2Command mox is a modern, secure, full-featured, open source mail server for
3low-maintenance self-hosted email.
5Mox is started with the "serve" subcommand, but mox also has many other
8Many of those commands talk to a running mox instance, through the ctl file in
9the data directory. Specify the configuration file (that holds the path to the
10data directory) through the -config flag or MOXCONF environment variable.
12Commands that don't talk to a running mox instance are often for
13testing/debugging email functionality. For example for parsing an email message,
14or looking up SPF/DKIM/DMARC records.
16Below is the usage information as printed by the command when started without
17any parameters. Followed by the help and usage information for each command.
21 mox [-config config/mox.conf] [-pedantic] ...
23 mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
25 mox setaccountpassword account
27 mox loglevels [level [pkg]]
28 mox queue holdrules list
29 mox queue holdrules add [ruleflags]
30 mox queue holdrules remove ruleid
31 mox queue list [filtersortflags]
32 mox queue hold [filterflags]
33 mox queue unhold [filterflags]
34 mox queue schedule [filterflags] [-now] duration
35 mox queue transport [filterflags] transport
36 mox queue requiretls [filterflags] {yes | no | default}
37 mox queue fail [filterflags]
38 mox queue drop [filterflags]
40 mox queue retired list [filtersortflags]
41 mox queue retired print id
42 mox queue suppress list [-account account]
43 mox queue suppress add account address
44 mox queue suppress remove account address
45 mox queue suppress lookup [-account account] address
46 mox queue webhook list [filtersortflags]
47 mox queue webhook schedule [filterflags] duration
48 mox queue webhook cancel [filterflags]
49 mox queue webhook print id
50 mox queue webhook retired list [filtersortflags]
51 mox queue webhook retired print id
52 mox import maildir accountname mailboxname maildir
53 mox import mbox accountname mailboxname mbox
54 mox export maildir [-single] dst-dir account-path [mailbox]
55 mox export mbox [-single] dst-dir account-path [mailbox]
57 mox help [command ...]
59 mox verifydata data-dir
62 mox config dnscheck domain
63 mox config dnsrecords domain
64 mox config describe-domains >domains.conf
65 mox config describe-static >mox.conf
66 mox config account list
67 mox config account add account address
68 mox config account rm account
69 mox config account disable account message
70 mox config account enable account
71 mox config address add address account
72 mox config address rm address
73 mox config domain add [-disabled] domain account [localpart]
74 mox config domain rm domain
75 mox config domain disable domain
76 mox config domain enable domain
77 mox config tlspubkey list [account]
78 mox config tlspubkey get fingerprint
79 mox config tlspubkey add address [name] < cert.pem
80 mox config tlspubkey rm fingerprint
81 mox config tlspubkey gen stem
82 mox config alias list domain
83 mox config alias print alias
84 mox config alias add alias@domain rcpt1@domain ...
85 mox config alias update alias@domain [-postpublic false|true -listmembers false|true -allowmsgfrom false|true]
86 mox config alias rm alias@domain
87 mox config alias addaddr alias@domain rcpt1@domain ...
88 mox config alias rmaddr alias@domain rcpt1@domain ...
89 mox config describe-sendmail >/etc/moxsubmit.conf
90 mox config printservice >mox.service
91 mox config ensureacmehostprivatekeys
92 mox config example [name]
93 mox admin imapserve preauth-address
96 mox clientconfig domain
97 mox dane dial host:port
98 mox dane dialmx domain [destination-host]
99 mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
100 mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
101 mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
102 mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
103 mox dkim lookup selector domain
104 mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
105 mox dkim verify message
106 mox dkim sign message
107 mox dmarc lookup domain
108 mox dmarc parsereportmsg message ...
109 mox dmarc verify remoteip mailfromaddress helodomain < message
110 mox dmarc checkreportaddrs domain
111 mox dnsbl check zone ip
112 mox dnsbl checkhealth zone
113 mox mtasts lookup domain
114 mox rdap domainage domain
115 mox retrain [accountname]
116 mox sendmail [-Fname] [ignoredflags] [-t] [<message]
117 mox spf check domain ip
118 mox spf lookup domain
119 mox spf parse txtrecord
120 mox tlsrpt lookup domain
121 mox tlsrpt parsereportmsg message ...
123 mox webapi [method [baseurl-with-credentials]
125 mox bumpuidvalidity account [mailbox]
126 mox reassignuids account [mailboxid]
127 mox fixuidmeta account
128 mox fixmsgsize [account]
129 mox reparse [account]
130 mox ensureparsed account
131 mox recalculatemailboxcounts account
132 mox message parse message.eml
133 mox reassignthreads [account]
137Start mox, serving SMTP/IMAP/HTTPS.
139Incoming email is accepted over SMTP. Email can be retrieved by users using
140IMAP. HTTP listeners are started for the admin/account web interfaces, and for
141automated TLS configuration. Missing essential TLS certificates are immediately
142requested, other TLS certificates are requested on demand.
144Only implemented on unix systems, not Windows.
150Quickstart generates configuration files and prints instructions to quickly set up a mox instance.
152Quickstart writes configuration files, prints initial admin and account
153passwords, DNS records you should create. If you run it on Linux it writes a
154systemd service file and prints commands to enable and start mox as service.
156All output is written to quickstart.log for later reference.
158The user or uid is optional, defaults to "mox", and is the user or uid/gid mox
159will run as after initialization.
161Quickstart assumes mox will run on the machine you run quickstart on and uses
162its host name and public IPs. On many systems the hostname is not a fully
163qualified domain name, but only the first dns "label", e.g. "mail" in case of
164"mail.example.org". If so, quickstart does a reverse DNS lookup to find the
165hostname, and as fallback uses the label plus the domain of the email address
166you specified. Use flag -hostname to explicitly specify the hostname mox will
169Mox is by far easiest to operate if you let it listen on port 443 (HTTPS) and
17080 (HTTP). TLS will be fully automatic with ACME with Let's Encrypt.
172You can run mox along with an existing webserver, but because of MTA-STS and
173autoconfig, you'll need to forward HTTPS traffic for two domains to mox. Run
174"mox quickstart -existing-webserver ..." to generate configuration files and
175instructions for configuring mox along with an existing webserver.
177But please first consider configuring mox on port 443. It can itself serve
178domains with HTTP/HTTPS, including with automatic TLS with ACME, is easily
179configured through both configuration files and admin web interface, and can act
180as a reverse proxy (and static file server for that matter), so you can forward
181traffic to your existing backend applications. Look for "WebHandlers:" in the
182output of "mox config describe-domains" and see the output of
183"mox config example webhandlers".
185 usage: mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
187 use if a webserver is already running, so mox won't listen on port 80 and 443; you'll have to provide tls certificates/keys, and configure the existing webserver as reverse proxy, forwarding requests to mox.
189 hostname mox will run on, by default the hostname of the machine quickstart runs on; if specified, the IPs for the hostname are configured for the public listener
191 skip check for outgoing smtp (port 25) connectivity or for domain age with rdap
195Shut mox down, giving connections maximum 3 seconds to stop before closing them.
197While shutting down, new IMAP and SMTP connections will get a status response
198indicating temporary unavailability. Existing connections will get a 3 second
199period to finish their transaction and shut down. Under normal circumstances,
200only IMAP has long-living connections, with the IDLE command to get notified of
205# mox setaccountpassword
207Set new password an account.
209The password is read from stdin. Secrets derived from the password, but not the
210password itself, are stored in the account database. The stored secrets are for
211authentication with: scram-sha-256, scram-sha-1, cram-md5, plain text (bcrypt
214The parameter is an account name, as configured under Accounts in domains.conf
215and as present in the data/accounts/ directory, not a configured email address
218 usage: mox setaccountpassword account
220# mox setadminpassword
222Set a new admin password, for the web interface.
224The password is read from stdin. Its bcrypt hash is stored in a file named
225"adminpasswd" in the configuration directory.
227 usage: mox setadminpassword
231Print the log levels, or set a new default log level, or a level for the given package.
233By default, a single log level applies to all logging in mox. But for each
234"pkg", an overriding log level can be configured. Examples of packages:
235smtpserver, smtpclient, queue, imapserver, spf, dkim, dmarc, junk, message,
238Specify a pkg and an empty level to clear the configured level for a package.
240Valid labels: error, info, debug, trace, traceauth, tracedata.
242 usage: mox loglevels [level [pkg]]
244# mox queue holdrules list
246List hold rules for the delivery queue.
248Messages submitted to the queue that match a hold rule will be marked as on hold
249and not scheduled for delivery.
251 usage: mox queue holdrules list
253# mox queue holdrules add
255Add hold rule for the delivery queue.
257Add a hold rule to mark matching newly submitted messages as on hold. Set the
258matching rules with the flags. Don't specify any flags to match all submitted
261 usage: mox queue holdrules add [ruleflags]
263 account submitting the message
269# mox queue holdrules remove
271Remove hold rule for the delivery queue.
273Remove a hold rule by its id.
275 usage: mox queue holdrules remove ruleid
279List matching messages in the delivery queue.
281Prints the message with its ID, last and next delivery attempts, last error.
283 usage: mox queue list [filtersortflags]
285 account that queued the message
287 sort ascending instead of descending (default)
289 from address of message, use "@example.com" to match all messages for a domain
291 true or false, whether to match only messages that are (not) on hold
293 comma-separated list of message IDs
295 number of messages to return
297 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
299 field to sort by, "nextattempt" (default) or "queued"
301 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
303 recipient address of message, use "@example.com" to match all messages for a domain
305 transport to use for messages, empty string sets the default behaviour
309Mark matching messages on hold.
311Messages that are on hold are not delivered until marked as off hold again, or
312otherwise handled by the admin.
314 usage: mox queue hold [filterflags]
316 account that queued the message
318 from address of message, use "@example.com" to match all messages for a domain
320 true or false, whether to match only messages that are (not) on hold
322 comma-separated list of message IDs
324 number of messages to return
326 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
328 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
330 recipient address of message, use "@example.com" to match all messages for a domain
332 transport to use for messages, empty string sets the default behaviour
336Mark matching messages off hold.
338Once off hold, messages can be delivered according to their current next
339delivery attempt. See the "queue schedule" command.
341 usage: mox queue unhold [filterflags]
343 account that queued the message
345 from address of message, use "@example.com" to match all messages for a domain
347 true or false, whether to match only messages that are (not) on hold
349 comma-separated list of message IDs
351 number of messages to return
353 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
355 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
357 recipient address of message, use "@example.com" to match all messages for a domain
359 transport to use for messages, empty string sets the default behaviour
363Change next delivery attempt for matching messages.
365The next delivery attempt is adjusted by the duration parameter. If the -now
366flag is set, the new delivery attempt is set to the duration added to the
367current time, instead of added to the current scheduled time.
369Schedule immediate delivery with "mox queue schedule -now 0".
371 usage: mox queue schedule [filterflags] [-now] duration
373 account that queued the message
375 from address of message, use "@example.com" to match all messages for a domain
377 true or false, whether to match only messages that are (not) on hold
379 comma-separated list of message IDs
381 number of messages to return
383 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
385 schedule for duration relative to current time instead of relative to current next delivery attempt for messages
387 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
389 recipient address of message, use "@example.com" to match all messages for a domain
391 transport to use for messages, empty string sets the default behaviour
395Set transport for matching messages.
397By default, the routing rules determine how a message is delivered. The default
398and common case is direct delivery with SMTP. Messages can get a previously
399configured transport assigned to use for delivery, e.g. using submission to
400another mail server or with connections over a SOCKS proxy.
402 usage: mox queue transport [filterflags] transport
404 account that queued the message
406 from address of message, use "@example.com" to match all messages for a domain
408 true or false, whether to match only messages that are (not) on hold
410 comma-separated list of message IDs
412 number of messages to return
414 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
416 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
418 recipient address of message, use "@example.com" to match all messages for a domain
420 transport to use for messages, empty string sets the default behaviour
422# mox queue requiretls
424Set TLS requirements for delivery of matching messages.
426Value "yes" is handled as if the RequireTLS extension was specified during
429Value "no" is handled as if the message has a header "TLS-Required: No". This
430header is not added by the queue. If messages without this header are relayed
431through other mail servers they will apply their own default TLS policy.
433Value "default" is the default behaviour, currently for unverified opportunistic
436 usage: mox queue requiretls [filterflags] {yes | no | default}
438 account that queued the message
440 from address of message, use "@example.com" to match all messages for a domain
442 true or false, whether to match only messages that are (not) on hold
444 comma-separated list of message IDs
446 number of messages to return
448 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
450 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
452 recipient address of message, use "@example.com" to match all messages for a domain
454 transport to use for messages, empty string sets the default behaviour
458Fail delivery of matching messages, delivering DSNs.
460Failing a message is handled similar to how delivery is given up after all
461delivery attempts failed. The DSN (delivery status notification) message
462contains a line saying the message was canceled by the admin.
464 usage: mox queue fail [filterflags]
466 account that queued the message
468 from address of message, use "@example.com" to match all messages for a domain
470 true or false, whether to match only messages that are (not) on hold
472 comma-separated list of message IDs
474 number of messages to return
476 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
478 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
480 recipient address of message, use "@example.com" to match all messages for a domain
482 transport to use for messages, empty string sets the default behaviour
486Remove matching messages from the queue.
488Dangerous operation, this completely removes the message. If you want to store
489the message, use "queue dump" before removing.
491 usage: mox queue drop [filterflags]
493 account that queued the message
495 from address of message, use "@example.com" to match all messages for a domain
497 true or false, whether to match only messages that are (not) on hold
499 comma-separated list of message IDs
501 number of messages to return
503 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
505 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
507 recipient address of message, use "@example.com" to match all messages for a domain
509 transport to use for messages, empty string sets the default behaviour
513Dump a message from the queue.
515The message is printed to stdout and is in standard internet mail format.
517 usage: mox queue dump id
519# mox queue retired list
521List matching messages in the retired queue.
523Prints messages with their ID and results.
525 usage: mox queue retired list [filtersortflags]
527 account that queued the message
529 sort ascending instead of descending (default)
531 from address of message, use "@example.com" to match all messages for a domain
533 comma-separated list of retired message IDs
535 filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
537 number of messages to return
539 "success" or "failure" as result of delivery
541 field to sort by, "lastactivity" (default) or "queued"
543 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
545 recipient address of message, use "@example.com" to match all messages for a domain
547 transport to use for messages, empty string sets the default behaviour
549# mox queue retired print
551Print a message from the retired queue.
553Prints a JSON representation of the information from the retired queue.
555 usage: mox queue retired print id
557# mox queue suppress list
559Print addresses in suppression list.
561 usage: mox queue suppress list [-account account]
563 only show suppression list for this account
565# mox queue suppress add
567Add address to suppression list for account.
569 usage: mox queue suppress add account address
571# mox queue suppress remove
573Remove address from suppression list for account.
575 usage: mox queue suppress remove account address
577# mox queue suppress lookup
579Check if address is present in suppression list, for any or specific account.
581 usage: mox queue suppress lookup [-account account] address
583 only check address in specified account
585# mox queue webhook list
587List matching webhooks in the queue.
589Prints list of webhooks, their IDs and basic information.
591 usage: mox queue webhook list [filtersortflags]
593 account that queued the message/webhook
595 sort ascending instead of descending (default)
597 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
599 comma-separated list of webhook IDs
601 number of webhooks to return
603 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
605 field to sort by, "nextattempt" (default) or "queued"
607 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
609# mox queue webhook schedule
611Change next delivery attempt for matching webhooks.
613The next delivery attempt is adjusted by the duration parameter. If the -now
614flag is set, the new delivery attempt is set to the duration added to the
615current time, instead of added to the current scheduled time.
617Schedule immediate delivery with "mox queue schedule -now 0".
619 usage: mox queue webhook schedule [filterflags] duration
621 account that queued the message/webhook
623 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
625 comma-separated list of webhook IDs
627 number of webhooks to return
629 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
631 schedule for duration relative to current time instead of relative to current next delivery attempt for webhooks
633 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
635# mox queue webhook cancel
637Fail delivery of matching webhooks.
639 usage: mox queue webhook cancel [filterflags]
641 account that queued the message/webhook
643 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
645 comma-separated list of webhook IDs
647 number of webhooks to return
649 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
651 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
653# mox queue webhook print
655Print details of a webhook from the queue.
657The webhook is printed to stdout as JSON.
659 usage: mox queue webhook print id
661# mox queue webhook retired list
663List matching webhooks in the retired queue.
665Prints list of retired webhooks, their IDs and basic information.
667 usage: mox queue webhook retired list [filtersortflags]
669 account that queued the message/webhook
671 sort ascending instead of descending (default)
673 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
675 comma-separated list of retired webhook IDs
677 filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
679 number of webhooks to return
681 field to sort by, "lastactivity" (default) or "queued"
683 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
685# mox queue webhook retired print
687Print details of a webhook from the retired queue.
689The retired webhook is printed to stdout as JSON.
691 usage: mox queue webhook retired print id
695Import a maildir into an account.
697The mbox/maildir archive is accessed and imported by the running mox process, so
698it must have access to the archive files. The default suggested systemd service
699file isolates mox from most of the file system, with only the "data/" directory
700accessible, so you may want to put the mbox/maildir archive files in a
701directory like "data/import/" to make it available to mox.
703By default, messages will train the junk filter based on their flags and, if
704"automatic junk flags" configuration is set, based on mailbox naming.
706If the destination mailbox is the Sent mailbox, the recipients of the messages
707are added to the message metadata, causing later incoming messages from these
708recipients to be accepted, unless other reputation signals prevent that.
710Users can also import mailboxes/messages through the account web page by
711uploading a zip or tgz file with mbox and/or maildirs.
713Messages are imported even if already present. Importing messages twice will
714result in duplicate messages.
716Mailbox flags, like "seen", "answered", will be imported. An optional
717dovecot-keywords file can specify additional flags, like Forwarded/Junk/NotJunk.
719 usage: mox import maildir accountname mailboxname maildir
723Import an mbox into an account.
725Using mbox is not recommended, maildir is a better defined format.
727The mbox/maildir archive is accessed and imported by the running mox process, so
728it must have access to the archive files. The default suggested systemd service
729file isolates mox from most of the file system, with only the "data/" directory
730accessible, so you may want to put the mbox/maildir archive files in a
731directory like "data/import/" to make it available to mox.
733By default, messages will train the junk filter based on their flags and, if
734"automatic junk flags" configuration is set, based on mailbox naming.
736If the destination mailbox is the Sent mailbox, the recipients of the messages
737are added to the message metadata, causing later incoming messages from these
738recipients to be accepted, unless other reputation signals prevent that.
740Users can also import mailboxes/messages through the account web page by
741uploading a zip or tgz file with mbox and/or maildirs.
743Messages are imported even if already present. Importing messages twice will
744result in duplicate messages.
746 usage: mox import mbox accountname mailboxname mbox
750Export one or all mailboxes from an account in maildir format.
752Export bypasses a running mox instance. It opens the account mailbox/message
753database file directly. This may block if a running mox instance also has the
754database open, e.g. for IMAP connections. To export from a running instance, use
755the accounts web page or webmail.
757 usage: mox export maildir [-single] dst-dir account-path [mailbox]
759 export single mailbox, without any children. disabled if mailbox isn't specified.
763Export messages from one or all mailboxes in an account in mbox format.
765Using mbox is not recommended. Maildir is a better format.
767Export bypasses a running mox instance. It opens the account mailbox/message
768database file directly. This may block if a running mox instance also has the
769database open, e.g. for IMAP connections. To export from a running instance, use
770the accounts web page or webmail.
772For mbox export, "mboxrd" is used where message lines starting with the magic
773"From " string are escaped by prepending a >. All ">*From " are escaped,
774otherwise reconstructing the original could lose a ">".
776 usage: mox export mbox [-single] dst-dir account-path [mailbox]
778 export single mailbox, without any children. disabled if mailbox isn't specified.
782Start a local SMTP/IMAP server that accepts all messages, useful when testing/developing software that sends email.
784Localserve starts mox with a configuration suitable for local email-related
785software development/testing. It listens for SMTP/Submission(s), IMAP(s) and
786HTTP(s), on the regular port numbers + 1000.
788Data is stored in the system user's configuration directory under
789"mox-localserve", e.g. $HOME/.config/mox-localserve/ on linux, but can be
790overridden with the -dir flag. If the directory does not yet exist, it is
791automatically initialized with configuration files, an account with email
792address mox@localhost and password moxmoxmox, and a newly generated self-signed
795Incoming messages are delivered as normal, falling back to accepting and
796delivering to the mox account for unknown addresses.
797Submitted messages are added to the queue, which delivers by ignoring the
798destination servers, always connecting to itself instead.
800Recipient addresses with the following localpart suffixes are handled specially:
802- "temperror": fail with a temporary error code
803- "permerror": fail with a permanent error code
804- [45][0-9][0-9]: fail with the specific error code
805- "timeout": no response (for an hour)
807If the localpart begins with "mailfrom" or "rcptto", the error is returned
808during those commands instead of during "data".
810 usage: mox localserve
812 configuration storage directory (default "$userconfigdir/mox-localserve")
814 write configuration files and exit
816 serve on this ip instead of default 127.0.0.1 and ::1. only used when writing configuration, at first launch.
820Prints help about matching commands.
822If multiple commands match, they are listed along with the first line of their help text.
823If a single command matches, its usage and full help text is printed.
825 usage: mox help [command ...]
829Creates a backup of the config and data directory.
831Backup copies the config directory to <destdir>/config, and creates
832<destdir>/data with a consistent snapshot of the databases and message files
833and copies other files from the data directory. Empty directories are not
834copied. The backup can then be stored elsewhere for long-term storage, or used
835to fall back to should an upgrade fail. Simply copying files in the data
836directory while mox is running can result in unusable database files.
838Message files never change (they are read-only, though can be removed) and are
839hard-linked so they don't consume additional space. If hardlinking fails, for
840example when the backup destination directory is on a different file system, a
841regular copy is made. Using a destination directory like "data/tmp/backup"
842increases the odds hardlinking succeeds: the default systemd service file
843specifically mounts the data directory, causing attempts to hardlink outside it
844to fail with an error about cross-device linking.
846All files in the data directory that aren't recognized (i.e. other than known
847database files, message files, an acme directory, the "tmp" directory, etc),
848are stored, but with a warning.
850Remove files in the destination directory before doing another backup. The
851backup command will not overwrite files, but print and return errors.
853Exit code 0 indicates the backup was successful. A clean successful backup does
854not print any output, but may print warnings. Use the -verbose flag for
855details, including timing.
857To restore a backup, first shut down mox, move away the old data directory and
858move an earlier backed up directory in its place, run "mox verifydata
859<datadir>", possibly with the "-fix" option, and restart mox. After the
860restore, you may also want to run "mox bumpuidvalidity" for each account for
861which messages in a mailbox changed, to force IMAP clients to synchronize
864Before upgrading, to check if the upgrade will likely succeed, first make a
865backup, then use the new mox binary to run "mox verifydata <backupdir>/data".
866This can change the backup files (e.g. upgrade database files, move away
867unrecognized message files), so you should make a new backup before actually
870 usage: mox backup destdir
876Verify the contents of a data directory, typically of a backup.
878Verifydata checks all database files to see if they are valid BoltDB/bstore
879databases. It checks that all messages in the database have a corresponding
880on-disk message file and there are no unrecognized files. If option -fix is
881specified, unrecognized message files are moved away. This may be needed after
882a restore, because messages enqueued or delivered in the future may get those
883message sequence numbers assigned and writing the message file would fail.
884Consistency of message/mailbox UID, UIDNEXT and UIDVALIDITY is verified as
887Because verifydata opens the database files, schema upgrades may automatically
888be applied. This can happen if you use a new mox release. It is useful to run
889"mox verifydata" with a new binary before attempting an upgrade, but only on a
890copy of the database files, as made with "mox backup". Before upgrading, make a
891new backup again since "mox verifydata" may have upgraded the database files,
892possibly making them potentially no longer readable by the previous version.
894 usage: mox verifydata data-dir
896 fix fixable problems, such as moving away message files not referenced by their database
898 skip the check for message size
902Print licenses of mox source code and dependencies.
908Parses and validates the configuration files.
910If valid, the command exits with status 0. If not valid, all errors encountered
913 usage: mox config test
917Check the DNS records with the configuration for the domain, and print any errors/warnings.
919 usage: mox config dnscheck domain
921# mox config dnsrecords
923Prints annotated DNS records as zone file that should be created for the domain.
925The zone file can be imported into existing DNS software. You should review the
926DNS records, especially if your domain previously/currently has email
929 usage: mox config dnsrecords domain
931# mox config describe-domains
933Prints an annotated empty configuration for use as domains.conf.
935The domains configuration file contains the domains and their configuration,
936and accounts and their configuration. This includes the configured email
937addresses. The mox admin web interface, and the mox command line interface, can
938make changes to this file. Mox automatically reloads this file when it changes.
940Like the static configuration, the example domains.conf printed by this command
941needs modifications to make it valid.
943 usage: mox config describe-domains >domains.conf
945# mox config describe-static
947Prints an annotated empty configuration for use as mox.conf.
949The static configuration file cannot be reloaded while mox is running. Mox has
950to be restarted for changes to the static configuration file to take effect.
952This configuration file needs modifications to make it valid. For example, it
953may contain unfinished list items.
955 usage: mox config describe-static >mox.conf
957# mox config account list
961Each account is printed on a line, with optional additional tab-separated
962information, such as "(disabled)".
964 usage: mox config account list
966# mox config account add
968Add an account with an email address and reload the configuration.
970Email can be delivered to this address/account. A password has to be configured
971explicitly, see the setaccountpassword command.
973 usage: mox config account add account address
975# mox config account rm
977Remove an account and reload the configuration.
979Email addresses for this account will also be removed, and incoming email for
980these addresses will be rejected.
982All data for the account will be removed.
984 usage: mox config account rm account
986# mox config account disable
988Disable login for an account, showing message to users when they try to login.
990Incoming email will still be accepted for the account, and queued email from the
991account will still be delivered. No new login sessions are possible.
993Message must be non-empty, ascii-only without control characters including
994newline, and maximum 256 characters because it is used in SMTP/IMAP.
996 usage: mox config account disable account message
998# mox config account enable
1000Enable login again for an account.
1002Login attempts by the user no long result in an error message.
1004 usage: mox config account enable account
1006# mox config address add
1008Adds an address to an account and reloads the configuration.
1010If address starts with a @ (i.e. a missing localpart), this is a catchall
1011address for the domain.
1013 usage: mox config address add address account
1015# mox config address rm
1017Remove an address and reload the configuration.
1019Incoming email for this address will be rejected after removing an address.
1021 usage: mox config address rm address
1023# mox config domain add
1025Adds a new domain to the configuration and reloads the configuration.
1027The account is used for the postmaster mailboxes the domain, including as DMARC and
1028TLS reporting. Localpart is the "username" at the domain for this account. If
1029must be set if and only if account does not yet exist.
1031The domain can be created in disabled mode, preventing automatically requesting
1032TLS certificates with ACME, and rejecting incoming/outgoing messages involving
1033the domain, but allowing further configuration of the domain.
1035 usage: mox config domain add [-disabled] domain account [localpart]
1037 disable the new domain
1039# mox config domain rm
1041Remove a domain from the configuration and reload the configuration.
1043This is a dangerous operation. Incoming email delivery for this domain will be
1046 usage: mox config domain rm domain
1048# mox config domain disable
1050Disable a domain and reload the configuration.
1052This is a dangerous operation. Incoming/outgoing messages involving this domain
1055 usage: mox config domain disable domain
1057# mox config domain enable
1059Enable a domain and reload the configuration.
1061Incoming/outgoing messages involving this domain will be accepted again.
1063 usage: mox config domain enable domain
1065# mox config tlspubkey list
1067List TLS public keys for TLS client certificate authentication.
1069If account is absent, the TLS public keys for all accounts are listed.
1071 usage: mox config tlspubkey list [account]
1073# mox config tlspubkey get
1075Get a TLS public key for a fingerprint.
1077Prints the type, name, account and address for the key, and the certificate in
1080 usage: mox config tlspubkey get fingerprint
1082# mox config tlspubkey add
1084Add a TLS public key to the account of the given address.
1086The public key is read from the certificate.
1088The optional name is a human-readable descriptive name of the key. If absent,
1089the CommonName from the certificate is used.
1091 usage: mox config tlspubkey add address [name] < cert.pem
1093 Don't automatically switch new IMAP connections authenticated with this key to "authenticated" state after the TLS handshake. For working around clients that ignore the untagged IMAP PREAUTH response and try to authenticate while already authenticated.
1095# mox config tlspubkey rm
1097Remove TLS public key for fingerprint.
1099 usage: mox config tlspubkey rm fingerprint
1101# mox config tlspubkey gen
1103Generate an ed25519 private key and minimal certificate for use a TLS public key and write to files starting with stem.
1105The private key is written to $stem.$timestamp.ed25519privatekey.pkcs8.pem.
1106The certificate is written to $stem.$timestamp.certificate.pem.
1107The private key and certificate are also written to
1108$stem.$timestamp.ed25519privatekey-certificate.pem.
1110The certificate can be added to an account with "mox config account tlspubkey add".
1112The combined file can be used with "mox sendmail".
1114The private key is also written to standard error in raw-url-base64-encoded
1115form, also for use with "mox sendmail". The fingerprint is written to standard
1116error too, for reference.
1118 usage: mox config tlspubkey gen stem
1120# mox config alias list
1122Show aliases (lists) for domain.
1124 usage: mox config alias list domain
1126# mox config alias print
1128Print settings and members of alias (list).
1130 usage: mox config alias print alias
1132# mox config alias add
1134Add new alias (list) with one or more addresses and public posting enabled.
1136An alias is used for delivering incoming email to multiple recipients. If you
1137want to add an address to an account, don't use an alias, just add the address
1140 usage: mox config alias add alias@domain rcpt1@domain ...
1142# mox config alias update
1144Update alias (list) configuration.
1146 usage: mox config alias update alias@domain [-postpublic false|true -listmembers false|true -allowmsgfrom false|true]
1147 -allowmsgfrom string
1148 whether alias address can be used in message from header
1150 whether list members can list members
1152 whether anyone or only list members can post
1154# mox config alias rm
1158 usage: mox config alias rm alias@domain
1160# mox config alias addaddr
1162Add addresses to alias (list).
1164 usage: mox config alias addaddr alias@domain rcpt1@domain ...
1166# mox config alias rmaddr
1168Remove addresses from alias (list).
1170 usage: mox config alias rmaddr alias@domain rcpt1@domain ...
1172# mox config describe-sendmail
1174Describe configuration for mox when invoked as sendmail.
1176 usage: mox config describe-sendmail >/etc/moxsubmit.conf
1178# mox config printservice
1180Prints a systemd unit service file for mox.
1182This is the same file as generated using quickstart. If the systemd service file
1183has changed with a newer version of mox, use this command to generate an up to
1186 usage: mox config printservice >mox.service
1188# mox config ensureacmehostprivatekeys
1190Ensure host private keys exist for TLS listeners with ACME.
1192In mox.conf, each listener can have TLS configured. Long-lived private key files
1193can be specified, which will be used when requesting ACME certificates.
1194Configuring these private keys makes it feasible to publish DANE TLSA records
1195for the corresponding public keys in DNS, protected with DNSSEC, allowing TLS
1196certificate verification without depending on a list of Certificate Authorities
1197(CAs). Previous versions of mox did not pre-generate private keys for use with
1198ACME certificates, but would generate private keys on-demand. By explicitly
1199configuring private keys, they will not change automatedly with new
1200certificates, and the DNS TLSA records stay valid.
1202This command looks for listeners in mox.conf with TLS with ACME configured. For
1203each missing host private key (of type rsa-2048 and ecdsa-p256) a key is written
1204to config/hostkeys/. If a certificate exists in the ACME "cache", its private
1205key is copied. Otherwise a new private key is generated. Snippets for manually
1206updating/editing mox.conf are printed.
1208After running this command, and updating mox.conf, run "mox config dnsrecords"
1209for a domain and create the TLSA DNS records it suggests to enable DANE.
1211 usage: mox config ensureacmehostprivatekeys
1215List available config examples, or print a specific example.
1217 usage: mox config example [name]
1219# mox admin imapserve
1221Initiate a preauthenticated IMAP connection on file descriptor 0.
1223For use with tools that can do IMAP over tunneled connections, e.g. with SSH
1224during migrations. TLS is not possible on the connection, and authentication
1225does not require TLS.
1227 usage: mox admin imapserve preauth-address
1229 write IMAP to file descriptor 0 instead of stdout
1233Check if a newer version of mox is available.
1235A single DNS TXT lookup to _updates.xmox.nl tells if a new version is
1236available. If so, a changelog is fetched from https://updates.xmox.nl, and the
1237individual entries verified with a builtin public key. The changelog is
1240 usage: mox checkupdate
1244Turn an ID from a Received header into a cid, for looking up in logs.
1246A cid is essentially a connection counter initialized when mox starts. Each log
1247line contains a cid. Received headers added by mox contain a unique ID that can
1248be decrypted to a cid by admin of a mox instance only.
1254Print the configuration for email clients for a domain.
1256Sending email is typically not done on the SMTP port 25, but on submission
1257ports 465 (with TLS) and 587 (without initial TLS, but usually added to the
1258connection with STARTTLS). For IMAP, the port with TLS is 993 and without is
1261Without TLS/STARTTLS, passwords are sent in clear text, which should only be
1262configured over otherwise secured connections, like a VPN.
1264 usage: mox clientconfig domain
1268Dial the address using TLS with certificate verification using DANE.
1270Data is copied between connection and stdin/stdout until either side closes the
1273 usage: mox dane dial host:port
1275 allowed usages for dane, comma-separated list (default "pkix-ta,pkix-ee,dane-ta,dane-ee")
1279Connect to MX server for domain using STARTTLS verified with DANE.
1281If no destination host is specified, regular delivery logic is used to find the
1282hosts to attempt delivery too. This involves following CNAMEs for the domain,
1283looking up MX records, and possibly falling back to the domain name itself as
1286If a destination host is specified, that is the only candidate host considered
1289With a list of destinations gathered, each is dialed until a successful SMTP
1290session verified with DANE has been initialized, including EHLO and STARTTLS
1293Once connected, data is copied between connection and stdin/stdout, until
1294either side closes the connection.
1296This command follows the same logic as delivery attempts made from the queue,
1297sharing most of its code.
1299 usage: mox dane dialmx domain [destination-host]
1300 -ehlohostname string
1301 hostname to send in smtp ehlo command (default "localhost")
1303# mox dane makerecord
1305Print TLSA record for given certificate/key and parameters.
1308- usage: pkix-ta (0), pkix-ee (1), dane-ta (2), dane-ee (3)
1309- selector: cert (0), spki (1)
1310- matchtype: full (0), sha2-256 (1), sha2-512 (2)
1312Common DANE TLSA record parameters are: dane-ee spki sha2-256, or 3 1 1,
1313followed by a sha2-256 hash of the DER-encoded "SPKI" (subject public key info)
1314from the certificate. An example DNS zone file entry:
1316 _25._tcp.example.com. TLSA 3 1 1 133b919c9d65d8b1488157315327334ead8d83372db57465ecabf53ee5748aee
1318The first usable information from the pem file is used to compose the TLSA
1319record. In case of selector "cert", a certificate is required. Otherwise the
1320"subject public key info" (spki) of the first certificate or public or private
1321key (pkcs#8, pkcs#1 or ec private key) is used.
1323 usage: mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
1327Lookup DNS name of given type.
1329Lookup always prints whether the response was DNSSEC-protected.
1333mox dns lookup ptr 1.1.1.1
1334mox dns lookup mx xmox.nl
1335mox dns lookup txt _dmarc.xmox.nl.
1336mox dns lookup tlsa _25._tcp.xmox.nl
1338 usage: mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
1340# mox dkim gened25519
1342Generate a new ed25519 key for use with DKIM.
1344Ed25519 keys are much smaller than RSA keys of comparable cryptographic
1345strength. This is convenient because of maximum DNS message sizes. At the time
1346of writing, not many mail servers appear to support ed25519 DKIM keys though,
1347so it is recommended to sign messages with both RSA and ed25519 keys.
1349 usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
1353Generate a new 2048 bit RSA private key for use with DKIM.
1355The generated file is in PEM format, and has a comment it is generated for use
1358 usage: mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
1362Lookup and print the DKIM record for the selector at the domain.
1364 usage: mox dkim lookup selector domain
1368Print a DKIM DNS TXT record with the public key derived from the private key read from stdin.
1370The DNS should be configured as a TXT record at $selector._domainkey.$domain.
1372 usage: mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
1376Verify the DKIM signatures in a message and print the results.
1378The message is parsed, and the DKIM-Signature headers are validated. Validation
1379of older messages may fail because the DNS records have been removed or changed
1380by now, or because the signature header may have specified an expiration time
1383 usage: mox dkim verify message
1387Sign a message, adding DKIM-Signature headers based on the domain in the From header.
1389The message is parsed, the domain looked up in the configuration files, and
1390DKIM-Signature headers generated. The message is printed with the DKIM-Signature
1393 usage: mox dkim sign message
1397Lookup dmarc policy for domain, a DNS TXT record at _dmarc.<domain>, validate and print it.
1399 usage: mox dmarc lookup domain
1401# mox dmarc parsereportmsg
1403Parse a DMARC report from an email message, and print its extracted details.
1405DMARC reports are periodically mailed, if requested in the DMARC DNS record of
1406a domain. Reports are sent by mail servers that received messages with our
1407domain in a From header. This may or may not be legatimate email. DMARC reports
1408contain summaries of evaluations of DMARC and DKIM/SPF, which can help
1409understand email deliverability problems.
1411 usage: mox dmarc parsereportmsg message ...
1415Parse an email message and evaluate it against the DMARC policy of the domain in the From-header.
1417mailfromaddress and helodomain are used for SPF validation. If both are empty,
1418SPF validation is skipped.
1420mailfromaddress should be the address used as MAIL FROM in the SMTP session.
1421For DSN messages, that address may be empty. The helo domain was specified at
1422the beginning of the SMTP transaction that delivered the message. These values
1423can be found in message headers.
1425 usage: mox dmarc verify remoteip mailfromaddress helodomain < message
1427# mox dmarc checkreportaddrs
1429For each reporting address in the domain's DMARC record, check if it has opted into receiving reports (if needed).
1431A DMARC record can request reports about DMARC evaluations to be sent to an
1432email/http address. If the organizational domains of that of the DMARC record
1433and that of the report destination address do not match, the destination
1434address must opt-in to receiving DMARC reports by creating a DMARC record at
1435<dmarcdomain>._report._dmarc.<reportdestdomain>.
1437 usage: mox dmarc checkreportaddrs domain
1441Test if IP is in the DNS blocklist of the zone, e.g. bl.spamcop.net.
1443If the IP is in the blocklist, an explanation is printed. This is typically a
1444URL with more information.
1446 usage: mox dnsbl check zone ip
1448# mox dnsbl checkhealth
1450Check the health of the DNS blocklist represented by zone, e.g. bl.spamcop.net.
1452The health of a DNS blocklist can be checked by querying for 127.0.0.1 and
1453127.0.0.2. The second must and the first must not be present.
1455 usage: mox dnsbl checkhealth zone
1459Lookup the MTASTS record and policy for the domain.
1461MTA-STS is a mechanism for a domain to specify if it requires TLS connections
1462for delivering email. If a domain has a valid MTA-STS DNS TXT record at
1463_mta-sts.<domain> it signals it implements MTA-STS. A policy can then be
1464fetched at https://mta-sts.<domain>/.well-known/mta-sts.txt. The policy
1465specifies the mode (enforce, testing, none), which MX servers support TLS and
1466should be used, and how long the policy can be cached.
1468 usage: mox mtasts lookup domain
1472Lookup the age of domain in RDAP based on latest registration.
1474RDAP is the registration data access protocol. Registries run RDAP services for
1475their top level domains, providing information such as the registration date of
1476domains. This command looks up the "age" of a domain by looking at the most
1477recent "registration", "reregistration" or "reinstantiation" event.
1479Email messages from recently registered domains are often treated with
1480suspicion, and some mail systems are more likely to classify them as junk.
1482On each invocation, a bootstrap file with a list of registries (of top-level
1483domains) is retrieved, without caching. Do not run this command too often with
1486 usage: mox rdap domainage domain
1490Recreate and retrain the junk filter for the account or all accounts.
1492Useful after having made changes to the junk filter configuration, or if the
1493implementation has changed.
1495 usage: mox retrain [accountname]
1499Sendmail is a drop-in replacement for /usr/sbin/sendmail to deliver emails sent by unix processes like cron.
1501If invoked as "sendmail", it will act as sendmail for sending messages. Its
1502intention is to let processes like cron send emails. Messages are submitted to
1503an actual mail server over SMTP. The destination mail server and credentials are
1504configured in /etc/moxsubmit.conf, see mox config describe-sendmail. The From
1505message header is rewritten to the configured address. When the addressee
1506appears to be a local user, because without @, the message is sent to the
1507configured default address.
1509If submitting an email fails, it is added to a directory moxsubmit.failures in
1510the user's home directory.
1512Most flags are ignored to fake compatibility with other sendmail
1513implementations. A single recipient or the -t flag with a To-header is required.
1514With the -t flag, Cc and Bcc headers are not handled specially, so Bcc is not
1515removed and the addresses do not receive the email.
1517/etc/moxsubmit.conf should be group-readable and not readable by others and this
1518binary should be setgid that group:
1521 install -m 2755 -o root -g moxsubmit mox /usr/sbin/sendmail
1522 touch /etc/moxsubmit.conf
1523 chown root:moxsubmit /etc/moxsubmit.conf
1524 chmod 640 /etc/moxsubmit.conf
1525 # edit /etc/moxsubmit.conf
1528 usage: mox sendmail [-Fname] [ignoredflags] [-t] [<message]
1532Check the status of IP for the policy published in DNS for the domain.
1534IPs may be allowed to send for a domain, or disallowed, and several shades in
1535between. If not allowed, an explanation may be provided by the policy. If so,
1536the explanation is printed. The SPF mechanism that matched (if any) is also
1539 usage: mox spf check domain ip
1543Lookup the SPF record for the domain and print it.
1545 usage: mox spf lookup domain
1549Parse the record as SPF record. If valid, nothing is printed.
1551 usage: mox spf parse txtrecord
1555Lookup the TLSRPT record for the domain.
1557A TLSRPT record typically contains an email address where reports about TLS
1558connectivity should be sent. Mail servers attempting delivery to our domain
1559should attempt to use TLS. TLSRPT lets them report how many connection
1560successfully used TLS, and how what kind of errors occurred otherwise.
1562 usage: mox tlsrpt lookup domain
1564# mox tlsrpt parsereportmsg
1566Parse and print the TLSRPT in the message.
1568The report is printed in formatted JSON.
1570 usage: mox tlsrpt parsereportmsg message ...
1574Prints this mox version.
1580Lists available methods, prints request/response parameters for method, or calls a method with a request read from standard input.
1582 usage: mox webapi [method [baseurl-with-credentials]
1586List available examples, or print a specific example.
1588 usage: mox example [name]
1590# mox bumpuidvalidity
1592Change the IMAP UID validity of the mailbox, causing IMAP clients to refetch messages.
1594This can be useful after manually repairing metadata about the account/mailbox.
1596Opens account database file directly. Ensure mox does not have the account
1597open, or is not running.
1599 usage: mox bumpuidvalidity account [mailbox]
1603Reassign UIDs in one mailbox or all mailboxes in an account and bump UID validity, causing IMAP clients to refetch messages.
1605Opens account database file directly. Ensure mox does not have the account
1606open, or is not running.
1608 usage: mox reassignuids account [mailboxid]
1612Fix inconsistent UIDVALIDITY and UIDNEXT in messages/mailboxes/account.
1614The next UID to use for a message in a mailbox should always be higher than any
1615existing message UID in the mailbox. If it is not, the mailbox UIDNEXT is
1618Each mailbox has a UIDVALIDITY sequence number, which should always be lower
1619than the per-account next UIDVALIDITY to use. If it is not, the account next
1620UIDVALIDITY is updated.
1622Opens account database file directly. Ensure mox does not have the account
1623open, or is not running.
1625 usage: mox fixuidmeta account
1629Ensure message sizes in the database matching the sum of the message prefix length and on-disk file size.
1631Messages with an inconsistent size are also parsed again.
1633If an inconsistency is found, you should probably also run "mox
1634bumpuidvalidity" on the mailboxes or entire account to force IMAP clients to
1637 usage: mox fixmsgsize [account]
1641Parse all messages in the account or all accounts again.
1643Can be useful after upgrading mox with improved message parsing. Messages are
1644parsed in batches, so other access to the mailboxes/messages are not blocked
1645while reparsing all messages.
1647 usage: mox reparse [account]
1651Ensure messages in the database have a pre-parsed MIME form in the database.
1653 usage: mox ensureparsed account
1655 store new parsed message for all messages
1657# mox recalculatemailboxcounts
1659Recalculate message counts for all mailboxes in the account, and total message size for quota.
1661When a message is added to/removed from a mailbox, or when message flags change,
1662the total, unread, unseen and deleted messages are accounted, the total size of
1663the mailbox, and the total message size for the account. In case of a bug in
1664this accounting, the numbers could become incorrect. This command will find, fix
1667 usage: mox recalculatemailboxcounts account
1671Parse message, print JSON representation.
1673 usage: mox message parse message.eml
1675 check if message needs smtputf8
1677# mox reassignthreads
1679Reassign message threads.
1681For all accounts, or optionally only the specified account.
1683Threading for all messages in an account is first reset, and new base subject
1684and normalized message-id saved with the message. Then all messages are
1685evaluated and matched against their parents/ancestors.
1687Messages are matched based on the References header, with a fall-back to an
1688In-Reply-To header, and if neither is present/valid, based only on base
1691A References header typically points to multiple previous messages in a
1692hierarchy. From oldest ancestor to most recent parent. An In-Reply-To header
1693would have only a message-id of the parent message.
1695A message is only linked to a parent/ancestor if their base subject is the
1696same. This ensures unrelated replies, with a new subject, are placed in their
1699The base subject is lower cased, has whitespace collapsed to a single
1700space, and some components removed: leading "Re:", "Fwd:", "Fw:", or bracketed
1701tag (that mailing lists often add, e.g. "[listname]"), trailing "(fwd)", or
1702enclosing "[fwd: ...]".
1704Messages are linked to all their ancestors. If an intermediate parent/ancestor
1705message is deleted in the future, the message can still be linked to the earlier
1706ancestors. If the direct parent already wasn't available while matching, this is
1707stored as the message having a "missing link" to its stored ancestors.
1709 usage: mox reassignthreads [account]
1713// NOTE: DO NOT EDIT, this file is generated by gendoc.sh.