the big picture first" better is<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
# Essential: allowed character sets for sending<br />
# (See manual section "Character sets")<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When replying, do not merge From: and To: of the original message<br />
# into To:. Instead old From: -> new To:, old To: -> merge Cc:.<br />
set recipients-in-cc<br />
<br />
# When composing a message, start directly into $EDITOR<br />
set editalong<br />
<br />
# Keep the given headers when forwarding messages,<br />
headerpick forward retain subject date from to cc<br />
# ..and ignore others when saving messages<br />
headerpick save ignore ^Original-.*$ ^X-.*$<br />
<br />
Adding some mailing-list specifics:<br />
<br />
mlist one@lists.example two@lists.example<br />
mlsubscribe three@lists.example<br />
<br />
set followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
set followup-to<br />
<br />
Now sending to any of the configured lists will add the appropriate {{ic|Mail-Followup-To:}} header, and replying (see below) will act sensitively, too.<br />
Compressed (single-file) MBOX mailboxes can be used.<br />
<br />
filetype xz 'xz -dc' 'xz -zc' xz.pgp 'gpg -d | xz -dc' 'xz -zc | gpg -e' <br />
<br />
set record=+sent.mbox.xz<br />
<br />
It is possible to avoid loading and using of mime.types(5) files; is this a sufficient list:<br />
<br />
# LC_ALL=C mail -:/ -Smimetypes-load-control -Xmimetype -Xx | less<br />
<br />
=== Me And Mrs Jones ===<br />
<br />
Creating network connections for SMTP, POP3 or IMAP is possible and should possibly use verified and encrypted communication channels.<br />
It is better to be explicit, so configure T(ransport) L(ayer) S(ecurity).<br />
<br />
SSL (Secure Sockets Layer) a.k.a. its successor TLS (Transport Layer<br />
Security) are protocols which aid in securing communication by providing<br />
a safely initiated and encrypted network connection. A central concept<br />
to SSL/TLS is that of certificates: as part of each network connection<br />
setup a (set of) certificates will be exchanged, and by using those the<br />
identity of the network peer can be cryptographically verified. SSL/TLS<br />
works by using a locally installed pool of trusted certificates, and verifying<br />
the connection peer succeeds if that provides a certificate which<br />
has been issued or is trusted by any certificate in the trusted local<br />
pool.<br />
<br />
The local pool of trusted so-called CA (Certification Authority) certificates is<br />
usually delivered with the used SSL/TLS library (e.g., OpenSSL),<br />
and will be selected automatically. It is also possible to create and<br />
use an own pool of trusted certificates. If this is desired, set<br />
{{ic|ssl-ca-no-defaults}} to avoid using the default certificate pool, and<br />
point {{ic|ssl-ca-file}} and/or {{ic|ssl-ca-dir}} to a trusted pool of<br />
certificates. A certificate cannot be more secure than the method its CA<br />
certificate has been retrieved with.<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, do not even try to load OpenSSL built-in ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
# Request strict security checks<br />
set ssl-verify=strict<br />
<br />
Before we continue here the existence of "variable chains" has to be revealed.<br />
For many {{ic|mail}} variables which relate to network connections (or, say, '''URL'''s), there is not only the ''plain'' {{ic|var}}, but also {{ic|var-HOST}} and {{ic|var-USER@HOST}} variants thereof.<br />
This allows more exact specifications of, e.g., the {{ic|password}} variable:<br />
<br />
set password='fallback password'<br />
set password-bakery.exam.ple='bred and butter'<br />
set password-spa.exam.ple='raindrops keep falling'<br />
set password-postmaster@spa.exam.ple='service now closed'<br />
<br />
{{ic|mail}} offers multiple ways to define exact specifications, ''variable chains'' are one of them and often the easiest solution.<br />
<br />
{{Tip|Note: in cases when ''USER'' (and ''PASS'') are specified as part of an URL they must be URL-percent-encoded: {{ic|mail}} offers the {{ic|urlcodec}} command which does this for you:}}<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mail -#<br />
<br />
{Tip|Do not forget that {ic|printf(1)}} as well as {{ic|mail}} are subject to locale settings:}}<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mail -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mail -#<br />
SPA%DF<br />
<br />
It depends on the used protocol whether encrypted communication is possible,<br />
and which configuration steps have to be taken to enable it. Some<br />
protocols, e.g., POP3S, are implicitly encrypted, others, like POP3, can<br />
upgrade a plain text connection if so requested: POP3 offers ‘STLS’,<br />
which will be used if the variable {{ic|pop3-use-starttls}} (a variable chain) is set:<br />
<br />
shortcut encpop1 pop3s://pop1.exam.ple<br />
<br />
shortcut encpop2 pop3://pop2.exam.ple<br />
set pop3-use-starttls-pop2.exam.ple<br />
<br />
set mta=smtps://smtp.exam.ple:465<br />
set mta=smtp://smtp.exam.ple smtp-use-starttls<br />
<br />
Normally that is all there is to do, however plenty of knobs exist to<br />
adjust settings shall the necessity or desire arise. E.g., it is possible<br />
to fine-tune certificate verification via {{ic|ssl-ca-flags}}. Also<br />
interesting may be the possibility to configure the allowed<br />
{{ic|ssl-protocol}}s that a communication channel may use: whereas in the<br />
past hints of how to restrict the set of protocols to highly secure ones<br />
were indicated, as of the time of this writing the allowed protocols, or<br />
at least the allowed {{ic|ssl-cipher-list}}, may need to become relaxed in<br />
order to be able to connect to some servers.<br />
Do not support protocols other than TLS v1.2, the newest standard:<br />
<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
If a server fails this, only this server should be changed:<br />
<br />
set ssl-protocol-bakery.exam.ple=-ALL,+TLSv1.2,+TLSv1.1<br />
<br />
E.g., the following example settings allows connection of a “Lion” which uses OpenSSL 0.9.8za from June 2014:<br />
<br />
set ssl-protocol-LION=ALL,-SSLv3,-TLSv1<br />
set ssl-cipher-list-LION=TLSv1.2:!aNULL:!eNULL:\<br />
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:\<br />
DHE-RSA-AES256-SHA:@STRENGTH<br />
<br />
The OpenSSL program ciphers(1) can be used and should be referred to<br />
when creating a custom cipher list.<br />
<br />
=== Double Trouble ===<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
It can be as easy as<br />
<br />
set mta=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
But most often {{ic|smtp-auth}} needs to be set in addition.<br />
It may also be necessary to set the {{ic|hostname}} and/or {{ic|smtp-hostname}} variables if {{ic|mta}} and {{ic|from}} use different hostnames, below is an example.<br />
<br />
It is convenient to create {{ic|account}}s which bundle settings for some, well, account.<br />
An account can be activated via {{ic|mailx -A name}} from the command line, or via {{ic|account name}} from within {{ic|mail}}.<br />
Here is a real life example of a very huge free mail provider.<br />
<br />
account XooglX {<br />
set mta=smtps://'''USER:PASS'''@smtp.gmail.com:465<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
And here is a pretty large one which does not allow sending mails if there is a domain name mismatch ''on the SMTP protocol level'' and therefore needs the adjustments mentioned before:<br />
<br />
account XandeX {<br />
set mta=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
When storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
But alternatives of specifying account credentials in the URL exist.<br />
For example, if the {{ic|netrc-lookup}} variable is set credentials can be specified in {{ic|$HOME/.netrc}} (or {{ic|NETRC}}) instead.<br />
<br />
account XandeX {<br />
set from="Your Name <youremail@domain>"<br />
wysh set netrc-lookup # netrc-pipe='gpg -qd ~/.netrc.gpg'<br />
set mta=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
commandalias gopop 'file pop3s://pop.yXXXXx.ru'<br />
set imap-keepalive=240<br />
commandalias goimap 'file imaps://imap.yXXXXx.ru'<br />
}<br />
<br />
And then place '''USER''' and '''PASS''' in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
Lets further diversify things and use encrypted password storage.<br />
For this, encrypt the {{ic|~/.netrc}} file with OpenPGP and uncomment the {{ic|netrc-pipe}} statement above.<br />
The encrypted storage {{ic|~/.netrc.gpg}} can be created like this:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Then test the configuration:<br />
<br />
# echo test-body | mail -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
=== I Can't Go For That (No Can Do) ===<br />
<br />
Interactively usage of {{ic|mail}} is possible, and increasingly so.<br />
It has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
But first of all it has to start up even if the initially opened mailbox is empty:<br />
<br />
set emptystart<br />
<br />
We always want to see messages in the {{ic|PAGER}}:<br />
<br />
set crt=0<br />
<br />
Having a prompt that shows the error status may be nice, too:<br />
<br />
wysh set prompt='?\${?}!\${!}/\${^ERRNAME}[\${account}#\${mailbox-display}]? '<br />
<br />
See the manual section ''Command modifiers'' for that {{ic|wysh}} thing.<br />
We can have a more gabby, and persistent, history:<br />
<br />
set history-gabby history-file=~/.mailhist<br />
<br />
Command aliases make living easier, sometimes.<br />
<br />
commandalias ls !ls -latro<br />
<br />
As do shortcuts, which will be looked up whenever a filename is expected.<br />
<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
When {{ic|p}}rinting messages, show only some headers, not all.<br />
Most often it is easier to {{ic|retain}} the desired instead of to {{ic|ignore}} the unwanted.<br />
These are standardized commands, {{ic|headerpick}} is a generalization worth looking at.<br />
{{ic|P}}rint will ignore {{ic|retain}} and {{ic|ignore}} lists, and {{ic|S}}how will display raw message content.<br />
<br />
retain date from to cc subject<br />
<br />
{{ic|mail}} can try to improve MIME experience by generating a counter-evidence of what messages contain.<br />
<br />
set mime-counter-evidence=0xE<br />
<br />
Here is how to display HTML parts inline, nicer than what the builtin viewer can achieve:<br />
<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
<br />
The command {{ic|list}} prints all available commands.<br />
Typing {{ic|? X}}' tries to expand {{ic|X}} and print a help string; since {{ic|mail}} allows abbreviations of all commands this is sometimes handy, e.g.: {{ic|? h}}, {{ic|? he}}} and {{ic|? hel}}.<br />
The command {{ic|help}} will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
Doing so can be encapsulated in a macro, e.g., here is something handy:<br />
<br />
define __xv {<br />
# Before v15: need to enable sh(1)ell-style on _entire_ line!<br />
localopts yes; wysh set verbose; ignerr eval "${@}"; return ${?}<br />
}<br />
commandalias xv '\call __xv'<br />
<br />
To be used like, e.g.,:<br />
<br />
xv help set<br />
<br />
=== Using it ===<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the {{ic|headers}} command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the {{ic|print}} command, or short: {{ic|p}}<br />
Whereas {{ic|p}} honours {{ic|retain}}ed (or {{ic|ignore}}d) list of headers to be displayed, the {{ic|P}}rint command will not and display all headers;<br />
the {{ic|Sh}}ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., {{ic|p:u}} will display all unread messages, {{ic|p.}} will print the dot, {{ic|p 1 5}} will print the messages 1 and 5 and {{ic|p-}} and {{ic|p+}} will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like {{ic|next}} ({{ic|n}}) and thus prints the next message.<br />
<br />
The command {{ic|from}} is nice for an overview, e.g., {{ic|f '@<@arch linux}} will print the header summary of all messages that contain the string "arch linux" in some message header, whereas {{ic|f '@arch linux}} will only match those with "arch linux" in their subject;<br />
finally, the regular expression {{ic|f @^A[^[:space:]]+}} finds...<br />
That is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* {{ic|file}} and {{ic|File}} open a new mailbox, the latter in readonly mode<br />
* {{ic|newmail}} (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* {{ic|he}} (headers) reprints the message list<br />
* {{ic|z-}} {{ic|z+}} {{ic|z0}} {{ic|z$}} scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* {{ic|folders}} shows a listing of mailboxes under the currently set {{ic|folder}}<br />
* {{ic|r}} replies to all addressees of the given message(s)<br />
* {{ic|R}} replies to the sender of the given message(s)<br />
* {{ic|Lreply}} "mailing-list" reply to the given message(s)<br />
* {{ic|move}} or {{ic|mv}} moves (a) message(s)<br />
* {{ic|un)flag}} marks (a) message(s) as (un)flagged<br />
* {{ic|new}} marks (a) message(s) unread<br />
* {{ic|seen}} marks (a) message(s) read<br />
* {{ic|P}} prints (a) message(s) with all headers<br />
* {{ic|p}} prints (a) message(s) and all non-ignored headers.<br />
* {{ic|show}} prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
Composition is started by typing {{ic|mail user@host}} or by replying to a message.<br />
When you return from {{ic|$EDITOR}} (assuming {{ic|editalong}} is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via {{ic|~?}}).<br />
Of particular interest is {{ic|~@}}, which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s), as well as {{ic|~^}}, which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME" as well as "S/MIME step by step").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an {{Ic|account}}.<br />
The {{Ic|verify}} command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline {{ic|--clearsign}}ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing {{ic|V}}:<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap<br />
<br />
== See also ==<br />
* [https://www.sdaoden.eu/code.html S-nail website]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=482523S-nail2017-07-21T14:19:14Z<p>Sdaoden: /* Interactive usage */ WS fixes</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses the BSD Mail descendant S-nail as its POSIX mailx incarnation.<br />
Mailx is the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
S-nail is MIME capable and has extensions for line editing, S/MIME, SMTP and POP3, among others.<br />
In Arch Linux it supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
Note, however, that it does not have a mail-queue mechanism, but simply tries to send the message over SMTP once and directly.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already.<br />
v14.9.0 brought a lot of changes and improvements, reading the [https://www.sdaoden.eu/code-nail-ann.html announcement] may be helpful.<br />
<br />
Because the systemwide configuration file ({{ic|/etc/mail.rc}}) brings in some useful standards, sending mail over an installed local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a sandbox dry-run.<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}.<br />
See the manual, "On sending mail, and non-interactive mode"):<br />
<br />
# < /etc/passwd LC_ALL=C mailx -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and mailx will exit as soon as the prepared message has been passed over to the delivery mechanism, stating only whether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, the exit status of the started (builtin or not) MTA will be used as the message delivery "success" or "failure" status.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode.<br />
<br />
As shown in the previous example scripts can (and should) detach from environmental settings and configuration files via {{ic|LC_ALL=C}} and {{ic|-:/}}, and use explicit {{ic|-S}} and {{ic|-X}} command line flags to create their own reproducible setup.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mailx -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification.<br />
For example, the following ''only'' allows network addressees.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C mailx -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The manual sections "A starter", "On sending mail, and non-interactive mode" and "On reading mail, and interactive mode" should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded: mailx offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
SPA%DF<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism, thus volatile and not the right place for modifications.<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list=TLSv1.2:!aNULL:!eNULL:@STRENGTH<br />
#set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "Character sets" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# `mimetype' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, $DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# $MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set mta=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set mta='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set mta=smtp://'''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set mta=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
wysh set netrc-lookup # netrc-pipe='gpg -qd ~/.netrc.gpg'<br />
set mta=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
commandalias xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
commandalias xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded.<br />
You can further diversify things and use encrypted password storage.<br />
To adjust the example accordingly, simply encrypt your {{ic|~/.netrc}} file with OpenPGP and uncomment the {{ic|netrc-pipe}} statement above.<br />
The encrypted storage {{ic|~/.netrc.gpg}} can be created like this:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
Mailx has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
Because it strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. mailx will exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, start directly into ''$EDITOR''<br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# A nicer prompt for a modern terminal<br />
wysh set prompt='?\${?}!\${!}[\${account}#\${mailbox-display}]? '<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby history-file=+.s-nailhist<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence=0xE<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
# Learn another mimetype<br />
mimetype model/vrml wrl vrml<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
commandalias ls !ls -latro<br />
commandalias ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
Typing `?X' tries to expand "X" and print a help string; since mailx allows abbreviations of all commands this is sometimes handy, try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds...<br />
That is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s), as well as """~^""", which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME" as well as "S/MIME step by step").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=482522S-nail2017-07-21T14:18:46Z<p>Sdaoden: /* Sending mail with an external SMTP server */ WS fixes</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses the BSD Mail descendant S-nail as its POSIX mailx incarnation.<br />
Mailx is the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
S-nail is MIME capable and has extensions for line editing, S/MIME, SMTP and POP3, among others.<br />
In Arch Linux it supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
Note, however, that it does not have a mail-queue mechanism, but simply tries to send the message over SMTP once and directly.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already.<br />
v14.9.0 brought a lot of changes and improvements, reading the [https://www.sdaoden.eu/code-nail-ann.html announcement] may be helpful.<br />
<br />
Because the systemwide configuration file ({{ic|/etc/mail.rc}}) brings in some useful standards, sending mail over an installed local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a sandbox dry-run.<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}.<br />
See the manual, "On sending mail, and non-interactive mode"):<br />
<br />
# < /etc/passwd LC_ALL=C mailx -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and mailx will exit as soon as the prepared message has been passed over to the delivery mechanism, stating only whether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, the exit status of the started (builtin or not) MTA will be used as the message delivery "success" or "failure" status.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode.<br />
<br />
As shown in the previous example scripts can (and should) detach from environmental settings and configuration files via {{ic|LC_ALL=C}} and {{ic|-:/}}, and use explicit {{ic|-S}} and {{ic|-X}} command line flags to create their own reproducible setup.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mailx -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification.<br />
For example, the following ''only'' allows network addressees.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C mailx -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The manual sections "A starter", "On sending mail, and non-interactive mode" and "On reading mail, and interactive mode" should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded: mailx offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
SPA%DF<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism, thus volatile and not the right place for modifications.<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list=TLSv1.2:!aNULL:!eNULL:@STRENGTH<br />
#set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "Character sets" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# `mimetype' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, $DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# $MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set mta=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set mta='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set mta=smtp://'''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set mta=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
wysh set netrc-lookup # netrc-pipe='gpg -qd ~/.netrc.gpg'<br />
set mta=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
commandalias xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
commandalias xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded.<br />
You can further diversify things and use encrypted password storage.<br />
To adjust the example accordingly, simply encrypt your {{ic|~/.netrc}} file with OpenPGP and uncomment the {{ic|netrc-pipe}} statement above.<br />
The encrypted storage {{ic|~/.netrc.gpg}} can be created like this:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
Mailx has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
Because it strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. mailx will exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, start directly into ''$EDITOR''<br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# A nicer prompt for a modern terminal<br />
wysh set prompt='?\${?}!\${!}[\${account}#\${mailbox-display}]? '<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby history-file=+.s-nailhist<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence=0xE<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
# Learn another mimetype<br />
mimetype model/vrml wrl vrml<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
commandalias ls !ls -latro<br />
commandalias ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
Typing `?X' tries to expand "X" and print a help string; since mailx allows abbreviations of all commands this is sometimes handy, try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds...<br />
That is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s), as well as """~^""", which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME" as well as "S/MIME step by step").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=482521S-nail2017-07-21T14:18:16Z<p>Sdaoden: /* First configuration adjustments */ WS fixes</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses the BSD Mail descendant S-nail as its POSIX mailx incarnation.<br />
Mailx is the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
S-nail is MIME capable and has extensions for line editing, S/MIME, SMTP and POP3, among others.<br />
In Arch Linux it supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
Note, however, that it does not have a mail-queue mechanism, but simply tries to send the message over SMTP once and directly.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already.<br />
v14.9.0 brought a lot of changes and improvements, reading the [https://www.sdaoden.eu/code-nail-ann.html announcement] may be helpful.<br />
<br />
Because the systemwide configuration file ({{ic|/etc/mail.rc}}) brings in some useful standards, sending mail over an installed local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a sandbox dry-run.<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}.<br />
See the manual, "On sending mail, and non-interactive mode"):<br />
<br />
# < /etc/passwd LC_ALL=C mailx -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and mailx will exit as soon as the prepared message has been passed over to the delivery mechanism, stating only whether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, the exit status of the started (builtin or not) MTA will be used as the message delivery "success" or "failure" status.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode.<br />
<br />
As shown in the previous example scripts can (and should) detach from environmental settings and configuration files via {{ic|LC_ALL=C}} and {{ic|-:/}}, and use explicit {{ic|-S}} and {{ic|-X}} command line flags to create their own reproducible setup.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mailx -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification.<br />
For example, the following ''only'' allows network addressees.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C mailx -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The manual sections "A starter", "On sending mail, and non-interactive mode" and "On reading mail, and interactive mode" should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded: mailx offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
SPA%DF<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism, thus volatile and not the right place for modifications.<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list=TLSv1.2:!aNULL:!eNULL:@STRENGTH<br />
#set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "Character sets" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# `mimetype' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, $DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# $MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set mta=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set mta='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set mta=smtp://'''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set mta=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
wysh set netrc-lookup # netrc-pipe='gpg -qd ~/.netrc.gpg'<br />
set mta=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
commandalias xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
commandalias xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded.<br />
You can further diversify things and use encrypted password storage.<br />
To adjust the example accordingly, simply encrypt your {{ic|~/.netrc}} file with OpenPGP and uncomment the {{ic|netrc-pipe}} statement above.<br />
The encrypted storage {{ic|~/.netrc.gpg}} can be created like this:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
Mailx has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
Because it strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. mailx will exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, start directly into ''$EDITOR''<br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# A nicer prompt for a modern terminal<br />
wysh set prompt='?\${?}!\${!}[\${account}#\${mailbox-display}]? '<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby history-file=+.s-nailhist<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence=0xE<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
# Learn another mimetype<br />
mimetype model/vrml wrl vrml<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
commandalias ls !ls -latro<br />
commandalias ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
Typing `?X' tries to expand "X" and print a help string; since mailx allows abbreviations of all commands this is sometimes handy, try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds...<br />
That is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s), as well as """~^""", which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME" as well as "S/MIME step by step").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=482519S-nail2017-07-21T14:15:33Z<p>Sdaoden: First try to step to v14.9.0</p>
<hr />
<div>[[Category:Email clients]]<br />
[[ja:S-nail]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
Arch Linux uses the BSD Mail descendant S-nail as its POSIX mailx incarnation.<br />
Mailx is the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
S-nail is MIME capable and has extensions for line editing, S/MIME, SMTP and POP3, among others.<br />
In Arch Linux it supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
Note, however, that it does not have a mail-queue mechanism, but simply tries to send the message over SMTP once and directly.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already.<br />
v14.9.0 brought a lot of changes and improvements, reading the [https://www.sdaoden.eu/code-nail-ann.html announcement] may be helpful.<br />
<br />
Because the systemwide configuration file ({{ic|/etc/mail.rc}}) brings in some useful standards, sending mail over an installed local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a sandbox dry-run.<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|mta}} (fine-tuning via {{ic|mta-arguments}}, {{ic|mta-no-default-arguments}}, {{ic|mta-argv0}}.<br />
See the manual, "On sending mail, and non-interactive mode"):<br />
<br />
# < /etc/passwd LC_ALL=C mailx -d -:/ -Ssendwait -Sttycharset=utf8 -Smta=/usr/bin/sendmail -s 'My password file!' -. 'Back <side@book>'<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and mailx will exit as soon as the prepared message has been passed over to the delivery mechanism, stating only whether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, the exit status of the started (builtin or not) MTA will be used as the message delivery "success" or "failure" status.<br />
<br />
The {{ic|-.}} command line option will forcefully terminate option processing and turn on message send mode.<br />
<br />
As shown in the previous example scripts can (and should) detach from environmental settings and configuration files via {{ic|LC_ALL=C}} and {{ic|-:/}}, and use explicit {{ic|-S}} and {{ic|-X}} command line flags to create their own reproducible setup.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
# echo bla | mailx -Sexpandaddr -s test -<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification.<br />
For example, the following ''only'' allows network addressees.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere.<br />
It sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C mailx -d -:/ -Sv15-compat -Ssendwait -Sttycharset=utf8 \<br />
# -Sfrom='Me <me@home>' \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype application/pdf pdf' \<br />
# -a somefile.pdf -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The manual sections "A starter", "On sending mail, and non-interactive mode" and "On reading mail, and interactive mode" should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded: mailx offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
SPA%C3%9F<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
SPA%DF<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism, thus volatile and not the right place for modifications.<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-ca-no-defaults<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol=-ALL,+TLSv1.2<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list=TLSv1.2:!aNULL:!eNULL:@STRENGTH<br />
#set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "Character sets" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# `mimetype' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, $DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# $MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set mta=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set mta='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set mta=smtp://'''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set mta=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
wysh set netrc-lookup # netrc-pipe='gpg -qd ~/.netrc.gpg'<br />
set mta=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
commandalias xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
commandalias xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded.<br />
You can further diversify things and use encrypted password storage.<br />
To adjust the example accordingly, simply encrypt your {{ic|~/.netrc}} file with OpenPGP and uncomment the {{ic|netrc-pipe}} statement above.<br />
The encrypted storage {{ic|~/.netrc.gpg}} can be created like this:<br />
<br />
# gpg -e .netrc<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
Mailx has a wide-glyph aware command line editor with history capabilities and coloured message display support.<br />
Because it strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. mailx will exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, start directly into ''$EDITOR''<br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# A nicer prompt for a modern terminal<br />
wysh set prompt='?\${?}!\${!}[\${account}#\${mailbox-display}]? '<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby history-file=+.s-nailhist<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence=0xE<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html='@* lynx -stdin -dump -force_html'<br />
# Learn another mimetype<br />
mimetype model/vrml wrl vrml<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
commandalias ls !ls -latro<br />
commandalias ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
Typing `?X' tries to expand "X" and print a help string; since mailx allows abbreviations of all commands this is sometimes handy, try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands, more so if the variable {{ic|verbose}} is set.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds...<br />
That is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s), as well as """~^""", which is a multiplexer command which offers some control about the message, e.g., to create custom headers.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type {{ic|~.}} on its own line.<br />
<br />
== Using S/MIME ==<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME" as well as "S/MIME step by step").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
\localopts yes; \wysh set pipe-text/plain=$'@*#++=@\<br />
< "${MAILX_FILENAME_TEMPORARY}" awk \<br />
-v TMPFILE="${MAILX_FILENAME_TEMPORARY}" \'\<br />
BEGIN{done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if(done++ != 0)\<br />
next;\<br />
print "--- GPG --verify ---";\<br />
system("gpg --verify " TMPFILE " 2>&1");\<br />
print "--- GPG --verify ---";\<br />
print "";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
\'';\<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
commandalias V '\'call V<br />
commandalias RK '\call RK'<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=480558S-nail2017-06-27T11:58:36Z<p>Sdaoden: Small tweaks; v14.9.0 will require more changes soon (sigh)</p>
<hr />
<div>[[Category:Email clients]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
S-nail (a fork of heirloom-mailx) is a mail processing system with a command syntax similar to ed, with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''. Note, however, that S-nail does not (yet) include a mail-queue mechanism; it simply tries to send the message over SMTP directly and immediately.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already. <br />
<br />
Because its systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a dry-run that does not perform any action for real (including ignorance of the current {{ic|save}} and {{ic|record}} settings).<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|sendmail}} (fine-tuning via {{ic|sendmail-arguments}}, {{ic|sendmail-no-default-arguments}}, {{ic|sendmail-progname}}. See the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only whether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid that members of the program environment and settings of configuration files modify program behaviour, scripts can (and should) detach from configuration files and use the {{ic|-S}} and {{ic|-X}} command line flags to create their own setup and run necessary commands, respectively.<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification. For example, the following ''only'' allows network addressees. The {{ic|-.}} command line option will terminate option processing and turn on message send mode. Together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere; it sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The sections "A starter", "Sending mail" and "Reading mail" of the manual page should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded; S-nail offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism, meaning that adjustments and additions should be applied to the former.<br />
<br />
{{Tip|By using the {{ic|-n}} command line option or by setting the {{ic|NAIL_NO_SYSTEM_RC}} reading {{ic|/etc/mail.rc}} upon startup can be inhibited. And by setting the {{ic|MAILRC}} environment variable to {{ic|/dev/null}} in addition it is ensured that no configuration file is loaded, so that a reproducable environment for running scripts is created, as shown by the script example above.}}<br />
<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# mimetype command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the built-in SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded. You can further diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply do not specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... <br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=480526S-nail2017-06-26T17:54:57Z<p>Sdaoden: Hm. I removed entire section - it was a duplicate of what is 20 lines below, and used old syntax that will vanish!?!?</p>
<hr />
<div>[[Category:Email clients]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
S-nail (a fork of heirloom-mailx) is a mail processing system with a command syntax similar to ed, with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''. Note, however, that S-nail does not (yet) include a mail-queue mechanism; it simply tries to send the message over SMTP directly and immediately.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already. <br />
<br />
Because its systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a dry-run that does not perform any action for real (including ignorance of the current {{ic|save}} and {{ic|record}} settings).<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|sendmail}} (fine-tuning via {{ic|sendmail-arguments}}, {{ic|sendmail-no-default-arguments}}, {{ic|sendmail-progname}}. See the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only whether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid that members of the program environment and settings of configuration files modify program behaviour, scripts can (and should) detach from configuration files and use the {{ic|-S}} and {{ic|-X}} command line flags to create their own setup and run necessary commands, respectively.<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification. For example, the following ''only'' allows network addressees. The {{ic|-.}} command line option will terminate option processing and turn on message send mode. Together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere; it sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The sections "A starter", "Sending mail" and "Reading mail" of the manual page should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded; S-nail offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism. In other words, you would want to edit the user-specific .mailrc file (possibly stored in /root) rather than /etc/mail.rc.<br />
Thus the following example uses the private user-specific configuration file.<br />
<br />
{{Tip|Using the {{ic|-n}} command line argument or by setting the {{ic|NAIL_NO_SYSTEM_RC}} inhibits reading {{ic|mail.rc}} upon startup. Coupled with setting the {{ic|MAILRC}} environment variable to {{ic|/dev/null}}, this ensures that no configuration file is used. The detached script example above uses this method.}}<br />
<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# mimetype command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded. You can further diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply do not specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... <br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=480525S-nail2017-06-26T17:52:36Z<p>Sdaoden: Don't use obsolete variables that will vanish (please); note the same is ten lines below, just a bit more.. but well. 'Got no notification for those changes...</p>
<hr />
<div>[[Category:Email clients]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
S-nail (a fork of heirloom-mailx) is a mail processing system with a command syntax similar to ed, with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''. Note, however, that S-nail does not (yet) include a mail-queue mechanism; it simply tries to send the message over SMTP directly and immediately.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already. <br />
<br />
Because its systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a dry-run that does not perform any action for real (including ignorance of the current {{ic|save}} and {{ic|record}} settings).<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|sendmail}} (fine-tuning via {{ic|sendmail-arguments}}, {{ic|sendmail-no-default-arguments}}, {{ic|sendmail-progname}}. See the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only whether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid that members of the program environment and settings of configuration files modify program behaviour, scripts can (and should) detach from configuration files and use the {{ic|-S}} and {{ic|-X}} command line flags to create their own setup and run necessary commands, respectively.<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification. For example, the following ''only'' allows network addressees. The {{ic|-.}} command line option will terminate option processing and turn on message send mode. Together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere; it sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The sections "A starter", "Sending mail" and "Reading mail" of the manual page should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded; S-nail offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending Mail from a server ==<br />
<br />
For a quick configuration to let your server send email using an external smtp server, create a file called .mailrc in /root or /home/$USER with the following contents. Things should send and receive correctly by default.<br />
<br />
account gmail {<br />
set smtp-use-starttls<br />
set smtp=smtp://username:password@smtp.gmail.com:587<br />
set smtp-auth=login<br />
set from="root <root@gmail.com>"<br />
}<br />
<br />
Send an email like this:<br />
<br />
echo "Sample Body" | mail -v -A gmail -s "Sample Subject" user@gmail.com<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism. In other words, you would want to edit the user-specific .mailrc file (possibly stored in /root) rather than /etc/mail.rc.<br />
Thus the following example uses the private user-specific configuration file.<br />
<br />
{{Tip|Using the {{ic|-n}} command line argument or by setting the {{ic|NAIL_NO_SYSTEM_RC}} inhibits reading {{ic|mail.rc}} upon startup. Coupled with setting the {{ic|MAILRC}} environment variable to {{ic|/dev/null}}, this ensures that no configuration file is used. The detached script example above uses this method.}}<br />
<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# mimetype command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded. You can further diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply do not specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... <br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=454597S-nail2016-10-20T13:53:21Z<p>Sdaoden: v14.8.13: urlencode -> urlcodec encode; new inbox variable; IMAP internationalised names</p>
<hr />
<div>[[Category:Email clients]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
S-nail is a mail processing system with a command syntax similar to ed, with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''. Note, however, that S-nail does not (yet) include a mail-queue mechanism; it simply tries to send the message over SMTP directly and immediately.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux {{Grp|base}} group and therefore hopefully installed already. <br />
<br />
Because its systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a dry-run that does not perform any action for real (including ignorance of the current {{ic|save}} and {{ic|record}} settings).<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|sendmail}} (fine-tuning via {{ic|sendmail-arguments}}, {{ic|sendmail-no-default-arguments}}, {{ic|sendmail-progname}}. See the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid that members of the program environment and settings of configuration files modify program behaviour, scripts can (and should) detach from configuration files and use the {{ic|-S}} and {{ic|-X}} command line flags to create their own setup and run necessary commands, respectively.<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification. For example, the following ''only'' allows network addressees. The {{ic|-.}} command line option will terminate option processing and turn on message send mode. Together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere; it sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The sections "A starter", "Sending mail" and "Reading mail" of the manual page should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded; S-nail offers the {{ic|urlcodec}} command which does this for you:<br />
<br />
# printf 'urlcodec encode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlcodec encode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlc enc SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus the following example uses the private user-specific configuration file.<br />
<br />
{{Tip|Using the {{ic|-n}} command line argument or by setting the {{ic|NAIL_NO_SYSTEM_RC}} inhibits reading {{ic|mail.rc}} upon startup. Coupled with setting the {{ic|MAILRC}} environment variable to {{ic|/dev/null}}, this ensures that no configuration file is used. The detached script example above uses this method.}}<br />
<br />
All the remaining examples in this article are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ssl-protocol-USER@archlinux.org="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# mimetype command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME if not absolute)<br />
set folder=mail<br />
# A leading "+" (often) means: under folder<br />
# record is used to save copies of sent messages, DEAD is error storage<br />
# inbox: system mailbox, by default /var/mail/$USER: '''file %'''<br />
# MBOX: secondary mailbox: '''file &'''<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
set inbox=+system.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., file mymbo<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="''Your Name <youremail@domain>''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
In this case '''USER''' and '''PASS''' are clear text, not URL encoded. You can further diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply do not specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... <br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' and ''inbox'' to point to IMAP server folders, for example.<br />
Internationalised names are supported.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"<br />
set inbox=myimap</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=452136List of applications/Internet2016-09-26T20:59:12Z<p>Sdaoden: /* Console */ S-nail project moved from Sourceforge.net to privately-owned domain</p>
<hr />
<div><noinclude><br />
[[Category:Internet applications]]<br />
[[pt:List of applications/Internet]]<br />
[[cs:List of applications/Internet]]<br />
[[es:List of applications/Internet]]<br />
[[it:List of applications/Internet]]<br />
[[ja:アプリケーション一覧/インターネット]]<br />
[[ru:List of applications/Internet]]<br />
[[zh-cn:List of applications/Internet]]<br />
[[zh-tw:List of applications/Internet]]<br />
{{List of applications navigation}}<br />
</noinclude><br />
== Internet ==<br />
<br />
=== Network managers ===<br />
<br />
* {{App|[[Connman]]|Daemon for managing internet connections within embedded devices running the Linux operating system. Comes with a command-line client, plus Enlightenment, ncurses, GTK and Dmenu clients are available.|https://01.org/connman|{{Pkg|connman}}}}<br />
* {{App|[[netctl]]|Simple and robust tool to manage network connections via profiles. Intended for use with [[systemd]].|https://projects.archlinux.org/netctl.git/|{{Pkg|netctl}}}}<br />
* {{App|[[NetworkManager]]|Manager that provides wired, wireless, mobile broadband and OpenVPN detection with configuration and automatic connection.|https://wiki.gnome.org/Projects/NetworkManager|{{Pkg|networkmanager}}}}<br />
* {{App|[[systemd-networkd]]|Native [[systemd]] daemon that manages network configuration. It includes support for basic network configuration through [[udev]].|http://www.freedesktop.org/software/systemd/man/systemd-networkd.service.html|{{Pkg|systemd}}}}<br />
* {{App|[[Wicd]]|Wireless and wired connection manager with few dependencies. Comes with an ncurses interface, and a GTK interface {{Pkg|wicd-gtk}} is available.|https://launchpad.net/wicd|{{Pkg|wicd}}}}<br />
<br />
=== VPN clients ===<br />
<br />
* {{App|[[OpenConnect]]|Supports Cisco and Juniper VPNs.|http://www.infradead.org/openconnect/|{{pkg|openconnect}}}}<br />
* {{App|[[PPTP Client]]|To connect to PPTP VPNs, like Microsoft VPNs (MPPE).|http://pptpclient.sourceforge.net/|{{pkg|pptpclient}}}}<br />
<br />
=== Web browsers ===<br />
<br />
See also [[Wikipedia:Comparison of web browsers]].<br />
<br />
==== Console ====<br />
<br />
* {{App|[[Wikipedia:ELinks|ELinks]]|Advanced and well-established feature-rich text mode web browser (Links fork, barely supported since 2009).|http://elinks.or.cz/|{{Pkg|elinks}}}}<br />
* {{App|[[Wikipedia:Links (web browser)|Links]]|Text WWW browser. Includes a console version [links] similar to Lynx, and a graphical X-window/framebuffer version [xlinks -g] (must be compiled in, Arch has both) with CSS, image rendering, pull-down menus.|http://links.twibright.com/|{{Pkg|links}}}}<br />
* {{App|[[Wikipedia:Lynx (web browser)|Lynx]]|Text browser for the World Wide Web.|http://lynx.isc.org|{{Pkg|lynx}}}}<br />
* {{App|retawq|Interactive, multi-threaded network client (web browser) for text terminals.|http://retawq.sourceforge.net/|{{AUR|retawq}}}}<br />
* {{App|[[Wikipedia:W3m|w3m]]|Pager/text-based web browser. It has vim-like keybindings, and is able to display images.|http://w3m.sourceforge.net/|{{Pkg|w3m}}}}<br />
<br />
==== Graphical ====<br />
<br />
===== Gecko-based =====<br />
<br />
See also [[Wikipedia:Gecko (software)]].<br />
<br />
* {{App|[[Wikipedia:Conkeror|Conkeror]]|Keyboard-based browser modeled after [[Emacs]] using [[Wikipedia:XULRunner|XULRunner]]. Customizable via JavaScript.|http://conkeror.org/|{{AUR|conkeror}}}}<br />
* {{App|[[Firefox]]|Extensible browser from Mozilla based on Gecko with fast rendering.|https://mozilla.com/firefox|{{Pkg|firefox}}}}<br />
* {{App|[[Wikipedia:GNU IceCat|GNU IceCat]]|A customized build of Firefox ESR distributed by the GNU Project, stripped of non-free components and with additional privacy extensions. Release cycle may be delayed compared to Mozilla Firefox.|https://www.gnu.org/software/gnuzilla/|{{AUR|icecat}} or {{AUR|icecat-bin}}}}<br />
* {{App|[[Wikipedia:SeaMonkey|SeaMonkey]]|Continuation of the Mozilla Internet Suite.|http://www.seamonkey-project.org/|{{Pkg|seamonkey}}}}<br />
<br />
===== Blink-based =====<br />
<br />
See also [[Wikipedia:Blink (layout engine)]].<br />
<br />
* {{App|[[Chromium]]|Web browser developed by Google, the open source project behind Google Chrome.|https://www.chromium.org/|{{Pkg|chromium}}}}<br />
<br />
====== Chromium spin-offs ======<br />
<br />
* {{App|[[Google Chrome]]|Proprietary web browser developed by Google.|https://www.google.com/chrome/|{{AUR|google-chrome}}}}<br />
* {{App|Inox|A privacy-focused patchset for Chromium, which disables Google services, proprietary features, prevents "calling home" and unhides all extensions.|https://github.com/gcarq/inox-patchset|{{AUR|inox}} or {{AUR|inox-bin}}}}<br />
* {{App|Iridium|A privacy-focused [https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/tree/?h&#61;patchview patchset] for Chromium. See [https://github.com/iridium-browser/iridium-browser/wiki/Differences-between-Iridium-and-Chromium differences from Chromium].|https://iridiumbrowser.de/|{{AUR|iridium}}}}<br />
* {{App|[[Opera]]|Highly customizable proprietary browser with focuses on an adherence to web rendering standards.|https://opera.com|{{Pkg|opera}}}}<br />
* {{App|[[Wikipedia:SlimBrowser|Slimjet]]|Fast, smart and powerful proprietary browser based on Chromium.|http://www.slimjet.com/|{{AUR|slimjet}}}}<br />
* {{App|[[Vivaldi]]|An advanced proprietary browser made with the power user in mind.|https://vivaldi.com/|{{AUR|vivaldi}}}}<br />
* {{App|[[Wikipedia:Yandex Browser|Yandex Browser]]|Proprietary browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.|https://browser.yandex.com/|{{AUR|yandex-browser-beta}}}}<br />
<br />
====== Browsers based on electron ======<br />
<br />
* {{App|[[Wikipedia:Brave (web browser)|Brave]]|Web browser that blocks ads and trackers by default. Based on the [http://electron.atom.io/ Electron] platform.|https://www.brave.com/|{{AUR|brave}}}}<br />
* {{App|Min|A smarter, faster web browser based on the [http://electron.atom.io/ Electron] platform.|https://minbrowser.github.io/min/|{{AUR|min}}}}<br />
<br />
====== Browsers based on qt5-webengine ======<br />
<br />
* {{App|Liri|A minimalistic material design web browser written for Papyros.|http://liriproject.me/browser|{{AUR|liri-browser}}}}<br />
* {{App|Qt WebBrowser|Browser for embedded devices developed using the capabilities of Qt and Qt WebEngine.|http://doc.qt.io/QtWebBrowser/|{{AUR|qtwebbrowser}}}}<br />
* {{App|[[Wikipedia:QupZilla|QupZilla]]|New and very fast open source browser based on QtWebEngine, written in Qt framework.| http://www.qupzilla.com |{{pkg|qupzilla}}}}<br />
<br />
===== WebKit-based =====<br />
<br />
See also [[Wikipedia:WebKit]].<br />
<br />
====== Browsers based on webkit2gtk ======<br />
<br />
* {{App|[[GNOME Web]]|Browser which uses the WebKitGTK+ rendering engine, part of {{Grp|gnome}}.|https://wiki.gnome.org/Apps/Web/|{{Pkg|epiphany}}}}<br />
* {{App|Lariza|A simple, experimental web browser using GTK+ 3, GLib and WebKit2GTK+.|https://www.uninformativ.de/projects/lariza/|{{AUR|lariza}}}}<br />
* {{App|Rainbow Lollipop|The visual history browser. In early state of development.|http://rainbow-lollipop.de/|{{AUR|rainbow-lollipop-git}}}}<br />
* {{App|[[Surf]] 2|A simple web browser based on WebKit2GTK+. Experimental branch.|http://surf.suckless.org|{{aur|surf-webkit2gtk-git}}}}<br />
* {{App|Webby|Allows to use web apps as regular desktop apps, integrated with the OS, without tabs and using the default system launcher. In early state of development.|https://launchpad.net/webby-browser|{{aur|webby-browser-bzr}}}}<br />
<br />
====== Browsers based on webkitgtk/webkitgtk2 ======<br />
<br />
{{Warning|The following browsers are based on one of four WebKit ports that are today considered insecure and outdated. GTK+ browsers should be switching to webkit2gtk. More info [https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/ here].}}<br />
<br />
* {{App|[[dwb]]|Lightweight, highly customizable web browser based on the WebKit engine with ''vi''-like shortcuts and tiling layouts. As of October 2014 ''dwb'' is [https://bitbucket.org/portix/dwb/pull-request/22/several-cleanups-to-increase-portability/diff#comment-3217936 unmaintained].|http://portix.bitbucket.org/dwb/|{{Pkg|dwb}}}}<br />
* {{App|[[Jumanji]]|Highly customizable and functional web browser.|http://pwmt.org/projects/jumanji|{{AUR|jumanji-git}}}}<br />
* {{App|[[Luakit]]|Highly configurable, micro-browser framework based on the WebKit engine and the GTK+ toolkit. It is very fast, extensible by Lua and licensed under the GNU GPLv3 license.|http://mason-larobina.github.com/luakit/|{{Pkg|luakit}}}}<br />
* {{App|[[Wikipedia:Midori (web browser)|Midori]]|Lightweight web browser based on GTK+ and WebKit.|http://midori-browser.org/|GTK+ 3: {{Pkg|midori}}, GTK+ 2: {{Pkg|midori-gtk2}}}}<br />
* {{App|[[Surf]]|Lightweight WebKit-based browser, which follows the [http://suckless.org/philosophy suckless ideology] (basically, the browser itself is a single C source file).|http://surf.suckless.org|{{Pkg|surf}}}}<br />
* {{App|[[Wikipedia:Uzbl|Uzbl]]|Group of web interface tools which adhere to the Unix philosophy.|http://uzbl.org/|{{Pkg|uzbl-browser}}}}<br />
* {{App|vimb|Fast and lightweight vim like web browser based on the webkit web browser engine and the GTK toolkit.|https://fanglingsu.github.io/vimb/|{{AUR|vimb}}}}<br />
* {{App|[[Vimprobable]]|Browser that behaves like the Vimperator plugin available for Mozilla Firefox. It is based on the WebKit engine and uses the GTK+ bindings.|http://sourceforge.net/apps/trac/vimprobable/|{{AUR|vimprobable-git}}}}<br />
* {{App|[[Wikipedia:Xombrero|Xombrero]] |Webkit minimalist web browser (formerly known as ''xxxterm'') with sophisticated security features designed-in, BSD style.|https://opensource.conformal.com/wiki/xombrero|{{AUR|xombrero-git}}}}<br />
<br />
====== Browsers based on qt5-webkit/qtwebkit ======<br />
<br />
{{Warning|The following browsers are based on one of four WebKit ports that are today considered insecure and outdated. Qt browsers should be switching to qt5-webengine (Blink). More info [https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/ here].}}<br />
<br />
* {{App|[[Wikipedia:Arora (web browser)|Arora]]|Cross-platform web browser built using QtWebKit. Development stopped in January 2012.|https://github.com/arora/arora|{{AUR|arora-git}}}}<br />
* {{App|[[Wikipedia:Dooble|Dooble]]|A safe WebKit Web browser.|http://dooble.sourceforge.net/|{{AUR|dooble}}}}<br />
* {{App|Otter-browser|Browser aiming to recreate classic Opera (12.x) UI using Qt5.|http://otter-browser.org/|{{AUR|otter-browser}}}}<br />
* {{App|[[qutebrowser]]|A keyboard-driven, [[vim]]-like browser based on PyQt5 and QtWebKit.|https://github.com/The-Compiler/qutebrowser|{{Pkg|qutebrowser}}}}<br />
* {{App|[[Wikipedia:Rekonq|Rekonq]]|WebKit-based web browser for KDE.|http://rekonq.kde.org/|{{Pkg|rekonq}}}}<br />
<br />
===== Other =====<br />
<br />
* {{App|[[Wikipedia:Dillo|Dillo]]|Small, fast graphical web browser built on [[Wikipedia:Fltk|FLTK]]. Uses its own layout engine.|http://dillo.org/|{{Pkg|dillo}}}}<br />
* {{App|Elbow|An EFL based browser.|https://github.com/bunhere/elbow|{{AUR|elbow-git}}}}<br />
* {{App|[[Wikipedia:Konqueror|Konqueror]]|Web browser based on Qt toolkit and KHTML layout engine, part of {{Grp|kdebase}}.|http://konqueror.org/|{{Pkg|kdebase-konqueror}}}}<br />
* {{App|[[Wikipedia:NetSurf|NetSurf]]|Featherweight browser written in C, notable for its slowly developing JavaScript support and fast rendering through its own layout engine.|http://netsurf-browser.org|{{Pkg|netsurf}}}}<br />
* {{App|[[Wikipedia:Pale Moon (web browser)|Pale Moon]]|A Firefox fork focussing on speed, with a pre-Firefox 29 interface. Uses [[Wikipedia:Goanna (software)|Goanna]] layout engine, a fork of Gecko. Firefox add-ons may not be compatible. [https://addons.palemoon.org/firefox/incompatible/] Compiled for SSE2, with disabled optional code and no support for newer Firefox features such as cache2, e10s, and OTMC.|http://www.palemoon.org/|{{AUR|palemoon}}}}<br />
<br />
=== File sharing ===<br />
<br />
==== Download managers ====<br />
<br />
* {{App|[[Wikipedia:Wget#GWget|Gwget]]|Download manager for GNOME.|https://projects.gnome.org/gwget/|{{Pkg|gwget}}}}<br />
* {{App|[[Wikipedia:KGet|KGet]]|Download manager for KDE that supports HTTP(S), FTP and BitTorrent. Part of {{Grp|kdenetwork}}.|http://www.kde.org/applications/internet/kget/|{{Pkg|kdenetwork-kget}}}}<br />
* {{App|uGet|GTK+ download manager featuring download classification and HTML import.|http://ugetdm.com/|{{Pkg|uget}}}}<br />
<br />
==== FTP ====<br />
<br />
===== FTP clients =====<br />
<br />
See also [[Wikipedia:Comparison of FTP client software]].<br />
<br />
* {{App|[[CurlFtpFS]]|Filesystem for accessing FTP hosts; based on FUSE and libcurl.|http://curlftpfs.sourceforge.net/|{{Pkg|curlftpfs}}}}<br />
* {{App|FatRat|Download manager with support for HTTP, FTP, SFTP, BitTorrent, RapidShare and more.|http://fatrat.dolezel.info/|{{AUR|fatrat-git}}}}<br />
* {{App|[[Wikipedia:FileZilla|FileZilla]]|Fast and reliable FTP, FTPS and SFTP client.|http://filezilla-project.org/|{{Pkg|filezilla}}}}<br />
* {{App|[[Wikipedia:gFTP|gFTP]]|Multithreaded FTP client for Linux.|http://gftp.seul.org/|{{Pkg|gftp}}}}<br />
* {{App|[[Wikipedia:Lftp|LFTP]]|Sophisticated command-line FTP client.|http://lftp.yar.ru/|{{Pkg|lftp}}}}<br />
* {{App|LftpFS|Read-only filesystem based on lftp (also supports HTTP, FISH, SFTP, HTTPS, FTPS and proxies).|http://lftpfs.sourceforge.net/|{{AUR|lftpfs}}{{Broken package link|{{aur-mirror|lftpfs}}}}}}<br />
* {{App|ncftp|A set of free application programs implementing FTP.|http://www.ncftp.com/|{{Pkg|ncftp}}}}<br />
* {{App|[[Wikipedia:tnftp|tnftp]]|FTP client with several advanced features for [[Wikipedia:NetBSD|NetBSD]].|http://freecode.com/projects/tnftp|{{Pkg|tnftp}}}}<br />
Some file managers like Dolphin, [[GNOME Files]] and [[Thunar]] also provide FTP functionality.<br />
<br />
===== FTP servers =====<br />
<br />
* {{App|[[bftpd]]|Small, easy-to-configure FTP server|http://bftpd.sourceforge.net/|{{Pkg|bftpd}}}}<br />
* {{App|[[Proftpd|proFTPd]]|A secure and configurable FTP server|http://www.proftpd.org/|{{AUR|proftpd}}}}<br />
* {{App|[[Pure-FTPd]]|Free (BSD-licensed), secure, production-quality and standard-compliant FTP server.|http://www.pureftpd.org/project/pure-ftpd|{{AUR|pure-ftpd}}}}<br />
* {{App|[[vsftpd]]|Lightweight, stable and secure FTP server for UNIX-like systems.|https://security.appspot.com/vsftpd.html|{{Pkg|vsftpd}}}}<br />
<br />
==== Distributed file systems ====<br />
<br />
* {{App|[[Ceph]]|Distributed object store and file system designed to provide excellent performance, reliability and scalability.|https://ceph.com/|{{Pkg|ceph}}}}<br />
<br />
* {{App|GlusterFS|Cluster file system capable of scaling to several peta-bytes.|http://www.gluster.org/|{{Pkg|glusterfs}}}}<br />
<br />
* {{App|Sheepdog|Distributed object storage system for volume and container services and manages the disks and nodes intelligently.|https://sheepdog.github.io/sheepdog/}}<br />
<br />
* {{App|[[Wikipedia:Tahoe-LAFS|Tahoe-LAFS]]|Tahoe Least-Authority Filesystem is a free and open, secure, decentralized, fault-tolerant, peer-to-peer distributed data store and distributed file system.<br />
|https://tahoe-lafs.org/|{{AUR|tahoe-lafs}}}}<br />
<br />
==== BitTorrent clients ====<br />
<br />
See also [[Wikipedia:Comparison of BitTorrent clients]].<br />
<br />
===== Console =====<br />
<br />
====== Command line / backend ======<br />
Can be used as-is via command line, but all have a choice of front-end options as well.<br />
* {{App|[[aria2]]|Lightweight download utility that supports simultaneous adaptive downloading via HTTP(S), FTP, BitTorrent (DHT, PEX, MSE/PE) protocols and Metalink. It can run as a daemon controlled via a built-in JSON-RPC or XML-RPC interface.|http://aria2.sourceforge.net/|{{Pkg|aria2}}}}<br />
* {{App|Ctorrent|CTorrent is a BitTorrent client implemented in C++ to be lightweight and quick.|http://www.rahul.net/dholmes/ctorrent/|{{AUR|enhanced-ctorrent}}}}<br />
* {{App|[[Wikipedia:MLDonkey|MLDonkey]]|Multi-protocol P2P client that supports BitTorrent, HTTP, FTP, eDonkey and Direct Connect.|http://mldonkey.sourceforge.net/|{{Pkg|mldonkey}}}}<br />
* {{App|[[Transmission]]|Simple and easy-to-use BitTorrent client with a daemon version, GTK+, Qt GUI, web and CLI front-ends.|http://transmissionbt.com/|{{Pkg|transmission-cli}} (includes backend, daemon, command-line interface, and a Web UI interface)}}<br />
<br />
====== Console Interface ======<br />
* {{App|[[rTorrent]]|Simple and lightweight ncurses BitTorrent client. Requires {{Pkg|libtorrent}} backend.|https://rakshasa.github.io/rtorrent/|{{Pkg|rtorrent}}}}<br />
* {{App|[[Transmission]]|Simple and easy-to-use BitTorrent client with a daemon version, ncurses CLI. Requires {{Pkg|transmission-cli}} backend.|http://transmissionbt.com/|{{Pkg|transmission-remote-cli}}}}<br />
<br />
===== Graphical Interface =====<br />
<br />
====== libtorrent-rasterbar backend ======<br />
<br />
* {{App|[[Deluge]]|User-friendly BitTorrent client written in PyGTK that can run as a daemon.|http://deluge-torrent.org/|{{Pkg|deluge}}}}<br />
* {{App|FatRat|Qt4 based download manager with support for HTTP, FTP, SFTP, BitTorrent, rapidshare and more. Written in C++.|http://fatrat.dolezel.info/|{{AUR|fatrat-git}}}}<br />
* {{App|[[Wikipedia:qBittorrent|qBittorrent]]|Open source (GPLv2) BitTorrent client that strongly resembles µtorrent.|http://www.qbittorrent.org/|{{Pkg|qbittorrent}} {{Pkg|qbittorrent-nox}}}}<br />
* {{App|[[Wikipedia:Tribler|Tribler]]|4th generation file sharing system bittorrent client.|http://www.tribler.org|{{AUR|tribler}}}}<br />
<br />
====== libktorrent backend ======<br />
* {{App|[[Ktorrent]]|Feature-rich BitTorrent client for KDE.|http://ktorrent.org/|{{Pkg|ktorrent}}}}<br />
<br />
====== others ======<br />
* {{App|Tixati|P2P client that uses the BitTorrent protocol.|http://www.tixati.com|{{AUR|tixati}}}}<br />
* {{App|[[Transmission]]|Simple and easy-to-use BitTorrent client with daemon version, GTK+, Qt GUI, web and CLI front-ends.|http://transmissionbt.com/|{{Pkg|transmission-gtk}} {{Pkg|transmission-qt}} {{AUR|transmission-remote-gtk}} (remote clients work with the daemon in the -cli package)}}<br />
* {{App|[[Wikipedia:Vuze|Vuze]]|Feature-rich BitTorrent client written in Java (formerly Azureus).|https://www.vuze.com/|{{AUR|vuze}}}}<br />
* {{App|Vuze Plus Extreme Mod|A modded version of the Vuze BitTorrent client with multiple spoofing capabilities.|http://www.sb-innovation.de/f41/vuze-extreme-mod-sb-innovation-5-6-1-3-a-32315/|{{AUR|vuze-extreme-mod}}}}<br />
<br />
==== Other P2P networks ====<br />
<br />
See also [[Wikipedia:Comparison of eDonkey software]].<br />
<br />
* {{App|[[aMule]]|Well-known eDonkey/Kad client with a daemon version and GTK+, web, and CLI front-ends.|http://www.amule.org/|{{Pkg|amule}}}}<br />
* {{App|KaMule|KDE graphical front-end for aMule.|http://kde-apps.org/content/show.php?content&#61;150270|{{AUR|kamule}}}}<br />
* {{App|MlDonkey|A multi-network P2P client.|http://mldonkey.sourceforge.net/|{{Pkg|mldonkey}}}}<br />
* {{App|Sendanywhere| GTK2 client for the cross platform P2P file sharing service, Sendanywhere. Allow users to send files of any type and size to other Android, iOS, and Desktop devices.|https://www.send-anywhere.com|{{AUR|sendanywhere}}}}<br />
* {{App|[[Wikipedia:Sharelin|Sharelin]]|Gnutella2 only client with a web UI.|https://sourceforge.net/projects/sharelin/|{{AUR|sharelin}}{{Broken package link|{{aur-mirror|sharelin}}}}}}<br />
<br />
==== Video downloaders ====<br />
<br />
* {{App|youtube-dl|Download videos from YouTube and many other platforms.|http://rg3.github.io/youtube-dl|{{Pkg|youtube-dl}}}}<br />
* {{App|You-Get|Dumb downloader that scrapes the web.|https://you-get.org/|{{Pkg|you-get}}}}<br />
<br />
=== Communication ===<br />
<br />
==== Email clients ====<br />
<br />
See also [[Wikipedia:Comparison of e-mail clients]].<br />
<br />
===== Console =====<br />
<br />
* {{App|alot|An experimental terminal MUA based on [http://notmuchmail.org/ notmuch mail]. It is written in python using the [http://urwid.org/ urwid] toolkit.|https://github.com/pazz/alot|{{AUR|alot}}}}<br />
* {{App|[[Alpine]]|Fast, easy-to-use and Apache-licensed email client based on [[Wikipedia:Pine (email client)|Pine]].|http://patches.freeiz.com/alpine/|{{AUR|alpine}}}}<br />
* {{App|[[Wikipedia:Gnus|Gnus]]|Email, NNTP and RSS client for Emacs.|http://gnus.org/|{{AUR|emacs-gnus-git}}}}<br />
* {{App|[[S-nail]]|a mail processing system with a command syntax reminiscent of ''ed'' with lines replaced by messages. Provides the functionality of [[Wikipedia:mailx|mailx]].|https://www.sdaoden.eu/code.html#s-mailx|{{Pkg|s-nail}}}}<br />
* {{App|mu/mu4e|Email indexer (mu) and client for emacs (mu4e). Xapian based for fast searches.|http://www.djcbsoftware.nl/code/mu/mu4e.html|{{AUR|mu}}}}<br />
* {{App|[[Mutt]]|Small but very powerful text-based mail client.|http://www.mutt.org/|{{Pkg|mutt}}}}<br />
* {{App|[[nmh]]|A modular mail handling system.|http://www.nongnu.org/nmh/|{{AUR|nmh}} {{AUR|nmh-git}}}}<br />
* {{App|[[notmuch]]|A fast mail indexer built on top of ''xapian''.|http://notmuchmail.org/|{{Pkg|notmuch}} {{Pkg|notmuch-vim}} {{Pkg|notmuch-mutt}}}}<br />
* {{App|[[Sup]]|CLI mail client with very fast searching, tagging, threading and GMail like operation.|https://sup-heliotrope.github.io/|{{AUR|sup}}}}<br />
* {{App|Wanderlust|Email client and news reader for Emacs.|http://www.gohome.org/wl/|{{Pkg|wanderlust}}}}<br />
<br />
===== Graphical =====<br />
<br />
* {{App|Balsa|Simple and light email client that is part of the Gnome project.|http://pawsa.fedorapeople.org/balsa/|{{Pkg|balsa}}}}<br />
* {{App|[[Wikipedia:Claws Mail|Claws Mail]]|Lightweight GTK-based email client and news reader.|http://claws-mail.org/|{{Pkg|claws-mail}}}}<br />
* {{App|[[Evolution]]|Mature and feature-rich e-mail client used in GNOME by default. Part of {{Grp|gnome-extra}}.|https://wiki.gnome.org/Apps/Evolution|{{Pkg|evolution}}}}<br />
* {{App|FossaMail|FossaMail is a Mozilla Thunderbird-based mail, news and chat client by the Pale Moon developers.|http://www.fossamail.org|{{AUR|fossamail-bin}}}}<br />
* {{App|Geary|Simple desktop mail client built in [[Wikipedia:Vala (programming language)|Vala]].|https://wiki.gnome.org/Apps/Geary|{{Pkg|geary}}}}<br />
* {{App|[[Wikipedia:Kmail|Kmail]]|Mature and feature-rich email client. Part of {{Grp|kdepim}}.|http://kde.org/applications/internet/kmail/|{{Pkg|kmail}}}}<br />
* {{App|Manitou Mail|Database-driven email system.|http://www.manitou-mail.org/|{{AUR|manitou-mdx}}{{Broken package link|{{aur-mirror|manitou-mdx}}}} {{AUR|manitou-ui}}{{Broken package link|{{aur-mirror|manitou-ui}}}}}}<br />
* {{App|N1|A new mail client, built on the modern web and designed to be extended.|https://www.nylas.com/N1/|{{AUR|n1}}}}<br />
* {{App|Roundcubemail|Browser-based multilingual IMAP client with a native application-like user interface.|http://roundcube.net/|{{Pkg|roundcubemail}}}}<br />
* {{App|[[Wikipedia:SeaMonkey#Mail|SeaMonkey Mail & Newsgroups]]|Email client included in the SeaMonkey suite.|http://www.seamonkey-project.org/|{{Pkg|seamonkey}}}}<br />
* {{App|[[Wikipedia:Sylpheed|Sylpheed]]|Lightweight and user-friendly GTK+ email client.|http://sylpheed.sraoss.jp/en/|{{Pkg|sylpheed}}}}<br />
* {{App|[[Thunderbird]]|Feature-rich email client from Mozilla written in GTK+.|http://www.mozilla.org/thunderbird/|{{Pkg|thunderbird}}}}<br />
* {{App|Trojitá|Qt IMAP email client. Only supports one IMAP account.|http://trojita.flaska.net/|{{Pkg|trojita}}}}<br />
<br />
==== Instant messaging ====<br />
<br />
See also [[Wikipedia:Comparison of instant messaging protocols]].<br />
<br />
This section lists all software with [[Wikipedia:Instant messaging|instant messaging]] support. Particularly, that are client and server applications.<br />
<br />
===== IRC clients =====<br />
<br />
See also [[Wikipedia:Comparison of Internet Relay Chat clients]].<br />
<br />
{{Note|Most web browsers and many IM clients also support IRC.}}<br />
<br />
====== Console ======<br />
<br />
* {{App|[[Wikipedia:BitchX|BitchX]]|Console-based IRC client developed from the popular [[Wikipedia:ircII|ircII]].|http://www.bitchx.org/|{{AUR|bitchx-git}}}}<br />
* {{App|ERC|Powerful, modular, and extensible IRC client for [[Emacs]].|http://savannah.gnu.org/projects/erc/|included with {{Pkg|emacs}}}}<br />
* {{App|[[Wikipedia:Ii (IRC client)|ii]]|Featherweight IRC client, literally {{ic|tail -f}} the conversation and {{ic|echo}} back your replies to a file.|http://tools.suckless.org/ii|{{AUR|ii}}}}<br />
* {{App|Ircfs|File system interface to IRC written in [http://limbo.cat-v.org Limbo].|http://www.ueber.net/code/r/ircfs|{{AUR?|ircfs}}}}<br />
* {{App|[[Irssi]]|Highly-configurable ncurses-based IRC client.|http://irssi.org/|{{Pkg|irssi}}}}<br />
* {{App|ScrollZ|Advanced IRC client based on [[Wikipedia:ircII|ircII]].|http://www.scrollz.info/|{{AUR|scrollz}}}}<br />
* {{App|sic|Extremely simple IRC client, similar to [[Wikipedia:Ii (IRC client)|ii]].|http://tools.suckless.org/sic|{{AUR|sic}}}}<br />
* {{App|[[Wikipedia:WeeChat|WeeChat]]|Modular, lightweight ncurses-based IRC client.|http://weechat.org/|{{Pkg|weechat}}}}<br />
<br />
====== Graphical ======<br />
<br />
* {{App|[[Wikipedia:ChatZilla|ChatZilla]]|Clean, easy to use and highly extensible Internet Relay Chat (IRC) client, built on the Mozilla platform using [[Wikipedia:XULRunner|XULRunner]].|http://chatzilla.hacksrus.com/|{{AUR|chatzilla}}}}<br />
* {{App|HexChat|Fork of XChat for Linux and Windows.|http://hexchat.github.io/|{{Pkg|hexchat}}}}<br />
* {{App|[[Wikipedia:Konversation|Konversation]]|Qt-based IRC client for the KDE desktop.|http://konversation.kde.org/|{{Pkg|konversation}}}}<br />
* {{App|[[Wikipedia:KVIrc|KVIrc]]|Qt-based IRC client featuring extensive themes support.|http://kvirc.net/|{{Pkg|kvirc}}}}<br />
* {{App|Loqui|GTK+ IRC client with only one dependency: [https://wiki.gnome.org/Projects/GNetLibrary GNet].|https://launchpad.net/loqui|{{AUR|loqui}}}}<br />
* {{App|LostIRC|Simple GTK+ IRC client with tab-autocompletion, multiple server support, logging and others.|http://lostirc.sourceforge.net|{{AUR|lostirc}}}}<br />
* {{App|pcw|Frontend for [http://tools.suckless.org/ii ii] that opens a new terminal for each channel.|https://bitbucket.org/emg/pcw|{{AUR|pcw-hg}}{{Broken package link|{{aur-mirror|pcw-hg}}}}}}<br />
* {{App|Polari|Simple IRC client by the GNOME project.|https://wiki.gnome.org/Apps/Polari/|{{Pkg|polari}}}}<br />
* {{App|[[Quassel]]|Modern, cross-platform, distributed IRC client.|http://quassel-irc.org/|{{Pkg|quassel-core}} {{Pkg|quassel-client}}}}<br />
* {{App|[[Wikipedia:Smuxi|Smuxi]]|Cross-platform IRC client for the GNOME desktop inspired by [[Irssi]].|http://smuxi.org/|{{Pkg|smuxi}}}}<br />
* {{App|[[Wikipedia:XChat|XChat]]|GTK-based IRC client that works on both Linux and Windows.|http://xchat.org/|{{Pkg|xchat}}}}<br />
<br />
===== XMPP (Jabber) =====<br />
<br />
See also [[Wikipedia:XMPP]] and [[Wikipedia:Comparison of instant messaging clients#XMPP-related features]].<br />
<br />
====== Console clients ======<br />
<br />
* {{App|Freetalk|Console-based Jabber client.|https://gnu.org/s/freetalk/|{{Pkg|freetalk}}}}<br />
* {{App|jabber.el|Minimal Jabber client for [[Emacs]].|http://emacs-jabber.sourceforge.net/|{{AUR|emacs-jabber}}}}<br />
* {{App|[[Wikipedia:MCabber|MCabber]]|Small Jabber console client, includes features: SSL, PGP, MUC, OTR, and UTF8.|http://mcabber.com/|{{Pkg|mcabber}}}}<br />
* {{App|Profanity|A console based Jabber client inspired by Irssi.|http://www.profanity.im/|{{Pkg|profanity}}}}<br />
* {{App|Poezio|XMPP client with IRC feeling|https://poez.io/|{{AUR|poezio}}}}<br />
* {{App|xmpp-client|A minimalist XMPP client with OTR support.|https://github.com/agl/xmpp-client|{{AUR|go-xmpp-client}}}}<br />
<br />
====== Graphical clients ======<br />
<br />
* {{App|[[Wikipedia:Gajim|Gajim]]|Jabber client written in PyGTK.|https://gajim.org/|{{Pkg|gajim}}}}<br />
* {{App|[[Wikipedia:Psi (instant messaging client)|Psi]]|Qt-based Jabber client which supports video conferencing.|http://psi-im.org/|{{Pkg|psi}} {{Pkg|psimedia}}}}<br />
* {{App|Psi+|Enhanced version of the Psi Jabber client with many new [http://psi-plus.com/wiki/en:features#differences_between_psi_beta_version_and_the_official_psi_015-dev_version features].|http://psi-plus.com/|{{AUR|psi-plus-git}}}}<br />
* {{App|[[Wikipedia:Tkabber|Tkabber]]|Easy to hack feature-rich XMPP client by the author of the ejabberd XMPP server.|http://tkabber.jabber.ru/|{{Pkg|tkabber}}}}<br />
<br />
====== Servers ======<br />
<br />
See also [[Wikipedia:Comparison of XMPP server software]].<br />
<br />
* {{App|[[Prosody]]|An XMPP server written in the [http://www.lua.org/ Lua] programming language. Prosody is designed to be lightweight and highly extensible. It is licensed under a permissive [http://prosody.im/source/mit MIT license].|http://prosody.im/|{{Pkg|prosody}}}}<br />
* {{App|Ejabberd|Jabber server written in Erlang|http://www.ejabberd.im/|{{Pkg|ejabberd}}}}<br />
* {{App|[[Jabberd2]]|An XMPP server written in the C language and licensed under the GNU General Public License. It was inspired by jabberd14.|http://jabberd2.org|{{AUR|jabberd2}}}}<br />
* {{App|Openfire|An XMPP IM multiplatform server written in Java|http://www.igniterealtime.org/projects/openfire/|{{Pkg|openfire}}}}<br />
<br />
===== Multi-protocol clients =====<br />
<br />
See also [[Wikipedia:Comparison of instant messaging clients]].<br />
<br />
{{Note|All messengers, that support several networks by means of direct connections to them, belong to this section.}}<br />
<br />
Many clients listed here (including Pidgin and all its forks) support multiple IM networks via [[Wikipedia:libpurple|libpurple]]. The number of networks supported by these clients is very large but they (like any multiprotocol clients) usually have very limited or no support for network-specific features.<br />
<br />
====== Console ======<br />
<br />
* {{App|BarnOwl|Ncurses-based chat client with support for the Zephyr, AIM, Jabber, IRC, and Twitter protocols.|http://barnowl.mit.edu/|{{AUR|barnowl}}}}<br />
* {{App|[[Bitlbee]]|IRC client that provides a gateway to popular chat networks (XMPP, MSN, Yahoo, AIM, ICQ and Twitter).|http://bitlbee.org/|{{Pkg|bitlbee}}}}<br />
* {{App|[[Wikipedia:Centericq|CenterIM]]|Fork of CenterICQ, a text mode menu- and window-driven IM interface.|http://centerim.org/|{{Pkg|centerim}}}}<br />
* {{App|[[Pidgin|Finch]]|Ncurses-based chat client that uses libpurple and supports all its protocols.|http://developer.pidgin.im/wiki/Using%20Finch|{{Pkg|finch}}}}<br />
* {{App|[[Wikipedia:naim (software)|naim]]|Ncurses chat client with support for AOL, ICQ, IRC and the Lily CMC.|http://naim.n.ml.org/|{{Pkg|naim}}}}<br />
* {{App|pork|Programmable, ncurses-based AIM and IRC client that mostly looks and feels like ircII.|http://dev.ojnk.net/|{{Pkg|pork}}}}<br />
* {{App|[[Tox]]|Tox is a distributed, secure messenger with audio and video chat capabilities.|https://tox.chat/|see [[Tox]]}}<br />
<br />
====== Graphical ======<br />
<br />
* {{App|[[Wikipedia:Emesene|Emesene]]|PyGTK instant messenger for the Windows Live Messenger network, also compatible with Jabber, Facebook and Google Talk.|http://emesene.org/|{{AUR|emesene}}{{Broken package link|{{aur-mirror|emesene}}}}}}<br />
* {{App|[[Wikipedia:Empathy (software)|Empathy]]|GNOME instant messaging client using the [[Wikipedia:Telepathy (software)|Telepathy]] framework.|https://wiki.gnome.org/Apps/Empathy|{{Pkg|empathy}}}}<br />
* {{App|[[Wikipedia:Instantbird|Instantbird]]|Multi-protocol chat client using Mozilla's XUL and libpurple.|http://instantbird.com/|{{AUR|instantbird}}}}<br />
* {{App|[[Wikipedia:Kopete|Kopete]]|User-friendly IM supporting AIM, ICQ, Windows Live Messenger, Yahoo, Jabber, Gadu-Gadu, Novell GroupWise Messenger, and other IM networks. Part of {{Grp|kdenetwork}}.|http://kopete.kde.org/|{{Pkg|kdenetwork-kopete}}}}<br />
* {{App|[[KDE#KDE Telepathy|KDE Telepathy]]|KDE instant messaging client using the [[Wikipedia:Telepathy (software)|Telepathy]] framework. Meant as a replacement for Kopete.|http://community.kde.org/Real-Time_Communication_and_Collaboration/|{{Pkg|telepathy-kde-meta}}}}<br />
* {{App|Licq|Instant messaging client for UNIX supporting multiple protocols (currently ICQ, MSN and Jabber).|http://www.licq.org|{{Pkg|licq}}}}<br />
* {{App|Mikutter|An open-source Twitter client using [[GTK+]] and Ruby.|http://mikutter.hachune.net/|{{AUR|mikutter}} {{AUR|mikutter-git}}}}<br />
* {{App|[[Pidgin]]|Multi-protocol instant messaging client.|http://pidgin.im/|{{Pkg|pidgin}} {{AUR|pidgin-light}}}}<br />
* {{App|qutIM|Simple and user-friendly IM supporting ICQ, Jabber, Mail.Ru, IRC and VKontakte messaging.|http://qutim.org/|{{AUR|qutim}}}}<br />
<br />
===== Lan messengers =====<br />
<br />
See also: [[Wikipedia:Comparison_of_LAN_messengers|Comparison of LAN messengers]].<br />
<br />
* {{App|iptux|Lan communication software, compatible with IP Messenger.|https://github.com/iptux-src/iptux|{{AUR|iptux}}}}<br />
<br />
==== VoIP / Softphone ====<br />
<br />
See also [[Wikipedia:Comparison of VoIP software]] and [[Wikipedia:List of SIP software]].<br />
<br />
===== Clients =====<br />
<br />
{{Note| Some [[#Instant messaging|IM clients]] also offer voice and video communication}}<br />
<br />
====== SIP ======<br />
* {{App|[[Wikipedia:Blink (software)|Blink]]|State of the art, easy to use SIP client.|http://www.icanblink.com/|{{AUR|blink-darcs}}}}<br />
* {{App|[[Wikipedia:Ekiga|Ekiga]]|VoIP and video conferencing application with full SIP and H.323 support (formerly known as GNOME Meeting).|http://www.ekiga.org/|{{Pkg|ekiga}}}}<br />
* {{App|[[Wikipedia:Empathy (software)|Empathy]]|GNOME instant messenger client using the Telepathy framework with SIP support (using the Sofia-SIP library).|https://wiki.gnome.org/Apps/Empathy|{{Pkg|empathy}}}}<br />
* {{App|[[Wikipedia:Jitsi|Jitsi]]|Audio/video SIP VoIP phone and instant messenger written in Java (formerly SIP-Communicator).|https://jitsi.org/|{{AUR|jitsi}}}}<br />
* {{App|[[Wikipedia:KPhone|KPhone]]|Qt SIP User Agent with voice, video and text messaging support.|http://sourceforge.net/projects/kphone/|{{AUR?|kphone}}}}<br />
* {{App|[[Wikipedia:Linphone|Linphone]]|VoIP phone application that allows you to to communicate freely with people over the internet, with voice, video, and text instant messaging.|http://www.linphone.org/|{{Pkg|linphone}}}}<br />
* {{App|Minisip|SIP User Agent with focus on security (supports TLS, end-to-end security, SRTP, MIKEY (DH, PSK, PKE)).|http://www.minisip.org/|{{AUR?|minisip}}}}<br />
* {{App|[[Wikipedia:QuteCom|QuteCom]]|Softphone which allows you to make free PC to PC video and voice calls, and to integrate all your IM contacts in one place (formerly Wengo Phone).|http://trac.qutecom.org/|{{AUR|qutecom-hg}}{{Broken package link|package not found}}}}<br />
* {{App|[[Wikipedia:Twinkle (software)|Twinkle]]|Qt softphone for VoIP and IM communication using SIP.|http://www.twinklephone.com/|{{AUR|twinkle}}}}<br />
* {{App|[[Wikipedia:X-Lite|X-Lite]]|Proprietary freeware VoIP soft phone that uses SIP.|http://www.counterpath.net/x-lite|{{AUR|xlite_bin}}}}<br />
* {{App|[[Wikipedia:Zfone|Zfone]]|Softphone application for secure voice communication over the Internet (VoIP), using the ZRTP protocol.|http://zfoneproject.com/|{{AUR|zfone}}{{Broken package link|{{aur-mirror|zfone}}}}}}<br />
<br />
====== IAX2 ======<br />
* {{App|Kiax|Qt-based IAX/2 Softphone.|http://www.forschung-direkt.eu/projects/kiax2/|{{AUR|kiax}}{{Broken package link|{{aur-mirror|kiax}}}}}}<br />
<br />
====== Skype ======<br />
* {{App|[[Skype]]|Popular but proprietary application for high-quality voice communication.|http://www.skype.com/|{{AUR|skype}}}}<br />
<br />
====== Other ======<br />
* {{App|Hangups|A third-party instant messaging client for Google Hangouts|https://github.com/tdryer/hangups|{{AUR|hangups-git}}}}<br />
* {{App|[[Wikipedia:Mumble (software)|Mumble]]|Voice chat application similar to TeamSpeak.|http://mumble.sourceforge.net/|{{pkg|mumble}}}}<br />
* {{App|[[TeamSpeak]]|Proprietary VoIP application with gamers as its target audience.|http://www.teamspeak.com/|{{Pkg|teamspeak3}}}}<br />
* {{App|[[Wikipedia:Discord (software)|Discord]]|All-in-one voice and text chat for gamers that’s free, secure, and works on both your desktop and phone.|https://discordapp.com/|{{AUR|discord-canary}}}}<br />
<br />
====== Multi-protocol ======<br />
* {{App|[[Wikipedia:Ring_(software)|Ring]] |Open-source SIP/IAX2 compatible softphone with PulseAudio support (formerly known as SFLphone).|http://ring.cx/|{{AUR|ring-daemon}}}}<br />
<br />
===== Utilities =====<br />
<br />
* {{App|Gladstone|Educational ITU-T G.729 compliant codec with a GStreamer plugin.|https://github.com/drizzt/gladstone|{{AUR|gladstone-drizztbsd-git}}{{Broken package link|{{aur-mirror|gladstone-drizztbsd-git}}}}}}<br />
* {{App|SIPp|Open source test tool and traffic generator for the SIP protocol.|http://sipp.sourceforge.net/|{{AUR|sipp}}}}<br />
* {{App|Sipsak|Small command-line tool for developers and administrators of SIP applications.|http://sipsak.org/|{{AUR|sipsak}}{{Broken package link|{{aur-mirror|sipsak}}}}}}<br />
<br />
==== Speech recognition ====<br />
<br />
See [[Speech recognition#List of speech recognition applications]].<br />
<br />
=== News, RSS, and blogs ===<br />
<br />
==== News aggregators ====<br />
<br />
See also [[Wikipedia:Comparison of feed aggregators]].<br />
<br />
===== Console =====<br />
<br />
* {{App|[[Wikipedia:Canto (news aggregator)|Canto]]|Ncurses RSS aggregator.|http://codezen.org/canto/|{{AUR|canto-next-git}}}}<br />
* {{App|[[Wikipedia:Gnus|Gnus]]|Email, NNTP and RSS client for Emacs.|http://gnus.org/|{{AUR|emacs-gnus-git}}}}<br />
* {{App|Newsbeuter|Ncurses RSS aggregator with layout and keybinding similar to the [[Mutt]] email client.|http://newsbeuter.org|{{Pkg|newsbeuter}}}}<br />
* {{App|Rawdog|"RSS Aggregator Without Delusions Of Grandeur" that parses RSS/CDF/Atom feeds into a static HTML page of articles in chronological order.|http://offog.org/code/rawdog.html|{{Pkg|rawdog}}}}<br />
* {{App|Snownews|Text mode RSS news reader.|http://kiza.kcore.de/software/snownews/|{{Pkg|snownews}}}}<br />
<br />
===== Graphical =====<br />
<br />
* {{App|[[Wikipedia:Kontact#News Feed Aggregator|Akregator]]|News aggregator for KDE, part of {{Grp|kdepim}}.|http://kde.org/applications/internet/akregator/|{{Pkg|akregator}}}}<br />
* {{App|Blam|Simple newsreader for GNOME written in C Sharp.|https://git.gnome.org/browse/blam|{{Pkg|blam}}}}<br />
* {{App|[[Evolution]] RSS|Plugin for Evolution Mail that enables reading of RSS/RDF/ATOM feeds.|http://gnome.eu.org/index.php/Evolution_RSS_Reader_Plugin|{{AUR|evolution-rss}}}}<br />
* {{App|[[Wikipedia:Liferea|Liferea]]|GTK+ news aggregator for online news feeds and weblogs.|http://liferea.sourceforge.net|{{Pkg|liferea}}}}<br />
* {{App|RSS Guard|Very tiny RSS and ATOM news reader developed using Qt framework.|https://github.com/martinrotter/rssguard|{{AUR|rssguard}}}}<br />
* {{App|[[Wikipedia:RSSOwl|RSSOwl]]|Powerful aggregator for RSS and Atom feeds, written in Java using Eclipse Rich Client Platform and SWT as a widget toolkit.|http://boreal.rssowl.org|{{AUR|rssowl}}}}<br />
* {{App|[[Wikipedia:SeaMonkey#Mail|SeaMonkey Mail & Newsgroups]]|Email client included in the SeaMonkey suite which also functions as a pretty nice news aggregator.|http://www.seamonkey-project.org/|{{Pkg|seamonkey}}}}<br />
* {{App|[[Thunderbird]]|Email client from Mozilla which also functions as a pretty nice news aggregator.|http://www.mozilla.org/thunderbird/|{{Pkg|thunderbird}}}}<br />
* {{App|Tickr (formerly News)|GTK-based RSS Reader that displays feeds as a smooth scrolling line on your Desktop, as known from TV stations.|http://newsrssticker.com/|{{AUR|tickr}}}}<br />
* {{App|Urssus|Cross platform GUI news aggregator.|https://code.google.com/p/urssus/|{{AUR|urssus}}}}<br />
* {{App|QuiteRSS|RSS/Atom feed reader written on Qt/С++.|http://quiterss.org/|{{AUR|quiterss}}}}<br />
<br />
==== Podcast clients ====<br />
<br />
* {{App|gPodder|A podcast client and feed aggregator (GTK+ and CLI interface).|http://gpodder.org/|{{AUR|gpodder3}}}}<br />
* {{App|Greg|A command-line podcast aggregator.|https://github.com/manolomartinez/greg|{{AUR|greg-git}}}}<br />
* {{App|Marrie|A simple podcast client that runs on the Command Line Interface.|https://github.com/rafaelmartins/marrie/|{{AUR|marrie-git}}}}<br />
* {{App|PodCastXDL|A simple podcast Downloader for the terminal.|https://github.com/levi0x0/PodCastXDL|{{AUR|podcastxdl-git}}{{Broken package link|{{aur-mirror|podcastxdl-git}}}}}}<br />
* {{App|Vocal|Simple Podcast Client for the Modern Desktop (GTK+).|https://launchpad.net/vocal|{{AUR|vocal-bzr}}{{Broken package link|{{aur-mirror|vocal-bzr}}}}}}<br />
<br />
==== Usenet newsreaders & newsgrabbers ====<br />
<br />
Some [[#Email_clients|email clients]] also support NNTP. This section mainly lists NNTP-only client.<br />
<br />
See also: [[Wikipedia:List of Usenet newsreaders]], [[Wikipedia:Comparison of Usenet newsreaders]].<br />
<br />
* {{app|lottanzb|A ''SABnzbd+'' (Usenet binary downloader) GUI front-end written in PyGTK|http://www.lottanzb.org/|{{aur|lottanzb}}}}<br />
* {{app|nn|Alternative more user-friendly(curses-based) Usenet newsreader for UNIX.|http://www.nndev.org/|{{aur|nn}}}}<br />
* {{app|[[NZBGet]]|CLI Utility to grab Usenet binary file using .nzb files.|http://nzbget.sourceforge.net/|{{pkg|nzbget}}}}<br />
* {{app|[[Wikipedia:Pan_(newsreader)|pan]]|A GTK2 Usenet newsreader that's good at both text and binaries.|http://pan.rebelbase.com/|{{Pkg|pan}}}}<br />
* {{app|[[Wikipedia:slrn|slrn]]|An open source text-based news client.|http://www.slrn.org/|{{pkg|slrn}}}}<br />
* {{app|[[Wikipedia:Tin_(newsreader)|tin]]|A cross-platform threaded NNTP and spool based UseNet newsreader.|http://tin.org/|{{aur|tin}}}}<br />
* {{app|trn|A text-based Threaded Usenet newsreader.|http://trn.sourceforge.net/|{{aur|trn}}}}<br />
* {{app|xrn|Usenet newsreader for X Window System.|http://www.mit.edu/people/jik/software/xrn.html|{{aur|xrn}}}}<br />
<br />
==== Blog software ====<br />
See also [[Wikipedia:Blog software]] and [[Wikipedia:List of content management systems]].<br />
<br />
* {{App|[[Drupal]]|An open source content management platform powering millions of websites and applications. It is built, used, and supported by an active and diverse community of people around the world.|http://drupal.org/|{{Pkg|drupal}}}}<br />
* {{App|[[Ghost]]|Blogging platform written in JavaScript and distributed under the MIT License, designed to simplify the process of online publishing for individual bloggers as well as online publications.|https://ghost.org/|{{AUR|ghost}}}}<br />
* {{App|Hexo|A fast, simple & powerful blog framework, powered by Node.js.|http://hexo.io|{{AUR|nodejs-hexo}}}}<br />
* {{App|[[Jekyll]]|A static blog engine, written in Ruby, which supports Markdown, textile and other formats.|http://jekyllrb.com/|{{AUR|ruby-jekyll}}}}<br />
* {{App|Nanoblogger|A small weblog engine written in Bash for the command line. It uses common UNIX tools such as cat, grep, and sed to create static HTML content. It is not mantained anymore.|http://nanoblogger.sourceforge.net/|{{Pkg|nanoblogger}}}}<br />
* {{App|Nikola|A static site generator written in Python, with incremental rebuilds and multiple markup formats.|https://getnikola.com/|{{AUR|python-nikola}}}}<br />
* {{app|Pelican|A static site generator, powered by Python.|http://docs.getpelican.com/en/3.5.0/|{{Pkg|pelican}}}}<br />
* {{App|[[Wordpress]]|An easy to setup and administer FLOSS content management system featuring a strong and vibrant community with thousands of plugins and themes.|http://wordpress.org/|{{Pkg|wordpress}}}}<br />
<br />
==== Microblogging clients ====<br />
<br />
See also [[Wikipedia:List of Twitter services and applications]].<br />
<br />
* {{App|Birdie|A beautiful Twitter client for GNU/Linux.|http://birdieapp.github.io/ |{{AUR|birdie-git}}}}<br />
* {{App|Choqok|Microblogging client for KDE that supports Twitter.com, Pump.io, GNU social and opendesktop.org services.|http://choqok.gnufolks.org/|{{Pkg|choqok}}}}<br />
* {{App|Corebird|Native Gtk+ Twitter client for the Linux desktop.|http://corebird.baedert.org/|{{AUR|corebird-git}}}}<br />
* {{App|Polly|Linux Twitter client designed for multiple columns of multiple accounts.|https://launchpad.net/polly/|{{AUR|polly}}}}<br />
* {{App|Pumpa|Pump.io client written in C++ and Qt.|https://pumpa.branchable.com/|{{AUR|pumpa-git}}}}<br />
* {{App|Rainbowstream|A powerful and fully-featured console Twitter client written in Python.|http://www.rainbowstream.org/|{{AUR|rainbowstream}}}}<br />
* {{App|ttytter|Easily scriptable Twitter client written in Perl.|http://www.floodgap.com/software/ttytter/|{{AUR|ttytter}}}}<br />
* {{App|Turpial|Multi-interface Twitter client written in Python.|https://github.com/satanas/Turpial|{{AUR|turpial-git}}}}<br />
* {{App|turses|Twitter client for the console based off ''tyrs'' with major improvements.|http://turses.rtfd.org/|{{AUR|turses}}}}<br />
<br />
=== Remote desktop ===<br />
<br />
See also [[Wikipedia:Remote desktop software]] and [[Wikipedia:Comparison of remote desktop software]].<br />
<br />
==== Remote desktop clients ====<br />
<br />
* {{App|[[Wikipedia:GNOME Boxes|GNOME Boxes]]|A simple GNOME 3 application to access remote or virtual systems. Supports VNC and SPICE.|https://wiki.gnome.org/Apps/Boxes|{{Pkg|gnome-boxes}}}}<br />
* {{App|GVncViewer|Simple VNC Client on Gtk-VNC.|https://wiki.gnome.org/Projects/gtk-vnc|{{Pkg|gtk-vnc}}}}<br />
* {{App|[[Wikipedia:KRDC|KRDC]]|Remote Desktop Client for KDE. Supports RDP and VNC. Part of {{Grp|kdenetwork}}.|https://www.kde.org/applications/internet/krdc/|{{Pkg|krdc}}}}<br />
* {{App|[[Remmina]]|Remote desktop client written in GTK+. Supports RDP, VNC, NX, XDMCP and SSH.|http://www.remmina.org/|{{Pkg|remmina}}}}<br />
* {{App|[[TigerVNC|vncviewer (TigerVNC)]]|VNC viewer for X.|http://tigervnc.org/|{{Pkg|tigervnc}}}}<br />
* {{App|[[Wikipedia:Vinagre|Vinagre]]|Remote desktop viewer for GNOME. Supports RDP, VNC, SPICE and SSH. Part of {{Grp|gnome-extra}}.|https://wiki.gnome.org/Apps/Vinagre|{{Pkg|vinagre}}}}<br />
* {{App|xfreerdp|FreeRDP X11 client.|http://www.freerdp.com/|{{Pkg|freerdp}}}}<br />
* {{App|[[X2Go]] Client|A graphical client (Qt4) for the X2Go system that uses the [[w:NX technology|NX technology]] protocol.|http://wiki.x2go.org/doku.php|{{Pkg|x2goclient}}}}<br />
<br />
==== Remote desktop servers ====<br />
<br />
* {{App|Krfb|VNC server for KDE. Part of {{Grp|kdenetwork}}.|https://www.kde.org/applications/system/krfb|{{Pkg|krfb}}}}<br />
* {{App|[[Vino]]|VNC server for GNOME. Part of {{Grp|gnome}}.|https://wiki.gnome.org/Projects/Vino|{{Pkg|vino}}}}<br />
* {{App|[[TigerVNC|x0vncserver (TigerVNC)]]|VNC Server for X displays.|http://tigervnc.org/|{{Pkg|tigervnc}}}}<br />
* {{App|[[x11vnc]]|VNC server for real X displays.|http://www.karlrunge.com/x11vnc/|{{Pkg|x11vnc}}}}<br />
* {{App|[[X2Go]] Server|An open source remote desktop software that uses the [[w:NX technology|NX technology]] protocol.|http://wiki.x2go.org/doku.php|{{Pkg|x2goserver}}}}<br />
<br />
=== Pastebin clients ===<br />
<br />
See also [[Wikipedia:Pastebin]].<br />
<br />
Pastebin services are often used to quote text or images while collaborating and troubleshooting. Pastebin clients provide a convenient way to post from the command line.<br />
<br />
{{Tip| You can access the [https://ptpb.pw ptpb.pw], [http://sprunge.us/ sprunge.us] and [http://ix.io/ ix.io] pastebins using curl. For example pipe the output of a command to ptpb: {{bc|''command'' <nowiki>| curl -F c=@- https://ptpb.pw </nowiki>}} or upload a file (including images): {{bc|<nowiki>curl -F c=@- https://ptpb.pw < </nowiki>''file''}}}}<br />
<br />
{{Note| [http://pastebin.com/ pastebin.com] is blocked for some people and has a history of annoying issues (javascript, adverts, poor formatting, etc). Do ''not'' use it.}}<br />
<br />
* {{App|Elmer|Pastebin client similar to wgetpaste and curlpaste, except written in Perl and usable with wget or curl. Servers: [http://codepad.org/ codepad.org], [http://rafb.me/ rafb.me], [http://sprunge.us/ sprunge.us].|https://github.com/sudokode/elmer|{{AUR|elmer}}}}<br />
* {{App|Fb-client|Client for the [http://paste.xinu.at/ paste.xinu.at] pastebin.|http://paste.xinu.at|{{Pkg|fb-client}}}}<br />
* {{App|Gist|Command-line interface for the [https://gist.github.com/ gist.github.com] pastebin service.|http://github.com/defunkt/gist|{{Pkg|gist}}}}<br />
* {{App|Haste|Universal pastebin tool, written in Haskell. Servers: [http://hpaste.org/ hpaste.org], [http://paste2.org/ paste2.org], [http://pastebin.com/ pastebin.com] and others.|http://hackage.haskell.org/package/haste|{{AUR|haste}}{{Broken package link|{{aur-mirror|haste}}}}}}<br />
* {{App|Hg-paste|Pastebin extension for Mercurial which can send diffs to various pastebin websites for easy sharing. Servers: [http://dpaste.com/ dpaste.com] and [http://dpaste.org/ dpaste.org].|http://bitbucket.org/sjl/hg-paste|{{AUR|hg-paste}}{{Broken package link|{{aur-mirror|hg-paste}}}}}}<br />
* {{App|imgur|A CLI client which can upload image to [http://imgur.com imgur.com] image sharing service.|http://imgur.com/apps|{{AUR|imgur}}}}<br />
* {{App|Ix|Client for the ix.io pastebin.|http://ix.io|{{AUR|ix}}}}<br />
* {{App|Npaste-client|Client for the [http://npaste.de/ npaste.de] pastebin.|http://npaste.de|{{AUR|npaste-client}}{{Broken package link|{{aur-mirror|npaste-client}}}}}}<br />
* {{App|Pastebinit|Really small Python script that acts as a Pastebin client. Servers: [http://pastie.org/ pastie.org], [http://paste.kde.org/ paste.kde.org], [http://paste.debian.net/ paste.debian.net], [http://paste.ubuntu.com/ paste.ubuntu.com] and others (for a full list see {{ic|pastebinit -l}}).|http://launchpad.net/pastebinit|{{Pkg|pastebinit}}}}<br />
* {{App|paste-binouse|C++ standalone pastebin web server|https://github.com/abique/paste-binouse|{{AUR|paste-binouse-git}}}}<br />
* {{App|pb|A very fast, lightweight pastebin and general file uploader written in python with a ton of features.|https://ptpb.pw|{{AUR|ptpb}}{{Broken package link|{{aur-mirror|ptpb}}}}}}<br />
* {{App|[[pbpst]]|A small tool to interact with pb instances (eg [https://ptpb.pw ptpb.pw]).|https://github.com/HalosGhost/pbpst|{{Pkg|pbpst}} {{AUR|pbpst-git}}}}<br />
* {{App|ruby-haste|Client for [http://hastebin.com/ hastebin.com].|https://github.com/seejohnrun/haste-client|{{AUR|ruby-haste}} {{AUR|ruby-haste-git}}}}<br />
* {{App|Uppity|The pastebin client with an attitude.|https://github.com/Kiwi/Uppity|{{AUR|uppity-git}}}}<br />
* {{App|Vim-gist|Vim script for [https://gist.github.com/ gist.github.com].| http://www.vim.org/scripts/script.php?script_id&#61;2423 |{{AUR|vim-gist}}{{Broken package link|{{aur-mirror|vim-gist}}}}}}<br />
* {{App|Vim-paster|Vim plugin to paste to any pastebin service using curl.|http://eugeneciurana.com/site.php?page&#61;tools|{{AUR|vim-paster}}{{Broken package link|{{aur-mirror|vim-paster}}}}}}<br />
* {{App|Wgetpaste|Bash script that automates pasting to a number of pastebin services. Servers: [http://pastebin.ca/ pastebin.ca], [http://codepad.org/ codepad.org], [http://dpaste.com/ dpaste.com] and [http://pastebin.osuosl.org/ pastebin.osuosl.org].|http://wgetpaste.zlin.dk/|{{Pkg|wgetpaste}}}}<br />
<br />
=== Bitcoin ===<br />
<br />
See the main article: [[Bitcoin]].<br />
<br />
* {{App|Armory|Bitcoin client with features such as support for multiple wallets, importing keys and backups.|https://github.com/etotheipi/BitcoinArmory|{{AUR|armory-git}}}}<br />
* {{App|[[Bitcoin]]|Official tool to manage Bitcoins, a P2P currency.|http://bitcoin.org/|{{Pkg|bitcoin-daemon}} {{Pkg|bitcoin-qt}}}}<br />
* {{App|Electrum|An easy to use Bitcoin client.|http://electrum.org/|{{Pkg|electrum}}}}<br />
* {{App|MultiBit|A lightweight Bitcoin desktop client powered by the BitCoinJ library.|https://multibit.org/|{{Pkg|multibit}}}}<br />
<br />
=== Surveying ===<br />
<br />
* {{App|[[Wikipedia:LimeSurvey|LimeSurvey]]|An open source on-line survey application. As a web server-based software it enables users to develop and publish on-line surveys, and collect responses, with no programming.|https://www.limesurvey.org/|{{AUR|limesurvey}}}}</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=431110S-nail2016-04-13T17:36:27Z<p>Sdaoden: Fix braino(s) of former</p>
<hr />
<div>[[Category:Email clients]]<br />
{{Style|Very verbose, lots of code, doesn't follow style guidelines.}}<br />
S-nail is a mail processing system with a command syntax similar to ed, with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be sent directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''. Note, however, that S-nail does not (yet) include a mail-queue mechanism; it simply tries to send the message over SMTP directly and immediately.<br />
<br />
== Quick shot ==<br />
<br />
The {{Pkg|s-nail}} package is part of the Arch Linux [https://www.archlinux.org/groups/x86_64/base/ base] group and therefore hopefully installed already. <br />
<br />
Because its systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the {{ic|-d}}ebug flag results in a dry-run that does not perform any action for real (including ignorance of the current {{ic|save}} and {{ic|record}} settings).<br />
You can adjust the program which is used as a MTA by setting the variable {{ic|sendmail}} (fine-tuning via {{ic|sendmail-arguments}}, {{ic|sendmail-no-default-arguments}}, {{ic|sendmail-progname}}. See the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the {{ic|sendwait}} option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the {{ic|expandaddr}} option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid that members of the program environment and settings of configuration files modify program behaviour, scripts can (and should) detach from configuration files and use the {{ic|-S}} and {{ic|-X}} command line flags to create their own setup and run necessary commands, respectively.<br />
<br />
{{ic|expandaddr}} can be given a value and be used for address verification. For example, the following ''only'' allows network addressees. The {{ic|-.}} command line option will terminate option processing and turn on message send mode. Together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
The following example can be used as is, except for {ic|-d}}, provided that you have a ''somefile.pdf'' somewhere; it sets the {{ic|record}} variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The sections "A starter", "Sending mail" and "Reading mail" of the manual page should be worth a glance when looking for more "quick shots".<br />
<br />
In cases when in the following ''USER'' and ''PASS'' are specified as part of an URL (and only then), they must become URL-percent-encoded; S-nail offers the {{ic|urlencode}} command which does this for you:<br />
<br />
# printf 'urlencode ''USER'' ''PASS''\nx\n' | mailx -#<br />
<br />
printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... <br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=426532S-nail2016-03-19T12:42:36Z<p>Sdaoden: Undo revision 426521 by Rdeckard (talk) it would have taken less effort to change the four (4) occ.s to inline code, wouldn't it? :-) The headers are EXACTLY as desired, Mr.</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.6''' of S-nail.<br />
Excerpt of latest ''NEWS'': bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, ''-d'' / ''debug'' offers real dry-run send tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes and small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
It is hoped that the S-nail manual page is helpful, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=426520S-nail2016-03-19T12:08:18Z<p>Sdaoden: Undo revision 426518 by Rdeckard (talk) no: i have not yet anything useful from your side</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.6''' of S-nail.<br />
Excerpt of latest ''NEWS'': bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, ''-d'' / ''debug'' offers real dry-run send tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes and small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
It is hoped that the S-nail manual page is helpful, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=426515S-nail2016-03-19T11:56:11Z<p>Sdaoden: Undo revision 426413 by Rdeckard (talk) well the Wiki maintainer didn't complain no more on that?</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.6''' of S-nail.<br />
Excerpt of latest ''NEWS'': bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, ''-d'' / ''debug'' offers real dry-run send tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes and small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
It is hoped that the S-nail manual page is helpful, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=426329S-nail2016-03-18T10:08:30Z<p>Sdaoden: Undo revision 426226 by Rdeckard (talk) -- quoting may be necessary: i disagree, also after looking around a bit?</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.6''' of S-nail.<br />
Excerpt of latest ''NEWS'': bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, ''-d'' / ''debug'' offers real dry-run send tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes and small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
It is hoped that the S-nail manual page is helpful, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=Dm-crypt/Specialties&diff=418871Dm-crypt/Specialties2016-02-03T13:28:43Z<p>Sdaoden: Undo revision 418869 by Sdaoden (talk) i revert again as i haven't tried it in this context. sorry for the noise</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Encryption]]<br />
[[Category:File systems]]<br />
[[ja:Dm-crypt/特記事項]]<br />
Back to [[Dm-crypt]].<br />
<br />
==Securing the unencrypted boot partition==<br />
The {{ic|/boot}} partition and the [[Master Boot Record]] are the two areas of the disk that are not encrypted, even in an [[Dm-crypt/Encrypting_an_entire_system|encrypted root]] configuration. They cannot usually be encrypted because the [[boot loader]] and BIOS (respectively) are unable to unlock a dm-crypt container in order to continue the boot process. An exception is [[GRUB]], which gained a feature to unlock a LUKS encrypted {{ic|/boot}} - see [[GRUB#Boot partition]]. <br />
<br />
This section describes steps that can be taken to make the boot process more secure. <br />
<br />
{{Warning|Note that securing the {{ic|/boot}} partition and MBR can mitigate numerous attacks that occur during the boot process, but systems configured this way may still be vulnerable to BIOS/UEFI/firmware tampering, hardware keyloggers, cold boot attacks, and many other threats that are beyond the scope of this article. For an overview of system-trust issues and how these relate to full-disk encryption, refer to [http://www.youtube.com/watch?v&#61;pKeiKYA03eE].}}<br />
<br />
===Booting from a removable device===<br />
<br />
Using a separate device to boot a system is a fairly straightforward procedure, and offers a significant security improvement against some kinds of attacks. Two vulnerable parts of a system employing an [[Dm-crypt/Encrypting_an_entire_system|encrypted root filesystem]] are<br />
* the [[Master Boot Record]], and<br />
* the {{ic|/boot}} partition.<br />
These must be stored unencrypted in order for the system to boot. In order to protect these from tampering, it is advisable to store them on a removable medium, such as a USB drive, and boot from that drive instead of the hard disk. As long as you keep the drive with you at all times, you can be certain that those components have not been tampered with, making authentication far more secure when unlocking your system.<br />
<br />
It is assumed that you already have your system configured with a dedicated partition mounted at {{ic|/boot}}. If you do not, please follow the steps in [[dm-crypt/System configuration#Boot loader]], substituting your hard disk for a removable drive.<br />
{{Note|You must make sure your system supports booting from the chosen medium, be it a USB drive, an external hard drive, an SD card, or anything else.}}<br />
Prepare the removable drive ({{ic|/dev/sdx}}).<br />
# gdisk /dev/sdx #format if necessary. Alternatively, cgdisk, fdisk, cfdisk, gparted...<br />
# mkfs.ext2 /dev/sdx1<br />
# mount /dev/sdx1 /mnt<br />
Copy your existing {{ic|/boot}} contents to the new one.<br />
# cp -R -i -d /boot/* /mnt<br />
Mount the new partition. Do not forget to update your [[fstab]] file accordingly.<br />
# umount /boot<br />
# umount /mnt<br />
# mount /dev/sdx1 /boot<br />
# genfstab -p -U / > /etc/fstab<br />
Update [[GRUB]]. {{ic|grub-mkconfig}} should detect the new partition UUID automatically, but custom menu entries may need to be updated manually.<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
# grub-install /dev/sdx #install to the removable device, not the hard disk.<br />
Reboot and test the new configuration. Remember to set your device boot order accordingly in your [[BIOS]] or [[UEFI]]. If the system fails to boot, you should still be able to boot from the hard drive in order to correct the problem.<br />
<br />
===chkboot===<br />
{{warning|chkboot makes a {{ic|/boot}} partition '''tamper-evident''', not '''tamper-proof'''. By the time the chkboot script is run, you have already typed your password into a potentially compromised boot loader, kernel, or initrd. If your system fails the chkboot integrity test, no assumptions can be made about the security of your data.}}<br />
Referring to an article from the ct-magazine (Issue 3/12, page 146, 01.16.2012, [http://www.heise.de/ct/inhalt/2012/03/6/]) the following script checks files under {{ic|/boot}} for changes of SHA-1 hash, inode, and occupied blocks on the hard drive. It also checks the [[Master Boot Record]]. The script cannot prevent certain type of attacks, but a lot are made harder. No configuration of the script itself is stored in unencrypted {{ic|/boot}}. With a locked/powered-off encrypted system, this makes it harder for some attackers because it is not apparent that an automatic checksum comparison of the partition is done upon boot. However, an attacker who anticipates these precautions can manipulate the firmware to run his own code on top of your kernel and intercept file system access, e.g. to {{ic|boot}}, and present the untampered files. Generally, no security measures below the level of the firmware are able to guarantee trust and tamper evidence.<br />
<br />
The script with installation instructions is [ftp://ftp.heise.de/pub/ct/listings/1203-146.zip available] (Author: Juergen Schmidt, ju at heisec.de; License: GPLv2). There is also package {{AUR|chkboot}} to [[install]].<br />
<br />
After installation add a service file (the package includes one based on the following) and [[enable]] it: <br />
[Unit]<br />
Description=Check that boot is what we want<br />
Requires=basic.target<br />
After=basic.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/local/bin/chkboot.sh<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
There is a small caveat for systemd. At the time of writing, the original {{ic|chkboot.sh}} script provided contains an empty space at the beginning of {{ic|<u> </u>#!/bin/bash}} which has to be removed for the service to start successfully.<br />
<br />
As {{ic|/usr/local/bin/chkboot_user.sh}} needs to be executed right after login, you need to add it to the [[autostart]] (e.g. under KDE -> ''System Settings -> Startup and Shutdown -> Autostart''; GNOME 3: ''gnome-session-properties''). <br />
<br />
With Arch Linux, changes to {{ic|/boot}} are pretty frequent, for example by new kernels rolling-in. Therefore it may be helpful to use the scripts with every full system update. One way to do so: <br />
<br />
#!/bin/bash<br />
#<br />
# Note: Insert your <user> and execute it with sudo for pacman & chkboot to work automagically<br />
#<br />
echo "Pacman update [1] Quickcheck before updating" & <br />
sudo -u <user> /usr/local/bin/chkboot_user.sh # insert your logged on <user> <br />
/usr/local/bin/chkboot.sh<br />
sync # sync disks with any results <br />
sudo -u <user> /usr/local/bin/chkboot_user.sh # insert your logged on <user> <br />
echo "Pacman update [2] Syncing repos for pacman" <br />
pacman -Syu<br />
/usr/local/bin/chkboot.sh<br />
sync <br />
sudo -u <user> /usr/local/bin/chkboot_user.sh # insert your logged on <user><br />
echo "Pacman update [3] All done, let us roll on ..."<br />
<br />
=== mkinitcpio-chkcryptoboot === <br />
{{Warning|This hook does '''not''' encrypt [[GRUB]]'s core (MBR) code or EFI stub, nor does it protect against situations where an attacker is able to modify the behaviour of the bootloader to compromise the kernel and/or initramfs at run-time.}}<br />
{{aur|mkinitcpio-chkcryptoboot}} is a [[mkinitcpio]] hook that performs integrity checks during early-userspace and advises the user not to enter his root partition password if the system appears to have been compromised. Security is achieved through an [[Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29|encrypted boot partition]], which is unlocked using [[GRUB#Boot_partition|GRUB]]'s {{ic|cryptodisk.mod}} module, and a root filesystem partition, which is encrypted with a password different from the former. This way, the [[initramfs]] and [[kernel]] are secured against offline tampering, and the root partition can remain secure even if the {{ic|/boot}} partition password is entered on a compromised machine (provided that the chkcryptoboot hook detects the compromise, and is not itself compromised at run-time). <br />
<br />
This hook requires {{pkg|GRUB}} release >=2.00 to function, and a dedicated, LUKS encrypted {{ic|/boot}} partition with its own password in order to be secure.<br />
<br />
==== Installation ====<br />
[[Install]] {{aur|mkinitcpio-chkcryptoboot}} and edit {{ic|/etc/default/chkcryptoboot.conf}}. If you want the ability of detecting if your boot partition was bypassed, edit the {{ic|CMDLINE_NAME}} and {{ic|CMDLINE_VALUE}} variables, with values known only to you. You can follow the advice of using two hashes as is suggested right after the installation. Also, be sure to make the appropriate changes to the [[Kernel parameters|kernel command line]] in {{ic|/etc/default/grub}}. Edit the {{ic|1=HOOKS=}} line in {{ic|/etc/mkinitcpio.conf}}, and insert the {{ic|chkcryptoboot}} hook '''before''' {{ic|encrypt}}. When finished, [[Mkinitcpio#Image_creation_and_activation|rebuild]] the initramfs.<br />
<br />
==== Technical Overview ====<br />
{{aur|mkinitcpio-chkcryptoboot}} consists of an install hook and a run-time hook for mkinitcpio. The install hook runs every time the initramfs is rebuilt, and hashes the GRUB [[UEFI|EFI]] stub ({{ic|$esp/EFI/grub_uefi/grubx64.efi}}) (in the case of [[UEFI]] systems) or the first 446 bytes of the disk on which GRUB is installed (in the case of BIOS systems), and stores that hash inside the initramfs located inside the encrypted {{ic|/boot}} partition. When the system is booted, GRUB prompts for the {{ic|/boot}} password, then the run-time hook performs the same hashing operation and compares the resulting hashes before prompting for the root partition password. If they do not match, the hook will print an error like this:<br />
{{bc|CHKCRYPTOBOOT ALERT!<br />
CHANGES HAVE BEEN DETECTED IN YOUR BOOT LOADER EFISTUB!<br />
YOU ARE STRONGLY ADVISED NOT TO ENTER YOUR ROOT CONTAINER PASSWORD!<br />
Please type uppercase yes to continue:<br />
}}<br />
<br />
In addition to hashing the boot loader, the hook also checks the parameters of the running kernel against those configured in {{ic|/etc/default/chkcryptoboot.conf}}. This is checked both at run-time and after the boot process is done. This allows the hook to detect if GRUB's configuration was not bypassed at run-time and afterwards to detect if the entire {{ic|/boot}} partition was not bypassed.<br />
<br />
For BIOS systems the hook creates a hash of GRUB's first stage bootloader (installed to the first 446 bytes of the bootdevice) to compare at the later boot processes. The main second-stage GRUB bootloader {{ic|core.img}} is not checked.<br />
<br />
===Other methods ===<br />
<br />
Alternatively to above scripts, a hash check can be set up with [[AIDE]] which can be customized via a very flexible configuration file. <br />
<br />
While one of these methods should serve the purpose for most users, they do not address all security problems associated with the unencrypted {{ic|/boot}}. One approach which endeavours to provide a fully authenticated boot chain was published with POTTS as an academic thesis to implement the [http://www1.informatik.uni-erlangen.de/stark STARK] authentication framework. <br />
<br />
The POTTS proof-of-concept uses Arch Linux as a base distribution and implements a system boot chain with <br />
* POTTS - a boot menu for a one-time authentication message prompt <br />
* TrustedGrub - a [[GRUB Legacy]] implementation which authenticates the kernel and initramfs against TPM chip registers <br />
* TRESOR - a kernel patch which implements AES but keeps the master-key not in RAM but in CPU registers during runtime. <br />
As part of the thesis [http://13.tc/p/potts/manual.html installation] instructions based on Arch Linux (ISO as of 2013-01) have been published. If you want to try it, be aware these tools are not in standard repositories and the solution will be time consuming to maintain.<br />
<br />
==Using GPG or OpenSSL Encrypted Keyfiles==<br />
The following forum posts give instructions to use two factor authentication, gpg or openssl encrypted keyfiles, instead of a plaintext keyfile described earlier in this wiki article [https://bbs.archlinux.org/viewtopic.php?id=120243 System Encryption using LUKS with GPG encrypted keys]:<br />
* GnuPG: [https://bbs.archlinux.org/viewtopic.php?pid=943338#p943338 Post regarding GPG encrypted keys] This post has the generic instructions.<br />
* OpenSSL: [https://bbs.archlinux.org/viewtopic.php?pid=947805#p947805 Post regarding OpenSSL encrypted keys] This post only has the {{ic|ssldec}} hooks.<br />
* OpenSSL: [https://bbs.archlinux.org/viewtopic.php?id=155393 Post regarding OpenSSL salted bf-cbc encrypted keys] This post has the {{ic|bfkf}} initcpio hooks, install, and encrypted keyfile generator scripts.<br />
* LUKS: [https://bbs.archlinux.org/viewtopic.php?pid=1502651#p1502651 Post regarding LUKS encrypted keys] with a {{ic|lukskey}} initcpio hook.<br />
<br />
Note that:<br />
* You can follow the above instructions with only two primary partitions, one boot partition (required because of encryption) and one primary LVM partition. Within the LVM partition you can have as many partitions as you need, but most importantly it should contain at least root, swap, and home logical volume partitions. This has the added benefit of having only one keyfile for all your partitions, and having the ability to hibernate your computer (suspend to disk) where the swap partition is encrypted. If you decide to do so your hooks in {{ic|/etc/mkinitcpio.conf}} should look like this:{{bc|1=HOOKS=" ... usb usbinput (etwo or ssldec) encrypt (if using openssl) lvm2 resume ... "}} and you should add {{bc|1=resume=/dev/mapper/<VolumeGroupName>-<LVNameOfSwap>}} to your [[kernel parameters]].<br />
* If you need to temporarily store the unencrypted keyfile somewhere, do not store them on an unencrypted disk. Even better make sure to store them to RAM such as {{ic|/dev/shm}}.<br />
* If you want to use a GPG encrypted keyfile, you need to use a statically compiled GnuPG version 1.4 or you could edit the hooks and use this AUR package {{AUR|gnupg1}}<br />
* It is possible that an update to OpenSSL could break the custom {{ic|ssldec}} mentioned in the second forum post.<br />
<br />
==Remote unlocking of the root (or other) partition==<br />
{{Note|1=As of 07/23/2015 the "dropbear_initrd_encrypt" package was split into three other packages. See [https://bbs.archlinux.org/viewtopic.php?id=200114 this forum post]. As of 11/18/2015 the package was deleted from the [[AUR]]. The steps below reflect the usage of the new packages.}}<br />
If you want to be able to reboot a fully LUKS-encrypted system remotely, or start it with a [[Wake-on-LAN]] service, you will need a way to enter a passphrase for the root partition/volume at startup. This can be achieved by running a [[mkinitcpio]] hook that configures a network interface, such as {{AUR|mkinitcpio-netconf}} and/or {{AUR|mkinitcpio-ppp}} (for remote unlocking using a [[Wikipedia:Point-to-Point Protocol|PPP]] connection over the internet) along with an [[SSH]] server in initrd. You have the option of using either {{AUR|mkinitcpio-dropbear}} or {{AUR|mkinitcpio-tinyssh}}. Those hooks do not install any shell, so you also need to [[Install|install]] the {{AUR|mkinitcpio-utils}} package. The instructions below can be used in any combination of the packages above. When there are different paths, it will be noted.<br />
<br />
# If you do not have an SSH key pair yet, [[SSH keys#Generating_an_SSH_key_pair|generate one]] on the client system (the one which will be used to unlock the remote machine).<br />
# If your choose to use {{AUR|mkinitcpio-tinyssh}}, you have the option of using [[SSH_keys#Choosing_the_type_of_encryption|Ed25519 keys]].<br />
# Insert your SSH public key (i.e. the one you usually put onto hosts so that you can ssh in without a password, or the one you just created and which ends with ''.pub'') into the remote machine's {{ic|/etc/dropbear/root_key or /etc/tinyssh/root_key}} file using the method of your choice, e.g.:<br />
#*[[SSH keys#Copying_the_public_key_to_the_remote_server|copy the public key to the remote system]]<br />
#* then enter the following command (on the remote system): {{bc|# cat /home/<user>/.ssh/authorized_keys > /etc/<dropbear or tinyssh>/root_key}}{{Tip|This method can later be used to add other SSH public keys as needed; in that case verify the content of remote {{ic|~/.ssh/authorized_keys}} contains only keys you agree to be used to unlock the remote machine. When adding additional keys, also regenerate your initrd with mkinitcpio. See also [[Secure Shell#Protection]].}}<br />
# Add the {{ic|<netconf and/or ppp> <dropbear or tinyssh> encryptssh}} [[Mkinitcpio#HOOKS|hooks]] before {{ic|filesystems}} within the "HOOKS" array in {{ic|/etc/mkinitcpio.conf}} (the {{ic|encryptssh}} can be used to replace the {{ic|encrypt}} hook). Then [[Mkinitcpio#Image_creation_and_activation|rebuild the initramfs image]]. {{Note|The {{ic|net}} hook provided with {{Pkg|mkinitcpio-nfs-utils}} is '''not''' needed}} {{Note|It could be necessary to add [[Network_configuration#Device_Driver|the module for your network card]] to the [[Mkinitcpio#MODULES|MODULES]] array.}}<br />
# Configure the required {{ic|1=cryptdevice=}} [[Dm-crypt/System_configuration#Boot_loader|parameter]] and add the {{ic|1=ip=}} [[Kernel_parameters|kernel command parameter]] to your bootloader configuration with the appropriate arguments (see [[Mkinitcpio#Using_net]]). For example, if the DHCP server does not attribute a static IP to your remote system, making it difficult to access via SSH accross reboots, you can explicitly state the IP you want to be used:{{bc|<nowiki>ip=192.168.1.1:::::eth0:none</nowiki>}}{{Note|Make sure to use kernel device names for the interface name (under the form ''eth#'') and not ''udev'' ones, as those will not work.}}Then update the configuration of your [[Boot_loaders|bootloader]], e.g. for [[GRUB#Generating_main_configuration_file|GRUB]]:{{bc|# grub-mkconfig -o /boot/grub/grub.cfg}}<br />
# Finally, restart the remote system and try to [[Secure_Shell#Client usage|ssh to it]], '''explicitly stating the "root" username''' (even if the root account is disabled on the machine, this root user is used only in the initrd for the purpose of unlocking the remote system). If you are using the {{AUR|mkinitcpio-dropbear}} package and you also have the {{Pkg|openssh}} package installed, then you most probably will not get any warnings before logging in, because it convert and use the same host keys openssh uses. (Except Ed25519 keys, dropbear does not support them). In case you are using {{AUR|mkinitcpio-tinyssh}}, you '''will''' get a warning the first time you login, because tinyssh does not use the same host keys as openssh, and they will be created when you build the initramfs. They will not be recreated every time, just on the first build. In either case, you should be prompted for the passphrase to unlock the root device:<br />
{{hc|$ ssh '''root'''@192.168.1.1|Enter passphrase for /dev/sda2: <br />
Connection to 192.168.1.1 closed.}}<br />
Afterwards, the system will complete its boot process and you can ssh to it [[Secure_Shell#Client usage|as you normally would]] (with the remote user of your choice).<br />
<br />
{{Tip|1=If you would simply like a nice solution to mount other encrypted partitions (such as {{ic|/home}}) remotely, you may want to look at [https://bbs.archlinux.org/viewtopic.php?pid=880484 this forum thread].}}<br />
<br />
=== Remote unlock via wifi ===<br />
The net hook is normally used with an ethernet connection. In case you want to setup a computer with wireless only, and unlock it via wifi, you can create a custom hook to connect to a wifi network before the net hook is run.<br />
<br />
Below example shows a setup using a usb wifi adapter, connecting to a wifi network protected with WPA2-PSK. In case you use for example WEP or another boot loader, you might need to change some things.<br />
<br />
# Modify {{ic|/etc/mkinitcpio.conf}}:<br />
#* Add the needed kernel module for your specific wifi adatper.<br />
#* Include the {{ic|wpa_passphrase}} and {{ic|wpa_supplicant}} binaries.<br />
#* Add a hook {{ic|wifi}} (or a name of your choice, this is the custom hook that will be created) before the {{ic|net}} hook.{{bc|1=MODULES="''module''"<br>BINARIES="wpa_passphrase wpa_supplicant"<br>HOOKS="base udev autodetect ... '''wifi''' net ... dropbear encryptssh ..."}}<br />
# Create the {{ic|wifi}} hook in {{ic|/lib/initcpio/hooks/wifi}}:{{bc|run_hook ()<br>{<br>&#09;# sleep a couple of seconds so wlan0 is setup by kernel<br>&#09;sleep 5<br><br>&#09;# set wlan0 to up<br>&#09;ip link set wlan0 up<br><br>&#09;# assocciate with wifi network<br>&#09;# 1. save temp config file<br>&#09;wpa_passphrase "''network ESSID''" "''pass phrase''" > /tmp/wifi<br><br>&#09;# 2. assocciate<br>&#09;wpa_supplicant -B -D nl80211,wext -i wlan0 -c /tmp/wifi<br><br>&#09;# sleep a couple of seconds so that wpa_supplicant finishes connecting<br>&#09;sleep 5<br><br>&#09;# wlan0 should now be connected and ready to be assigned an ip by the net hook<br>}<br><br>run_cleanuphook ()<br>{<br>&#09;# kill wpa_supplicant running in the background<br>&#09;killall wpa_supplicant<br><br>&#09;# set wlan0 link down<br>&#09;ip link set wlan0 down<br><br>&#09;# wlan0 should now be fully disconnected from the wifi network<br>}|}}<br />
# Create the hook installation file in {{ic|/lib/initcpio/install/wifi}}:{{bc|build ()<br>{<br>&#09;add_runscript<br>}<br>help ()<br>{<br>cat<<HELPEOF<br>&#09;Enables wifi on boot, for dropbear ssh unlocking of disk.<br>HELPEOF<br>}|}}<br />
# Add {{ic|1=ip=:::::wlan0:dhcp}} to the [[kernel parameters]]. Remove {{ic|1=ip=:::::eth0:dhcp}} so it does not conflict.<br />
# Optionally create an additional boot entry with kernel parameter {{ic|1=ip=:::::eth0:dhcp}}.<br />
# [[Mkinitcpio#Image_creation_and_activation|Regenerate the intiramfs image]].<br />
# Update the configuration of your [[boot loader]], e.g. for [[GRUB#Generating_main_configuration_file|GRUB]]:{{bc|# grub-mkconfig -o /boot/grub/grub.cfg}}<br />
Remember to setup [[Wireless_network_configuration|wifi]], so you are able to login once the system is fully booted. In case you are unable to connect to the wifi network, try increasing the sleep times a bit.<br />
<br />
== Discard/TRIM support for solid state drives (SSD) ==<br />
<br />
[[Solid state drive]] users should be aware that by default, Linux's full-drive encryption mechanisms will ''not'' forward TRIM commands from the filesystem to the underlying drive. The device-mapper maintainers have made it clear that TRIM support will never be enabled by default on dm-crypt devices because of the potential security implications.[http://www.saout.de/pipermail/dm-crypt/2011-September/002019.html][http://www.saout.de/pipermail/dm-crypt/2012-April/002420.html] Minimal data leakage in the form of freed block information, perhaps sufficient to determine the filesystem in use, may occur on devices with TRIM enabled. An illustration and discussion of the issues arising from activating TRIM is available in the [http://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html blog] of a ''cryptsetup'' developer. If you are worried about such factors, keep also in mind that threats may add up: for example, if your device is still encrypted with the previous (cryptsetup <1.6.0) default cipher {{ic|--cipher aes-cbc-essiv}}, more information leakage may occur from trimmed sector observation than with the current [[Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode|default]]. <br />
<br />
The following cases can be distinguished:<br />
<br />
* The device is encrypted with default dm-crypt LUKS mode:<br />
** By default the LUKS header is stored at the beginning of the device and using TRIM is useful to protect header modifications. If for example a compromised LUKS password is revoked, without TRIM the old header will in general still be available for reading until overwritten by another operation; if the drive is stolen in the meanwhile, the attackers could in theory find a way to locate the old header and use it to decrypt the content with the compromised password. See [https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#5-security-aspects cryptsetup FAQ, section 5.19 What about SSDs, Flash and Hybrid Drives?] and [https://www.reddit.com/r/archlinux/comments/2f370s/full_disk_encryption_on_an_ssd/ck5p5c5 Full disk encryption on an ssd]. <br />
** TRIM can be left disabled if the security issues stated at the top of this section are considered a worse threat than the above bullet.<br />
: See also [[Securely wipe disk#Flash memory]].<br />
* The device is encrypted with dm-crypt plain mode, or the LUKS header is stored [[Dm-crypt/Specialties#Encrypted_system_using_a_remote_LUKS_header|separately]]:<br />
** If plausible deniability is required, TRIM should '''never''' be used because of the considerations at the top of this section, or the use of encryption will be given away.<br />
** If plausible deniability is not required, TRIM can be used for its performance gains, provided that the security dangers described at the top of this section are not of concern.<br />
<br />
{{Warning|Before enabling TRIM on your drive, make sure it is fully supported, or data loss can occur. See [[Solid State Drives#TRIM]].}}<br />
<br />
In {{Pkg|linux}} 3.1 and up, support for dm-crypt TRIM pass-through can be toggled upon device creation or mount with dmsetup. Support for this option also exists in {{Pkg|cryptsetup}} version 1.4.0 and up. To add support during boot, you will need to add {{ic|:allow-discards}} to the {{ic|cryptdevice}} option. The TRIM option may look like this:<br />
cryptdevice=/dev/sdaX:root:allow-discards<br />
<br />
For the main {{ic|cryptdevice}} configuration options before the {{ic|:allow-discards}} see [[Dm-crypt/System configuration]].<br />
<br />
Besides the kernel option, it is also required to periodically run {{ic|fstrim}} or mount the filesystem (e.g. {{ic|/dev/mapper/root}} in this example) with the {{ic|discard}} option in {{ic|/etc/fstab}}. For details, please refer to the [[SSD#TRIM|SSD]] page.<br />
<br />
For LUKS devices unlocked manually on the console or via {{ic|/etc/crypttab}} either {{ic|discard}} or {{ic|allow-discards}} may be used.<br />
<br />
== The encrypt hook and multiple disks == <br />
<br />
The {{ic|encrypt}} hook only allows for a '''single''' {{ic|cryptdevice<nowiki>=</nowiki>}} entry. In system setups with multiple drives this may be limiting, because ''dm-crypt'' has no feature to exceed the physical device. For example, take "LVM on LUKS": The entire LVM exists inside a LUKS mapper. This is perfectly fine for a single-drive system, since there is only one device to decrypt. But what happens when you want to increase the size of the LVM? You cannot, at least not without modifying the {{ic|encrypt}} hook. <br />
<br />
The following sections briefly show alternatives to overcome the limitation. The first deals with how to expand a [[Dm-crypt/Encrypting_an_entire_system#LUKS_on_LVM|LUKS on LVM]] setup to a new disk. The second with modifying the {{ic|encrypt}} hook to unlock multiple disks in LUKS setups without LVM. The third section then again uses LVM, but modifies the {{ic|encrypt}} hook to unlock the encrypted LVM with a remote LUKS header. <br />
<br />
=== Expanding LVM on multiple disks ===<br />
The management of multiple disks is a basic [[LVM]] feature and a major reason for its partitioning flexibility. It can also be used with ''dm-crypt'', but only if LVM is employed as the first mapper. In such a [[Dm-crypt/Encrypting_an_entire_system#LUKS_on_LVM|LUKS on LVM]] setup the encrypted devices are created inside the logical volumes (with a separate passphrase/key per volume). The following covers the steps to expand that setup to another disk. <br />
<br />
{{Warning|Backup! While resizing filesystems may be standard, keep in mind that operations '''may''' go wrong and the following might not apply to a particular setup. Generally, extending a filesystem to free disk space is less problematic than shrinking one. This in particular applies when stacked mappers are used, as it is the case in the following example.}}<br />
<br />
==== Adding a new drive ====<br />
First, it may be desired to prepare a new disk according to [[Dm-crypt/Drive preparation]]. <br />
Second, it is partitioned as a LVM, e.g. all space is allocated to {{ic|/dev/sdY1}} with partition type "8E00" (Linux LVM). <br />
Third, the new disk/partition is attached to the existing LVM volume group, e.g.:<br />
# pvcreate /dev/sdY1<br />
# vgextend MyStorage /dev/sdY1<br />
<br />
==== Extending the logical volume ====<br />
<br />
For the next step, the final allocation of the new diskspace, the logical volume to be extended has to be unmounted. It can be performed for the {{ic|cryptdevice}} root partition, but in this case the procedure has to be performed from an Arch Install ISO. <br />
<br />
In this example, it is assumed that the logical volume for {{ic|/home}} (lv-name {{ic|homevol}}) is going to be expanded with the fresh disk space: <br />
# umount /home<br />
# fsck /dev/mapper/home<br />
# cryptsetup luksClose /dev/mapper/home<br />
# lvextend -l +100%FREE MyStorage/homevol<br />
<br />
Now the logical volume is extended and the LUKS container comes next: <br />
# cryptsetup open --type luks /dev/mapper/MyStorage-homevol home<br />
# umount /home # as a safety, in case it was automatically remounted<br />
# cryptsetup --verbose resize home<br />
<br />
Finally, the filesystem itself is resized: <br />
# e2fsck -f /dev/mapper/home<br />
# resize2fs /dev/mapper/home<br />
<br />
Done! If it went to plan, {{ic|/home}} can be remounted <br />
# mount /dev/mapper/home /home<br />
<br />
and now includes the span to the new disk. Note that the {{ic|cryptsetup resize}} action does not affect encryption keys, they have not changed.<br />
<br />
=== Modifying the encrypt hook for multiple partitions ===<br />
==== Root filesystem spanning multiple partitions ====<br />
It is possible to modify the encrypt hook to allow multiple hard drive decrypt root ({{ic|/}}) at boot. One way:<br />
<br />
# cp /usr/lib/initcpio/install/encrypt /usr/lib/initcpio/install/encrypt2<br />
# cp /usr/lib/initcpio/hooks/encrypt /usr/lib/initcpio/hooks/encrypt2<br />
# sed -i "s/cryptdevice/cryptdevice2/" /usr/lib/initcpio/hooks/encrypt2<br />
# sed -i "s/cryptkey/cryptkey2/" /usr/lib/initcpio/hooks/encrypt2<br />
<br />
<br />
Add {{ic|1=cryptdevice2=}} to your boot options (and {{ic|1=cryptkey2=}} if needed), see [[Dm-crypt/System_configuration]]<br />
<br />
==== Multiple non-root partitions ====<br />
Maybe you have a requirement for using the {{ic|encrypt}} hook on a non-root partition. Arch does not support this out of the box, however, you can easily change the cryptdev and cryptname values in {{ic|/lib/initcpio/hooks/encrypt}} (the first one to your {{ic|/dev/sd*}} partition, the second to the name you want to attribute). That should be enough.<br />
<br />
The big advantage is you can have everything automated, while setting up {{ic|/etc/crypttab}} with an external key file (i.e. the keyfile is not on any internal hard drive partition) can be a pain - you need to make sure the USB/FireWire/... device gets mounted before the encrypted partition, which means you have to change the order of {{ic|/etc/fstab}} (at least).<br />
<br />
Of course, if the {{pkg|cryptsetup}} package gets upgraded, you will have to change this script again. Unlike {{ic|/etc/crypttab}}, only one partition is supported, but with some further hacking one should be able to have multiple partitions unlocked.<br />
<br />
{{accuracy|Why not use the supported Grub2 right away? See also [[Mkinitcpio#Using_RAID]]}} <br />
If you want to do this on a software RAID partition, there is one more thing you need to do. Just setting the {{ic|/dev/mdX}} device in {{ic|/lib/initcpio/hooks/encrypt}} is not enough; the {{ic|encrypt}} hook will fail to find the key for some reason, and not prompt for a passphrase either. It looks like the RAID devices are not brought up until after the {{ic|encrypt}} hook is run. You can solve this by putting the RAID array in {{ic|/boot/grub/menu.lst}}, like <br />
kernel /boot/vmlinuz-linux md=1,/dev/hda5,/dev/hdb5<br />
<br />
If you set up your root partition as a RAID, you will notice the similarities with that setup ;-). [[GRUB]] can handle multiple array definitions just fine:<br />
kernel /boot/vmlinuz-linux root=/dev/md0 ro md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda5,/dev/sdb5,/dev/sdc5<br />
<br />
=== Encrypted system using a remote LUKS header ===<br />
This example follows the same setup as in [[Dm-crypt/Encrypting an entire system#Plain dm-crypt]], which should be read first before following this guide.<br />
<br />
By using a remote header the encrypted blockdevice itself only carries encrypted data, which gives [[Wikipedia:Deniable encryption|deniable encryption]] as long as the existence of a header is unknown to the attackers. It is similar to using [[Dm-crypt/Encrypting an entire system#Plain_dm-crypt|plain dm-crypt]], but with the LUKS advantages such as multiple passphrases for the masterkey and key derivation. Further, using a remote header offers a form of two factor authentication with an easier setup than [[Dm-crypt/Specialties#Using_GPG_or_OpenSSL_Encrypted_Keyfiles|using GPG or OpenSSL encrypted keyfiles]], while still having a built-in password prompt for multiple retries. See [[Disk encryption#Cryptographic metadata]] for more information.<br />
<br />
See [[Dm-crypt/Device encryption#Encryption options for LUKS mode]] for encryption options before performing the first step to setup the encrypted system partition and creating a header file to use with {{ic|cryptsetup}}:<br />
# truncate -s 2M header.img<br />
# cryptsetup luksFormat /dev/sdX --header header.img<br />
<br />
Open the container:<br />
# cryptsetup open --header header.img --type luks /dev/sdX enc<br />
<br />
Now follow the [[Dm-crypt/Encrypting_an_entire_system#Preparing_the_non-boot_partitions|LVM on LUKS setup]] to your requirements. The same applies for [[Dm-crypt/Encrypting an entire system#Preparing the boot partition 4|preparing the boot partition]] on the removable device (because if not, there is no point in having a separate header file for unlocking the encrypted disk).<br />
Next move the {{ic|header.img}} onto it:<br />
# mv header.img /mnt/boot<br />
<br />
Follow the installation procedure up to the mkinitcpio step (you should now be {{ic|arch-chroot}}ed inside the encrypted system). <br />
<br />
There are two options for initramfs to support a detached LUKS header.<br />
<br />
==== Using systemd hook ====<br />
<br />
{{Note|This method requires systemd '''219''' or later.}} <br />
<br />
First create {{ic|/etc/crypttab.initramfs}} and add the encrypted device to it. The syntax is defined in [http://www.freedesktop.org/software/systemd/man/crypttab.html crypttab(5)]<br />
{{hc|/etc/crypttab.initramfs|2=MyStorage PARTUUID=00000000-0000-0000-0000-000000000000 none header=/boot/header.img}}<br />
<br />
Modify {{ic|/etc/mkinitcpio.conf}} [[Mkinitcpio#Common_hooks|to use systemd]] and add the header to {{ic|FILES}}.<br />
<br />
{{hc|<br />
/etc/mkinitcpio.conf|2=FILES="'''/boot/header.img'''"<br />
<br />
HOOKS="... '''systemd''' ... block '''sd-encrypt''' sd-lvm2 filesystems ..."<br />
}}<br />
<br />
[[Mkinitcpio#Image_creation_and_activation|Recreate the initramfs]] and you are done.<br />
<br />
{{Note|<br />
* No cryptsetup parameters need to be passed to the kernel command line, since{{ic|/etc/crypttab.initramfs}} will be added as {{ic|/etc/crypttab}} in the initramfs. If you wish to specify them in the kernel command line see [http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html systemd-cryptsetup-generator(8)] for the supported options. <br />
* Be aware the {{ic|systemd}} hook adds further files to the initramfs (e.g. {{ic|/etc/passwd}} and {{ic|/etc/group}}), in case you consider them sensitive.}}<br />
<br />
==== Modifying encrypt hook ====<br />
<br />
This method shows how to modify the {{ic|encrypt}} hook in order to use a remote LUKS header. <br />
Now the {{ic|encrypt}} hook has to be modified to let {{ic|cryptsetup}} use the separate header (base source and idea for these changes [https://bbs.archlinux.org/viewtopic.php?pid=1076346#p1076346 published on the BBS]). Make a copy so it is not overwritten on a [[mkinitcpio]] update:<br />
<br />
# cp /lib/initcpio/hooks/encrypt{,2}<br />
# cp /usr/lib/initcpio/install/encrypt{,2}<br />
<br />
{{hc|<br />
/lib/initcpio/hooks/encrypt2 (around line 52)|output=warn_deprecated() {<br />
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"<br />
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."<br />
}<br />
<br />
'''local headerFlag=false'''<br />
for cryptopt in ${cryptoptions//,/ }; do<br />
case ${cryptopt} in<br />
allow-discards)<br />
cryptargs="${cryptargs} --allow-discards"<br />
;; <br />
<b>header)<br />
cryptargs="${cryptargs} --header /boot/header.img"<br />
headerFlag=true<br />
;;</b><br />
*) <br />
echo "Encryption option '${cryptopt}' not known, ignoring." >&2 <br />
;; <br />
esac<br />
done<br />
<br />
if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then<br />
if '''$headerFlag &#124;&#124; '''cryptsetup isLuks ${resolved} >/dev/null 2>&1; then<br />
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated<br />
dopassphrase=1<br />
}}<br />
<br />
Now edit the [[mkinitcpio|mkinitcpio.conf]] to add the {{ic|encrypt2}} and {{ic|lvm2}} hooks, the {{ic|header.img}} to {{ic|FILES}} and the {{ic|loop}} to {{ic|MODULES}}, apart from other configuration the system requires:<br />
<br />
{{hc|/etc/mkinitcpio.conf|2=MODULES="'''loop'''"<br />
<br />
FILES="'''/boot/header.img'''"<br />
<br />
HOOKS="... '''encrypt2''' '''lvm2''' ... filesystems ..."}}<br />
<br />
This is required so the LUKS header is available on boot allowing the decryption of the system, exempting us from a more complicated setup to mount another separate USB device in order to access the header. After this set up [[Mkinitcpio#Image_creation_and_activation|the initramfs]] is created.<br />
<br />
Next the [[Dm-crypt/Encrypting an entire system#Configuring the boot loader 4|boot loader is configured]] to specify the {{ic|1=cryptdevice=}} also passing the new {{ic|header}} option for this setup: <br />
<br />
cryptdevice=/dev/sdX:enc:header<br />
<br />
To finish, following [[Dm-crypt/Encrypting an entire system#Post-installation]] is particularly useful with a {{ic|/boot}} partition on an USB storage medium.<br />
<br />
{{Tip|1=You will notice that since the system partition only has "random" data, it does not have a partition table and by that an {{ic|UUID}} or a {{ic|name}}. But you can still have a consistent mapping using the disk id under {{ic|/dev/disk/by-id/}}}}</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=Dm-crypt/Specialties&diff=418869Dm-crypt/Specialties2016-02-03T12:53:31Z<p>Sdaoden: /* Remote unlocking of the root (or other) partition */ Dropbear does support ED25519 as "curve25519" (if so enabled)</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Encryption]]<br />
[[Category:File systems]]<br />
[[ja:Dm-crypt/特記事項]]<br />
Back to [[Dm-crypt]].<br />
<br />
==Securing the unencrypted boot partition==<br />
The {{ic|/boot}} partition and the [[Master Boot Record]] are the two areas of the disk that are not encrypted, even in an [[Dm-crypt/Encrypting_an_entire_system|encrypted root]] configuration. They cannot usually be encrypted because the [[boot loader]] and BIOS (respectively) are unable to unlock a dm-crypt container in order to continue the boot process. An exception is [[GRUB]], which gained a feature to unlock a LUKS encrypted {{ic|/boot}} - see [[GRUB#Boot partition]]. <br />
<br />
This section describes steps that can be taken to make the boot process more secure. <br />
<br />
{{Warning|Note that securing the {{ic|/boot}} partition and MBR can mitigate numerous attacks that occur during the boot process, but systems configured this way may still be vulnerable to BIOS/UEFI/firmware tampering, hardware keyloggers, cold boot attacks, and many other threats that are beyond the scope of this article. For an overview of system-trust issues and how these relate to full-disk encryption, refer to [http://www.youtube.com/watch?v&#61;pKeiKYA03eE].}}<br />
<br />
===Booting from a removable device===<br />
<br />
Using a separate device to boot a system is a fairly straightforward procedure, and offers a significant security improvement against some kinds of attacks. Two vulnerable parts of a system employing an [[Dm-crypt/Encrypting_an_entire_system|encrypted root filesystem]] are<br />
* the [[Master Boot Record]], and<br />
* the {{ic|/boot}} partition.<br />
These must be stored unencrypted in order for the system to boot. In order to protect these from tampering, it is advisable to store them on a removable medium, such as a USB drive, and boot from that drive instead of the hard disk. As long as you keep the drive with you at all times, you can be certain that those components have not been tampered with, making authentication far more secure when unlocking your system.<br />
<br />
It is assumed that you already have your system configured with a dedicated partition mounted at {{ic|/boot}}. If you do not, please follow the steps in [[dm-crypt/System configuration#Boot loader]], substituting your hard disk for a removable drive.<br />
{{Note|You must make sure your system supports booting from the chosen medium, be it a USB drive, an external hard drive, an SD card, or anything else.}}<br />
Prepare the removable drive ({{ic|/dev/sdx}}).<br />
# gdisk /dev/sdx #format if necessary. Alternatively, cgdisk, fdisk, cfdisk, gparted...<br />
# mkfs.ext2 /dev/sdx1<br />
# mount /dev/sdx1 /mnt<br />
Copy your existing {{ic|/boot}} contents to the new one.<br />
# cp -R -i -d /boot/* /mnt<br />
Mount the new partition. Do not forget to update your [[fstab]] file accordingly.<br />
# umount /boot<br />
# umount /mnt<br />
# mount /dev/sdx1 /boot<br />
# genfstab -p -U / > /etc/fstab<br />
Update [[GRUB]]. {{ic|grub-mkconfig}} should detect the new partition UUID automatically, but custom menu entries may need to be updated manually.<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
# grub-install /dev/sdx #install to the removable device, not the hard disk.<br />
Reboot and test the new configuration. Remember to set your device boot order accordingly in your [[BIOS]] or [[UEFI]]. If the system fails to boot, you should still be able to boot from the hard drive in order to correct the problem.<br />
<br />
===chkboot===<br />
{{warning|chkboot makes a {{ic|/boot}} partition '''tamper-evident''', not '''tamper-proof'''. By the time the chkboot script is run, you have already typed your password into a potentially compromised boot loader, kernel, or initrd. If your system fails the chkboot integrity test, no assumptions can be made about the security of your data.}}<br />
Referring to an article from the ct-magazine (Issue 3/12, page 146, 01.16.2012, [http://www.heise.de/ct/inhalt/2012/03/6/]) the following script checks files under {{ic|/boot}} for changes of SHA-1 hash, inode, and occupied blocks on the hard drive. It also checks the [[Master Boot Record]]. The script cannot prevent certain type of attacks, but a lot are made harder. No configuration of the script itself is stored in unencrypted {{ic|/boot}}. With a locked/powered-off encrypted system, this makes it harder for some attackers because it is not apparent that an automatic checksum comparison of the partition is done upon boot. However, an attacker who anticipates these precautions can manipulate the firmware to run his own code on top of your kernel and intercept file system access, e.g. to {{ic|boot}}, and present the untampered files. Generally, no security measures below the level of the firmware are able to guarantee trust and tamper evidence.<br />
<br />
The script with installation instructions is [ftp://ftp.heise.de/pub/ct/listings/1203-146.zip available] (Author: Juergen Schmidt, ju at heisec.de; License: GPLv2). There is also package {{AUR|chkboot}} to [[install]].<br />
<br />
After installation add a service file (the package includes one based on the following) and [[enable]] it: <br />
[Unit]<br />
Description=Check that boot is what we want<br />
Requires=basic.target<br />
After=basic.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/local/bin/chkboot.sh<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
There is a small caveat for systemd. At the time of writing, the original {{ic|chkboot.sh}} script provided contains an empty space at the beginning of {{ic|<u> </u>#!/bin/bash}} which has to be removed for the service to start successfully.<br />
<br />
As {{ic|/usr/local/bin/chkboot_user.sh}} needs to be executed right after login, you need to add it to the [[autostart]] (e.g. under KDE -> ''System Settings -> Startup and Shutdown -> Autostart''; GNOME 3: ''gnome-session-properties''). <br />
<br />
With Arch Linux, changes to {{ic|/boot}} are pretty frequent, for example by new kernels rolling-in. Therefore it may be helpful to use the scripts with every full system update. One way to do so: <br />
<br />
#!/bin/bash<br />
#<br />
# Note: Insert your <user> and execute it with sudo for pacman & chkboot to work automagically<br />
#<br />
echo "Pacman update [1] Quickcheck before updating" & <br />
sudo -u <user> /usr/local/bin/chkboot_user.sh # insert your logged on <user> <br />
/usr/local/bin/chkboot.sh<br />
sync # sync disks with any results <br />
sudo -u <user> /usr/local/bin/chkboot_user.sh # insert your logged on <user> <br />
echo "Pacman update [2] Syncing repos for pacman" <br />
pacman -Syu<br />
/usr/local/bin/chkboot.sh<br />
sync <br />
sudo -u <user> /usr/local/bin/chkboot_user.sh # insert your logged on <user><br />
echo "Pacman update [3] All done, let us roll on ..."<br />
<br />
=== mkinitcpio-chkcryptoboot === <br />
{{Warning|This hook does '''not''' encrypt [[GRUB]]'s core (MBR) code or EFI stub, nor does it protect against situations where an attacker is able to modify the behaviour of the bootloader to compromise the kernel and/or initramfs at run-time.}}<br />
{{aur|mkinitcpio-chkcryptoboot}} is a [[mkinitcpio]] hook that performs integrity checks during early-userspace and advises the user not to enter his root partition password if the system appears to have been compromised. Security is achieved through an [[Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29|encrypted boot partition]], which is unlocked using [[GRUB#Boot_partition|GRUB]]'s {{ic|cryptodisk.mod}} module, and a root filesystem partition, which is encrypted with a password different from the former. This way, the [[initramfs]] and [[kernel]] are secured against offline tampering, and the root partition can remain secure even if the {{ic|/boot}} partition password is entered on a compromised machine (provided that the chkcryptoboot hook detects the compromise, and is not itself compromised at run-time). <br />
<br />
This hook requires {{pkg|GRUB}} release >=2.00 to function, and a dedicated, LUKS encrypted {{ic|/boot}} partition with its own password in order to be secure.<br />
<br />
==== Installation ====<br />
[[Install]] {{aur|mkinitcpio-chkcryptoboot}} and edit {{ic|/etc/default/chkcryptoboot.conf}}. If you want the ability of detecting if your boot partition was bypassed, edit the {{ic|CMDLINE_NAME}} and {{ic|CMDLINE_VALUE}} variables, with values known only to you. You can follow the advice of using two hashes as is suggested right after the installation. Also, be sure to make the appropriate changes to the [[Kernel parameters|kernel command line]] in {{ic|/etc/default/grub}}. Edit the {{ic|1=HOOKS=}} line in {{ic|/etc/mkinitcpio.conf}}, and insert the {{ic|chkcryptoboot}} hook '''before''' {{ic|encrypt}}. When finished, [[Mkinitcpio#Image_creation_and_activation|rebuild]] the initramfs.<br />
<br />
==== Technical Overview ====<br />
{{aur|mkinitcpio-chkcryptoboot}} consists of an install hook and a run-time hook for mkinitcpio. The install hook runs every time the initramfs is rebuilt, and hashes the GRUB [[UEFI|EFI]] stub ({{ic|$esp/EFI/grub_uefi/grubx64.efi}}) (in the case of [[UEFI]] systems) or the first 446 bytes of the disk on which GRUB is installed (in the case of BIOS systems), and stores that hash inside the initramfs located inside the encrypted {{ic|/boot}} partition. When the system is booted, GRUB prompts for the {{ic|/boot}} password, then the run-time hook performs the same hashing operation and compares the resulting hashes before prompting for the root partition password. If they do not match, the hook will print an error like this:<br />
{{bc|CHKCRYPTOBOOT ALERT!<br />
CHANGES HAVE BEEN DETECTED IN YOUR BOOT LOADER EFISTUB!<br />
YOU ARE STRONGLY ADVISED NOT TO ENTER YOUR ROOT CONTAINER PASSWORD!<br />
Please type uppercase yes to continue:<br />
}}<br />
<br />
In addition to hashing the boot loader, the hook also checks the parameters of the running kernel against those configured in {{ic|/etc/default/chkcryptoboot.conf}}. This is checked both at run-time and after the boot process is done. This allows the hook to detect if GRUB's configuration was not bypassed at run-time and afterwards to detect if the entire {{ic|/boot}} partition was not bypassed.<br />
<br />
For BIOS systems the hook creates a hash of GRUB's first stage bootloader (installed to the first 446 bytes of the bootdevice) to compare at the later boot processes. The main second-stage GRUB bootloader {{ic|core.img}} is not checked.<br />
<br />
===Other methods ===<br />
<br />
Alternatively to above scripts, a hash check can be set up with [[AIDE]] which can be customized via a very flexible configuration file. <br />
<br />
While one of these methods should serve the purpose for most users, they do not address all security problems associated with the unencrypted {{ic|/boot}}. One approach which endeavours to provide a fully authenticated boot chain was published with POTTS as an academic thesis to implement the [http://www1.informatik.uni-erlangen.de/stark STARK] authentication framework. <br />
<br />
The POTTS proof-of-concept uses Arch Linux as a base distribution and implements a system boot chain with <br />
* POTTS - a boot menu for a one-time authentication message prompt <br />
* TrustedGrub - a [[GRUB Legacy]] implementation which authenticates the kernel and initramfs against TPM chip registers <br />
* TRESOR - a kernel patch which implements AES but keeps the master-key not in RAM but in CPU registers during runtime. <br />
As part of the thesis [http://13.tc/p/potts/manual.html installation] instructions based on Arch Linux (ISO as of 2013-01) have been published. If you want to try it, be aware these tools are not in standard repositories and the solution will be time consuming to maintain.<br />
<br />
==Using GPG or OpenSSL Encrypted Keyfiles==<br />
The following forum posts give instructions to use two factor authentication, gpg or openssl encrypted keyfiles, instead of a plaintext keyfile described earlier in this wiki article [https://bbs.archlinux.org/viewtopic.php?id=120243 System Encryption using LUKS with GPG encrypted keys]:<br />
* GnuPG: [https://bbs.archlinux.org/viewtopic.php?pid=943338#p943338 Post regarding GPG encrypted keys] This post has the generic instructions.<br />
* OpenSSL: [https://bbs.archlinux.org/viewtopic.php?pid=947805#p947805 Post regarding OpenSSL encrypted keys] This post only has the {{ic|ssldec}} hooks.<br />
* OpenSSL: [https://bbs.archlinux.org/viewtopic.php?id=155393 Post regarding OpenSSL salted bf-cbc encrypted keys] This post has the {{ic|bfkf}} initcpio hooks, install, and encrypted keyfile generator scripts.<br />
* LUKS: [https://bbs.archlinux.org/viewtopic.php?pid=1502651#p1502651 Post regarding LUKS encrypted keys] with a {{ic|lukskey}} initcpio hook.<br />
<br />
Note that:<br />
* You can follow the above instructions with only two primary partitions, one boot partition (required because of encryption) and one primary LVM partition. Within the LVM partition you can have as many partitions as you need, but most importantly it should contain at least root, swap, and home logical volume partitions. This has the added benefit of having only one keyfile for all your partitions, and having the ability to hibernate your computer (suspend to disk) where the swap partition is encrypted. If you decide to do so your hooks in {{ic|/etc/mkinitcpio.conf}} should look like this:{{bc|1=HOOKS=" ... usb usbinput (etwo or ssldec) encrypt (if using openssl) lvm2 resume ... "}} and you should add {{bc|1=resume=/dev/mapper/<VolumeGroupName>-<LVNameOfSwap>}} to your [[kernel parameters]].<br />
* If you need to temporarily store the unencrypted keyfile somewhere, do not store them on an unencrypted disk. Even better make sure to store them to RAM such as {{ic|/dev/shm}}.<br />
* If you want to use a GPG encrypted keyfile, you need to use a statically compiled GnuPG version 1.4 or you could edit the hooks and use this AUR package {{AUR|gnupg1}}<br />
* It is possible that an update to OpenSSL could break the custom {{ic|ssldec}} mentioned in the second forum post.<br />
<br />
==Remote unlocking of the root (or other) partition==<br />
{{Note|1=As of 07/23/2015 the "dropbear_initrd_encrypt" package was split into three other packages. See [https://bbs.archlinux.org/viewtopic.php?id=200114 this forum post]. As of 11/18/2015 the package was deleted from the [[AUR]]. The steps below reflect the usage of the new packages.}}<br />
If you want to be able to reboot a fully LUKS-encrypted system remotely, or start it with a [[Wake-on-LAN]] service, you will need a way to enter a passphrase for the root partition/volume at startup. This can be achieved by running a [[mkinitcpio]] hook that configures a network interface, such as {{AUR|mkinitcpio-netconf}} and/or {{AUR|mkinitcpio-ppp}} (for remote unlocking using a [[Wikipedia:Point-to-Point Protocol|PPP]] connection over the internet) along with an [[SSH]] server in initrd. You have the option of using either {{AUR|mkinitcpio-dropbear}} or {{AUR|mkinitcpio-tinyssh}}. Those hooks do not install any shell, so you also need to [[Install|install]] the {{AUR|mkinitcpio-utils}} package. The instructions below can be used in any combination of the packages above. When there are different paths, it will be noted.<br />
<br />
# If you do not have an SSH key pair yet, [[SSH keys#Generating_an_SSH_key_pair|generate one]] on the client system (the one which will be used to unlock the remote machine).<br />
# If your choose to use {{AUR|mkinitcpio-tinyssh}}, you have the option of using [[SSH_keys#Choosing_the_type_of_encryption|Ed25519 keys]].<br />
# Insert your SSH public key (i.e. the one you usually put onto hosts so that you can ssh in without a password, or the one you just created and which ends with ''.pub'') into the remote machine's {{ic|/etc/dropbear/root_key or /etc/tinyssh/root_key}} file using the method of your choice, e.g.:<br />
#*[[SSH keys#Copying_the_public_key_to_the_remote_server|copy the public key to the remote system]]<br />
#* then enter the following command (on the remote system): {{bc|# cat /home/<user>/.ssh/authorized_keys > /etc/<dropbear or tinyssh>/root_key}}{{Tip|This method can later be used to add other SSH public keys as needed; in that case verify the content of remote {{ic|~/.ssh/authorized_keys}} contains only keys you agree to be used to unlock the remote machine. When adding additional keys, also regenerate your initrd with mkinitcpio. See also [[Secure Shell#Protection]].}}<br />
# Add the {{ic|<netconf and/or ppp> <dropbear or tinyssh> encryptssh}} [[Mkinitcpio#HOOKS|hooks]] before {{ic|filesystems}} within the "HOOKS" array in {{ic|/etc/mkinitcpio.conf}} (the {{ic|encryptssh}} can be used to replace the {{ic|encrypt}} hook). Then [[Mkinitcpio#Image_creation_and_activation|rebuild the initramfs image]]. {{Note|The {{ic|net}} hook provided with {{Pkg|mkinitcpio-nfs-utils}} is '''not''' needed}} {{Note|It could be necessary to add [[Network_configuration#Device_Driver|the module for your network card]] to the [[Mkinitcpio#MODULES|MODULES]] array.}}<br />
# Configure the required {{ic|1=cryptdevice=}} [[Dm-crypt/System_configuration#Boot_loader|parameter]] and add the {{ic|1=ip=}} [[Kernel_parameters|kernel command parameter]] to your bootloader configuration with the appropriate arguments (see [[Mkinitcpio#Using_net]]). For example, if the DHCP server does not attribute a static IP to your remote system, making it difficult to access via SSH accross reboots, you can explicitly state the IP you want to be used:{{bc|<nowiki>ip=192.168.1.1:::::eth0:none</nowiki>}}{{Note|Make sure to use kernel device names for the interface name (under the form ''eth#'') and not ''udev'' ones, as those will not work.}}Then update the configuration of your [[Boot_loaders|bootloader]], e.g. for [[GRUB#Generating_main_configuration_file|GRUB]]:{{bc|# grub-mkconfig -o /boot/grub/grub.cfg}}<br />
# Finally, restart the remote system and try to [[Secure_Shell#Client usage|ssh to it]], '''explicitly stating the "root" username''' (even if the root account is disabled on the machine, this root user is used only in the initrd for the purpose of unlocking the remote system). If you are using the {{AUR|mkinitcpio-dropbear}} package and you also have the {{Pkg|openssh}} package installed, then you most probably will not get any warnings before logging in, because it convert and use the same host keys openssh uses. In case you are using {{AUR|mkinitcpio-tinyssh}}, you '''will''' get a warning the first time you login, because tinyssh does not use the same host keys as openssh, and they will be created when you build the initramfs. They will not be recreated every time, just on the first build. In either case, you should be prompted for the passphrase to unlock the root device:<br />
{{hc|$ ssh '''root'''@192.168.1.1|Enter passphrase for /dev/sda2: <br />
Connection to 192.168.1.1 closed.}}<br />
Afterwards, the system will complete its boot process and you can ssh to it [[Secure_Shell#Client usage|as you normally would]] (with the remote user of your choice).<br />
<br />
{{Tip|1=If you would simply like a nice solution to mount other encrypted partitions (such as {{ic|/home}}) remotely, you may want to look at [https://bbs.archlinux.org/viewtopic.php?pid=880484 this forum thread].}}<br />
<br />
=== Remote unlock via wifi ===<br />
The net hook is normally used with an ethernet connection. In case you want to setup a computer with wireless only, and unlock it via wifi, you can create a custom hook to connect to a wifi network before the net hook is run.<br />
<br />
Below example shows a setup using a usb wifi adapter, connecting to a wifi network protected with WPA2-PSK. In case you use for example WEP or another boot loader, you might need to change some things.<br />
<br />
# Modify {{ic|/etc/mkinitcpio.conf}}:<br />
#* Add the needed kernel module for your specific wifi adatper.<br />
#* Include the {{ic|wpa_passphrase}} and {{ic|wpa_supplicant}} binaries.<br />
#* Add a hook {{ic|wifi}} (or a name of your choice, this is the custom hook that will be created) before the {{ic|net}} hook.{{bc|1=MODULES="''module''"<br>BINARIES="wpa_passphrase wpa_supplicant"<br>HOOKS="base udev autodetect ... '''wifi''' net ... dropbear encryptssh ..."}}<br />
# Create the {{ic|wifi}} hook in {{ic|/lib/initcpio/hooks/wifi}}:{{bc|run_hook ()<br>{<br>&#09;# sleep a couple of seconds so wlan0 is setup by kernel<br>&#09;sleep 5<br><br>&#09;# set wlan0 to up<br>&#09;ip link set wlan0 up<br><br>&#09;# assocciate with wifi network<br>&#09;# 1. save temp config file<br>&#09;wpa_passphrase "''network ESSID''" "''pass phrase''" > /tmp/wifi<br><br>&#09;# 2. assocciate<br>&#09;wpa_supplicant -B -D nl80211,wext -i wlan0 -c /tmp/wifi<br><br>&#09;# sleep a couple of seconds so that wpa_supplicant finishes connecting<br>&#09;sleep 5<br><br>&#09;# wlan0 should now be connected and ready to be assigned an ip by the net hook<br>}<br><br>run_cleanuphook ()<br>{<br>&#09;# kill wpa_supplicant running in the background<br>&#09;killall wpa_supplicant<br><br>&#09;# set wlan0 link down<br>&#09;ip link set wlan0 down<br><br>&#09;# wlan0 should now be fully disconnected from the wifi network<br>}|}}<br />
# Create the hook installation file in {{ic|/lib/initcpio/install/wifi}}:{{bc|build ()<br>{<br>&#09;add_runscript<br>}<br>help ()<br>{<br>cat<<HELPEOF<br>&#09;Enables wifi on boot, for dropbear ssh unlocking of disk.<br>HELPEOF<br>}|}}<br />
# Add {{ic|1=ip=:::::wlan0:dhcp}} to the [[kernel parameters]]. Remove {{ic|1=ip=:::::eth0:dhcp}} so it does not conflict.<br />
# Optionally create an additional boot entry with kernel parameter {{ic|1=ip=:::::eth0:dhcp}}.<br />
# [[Mkinitcpio#Image_creation_and_activation|Regenerate the intiramfs image]].<br />
# Update the configuration of your [[boot loader]], e.g. for [[GRUB#Generating_main_configuration_file|GRUB]]:{{bc|# grub-mkconfig -o /boot/grub/grub.cfg}}<br />
Remember to setup [[Wireless_network_configuration|wifi]], so you are able to login once the system is fully booted. In case you are unable to connect to the wifi network, try increasing the sleep times a bit.<br />
<br />
== Discard/TRIM support for solid state drives (SSD) ==<br />
<br />
[[Solid state drive]] users should be aware that by default, Linux's full-drive encryption mechanisms will ''not'' forward TRIM commands from the filesystem to the underlying drive. The device-mapper maintainers have made it clear that TRIM support will never be enabled by default on dm-crypt devices because of the potential security implications.[http://www.saout.de/pipermail/dm-crypt/2011-September/002019.html][http://www.saout.de/pipermail/dm-crypt/2012-April/002420.html] Minimal data leakage in the form of freed block information, perhaps sufficient to determine the filesystem in use, may occur on devices with TRIM enabled. An illustration and discussion of the issues arising from activating TRIM is available in the [http://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html blog] of a ''cryptsetup'' developer. If you are worried about such factors, keep also in mind that threats may add up: for example, if your device is still encrypted with the previous (cryptsetup <1.6.0) default cipher {{ic|--cipher aes-cbc-essiv}}, more information leakage may occur from trimmed sector observation than with the current [[Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode|default]]. <br />
<br />
The following cases can be distinguished:<br />
<br />
* The device is encrypted with default dm-crypt LUKS mode:<br />
** By default the LUKS header is stored at the beginning of the device and using TRIM is useful to protect header modifications. If for example a compromised LUKS password is revoked, without TRIM the old header will in general still be available for reading until overwritten by another operation; if the drive is stolen in the meanwhile, the attackers could in theory find a way to locate the old header and use it to decrypt the content with the compromised password. See [https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#5-security-aspects cryptsetup FAQ, section 5.19 What about SSDs, Flash and Hybrid Drives?] and [https://www.reddit.com/r/archlinux/comments/2f370s/full_disk_encryption_on_an_ssd/ck5p5c5 Full disk encryption on an ssd]. <br />
** TRIM can be left disabled if the security issues stated at the top of this section are considered a worse threat than the above bullet.<br />
: See also [[Securely wipe disk#Flash memory]].<br />
* The device is encrypted with dm-crypt plain mode, or the LUKS header is stored [[Dm-crypt/Specialties#Encrypted_system_using_a_remote_LUKS_header|separately]]:<br />
** If plausible deniability is required, TRIM should '''never''' be used because of the considerations at the top of this section, or the use of encryption will be given away.<br />
** If plausible deniability is not required, TRIM can be used for its performance gains, provided that the security dangers described at the top of this section are not of concern.<br />
<br />
{{Warning|Before enabling TRIM on your drive, make sure it is fully supported, or data loss can occur. See [[Solid State Drives#TRIM]].}}<br />
<br />
In {{Pkg|linux}} 3.1 and up, support for dm-crypt TRIM pass-through can be toggled upon device creation or mount with dmsetup. Support for this option also exists in {{Pkg|cryptsetup}} version 1.4.0 and up. To add support during boot, you will need to add {{ic|:allow-discards}} to the {{ic|cryptdevice}} option. The TRIM option may look like this:<br />
cryptdevice=/dev/sdaX:root:allow-discards<br />
<br />
For the main {{ic|cryptdevice}} configuration options before the {{ic|:allow-discards}} see [[Dm-crypt/System configuration]].<br />
<br />
Besides the kernel option, it is also required to periodically run {{ic|fstrim}} or mount the filesystem (e.g. {{ic|/dev/mapper/root}} in this example) with the {{ic|discard}} option in {{ic|/etc/fstab}}. For details, please refer to the [[SSD#TRIM|SSD]] page.<br />
<br />
For LUKS devices unlocked manually on the console or via {{ic|/etc/crypttab}} either {{ic|discard}} or {{ic|allow-discards}} may be used.<br />
<br />
== The encrypt hook and multiple disks == <br />
<br />
The {{ic|encrypt}} hook only allows for a '''single''' {{ic|cryptdevice<nowiki>=</nowiki>}} entry. In system setups with multiple drives this may be limiting, because ''dm-crypt'' has no feature to exceed the physical device. For example, take "LVM on LUKS": The entire LVM exists inside a LUKS mapper. This is perfectly fine for a single-drive system, since there is only one device to decrypt. But what happens when you want to increase the size of the LVM? You cannot, at least not without modifying the {{ic|encrypt}} hook. <br />
<br />
The following sections briefly show alternatives to overcome the limitation. The first deals with how to expand a [[Dm-crypt/Encrypting_an_entire_system#LUKS_on_LVM|LUKS on LVM]] setup to a new disk. The second with modifying the {{ic|encrypt}} hook to unlock multiple disks in LUKS setups without LVM. The third section then again uses LVM, but modifies the {{ic|encrypt}} hook to unlock the encrypted LVM with a remote LUKS header. <br />
<br />
=== Expanding LVM on multiple disks ===<br />
The management of multiple disks is a basic [[LVM]] feature and a major reason for its partitioning flexibility. It can also be used with ''dm-crypt'', but only if LVM is employed as the first mapper. In such a [[Dm-crypt/Encrypting_an_entire_system#LUKS_on_LVM|LUKS on LVM]] setup the encrypted devices are created inside the logical volumes (with a separate passphrase/key per volume). The following covers the steps to expand that setup to another disk. <br />
<br />
{{Warning|Backup! While resizing filesystems may be standard, keep in mind that operations '''may''' go wrong and the following might not apply to a particular setup. Generally, extending a filesystem to free disk space is less problematic than shrinking one. This in particular applies when stacked mappers are used, as it is the case in the following example.}}<br />
<br />
==== Adding a new drive ====<br />
First, it may be desired to prepare a new disk according to [[Dm-crypt/Drive preparation]]. <br />
Second, it is partitioned as a LVM, e.g. all space is allocated to {{ic|/dev/sdY1}} with partition type "8E00" (Linux LVM). <br />
Third, the new disk/partition is attached to the existing LVM volume group, e.g.:<br />
# pvcreate /dev/sdY1<br />
# vgextend MyStorage /dev/sdY1<br />
<br />
==== Extending the logical volume ====<br />
<br />
For the next step, the final allocation of the new diskspace, the logical volume to be extended has to be unmounted. It can be performed for the {{ic|cryptdevice}} root partition, but in this case the procedure has to be performed from an Arch Install ISO. <br />
<br />
In this example, it is assumed that the logical volume for {{ic|/home}} (lv-name {{ic|homevol}}) is going to be expanded with the fresh disk space: <br />
# umount /home<br />
# fsck /dev/mapper/home<br />
# cryptsetup luksClose /dev/mapper/home<br />
# lvextend -l +100%FREE MyStorage/homevol<br />
<br />
Now the logical volume is extended and the LUKS container comes next: <br />
# cryptsetup open --type luks /dev/mapper/MyStorage-homevol home<br />
# umount /home # as a safety, in case it was automatically remounted<br />
# cryptsetup --verbose resize home<br />
<br />
Finally, the filesystem itself is resized: <br />
# e2fsck -f /dev/mapper/home<br />
# resize2fs /dev/mapper/home<br />
<br />
Done! If it went to plan, {{ic|/home}} can be remounted <br />
# mount /dev/mapper/home /home<br />
<br />
and now includes the span to the new disk. Note that the {{ic|cryptsetup resize}} action does not affect encryption keys, they have not changed.<br />
<br />
=== Modifying the encrypt hook for multiple partitions ===<br />
==== Root filesystem spanning multiple partitions ====<br />
It is possible to modify the encrypt hook to allow multiple hard drive decrypt root ({{ic|/}}) at boot. One way:<br />
<br />
# cp /usr/lib/initcpio/install/encrypt /usr/lib/initcpio/install/encrypt2<br />
# cp /usr/lib/initcpio/hooks/encrypt /usr/lib/initcpio/hooks/encrypt2<br />
# sed -i "s/cryptdevice/cryptdevice2/" /usr/lib/initcpio/hooks/encrypt2<br />
# sed -i "s/cryptkey/cryptkey2/" /usr/lib/initcpio/hooks/encrypt2<br />
<br />
<br />
Add {{ic|1=cryptdevice2=}} to your boot options (and {{ic|1=cryptkey2=}} if needed), see [[Dm-crypt/System_configuration]]<br />
<br />
==== Multiple non-root partitions ====<br />
Maybe you have a requirement for using the {{ic|encrypt}} hook on a non-root partition. Arch does not support this out of the box, however, you can easily change the cryptdev and cryptname values in {{ic|/lib/initcpio/hooks/encrypt}} (the first one to your {{ic|/dev/sd*}} partition, the second to the name you want to attribute). That should be enough.<br />
<br />
The big advantage is you can have everything automated, while setting up {{ic|/etc/crypttab}} with an external key file (i.e. the keyfile is not on any internal hard drive partition) can be a pain - you need to make sure the USB/FireWire/... device gets mounted before the encrypted partition, which means you have to change the order of {{ic|/etc/fstab}} (at least).<br />
<br />
Of course, if the {{pkg|cryptsetup}} package gets upgraded, you will have to change this script again. Unlike {{ic|/etc/crypttab}}, only one partition is supported, but with some further hacking one should be able to have multiple partitions unlocked.<br />
<br />
{{accuracy|Why not use the supported Grub2 right away? See also [[Mkinitcpio#Using_RAID]]}} <br />
If you want to do this on a software RAID partition, there is one more thing you need to do. Just setting the {{ic|/dev/mdX}} device in {{ic|/lib/initcpio/hooks/encrypt}} is not enough; the {{ic|encrypt}} hook will fail to find the key for some reason, and not prompt for a passphrase either. It looks like the RAID devices are not brought up until after the {{ic|encrypt}} hook is run. You can solve this by putting the RAID array in {{ic|/boot/grub/menu.lst}}, like <br />
kernel /boot/vmlinuz-linux md=1,/dev/hda5,/dev/hdb5<br />
<br />
If you set up your root partition as a RAID, you will notice the similarities with that setup ;-). [[GRUB]] can handle multiple array definitions just fine:<br />
kernel /boot/vmlinuz-linux root=/dev/md0 ro md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda5,/dev/sdb5,/dev/sdc5<br />
<br />
=== Encrypted system using a remote LUKS header ===<br />
This example follows the same setup as in [[Dm-crypt/Encrypting an entire system#Plain dm-crypt]], which should be read first before following this guide.<br />
<br />
By using a remote header the encrypted blockdevice itself only carries encrypted data, which gives [[Wikipedia:Deniable encryption|deniable encryption]] as long as the existence of a header is unknown to the attackers. It is similar to using [[Dm-crypt/Encrypting an entire system#Plain_dm-crypt|plain dm-crypt]], but with the LUKS advantages such as multiple passphrases for the masterkey and key derivation. Further, using a remote header offers a form of two factor authentication with an easier setup than [[Dm-crypt/Specialties#Using_GPG_or_OpenSSL_Encrypted_Keyfiles|using GPG or OpenSSL encrypted keyfiles]], while still having a built-in password prompt for multiple retries. See [[Disk encryption#Cryptographic metadata]] for more information.<br />
<br />
See [[Dm-crypt/Device encryption#Encryption options for LUKS mode]] for encryption options before performing the first step to setup the encrypted system partition and creating a header file to use with {{ic|cryptsetup}}:<br />
# truncate -s 2M header.img<br />
# cryptsetup luksFormat /dev/sdX --header header.img<br />
<br />
Open the container:<br />
# cryptsetup open --header header.img --type luks /dev/sdX enc<br />
<br />
Now follow the [[Dm-crypt/Encrypting_an_entire_system#Preparing_the_non-boot_partitions|LVM on LUKS setup]] to your requirements. The same applies for [[Dm-crypt/Encrypting an entire system#Preparing the boot partition 4|preparing the boot partition]] on the removable device (because if not, there is no point in having a separate header file for unlocking the encrypted disk).<br />
Next move the {{ic|header.img}} onto it:<br />
# mv header.img /mnt/boot<br />
<br />
Follow the installation procedure up to the mkinitcpio step (you should now be {{ic|arch-chroot}}ed inside the encrypted system). <br />
<br />
There are two options for initramfs to support a detached LUKS header.<br />
<br />
==== Using systemd hook ====<br />
<br />
{{Note|This method requires systemd '''219''' or later.}} <br />
<br />
First create {{ic|/etc/crypttab.initramfs}} and add the encrypted device to it. The syntax is defined in [http://www.freedesktop.org/software/systemd/man/crypttab.html crypttab(5)]<br />
{{hc|/etc/crypttab.initramfs|2=MyStorage PARTUUID=00000000-0000-0000-0000-000000000000 none header=/boot/header.img}}<br />
<br />
Modify {{ic|/etc/mkinitcpio.conf}} [[Mkinitcpio#Common_hooks|to use systemd]] and add the header to {{ic|FILES}}.<br />
<br />
{{hc|<br />
/etc/mkinitcpio.conf|2=FILES="'''/boot/header.img'''"<br />
<br />
HOOKS="... '''systemd''' ... block '''sd-encrypt''' sd-lvm2 filesystems ..."<br />
}}<br />
<br />
[[Mkinitcpio#Image_creation_and_activation|Recreate the initramfs]] and you are done.<br />
<br />
{{Note|<br />
* No cryptsetup parameters need to be passed to the kernel command line, since{{ic|/etc/crypttab.initramfs}} will be added as {{ic|/etc/crypttab}} in the initramfs. If you wish to specify them in the kernel command line see [http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html systemd-cryptsetup-generator(8)] for the supported options. <br />
* Be aware the {{ic|systemd}} hook adds further files to the initramfs (e.g. {{ic|/etc/passwd}} and {{ic|/etc/group}}), in case you consider them sensitive.}}<br />
<br />
==== Modifying encrypt hook ====<br />
<br />
This method shows how to modify the {{ic|encrypt}} hook in order to use a remote LUKS header. <br />
Now the {{ic|encrypt}} hook has to be modified to let {{ic|cryptsetup}} use the separate header (base source and idea for these changes [https://bbs.archlinux.org/viewtopic.php?pid=1076346#p1076346 published on the BBS]). Make a copy so it is not overwritten on a [[mkinitcpio]] update:<br />
<br />
# cp /lib/initcpio/hooks/encrypt{,2}<br />
# cp /usr/lib/initcpio/install/encrypt{,2}<br />
<br />
{{hc|<br />
/lib/initcpio/hooks/encrypt2 (around line 52)|output=warn_deprecated() {<br />
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"<br />
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."<br />
}<br />
<br />
'''local headerFlag=false'''<br />
for cryptopt in ${cryptoptions//,/ }; do<br />
case ${cryptopt} in<br />
allow-discards)<br />
cryptargs="${cryptargs} --allow-discards"<br />
;; <br />
<b>header)<br />
cryptargs="${cryptargs} --header /boot/header.img"<br />
headerFlag=true<br />
;;</b><br />
*) <br />
echo "Encryption option '${cryptopt}' not known, ignoring." >&2 <br />
;; <br />
esac<br />
done<br />
<br />
if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then<br />
if '''$headerFlag &#124;&#124; '''cryptsetup isLuks ${resolved} >/dev/null 2>&1; then<br />
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated<br />
dopassphrase=1<br />
}}<br />
<br />
Now edit the [[mkinitcpio|mkinitcpio.conf]] to add the {{ic|encrypt2}} and {{ic|lvm2}} hooks, the {{ic|header.img}} to {{ic|FILES}} and the {{ic|loop}} to {{ic|MODULES}}, apart from other configuration the system requires:<br />
<br />
{{hc|/etc/mkinitcpio.conf|2=MODULES="'''loop'''"<br />
<br />
FILES="'''/boot/header.img'''"<br />
<br />
HOOKS="... '''encrypt2''' '''lvm2''' ... filesystems ..."}}<br />
<br />
This is required so the LUKS header is available on boot allowing the decryption of the system, exempting us from a more complicated setup to mount another separate USB device in order to access the header. After this set up [[Mkinitcpio#Image_creation_and_activation|the initramfs]] is created.<br />
<br />
Next the [[Dm-crypt/Encrypting an entire system#Configuring the boot loader 4|boot loader is configured]] to specify the {{ic|1=cryptdevice=}} also passing the new {{ic|header}} option for this setup: <br />
<br />
cryptdevice=/dev/sdX:enc:header<br />
<br />
To finish, following [[Dm-crypt/Encrypting an entire system#Post-installation]] is particularly useful with a {{ic|/boot}} partition on an USB storage medium.<br />
<br />
{{Tip|1=You will notice that since the system partition only has "random" data, it does not have a partition table and by that an {{ic|UUID}} or a {{ic|name}}. But you can still have a consistent mapping using the disk id under {{ic|/dev/disk/by-id/}}}}</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=NVIDIA&diff=417384NVIDIA2016-01-27T12:48:59Z<p>Sdaoden: /* Blackscreen at X startup with new driver */ After a hour-long odysee with nvidia-340xx for MacBook 2009/GeForce 9400M that made things almost hopeless: refer to Noveau!</p>
<hr />
<div>[[Category:Graphics]]<br />
[[Category:X server]]<br />
[[cs:NVIDIA]]<br />
[[de:Nvidia]]<br />
[[es:NVIDIA]]<br />
[[fa:اِنویدیا]]<br />
[[fr:Nvidia]]<br />
[[it:NVIDIA]]<br />
[[ja:NVIDIA]]<br />
[[nl:NVIDIA]]<br />
[[ru:NVIDIA]]<br />
[[tr:Nvidia]]<br />
[[zh-CN:NVIDIA]]<br />
{{Related articles start}}<br />
{{Related|Nouveau}}<br />
{{Related|Bumblebee}}<br />
{{Related|NVIDIA Optimus}}<br />
{{Related|Xorg}}<br />
{{Related articles end}}<br />
<br />
This article covers installing and configuring [http://www.nvidia.com NVIDIA]'s ''proprietary'' graphic card driver. For information about the open-source drivers, see [[Nouveau]]. If you have a laptop with hybrid Intel/NVIDIA graphics, see [[NVIDIA Optimus]] instead.<br />
<br />
== Installing ==<br />
<br />
{{Warning|Avoid installing the NVIDIA driver through the package provided from the NVIDIA website. Installation through [[pacman]] allows upgrading the driver together with the rest of the system.}}<br />
<br />
These instructions are for those using the stock {{Pkg|linux}} or {{Pkg|linux-lts}} packages. For custom kernel setup, skip to the [[#Alternate install: custom kernel|next]] subsection.<br />
<br />
1. If you do not know what graphics card you have, find out by issuing:<br />
:{{bc|<nowiki>$ lspci -k | grep -A 2 -E "(VGA|3D)"</nowiki>}}<br />
<br />
2. Determine the necessary driver version for your card by:<br />
:* finding the code name (e.g. NV50, NVC0, etc.) on [http://nouveau.freedesktop.org/wiki/CodeNames nouveau wiki's code names page]<br />
:* looking up the name in NVIDIA's [http://www.nvidia.com/object/IO_32667.html legacy card list]: if your card is not there you can use the latest driver<br />
:* visiting NVIDIA's [http://www.nvidia.com/Download/index.aspx driver download site]<br />
<br />
3. Install the appropriate driver for your card:<br />
:* For GeForce 400 series cards and newer [NVCx and newer], [[install]] the {{Pkg|nvidia}} or {{Pkg|nvidia-lts}} package along with {{Pkg|nvidia-libgl}}.<br />
:* For GeForce 8000/9000, ION and 100-300 series cards [NV5x, NV8x, NV9x and NVAx] from around 2006-2010, [[install]] the {{Pkg|nvidia-340xx}} or {{Pkg|nvidia-340xx-lts}} package along with {{Pkg|nvidia-340xx-libgl}}.<br />
:* For GeForce 6000/7000 series cards [NV4x and NV6x] from around 2004-2006, [[install]] the {{Pkg|nvidia-304xx}} or {{Pkg|nvidia-304xx-lts}} package along with {{Pkg|nvidia-304xx-libgl}}.<br />
<br />
:* For even older cards, have a look at [[#Unsupported drivers]].<br />
:* For the very latest GPU models, it may be required to [[install]] the {{AUR|nvidia-beta}} package, since the stable drivers may not support the newly introduced features.<br />
<br />
4. If you are on 64-bit and also need 32-bit OpenGL support, you must also install the equivalent ''lib32'' package from the [[multilib]] repository (e.g. {{Pkg|lib32-nvidia-libgl}}, {{Pkg|lib32-nvidia-340xx-libgl}} or {{Pkg|lib32-nvidia-304xx-libgl}}).<br />
<br />
5. Reboot. The {{Pkg|nvidia}} package contains a file which blacklists the ''nouveau'' module, so rebooting is necessary.<br />
<br />
Once the driver has been installed, continue to [[#Configuring]].<br />
<br />
=== Unsupported drivers ===<br />
<br />
If you have a GeForce 5 FX series card or older, Nvidia no longer supports drivers for your card. This means that these drivers [http://nvidia.custhelp.com/app/answers/detail/a_id/3142/ do not support the current Xorg version]. It thus might be easier if you use the [[nouveau]] driver, which supports the old cards with the current Xorg.<br />
<br />
However, Nvidia's legacy drivers are still available and might provide better 3D performance/stability if you are willing to downgrade Xorg:<br />
<br />
* For GeForce 5 FX series cards [NV30-NV36], install the {{AUR|nvidia-173xx-dkms}} package. Last supported Xorg version is 1.15.<br />
* For GeForce 2/3/4 MX/Ti series cards [NV11, NV17-NV28], install the {{AUR|nvidia-96xx-dkms}} package. Last supported Xorg version is 1.12.<br />
<br />
{{Tip|The legacy nvidia-96xx-dkms and nvidia-173xx-dkms drivers can also be installed from the unofficial [http://pkgbuild.com/~bgyorgy/city.html <nowiki>[city] repository</nowiki>]. (It is strongly advised that you do not skip any dependencies restriction when installing from here)}}<br />
<br />
=== Alternate install: custom kernel ===<br />
<br />
First of all, it is good to know how the ABS works by reading some of the other articles about it:<br />
<br />
* Main article for [[ABS]]<br />
* Article on [[makepkg]]<br />
* Article on [[Creating packages]]<br />
<br />
The following is a short tutorial for making a custom NVIDIA driver package using [[ABS]]:<br />
<br />
[[Install]] the {{Pkg|abs}} package and generate the tree with:<br />
# abs<br />
As a standard user, make a temporary directory for creating the new package:<br />
$ mkdir -p ~/abs<br />
Make a copy of the {{ic|nvidia}} package directory:<br />
$ cp -r /var/abs/extra/nvidia/ ~/abs/<br />
Go into the temporary {{ic|nvidia}} build directory:<br />
$ cd ~/abs/nvidia<br />
It is required to edit the files {{ic|nvidia.install}} and {{ic|PKGBUILD}} so that they contain the right kernel version variables.<br />
<br />
While running the custom kernel, get the appropriate kernel and local version names:<br />
$ uname -r<br />
# In nvidia.install, replace the {{ic|EXTRAMODULES<nowiki>=</nowiki>'extramodules-3.4-ARCH'}} variable with the custom kernel version, such as {{ic|EXTRAMODULES<nowiki>=</nowiki>'extramodules-3.4.4'}} or {{ic|EXTRAMODULES<nowiki>=</nowiki>'extramodules-3.4.4-custom'}} depending on what the kernel's version is and the local version's text/numbers. Do this for all instances of the version number within this file.<br />
# In PKGBUILD, change the {{ic|_extramodules<nowiki>=</nowiki>extramodules-3.4-ARCH}} variable to match the appropriate version, as above.<br />
# If there are multiple kernels installed in parallel (such as a custom kernel alongside the default -ARCH kernel), change the {{ic|pkgname<nowiki>=</nowiki>nvidia}} variable in the PKGBUILD to a unique identifier, such as nvidia-344 or nvidia-custom. This will allow both kernels to use the nvidia module, since the custom nvidia module has a different package name and will not overwrite the original. You will also need to comment the line in {{ic|package()}} that blacklists the nouveau module in {{ic|/usr/lib/modprobe.d/nvidia.conf}} (no need to do it again).<br />
<br />
Then do:<br />
$ makepkg -ci<br />
The {{ic|-c}} operand tells makepkg to clean left over files after building the package, whereas {{ic|-i}} specifies that makepkg should automatically run pacman to install the resulting package.<br />
<br />
==== Automatic re-compilation of the NVIDIA module with kernel update ====<br />
<br />
This is possible with [[DKMS]]. Install the {{Pkg|nvidia-dkms}} package (or a specific branch such as {{Pkg|nvidia-340xx-dkms}}) and make sure that the {{ic|dkms.service}} systemd unit is enabled.<br />
<br />
See [[Dynamic Kernel Module Support#Usage]] for more information on how to use DKMS.<br />
<br />
=== Pure Video HD (VDPAU/VAAPI) ===<br />
<br />
At least a video card with second generation [[wikipedia:Nvidia PureVideo#Table of GPUs containing a PureVideo SIP block|PureVideo HD]] is required to use [[VDPAU]] and [[VA-API]].<br />
<br />
== Configuring ==<br />
<br />
It is possible that after installing the driver it may not be needed to create an Xorg server configuration file. You can run [[Xorg#Running|a test]] to see if the Xorg server will function correctly without a configuration file. However, it may be required to create a configuration file (prefer {{ic|/etc/X11/xorg.conf.d/20-nvidia.conf}} over {{ic|/etc/X11/xorg.conf}}) in order to adjust various settings. This configuration can be generated by the NVIDIA Xorg configuration tool, or it can be created manually. If created manually, it can be a minimal configuration (in the sense that it will only pass the basic options to the [[Xorg]] server), or it can include a number of settings that can bypass Xorg's auto-discovered or pre-configured options.<br />
{{Note|Since 1.8.x Xorg uses separate configuration files in {{ic|/etc/X11/xorg.conf.d/}} - check out [[#Advanced: 20-nvidia.conf|advanced configuration]] section.}}<br />
<br />
=== Minimal configuration ===<br />
<br />
A basic configuration block in {{ic|20-nvidia.conf}} (or deprecated in {{ic|xorg.conf}}) would look like this:<br />
<br />
{{hc|/etc/X11/xorg.conf.d/20-nvidia.conf|<br />
Section "Device"<br />
Identifier "Nvidia Card"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
Option "NoLogo" "true"<br />
#Option "UseEDID" "false"<br />
#Option "ConnectedMonitor" "DFP"<br />
# ...<br />
EndSection<br />
}}<br />
<br />
{{Tip|If upgrading from nouveau make sure to remove "{{ic|nouveau}}" from {{ic|/etc/mkinitcpio.conf}}. See [[#Switching between NVIDIA and nouveau drivers|Switching between NVIDIA and nouveau drivers]], if switching between the open and proprietary drivers often.}}<br />
<br />
=== Automatic configuration ===<br />
<br />
The NVIDIA package includes an automatic configuration tool to create an Xorg server configuration file ({{ic|xorg.conf}}) and can be run by:<br />
# nvidia-xconfig<br />
<br />
This command will auto-detect and create (or edit, if already present) the {{ic|/etc/X11/xorg.conf}} configuration according to present hardware.<br />
<br />
If there are instances of DRI, ensure they are commented out:<br />
# Load "dri"<br />
Double check your {{ic|/etc/X11/xorg.conf}} to make sure your default depth, horizontal sync, vertical refresh, and resolutions are acceptable.<br />
<br />
{{Warning|That may still not work properly with Xorg-server 1.8 }}<br />
<br />
=== Multiple monitors ===<br />
<br />
:''See [[Multihead]] for more general information''<br />
<br />
==== Using NVIDIA Settings ====<br />
<br />
You can use the {{ic|nvidia-settings}} tool provided by {{Pkg|nvidia-utils}} to configure your multi-monitor setup. With this method, you will use the proprietary software NVIDIA provides with their drivers. Simply run {{ic|nvidia-settings}} as root, then configure as you wish, and then save the configuration to {{ic|/etc/X11/xorg.conf.d/10-monitor.conf}}.<br />
<br />
==== ConnectedMonitor ====<br />
<br />
If the driver does not properly detect a second monitor, you can force it to do so with ConnectedMonitor. <br />
<br />
{{hc|/etc/X11/xorg.conf|<br />
<br />
Section "Monitor"<br />
Identifier "Monitor1"<br />
VendorName "Panasonic"<br />
ModelName "Panasonic MICRON 2100Ex"<br />
HorizSync 30.0 - 121.0 # this monitor has incorrect EDID, hence Option "UseEDIDFreqs" "false"<br />
VertRefresh 50.0 - 160.0<br />
Option "DPMS"<br />
EndSection<br />
<br />
Section "Monitor"<br />
Identifier "Monitor2"<br />
VendorName "Gateway"<br />
ModelName "GatewayVX1120"<br />
HorizSync 30.0 - 121.0<br />
VertRefresh 50.0 - 160.0<br />
Option "DPMS"<br />
EndSection<br />
<br />
Section "Device"<br />
Identifier "Device1"<br />
Driver "nvidia"<br />
Option "NoLogo"<br />
Option "UseEDIDFreqs" "false"<br />
Option "ConnectedMonitor" "CRT,CRT"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 6200 LE"<br />
BusID "PCI:3:0:0"<br />
Screen 0<br />
EndSection<br />
<br />
Section "Device"<br />
Identifier "Device2"<br />
Driver "nvidia"<br />
Option "NoLogo"<br />
Option "UseEDIDFreqs" "false"<br />
Option "ConnectedMonitor" "CRT,CRT"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 6200 LE"<br />
BusID "PCI:3:0:0"<br />
Screen 1<br />
EndSection<br />
<br />
}}<br />
<br />
The duplicated device with {{ic|Screen}} is how you get X to use two monitors on one card without {{ic|TwinView}}. Note that {{ic|nvidia-settings}} will strip out any {{ic|ConnectedMonitor}} options you have added.<br />
<br />
==== TwinView ====<br />
<br />
You want only one big screen instead of two. Set the {{ic|TwinView}} argument to {{ic|1}}. This option should be used if you desire compositing. TwinView only works on a per card basis, when all participating monitors are connected to the same card.<br />
Option "TwinView" "1"<br />
<br />
Example configuration:<br />
{{hc|/etc/X11/xorg.conf.d/10-monitor.conf|<br />
Section "ServerLayout"<br />
Identifier "TwinLayout"<br />
Screen 0 "metaScreen" 0 0<br />
EndSection<br />
<br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
Option "Enable" "true"<br />
EndSection<br />
<br />
Section "Monitor"<br />
Identifier "Monitor1"<br />
Option "Enable" "true"<br />
EndSection<br />
<br />
Section "Device"<br />
Identifier "Card0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
<br />
#refer to the link below for more information on each of the following options.<br />
Option "HorizSync" "DFP-0: 28-33; DFP-1 28-33"<br />
Option "VertRefresh" "DFP-0: 43-73; DFP-1 43-73"<br />
Option "MetaModes" "1920x1080, 1920x1080"<br />
Option "ConnectedMonitor" "DFP-0, DFP-1"<br />
Option "MetaModeOrientation" "DFP-1 LeftOf DFP-0"<br />
EndSection<br />
<br />
Section "Screen"<br />
Identifier "metaScreen"<br />
Device "Card0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
Option "TwinView" "True"<br />
SubSection "Display"<br />
Modes "1920x1080"<br />
EndSubSection<br />
EndSection<br />
}}<br />
<br />
[ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/configtwinview.html Device option information].<br />
<br />
If you have multiple cards that are SLI capable, it is possible to run more than one monitor attached to separate cards (for example: two cards in SLI with one monitor attached to each). The "MetaModes" option in conjunction with SLI Mosaic mode enables this. Below is a configuration which works for the aforementioned example and runs [[GNOME]] flawlessly.<br />
{{hc|/etc/X11/xorg.conf.d/10-monitor.conf|<br />
Section "Device"<br />
Identifier "Card A"<br />
Driver "nvidia"<br />
BusID "PCI:1:00:0"<br />
EndSection<br />
<br />
Section "Device"<br />
Identifier "Card B"<br />
Driver "nvidia"<br />
BusID "PCI:2:00:0"<br />
EndSection<br />
<br />
Section "Monitor"<br />
Identifier "Right Monitor"<br />
EndSection<br />
<br />
Section "Monitor"<br />
Identifier "Left Monitor"<br />
EndSection<br />
<br />
Section "Screen"<br />
Identifier "Right Screen"<br />
Device "Card A"<br />
Monitor "Right Monitor"<br />
DefaultDepth 24<br />
Option "SLI" "Mosaic"<br />
Option "Stereo" "0"<br />
Option "BaseMosaic" "True"<br />
Option "MetaModes" "GPU-0.DFP-0: 1920x1200+4480+0, GPU-1.DFP-0:1920x1200+0+0"<br />
SubSection "Display"<br />
Depth 24<br />
EndSubSection<br />
EndSection<br />
<br />
Section "Screen"<br />
Identifier "Left Screen"<br />
Device "Card B"<br />
Monitor "Left Monitor"<br />
DefaultDepth 24<br />
Option "SLI" "Mosaic"<br />
Option "Stereo" "0"<br />
Option "BaseMosaic" "True"<br />
Option "MetaModes" "GPU-0.DFP-0: 1920x1200+4480+0, GPU-1.DFP-0:1920x1200+0+0"<br />
SubSection "Display"<br />
Depth 24<br />
EndSubSection<br />
EndSection<br />
<br />
Section "ServerLayout"<br />
Identifier "Default"<br />
Screen 0 "Right Screen" 0 0<br />
Option "Xinerama" "0"<br />
EndSection}}<br />
<br />
===== Manual CLI configuration with xrandr =====<br />
{{Accuracy|Do these commands set up the monitors in ''TwinView'' mode?}}<br />
<br />
If the latest solutions do not work for you, you can use your window manager's ''autostart'' implementation with {{Pkg|xorg-xrandr}}.<br />
<br />
Some {{ic|xrandr}} examples could be:<br />
<br />
xrandr --output DVI-I-0 --auto --primary --left-of DVI-I-1<br />
<br />
or:<br />
<br />
xrandr --output DVI-I-1 --pos 1440x0 --mode 1440x900 --rate 75.0<br />
<br />
When:<br />
<br />
* {{ic|--output}} is used to indicate the "monitor" to which the options are set.<br />
* {{ic|DVI-I-1}} is the name of the second monitor.<br />
* {{ic|--pos}} is the position of the second monitor relative to the first.<br />
* {{ic|--mode}} is the resolution of the second monitor.<br />
* {{ic|--rate}} is the refresh rate (in Hz).<br />
<br />
==== Mosaic mode ====<br />
<br />
Mosaic mode is the only way to use more than 2 monitors across multiple graphics cards with compositing. Your window manager may or may not recognize the distinction between each monitor.<br />
<br />
===== Base Mosaic =====<br />
<br />
Base Mosaic mode works on any set of Geforce 8000 series or higher GPUs. It cannot be enabled from within the nvidia-setting GUI. You must either use the {{ic|nvidia-xconfig}} command line program or edit {{ic|xorg.conf}} by hand. Metamodes must be specified. The following is an example for four DFPs in a 2x2 configuration, each running at 1920x1024, with two DFPs connected to two cards:<br />
$ nvidia-xconfig --base-mosaic --metamodes="GPU-0.DFP-0: 1920x1024+0+0, GPU-0.DFP-1: 1920x1024+1920+0, GPU-1.DFP-0: 1920x1024+0+1024, GPU-1.DFP-1: 1920x1024+1920+1024"<br />
<br />
{{Note|While the documentation lists a 2x2 configuration of monitors, Nvidia has reduced that ability to just 3 monitors in Base Mosaic mode as of driver version 304. More monitors are available with a Quadro card, but with standard consumer cards, it is limited to three. The explanation given for this reduction is "Feature parity with the Windows driver". As of September 2014, Windows has no restriction on the number of monitors, even on the same driver version. This is not a bug, this is entirely by design.}}<br />
<br />
===== SLI Mosaic =====<br />
<br />
If you have an SLI configuration and each GPU is a Quadro FX 5800, Quadro Fermi or newer then you can use SLI Mosaic mode. It can be enabled from within the nvidia-settings GUI or from the command line with:<br />
$ nvidia-xconfig --sli=Mosaic --metamodes="GPU-0.DFP-0: 1920x1024+0+0, GPU-0.DFP-1: 1920x1024+1920+0, GPU-1.DFP-0: 1920x1024+0+1024, GPU-1.DFP-1: 1920x1024+1920+1024"<br />
<br />
=== Driver Persistence ===<br />
<br />
Since version 319, Nvidia has changed the way driver persistence works, it now has a daemon that is to be run at boot. See the [http://docs.nvidia.com/deploy/driver-persistence/index.html Driver Persistence] section of the Nvidia documentation for more details.<br />
<br />
To start the persistence daemon at boot, [[enable]] the {{ic|nvidia-persistenced.service}}. For manual usage see the [http://docs.nvidia.com/deploy/driver-persistence/index.html#usage upstream documentation].<br />
<br />
== Tweaking ==<br />
<br />
=== GUI: nvidia-settings ===<br />
<br />
The NVIDIA package includes the {{ic|nvidia-settings}} program that allows adjustment of several additional settings.<br />
<br />
For the settings to be loaded on login, run this command from the terminal:<br />
$ nvidia-settings --load-config-only<br />
<br />
The desktop environment's auto-startup method 'may' not work for loading nvidia-settings properly (KDE). To be sure that settings are really loaded put the command in ~/.xinitrc file (create if not present).<br />
<br />
{{Tip|On rare occasions the {{ic|~/.nvidia-settings-rc}} may become corrupt. If this happens, the Xorg server may crash and the file will have to be deleted to fix the problem.}}<br />
<br />
=== Advanced: 20-nvidia.conf ===<br />
<br />
Edit {{ic|/etc/X11/xorg.conf.d/20-nvidia.conf}}, and add the option to the correct section. The Xorg server will need to be restarted before any changes are applied.<br />
<br />
See [ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/README.txt NVIDIA Accelerated Linux Graphics Driver README and Installation Guide] for additional details and options.<br />
<br />
==== Disabling the logo on startup ====<br />
<br />
Add the {{ic|"NoLogo"}} option under section {{ic|Device}}:<br />
Option "NoLogo" "1"<br />
<br />
==== Overriding monitor detection ====<br />
<br />
The {{ic|"ConnectedMonitor"}} option under section {{ic|Device}} allows to override monitor detection when X server starts, which may save a significant amount of time at start up. The available options are: {{ic|"CRT"}} for analog connections, {{ic|"DFP"}} for digital monitors and {{ic|"TV"}} for televisions.<br />
<br />
The following statement forces the NVIDIA driver to bypass startup checks and recognize the monitor as DFP:<br />
Option "ConnectedMonitor" "DFP"<br />
{{Note| Use "CRT" for all analog 15 pin VGA connections, even if the display is a flat panel. "DFP" is intended for DVI, HDMI, or DisplayPort digital connections only.}}<br />
<br />
==== Enabling brightness control ====<br />
<br />
Add under section {{ic|Device}}:<br />
Option "RegistryDwords" "EnableBrightnessControl=1"<br />
<br />
If brightness control still does not work with this option, try installing {{AUR|nvidia-bl}} or {{AUR|nvidiabl}}.<br />
<br />
==== Enabling SLI ====<br />
<br />
{{Warning|As of May 7, 2011, you may experience sluggish video performance in GNOME 3 after enabling SLI.}}<br />
<br />
Taken from the NVIDIA driver's [ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/xconfigoptions.html README] Appendix B: ''This option controls the configuration of SLI rendering in supported configurations.'' A "supported configuration" is a computer equipped with an SLI-Certified Motherboard and 2 or 3 SLI-Certified GeForce GPUs. See NVIDIA's [http://www.slizone.com/page/home.html SLI Zone] for more information.<br />
<br />
Find the first GPU's PCI Bus ID using {{ic|lspci}}:<br />
{{hc|<nowiki>$ lspci | grep VGA</nowiki>|<br />
03:00.0 VGA compatible controller: nVidia Corporation G92 [GeForce 8800 GTS 512] (rev a2)<br />
05:00.0 VGA compatible controller: nVidia Corporation G92 [GeForce 8800 GTS 512] (rev a2)<br />
}}<br />
<br />
Add the BusID (3 in the previous example) under section {{ic|Device}}:<br />
BusID "PCI:3:0:0"<br />
<br />
{{Note|The format is important. The BusID value must be specified as {{ic|"PCI:<BusID>:0:0"}}}}<br />
<br />
Add the desired SLI rendering mode value under section {{ic|Screen}}:<br />
Option "SLI" "AA"<br />
<br />
The following table presents the available rendering modes.<br />
<br />
{| class="wikitable"<br />
! Value !! Behavior<br />
|-<br />
| 0, no, off, false, Single || Use only a single GPU when rendering.<br />
|-<br />
| 1, yes, on, true, Auto || Enable SLI and allow the driver to automatically select the appropriate rendering mode.<br />
|-<br />
| AFR || Enable SLI and use the alternate frame rendering mode.<br />
|-<br />
| SFR || Enable SLI and use the split frame rendering mode.<br />
|-<br />
| AA || Enable SLI and use SLI antialiasing. Use this in conjunction with full scene antialiasing to improve visual quality.<br />
|}<br />
<br />
Alternatively, you can use the {{ic|nvidia-xconfig}} utility to insert these changes into {{ic|xorg.conf}} with a single command:<br />
# nvidia-xconfig --busid=PCI:3:0:0 --sli=AA<br />
<br />
To verify that SLI mode is enabled from a shell:<br />
{{hc|<nowiki>$ nvidia-settings -q all | grep SLIMode</nowiki>|<br />
Attribute 'SLIMode' (arch:0.0): AA <br />
'SLIMode' is a string attribute.<br />
'SLIMode' is a read-only attribute.<br />
'SLIMode' can use the following target types: X Screen.<br />
}}<br />
<br />
{{Warning| After enabling SLI, your system may become frozen/non-responsive upon starting xorg. It is advisable that you disable your display manager before restarting.}}<br />
<br />
==== Enabling overclocking ====<br />
<br />
{{Warning|Please note that overclocking may damage hardware and that no responsibility may be placed on the authors of this page due to any damage to any information technology equipment from operating products out of specifications set by the manufacturer.}}<br />
<br />
Overclocking is controlled via ''Coolbits'' option in the {{ic|Device}} section, which enables various unsupported features:<br />
Option "Coolbits" "''value''"<br />
<br />
{{Tip|The ''Coolbits'' option can be easily controlled with the ''nvidia-xconfig'', which manipulates the Xorg configuration files: {{bc|1=# nvidia-xconfig --cool-bits=''value''}}}}<br />
<br />
The ''Coolbits'' value is the sum of its component bits in the binary numeral system. The component bits are:<br />
<br />
* {{ic|1}} (bit 0) - Enables overclocking of older (pre-Fermi) cores on the ''Clock Frequencies'' page in ''nvidia-settings''.<br />
* {{ic|2}} (bit 1) - When this bit is set, the driver will "attempt to initialize SLI when using GPUs with different amounts of video memory".<br />
* {{ic|4}} (bit 2) - Enables manual configuration of GPU fan speed on the ''Thermal Monitor'' page in ''nvidia-settings''.<br />
* {{ic|8}} (bit 3) - Enables overclocking on the ''PowerMizer'' page in ''nvidia-settings''. Available since version 337.12 for the Fermi architecture and newer.[http://www.phoronix.com/scan.php?px=MTY1OTM&page=news_item]<br />
* {{ic|16}} (bit 4) - Enables overvoltage using ''nvidia-settings'' CLI options. Available since version 346.16 for the Fermi architecture and newer.[http://www.phoronix.com/scan.php?page=news_item&px=MTg0MDI]<br />
<br />
To enable multiple features, add the ''Coolbits'' values together. For example, to enable overclocking and overvoltage of Fermi cores, set {{ic|Option "Coolbits" "24"}}.<br />
<br />
The documentation of ''Coolbits'' can be found in {{ic|/usr/share/doc/nvidia/html/xconfigoptions.html}}. Driver version 346.16 documentation on ''Coolbits'' can be found online [ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/xconfigoptions.html here].<br />
<br />
{{Note|An alternative is to edit and reflash the GPU BIOS either under DOS (preferred), or within a Win32 environment by way of [http://www.mvktech.net/component/option,com_remository/Itemid,26/func,select/id,127/orderby,2/page,1/ nvflash]{{Dead link|2013|05|25}} and [http://www.mvktech.net/component/option,com_remository/Itemid,26/func,select/id,135/orderby,2/page,1/ NiBiTor 6.0]{{Dead link|2013|05|25}}. The advantage of BIOS flashing is that not only can voltage limits be raised, but stability is generally improved over software overclocking methods such as Coolbits. [http://ivanvojtko.blogspot.sk/2014/03/how-to-overclock-geforce-460gtx-fermi.html Fermi BIOS modification tutorial]}}<br />
<br />
===== Setting static 2D/3D clocks =====<br />
<br />
Set the following string in the {{ic|Device}} section to enable PowerMizer at its maximum performance level (VSync will not work without this line):<br />
Option "RegistryDwords" "PerfLevelSrc=0x2222"<br />
<br />
== Tips and tricks ==<br />
<br />
=== Fixing terminal resolution ===<br />
Transitioning from nouveau may cause your startup terminal to display at a lower resolution. For GRUB, see [[GRUB/Tips and tricks#Setting the framebuffer resolution]] for details.<br />
<br />
=== Avoid screen tearing in KDE (KWin) ===<br />
<br />
{{hc|/etc/profile.d/kwin.sh|<nowiki><br />
export __GL_YIELD="USLEEP"<br />
</nowiki>}}<br />
<br />
Also if the above does not help, then try this:<br />
{{hc|/etc/profile.d/kwin.sh|<nowiki><br />
export KWIN_TRIPLE_BUFFER=1<br />
</nowiki>}}<br />
<br />
Do not have both of the above enabled at the same time.<br />
Also if you enable triple buffering make sure to enable TripleBuffering for the driver itself.<br />
Source: https://bugs.kde.org/show_bug.cgi?id=322060<br />
<br />
=== Hardware accelerated video decoding with XvMC ===<br />
<br />
Accelerated decoding of MPEG-1 and MPEG-2 videos via [[XvMC]] are supported on GeForce4, GeForce 5 FX, GeForce 6 and GeForce 7 series cards. To use it, create a new file {{ic|/etc/X11/XvMCConfig}} with the following content:<br />
libXvMCNVIDIA_dynamic.so.1<br />
<br />
See how to configure [[XvMC#Supported software|supported software]].<br />
<br />
=== Using TV-out ===<br />
<br />
A good article on the subject can be found [http://en.wikibooks.org/wiki/NVidia/TV-OUT here].<br />
<br />
=== X with a TV (DFP) as the only display ===<br />
<br />
The X server falls back to CRT-0 if no monitor is automatically detected. This can be a problem when using a DVI connected TV as the main display, and X is started while the TV is turned off or otherwise disconnected.<br />
<br />
To force NVIDIA to use DFP, store a copy of the EDID somewhere in the filesystem so that X can parse the file instead of reading EDID from the TV/DFP.<br />
<br />
To acquire the EDID, start nvidia-settings. It will show some information in tree format, ignore the rest of the settings for now and select the GPU (the corresponding entry should be titled "GPU-0" or similar), click the {{ic|DFP}} section (again, {{ic|DFP-0}} or similar), click on the {{ic|Acquire Edid}} Button and store it somewhere, for example, {{ic|/etc/X11/dfp0.edid}}.<br />
<br />
If in the front-end mouse and keyboard are not attached, the EDID can be acquired using only the command line. Run an X server with enough verbosity to print out the EDID block:<br />
$ startx -- -logverbose 6<br />
After the X Server has finished initializing, close it and your log file will probably be in {{ic|/var/log/Xorg.0.log}}. Extract the EDID block using nvidia-xconfig:<br />
$ nvidia-xconfig --extract-edids-from-file=/var/log/Xorg.0.log --extract-edids-output-file=/etc/X11/dfp0.bin<br />
<br />
Edit {{ic|xorg.conf}} by adding to the {{ic|Device}} section:<br />
Option "ConnectedMonitor" "DFP"<br />
Option "CustomEDID" "DFP-0:/etc/X11/dfp0.edid"<br />
The {{ic|ConnectedMonitor}} option forces the driver to recognize the DFP as if it were connected. The {{ic|CustomEDID}} provides EDID data for the device, meaning that it will start up just as if the TV/DFP was connected during X the process.<br />
<br />
This way, one can automatically start a display manager at boot time and still have a working and properly configured X screen by the time the TV gets powered on.<br />
<br />
If the above changes did not work, in the {{ic|xorg.conf}} under {{ic|Device}} section you can try to remove the {{ic|Option "ConnectedMonitor" "DFP"}} and add the following lines:<br />
Option "ModeValidation" "NoDFPNativeResolutionCheck"<br />
Option "ConnectedMonitor" "DFP-0"<br />
<br />
The {{ic|NoDFPNativeResolutionCheck}} prevents NVIDIA driver from disabling all the modes that do not fit in the native resolution.<br />
<br />
=== Check the power source ===<br />
<br />
The NVIDIA X.org driver can also be used to detect the GPU's current source of power. To see the current power source, check the 'GPUPowerSource' read-only parameter (0 - AC, 1 - battery):<br />
<br />
{{hc|$ nvidia-settings -q GPUPowerSource -t|1}}<br />
<br />
=== Listening to ACPI events ===<br />
<br />
NVIDIA drivers automatically try to connect to the [[acpid]] daemon and listen to ACPI events such as battery power, docking, some hotkeys, etc. If connection fails, X.org will output the following warning:<br />
<br />
{{hc|~/.local/share/xorg/Xorg.0.log|<br />
NVIDIA(0): ACPI: failed to connect to the ACPI event daemon; the daemon<br />
NVIDIA(0): may not be running or the "AcpidSocketPath" X<br />
NVIDIA(0): configuration option may not be set correctly. When the<br />
NVIDIA(0): ACPI event daemon is available, the NVIDIA X driver will<br />
NVIDIA(0): try to use it to receive ACPI event notifications. For<br />
NVIDIA(0): details, please see the "ConnectToAcpid" and<br />
NVIDIA(0): "AcpidSocketPath" X configuration options in Appendix B: X<br />
NVIDIA(0): Config Options in the README.<br />
}}<br />
<br />
While completely harmless, you may get rid of this message by disabling the {{ic|ConnectToAcpid}} option in your {{ic|/etc/X11/xorg.conf.d/20-nvidia.conf}}:<br />
<br />
Section "Device"<br />
...<br />
Driver "nvidia"<br />
Option "ConnectToAcpid" "0"<br />
...<br />
EndSection<br />
<br />
If you are on laptop, it might be a good idea to install and enable the [[acpid]] daemon instead.<br />
<br />
=== Displaying GPU temperature in the shell ===<br />
<br />
==== Method 1 - nvidia-settings ====<br />
<br />
{{Note|This method requires that you are using X. Use Method 2 or Method 3 if you are not. Also note that Method 3 currently does not not work with newer NVIDIA cards such as GeForce 200 series cards as well as embedded GPUs such as the Zotac IONITX's 8800GS.}}<br />
<br />
To display the GPU temp in the shell, use {{ic|nvidia-settings}} as follows:<br />
$ nvidia-settings -q gpucoretemp<br />
<br />
This will output something similar to the following:<br />
Attribute 'GPUCoreTemp' (hostname:0.0): 41.<br />
'GPUCoreTemp' is an integer attribute.<br />
'GPUCoreTemp' is a read-only attribute.<br />
'GPUCoreTemp' can use the following target types: X Screen, GPU.<br />
<br />
The GPU temps of this board is 41 C.<br />
<br />
In order to get just the temperature for use in utils such as {{ic|rrdtool}} or {{ic|conky}}, among others:<br />
{{hc|$ nvidia-settings -q gpucoretemp -t|41}}<br />
<br />
==== Method 2 - nvidia-smi ====<br />
<br />
Use nvidia-smi which can read temps directly from the GPU without the need to use X at all. This is important for a small group of users who do not have X running on their boxes, perhaps because the box is headless running server apps. <br />
To display the GPU temperature in the shell, use nvidia-smi as follows:<br />
<br />
$ nvidia-smi<br />
<br />
This should output something similar to the following:<br />
{{hc|$ nvidia-smi|<nowiki><br />
Fri Jan 6 18:53:54 2012 <br />
+------------------------------------------------------+ <br />
| NVIDIA-SMI 2.290.10 Driver Version: 290.10 | <br />
|-------------------------------+----------------------+----------------------+<br />
| Nb. Name | Bus Id Disp. | Volatile ECC SB / DB |<br />
| Fan Temp Power Usage /Cap | Memory Usage | GPU Util. Compute M. |<br />
|===============================+======================+======================|<br />
| 0. GeForce 8500 GT | 0000:01:00.0 N/A | N/A N/A |<br />
| 30% 62 C N/A N/A / N/A | 17% 42MB / 255MB | N/A Default |<br />
|-------------------------------+----------------------+----------------------|<br />
| Compute processes: GPU Memory |<br />
| GPU PID Process name Usage |<br />
|=============================================================================|<br />
| 0. ERROR: Not Supported |<br />
+-----------------------------------------------------------------------------+<br />
</nowiki>}}<br />
<br />
Only for temperature:<br />
{{hc|$ nvidia-smi -q -d TEMPERATURE|<nowiki><br />
<br />
==============NVSMI LOG==============<br />
<br />
Timestamp : Sun Apr 12 08:49:10 2015<br />
Driver Version : 346.59<br />
<br />
Attached GPUs : 1<br />
GPU 0000:01:00.0<br />
Temperature<br />
GPU Current Temp : 52 C<br />
GPU Shutdown Temp : N/A<br />
GPU Slowdown Temp : N/A<br />
<br />
</nowiki>}}<br />
<br />
In order to get just the temperature for use in utils such as rrdtool or conky, among others:<br />
<br />
{{hc|<nowiki>$ nvidia-smi --query-gpu=temperature.gpu --format=csv,noheader,nounits</nowiki>|52}}<br />
<br />
Reference: http://www.question-defense.com/2010/03/22/gpu-linux-shell-temp-get-nvidia-gpu-temperatures-via-linux-cli.<br />
<br />
==== Method 3 - nvclock ====<br />
<br />
Use {{AUR|nvclock}} which is available from the [[AUR]].<br />
{{Note|{{ic|nvclock}} cannot access thermal sensors on newer NVIDIA cards such as Geforce 200 series cards.}}<br />
<br />
There can be significant differences between the temperatures reported by nvclock and nvidia-settings/nv-control. According to [http://sourceforge.net/projects/nvclock/forums/forum/67426/topic/1906899 this post] by the author (thunderbird) of nvclock, the nvclock values should be more accurate.<br />
<br />
=== Set fan speed at login ===<br />
<br />
{{Poor writing|Refer to [[#Enabling overclocking]] for description of ''Coolbits''.}}<br />
<br />
You can adjust the fan speed on your graphics card with ''nvidia-settings''' console interface. First ensure that your Xorg configuration sets the Coolbits option to {{ic|4}}, {{ic|5}} or {{ic|12}} for fermi and above in your {{ic|Device}} section to enable fan control.<br />
<br />
Option "Coolbits" "4"<br />
<br />
{{Note|GeForce 400/500 series cards cannot currently set fan speeds at login using this method. This method only allows for the setting of fan speeds within the current X session by way of nvidia-settings.}}<br />
<br />
Place the following line in your [[xinitrc]] file to adjust the fan when you launch Xorg. Replace {{ic|''n''}} with the fan speed percentage you want to set.<br />
<br />
nvidia-settings -a "[gpu:0]/GPUFanControlState=1" -a "[fan:0]/GPUCurrentFanSpeed=''n''"<br />
<br />
You can also configure a second GPU by incrementing the GPU and fan number.<br />
<br />
nvidia-settings -a "[gpu:0]/GPUFanControlState=1" -a "[fan:0]/GPUCurrentFanSpeed=''n''" \<br />
-a "[gpu:1]/GPUFanControlState=1" -a [fan:1]/GPUCurrentFanSpeed=''n''" &<br />
<br />
If you use a login manager such as GDM or KDM, you can create a desktop entry file to process this setting. Create {{ic|~/.config/autostart/nvidia-fan-speed.desktop}} and place this text inside it. Again, change {{ic|''n''}} to the speed percentage you want.<br />
<br />
[Desktop Entry]<br />
Type=Application<br />
Exec=nvidia-settings -a "[gpu:0]/GPUFanControlState=1" -a "[fan:0]/GPUCurrentFanSpeed=''n''"<br />
X-GNOME-Autostart-enabled=true<br />
Name=nvidia-fan-speed<br />
<br />
{{Note|Since the drivers version 349.16, {{ic|GPUCurrentFanSpeed}} has to be replaced with {{ic|GPUTargetFanSpeed}}.[https://devtalk.nvidia.com/default/topic/821563/linux/can-t-control-fan-speed-with-beta-driver-349-12/post/4526208/#4526208]}}<br />
<br />
=== Order of install/deinstall for changing drivers ===<br />
<br />
{{Expansion|Not clear what this does}}<br />
<br />
Where the old driver is nvidiaO and the new driver is nvidiaN.<br />
<br />
*remove nvidiaO<br />
*install nvidia-libglN<br />
*install nvidiaN<br />
*install lib32-nvidia-libgl-N (if required)<br />
<br />
=== Switching between NVIDIA and nouveau drivers ===<br />
<br />
If you need to switch between drivers, you may use the following script, run as root (say yes to all confirmations):<br />
<br />
{{bc|1=<nowiki><br />
#!/bin/bash<br />
BRANCH= # Enter a branch if needed, i.e. -340xx or -304xx<br />
NVIDIA=nvidia${BRANCH} # If no branch entered above this would be "nvidia"<br />
NOUVEAU=xf86-video-nouveau<br />
<br />
# Replace -R with -Rs to if you want to remove the unneeded dependencies<br />
if [ $(pacman -Qqs ^mesa-libgl$) ]; then<br />
pacman -S $NVIDIA ${NVIDIA}-libgl # Add lib32-${NVIDIA}-libgl and ${NVIDIA}-lts if needed<br />
# pacman -R $NOUVEAU<br />
elif [ $(pacman -Qqs ^${NVIDIA}$) ]; then<br />
pacman -S --needed $NOUVEAU mesa-libgl # Add lib32-mesa-libgl if needed<br />
pacman -R $NVIDIA # Add ${NVIDIA}-lts if needed<br />
fi<br />
</nowiki>}}<br />
<br />
=== Avoid tearing with GeForce 500/600/700/900 series cards ===<br />
<br />
Tearing can be avoided by forcing a full composition pipeline, regardless of the compositor you are using. To test whether this option will work, type<br />
nvidia-settings --assign CurrentMetaMode="nvidia-auto-select +0+0 { ForceFullCompositionPipeline = On }"<br />
It has been reported to reduce the performance of some OpenGL applications, though.<br />
<br />
In order to make the change permanent, you need to add the following line to the {{ic|"Screen"}} section of your Xorg configuration file, for example {{ic|/etc/X11/xorg.conf.d/20-nvidia.conf}}:<br />
Option "metamodes" "nvidia-auto-select +0+0 { ForceFullCompositionPipeline = On }"<br />
<br />
If you do not have an Xorg configuration file, you can create one for your present hardware using {{ic|nvidia-xconfig}} (see [[#Automatic configuration]]) and move it from {{ic|/etc/X11/xorg.conf}} to the preferred location {{ic|/etc/X11/xorg.conf.d/20-nvidia.conf}}.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Gaming using TwinView ===<br />
<br />
In case you want to play fullscreen games when using TwinView, you will notice that games recognize the two screens as being one big screen. While this is technically correct (the virtual X screen really is the size of your screens combined), you probably do not want to play on both screens at the same time. <br />
<br />
To correct this behavior for SDL, try:<br />
export SDL_VIDEO_FULLSCREEN_HEAD=1<br />
<br />
For OpenGL, add the appropriate Metamodes to your xorg.conf in section {{ic|Device}} and restart X:<br />
Option "Metamodes" "1680x1050,1680x1050; 1280x1024,1280x1024; 1680x1050,NULL; 1280x1024,NULL;"<br />
<br />
Another method that may either work alone or in conjunction with those mentioned above is [[Gaming#Starting_games_in_a_separate_X_server|starting games in a separate X server]].<br />
<br />
=== Vertical sync using TwinView ===<br />
<br />
If you are using TwinView and vertical sync (the "Sync to VBlank" option in '''nvidia-settings'''), you will notice that only one screen is being properly synced, unless you have two identical monitors. Although '''nvidia-settings''' does offer an option to change which screen is being synced (the "Sync to this display device" option), this does not always work. A solution is to add the following environment variables at startup, for example append in {{ic|/etc/profile}}:<br />
<br />
export __GL_SYNC_TO_VBLANK=1<br />
export __GL_SYNC_DISPLAY_DEVICE=DFP-0<br />
export __VDPAU_NVIDIA_SYNC_DISPLAY_DEVICE=DFP-0<br />
<br />
You can change {{ic|DFP-0}} with your preferred screen ({{ic|DFP-0}} is the DVI port and {{ic|CRT-0}} is the VGA port). You can find the identifier for your display from '''nvidia-settings''' in the "X Server XVideoSettings" section.<br />
<br />
=== Wayland (gdm) crashes after nvidia-libgl installation ===<br />
<br />
On some Intel CPUs outdated microcode causes instability with Wayland when nvidia are installed, causing gdm to crash.<br />
<br />
[[Microcode#Enabling Intel microcode updates|Updating the microcode]] should solve this problem.<br />
<br />
=== Corrupted screen: "Six screens" Problem ===<br />
<br />
For some users, using GeForce GT 100M's, the screen gets corrupted after X starts, divided into 6 sections with a resolution limited to 640x480.<br />
The same problem has been recently reported with Quadro 2000 and hi-res displays.<br />
<br />
To solve this problem, enable the Validation Mode {{ic|NoTotalSizeCheck}} in section {{ic|Device}}:<br />
Section "Device"<br />
...<br />
Option "ModeValidation" "NoTotalSizeCheck"<br />
...<br />
EndSection<br />
<br />
=== '/dev/nvidia0' input/output error ===<br />
<br />
{{Accuracy|Verify that the BIOS related suggestions work and are not coincidentally set while troubleshooting.|section='/dev/nvidia0' Input/Output error... suggested fixes}}<br />
This error can occur for several different reasons, and the most common solution given for this error is to check for group/file permissions, which in almost every case is ''not'' the problem. The NVIDIA documentation does not talk in detail on what you should<br />
do to correct this problem but there are a few things that have worked for some people. The problem can be a IRQ conflict with another device or bad routing by either the kernel or your BIOS.<br />
<br />
First thing to try is to remove other video devices such as video capture cards and see if the problem goes away. If there are too many video processors on the same system it can lead into the kernel being unable to start them because of memory allocation problems with the video controller. In particular on systems with low video memory this can occur even if there is only one video processor. In such case you should find out the amount of your system's video memory (e.g. with {{ic|lspci -v}}) and pass allocation parameters to the kernel, e.g. for a 32-bit kernel:<br />
vmalloc=384M<br />
<br />
If running a 64bit kernel, a driver defect can cause the NVIDIA module to fail initializing when IOMMU is on. Turning it off in the BIOS has been confirmed to work for some users. [http://www.nvnews.net/vbulletin/showthread.php?s=68bb2fabadcb53b10b286aa42d13c5bc&t=159335][[User:Clickthem#nvidia module]]<br />
<br />
Another thing to try is to change your BIOS IRQ routing from {{ic|Operating system controlled}} to {{ic|BIOS controlled}} or the other way around. The first one can be passed as a kernel parameter:<br />
PCI=biosirq<br />
<br />
The {{ic|noacpi}} kernel parameter has also been suggested as a solution but since it disables ACPI completely it should be used with caution. Some hardware are easily damaged by overheating.<br />
<br />
{{Note|The kernel parameters can be passed either through the kernel command line or the bootloader configuration file. See your bootloader Wiki page for more information.}}<br />
<br />
=== '/dev/nvidiactl' errors ===<br />
<br />
Trying to start an OpenGL application might result in errors such as:<br />
Error: Could not open /dev/nvidiactl because the permissions are too<br />
restrictive. Please see the {{ic|FREQUENTLY ASKED QUESTIONS}} <br />
section of {{ic|/usr/share/doc/NVIDIA_GLX-1.0/README}} <br />
for steps to correct.<br />
<br />
Solve by adding the appropriate user to the {{ic|video}} group and log in again:<br />
# gpasswd -a username video<br />
<br />
=== 32-bit applications do not start ===<br />
<br />
Under 64-bit systems, installing {{ic|lib32-nvidia-libgl}} that corresponds to the same version installed for the 64-bit driver fixes the problem.<br />
<br />
=== Errors after updating the kernel ===<br />
<br />
If a custom build of NVIDIA's module is used instead of the package from the ''extra'' repository, a recompile is required every time the kernel is updated. Rebooting is generally recommended after updating kernel and graphic drivers.<br />
<br />
=== Crashing in general ===<br />
<br />
* Try disabling {{ic|RenderAccel}} in xorg.conf.<br />
* If Xorg outputs an error about "conflicting memory type" or "failed to allocate primary buffer: out of memory", add {{ic|nopat}} at the end of the {{ic|kernel}} line in {{ic|/boot/grub/menu.lst}}.<br />
* If the NVIDIA compiler complains about different versions of GCC between the current one and the one used for compiling the kernel, add in {{ic|/etc/profile}}:<br />
export IGNORE_CC_MISMATCH=1<br />
* If Xorg is crashing with a "Signal 11" while using nvidia-96xx drivers, try disabling PAT. Pass the argument {{ic|nopat}} to [[kernel parameters]].<br />
More information about troubleshooting the driver can be found in the [https://forums.geforce.com/ NVIDIA forums.]<br />
<br />
=== Bad performance after installing a new driver version ===<br />
<br />
If FPS have dropped in comparison with older drivers, first check if direct rendering is turned on (glxinfo is included in {{Pkg|mesa-demos}}):<br />
$ glxinfo | grep direct<br />
If the command prints:<br />
direct rendering: No<br />
then that could be an indication for the sudden FPS drop.<br />
<br />
A possible solution could be to regress to the previously installed driver version and rebooting afterwards.<br />
<br />
=== CPU spikes with 400 series cards ===<br />
<br />
If you are experiencing intermittent CPU spikes with a 400 series card, it may be caused by PowerMizer constantly changing the GPU's clock frequency. Switching PowerMizer's setting from Adaptive to Performance, add the following to the {{ic|Device}} section of your Xorg configuration:<br />
<br />
Option "RegistryDwords" "PowerMizerEnable=0x1; PerfLevelSrc=0x3322; PowerMizerDefaultAC=0x1"<br />
<br />
=== Laptops: X hangs on login/out, worked around with Ctrl+Alt+Backspace ===<br />
<br />
If, while using the legacy NVIDIA drivers, Xorg hangs on login and logout (particularly with an odd screen split into two black and white/gray pieces), but logging in is still possible via {{ic|Ctrl+Alt+Backspace}} (or whatever the new "kill X" key binding is), try adding this in {{ic|/etc/modprobe.d/modprobe.conf}}:<br />
options nvidia NVreg_Mobile=1<br />
<br />
One user had luck with this instead, but it makes performance drop significantly for others:<br />
options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=33 NVreg_DeviceFileMode=0660 NVreg_SoftEDIDs=0 NVreg_Mobile=1<br />
<br />
Note that {{ic|NVreg_Mobile}} needs to be changed according to the laptop:<br />
* 1 for Dell laptops.<br />
* 2 for non-Compal Toshiba laptops.<br />
* 3 for other laptops.<br />
* 4 for Compal Toshiba laptops.<br />
* 5 for Gateway laptops.<br />
<br />
See [ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/README.txt NVIDIA Driver's README: Appendix K] for more information.<br />
<br />
=== No screens found on a laptop/NVIDIA Optimus ===<br />
<br />
On a laptop, if the NVIDIA driver cannot find any screens, you may have an NVIDIA Optimus setup : an Intel chipset connected to the screen and the video outputs, and a NVIDIA card that does all the hard work and writes to the chipset's video memory.<br />
<br />
Check if {{ic|<nowiki>$ lspci | grep VGA</nowiki>}}<br />
outputs something similar to:<br />
00:02.0 VGA compatible controller: Intel Corporation Core Processor Integrated Graphics Controller (rev 02)<br />
01:00.0 VGA compatible controller: nVidia Corporation Device 0df4 (rev a1)<br />
<br />
NVIDIA drivers now offer Optimus support since 319.12 Beta [[http://www.nvidia.com/object/linux-display-amd64-319.12-driver.html]] with kernels above and including 3.9.<br />
<br />
Another solution is to install the [[Intel]] driver to handle the screens, then if you want 3D software you should run them through [[Bumblebee]] to tell them to use the NVIDIA card.<br />
<br />
==== Possible Workaround ====<br />
<br />
Enter the BIOS and changed the default graphics setting from 'Optimus' to 'Discrete' and the install NVIDIA drivers (295.20-1 at time of writing) recognized the screens.<br />
<br />
Steps:<br />
# Enter BIOS.<br />
# Find Graphics Settings (should be in tab ''Config > Display'').<br />
# Change 'Graphics Device' to 'Discrete Graphics' (Disables Intel integrated graphics).<br />
# Change OS Detection for Nvidia Optimus to "Disabled".<br />
# Save and exit.<br />
<br />
Tested on a Lenovo W520 with a Quadro 1000M and Nvidia Optimus<br />
<br />
=== Screen(s) found, but none have a usable configuration ===<br />
<br />
Sometimes NVIDIA and X have trouble finding the active screen. If your graphics card has multiple outputs try plugging your monitor into the other ones. On a laptop it may be because your graphics card has vga/tv outs. Xorg.0.log will provide more info.<br />
<br />
Another thing to try is adding invalid {{ic|"ConnectedMonitor" Option}} to {{ic|Section "Device"}}<br />
to force Xorg throws error and shows you how correct it.<br />
[ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/xconfigoptions.html Here]<br />
more about ConnectedMonitor setting.<br />
<br />
After re-run X see Xorg.0.log to get valid CRT-x,DFP-x,TV-x values.<br />
<br />
{{ic|nvidia-xconfig --query-gpu-info}} could be helpful.<br />
<br />
=== Blackscreen at X startup / Machine poweroff at X shutdown ===<br />
<br />
If you have installed an update of Nvidia and your screen stays black after launching Xorg, or if shutting down Xorg causes a machine poweroff, or if the following hints worsen the situation, try the small (maybe less performant) OpenSource [[Nouveau]] drivers once before you get overwhelmed by despair.<br />
<br />
Use the {{ic|<nowiki>rcutree.rcu_idle_gp_delay=1</nowiki>}} [[kernel parameter]].<br />
<br />
You can also try to add the {{ic|nvidia}} module directly to your [[mkinitcpio]] config file.<br />
<br />
If the screen still stays black with '''both''' the {{ic|<nowiki>rcutree.rcu_idle_gp_delay=1</nowiki>}} [[kernel parameter]] and the {{ic|nvidia}} module directly in the [[mkinitcpio]] config file, try re-installing {{Pkg|nvidia}} and {{Pkg|nvidia-libgl}} in that order, and finally reload the driver:<br />
<br />
# modprobe nvidia<br />
<br />
=== Backlight is not turning off in some occasions ===<br />
<br />
By default, DPMS should turn off backlight with the timeouts set or by running xset. However, probably due to a bug in the proprietary Nvidia drivers the result is a blank screen with no powersaving whatsoever. To workaround it, until the bug has been fixed you can use the {{ic|vbetool}} as root.<br />
<br />
Install the {{Pkg|vbetool}} package.<br />
<br />
Turn off your screen on demand and then by pressing a random key backlight turns on again:<br />
<br />
vbetool dpms off && read -n1; vbetool dpms on<br />
<br />
Alternatively, xrandr is able to disable and re-enable monitor outputs without requiring root.<br />
<br />
xrandr --output DP-1 --off; read -n1; xrandr --output DP-1 --auto<br />
<br />
=== Blue tint on videos with Flash ===<br />
<br />
A problem with {{Pkg|flashplugin}} versions 11.2.202.228-1 and 11.2.202.233-1 causes it to send the U/V panes in the incorrect order resulting in a blue tint on certain videos. There are a few potential fixes for this bug:<br />
<br />
# Install the latest {{Pkg|libvdpau}}.<br />
# Patch {{ic|vdpau_trace.so}} with [https://bbs.archlinux.org/viewtopic.php?pid=1078368#p1078368 this makepkg].<br />
# Right click on a video, select "Settings..." and uncheck "Enable hardware acceleration". Reload the page for it to take affect. Note that this disables GPU acceleration.<br />
# [[Downgrade]] the {{Pkg|flashplugin}} package to version 11.1.102.63-1 at most.<br />
# Use {{AUR|google-chrome}} with the new Pepper API {{AUR|chromium-pepper-flash}}.<br />
# Try one of the few Flash alternatives.<br />
<br />
The merits of each are discussed in [https://bbs.archlinux.org/viewtopic.php?id=137877 this thread].<br />
<br />
=== Bleeding overlay with Flash ===<br />
<br />
This bug is due to the incorrect colour key being used by the {{Pkg|flashplugin}} version 11.2.202.228-1 and causes the flash content to "leak" into other pages or solid black backgrounds. To avoid this problem simply install the latest {{Pkg|libvdpau}} or export {{ic|1=VDPAU_NVIDIA_NO_OVERLAY=1}} within either your shell profile (E.g. {{ic|~/.bash_profile}} or {{ic|~/.zprofile}}) or {{ic|~/.xinitrc}}<br />
<br />
=== Full system freeze using Flash ===<br />
<br />
If you experience occasional full system freezes (only the mouse is moving) using flashplugin<br />
and get:<br />
<br />
{{hc|/var/log/errors.log|<br />
NVRM: Xid (0000:01:00): 31, Ch 00000007, engmask 00000120, intr 10000000<br />
}}<br />
<br />
A possible workaround is to switch off Hardware Acceleration in Flash, setting<br />
<br />
{{hc|/etc/adobe/mms.cfg|2=<br />
EnableLinuxHWVideoDecode=0<br />
}}<br />
<br />
Or, if you want to keep Hardware acceleration enabled, you may try to::<br />
export VDPAU_NVIDIA_NO_OVERLAY=1<br />
<br />
...before starting the browser.<br />
Note that this may introduce tearing.<br />
<br />
=== Xorg fails to load or Red Screen of Death ===<br />
<br />
If you get a red screen and use GRUB disable the GRUB framebuffer by editing {{ic|/etc/default/grub}} and uncomment GRUB_TERMINAL_OUTPUT. For more information see [[GRUB/Tips and tricks#Disable framebuffer]].<br />
<br />
=== Black screen on systems with Intel integrated GPU ===<br />
<br />
If you have an Intel CPU with an integrated GPU (e.g. Intel HD 4000) and have installed the {{Pkg|nvidia}} package, you may experience a black screen on boot, when changing virtual terminal, or when exiting an X session. This may be caused by a conflict between the graphics modules. This is solved by blacklisting the Intel GPU modules. Create the file {{ic|/etc/modprobe.d/blacklist.conf}} and prevent the ''i915'' and ''intel_agp'' modules from loading on boot:<br />
<br />
{{hc|/etc/modprobe.d/blacklist.conf|<br />
install i915 /usr/bin/false<br />
install intel_agp /usr/bin/false<br />
}}<br />
<br />
=== Black screen on systems with VIA integrated GPU ===<br />
<br />
As above, blacklisting the ''viafb'' module may resolve conflicts with NVIDIA drivers:<br />
<br />
{{hc|/etc/modprobe.d/blacklist.conf|<br />
install viafb /usr/bin/false<br />
}}<br />
<br />
=== X fails with "no screens found" with Intel iGPU ===<br />
<br />
Like above, if you have an Intel CPU with an integrated GPU and X fails to start with <br />
<br />
[ 76.633] (EE) No devices detected.<br />
[ 76.633] Fatal server error:<br />
[ 76.633] no screens found<br />
<br />
then you need to add your discrete card's BusID to your X configuration. Find it:<br />
<br />
{{hc|<nowiki># lspci | grep VGA</nowiki>|<br />
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor Graphics Controller (rev 09)<br />
01:00.0 VGA compatible controller: NVIDIA Corporation GK107 [GeForce GTX 650] (rev a1)<br />
}}<br />
<br />
then you fix it by adding it to the card's Device section in your X configuration. In my case:<br />
<br />
{{hc|/etc/X11/xorg.conf.d/10-nvidia.conf|<br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
BusID "PCI:1:0:0"<br />
EndSection<br />
}}<br />
<br />
Note how {{ic|01:00.0}} is written as {{ic|1:0:0}}.<br />
<br />
=== Xorg fails during boot, but otherwise starts fine ===<br />
<br />
On very fast booting systems, systemd may attempt to start the display manager before the NVIDIA driver has fully initialized. You will see a message like the following in your logs only when Xorg runs during boot.<br />
{{hc|/var/log/Xorg.0.log|output=<br />
[ 1.807] (EE) NVIDIA(0): Failed to initialize the NVIDIA kernel module. Please see the<br />
[ 1.807] (EE) NVIDIA(0): system's kernel log for additional error messages and<br />
[ 1.808] (EE) NVIDIA(0): consult the NVIDIA README for details.<br />
[ 1.808] (EE) NVIDIA(0): *** Aborting ***<br />
}}<br />
In this case you will need to establish an ordering dependency from the display manager to the DRI device. First create device units for DRI devices by creating a new udev rules file.<br />
{{hc|/etc/udev/rules.d/99-systemd-dri-devices.rules|output=<br />
ACTION=="add", KERNEL=="card*", SUBSYSTEM=="drm", TAG+="systemd"<br />
}}<br />
Then create dependencies from the display manager to the device(s).<br />
{{hc|/etc/systemd/system/display-manager.service.d/10-wait-for-dri-devices.conf|output=<br />
[Unit]<br />
Wants=dev-dri-card0.device<br />
After=dev-dri-card0.device<br />
}}<br />
If you have additional cards needed for the desktop then list them in Wants and After seperated by spaces.<br />
<br />
=== Flash video players crashes ===<br />
<br />
If you are getting frequent crashes of Flash video players, try to switch off Hardware Acceleration:<br />
<br />
{{hc|/etc/adobe/mms.cfg|2=<br />
EnableLinuxHWVideoDecode=0<br />
}}<br />
<br />
(This problem appeared after installing the proprietary nvidia driver, and was fixed by changing this setting.)<br />
<br />
=== Override EDID ===<br />
<br />
If your monitor is providing wrong EDID information, the nvidia-driver will pick a very small solution.<br />
Nvidia's driver options change, this guide refers to nvidia 346.47-11.<br />
<br />
Aside from manually setting modelines in the xorg config, you have to allow non-edid modes and disable edid in the device section:<br />
<br />
{{hc|/etc/X11/xorg.conf.d/10-monitor.conf|2=<br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
VendorName "Unknown"<br />
ModelName "Unknown"<br />
HorizSync 30-94<br />
VertRefresh 56-76<br />
DisplaySize 518.4 324.0<br />
Option "DPMS"<br />
# 1920x1200 59.95 Hz (CVT 2.30MA-R) hsync: 74.04 kHz; pclk: 154.00 MHz<br />
Modeline "1920x1200R" 154.00 1920 1968 2000 2080 1200 1203 1209 1235 +hsync -vsync<br />
EndSection<br />
<br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
Option "UseEdidFreqs" "FALSE"<br />
Option "UseEDID" "FALSE"<br />
Option "ModeValidation" "AllowNonEdidModes"<br />
EndSection<br />
<br />
Section "Screen"<br />
Identifier "Screen0"<br />
Device "Device0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1920x1200R"<br />
EndSubSection<br />
EndSection<br />
}}<br />
<br />
=== Fix rendering lag (firefox, gedit, vim, tmux …) ===<br />
nvidia-settings -a InitialPixmapPlacement=0<br />
<br />
https://bugzilla.gnome.org/show_bug.cgi?id=728464<br />
<br />
=== Screen Tearing with Multiple Monitor Orientations ===<br />
<br />
When running multiple monitors in different orientations (through [[Xrandr]] settings) such as portrait and landscape simultaneously, you may notice screen tearing in one of the orientations/monitors. Unfortunately, this issue is fixed by setting all monitors to the same orientation via [[Xrandr]] settings<br />
<br />
== See also ==<br />
<br />
* [https://forums.geforce.com/ NVIDIA User forums]<br />
* [ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/README.txt Official README for NVIDIA drivers, all on one text page. Most Recent Driver Version as of September 7, 2015: 355.11.]<br />
* [ftp://download.nvidia.com/XFree86/Linux-x86/355.11/README/xconfigoptions.html README Appendix B. X Config Options, 355.11 (direct link)]</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=414439S-nail2016-01-05T12:09:24Z<p>Sdaoden: Grmpf. So, add the very quick example from the manual first; move urlencode note to top</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.6''' of S-nail.<br />
Excerpt of latest ''NEWS'': bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, ''-d'' / ''debug'' offers real dry-run send tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes and small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
It is hoped that the S-nail manual page is helpful, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Reading the manual section "On URL syntax and credential lookup" is worthwhile.<br />
<br />
# It can be as easy as<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp=smtp://'''USER''':'''PASS'''@'''HOST''' \<br />
smtp-use-starttls<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=414372S-nail2016-01-04T11:35:52Z<p>Sdaoden: Reverting edit of Bernd b: uses old obsolete syntax (thus not in line with any surrounds); duplicates "xooglX" example from a few lines above? hm.</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.6''' of S-nail.<br />
Excerpt of latest ''NEWS'': bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, ''-d'' / ''debug'' offers real dry-run send tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes and small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The S-nail manual page tries to provide some kind of ''exponential learning-curve'' in its first sections, right after the option listing, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=413840S-nail2015-12-30T11:53:27Z<p>Sdaoden: v14.8.6: practically bug fixes only</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.6''' of S-nail.<br />
Excerpt of latest ''NEWS'': bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, ''-d'' / ''debug'' offers real dry-run send tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes and small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The S-nail manual page tries to provide some kind of ''exponential learning-curve'' in its first sections, right after the option listing, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=408068S-nail2015-11-03T19:17:52Z<p>Sdaoden: Me too fixing a typo (thanks, Hariskar); and fix ridiculous trap handling while here</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.5''' of S-nail.<br />
Excerpt of latest ''NEWS'': ''-d'' / ''debug'' finally offers real dry-run tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superseding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The S-nail manual page tries to provide some kind of ''exponential learning-curve'' in its first sections, right after the option listing, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols older than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" EXIT;\<br />
trap \"exit 75\" INT QUIT TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=405952S-nail2015-10-21T13:54:50Z<p>Sdaoden: S-nail may work without turning on "less secure app" on Google</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.5''' of S-nail.<br />
Excerpt of latest ''NEWS'': ''-d'' / ''debug'' finally offers real dry-run tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The S-nail manual page tries to provide some kind of ''exponential learning-curve'' in its first sections, right after the option listing, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
<br />
When in the following '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
{{Tip|If you have enabled two-step authentication in Gmail, and you have added an application specific password for S-nail, you will want to use that password rather than your regular Gmail password, which may work without enabling the otherwise necessary "less secure apps".}}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=399580List of applications/Internet2015-09-12T12:07:16Z<p>Sdaoden: /* Console */ S-nail: en-bracket to link to the ArchLinux Wiki page. Be less gigantic ("and much more"? hmm...)</p>
<hr />
<div><noinclude><br />
[[Category:Internet applications]]<br />
[[cs:List of applications/Internet]]<br />
[[es:List of applications/Internet]]<br />
[[it:List of applications/Internet]]<br />
[[ja:アプリケーション一覧/インターネット]]<br />
[[ru:List of applications/Internet]]<br />
[[zh-cn:List of applications/Internet]]<br />
[[zh-tw:List of applications/Internet]]<br />
{{List of applications navigation}}<br />
</noinclude><br />
== Internet ==<br />
<br />
{{Note|1=For possibly more up to date selection of applications, try checking the [https://aur.archlinux.org/packages.php?O=0&K=&do_Search=Go&detail=1&C=13&SeB=nd&SB=n&SO=a&PP=50 AUR 'network' category]}}<br />
<br />
=== Network managers ===<br />
<br />
* {{App|[[Connman]]|Daemon for managing internet connections within embedded devices running the Linux operating system. Comes with a command-line client, plus Enlightenment, GTK and Dmenu clients are available.|https://connman.net/|{{Pkg|connman}}}}<br />
* {{App|[[netctl]]|Simple and robust tool to manage network connections via profiles. Intended for use with [[systemd]].|https://projects.archlinux.org/netctl.git/|{{Pkg|netctl}}}}<br />
* {{App|[[NetworkManager]]|Manager that provides wired, wireless, mobile broadband and OpenVPN detection with configuration and automatic connection.|https://wiki.gnome.org/Projects/NetworkManager|{{Pkg|networkmanager}}}}<br />
* {{App|[[systemd-networkd]]|Native [[systemd]] daemon that manages network configuration. It includes support for basic network configuration through udev and networkd. The service is available with systemd > 210.|http://www.freedesktop.org/software/systemd/man/systemd-networkd.service.html|{{Pkg|systemd}}}}<br />
* {{App|[[Wicd]]|Wireless and wired connection manager with few dependencies. Comes with an ncurses interface, and a GTK interface {{Pkg|wicd-gtk}} is available.|http://wicd.sourceforge.net/|{{Pkg|wicd}}}}<br />
<br />
=== Web browsers ===<br />
<br />
See also [[Wikipedia:Comparison of web browsers]].<br />
<br />
==== Console ====<br />
<br />
* {{App|[[Wikipedia:ELinks|ELinks]]|Advanced and well-established feature-rich text mode web browser (Links fork, barely supported since 2009).|http://elinks.or.cz/|{{Pkg|elinks}}}}<br />
* {{App|[[Wikipedia:Links (web browser)|Links]]|Text WWW browser. Includes a console version [links] similar to Lynx, and a graphical X-window/framebuffer version [links -g] (must be compiled in, Arch has both) with CSS, image rendering, pull-down menus.|http://links.twibright.com/|{{Pkg|links}}}}<br />
* {{App|[[Wikipedia:Lynx (web browser)|Lynx]]|Text browser for the World Wide Web.|http://lynx.isc.org|{{Pkg|lynx}}}}<br />
* {{App|retawq|Interactive, multi-threaded network client (web browser) for text terminals.|http://retawq.sourceforge.net/|{{AUR|retawq}}}}<br />
* {{App|[[Wikipedia:W3m|w3m]]|Pager/text-based web browser. It has vim-like keybindings, and is able to display images. It has javascript support too.|http://w3m.sourceforge.net/|{{Pkg|w3m}}}}<br />
<br />
==== Graphical ====<br />
<br />
===== Gecko-based =====<br />
<br />
See also [[Wikipedia:Gecko (software)]].<br />
<br />
* {{App|[[Firefox]]|Extensible browser from Mozilla based on Gecko with fast rendering.|https://mozilla.com/firefox|{{Pkg|firefox}}}}<br />
* {{App|Seamonkey|Continuation of the Mozilla Internet Suite.|http://www.seamonkey-project.org/|{{Pkg|seamonkey}}}}<br />
* {{App|[[Wikipedia:Conkeror|Conkeror]]|Keyboard-based browser modeled after [[Emacs]] using [[Wikipedia:XULRunner|XULRunner]]. Customizable via JavaScript.|http://repo.or.cz/w/conkeror.git/|{{AUR|conkeror-git}}}}<br />
<br />
====== Firefox forks ======<br />
<br />
{{Warning|The following browsers are third-party builds of Firefox. Please direct any support requests to their respective creators.}}<br />
<br />
* {{App|[[Wikipedia:Mozilla Corporation software rebranded by the Debian project#IceWeasel|Iceweasel]]|Fork of Firefox developed by Debian Linux. The main difference is that it does not include any trademarked Mozilla artwork. See [http://web.glandium.org/blog/?p&#61;97] for more information on Iceweasel's existence.|https://wiki.debian.org/Iceweasel|{{AUR|iceweasel}}}}<br />
* {{App|[[Wikipedia:GNU IceCat|GNU IceCat]]|Web browser distributed by the GNU Project, stripped of non-free components and with additional privacy extensions. Release cycle may be delayed compared to Mozilla Firefox.|https://www.gnu.org/software/gnuzilla/|{{AUR|icecat}}}}<br />
* {{App|[[Wikipedia:Pale Moon (web browser)|Pale Moon]]|Fork based on Firefox, using a Firefox 3+ interface through selective use of add-ons. Firefox add-ons may not be compatible. [https://addons.palemoon.org/firefox/incompatible/] Compiled for SSE2, with disabled optional code and no support for newer Firefox features such as cache2, e10s, and OTMC.| http://www.palemoon.org/|{{AUR|palemoon-bin}}}}<br />
<br />
===== Blink-based =====<br />
<br />
See also [[Wikipedia:Blink (layout engine)]].<br />
<br />
* {{App|[[Chromium]]|Web browser developed by Google, the open source project behind Google Chrome.|http://www.chromium.org/|{{Pkg|chromium}}}}<br />
* {{App|[[Opera]]|Highly customizable browser with focuses on an adherence to web rendering standards.|http://opera.com|{{Pkg|opera}}}}<br />
<br />
===== Webkit-based =====<br />
<br />
See also [[Wikipedia:Webkit]].<br />
<br />
* {{App|[[Wikipedia:Arora (browser)|Arora]]|Cross-platform web browser built using QtWebKit. Development stopped in January 2012.|https://code.google.com/p/arora/|{{Pkg|arora}}}}<br />
* {{App|[[dwb]]|Lightweight, highly customizable web browser based on the WebKit engine with ''vi''-like shortcuts and tiling layouts. As of October 2014 ''dwb'' is [https://bitbucket.org/portix/dwb/pull-request/22/several-cleanups-to-increase-portability/diff#comment-3217936 unmaintained].|http://portix.bitbucket.org/dwb/|{{Pkg|dwb}}}}<br />
* {{App|[[GNOME Web]]|Browser which uses the WebKitGTK+ rendering engine, part of {{Grp|gnome}}.|https://wiki.gnome.org/Apps/Web/|{{Pkg|epiphany}}}}<br />
* {{App|[[Jumanji]]|Highly customizable and functional web browser.|http://pwmt.org/projects/jumanji|{{AUR|jumanji}}{{Broken package link|{{aur-mirror|jumanji}}}}}}<br />
* {{App|[[Luakit]]|Highly configurable, micro-browser framework based on the WebKit engine and the GTK+ toolkit. It is very fast, extensible by Lua and licensed under the GNU GPLv3 license.|http://mason-larobina.github.com/luakit/|{{Pkg|luakit}}}}<br />
* {{App|Maxthon|A browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.|http://www.maxthon.cn/|{{AUR|maxthon-browser}}{{Broken package link|{{aur-mirror|maxthon-browser}}}}}}<br />
* {{App|[[Wikipedia:Midori (web browser)|Midori]]|Lightweight web browser based on GTK+ and WebKit.|http://midori-browser.org/|{{Pkg|midori}}}}<br />
* {{App|Otter-browser|Browser aiming to recreate classic Opera (12.x) UI using Qt5.|http://otter-browser.org/|{{AUR|otter-browser}}}}<br />
* {{App|[[Wikipedia:QupZilla|QupZilla]]|New and very fast open source browser based on WebKit core, written in Qt framework.| http://www.qupzilla.com |{{pkg|qupzilla}}}}<br />
* {{App|[[qutebrowser]]|A keyboard-driven, vim-like browser based on PyQt5 and QtWebKit.|https://github.com/The-Compiler/qutebrowser|{{AUR|qutebrowser}}}}<br />
* {{App|[[wikipedia:Rekonq|Rekonq]]|WebKit-based web browser for KDE.|http://rekonq.kde.org/|{{Pkg|rekonq}}}}<br />
* {{App|Sb|Very lightweight WebKit-based browser that uses keybindings to perform most things the URL bar would usually do.|https://github.com/mutantturkey/sb/|{{AUR|sb-git}}{{Broken package link|{{aur-mirror|sb-git}}}}}}<br />
* {{App|SlimBoat|Fast, free secure and powerful web browser based on QtWebkit.|http://www.slimboat.com/|{{AUR|slimboat}}}}<br />
* {{App|Surf|Lightweight WebKit-based browser, which follows the [http://suckless.org/philosophy suckless ideology] (basically, the browser itself is a single C source file).|http://surf.suckless.org|{{Pkg|surf}}}}<br />
* {{App|[[Wikipedia:Uzbl|Uzbl]]|Group of web interface tools which adhere to the Unix philosophy.|http://uzbl.org/|{{Pkg|uzbl-browser}}}}<br />
* {{App|vimb|Fast and lightweight vim like web browser based on the webkit web browser engine and the GTK toolkit.|https://fanglingsu.github.io/vimb/|{{AUR|vimb}}}}<br />
* {{App|[[Vimprobable]]|Browser that behaves like the Vimperator plugin available for Mozilla Firefox. It is based on the WebKit engine and uses the GTK+ bindings.|http://sourceforge.net/apps/trac/vimprobable/|{{AUR|vimprobable-git}}{{Broken package link|{{aur-mirror|vimprobable-git}}}}}}<br />
* {{App|[[Wikipedia:Xombrero|Xombrero]] (formerly known as ''xxxterm'') |Webkit minimalist web browser with sophisticated security features designed-in, BSD style.|https://opensource.conformal.com/wiki/xombrero|{{AUR|xombrero-git}}{{Broken package link|{{aur-mirror|xombrero-git}}}}}}<br />
<br />
===== Other =====<br />
<br />
* {{App|[[Wikipedia:Konqueror|Konqueror]]|Web browser based on Qt and KHTML, part of {{Grp|kdebase}}.|http://konqueror.org/|{{Pkg|kdebase-konqueror}}}}<br />
* {{App|[[Wikipedia:Abaco (web browser)|Abaco]]|Multi-page graphical web browser for the Plan 9 OS.|http://lab-fgb.com/abaco/|{{AUR|abaco}}{{Broken package link|{{aur-mirror|abaco}}}}}}<br />
* {{App|[[Wikipedia:Dillo|Dillo]]|Small, fast graphical web browser built on [[Wikipedia:Fltk|FLTK]].|http://dillo.org/|{{Pkg|dillo}}}}<br />
* {{App|[[Wikipedia:NetSurf|NetSurf]]|Featherweight browser written in C, notable for its slowly developing JavaScript support and fast rendering through its own custom rendering engine.|http://netsurf-browser.org|{{Pkg|netsurf}}}}<br />
<br />
=== Downloaders ===<br />
<br />
==== FTP ====<br />
<br />
===== FTP clients =====<br />
<br />
See also [[Wikipedia:Comparison of FTP client software]].<br />
<br />
* {{App|[[CurlFtpFS]]|Filesystem for accessing FTP hosts; based on FUSE and libcurl.|http://curlftpfs.sourceforge.net/|{{Pkg|curlftpfs}}}}<br />
* {{App|FatRat|Download manager with support for HTTP, FTP, SFTP, BitTorrent, RapidShare and more.|http://fatrat.dolezel.info/|{{AUR|fatrat-git}}}}<br />
* {{App|[[Wikipedia:FileZilla|FileZilla]]|Fast and reliable FTP, FTPS and SFTP client.|http://filezilla-project.org/|{{Pkg|filezilla}}}}<br />
* {{App|[[FtpFs#Fuseftp|fuseftp]]|FTP filesystem written in Perl, using [[Wikipedia:Filesystem in Userspace|FUSE]].|http://freshmeat.net/projects/fuseftp/|{{AUR|fuseftp}}{{Broken package link|{{aur-mirror|fuseftp}}}}}}<br />
* {{App|[[Wikipedia:gFTP|gFTP]]|Multithreaded FTP client for Linux.|http://gftp.seul.org/|{{Pkg|gftp}}}}<br />
* {{App|[[Wikipedia:Lftp|LFTP]]|Sophisticated command-line FTP client.|http://lftp.yar.ru/|{{Pkg|lftp}}}}<br />
* {{App|LftpFS|Read-only filesystem based on lftp (also supports HTTP, FISH, SFTP, HTTPS, FTPS and proxies).|http://lftpfs.sourceforge.net/|{{AUR|lftpfs}}{{Broken package link|{{aur-mirror|lftpfs}}}}}}<br />
* {{App|[[Wikipedia:tnftp|tnftp]]|FTP client with several advanced features for [[Wikipedia:NetBSD|NetBSD]].|http://freecode.com/projects/tnftp|{{Pkg|tnftp}}}}<br />
Some file managers like Dolphin, [[GNOME Files]] and [[Thunar]] also provide FTP functionality.<br />
<br />
===== FTP servers =====<br />
<br />
* {{App|bftpd|Small, easy-to-configure FTP server|http://bftpd.sourceforge.net/|{{Pkg|bftpd}}}}<br />
* {{App|[[Proftpd|proFTPd]]|A secure and configurable FTP server|http://www.proftpd.org/|{{AUR|proftpd}}}}<br />
* {{App|[[Pure-FTPd]]|Free (BSD-licensed), secure, production-quality and standard-compliant FTP server.|http://www.pureftpd.org/project/pure-ftpd|{{AUR|pure-ftpd}}}}<br />
* {{App|[[vsftpd]]|Lightweight, stable and secure FTP server for UNIX-like systems.|https://security.appspot.com/vsftpd.html|{{Pkg|vsftpd}}}}<br />
<br />
==== BitTorrent clients ====<br />
<br />
See also [[Wikipedia:Comparison of BitTorrent clients]].<br />
<br />
===== Console =====<br />
<br />
====== Command line / backend ======<br />
Can be used as-is via command line, but all have a choice of front-end options as well.<br />
* {{App|[[aria2]]|Lightweight download utility that supports simultaneous adaptive downloading via HTTP(S), FTP, BitTorrent (DHT, PEX, MSE/PE) protocols and Metalink. It can run as a daemon controlled via a built-in JSON-RPC or XML-RPC interface.|http://aria2.sourceforge.net/|{{Pkg|aria2}}}}<br />
* {{App|[[Wikipedia:MLDonkey|MLDonkey]]|Multi-protocol P2P client that supports BitTorrent, HTTP, FTP, eDonkey and Direct Connect.|http://mldonkey.sourceforge.net/|{{Pkg|mldonkey}}}}<br />
* {{App|[[Transmission]]|Simple and easy-to-use BitTorrent client with a daemon version, GTK+, Qt GUI, web and CLI front-ends.|http://transmissionbt.com/|{{Pkg|transmission-cli}} (includes backend, daemon, command-line interface, and a Web UI interface)}}<br />
<br />
====== Console Interface ======<br />
* {{App|[[rTorrent]]|Simple and lightweight ncurses BitTorrent client. Requires {{Pkg|libtorrent}} backend.|https://rakshasa.github.io/rtorrent/|{{Pkg|rtorrent}}}}<br />
* {{App|[[Transmission]]|Simple and easy-to-use BitTorrent client with a daemon version, ncurses CLI. Requires {{Pkg|transmission-cli}} backend.|http://transmissionbt.com/|{{Pkg|transmission-remote-cli}}}}<br />
<br />
===== Graphical Interface =====<br />
<br />
====== libtorrent-rasterbar backend ======<br />
<br />
* {{App|[[Deluge]]|User-friendly BitTorrent client written in PyGTK that can run as a daemon.|http://deluge-torrent.org/|{{Pkg|deluge}}}}<br />
* {{App|FatRat|Qt4 based download manager with support for HTTP, FTP, SFTP, BitTorrent, rapidshare and more. Written in C++.|http://fatrat.dolezel.info/|{{AUR|fatrat-git}}}}<br />
* {{App|[[Wikipedia:qBittorrent|qBittorrent]]|Open source (GPLv2) BitTorrent client that strongly resembles µtorrent.|http://www.qbittorrent.org/|{{Pkg|qbittorrent}}}}<br />
* {{App|[[Wikipedia:Tribler|Tribler]]|4th generation file sharing system bittorrent client.|http://www.tribler.org|{{AUR|tribler}}{{Broken package link|{{aur-mirror|tribler}}}}}}<br />
<br />
====== libktorrent backend ======<br />
* {{App|[[Wikipedia:KGet|KGet]]|Download manager for KDE that supports HTTP(S), FTP and BitTorrent. Part of {{Grp|kdenetwork}}.|http://www.kde.org/applications/internet/kget/|{{Pkg|kdenetwork-kget}}}}<br />
* {{App|[[Ktorrent]]|Feature-rich BitTorrent client for KDE.|http://ktorrent.org/|{{Pkg|ktorrent}}}}<br />
<br />
====== others ======<br />
* {{App|QTorrent|BitTorrent client written in PyQt3.|http://thegraveyard.org/qtorrent.php{{Dead link|2012|09|20}}|{{AUR|qtorrent}}{{Broken package link|{{aur-mirror|qtorrent}}}}}}<br />
* {{App|Tixati|P2P client that uses the BitTorrent protocol.|http://www.tixati.com|{{AUR|tixati}}}}<br />
* {{App|[[Transmission]]|Simple and easy-to-use BitTorrent client with daemon version, GTK+, Qt GUI, web and CLI front-ends.|http://transmissionbt.com/|{{Pkg|transmission-gtk}} {{Pkg|transmission-qt}} {{AUR|transmission-remote-gtk}} (remote clients work with the daemon in the -cli package)}}<br />
* {{App|[[Wikipedia:Vuze|Vuze]]|Feature-rich BitTorrent client written in Java (formerly Azureus).|https://www.vuze.com/|{{AUR|vuze}}}}<br />
<br />
==== eDonkey clients ====<br />
<br />
eDonkey is still the second-largest p2p network (see [http://ipoque.com/en/resources/internet-studies Internet Study 2008/2009]).<br />
<br />
See also [[Wikipedia:Comparison of eDonkey software]].<br />
<br />
* {{App|[[aMule]]|Well-known eDonkey/Kad client with a daemon version and GTK+, web, and CLI front-ends.|http://www.amule.org/|{{Pkg|amule}}}}<br />
* {{App|KaMule|KDE graphical front-end for aMule.|http://kde-apps.org/content/show.php?content&#61;150270|{{AUR|kamule}}{{Broken package link|{{aur-mirror|kamule}}}}}}<br />
* {{App|MlDonkey|A multi-network P2P client.|http://mldonkey.sourceforge.net/|{{Pkg|mldonkey}}}}<br />
<br />
==== Gnutella ====<br />
<br />
* {{App|[[Wikipedia:Sharelin|Sharelin]]|Gnutella2 only client with a web UI.|http://sourceforge.net/apps/mediawiki/sharelin|{{AUR|sharelin}}{{Broken package link|{{aur-mirror|sharelin}}}}}}<br />
<br />
=== Communication ===<br />
<br />
==== Email clients ====<br />
<br />
See also [[Wikipedia:Comparison of e-mail clients]].<br />
<br />
===== Console =====<br />
<br />
* {{App|alot|An experimental terminal MUA based on [http://notmuchmail.org/ notmuch mail]. It is written in python using the [http://urwid.org/ urwid] toolkit.|https://github.com/pazz/alot|{{AUR|alot}} {{AUR|alot-git}}{{Broken package link|{{aur-mirror|alot-git}}}}}}<br />
* {{App|[[Alpine]]|Fast, easy-to-use and Apache-licensed email client based on [[Wikipedia:Pine (email client)|Pine]].|https://washington.edu/alpine|{{AUR|re-alpine}}{{Broken package link|{{aur-mirror|re-alpine}}}} {{AUR|alpine}}}}<br />
* {{App|[[Wikipedia:Gnus|Gnus]]|Email, NNTP and RSS client for Emacs.|http://gnus.org/|{{AUR|emacs-gnus-git}}}}<br />
* {{App|[[S-nail]]|a mail processing system with a command syntax reminiscent of ''ed'' with lines replaced by messages. Provides the functionality of [[Wikipedia:mailx|mailx]] and a bit.|http://sourceforge.net/projects/s-nail/|{{Pkg|s-nail}}}}<br />
* {{App|mu/mu4e|Email indexer (mu) and client for emacs (mu4e). Xapian based for fast searches.|http://www.djcbsoftware.nl/code/mu/mu4e.html|{{AUR|mu}}}}<br />
* {{App|[[Mutt]]|Small but very powerful text-based mail client.|http://www.mutt.org/|{{Pkg|mutt}}}}<br />
* {{App|Nmh|A modular mail handling system.|http://www.nongnu.org/nmh/|{{AUR|nmh}} {{AUR|nmh-git}}}}<br />
* {{App|[[notmuch]]|A fast mail indexer built on top of ''xapian''.|http://notmuchmail.org/|{{Pkg|notmuch}} {{Pkg|notmuch-vim}} {{Pkg|notmuch-mutt}}}}<br />
* {{App|[[Sup]]|CLI mail client with very fast searching, tagging, threading and GMail like operation.|http://supmua.org/|{{AUR|sup}}}}<br />
* {{App|Wanderlust|Email client and news reader for Emacs.|http://www.gohome.org/wl/|{{Pkg|wanderlust}}}}<br />
<br />
===== Graphical =====<br />
<br />
* {{App|[[Balsa]]|Simple and light email client that is part of the Gnome project.|http://pawsa.fedorapeople.org/balsa/|{{Pkg|balsa}}}}<br />
* {{App|[[Wikipedia:Claws Mail|Claws Mail]]|Lightweight GTK-based email client and news reader.|http://claws-mail.org/|{{Pkg|claws-mail}}}}<br />
* {{App|[[Evolution]]|Mature and feature-rich e-mail client used in GNOME by default. Part of {{Grp|gnome-extra}}.|https://wiki.gnome.org/Apps/Evolution|{{Pkg|evolution}}}}<br />
* {{App|Geary|Simple desktop mail client built in [[Wikipedia:Vala (programming language)|Vala]].|https://wiki.gnome.org/Apps/Geary|{{Pkg|geary}}}}<br />
* {{App|[[Wikipedia:Kmail|Kmail]]|Mature and feature-rich email client. Part of {{Grp|kdepim}}.|http://kde.org/applications/internet/kmail/|{{Pkg|kdepim-kmail}}}}<br />
* {{App|Manitou Mail|Database-driven email system.|http://www.manitou-mail.org/|{{AUR|manitou-mdx}}{{Broken package link|{{aur-mirror|manitou-mdx}}}} {{AUR|manitou-ui}}{{Broken package link|{{aur-mirror|manitou-ui}}}}}}<br />
* {{App|Roundcubemail|Browser-based multilingual IMAP client with a native application-like user interface.|http://roundcube.net/|{{Pkg|roundcubemail}}}}<br />
* {{App|[[Wikipedia:Sylpheed|Sylpheed]]|Lightweight and user-friendly GTK+ email client.|http://sylpheed.sraoss.jp/en/|{{Pkg|sylpheed}}}}<br />
* {{App|[[Thunderbird]]|Feature-rich email client from Mozilla written in GTK+.|http://www.mozilla.org/thunderbird/|{{Pkg|thunderbird}}}}<br />
* {{App|Trojitá|Qt IMAP email client. Only supports one IMAP account.|http://trojita.flaska.net/|{{Pkg|trojita}}}}<br />
<br />
==== Instant messaging ====<br />
<br />
See also [[Wikipedia:Comparison of instant messaging protocols]].<br />
<br />
This section lists all software with [[Wikipedia:Instant messaging|instant messaging]] support. Particularly, that are client and server applications.<br />
<br />
===== IRC clients =====<br />
<br />
See also [[Wikipedia:Comparison of Internet Relay Chat clients]].<br />
<br />
{{Note|Most web browsers and many IM clients also support IRC.}}<br />
<br />
====== Console ======<br />
<br />
* {{App|[[Wikipedia:BitchX|BitchX]]|Console-based IRC client developed from the popular [[Wikipedia:ircII|ircII]].|http://www.bitchx.org/|{{AUR|bitchx-git}}}}<br />
* {{App|ERC|Powerful, modular, and extensible IRC client for [[Emacs]].|http://savannah.gnu.org/projects/erc/|{{AUR|erc-git}}{{Broken package link|{{aur-mirror|erc-git}}}}}}<br />
* {{App|[[Wikipedia:Ii (IRC client)|ii]]|Featherweight IRC client, literally {{ic|tail -f}} the conversation and {{ic|echo}} back your replies to a file.|http://tools.suckless.org/ii|{{AUR|ii}}}}<br />
* {{App|Ircfs|File system interface to IRC written in [http://limbo.cat-v.org Limbo].|http://www.ueber.net/code/r/ircfs|{{AUR?|ircfs}}}}<br />
* {{App|[[Irssi]]|Highly-configurable ncurses-based IRC client.|http://irssi.org/|{{Pkg|irssi}}}}<br />
* {{App|ScrollZ|Advanced IRC client based on [[Wikipedia:ircII|ircII]].|http://www.scrollz.info/|{{AUR|scrollz}}}}<br />
* {{App|sic|Extremely simple IRC client, similar to [[Wikipedia:Ii (IRC client)|ii]].|http://tools.suckless.org/sic|{{AUR|sic}}{{Broken package link|{{aur-mirror|sic}}}}}}<br />
* {{App|[[Wikipedia:WeeChat|WeeChat]]|Modular, lightweight ncurses-based IRC client.|http://weechat.org/|{{Pkg|weechat}}}}<br />
<br />
====== Graphical ======<br />
<br />
* {{App|HexChat|Fork of XChat for Linux and Windows.|http://hexchat.github.io/|{{Pkg|hexchat}}}}<br />
* {{App|[[Wikipedia:Konversation|Konversation]]|Qt-based IRC client for the KDE desktop.|http://konversation.kde.org/|{{Pkg|konversation}}}}<br />
* {{App|[[Wikipedia:KVIrc|KVIrc]]|Qt-based IRC client featuring extensive themes support.|http://kvirc.net/|{{Pkg|kvirc}}}}<br />
* {{App|Loqui|GTK+ IRC client with only one dependency: [https://wiki.gnome.org/Projects/GNetLibrary GNet].|https://launchpad.net/loqui|{{AUR|loqui}}}}<br />
* {{App|LostIRC|Simple GTK+ IRC client with tab-autocompletion, multiple server support, logging and others.|http://lostirc.sourceforge.net|{{AUR|lostirc}}}}<br />
* {{App|pcw|Frontend for [http://tools.suckless.org/ii ii] that opens a new terminal for each channel.|https://bitbucket.org/emg/pcw|{{AUR|pcw-hg}}{{Broken package link|{{aur-mirror|pcw-hg}}}}}}<br />
* {{App|[[Wikipedia:Quassel IRC|Quassel]]|Modern, cross-platform, distributed IRC client.|http://quassel-irc.org/|{{Pkg|quassel-core}} {{Pkg|quassel-client}}}}<br />
* {{App|[[Wikipedia:Smuxi|Smuxi]]|Cross-platform IRC client for the GNOME desktop inspired by [[Irssi]].|http://smuxi.org/|{{Pkg|smuxi}}}}<br />
* {{App|[[Wikipedia:XChat|XChat]]|GTK-based IRC client that works on both Linux and Windows.|http://xchat.org/|{{Pkg|xchat}}}}<br />
<br />
===== XMPP (Jabber) =====<br />
<br />
See also [[Wikipedia:XMPP]] and [[Wikipedia:Comparison of instant messaging clients#XMPP-related features]].<br />
<br />
====== Console clients ======<br />
<br />
* {{App|Freetalk|Console-based Jabber client.|https://gnu.org/s/freetalk/|{{Pkg|freetalk}}}}<br />
* {{App|jabber.el|Minimal Jabber client for [[Emacs]].|http://emacs-jabber.sourceforge.net/|{{AUR|emacs-jabber}}}}<br />
* {{App|[[Wikipedia:MCabber|MCabber]]|Small Jabber console client, includes features: SSL, PGP, MUC, OTR, and UTF8.|http://mcabber.com/|{{Pkg|mcabber}}}}<br />
* {{App|Profanity|A console based Jabber client inspired by Irssi.|http://www.profanity.im/|{{Pkg|profanity}}}}<br />
<br />
====== Graphical clients ======<br />
<br />
* {{App|[[Wikipedia:Gajim|Gajim]]|Jabber client written in PyGTK.|https://gajim.org/|{{Pkg|gajim}}}}<br />
* {{App|Jabbim|Jabber client written in PyQt.|http://www.jabbim.com/|{{AUR|jabbim-svn}}{{Broken package link|{{aur-mirror|jabbim-svn}}}}}}<br />
* {{App|[[Wikipedia:Psi (instant messaging client)|Psi]]|Qt-based Jabber client which supports video conferencing (since version 0.13).|http://psi-im.org/|{{Pkg|psi}} {{Pkg|psimedia}}}}<br />
* {{App|Psi+|Enhanced version of the Psi Jabber client with many new [http://psi-plus.com/wiki/en:features#differences_between_psi_beta_version_and_the_official_psi_015-dev_version features].|http://psi-plus.com/|{{AUR|psi-plus-git}}}}<br />
* {{App|[[Wikipedia:Tkabber|Tkabber]]|Easy to hack feature-rich XMPP client by the author of the ejabberd XMPP server.|http://tkabber.jabber.ru/|{{Pkg|tkabber}}}}<br />
<br />
====== Servers ======<br />
<br />
See also [[Wikipedia:Comparison of XMPP server software]].<br />
<br />
* {{App|[[Prosody]]|An XMPP server written in the [http://www.lua.org/ Lua] programming language. Prosody is designed to be lightweight and highly extensible. It is licensed under a permissive [http://prosody.im/source/mit MIT license].|http://prosody.im/|{{Pkg|prosody}}}}<br />
* {{App|Ejabberd|Jabber server written in Erlang|http://www.ejabberd.im/|{{Pkg|ejabberd}}}}<br />
* {{App|[[Jabberd2]]|An XMPP server written in the C language and licensed under the GNU General Public License. It was inspired by jabberd14.|http://jabberd2.org|{{AUR|jabberd2}}{{Broken package link|{{aur-mirror|jabberd2}}}}}}<br />
* {{App|Openfire|An XMPP IM multiplatform server written in Java|http://www.igniterealtime.org/projects/openfire/|{{Pkg|openfire}}}}<br />
<br />
===== Multi-protocol clients =====<br />
<br />
See also [[Wikipedia:Comparison of instant messaging clients]].<br />
<br />
{{Note|All messengers, that support several networks by means of direct connections to them, belong to this section.}}<br />
<br />
Many clients listed here (including Pidgin and all its forks) support multiple IM networks via [[Wikipedia:libpurple|libpurple]]. The number of networks supported by these clients is very large but they (like any multiprotocol clients) usually have very limited or no support for network-specific features.<br />
<br />
====== Console ======<br />
<br />
* {{App|BarnOwl|Ncurses-based chat client with support for the Zephyr, AIM, Jabber, IRC, and Twitter protocols.|http://barnowl.mit.edu/|{{AUR|barnowl}}}}<br />
* {{App|[[Bitlbee]]|IRC client that provides a gateway to popular chat networks (XMPP, MSN, Yahoo, AIM, ICQ and Twitter).|http://bitlbee.org/|{{Pkg|bitlbee}}}}<br />
* {{App|[[Wikipedia:Centericq|CenterIM]]|Fork of CenterICQ, a text mode menu- and window-driven IM interface.|http://centerim.org/|{{Pkg|centerim}}}}<br />
* {{App|[[Pidgin|Finch]]|Ncurses-based chat client that uses libpurple and supports all its protocols.|http://developer.pidgin.im/wiki/Using%20Finch|{{Pkg|finch}}}}<br />
* {{App|[[Wikipedia:naim (software)|naim]]|Ncurses chat client with support for AOL, ICQ, IRC and the Lily CMC.|http://naim.n.ml.org/|{{Pkg|naim}}}}<br />
* {{App|pork|Programmable, ncurses-based AIM and IRC client that mostly looks and feels like ircII.|http://dev.ojnk.net/|{{Pkg|pork}}}}<br />
* {{App|[[Tox]]|Tox is a distributed, secure messenger with audio and video chat capabilities.|https://tox.chat/|{{AUR|tox-git}}{{Broken package link|{{aur-mirror|tox-git}}}}}}<br />
<br />
====== Graphical ======<br />
<br />
* {{App|Carrier|Pidgin fork providing minor GUI enhancements (formerly FunPidgin).|http://funpidgin.sourceforge.net/|{{AUR|carrier}}{{Broken package link|{{aur-mirror|carrier}}}}}}<br />
* {{App|[[Wikipedia:Emesene|Emesene]]|PyGTK instant messenger for the Windows Live Messenger network, also compatible with Jabber, Facebook and Google Talk.|http://emesene.org/|{{AUR|emesene}}{{Broken package link|{{aur-mirror|emesene}}}}}}<br />
* {{App|[[Wikipedia:Empathy (software)|Empathy]]|GNOME instant messaging client using the [[Wikipedia:Telepathy (software)|Telepathy]] framework.|https://wiki.gnome.org/Apps/Empathy|{{Pkg|empathy}}}}<br />
* {{App|Galaxium Messenger|Messenger application designed for the GNOME desktop.|https://code.google.com/p/galaxium/|{{AUR|galaxium}}{{Broken package link|{{aur-mirror|galaxium}}}}}}<br />
* {{App|[[Wikipedia:Instantbird|Instantbird]]|Multi-protocol chat client using Mozilla's XUL and libpurple.|http://instantbird.com/|{{AUR|instantbird}}}}<br />
* {{App|[[Wikipedia:Kopete|Kopete]]|User-friendly IM supporting AIM, ICQ, Windows Live Messenger, Yahoo, Jabber, Gadu-Gadu, Novell GroupWise Messenger, and other IM networks. Part of {{Grp|kdenetwork}}.|http://kopete.kde.org/|{{Pkg|kdenetwork-kopete}}}}<br />
* {{App|[[KDE#KDE Telepathy|KDE Telepathy]]|KDE instant messaging client using the [[Wikipedia:Telepathy (software)|Telepathy]] framework. Meant as a replacement for Kopete.|http://community.kde.org/Real-Time_Communication_and_Collaboration/|{{Pkg|telepathy-kde-meta}}}}<br />
* {{App|Licq|Instant messaging client for UNIX supporting multiple protocols (currently ICQ, MSN and Jabber).|http://www.licq.org|{{Pkg|licq}}}}<br />
* {{App|Mikutter|An open-source Twitter client using [[GTK+]] and Ruby.|http://mikutter.hachune.net/|{{AUR|mikutter}} {{AUR|mikutter-git}}{{Broken package link|{{aur-mirror|mikutter-git}}}}}}<br />
* {{App|[[Pidgin]]|Multi-protocol instant messaging client.|http://pidgin.im/|{{Pkg|pidgin}} {{AUR|pidgin-light}}}}<br />
* {{App|qutIM|Simple and user-friendly IM supporting ICQ, Jabber, Mail.Ru, IRC and VKontakte messaging.|http://qutim.org/|{{AUR|qutim-stable}}{{Broken package link|{{aur-mirror|qutim-stable}}}}}}<br />
<br />
===== Lan messengers =====<br />
<br />
See also: [[Wikipedia:Comparison_of_LAN_messengers|Comparison of LAN messengers]].<br />
<br />
* {{App|iptux|Lan communication software, compatible with IP Messenger.|https://github.com/iptux-src/iptux|{{AUR|iptux}}}}<br />
<br />
==== VoIP / Softphone ====<br />
<br />
See also [[Wikipedia:Comparison of VoIP software]] and [[Wikipedia:List of SIP software]].<br />
<br />
===== Clients =====<br />
<br />
{{Note| Some [[#Instant messaging|IM clients]] also offer voice and video communication}}<br />
<br />
====== SIP ======<br />
* {{App|[[Wikipedia:Blink (software)|Blink]]|State of the art, easy to use SIP client.|http://www.icanblink.com/|{{AUR|blink-darcs}}{{Broken package link|{{aur-mirror|blink-darcs}}}}}}<br />
* {{App|[[Wikipedia:Ekiga|Ekiga]]|VoIP and video conferencing application with full SIP and H.323 support (formerly known as GNOME Meeting).|http://www.ekiga.org/|{{Pkg|ekiga}}}}<br />
* {{App|[[Wikipedia:Empathy (software)|Empathy]]|GNOME instant messenger client using the Telepathy framework with SIP support (using the Sofia-SIP library).|https://wiki.gnome.org/Apps/Empathy|{{Pkg|empathy}}}}<br />
* {{App|[[Wikipedia:Jitsi|Jitsi]]|Audio/video SIP VoIP phone and instant messenger written in Java (formerly SIP-Communicator).|https://jitsi.org/|{{AUR|jitsi}}}}<br />
* {{App|[[Wikipedia:KPhone|KPhone]]|Qt SIP User Agent with voice, video and text messaging support.|http://sourceforge.net/projects/kphone/|{{AUR?|kphone}}}}<br />
* {{App|[[Wikipedia:Linphone|Linphone]]|VoIP phone application that allows you to to communicate freely with people over the internet, with voice, video, and text instant messaging.|http://www.linphone.org/|{{Pkg|linphone}}}}<br />
* {{App|Minisip|SIP User Agent with focus on security (supports TLS, end-to-end security, SRTP, MIKEY (DH, PSK, PKE)).|http://www.minisip.org/|{{AUR?|minisip}}}}<br />
* {{App|[[Wikipedia:QuteCom|QuteCom]]|Softphone which allows you to make free PC to PC video and voice calls, and to integrate all your IM contacts in one place (formerly Wengo Phone).|http://trac.qutecom.org/|{{AUR|qutecom}}{{Broken package link|{{aur-mirror|qutecom}}}}}}<br />
* {{App|[[Wikipedia:Twinkle (software)|Twinkle]]|Qt softphone for VoIP and IM communication using SIP.|http://www.twinklephone.com/|{{AUR|twinkle}}}}<br />
* {{App|[[Wikipedia:X-Lite|X-Lite]]|Proprietary freeware VoIP soft phone that uses SIP.|http://www.counterpath.net/x-lite|{{AUR|xlite_bin}}}}<br />
* {{App|[[Wikipedia:Zfone|Zfone]]|Softphone application for secure voice communication over the Internet (VoIP), using the ZRTP protocol.|http://zfoneproject.com/|{{AUR|zfone}}{{Broken package link|{{aur-mirror|zfone}}}}}}<br />
<br />
====== IAX2 ======<br />
* {{App|Kiax|Qt-based IAX/2 Softphone.|http://www.forschung-direkt.eu/projects/kiax2/|{{AUR|kiax}}{{Broken package link|{{aur-mirror|kiax}}}}}}<br />
<br />
====== Skype ======<br />
* {{App|[[Skype]]|Popular but proprietary application for high-quality voice communication.|http://www.skype.com/|{{Pkg|skype}}}}<br />
<br />
====== Other ======<br />
* {{App|Hangups|A third-party instant messaging client for Google Hangouts|https://github.com/tdryer/hangups|{{AUR|hangups-git}}}}<br />
* {{App|[[Wikipedia:Mumble (software)|Mumble]]|Voice chat application similar to TeamSpeak.|http://mumble.sourceforge.net/|{{pkg|mumble}}}}<br />
* {{App|[[TeamSpeak]]|Proprietary VoIP application with gamers as its target audience.|http://www.teamspeak.com/|{{Pkg|teamspeak3}}}}<br />
* {{App|Webex|Proprietary conferencing software.|http://www.webex.com/|{{AUR|webex}}{{Broken package link|{{aur-mirror|webex}}}}}}<br />
<br />
====== Multi-protocol ======<br />
* {{App|[[Wikipedia:SFLphone|SFLPhone]]|Open-source SIP/IAX2 compatible softphone with PulseAudio support.|http://sflphone.org/|{{AUR|sflphone}}{{Broken package link|{{aur-mirror|sflphone}}}}}}<br />
<br />
===== Utilities =====<br />
<br />
* {{App|Gladstone|Educational ITU-T G.729 compliant codec with a GStreamer plugin.|https://gitorious.org/gladstone|{{AUR|gladstone-drizztbsd-git}}}}<br />
* {{App|SIPp|Open source test tool and traffic generator for the SIP protocol.|http://sipp.sourceforge.net/|{{AUR|sipp}}}}<br />
* {{App|Sipsak|Small command-line tool for developers and administrators of SIP applications.|http://sipsak.org/|{{AUR|sipsak}}{{Broken package link|{{aur-mirror|sipsak}}}}}}<br />
<br />
==== Speech recognition ====<br />
<br />
See [[Speech recognition#List of speech recognition application]].<br />
<br />
=== News, RSS, and blogs ===<br />
<br />
==== News aggregators ====<br />
<br />
See also [[Wikipedia:Comparison of feed aggregators]].<br />
<br />
===== Console =====<br />
<br />
* {{App|[[Wikipedia:Canto (news aggregator)|Canto]]|Ncurses RSS aggregator.|http://codezen.org/canto/|{{AUR|canto-next-git}}}}<br />
* {{App|[[Wikipedia:Gnus|Gnus]]|Email, NNTP and RSS client for Emacs.|http://gnus.org/|{{AUR|emacs-gnus-git}}}}<br />
* {{App|Newsbeuter|Ncurses RSS aggregator with layout and keybinding similar to the [[Mutt]] email client.|http://newsbeuter.org|{{Pkg|newsbeuter}}}}<br />
* {{App|Rawdog|"RSS Aggregator Without Delusions Of Grandeur" that parses RSS/CDF/Atom feeds into a static HTML page of articles in chronological order.|http://offog.org/code/rawdog.html|{{AUR|rawdog}}}}<br />
* {{App|Snownews|Text mode RSS news reader.|http://kiza.kcore.de/software/snownews/|{{Pkg|snownews}}}}<br />
<br />
===== Graphical =====<br />
<br />
* {{App|[[Wikipedia:Kontact#News Feed Aggregator|Akregator]]|News aggregator for KDE, part of {{Grp|kdepim}}.|http://kde.org/applications/internet/akregator/|{{Pkg|kdepim-akregator}}}}<br />
* {{App|Blam|Simple newsreader for GNOME written in C Sharp.| https://git.gnome.org/browse/blam|{{Pkg|blam}}}}<br />
* {{App|[[Wikipedia:BlogBridge|BlogBridge]]|Excellent Java-based aggregator, which gives users the option to synchronize their feeds across multiple computers. Though according to the official website, project is not being supported any more.|http://blogbridge.com|{{AUR|blogbridge}}{{Broken package link|{{aur-mirror|blogbridge}}}}}}<br />
* {{App|[[Wikipedia:Liferea|Liferea]]|GTK+ news aggregator for online news feeds and weblogs.| http://liferea.sourceforge.net|{{Pkg|liferea}}}}<br />
* {{App|RSS Guard|Very tiny RSS and ATOM news reader developed using Qt framework.|https://bitbucket.org/skunkos/rssguard|{{AUR|rssguard}}}}<br />
* {{App|[[Wikipedia:RSSOwl|RSSOwl]]|Powerful aggregator for RSS and Atom feeds, written in Java using Eclipse Rich Client Platform and SWT as a widget toolkit.|http://boreal.rssowl.org|{{AUR|rssowl}}}}<br />
* {{App|[[Thunderbird]]|Email client from Mozilla which also functions as a pretty nice news aggregator.|http://www.mozilla.org/thunderbird/|{{Pkg|thunderbird}}}}<br />
* {{App|Tickr (formerly News)|GTK-based RSS Reader that displays feeds as a smooth scrolling line on your Desktop, as known from TV stations.|http://newsrssticker.com/|{{AUR|tickr}}{{Broken package link|{{aur-mirror|tickr}}}}}}<br />
* {{App|Urssus|Cross platform GUI news aggregator.|https://code.google.com/p/urssus/|{{AUR|urssus}}}}<br />
* {{App|QuiteRSS|RSS/Atom feed reader written on Qt/С++.|http://quiterss.org/|{{AUR|quiterss}}}}<br />
<br />
==== Podcast clients ====<br />
<br />
* {{App|gPodder|A podcast client and feed aggregator (GTK+ and CLI interface).|http://gpodder.org/|{{AUR|gpodder3}}}}<br />
* {{App|Greg|A command-line podcast aggregator.|https://github.com/manolomartinez/greg|{{AUR|greg-git}}{{Broken package link|{{aur-mirror|greg-git}}}}}}<br />
* {{App|Marrie|A simple podcast client that runs on the Command Line Interface.|https://github.com/rafaelmartins/marrie/|{{AUR|marrie-git}}}}<br />
* {{App|PodCastXDL|A simple podcast Downloader for the terminal.|https://github.com/levi0x0/PodCastXDL|{{AUR|podcastxdl-git}}{{Broken package link|{{aur-mirror|podcastxdl-git}}}}}}<br />
* {{App|Vocal|Simple Podcast Client for the Modern Desktop (GTK+).|https://launchpad.net/vocal|{{AUR|vocal-bzr}}}}<br />
<br />
==== Usenet newsreaders & newsgrabbers ====<br />
<br />
Some [[#Email_clients|email clients]] also support NNTP. This section mainly lists NNTP-only client.<br />
<br />
See also: [[Wikipedia:List of Usenet newsreaders]], [[Wikipedia:Comparison of Usenet newsreaders]].<br />
<br />
* {{app|lottanzb|A ''SABnzbd+'' (Usenet binary downloader) GUI front-end written in PyGTK|http://www.lottanzb.org/|{{aur|lottanzb}}}}<br />
* {{app|nn|Alternative more user-friendly(curses-based) Usenet newsreader for UNIX.|http://www.nndev.org/|{{aur|nn}}{{Broken package link|{{aur-mirror|nn}}}}}}<br />
* {{app|[[NZBGet]]|CLI Utility to grab Usenet binary file using .nzb files.|http://nzbget.sourceforge.net/|{{pkg|nzbget}}}}<br />
* {{app|[[Wikipedia:Pan_(newsreader)|pan]]|A GTK2 Usenet newsreader that's good at both text and binaries.|http://pan.rebelbase.com/|{{aur|pan}}}}<br />
* {{app|[[Wikipedia:slrn|slrn]]|An open source text-based news client.|http://www.slrn.org/|{{pkg|slrn}}}}<br />
* {{app|[[Wikipedia:Tin_(newsreader)|tin]]|A cross-platform threaded NNTP and spool based UseNet newsreader.|http://tin.org/|{{aur|tin}}}}<br />
* {{app|trn|A text-based Threaded Usenet newsreader.|http://trn.sourceforge.net/|{{aur|trn}}}}<br />
* {{app|[[Wikipedia:XPN_(newsreader)|XPN]]|A graphical newsreader use PyGTK.|http://xpn.altervista.org/index-en.html|{{aur|xpn}}{{Broken package link|{{aur-mirror|xpn}}}}}}<br />
* {{app|xrn|Usenet newsreader for X Window System.|http://www.mit.edu/people/jik/software/xrn.html|{{aur|xrn}}}}<br />
<br />
==== Blog software ====<br />
See also [[Wikipedia:Blog software]] and [[Wikipedia:List of content management systems]].<br />
<br />
* {{App|[[Drupal]]|An open source content management platform powering millions of websites and applications. It is built, used, and supported by an active and diverse community of people around the world.|http://drupal.org/|{{Pkg|drupal}}}}<br />
* {{App|[[Ghost]]|Blogging platform written in JavaScript and distributed under the MIT License, designed to simplify the process of online publishing for individual bloggers as well as online publications.|https://ghost.org/|{{AUR|ghost}}}}<br />
* {{App|Hexo|A fast, simple & powerful blog framework, powered by Node.js.|http://hexo.io|{{AUR|nodejs-hexo}}}}<br />
* {{App|[[Jekyll]]|A static blog engine, written in Ruby, which supports Markdown, textile and other formats.|http://jekyllrb.com/|{{AUR|ruby-jekyll}}}}<br />
* {{App|Nanoblogger|A small weblog engine written in Bash for the command line. It uses common UNIX tools such as cat, grep, and sed to create static HTML content. It is not mantained anymore.|http://nanoblogger.sourceforge.net/|{{Pkg|nanoblogger}}}}<br />
* {{App|Nikola|A static site generator written in Python, with incremental rebuilds and multiple markup formats.|https://getnikola.com/|{{AUR|python-nikola}}}}<br />
* {{app|Pelican|A static site generator, powered by Python.|http://docs.getpelican.com/en/3.5.0/|{{aur|pelican}}}}<br />
* {{App|[[Wordpress]]|An easy to setup and administer FLOSS content management system featuring a strong and vibrant community with thousands of plugins and themes.|http://wordpress.org/|{{Pkg|wordpress}}}}<br />
<br />
==== Microblogging clients ====<br />
<br />
See also [[Wikipedia:List of Twitter services and applications]].<br />
<br />
* {{App|Birdie|A beautiful Twitter client for GNU/Linux, currently [http://www.birdieapp.eu/2014/10/26/birdie-2-status.html under active development].|http://birdieapp.github.io/ |{{AUR|birdie}}{{Broken package link|{{aur-mirror|birdie}}}}}}<br />
* {{App|Choqok|Microblogging client for KDE that supports Twitter.com, Pump.io, GNU social and opendesktop.org services.|http://choqok.gnufolks.org/|{{Pkg|choqok}}}}<br />
* {{App|Corebird|Native Gtk+ Twitter client for the Linux desktop.|http://corebird.baedert.org/|{{AUR|corebird-git}}}}<br />
* {{App|[[Wikipedia:Gwibber|Gwibber]]|GTK-based microblogging client with support for Facebook, Identi.ca, Twitter, Flickr, Foursquare, Sina and Sohu.|http://gwibber.com/|{{AUR|gwibber}}{{Broken package link|{{aur-mirror|gwibber}}}}}}<br />
* {{App|[[Wikipedia:Hotot (program)|Hotot]]|Lightweight and open source microblogging client with support for Twitter and Identi.ca and integration with various image sharing services and URL shorteners [http://hotot.org/ (discontinued)].|http://hotot.org|{{AUR|hotot}}{{Broken package link|{{aur-mirror|hotot}}}}}}<br />
* {{App|Pino|Simple and fast client for Twitter and Identi.ca written in [[Wikipedia:Vala (programming language)|Vala]].|http://pino-app.appspot.com/|{{AUR|pino}}{{Broken package link|{{aur-mirror|pino}}}}}}<br />
* {{App|Polly|Linux Twitter client designed for multiple columns of multiple accounts.|https://launchpad.net/polly/|{{AUR|polly}}}}<br />
* {{App|Qwit|Cross-platform client for Twitter using the Qt toolkit.|http://code.google.com/p/qwit/|{{AUR|qwit}}{{Broken package link|{{aur-mirror|qwit}}}}}}<br />
* {{App|ttytter|Easily scriptable twitter client written in Perl.|http://www.floodgap.com/software/ttytter/|{{Pkg|ttytter}}}}<br />
* {{App|Turpial|Multi-interface Twitter client written in Python.|http://turpial.org.ve/|{{AUR|turpial-git}}}}<br />
* {{App|tyrs|Simple client for Twitter and Identi.ca supporting virtually all its features with nice console UI (unmaintained).|http://tyrs.nicosphere.net/ {{Dead link|2014|07|17}}|{{AUR|tyrs}}{{Broken package link|{{aur-mirror|tyrs}}}}}}<br />
* {{App|turses|Twitter client for the console based off {{AUR|tyrs}}{{Broken package link|{{aur-mirror|tyrs}}}} with major improvements.|http://turses.rtfd.org/|{{AUR|turses}}}}<br />
<br />
=== Pastebin clients ===<br />
<br />
See also [[Wikipedia:Pastebin]].<br />
<br />
Pastebin services are often used to quote text or images while collaborating and troubleshooting. Pastebin clients provide a convenient way to post from the command line.<br />
<br />
{{Tip| You can access the [https://ptpb.pw ptpb.pw], [http://sprunge.us/ sprunge.us] and [http://ix.io/ ix.io] pastebins using curl. For example pipe the output of a command to ptpb: {{bc|''command'' <nowiki>| curl -F c=@- https://ptpb.pw </nowiki>}} or upload a file (including images): {{bc|<nowiki>curl -F c=@- https://ptpb.pw < </nowiki>''file''}}}}<br />
<br />
{{Note| [http://pastebin.com/ pastebin.com] is blocked for some people and has a history of annoying issues (javascript, adverts, poor formatting, etc).}}<br />
<br />
* {{App|codepad-git|A codepad.org pastebin client written in python.|http://www.codepad.org|{{AUR|codepad-git}}{{Broken package link|{{aur-mirror|codepad-git}}}}}}<br />
* {{App|Elmer|Pastebin client similar to wgetpaste and curlpaste, except written in Perl and usable with wget or curl. Servers: [http://codepad.org/ codepad.org], [http://rafb.me/ rafb.me], [http://sprunge.us/ sprunge.us].|https://github.com/sudokode/elmer|{{AUR|elmer}}}}<br />
* {{App|Fb-client|Client for the [http://paste.xinu.at/ paste.xinu.at] pastebin.|http://paste.xinu.at|{{Pkg|fb-client}}}}<br />
* {{App|Gist|Command-line interface for the [https://gist.github.com/ gist.github.com] pastebin service.|http://github.com/defunkt/gist|{{Pkg|gist}}}}<br />
* {{App|Haste|Universal pastebin tool, written in Haskell. Servers: [http://hpaste.org/ hpaste.org], [http://paste2.org/ paste2.org], [http://pastebin.com/ pastebin.com] and others.|http://hackage.haskell.org/package/haste|{{AUR|ruby-haste}} {{AUR|ruby-haste-git}}}}<br />
* {{App|Hg-paste|Pastebin extension for Mercurial which can send diffs to various pastebin websites for easy sharing. Servers: [http://dpaste.com/ dpaste.com] and [http://dpaste.org/ dpaste.org].|http://bitbucket.org/sjl/hg-paste|{{AUR|hg-paste}}{{Broken package link|{{aur-mirror|hg-paste}}}}}}<br />
* {{App|imgur|A CLI client which can upload image to [http://imgur.com imgur.com] image sharing service.|http://imgur.com/apps|{{AUR|imgur}}}}<br />
* {{App|Ix|Client for the ix.io pastebin.|http://ix.io|{{AUR|ix}}}}<br />
* {{App|Npaste-client|Client for the [http://npaste.de/ npaste.de] pastebin.|http://npaste.de|{{AUR|npaste-client}}{{Broken package link|{{aur-mirror|npaste-client}}}}}}<br />
* {{App|Pastebinit|Really small Python script that acts as a Pastebin client. Servers: [http://pastie.org/ pastie.org], [http://paste.kde.org/ paste.kde.org], [http://paste.debian.net/ paste.debian.net], [http://paste.ubuntu.com/ paste.ubuntu.com] and others (for a full list see {{ic|pastebinit -l}}).|http://launchpad.net/pastebinit|{{Pkg|pastebinit}}}}<br />
* {{App|paste-binouse|C++ standalone pastebin web server|https://github.com/abique/paste-binouse|{{AUR|paste-binouse}}{{Broken package link|{{aur-mirror|paste-binouse}}}}}}<br />
* {{App|pb|A very fast, lightweight pastebin and general file uploader written in python with a ton of features.|https://ptpb.pw|{{AUR|ptpb}}{{Broken package link|{{aur-mirror|ptpb}}}}}}<br />
* {{App|Uppity|The pastebin client with an attitude.|https://github.com/Kiwi/Uppity|{{AUR|uppity-git}}}}<br />
* {{App|Vim-gist|Vim script for [https://gist.github.com/ gist.github.com].| http://www.vim.org/scripts/script.php?script_id&#61;2423 |{{AUR|vim-gist}}{{Broken package link|{{aur-mirror|vim-gist}}}}}}<br />
* {{App|Vim-paster|Vim plugin to paste to any pastebin service using curl.|http://eugeneciurana.com/site.php?page&#61;tools|{{AUR|vim-paster}}{{Broken package link|{{aur-mirror|vim-paster}}}}}}<br />
* {{App|Wgetpaste|Bash script that automates pasting to a number of pastebin services. Servers: [http://pastebin.ca/ pastebin.ca], [http://codepad.org/ codepad.org], [http://dpaste.com/ dpaste.com] and [http://pastebin.osuosl.org/ pastebin.osuosl.org].|http://wgetpaste.zlin.dk/|{{Pkg|wgetpaste}}}}<br />
<br />
=== Bitcoin ===<br />
<br />
See the main article: [[Bitcoin]].<br />
<br />
* {{App|Armory|Bitcoin client with features such as support for multiple wallets, importing keys and backups.|https://github.com/etotheipi/BitcoinArmory|{{AUR|armory-git}}}}<br />
* {{App|[[Bitcoin]]|Official tool to manage Bitcoins, a P2P currency.|http://bitcoin.org/|{{Pkg|bitcoin-daemon}} {{Pkg|bitcoin-qt}}}}<br />
* {{App|Electrum|An easy to use Bitcoin client.|http://electrum.org/|{{Pkg|electrum}}}}<br />
* {{App|MultiBit|A lightweight Bitcoin desktop client powered by the BitCoinJ library.|https://multibit.org/|{{Pkg|multibit}}}}<br />
<br />
=== Surveying ===<br />
<br />
* {{App|[[Wikipedia:LimeSurvey|LimeSurvey]]|An open source on-line survey application. As a web server-based software it enables users to develop and publish on-line surveys, and collect responses, with no programming.|https://www.limesurvey.org/|{{AUR|limesurvey}}}}</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=399578S-nail2015-09-12T12:00:25Z<p>Sdaoden: man man man, smoothen that a bit, mention retain command plus</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.5''' of S-nail.<br />
Excerpt of latest ''NEWS'': ''-d'' / ''debug'' finally offers real dry-run tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
Using the ''-d''ebug flag results in a dry-run that doesn't perform any action for real (including ignorance of the current ''save'' and ''record'' settings).<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA), stating only wether message preparation was successful (or not).<br />
If the ''sendwait'' option is set, however, S-nail will wait for the started (builtin) MTA instance to exit and (instead) use the MTA exit status as its message delivery "success" or "failure" status.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and be used for address verification (the following for example allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The S-nail manual page tries to provide some kind of ''exponential learning-curve'' in its first sections, right after the option listing, and especially the sections "A starter", "Sending mail" and "Reading mail" should be worth a glance when looking for more "quick shots".<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone and place the following in the private user-specific configuration file, adjusting bold strings.<br />
By the way, by using the ''-n'' command line argument or by setting the ''$NAIL_NO_SYSTEM_RC'' environment variable it is possible to avoid that the global configuration file will be loaded, and by pointing the ''MAILRC'' environment variable to {{ic|/dev/null}} the unavoidable per-user configuration file can be turned behaviour neutral; we've used these possibilities in the detached script example above.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
The above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
Whereas '''p''' honours '''retain'''ed (or '''ignore'''d) list of headers to be displayed, the '''P'''rint command will not and display all headers;<br />
the '''Sh'''ow command will print raw message content.<br />
<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
The '''verify''' command verifies S/MIME messages, but note that S/MIME decryption and verification is solely based upon OpenSSL for now, which only supports messages with a simplicistic MIME structure. Sorry.<br />
By the way, if you miss hyperlinks and a table-of-content to get yourself going, the manual on the projects' website offers this; and the manual that ships with ArchLinux does, too, but needs the mdocmx(7) extension to be visible.<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=399563S-nail2015-09-12T11:23:54Z<p>Sdaoden: oh, no, i didn't introduce S/MIME support, it was only tweaked a little bit (??)</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.5''' of S-nail.<br />
Excerpt of latest ''NEWS'': ''-d'' / ''debug'' finally offers real dry-run tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, new ''smime-sign-message-digest'' variable, and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
We used the ''-d''ebug flag for this dry-run test.<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell you anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and used for address verification (the following allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The manual tries to provide some kind of ''exponential learning-curve'' in the first sections of the manual, right after the option listing.<br />
The sections "A starter", "Sending mail" and "Reading mail" should be worth a glance.<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone (using the ''-n'' command line switch or setting the ''$NAIL_NO_SYSTEM_RC'' environment variable will leave that one alone), and place the following in the private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, by the way, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
Use the '''verify''' command to verify S/MIME messages.<br />
Note that the S/MIME decryption and verification is solely based upon OpenSSL for now , but which only supports messages with simplicistic MIME structures.<br />
The manual on the projects' website contains a table-of-content and is fully linked, by the way.<br />
(Just as is the installed manual page, supposed you have the mdocmx(7) extension installed.)<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=398806S-nail2015-09-08T17:42:41Z<p>Sdaoden: Some v14.8.5 notes; try to slightly tweak for the new user (i hope more on that for v14.8.6)</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.5''' of S-nail.<br />
Excerpt of latest ''NEWS'': ''-d'' / ''debug'' finally offers real dry-run tests, extended '''@''' message specification, new '''source_if''' command, many bug fixes.<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), improved -t support, ''expandaddr'' fine-tuning, S/MIME support (including new ''smime-sign-message-digest'' variable) and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -d -s 'A subject' -a an_attachment.txt foo1@bar.example 'Foo2 <foo2@bar.example>'<br />
<br />
We used the ''-d''ebug flag for this dry-run test.<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (fine-tuning via ''sendmail-arguments'', ''sendmail-no-default-arguments'', ''sendmail-progname'', please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s 'My password file content!' public-foo@bar.example<br />
# echo Message was passed successfully: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell you anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands, respectively.<br />
Also ''expandaddr'' can be given a value and used for address verification (the following allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (except for ''-d''), provided that you have a '''somefile.pdf''', somewhere; it sets the ''record'' variable to the pathname of the folder used to record all outgoing mail, so that we then can look into the generated message:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null \<br />
# mailx -d -n -Sv15-compat -Ssendwait \<br />
# -Sexpandaddr=fail,-all,+addr \<br />
# -Snosave -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control \<br />
# -X'mimetype "application/pdf pdf"' \<br />
# -Sfrom='Me <me@home>' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar.example>' bob@hey.example<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
The manual tries to provide some kind of ''exponential learning-curve'' in the first sections of the manual, right after the option listing.<br />
The sections "A starter", "Sending mail" and "Reading mail" should be worth a glance.<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Thus let's leave that alone (using the ''-n'' command line switch or setting the ''$NAIL_NO_SYSTEM_RC'' environment variable will leave that one alone), and place the following in the private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template, which simply sets some security and send mode basics:<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: select allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When replying to or forwarding a message the comment and name<br />
# parts of email addresses are removed unless this variable is set<br />
set fullnames<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files.<br />
# That set is often sufficient, but look at the output of the<br />
# '''mimetype''' command to ensure this is true for you, too<br />
set mimetypes-load-control<br />
<br />
# Default directory where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under ''folder''<br />
# ''record'' is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox DEAD=+dead.mbox<br />
<br />
# Define some shortcuts; now one may say, e.g., '''file mymbo'''<br />
shortcut mymbo %:+mbox.mbox \<br />
myrec +sent.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''" <br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The global configuration /etc/mail.rc provides some commented basics;<br />
# in particular it shows all options that POSIX mandates as defaults.)<br />
<br />
# Start into interactive mode even if the system mailbox is empty or<br />
# doesn't exist. S-nail would exit immediately without that one<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize<br />
# composition, before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines;<br />
# without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may<br />
# require special flags, e.g., less(1) needs the -R option; S-nail will<br />
# however set the ''$LESS'' environment variable accordingly, but only if<br />
# that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt for a modern terminal<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history, and make that persistent<br />
set history-gabby NAIL_HISTFILE=+.s-nailhist NAIL_HISTSIZE=-1<br />
<br />
# When '''p'''rinting messages, show only these headers<br />
# (Easier to '''retain''' what you want than to '''ignore'''<br />
# what you don't; use '''P'''rint to see all headers and '''S'''how<br />
# to see the raw message content)<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it use '''list''' to print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, as via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, by the way, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
Use the '''verify''' command to verify S/MIME messages.<br />
Note that the S/MIME decryption and verification is solely based upon OpenSSL for now , but which only supports messages with simplicistic MIME structures.<br />
The manual on the projects' website contains a table-of-content and is fully linked, by the way.<br />
(Just as is the installed manual page, supposed you have the mdocmx(7) extension installed.)<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., use the following in resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=389495S-nail2015-07-31T22:44:36Z<p>Sdaoden: Heavily improve "V" macro</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.4''' of S-nail.<br />
Excerpt of latest ''NEWS'': improved -t support, ''expandaddr'' fine-tuning, S/MIME support (including new ''smime-sign-message-digest'' variable and a step-by-step manual).<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s subject some@where<br />
# echo Sending was successful: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell you anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands.<br />
Also ''expandaddr'' can be given a value and used for address verification (the following allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssendwait -Sexpandaddr=fail,-all,+addr \<br />
# -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, by the way, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
Use the '''verify''' command to verify S/MIME messages.<br />
The manual on the projects' website contains a table-of-content and is fully linked, by the way.<br />
(Just as is the installed manual page, supposed you have the mdocmx(7) extension installed.)<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., copy-and-paste the following into your resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
< \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk \<br />
-v TMPFILE=\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" '\<br />
BEGIN {done=0}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
if (done++ != 0)\<br />
next;\<br />
print \"--- GPG --verify ---\";\<br />
system(\"gpg --verify \" TMPFILE \" 2>&1\");\<br />
print \"--- GPG --verify ---\";\<br />
print \"\";\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ {\<br />
next;\<br />
}\<br />
{print}\<br />
'"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=389451S-nail2015-07-31T17:45:44Z<p>Sdaoden: More on upcoming v14.8.4; change *expandaddr* example to the new fine-tunable value. (S-nail will become an office software suite if Sourceforge is down much longer..)</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.4''' of S-nail.<br />
Excerpt of latest ''NEWS'': improved -t support, ''expandaddr'' fine-tuning, S/MIME support (including new ''smime-sign-message-digest'' variable and a step-by-step manual).<br />
''NEWS'' of older '''v14.8.x''' releases: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s subject some@where<br />
# echo Sending was successful: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell you anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands.<br />
Also ''expandaddr'' can be given a value and used for address verification (the following allows ''only'' network addressees), and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssendwait -Sexpandaddr=fail,-all,+addr \<br />
# -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, by the way, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
Use the '''verify''' command to verify S/MIME messages.<br />
The manual on the projects' website contains a table-of-content and is fully linked, by the way.<br />
(Just as is the installed manual page, supposed you have the mdocmx(7) extension installed.)<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., copy-and-paste the following into your resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
if < \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk '\<br />
BEGIN{estat = 1}\<br />
END{exit estat}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,\<br />
/^-----END PGP SIGNATURE-----/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
{print}\<br />
'; then \<br />
echo '>>>>>';\<br />
gpg --verify \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
fi"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=387195S-nail2015-07-23T13:09:08Z<p>Sdaoden: Yep, you need "set +C" again; be insolent and update for the upcoming v14.8.4 already</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.4''' of S-nail.<br />
Excerpt of the ''NEWS'': improved S/MIME support (including new ''smime-sign-message-digest'' variable and step-by-step manual), RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s subject some@where<br />
# echo Sending was successful: $?<br />
<br />
By default message delivery is asynchronously, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell you anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands.<br />
Also ''expandaddr'' can be given a value and used for address verification, and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssendwait -Sexpandaddr=fail,noalias \<br />
# -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set from="Your Name <youremail@domain>"<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using S/MIME ==<br />
<br />
The manual contains a step-by-step example of how to create your certificates etc. ("Signed and encrypted messages with S/MIME").<br />
Assuming you have your private key and signed certificate already, just create the paired file we need<br />
<br />
# cat private-key.pem signed-certificate.pem > ~/pair.pem<br />
<br />
and setup S-nail via<br />
<br />
set smime-sign-cert=~/pair.pem \<br />
smime-sign-message-digest=SHA256 \<br />
smime-sign<br />
<br />
From now any message that is sent will be signed.<br />
The default message digest would be SHA1, by the way, as mandated by RFC 5751.<br />
Note that S/MIME always works relative to the setting of the variable ''from'', so it seems best to instead place the above settings in an '''account'''.<br />
Use the '''verify''' command to verify S/MIME messages.<br />
The manual on the projects' website contains a table-of-content and is fully linked, by the way.<br />
(Just as is the installed manual page, supposed you have the mdocmx(7) extension installed.)<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages, and using command ghosts their usage becomes handy: e.g., copy-and-paste the following into your resource file and you will be able to verify a clearsigned message by just typing '''V''':<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
set +C;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
if < \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk '\<br />
BEGIN{estat = 1}\<br />
END{exit estat}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,\<br />
/^-----END PGP SIGNATURE-----/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
{print}\<br />
'; then \<br />
echo '>>>>>';\<br />
gpg --verify \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
fi"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
ghost V call V<br />
ghost RK call RK<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=387106S-nail2015-07-22T18:37:43Z<p>Sdaoden: Fix the gpg verification macro to not leak temporary file in weird cases</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s subject some@where<br />
# echo Sending was successful: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands.<br />
Also ''expandaddr'' can be given a value and used for address verification, and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssendwait -Sexpandaddr=fail,noalias \<br />
# -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages:<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set -C;\<br />
: > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
if < \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk '\<br />
BEGIN{estat = 1}\<br />
END{exit estat}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,\<br />
/^-----END PGP SIGNATURE-----/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
{print}\<br />
'; then \<br />
echo '>>>>>';\<br />
gpg --verify \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
fi"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=387082S-nail2015-07-22T15:30:12Z<p>Sdaoden: Add "Workaround missing OpenPGP support" section (note: NAIL_FILENAME_GENERATED bug, requires v14.8.4!)</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s subject some@where<br />
# echo Sending was successful: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands.<br />
Also ''expandaddr'' can be given a value and used for address verification, and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssendwait -Sexpandaddr=fail,noalias \<br />
# -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Workaround missing OpenPGP support ==<br />
<br />
S-nail doesn't yet support OpenPGP.<br />
However, using a macro it is possible to at least automatically verify inline ''--clearsign''ed messages:<br />
<br />
define V {<br />
localopts yes<br />
set pipe-text/plain="set +e;\<br />
cat > \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
trap \"rm -f \\\"${TMPDIR}/${NAIL_FILENAME_GENERATED}\\\"\" \<br />
EXIT INT QUIT PIPE TERM;\<br />
if < \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\" awk '\<br />
BEGIN{estat = 1}\<br />
END{exit estat}\<br />
/^-----BEGIN PGP SIGNED MESSAGE-----/,/^$/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
/^-----BEGIN PGP SIGNATURE-----/,\<br />
/^-----END PGP SIGNATURE-----/ {\<br />
estat=0;\<br />
next;\<br />
}\<br />
{print}\<br />
'; then \<br />
echo '>>>>>';\<br />
gpg --verify \"${TMPDIR}/${NAIL_FILENAME_GENERATED}\";\<br />
fi"<br />
print<br />
}<br />
define RK {<br />
!printf 'Key IDs to gpg --recv-keys: ';\<br />
read keyids;\<br />
gpg --recv-keys ${keyids};<br />
}<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=387064S-nail2015-07-22T13:17:43Z<p>Sdaoden: Talk on *expandaddr*=fail,noalias and -. command line option</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s subject some@where<br />
# echo Sending was successful: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands.<br />
Also ''expandaddr'' can be given a value and used for address verification, and the ''-.'' command line option will terminate option processing and turn on message send mode: together these form active barriers to prevent misinterpretation of address arguments as command line options and other injection attacks.<br />
E.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssendwait -Sexpandaddr=fail,noalias \<br />
# -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject \<br />
# -. '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=387062S-nail2015-07-22T13:10:51Z<p>Sdaoden: Mention *sendwait* in the quick shot, thanks to the Forum</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# < /etc/passwd mailx -Ssendmail=/usr/bin/sendmail -Ssendwait -s subject some@where<br />
# echo Sending was successful: $?<br />
<br />
By default message delivery is asynchronous, and S-nail will exit as soon as the prepared message has been passed over to the delivery mechanism (the MTA or the builtin SMTP MTA).<br />
Like this its exit status won't tell anything about delivery success, but only wether preparation succeeded!<br />
Set the ''sendwait'' option to change that and become aware of delivery errors, too.<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands; e.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat -Ssendwait \<br />
# -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=382140S-nail2015-07-14T14:38:56Z<p>Sdaoden: ridiculous, drop CoverityScan 0.00 defect density statement again, sorry..</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many small improvements.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands; e.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run and use a faked ''smtp'' run for that), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssmtp -Ssmtp-auth=none -Sfrom='Me <me@home>' \<br />
# -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=382125S-nail2015-07-14T10:27:50Z<p>Sdaoden: ..and then mention in that very example that we use -d(ebug), for a dry-run. Uff.</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many fixes (leading to a Coverity Scan defect density of 0.00).<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands; e.g., the following example can be used "as is" (we enable debug via ''-d'' for a dry-run and use a faked ''smtp'' run for that), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssmtp -Ssmtp-auth=none -Sfrom='Me <me@home>' \<br />
# -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=382124S-nail2015-07-14T10:25:38Z<p>Sdaoden: Even better. Perhaps. I.., i hope so</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many fixes (leading to a Coverity Scan defect density of 0.00).<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands; e.g., the following example can be used "as is" (we use a faked ''smtp'' run for that), provided that you have a '''somefile.pdf''', somewhere:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssmtp -Ssmtp-auth=none -Sfrom='Me <me@home>' \<br />
# -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a '''somefile.pdf''' -s Subject '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=382123S-nail2015-07-14T10:21:55Z<p>Sdaoden: Tweak a bit, improve for-in-script example, including -X usage</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.3''' of S-nail.<br />
Excerpt of the ''NEWS'': RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), simple builtin HTML viewer, freely configurable spam-checker hooks, command line and addressee hardening (new '''-.''' option, ''expandargv'' and ''expandaddr'' variables), and many fixes (leading to a Coverity Scan defect density of 0.00).<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
(Note however that S-nail does not (yet) include a mail-queue mechanism and thus simply tries to send the message over SMTP, directly and immediately.)<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' and ''-X'' command line flags to create their own setup and run necessary commands:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sv15-compat \<br />
# -Ssmtp -Ssmtp-auth=none -Sfrom='Me <me@home>' \<br />
# -Srecord=/tmp/out.mbox \<br />
# -Smimetypes-load-control -X'mimetype "application/pdf pdf"' \<br />
# -a somefile.pdf -s Subject '(foo2bar) <foo2@bar>' bob@hey.you<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then, e.g.<br />
# ''ssl-protocol-'''USER'''@archlinux.org''="-ALL,+TLSv1.2"<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=373355S-nail2015-05-11T13:39:31Z<p>Sdaoden: Unbelievable! *reply-in-same-charset* wasn't yet Wikified!</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.0''' of S-nail.<br />
Making the manual more user-friendly was a major target for this release, and reading the introductional manual sections "A starter", "Sending mail" and "Reading mail" may give the answers you are looking for.<br />
The following is however a shorter excerpt of the mentioned plus the "An example configuration" manual section; in fact this Wiki page served as a template for the manual.<br />
Excerpt of major innovations: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), Maildir and IMAP support fixed, simple builtin HTML viewer, freely configurable spam-checker hooks, improved '''if''' conditionals, command line and addressee hardening ('''-.''' option, ''expandargv'', ''expandaddr'').<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' command line flag to create their own setup:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox -s Subject '(foo2bar) <foo2@bar>'<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# A very kind option: when replying to a message, first try to<br />
# use the same encoding that the original poster used herself!<br />
set reply-in-same-charset<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=372858S-nail2015-05-07T13:04:12Z<p>Sdaoden: Some tweaks (e.g., smtp-auth defaults to plain now); excerpt of major innovations</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.0''' of S-nail.<br />
Making the manual more user-friendly was a major target for this release, and reading the introductional manual sections "A starter", "Sending mail" and "Reading mail" may give the answers you are looking for.<br />
The following is however a shorter excerpt of the mentioned plus the "An example configuration" manual section; in fact this Wiki page served as a template for the manual.<br />
Excerpt of major innovations: RFC 2231 support, mailing-list support (''followup-to'', ''followup-to-honour'', ''reply-to-honour'', '''Lreply''', '''mlist''', '''mlsubscribe'''), Maildir and IMAP support fixed, simple builtin HTML viewer, freely configurable spam-checker hooks, improved '''if''' conditionals, command line and addressee hardening ('''-.''' option, ''expandargv'', ''expandaddr'').<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can (and should) "detach" from configuration files and use the ''-S'' command line flag to create their own setup:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox -s Subject '(foo2bar) <foo2@bar>'<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login[/plain]...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts yes<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
# Type '''xp''' to login to the POP3 account<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
# Type '''xi''' to login to the IMAP account<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
# Learn another mimetype<br />
mimetype 'model/vrml wrl vrml'<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which either allows interactive editing of the attachment list, or, when given arguments, to add a(n) (comma-separated list of) additional attachment(s).<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=372574S-nail2015-05-04T19:45:41Z<p>Sdaoden: Sigh, now i managed to mess up unrelated parts of the target example :/</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.0''' of S-nail.<br />
Making the manual more user-friendly was a major target for this release, and reading the introductional manual sections "A starter", "Sending mail" and "Reading mail" may give the answers you are looking for.<br />
The following is however a shorter excerpt of the mentioned plus the "An example configuration" manual section; in fact this Wiki page served as a template for the manual.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can "detach" from configuration files and use the ''-S'' command line flag to create their own setup:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox -s Subject '(foo2bar) <foo2@bar>'<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Setting ''smtp-auth'' is usually needed, most likely it will be ''smtp-auth=plain''.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login/plain...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts 1<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com \<br />
smtp-auth=plain smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which allows the attachment list to be edited.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaodenhttps://wiki.archlinux.org/index.php?title=S-nail&diff=372573S-nail2015-05-04T19:44:19Z<p>Sdaoden: Move mailing-list config to the general config (from "Interactive usage")</p>
<hr />
<div>[[Category:Email clients]]<br />
S-nail is a mail processing system with a command syntax reminiscent of ed with lines replaced by messages.<br />
It is intended to provide the functionality of the POSIX mailx command and offers (mostly optional) extensions for line editing, IDNA, MIME, S/MIME, SMTP and POP3 (and IMAP).<br />
It is usable as a mail batch language.<br />
<br />
This overview page was updated for version '''v14.8.0''' of S-nail.<br />
Making the manual more user-friendly was a major target for this release, and reading the introductional manual sections "A starter", "Sending mail" and "Reading mail" may give the answers you are looking for.<br />
The following is however a shorter excerpt of the mentioned plus the "An example configuration" manual section; in fact this Wiki page served as a template for the manual.<br />
<br />
S-nail is a direct descendant of the BSD Mail program that was introduced in 1978 (itself superceeding the simpler UNIX mail program) and used to introduce itself (in the Mail reference manual) as follows:<br />
<br />
:''Mail provides a simple and friendly environment for sending and receiving mail.''<br />
:''It divides incoming mail into its constituent messages and allows the user to deal with them in any order.''<br />
:''In addition, it provides a set of ed‐like commands for manipulating messages and sending mail.''<br />
:''Mail offers the user simple editing capabilities to ease the composition of outgoing messages, as well as providing the ability to define and send to names which address groups of users.''<br />
<br />
S-nail is thus the ''user side'' of the Unix mail system, whereas the ''system side'' was traditionally taken by [[sendmail]].<br />
In Arch Linux S-nail supports direct mail delivery via SMTP, so that messages can be send directly to external SMTP servers: In this very mode of operation no local mail-transfer-agent (MTA) is necessary on the ''system side''.<br />
<br />
== Quick shot ==<br />
<br />
Because the systemwide Arch Linux configuration file ({{ic|/etc/mail.rc}}) brings in some useful standard settings, sending mail over a local mail-transfer-agent (MTA), such as [[sendmail]] or [[postfix]], can be as easy as follows:<br />
<br />
# echo 'Message body' | mailx -s 'A subject' -a an_attachment.txt foo1@bar 'Foo2 <foo2@bar>'<br />
<br />
You can adjust the program which is used as a MTA by setting the variable ''sendmail'' (''sendmail-progname'' can be used for more fine-tuning as necessary, please see the manual, "Sending mail"):<br />
<br />
# echo bla | mailx -Ssendmail=/usr/bin/sendmail -s subject some@where<br />
<br />
Sending messages to file and command "addresses" (not over the MTA) is possible if the ''expandaddr'' option is set:<br />
<br />
# echo bla | mailx -Sexpandaddr -s test ./mbox.mbox<br />
# echo bla | mailx -Sexpandaddr -s test '|cat >> ./mbox.mbox'<br />
<br />
To avoid environmental noise scripts can "detach" from configuration files and use the ''-S'' command line flag to create their own setup:<br />
<br />
# echo Body |<br />
# LC_ALL=C MAILRC=/dev/null mailx -dn -Sfrom='Me <me@home>' -Srecord=/tmp/out.mbox -s Subject '(foo2bar) <foo2@bar>'<br />
# mailx -Rf /tmp/out.mbox<br />
<br />
== First configuration adjustments ==<br />
<br />
Configuration files are the user-specific {{ic|$HOME/.mailrc}} and the systemwide {{ic|/etc/mail.rc}}, the latter of which is subject to the usual ArchLinux update mechanism.<br />
Place the following in your private user-specific configuration file, adjusting bold strings.<br />
And note that all the remaining examples in this document are based upon this configuration template.<br />
<br />
# All the examples require v15-compat!<br />
set v15-compat<br />
<br />
# ArchLinux-specific locations of certificates.<br />
# Since these are subject to the ArchLinux update mechanism,<br />
# use only those, don't try to load OpenSSL builtin ones.<br />
# And use the TLS specific set: see "man 8 update-ca-trust"<br />
#set ssl-ca-dir=/etc/ssl/certs<br />
set ssl-ca-file=/etc/ssl/certs/ca-certificates.crt<br />
set ssl-no-default-ca<br />
<br />
# Don't use protocols olders than TLS v1.2.<br />
# Change this only when the remote server doesn't support it:<br />
# maybe use ssl-protocol-HOST (or -USER@HOST) syntax to define<br />
# such explicit exceptions, then<br />
set ssl-protocol="-ALL,+TLSv1.2"<br />
<br />
# Explicitly define the list of ciphers, which may improve security,<br />
# especially with protocols older than TLS v1.2. See ciphers(1).<br />
# Hint: it is important to include "@STRENGTH": only with it the<br />
# final list will be sorted by algorithm strength.<br />
# This is an example: in reality it is possibly best to only use<br />
# ssl-cipher-list-HOST (or -USER@HOST), as necessary, again..<br />
set ssl-cipher-list="ALL:!aNULL:!MEDIUM:!LOW:!MD5:!RC4:!EXPORT:@STRENGTH"<br />
<br />
# Request strict transport security checks<br />
set ssl-verify=strict<br />
<br />
# Essential setting: choose allowed character sets<br />
# (Have a look at the "CHARACTER SETS" manual section)<br />
set sendcharsets=utf-8,iso-8859-1<br />
<br />
# When sending messages, wait until the Mail-Transfer-Agent finishs.<br />
# Only like this you'll be able to see errors reported through the exit<br />
# status of the MTA (including the builtin SMTP one)!<br />
set sendwait<br />
<br />
# Only use builtin MIME types, no mime.types(5) files<br />
set mimetypes-load-control<br />
<br />
# Default directories where we act in (relative to $HOME)<br />
set folder=mail<br />
# A leading "+" (often) means: under *folder*<br />
# *record* is used to save copies of sent messages<br />
set MBOX=+mbox.mbox record=+sent.mbox \<br />
DEAD=+dead.mbox<br />
<br />
# This is optional, but you should get the big picture<br />
# by reading the manual before you leave that off<br />
set from="'''Your Name <youremail@domain>'''"<br />
<br />
# Mailing-list specifics (manual: "Mailing lists"):<br />
set followup-to followup-to-honour=ask-yes reply-to-honour=ask-yes<br />
# And teach some non-subscribed / some subscribed lists, too<br />
mlist @xyz-editor.xyz$ @xyzf.xyz$<br />
mlsubscribe ^xfans@xfans.xyz$<br />
<br />
Note that the above combination of SSL/TLS configuration results in the most secure end-to-end TLS transport that is possible at the time of this writing.<br />
There are public mail providers who declassify this user-end to provider-end transport security as "lesser secure applications", unless special authentication methods are used which fetch the user credentials (password) from the provider servers.<br />
Such methods are not supported by S-nail.<br />
It does support encrypted local password storage and SMTP via GSS-API, however, the latter of which also stores user credentials on the provider side.<br />
<br />
When in the below '''USER''' and '''PASS''' informations are specified as part of an URL (other possibilities exist) they must become URL percent encoded; S-nail offers the '''urlencode''' command which does this for you:<br />
<br />
# printf 'urlencode USER PASS\nx\n' | mailx -#<br />
<br />
Of course: printf as well as S-nail / mailx are subject to your locale settings:<br />
<br />
# # In UTF-8:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (5 bytes)<br />
out: <SPA%C3%9F> (9 bytes)<br />
# # In ISO-8859-1:<br />
# printf 'urlencode SPAß\nx\n' | mailx -#<br />
in: <SPAß> (4 bytes)<br />
out: <SPA%DF> (6 bytes)<br />
<br />
== Sending mail with an external SMTP server ==<br />
<br />
To send messages via the builtin SMTP (Simple Mail Transfer Protocol) client to an external SMTP server, several options have to be set or adjusted.<br />
Add the following as appropriate to the configuration as above, changing bold strings.<br />
Setting ''smtp-auth'' is usually needed, most likely it will be ''smtp-auth=plain''.<br />
<br />
# It may be necessary to set ''hostname'' and/or ''smtp-hostname''<br />
# if the "SERVER" of ''smtp'' and "domain" of ''from'' don't match.<br />
# Reading the "ON URL SYNTAX.." and ''smtp'' manual entries may be worthwhile<br />
# (Remember '''USER''' and '''PASS''' must be URL percent encoded)<br />
set smtp='''(smtp[s]/submission)://[USER[:PASS]@]SERVER[:PORT]''' \<br />
smtp-auth='''login/plain...''' \<br />
smtp-use-starttls<br />
<br />
# E.g. here is a real life example of a very huge free mail provider<br />
# (Activate this account via ''mailx -AXooglX'' from the command line,<br />
# or use the ''? acc[ount] XooglX'' command in interactive mode)<br />
account XooglX {<br />
# Localize options, forget them when changing the account<br />
localopts 1<br />
# (The plain smtp:// proto is optional)<br />
set smtp='''USER:PASS'''@smtp.gmXil.com \<br />
smtp-auth=plain smtp-use-starttls<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
# And here is a pretty large one which does not allow sending mails<br />
# if there is a domain name mismatch ''on the SMTP protocol level'',<br />
# which would bite us if the value of ''from'' does not match, e.g.,<br />
# for people who have a sXXXXeforge project and want to speak<br />
# with the mailing list under their project account (in ''from''),<br />
# still sending the message through their normal mail provider<br />
account XandeX {<br />
localopts yes<br />
set smtp=smtps://'''USER:PASS'''@smtp.yaXXex.ru:465 \<br />
hostname=yaXXex.com smtp-hostname=<br />
set from="'''Your Name <youremail@domain>'''"<br />
}<br />
<br />
Note that, when storing passwords in {{ic|$HOME/.mailrc}}, you should set appropriate permissions with {{ic|chmod 0600}}.<br />
You can also set the ''netrc-lookup'' option and store user credentials in {{ic|$HOME/.netrc}} (or ''$NETRC'') instead; e.g., here is a real life example that sets up SMTP, POP3 as well as IMAP, storing all user credentials in there:<br />
<br />
account XandeX {<br />
localopts yes<br />
set netrc-lookup<br />
#set agent-shell-lookup="gpg -d .pass.gpg"<br />
set smtp=smtps://smtp.yXXXXx.ru:465 \<br />
smtp-hostname= hostname=yXXXXx.com<br />
set pop3-keepalive=240<br />
shortcut pop pop3s://pop.yXXXXx.ru<br />
ghost xp 'fi pop'<br />
set imap-keepalive=240<br />
shortcut imap imaps://imap.yXXXXx.ru<br />
ghost xi 'fi imap'<br />
}<br />
<br />
and, in {{ic|$HOME/.netrc}}:<br />
<br />
machine *.yXXXXx.ru login '''USER''' password '''PASS'''<br />
<br />
(Here '''USER''' and '''PASS''' are clear text, not URL encoded.)<br />
You can furtherly diversify things and use encrypted password storage, since ArchLinux compiles in password agent support.<br />
To adjust the example, simply don't specify the ''password '''PASS''''' token in {{ic|$HOME/.netrc}} but instead uncomment the ''agent-shell-lookup'' line in the example account above.<br />
The encrypted password storage {{ic|.pass.gpg}} can be created like this:<br />
<br />
# echo '''PASS''' > .pass<br />
# gpg -e .pass<br />
# eval `gpg-agent --daemon --pinentry-program=/usr/bin/pinentry-curses --max-cache-ttl 99999 --default-cache-ttl 99999`<br />
<br />
Test the configuration (use the ''-d'' command line option for a(n almost) dry-run):<br />
<br />
# echo test-body | mailx -vv -A XandeX -s test-subject '''some@where'''<br />
<br />
== Interactive usage ==<br />
<br />
The ArchLinux version of S-nail includes the builtin command line editor with history capabilities as well as regular expression and coloured message display support.<br />
Because S-nail strives for POSIX standard compliance some settings have to be adjusted before using it interactively doesn't baffle all descriptions, however.<br />
Reading the manual is unavoidable, but add, at a minimum, the following on top of the example configuration:<br />
<br />
# (The template configuration /etc/mail.rc also provides some commented basics;<br />
# in particular it shows all options that POSIX mandates at program startup)<br />
<br />
# Start into interactive mode even if the standard mailbox is empty<br />
set emptystart<br />
<br />
# When composing a message, let period `.' on a line by itself finalize composition,<br />
# before start directly into ''$EDITOR''<br />
set dot <br />
set editalong<br />
<br />
# Start ''$PAGER'' when a message is longer than VALUE lines; without VALUE: screen ''$LINES''<br />
set crt=<br />
<br />
# Colourize headers when displaying messages (note that ''$PAGER'' may require special flags,<br />
# e.g., less(1) needs the -R option; S-nail will however set the ''$LESS'' environment<br />
# variable accordingly, but only if that was not set before..)<br />
set colour-pager<br />
<br />
# A nicer prompt<br />
set prompt="\033[31m?\?[\$ \@]\& \033[0m"<br />
<br />
# Add more entries to the history<br />
set history-gabby<br />
<br />
# Make the history persistent <br />
set NAIL_HISTFILE=+.s-nailhist<br />
set NAIL_HISTSIZE=-1<br />
<br />
# When displaying messages, show only these headers<br />
retain date from to cc subject<br />
<br />
# Try to get around weird MIME attachment specifications<br />
# (This option can take a value, see the manual for more)<br />
set mime-counter-evidence<br />
<br />
# Display HTML parts inline, nicer than what the builtin viewer can achieve<br />
#set pipe-text/html="lynx -stdin -dump -force_html"<br />
<br />
# Create some new commands so that, e.g., `ls /tmp' will..<br />
ghost ls !ls -latro<br />
ghost ps !ps axu<br />
<br />
Once you're in it, the command '''list''' will print all available builtin commands.<br />
ArchLinux compiles in the "DOCSTRINGS" feature, so that typing `?X' tries to expand "X" and print a help string; since S-nail will allow abbreviations of all commands this is sometimes handy; try, e.g., '''?h''', '''?he''' and '''?hel''' ...<br />
The command '''help''' will print a short summary of the most frequent used commands.<br />
<br />
=== I'm in! ===<br />
<br />
When starting into interactive mode a summary of the content of the initially opened mailbox is printed, via the '''headers''' command.<br />
In the header display messages are given numbers (starting at 1) which uniquely identify messages.<br />
Messages can be printed with the '''print''' command, or short: '''p'''.<br />
By default the current message (dot) is printed, but just like with many other commands it is possible to specify lists of messages, as is documented in the manual section "Specifying messages"; e.g., '''p:u''' will display all unread messages, '''p.''' will print the dot, '''p 1 5''' will print the messages 1 and 5 and '''p-''' and '''p+''' will print the last and the next message, respectively.<br />
Note that simply typing RETURN in an empty line acts like '''next''' ('''n'''), and thus prints the next message.<br />
<br />
The command '''from''' ('''f''') is nice for an overview, e.g., '''f '@<@arch linux'''' will print the header summary of all messages that contain the string "arch linux" in some message header, whereas '''f '@arch linux'''' will only match those with "arch linux" in their subject;<br />
finally, the regular expression '''f @^A[^[:space:]]+''' finds... well, a complaint of the ArchWiki maintainer about the content of this page, ugh;<br />
that is, be aware that quoting may be necessary when there is whitespace in search expressions etc.<br />
<br />
* '''file''' and '''File''' open a new mailbox, the latter in readonly mode (which can be handy to avoid flag updates etc.)<br />
* '''newmail''' (dependent on the mailbox, checks for new mail and) prints a listing of new messages<br />
* '''he''' (headers) reprints the message list<br />
* '''z-''', '''z+''', '''z0''', '''z$''' scroll through the header display (dependent on the terminal you are using the Home/End/PageUp/PageDown keys will be working aliases)<br />
* '''folders''' shows a listing of mailboxes under the currently set ''folder''<br />
* '''r''' replies to all addressees of the given message(s)<br />
* '''R''' replies to the sender of the given message(s)<br />
* '''Lreply''' "mailing-list" reply to the given message(s)<br />
* '''move''' or '''mv''' moves (a) message(s)<br />
* '''(un)flag''' marks (a) message(s) as (un)flagged<br />
* '''new''' marks (a) message(s) unread<br />
* '''seen''' marks (a) message(s) read<br />
* '''P''' prints (a) message(s) with all headers<br />
* '''p''' prints (a) message(s) and all non-ignored headers.<br />
* '''show''' prints the raw message of content of (a) message(s)<br />
<br />
=== Message composition ===<br />
<br />
Composition is started by typing '''mail user@host''' or by replying to a message.<br />
When you return from ''$EDITOR'' (assuming ''editalong'' is set) you'll find yourself in the native editor, where many operations can be performed using tilde escapes (short help available via '''~?''').<br />
Of particular interest is '''~@''', which allows the attachment list to be edited.<br />
<br />
To send the mail, signal EOT with {{ic|Ctrl+d}} or type "." on its own line (the latter requires the ''dot'' option).<br />
<br />
== Using an IMAP mailbox ==<br />
<br />
The following is only a quick hint, it is also possible to define ''folder'' to point to an IMAP server folder, for example.<br />
<br />
set v15-compat<br />
<br />
# or many servers will expire the session<br />
set imap-keepalive=240<br />
set imap-cache=~/.imap_cache<br />
<br />
# You may want to define shortcuts to folders, for example:<br />
shortcut myimap "'''imaps://USER:PASS@server:port"</div>Sdaoden