2Command mox is a modern, secure, full-featured, open source mail server for
3low-maintenance self-hosted email.
5Mox is started with the "serve" subcommand, but mox also has many other
8Many of those commands talk to a running mox instance, through the ctl file in
9the data directory. Specify the configuration file (that holds the path to the
10data directory) through the -config flag or MOXCONF environment variable.
12Commands that don't talk to a running mox instance are often for
13testing/debugging email functionality. For example for parsing an email message,
14or looking up SPF/DKIM/DMARC records.
16Below is the usage information as printed by the command when started without
17any parameters. Followed by the help and usage information for each command.
21 mox [-config config/mox.conf] [-pedantic] ...
23 mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
25 mox setaccountpassword account
27 mox loglevels [level [pkg]]
28 mox queue holdrules list
29 mox queue holdrules add [ruleflags]
30 mox queue holdrules remove ruleid
31 mox queue list [filtersortflags]
32 mox queue hold [filterflags]
33 mox queue unhold [filterflags]
34 mox queue schedule [filterflags] [-now] duration
35 mox queue transport [filterflags] transport
36 mox queue requiretls [filterflags] {yes | no | default}
37 mox queue fail [filterflags]
38 mox queue drop [filterflags]
40 mox queue retired list [filtersortflags]
41 mox queue retired print id
42 mox queue suppress list [-account account]
43 mox queue suppress add account address
44 mox queue suppress remove account address
45 mox queue suppress lookup [-account account] address
46 mox queue webhook list [filtersortflags]
47 mox queue webhook schedule [filterflags] duration
48 mox queue webhook cancel [filterflags]
49 mox queue webhook print id
50 mox queue webhook retired list [filtersortflags]
51 mox queue webhook retired print id
52 mox import maildir accountname mailboxname maildir
53 mox import mbox accountname mailboxname mbox
54 mox export maildir [-single] dst-dir account-path [mailbox]
55 mox export mbox [-single] dst-dir account-path [mailbox]
57 mox help [command ...]
59 mox verifydata data-dir
62 mox config dnscheck domain
63 mox config dnsrecords domain
64 mox config describe-domains >domains.conf
65 mox config describe-static >mox.conf
66 mox config account list
67 mox config account add account address
68 mox config account rm account
69 mox config account disable account message
70 mox config account enable account
71 mox config address add address account
72 mox config address rm address
73 mox config domain add [-disabled] domain account [localpart]
74 mox config domain rm domain
75 mox config domain disable domain
76 mox config domain enable domain
77 mox config tlspubkey list [account]
78 mox config tlspubkey get fingerprint
79 mox config tlspubkey add address [name] < cert.pem
80 mox config tlspubkey rm fingerprint
81 mox config tlspubkey gen stem
82 mox config alias list domain
83 mox config alias print alias
84 mox config alias add alias@domain rcpt1@domain ...
85 mox config alias update alias@domain [-postpublic false|true -listmembers false|true -allowmsgfrom false|true]
86 mox config alias rm alias@domain
87 mox config alias addaddr alias@domain rcpt1@domain ...
88 mox config alias rmaddr alias@domain rcpt1@domain ...
89 mox config describe-sendmail >/etc/moxsubmit.conf
90 mox config printservice >mox.service
91 mox config ensureacmehostprivatekeys
92 mox config example [name]
93 mox admin imapserve preauth-address
96 mox clientconfig domain
97 mox dane dial host:port
98 mox dane dialmx domain [destination-host]
99 mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
100 mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
101 mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
102 mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
103 mox dkim lookup selector domain
104 mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
105 mox dkim verify message
106 mox dkim sign message
107 mox dmarc lookup domain
108 mox dmarc parsereportmsg message ...
109 mox dmarc verify remoteip mailfromaddress helodomain < message
110 mox dmarc checkreportaddrs domain
111 mox dnsbl check zone ip
112 mox dnsbl checkhealth zone
113 mox mtasts lookup domain
114 mox rdap domainage domain
115 mox retrain [accountname]
116 mox sendmail [-Fname] [ignoredflags] [-t] [<message]
117 mox smtp dial host[:port]
118 mox spf check domain ip
119 mox spf lookup domain
120 mox spf parse txtrecord
121 mox tlsrpt lookup domain
122 mox tlsrpt parsereportmsg message ...
124 mox webapi [method [baseurl-with-credentials]
126 mox bumpuidvalidity account [mailbox]
127 mox reassignuids account [mailboxid]
128 mox fixuidmeta account
129 mox fixmsgsize [account]
130 mox reparse [account]
131 mox ensureparsed account
132 mox recalculatemailboxcounts account
133 mox message parse message.eml
134 mox reassignthreads [account]
138Start mox, serving SMTP/IMAP/HTTPS.
140Incoming email is accepted over SMTP. Email can be retrieved by users using
141IMAP. HTTP listeners are started for the admin/account web interfaces, and for
142automated TLS configuration. Missing essential TLS certificates are immediately
143requested, other TLS certificates are requested on demand.
145Only implemented on unix systems, not Windows.
151Quickstart generates configuration files and prints instructions to quickly set up a mox instance.
153Quickstart writes configuration files, prints initial admin and account
154passwords, DNS records you should create. If you run it on Linux it writes a
155systemd service file and prints commands to enable and start mox as service.
157All output is written to quickstart.log for later reference.
159The user or uid is optional, defaults to "mox", and is the user or uid/gid mox
160will run as after initialization.
162Quickstart assumes mox will run on the machine you run quickstart on and uses
163its host name and public IPs. On many systems the hostname is not a fully
164qualified domain name, but only the first dns "label", e.g. "mail" in case of
165"mail.example.org". If so, quickstart does a reverse DNS lookup to find the
166hostname, and as fallback uses the label plus the domain of the email address
167you specified. Use flag -hostname to explicitly specify the hostname mox will
170Mox is by far easiest to operate if you let it listen on port 443 (HTTPS) and
17180 (HTTP). TLS will be fully automatic with ACME with Let's Encrypt.
173You can run mox along with an existing webserver, but because of MTA-STS and
174autoconfig, you'll need to forward HTTPS traffic for two domains to mox. Run
175"mox quickstart -existing-webserver ..." to generate configuration files and
176instructions for configuring mox along with an existing webserver.
178But please first consider configuring mox on port 443. It can itself serve
179domains with HTTP/HTTPS, including with automatic TLS with ACME, is easily
180configured through both configuration files and admin web interface, and can act
181as a reverse proxy (and static file server for that matter), so you can forward
182traffic to your existing backend applications. Look for "WebHandlers:" in the
183output of "mox config describe-domains" and see the output of
184"mox config example webhandlers".
186 usage: mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
188 use if a webserver is already running, so mox won't listen on port 80 and 443; you'll have to provide tls certificates/keys, and configure the existing webserver as reverse proxy, forwarding requests to mox.
190 hostname mox will run on, by default the hostname of the machine quickstart runs on; if specified, the IPs for the hostname are configured for the public listener
192 skip check for outgoing smtp (port 25) connectivity or for domain age with rdap
196Shut mox down, giving connections maximum 3 seconds to stop before closing them.
198While shutting down, new IMAP and SMTP connections will get a status response
199indicating temporary unavailability. Existing connections will get a 3 second
200period to finish their transaction and shut down. Under normal circumstances,
201only IMAP has long-living connections, with the IDLE command to get notified of
206# mox setaccountpassword
208Set new password an account.
210The password is read from stdin. Secrets derived from the password, but not the
211password itself, are stored in the account database. The stored secrets are for
212authentication with: scram-sha-256, scram-sha-1, cram-md5, plain text (bcrypt
215The parameter is an account name, as configured under Accounts in domains.conf
216and as present in the data/accounts/ directory, not a configured email address
219 usage: mox setaccountpassword account
221# mox setadminpassword
223Set a new admin password, for the web interface.
225The password is read from stdin. Its bcrypt hash is stored in a file named
226"adminpasswd" in the configuration directory.
228 usage: mox setadminpassword
232Print the log levels, or set a new default log level, or a level for the given package.
234By default, a single log level applies to all logging in mox. But for each
235"pkg", an overriding log level can be configured. Examples of packages:
236smtpserver, smtpclient, queue, imapserver, spf, dkim, dmarc, junk, message,
239Specify a pkg and an empty level to clear the configured level for a package.
241Valid labels: error, info, debug, trace, traceauth, tracedata.
243 usage: mox loglevels [level [pkg]]
245# mox queue holdrules list
247List hold rules for the delivery queue.
249Messages submitted to the queue that match a hold rule will be marked as on hold
250and not scheduled for delivery.
252 usage: mox queue holdrules list
254# mox queue holdrules add
256Add hold rule for the delivery queue.
258Add a hold rule to mark matching newly submitted messages as on hold. Set the
259matching rules with the flags. Don't specify any flags to match all submitted
262 usage: mox queue holdrules add [ruleflags]
264 account submitting the message
270# mox queue holdrules remove
272Remove hold rule for the delivery queue.
274Remove a hold rule by its id.
276 usage: mox queue holdrules remove ruleid
280List matching messages in the delivery queue.
282Prints the message with its ID, last and next delivery attempts, last error.
284 usage: mox queue list [filtersortflags]
286 account that queued the message
288 sort ascending instead of descending (default)
290 from address of message, use "@example.com" to match all messages for a domain
292 true or false, whether to match only messages that are (not) on hold
294 comma-separated list of message IDs
296 number of messages to return
298 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
300 field to sort by, "nextattempt" (default) or "queued"
302 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
304 recipient address of message, use "@example.com" to match all messages for a domain
306 transport to use for messages, empty string sets the default behaviour
310Mark matching messages on hold.
312Messages that are on hold are not delivered until marked as off hold again, or
313otherwise handled by the admin.
315 usage: mox queue hold [filterflags]
317 account that queued the message
319 from address of message, use "@example.com" to match all messages for a domain
321 true or false, whether to match only messages that are (not) on hold
323 comma-separated list of message IDs
325 number of messages to return
327 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
329 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
331 recipient address of message, use "@example.com" to match all messages for a domain
333 transport to use for messages, empty string sets the default behaviour
337Mark matching messages off hold.
339Once off hold, messages can be delivered according to their current next
340delivery attempt. See the "queue schedule" command.
342 usage: mox queue unhold [filterflags]
344 account that queued the message
346 from address of message, use "@example.com" to match all messages for a domain
348 true or false, whether to match only messages that are (not) on hold
350 comma-separated list of message IDs
352 number of messages to return
354 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
356 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
358 recipient address of message, use "@example.com" to match all messages for a domain
360 transport to use for messages, empty string sets the default behaviour
364Change next delivery attempt for matching messages.
366The next delivery attempt is adjusted by the duration parameter. If the -now
367flag is set, the new delivery attempt is set to the duration added to the
368current time, instead of added to the current scheduled time.
370Schedule immediate delivery with "mox queue schedule -now 0".
372 usage: mox queue schedule [filterflags] [-now] duration
374 account that queued the message
376 from address of message, use "@example.com" to match all messages for a domain
378 true or false, whether to match only messages that are (not) on hold
380 comma-separated list of message IDs
382 number of messages to return
384 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
386 schedule for duration relative to current time instead of relative to current next delivery attempt for messages
388 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
390 recipient address of message, use "@example.com" to match all messages for a domain
392 transport to use for messages, empty string sets the default behaviour
396Set transport for matching messages.
398By default, the routing rules determine how a message is delivered. The default
399and common case is direct delivery with SMTP. Messages can get a previously
400configured transport assigned to use for delivery, e.g. using submission to
401another mail server or with connections over a SOCKS proxy.
403 usage: mox queue transport [filterflags] transport
405 account that queued the message
407 from address of message, use "@example.com" to match all messages for a domain
409 true or false, whether to match only messages that are (not) on hold
411 comma-separated list of message IDs
413 number of messages to return
415 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
417 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
419 recipient address of message, use "@example.com" to match all messages for a domain
421 transport to use for messages, empty string sets the default behaviour
423# mox queue requiretls
425Set TLS requirements for delivery of matching messages.
427Value "yes" is handled as if the RequireTLS extension was specified during
430Value "no" is handled as if the message has a header "TLS-Required: No". This
431header is not added by the queue. If messages without this header are relayed
432through other mail servers they will apply their own default TLS policy.
434Value "default" is the default behaviour, currently for unverified opportunistic
437 usage: mox queue requiretls [filterflags] {yes | no | default}
439 account that queued the message
441 from address of message, use "@example.com" to match all messages for a domain
443 true or false, whether to match only messages that are (not) on hold
445 comma-separated list of message IDs
447 number of messages to return
449 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
451 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
453 recipient address of message, use "@example.com" to match all messages for a domain
455 transport to use for messages, empty string sets the default behaviour
459Fail delivery of matching messages, delivering DSNs.
461Failing a message is handled similar to how delivery is given up after all
462delivery attempts failed. The DSN (delivery status notification) message
463contains a line saying the message was canceled by the admin.
465 usage: mox queue fail [filterflags]
467 account that queued the message
469 from address of message, use "@example.com" to match all messages for a domain
471 true or false, whether to match only messages that are (not) on hold
473 comma-separated list of message IDs
475 number of messages to return
477 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
479 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
481 recipient address of message, use "@example.com" to match all messages for a domain
483 transport to use for messages, empty string sets the default behaviour
487Remove matching messages from the queue.
489Dangerous operation, this completely removes the message. If you want to store
490the message, use "queue dump" before removing.
492 usage: mox queue drop [filterflags]
494 account that queued the message
496 from address of message, use "@example.com" to match all messages for a domain
498 true or false, whether to match only messages that are (not) on hold
500 comma-separated list of message IDs
502 number of messages to return
504 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
506 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
508 recipient address of message, use "@example.com" to match all messages for a domain
510 transport to use for messages, empty string sets the default behaviour
514Dump a message from the queue.
516The message is printed to stdout and is in standard internet mail format.
518 usage: mox queue dump id
520# mox queue retired list
522List matching messages in the retired queue.
524Prints messages with their ID and results.
526 usage: mox queue retired list [filtersortflags]
528 account that queued the message
530 sort ascending instead of descending (default)
532 from address of message, use "@example.com" to match all messages for a domain
534 comma-separated list of retired message IDs
536 filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
538 number of messages to return
540 "success" or "failure" as result of delivery
542 field to sort by, "lastactivity" (default) or "queued"
544 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
546 recipient address of message, use "@example.com" to match all messages for a domain
548 transport to use for messages, empty string sets the default behaviour
550# mox queue retired print
552Print a message from the retired queue.
554Prints a JSON representation of the information from the retired queue.
556 usage: mox queue retired print id
558# mox queue suppress list
560Print addresses in suppression list.
562 usage: mox queue suppress list [-account account]
564 only show suppression list for this account
566# mox queue suppress add
568Add address to suppression list for account.
570 usage: mox queue suppress add account address
572# mox queue suppress remove
574Remove address from suppression list for account.
576 usage: mox queue suppress remove account address
578# mox queue suppress lookup
580Check if address is present in suppression list, for any or specific account.
582 usage: mox queue suppress lookup [-account account] address
584 only check address in specified account
586# mox queue webhook list
588List matching webhooks in the queue.
590Prints list of webhooks, their IDs and basic information.
592 usage: mox queue webhook list [filtersortflags]
594 account that queued the message/webhook
596 sort ascending instead of descending (default)
598 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
600 comma-separated list of webhook IDs
602 number of webhooks to return
604 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
606 field to sort by, "nextattempt" (default) or "queued"
608 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
610# mox queue webhook schedule
612Change next delivery attempt for matching webhooks.
614The next delivery attempt is adjusted by the duration parameter. If the -now
615flag is set, the new delivery attempt is set to the duration added to the
616current time, instead of added to the current scheduled time.
618Schedule immediate delivery with "mox queue schedule -now 0".
620 usage: mox queue webhook schedule [filterflags] duration
622 account that queued the message/webhook
624 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
626 comma-separated list of webhook IDs
628 number of webhooks to return
630 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
632 schedule for duration relative to current time instead of relative to current next delivery attempt for webhooks
634 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
636# mox queue webhook cancel
638Fail delivery of matching webhooks.
640 usage: mox queue webhook cancel [filterflags]
642 account that queued the message/webhook
644 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
646 comma-separated list of webhook IDs
648 number of webhooks to return
650 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
652 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
654# mox queue webhook print
656Print details of a webhook from the queue.
658The webhook is printed to stdout as JSON.
660 usage: mox queue webhook print id
662# mox queue webhook retired list
664List matching webhooks in the retired queue.
666Prints list of retired webhooks, their IDs and basic information.
668 usage: mox queue webhook retired list [filtersortflags]
670 account that queued the message/webhook
672 sort ascending instead of descending (default)
674 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
676 comma-separated list of retired webhook IDs
678 filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
680 number of webhooks to return
682 field to sort by, "lastactivity" (default) or "queued"
684 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
686# mox queue webhook retired print
688Print details of a webhook from the retired queue.
690The retired webhook is printed to stdout as JSON.
692 usage: mox queue webhook retired print id
696Import a maildir into an account.
698The mbox/maildir archive is accessed and imported by the running mox process, so
699it must have access to the archive files. The default suggested systemd service
700file isolates mox from most of the file system, with only the "data/" directory
701accessible, so you may want to put the mbox/maildir archive files in a
702directory like "data/import/" to make it available to mox.
704By default, messages will train the junk filter based on their flags and, if
705"automatic junk flags" configuration is set, based on mailbox naming.
707If the destination mailbox is the Sent mailbox, the recipients of the messages
708are added to the message metadata, causing later incoming messages from these
709recipients to be accepted, unless other reputation signals prevent that.
711Users can also import mailboxes/messages through the account web page by
712uploading a zip or tgz file with mbox and/or maildirs.
714Messages are imported even if already present. Importing messages twice will
715result in duplicate messages.
717Mailbox flags, like "seen", "answered", will be imported. An optional
718dovecot-keywords file can specify additional flags, like Forwarded/Junk/NotJunk.
720 usage: mox import maildir accountname mailboxname maildir
724Import an mbox into an account.
726Using mbox is not recommended, maildir is a better defined format.
728The mbox/maildir archive is accessed and imported by the running mox process, so
729it must have access to the archive files. The default suggested systemd service
730file isolates mox from most of the file system, with only the "data/" directory
731accessible, so you may want to put the mbox/maildir archive files in a
732directory like "data/import/" to make it available to mox.
734By default, messages will train the junk filter based on their flags and, if
735"automatic junk flags" configuration is set, based on mailbox naming.
737If the destination mailbox is the Sent mailbox, the recipients of the messages
738are added to the message metadata, causing later incoming messages from these
739recipients to be accepted, unless other reputation signals prevent that.
741Users can also import mailboxes/messages through the account web page by
742uploading a zip or tgz file with mbox and/or maildirs.
744Messages are imported even if already present. Importing messages twice will
745result in duplicate messages.
747 usage: mox import mbox accountname mailboxname mbox
751Export one or all mailboxes from an account in maildir format.
753Export bypasses a running mox instance. It opens the account mailbox/message
754database file directly. This may block if a running mox instance also has the
755database open, e.g. for IMAP connections. To export from a running instance, use
756the accounts web page or webmail.
758 usage: mox export maildir [-single] dst-dir account-path [mailbox]
760 export single mailbox, without any children. disabled if mailbox isn't specified.
764Export messages from one or all mailboxes in an account in mbox format.
766Using mbox is not recommended. Maildir is a better format.
768Export bypasses a running mox instance. It opens the account mailbox/message
769database file directly. This may block if a running mox instance also has the
770database open, e.g. for IMAP connections. To export from a running instance, use
771the accounts web page or webmail.
773For mbox export, "mboxrd" is used where message lines starting with the magic
774"From " string are escaped by prepending a >. All ">*From " are escaped,
775otherwise reconstructing the original could lose a ">".
777 usage: mox export mbox [-single] dst-dir account-path [mailbox]
779 export single mailbox, without any children. disabled if mailbox isn't specified.
783Start a local SMTP/IMAP server that accepts all messages, useful when testing/developing software that sends email.
785Localserve starts mox with a configuration suitable for local email-related
786software development/testing. It listens for SMTP/Submission(s), IMAP(s) and
787HTTP(s), on the regular port numbers + 1000.
789Data is stored in the system user's configuration directory under
790"mox-localserve", e.g. $HOME/.config/mox-localserve/ on linux, but can be
791overridden with the -dir flag. If the directory does not yet exist, it is
792automatically initialized with configuration files, an account with email
793address mox@localhost and password moxmoxmox, and a newly generated self-signed
796Incoming messages are delivered as normal, falling back to accepting and
797delivering to the mox account for unknown addresses.
798Submitted messages are added to the queue, which delivers by ignoring the
799destination servers, always connecting to itself instead.
801Recipient addresses with the following localpart suffixes are handled specially:
803- "temperror": fail with a temporary error code
804- "permerror": fail with a permanent error code
805- [45][0-9][0-9]: fail with the specific error code
806- "timeout": no response (for an hour)
808If the localpart begins with "mailfrom" or "rcptto", the error is returned
809during those commands instead of during "data".
811 usage: mox localserve
813 configuration storage directory (default "$userconfigdir/mox-localserve")
815 write configuration files and exit
817 serve on this ip instead of default 127.0.0.1 and ::1. only used when writing configuration, at first launch.
821Prints help about matching commands.
823If multiple commands match, they are listed along with the first line of their help text.
824If a single command matches, its usage and full help text is printed.
826 usage: mox help [command ...]
830Creates a backup of the config and data directory.
832Backup copies the config directory to <destdir>/config, and creates
833<destdir>/data with a consistent snapshot of the databases and message files
834and copies other files from the data directory. Empty directories are not
835copied. The backup can then be stored elsewhere for long-term storage, or used
836to fall back to should an upgrade fail. Simply copying files in the data
837directory while mox is running can result in unusable database files.
839Message files never change (they are read-only, though can be removed) and are
840hard-linked so they don't consume additional space. If hardlinking fails, for
841example when the backup destination directory is on a different file system, a
842regular copy is made. Using a destination directory like "data/tmp/backup"
843increases the odds hardlinking succeeds: the default systemd service file
844specifically mounts the data directory, causing attempts to hardlink outside it
845to fail with an error about cross-device linking.
847All files in the data directory that aren't recognized (i.e. other than known
848database files, message files, an acme directory, the "tmp" directory, etc),
849are stored, but with a warning.
851Remove files in the destination directory before doing another backup. The
852backup command will not overwrite files, but print and return errors.
854Exit code 0 indicates the backup was successful. A clean successful backup does
855not print any output, but may print warnings. Use the -verbose flag for
856details, including timing.
858To restore a backup, first shut down mox, move away the old data directory and
859move an earlier backed up directory in its place, run "mox verifydata
860<datadir>", possibly with the "-fix" option, and restart mox. After the
861restore, you may also want to run "mox bumpuidvalidity" for each account for
862which messages in a mailbox changed, to force IMAP clients to synchronize
865Before upgrading, to check if the upgrade will likely succeed, first make a
866backup, then use the new mox binary to run "mox verifydata <backupdir>/data".
867This can change the backup files (e.g. upgrade database files, move away
868unrecognized message files), so you should make a new backup before actually
871 usage: mox backup destdir
877Verify the contents of a data directory, typically of a backup.
879Verifydata checks all database files to see if they are valid BoltDB/bstore
880databases. It checks that all messages in the database have a corresponding
881on-disk message file and there are no unrecognized files. If option -fix is
882specified, unrecognized message files are moved away. This may be needed after
883a restore, because messages enqueued or delivered in the future may get those
884message sequence numbers assigned and writing the message file would fail.
885Consistency of message/mailbox UID, UIDNEXT and UIDVALIDITY is verified as
888Because verifydata opens the database files, schema upgrades may automatically
889be applied. This can happen if you use a new mox release. It is useful to run
890"mox verifydata" with a new binary before attempting an upgrade, but only on a
891copy of the database files, as made with "mox backup". Before upgrading, make a
892new backup again since "mox verifydata" may have upgraded the database files,
893possibly making them potentially no longer readable by the previous version.
895 usage: mox verifydata data-dir
897 fix fixable problems, such as moving away message files not referenced by their database
899 skip the check for message size
903Print licenses of mox source code and dependencies.
909Parses and validates the configuration files.
911If valid, the command exits with status 0. If not valid, all errors encountered
914 usage: mox config test
918Check the DNS records with the configuration for the domain, and print any errors/warnings.
920 usage: mox config dnscheck domain
922# mox config dnsrecords
924Prints annotated DNS records as zone file that should be created for the domain.
926The zone file can be imported into existing DNS software. You should review the
927DNS records, especially if your domain previously/currently has email
930 usage: mox config dnsrecords domain
932# mox config describe-domains
934Prints an annotated empty configuration for use as domains.conf.
936The domains configuration file contains the domains and their configuration,
937and accounts and their configuration. This includes the configured email
938addresses. The mox admin web interface, and the mox command line interface, can
939make changes to this file. Mox automatically reloads this file when it changes.
941Like the static configuration, the example domains.conf printed by this command
942needs modifications to make it valid.
944 usage: mox config describe-domains >domains.conf
946# mox config describe-static
948Prints an annotated empty configuration for use as mox.conf.
950The static configuration file cannot be reloaded while mox is running. Mox has
951to be restarted for changes to the static configuration file to take effect.
953This configuration file needs modifications to make it valid. For example, it
954may contain unfinished list items.
956 usage: mox config describe-static >mox.conf
958# mox config account list
962Each account is printed on a line, with optional additional tab-separated
963information, such as "(disabled)".
965 usage: mox config account list
967# mox config account add
969Add an account with an email address and reload the configuration.
971Email can be delivered to this address/account. A password has to be configured
972explicitly, see the setaccountpassword command.
974 usage: mox config account add account address
976# mox config account rm
978Remove an account and reload the configuration.
980Email addresses for this account will also be removed, and incoming email for
981these addresses will be rejected.
983All data for the account will be removed.
985 usage: mox config account rm account
987# mox config account disable
989Disable login for an account, showing message to users when they try to login.
991Incoming email will still be accepted for the account, and queued email from the
992account will still be delivered. No new login sessions are possible.
994Message must be non-empty, ascii-only without control characters including
995newline, and maximum 256 characters because it is used in SMTP/IMAP.
997 usage: mox config account disable account message
999# mox config account enable
1001Enable login again for an account.
1003Login attempts by the user no long result in an error message.
1005 usage: mox config account enable account
1007# mox config address add
1009Adds an address to an account and reloads the configuration.
1011If address starts with a @ (i.e. a missing localpart), this is a catchall
1012address for the domain.
1014 usage: mox config address add address account
1016# mox config address rm
1018Remove an address and reload the configuration.
1020Incoming email for this address will be rejected after removing an address.
1022 usage: mox config address rm address
1024# mox config domain add
1026Adds a new domain to the configuration and reloads the configuration.
1028The account is used for the postmaster mailboxes the domain, including as DMARC and
1029TLS reporting. Localpart is the "username" at the domain for this account. If
1030must be set if and only if account does not yet exist.
1032The domain can be created in disabled mode, preventing automatically requesting
1033TLS certificates with ACME, and rejecting incoming/outgoing messages involving
1034the domain, but allowing further configuration of the domain.
1036 usage: mox config domain add [-disabled] domain account [localpart]
1038 disable the new domain
1040# mox config domain rm
1042Remove a domain from the configuration and reload the configuration.
1044This is a dangerous operation. Incoming email delivery for this domain will be
1047 usage: mox config domain rm domain
1049# mox config domain disable
1051Disable a domain and reload the configuration.
1053This is a dangerous operation. Incoming/outgoing messages involving this domain
1056 usage: mox config domain disable domain
1058# mox config domain enable
1060Enable a domain and reload the configuration.
1062Incoming/outgoing messages involving this domain will be accepted again.
1064 usage: mox config domain enable domain
1066# mox config tlspubkey list
1068List TLS public keys for TLS client certificate authentication.
1070If account is absent, the TLS public keys for all accounts are listed.
1072 usage: mox config tlspubkey list [account]
1074# mox config tlspubkey get
1076Get a TLS public key for a fingerprint.
1078Prints the type, name, account and address for the key, and the certificate in
1081 usage: mox config tlspubkey get fingerprint
1083# mox config tlspubkey add
1085Add a TLS public key to the account of the given address.
1087The public key is read from the certificate.
1089The optional name is a human-readable descriptive name of the key. If absent,
1090the CommonName from the certificate is used.
1092 usage: mox config tlspubkey add address [name] < cert.pem
1094 Don't automatically switch new IMAP connections authenticated with this key to "authenticated" state after the TLS handshake. For working around clients that ignore the untagged IMAP PREAUTH response and try to authenticate while already authenticated.
1096# mox config tlspubkey rm
1098Remove TLS public key for fingerprint.
1100 usage: mox config tlspubkey rm fingerprint
1102# mox config tlspubkey gen
1104Generate an ed25519 private key and minimal certificate for use a TLS public key and write to files starting with stem.
1106The private key is written to $stem.$timestamp.ed25519privatekey.pkcs8.pem.
1107The certificate is written to $stem.$timestamp.certificate.pem.
1108The private key and certificate are also written to
1109$stem.$timestamp.ed25519privatekey-certificate.pem.
1111The certificate can be added to an account with "mox config account tlspubkey add".
1113The combined file can be used with "mox sendmail".
1115The private key is also written to standard error in raw-url-base64-encoded
1116form, also for use with "mox sendmail". The fingerprint is written to standard
1117error too, for reference.
1119 usage: mox config tlspubkey gen stem
1121# mox config alias list
1123Show aliases (lists) for domain.
1125 usage: mox config alias list domain
1127# mox config alias print
1129Print settings and members of alias (list).
1131 usage: mox config alias print alias
1133# mox config alias add
1135Add new alias (list) with one or more addresses and public posting enabled.
1137An alias is used for delivering incoming email to multiple recipients. If you
1138want to add an address to an account, don't use an alias, just add the address
1141 usage: mox config alias add alias@domain rcpt1@domain ...
1143# mox config alias update
1145Update alias (list) configuration.
1147 usage: mox config alias update alias@domain [-postpublic false|true -listmembers false|true -allowmsgfrom false|true]
1148 -allowmsgfrom string
1149 whether alias address can be used in message from header
1151 whether list members can list members
1153 whether anyone or only list members can post
1155# mox config alias rm
1159 usage: mox config alias rm alias@domain
1161# mox config alias addaddr
1163Add addresses to alias (list).
1165 usage: mox config alias addaddr alias@domain rcpt1@domain ...
1167# mox config alias rmaddr
1169Remove addresses from alias (list).
1171 usage: mox config alias rmaddr alias@domain rcpt1@domain ...
1173# mox config describe-sendmail
1175Describe configuration for mox when invoked as sendmail.
1177 usage: mox config describe-sendmail >/etc/moxsubmit.conf
1179# mox config printservice
1181Prints a systemd unit service file for mox.
1183This is the same file as generated using quickstart. If the systemd service file
1184has changed with a newer version of mox, use this command to generate an up to
1187 usage: mox config printservice >mox.service
1189# mox config ensureacmehostprivatekeys
1191Ensure host private keys exist for TLS listeners with ACME.
1193In mox.conf, each listener can have TLS configured. Long-lived private key files
1194can be specified, which will be used when requesting ACME certificates.
1195Configuring these private keys makes it feasible to publish DANE TLSA records
1196for the corresponding public keys in DNS, protected with DNSSEC, allowing TLS
1197certificate verification without depending on a list of Certificate Authorities
1198(CAs). Previous versions of mox did not pre-generate private keys for use with
1199ACME certificates, but would generate private keys on-demand. By explicitly
1200configuring private keys, they will not change automatedly with new
1201certificates, and the DNS TLSA records stay valid.
1203This command looks for listeners in mox.conf with TLS with ACME configured. For
1204each missing host private key (of type rsa-2048 and ecdsa-p256) a key is written
1205to config/hostkeys/. If a certificate exists in the ACME "cache", its private
1206key is copied. Otherwise a new private key is generated. Snippets for manually
1207updating/editing mox.conf are printed.
1209After running this command, and updating mox.conf, run "mox config dnsrecords"
1210for a domain and create the TLSA DNS records it suggests to enable DANE.
1212 usage: mox config ensureacmehostprivatekeys
1216List available config examples, or print a specific example.
1218 usage: mox config example [name]
1220# mox admin imapserve
1222Initiate a preauthenticated IMAP connection on file descriptor 0.
1224For use with tools that can do IMAP over tunneled connections, e.g. with SSH
1225during migrations. TLS is not possible on the connection, and authentication
1226does not require TLS.
1228 usage: mox admin imapserve preauth-address
1230 write IMAP to file descriptor 0 instead of stdout
1234Check if a newer version of mox is available.
1236A single DNS TXT lookup to _updates.xmox.nl tells if a new version is
1237available. If so, a changelog is fetched from https://updates.xmox.nl, and the
1238individual entries verified with a builtin public key. The changelog is
1241 usage: mox checkupdate
1245Turn an ID from a Received header into a cid, for looking up in logs.
1247A cid is essentially a connection counter initialized when mox starts. Each log
1248line contains a cid. Received headers added by mox contain a unique ID that can
1249be decrypted to a cid by admin of a mox instance only.
1255Print the configuration for email clients for a domain.
1257Sending email is typically not done on the SMTP port 25, but on submission
1258ports 465 (with TLS) and 587 (without initial TLS, but usually added to the
1259connection with STARTTLS). For IMAP, the port with TLS is 993 and without is
1262Without TLS/STARTTLS, passwords are sent in clear text, which should only be
1263configured over otherwise secured connections, like a VPN.
1265 usage: mox clientconfig domain
1269Dial the address using TLS with certificate verification using DANE.
1271Data is copied between connection and stdin/stdout until either side closes the
1274 usage: mox dane dial host:port
1276 allowed usages for dane, comma-separated list (default "pkix-ta,pkix-ee,dane-ta,dane-ee")
1280Connect to MX server for domain using STARTTLS verified with DANE.
1282If no destination host is specified, regular delivery logic is used to find the
1283hosts to attempt delivery too. This involves following CNAMEs for the domain,
1284looking up MX records, and possibly falling back to the domain name itself as
1287If a destination host is specified, that is the only candidate host considered
1290With a list of destinations gathered, each is dialed until a successful SMTP
1291session verified with DANE has been initialized, including EHLO and STARTTLS
1294Once connected, data is copied between connection and stdin/stdout, until
1295either side closes the connection.
1297This command follows the same logic as delivery attempts made from the queue,
1298sharing most of its code.
1300 usage: mox dane dialmx domain [destination-host]
1301 -ehlohostname string
1302 hostname to send in smtp ehlo command (default "localhost")
1304# mox dane makerecord
1306Print TLSA record for given certificate/key and parameters.
1309- usage: pkix-ta (0), pkix-ee (1), dane-ta (2), dane-ee (3)
1310- selector: cert (0), spki (1)
1311- matchtype: full (0), sha2-256 (1), sha2-512 (2)
1313Common DANE TLSA record parameters are: dane-ee spki sha2-256, or 3 1 1,
1314followed by a sha2-256 hash of the DER-encoded "SPKI" (subject public key info)
1315from the certificate. An example DNS zone file entry:
1317 _25._tcp.example.com. TLSA 3 1 1 133b919c9d65d8b1488157315327334ead8d83372db57465ecabf53ee5748aee
1319The first usable information from the pem file is used to compose the TLSA
1320record. In case of selector "cert", a certificate is required. Otherwise the
1321"subject public key info" (spki) of the first certificate or public or private
1322key (pkcs#8, pkcs#1 or ec private key) is used.
1324 usage: mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
1328Lookup DNS name of given type.
1330Lookup always prints whether the response was DNSSEC-protected.
1334mox dns lookup ptr 1.1.1.1
1335mox dns lookup mx xmox.nl
1336mox dns lookup txt _dmarc.xmox.nl.
1337mox dns lookup tlsa _25._tcp.xmox.nl
1339 usage: mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
1341# mox dkim gened25519
1343Generate a new ed25519 key for use with DKIM.
1345Ed25519 keys are much smaller than RSA keys of comparable cryptographic
1346strength. This is convenient because of maximum DNS message sizes. At the time
1347of writing, not many mail servers appear to support ed25519 DKIM keys though,
1348so it is recommended to sign messages with both RSA and ed25519 keys.
1350 usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
1354Generate a new 2048 bit RSA private key for use with DKIM.
1356The generated file is in PEM format, and has a comment it is generated for use
1359 usage: mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
1363Lookup and print the DKIM record for the selector at the domain.
1365 usage: mox dkim lookup selector domain
1369Print a DKIM DNS TXT record with the public key derived from the private key read from stdin.
1371The DNS should be configured as a TXT record at $selector._domainkey.$domain.
1373 usage: mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
1377Verify the DKIM signatures in a message and print the results.
1379The message is parsed, and the DKIM-Signature headers are validated. Validation
1380of older messages may fail because the DNS records have been removed or changed
1381by now, or because the signature header may have specified an expiration time
1384 usage: mox dkim verify message
1388Sign a message, adding DKIM-Signature headers based on the domain in the From header.
1390The message is parsed, the domain looked up in the configuration files, and
1391DKIM-Signature headers generated. The message is printed with the DKIM-Signature
1394 usage: mox dkim sign message
1398Lookup dmarc policy for domain, a DNS TXT record at _dmarc.<domain>, validate and print it.
1400 usage: mox dmarc lookup domain
1402# mox dmarc parsereportmsg
1404Parse a DMARC report from an email message, and print its extracted details.
1406DMARC reports are periodically mailed, if requested in the DMARC DNS record of
1407a domain. Reports are sent by mail servers that received messages with our
1408domain in a From header. This may or may not be legatimate email. DMARC reports
1409contain summaries of evaluations of DMARC and DKIM/SPF, which can help
1410understand email deliverability problems.
1412 usage: mox dmarc parsereportmsg message ...
1416Parse an email message and evaluate it against the DMARC policy of the domain in the From-header.
1418mailfromaddress and helodomain are used for SPF validation. If both are empty,
1419SPF validation is skipped.
1421mailfromaddress should be the address used as MAIL FROM in the SMTP session.
1422For DSN messages, that address may be empty. The helo domain was specified at
1423the beginning of the SMTP transaction that delivered the message. These values
1424can be found in message headers.
1426 usage: mox dmarc verify remoteip mailfromaddress helodomain < message
1428# mox dmarc checkreportaddrs
1430For each reporting address in the domain's DMARC record, check if it has opted into receiving reports (if needed).
1432A DMARC record can request reports about DMARC evaluations to be sent to an
1433email/http address. If the organizational domains of that of the DMARC record
1434and that of the report destination address do not match, the destination
1435address must opt-in to receiving DMARC reports by creating a DMARC record at
1436<dmarcdomain>._report._dmarc.<reportdestdomain>.
1438 usage: mox dmarc checkreportaddrs domain
1442Test if IP is in the DNS blocklist of the zone, e.g. bl.spamcop.net.
1444If the IP is in the blocklist, an explanation is printed. This is typically a
1445URL with more information.
1447 usage: mox dnsbl check zone ip
1449# mox dnsbl checkhealth
1451Check the health of the DNS blocklist represented by zone, e.g. bl.spamcop.net.
1453The health of a DNS blocklist can be checked by querying for 127.0.0.1 and
1454127.0.0.2. The second must and the first must not be present.
1456 usage: mox dnsbl checkhealth zone
1460Lookup the MTASTS record and policy for the domain.
1462MTA-STS is a mechanism for a domain to specify if it requires TLS connections
1463for delivering email. If a domain has a valid MTA-STS DNS TXT record at
1464_mta-sts.<domain> it signals it implements MTA-STS. A policy can then be
1465fetched at https://mta-sts.<domain>/.well-known/mta-sts.txt. The policy
1466specifies the mode (enforce, testing, none), which MX servers support TLS and
1467should be used, and how long the policy can be cached.
1469 usage: mox mtasts lookup domain
1473Lookup the age of domain in RDAP based on latest registration.
1475RDAP is the registration data access protocol. Registries run RDAP services for
1476their top level domains, providing information such as the registration date of
1477domains. This command looks up the "age" of a domain by looking at the most
1478recent "registration", "reregistration" or "reinstantiation" event.
1480Email messages from recently registered domains are often treated with
1481suspicion, and some mail systems are more likely to classify them as junk.
1483On each invocation, a bootstrap file with a list of registries (of top-level
1484domains) is retrieved, without caching. Do not run this command too often with
1487 usage: mox rdap domainage domain
1491Recreate and retrain the junk filter for the account or all accounts.
1493Useful after having made changes to the junk filter configuration, or if the
1494implementation has changed.
1496 usage: mox retrain [accountname]
1500Sendmail is a drop-in replacement for /usr/sbin/sendmail to deliver emails sent by unix processes like cron.
1502If invoked as "sendmail", it will act as sendmail for sending messages. Its
1503intention is to let processes like cron send emails. Messages are submitted to
1504an actual mail server over SMTP. The destination mail server and credentials are
1505configured in /etc/moxsubmit.conf, see mox config describe-sendmail. The From
1506message header is rewritten to the configured address. When the addressee
1507appears to be a local user, because without @, the message is sent to the
1508configured default address.
1510If submitting an email fails, it is added to a directory moxsubmit.failures in
1511the user's home directory.
1513Most flags are ignored to fake compatibility with other sendmail
1514implementations. A single recipient or the -t flag with a To-header is required.
1515With the -t flag, Cc and Bcc headers are not handled specially, so Bcc is not
1516removed and the addresses do not receive the email.
1518/etc/moxsubmit.conf should be group-readable and not readable by others and this
1519binary should be setgid that group:
1522 install -m 2755 -o root -g moxsubmit mox /usr/sbin/sendmail
1523 touch /etc/moxsubmit.conf
1524 chown root:moxsubmit /etc/moxsubmit.conf
1525 chmod 640 /etc/moxsubmit.conf
1526 # edit /etc/moxsubmit.conf
1529 usage: mox sendmail [-Fname] [ignoredflags] [-t] [<message]
1533Dial the address, initialize the SMTP session, including using STARTTLS to enable TLS if the server supports it.
1535If no port is specified, SMTP port 25 is used.
1537Data is copied between connection and stdin/stdout until either side closes the
1540The flags influence the TLS configuration, useful for debugging interoperability
1543No MTA-STS or DANE verification is done.
1545Hint: Use "mox -loglevel trace smtp dial ..." to see the protocol messages
1546exchanged during connection set up.
1548 usage: mox smtp dial host[:port]
1549 -ehlohostname string
1550 our hostname to use during the SMTP EHLO command
1552 use TLS, even if remote SMTP server does not announce STARTTLS extension
1555 -remotehostname string
1556 remote hostname to use for TLS verification, if enabled; the hostname from the parameter is used by default
1558 path to root ca certificates in pem form, for verification
1559 -tlsciphersuites string
1560 ciphersuites to allow, comma-separated, order is ignored, only for TLS 1.2 and earlier, empty value uses TLS stack defaults; values: tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, and insecure: tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_rc4_128_sha, tls_ecdhe_rsa_with_3des_ede_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_rc4_128_sha, tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_256_gcm_sha384, tls_rsa_with_rc4_128_sha
1562 tls ecc key exchange mechanisms to allow, comma-separated, order is ignored, empty value uses TLS stack defaults; values: curvep256, curvep384, curvep521, x25519, x25519mlkem768
1563 -tlsnodynamicrecordsizing
1564 disable TLS dynamic record sizing
1565 -tlsnosessiontickets
1566 disable TLS session tickets
1567 -tlsrenegotiation string
1568 when to allow renegotiation; only applies to tls1.2 and earlier, not tls1.3; values: never, once, always (default "never")
1570 verify remote hostname during TLS
1571 -tlsversionmax string
1572 maximum TLS version, empty value uses TLS stack default; values: tls1.2, etc.
1573 -tlsversionmin string
1574 minimum TLS version, empty value uses TLS stack default; values: tls1.2, etc.
1578Check the status of IP for the policy published in DNS for the domain.
1580IPs may be allowed to send for a domain, or disallowed, and several shades in
1581between. If not allowed, an explanation may be provided by the policy. If so,
1582the explanation is printed. The SPF mechanism that matched (if any) is also
1585 usage: mox spf check domain ip
1589Lookup the SPF record for the domain and print it.
1591 usage: mox spf lookup domain
1595Parse the record as SPF record. If valid, nothing is printed.
1597 usage: mox spf parse txtrecord
1601Lookup the TLSRPT record for the domain.
1603A TLSRPT record typically contains an email address where reports about TLS
1604connectivity should be sent. Mail servers attempting delivery to our domain
1605should attempt to use TLS. TLSRPT lets them report how many connection
1606successfully used TLS, and how what kind of errors occurred otherwise.
1608 usage: mox tlsrpt lookup domain
1610# mox tlsrpt parsereportmsg
1612Parse and print the TLSRPT in the message.
1614The report is printed in formatted JSON.
1616 usage: mox tlsrpt parsereportmsg message ...
1620Prints this mox version.
1626Lists available methods, prints request/response parameters for method, or calls a method with a request read from standard input.
1628 usage: mox webapi [method [baseurl-with-credentials]
1632List available examples, or print a specific example.
1634 usage: mox example [name]
1636# mox bumpuidvalidity
1638Change the IMAP UID validity of the mailbox, causing IMAP clients to refetch messages.
1640This can be useful after manually repairing metadata about the account/mailbox.
1642Opens account database file directly. Ensure mox does not have the account
1643open, or is not running.
1645 usage: mox bumpuidvalidity account [mailbox]
1649Reassign UIDs in one mailbox or all mailboxes in an account and bump UID validity, causing IMAP clients to refetch messages.
1651Opens account database file directly. Ensure mox does not have the account
1652open, or is not running.
1654 usage: mox reassignuids account [mailboxid]
1658Fix inconsistent UIDVALIDITY and UIDNEXT in messages/mailboxes/account.
1660The next UID to use for a message in a mailbox should always be higher than any
1661existing message UID in the mailbox. If it is not, the mailbox UIDNEXT is
1664Each mailbox has a UIDVALIDITY sequence number, which should always be lower
1665than the per-account next UIDVALIDITY to use. If it is not, the account next
1666UIDVALIDITY is updated.
1668Opens account database file directly. Ensure mox does not have the account
1669open, or is not running.
1671 usage: mox fixuidmeta account
1675Ensure message sizes in the database matching the sum of the message prefix length and on-disk file size.
1677Messages with an inconsistent size are also parsed again.
1679If an inconsistency is found, you should probably also run "mox
1680bumpuidvalidity" on the mailboxes or entire account to force IMAP clients to
1683 usage: mox fixmsgsize [account]
1687Parse all messages in the account or all accounts again.
1689Can be useful after upgrading mox with improved message parsing. Messages are
1690parsed in batches, so other access to the mailboxes/messages are not blocked
1691while reparsing all messages.
1693 usage: mox reparse [account]
1697Ensure messages in the database have a pre-parsed MIME form in the database.
1699 usage: mox ensureparsed account
1701 store new parsed message for all messages
1703# mox recalculatemailboxcounts
1705Recalculate message counts for all mailboxes in the account, and total message size for quota.
1707When a message is added to/removed from a mailbox, or when message flags change,
1708the total, unread, unseen and deleted messages are accounted, the total size of
1709the mailbox, and the total message size for the account. In case of a bug in
1710this accounting, the numbers could become incorrect. This command will find, fix
1713 usage: mox recalculatemailboxcounts account
1717Parse message, print JSON representation.
1719 usage: mox message parse message.eml
1721 check if message needs smtputf8
1723# mox reassignthreads
1725Reassign message threads.
1727For all accounts, or optionally only the specified account.
1729Threading for all messages in an account is first reset, and new base subject
1730and normalized message-id saved with the message. Then all messages are
1731evaluated and matched against their parents/ancestors.
1733Messages are matched based on the References header, with a fall-back to an
1734In-Reply-To header, and if neither is present/valid, based only on base
1737A References header typically points to multiple previous messages in a
1738hierarchy. From oldest ancestor to most recent parent. An In-Reply-To header
1739would have only a message-id of the parent message.
1741A message is only linked to a parent/ancestor if their base subject is the
1742same. This ensures unrelated replies, with a new subject, are placed in their
1745The base subject is lower cased, has whitespace collapsed to a single
1746space, and some components removed: leading "Re:", "Fwd:", "Fw:", or bracketed
1747tag (that mailing lists often add, e.g. "[listname]"), trailing "(fwd)", or
1748enclosing "[fwd: ...]".
1750Messages are linked to all their ancestors. If an intermediate parent/ancestor
1751message is deleted in the future, the message can still be linked to the earlier
1752ancestors. If the direct parent already wasn't available while matching, this is
1753stored as the message having a "missing link" to its stored ancestors.
1755 usage: mox reassignthreads [account]
1759// NOTE: DO NOT EDIT, this file is generated by gendoc.sh.