<html lang="en">
<head>
<title>mpop 1.0.23</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="mpop 1.0.23">
<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<!--
This manual was last updated January 17, 2011 for version
1.0.23 of mpop.
Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011 Martin Lambers
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software
Foundation; with no Invariant Sections, no Front-Cover Texts, and
no Back-Cover Texts. A copy of the license is included in the
section entitled "GNU Free Documentation License".
-->
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
pre.display { font-family:inherit }
pre.format { font-family:inherit }
pre.smalldisplay { font-family:inherit; font-size:smaller }
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
span.sc { font-variant:small-caps }
span.roman { font-family:serif; font-weight:normal; }
span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<h1 class="settitle">mpop 1.0.23</h1>
<div class="contents">
<h2>Table of Contents</h2>
<ul>
<li><a name="toc_Top" href="#Top">mpop</a>
<li><a name="toc_Introduction" href="#Introduction">1 Introduction</a>
<li><a name="toc_Configuration-file" href="#Configuration-file">2 Configuration file</a>
<ul>
<li><a href="#Configuration-file">2.1 General commands</a>
<li><a href="#Configuration-file">2.2 Authentication commands</a>
<li><a href="#Configuration-file">2.3 TLS commands</a>
<li><a href="#Configuration-file">2.4 Commands specific to mail retrieval mode</a>
</li></ul>
<li><a name="toc_Invocation" href="#Invocation">3 Invocation</a>
<ul>
<li><a href="#Invocation">3.1 Synopsis</a>
<li><a href="#Invocation">3.2 Exit code</a>
<li><a href="#Invocation">3.3 Environment / Files</a>
<li><a href="#Invocation">3.4 Options</a>
<ul>
<li><a href="#Invocation">3.4.1 General options</a>
<li><a href="#Invocation">3.4.2 Changing the mode of operation</a>
<li><a href="#Invocation">3.4.3 Configuration options</a>
<li><a href="#Invocation">3.4.4 Options specific to mail retrieval mode</a>
</li></ul>
</li></ul>
<li><a name="toc_Transport-Layer-Security" href="#Transport-Layer-Security">4 Transport Layer Security</a>
<li><a name="toc_Authentication" href="#Authentication">5 Authentication</a>
<li><a name="toc_Pipelining" href="#Pipelining">6 Pipelining</a>
<li><a name="toc_Defective-POP3-servers" href="#Defective-POP3-servers">7 Defective POP3 servers</a>
<li><a name="toc_Mail-retrieval-mode" href="#Mail-retrieval-mode">8 Mail retrieval mode</a>
<li><a name="toc_Server-information-mode" href="#Server-information-mode">9 Server information mode</a>
<li><a name="toc_Filtering" href="#Filtering">10 Filtering</a>
<li><a name="toc_Examples" href="#Examples">11 Examples</a>
<ul>
<li><a href="#A-configuration-file">11.1 A configuration file</a>
<li><a href="#Filtering-with-SpamAssassin">11.2 Filtering with SpamAssassin</a>
</li></ul>
<li><a name="toc_Development" href="#Development">12 Development</a>
<li><a name="toc_Copying-Information" href="#Copying-Information">Appendix A Copying Information</a>
<ul>
<li><a href="#GNU-Free-Documentation-License">GNU Free Documentation License</a>
<li><a href="#GNU-GPL">GNU GPL</a>
</li></ul>
</li></ul>
</div>
<div class="node">
<a name="Top"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Introduction">Introduction</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
</div>
<h2 class="unnumbered">mpop</h2>
<p>This manual was last updated January 17, 2011 for version
1.0.23 of mpop.
<p>Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011 Martin Lambers
<blockquote>
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
copy of the license is included in the section entitled “GNU Free
Documentation License”.
</blockquote>
<ul class="menu">
<li><a accesskey="1" href="#Introduction">Introduction</a>: Basic concepts.
<li><a accesskey="2" href="#Configuration-file">Configuration file</a>: Configuration file commands.
<li><a accesskey="3" href="#Invocation">Invocation</a>: Command line options.
<li><a accesskey="4" href="#Transport-Layer-Security">Transport Layer Security</a>: How to use TLS/SSL.
<li><a accesskey="5" href="#Authentication">Authentication</a>: How to use authentication.
<li><a accesskey="6" href="#Pipelining">Pipelining</a>: How to use POP3 pipelining.
<li><a accesskey="7" href="#Defective-POP3-servers">Defective POP3 servers</a>: Common defects of POP3 servers.
<li><a accesskey="8" href="#Mail-retrieval-mode">Mail retrieval mode</a>: How to retrieve mail.
<li><a accesskey="9" href="#Filtering">Filtering</a>: How to filter mails.
<li><a href="#Server-information-mode">Server information mode</a>: How to obtain information about
an POP3 server.
<li><a href="#Examples">Examples</a>: Usage examples.
<li><a href="#Development">Development</a>: About the development process.
<li><a href="#Copying-Information">Copying Information</a>: How you can copy and share mpop.
</ul>
<div class="node">
<a name="Introduction"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Configuration-file">Configuration file</a>,
Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">1 Introduction</h2>
<p>mpop is a POP3 client.
<p>In its default mode of operation, it retrieves mails from one or more POP3
mailboxes, optionally does some filtering, and delivers them through a mail
delivery agent (MDA) or to maildir folders, mbox files, or Exchange pickup
directories. Mails that were successfully delivered before will not be
retrieved a second time, even if errors occur or mpop is terminated in the
middle of a session.
<p>The best way to start is probably to have a look at the Examples section.
See <a href="#Examples">Examples</a>.
<p>In addition to the mail retrieval mode, mpop can be used in server information
mode. In this mode, mpop prints as much information as it can get about a given
POP3 server (greeting, supported features, login delay, maximum mail size,
<small class="dots">...</small>).
<p>Normally, a configuration file contains information about which POP3 server to
use and how to use it, but almost all settings can also be configured on the
command line.
<p>POP3 server information is organized in accounts. Each account describes one
POP3 server: host name, authentication settings, TLS settings, and so on.
Each configuration file can define multiple accounts.
<p>Supported features include:
<ul>
<li>Header based mail filtering: filter junk mail before downloading it
<li>Delivery to maildir folders, mbox files, Exchange pickup directories,
or a mail delivery agent (MDA)
<li>Very fast POP3 implementation, using command pipelining
<li>Authentication methods USER/PASS, APOP, PLAIN, LOGIN and CRAM-MD5 (and
GSSAPI, SCRAM-SHA-1, DIGEST-MD5, and NTLM when GNU SASL is used)
<li>TLS encrypted connections (including server certificate verification and
the possibility to send a client certificate)
<li>Support for Internationalized Domain Names (IDN)
<li>IPv6 support
<li>support for multiple accounts
</ul>
<div class="node">
<a name="Configuration-file"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Invocation">Invocation</a>,
Previous: <a rel="previous" accesskey="p" href="#Introduction">Introduction</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">2 Configuration file</h2>
<p>If it exists and is readable, a user configuration file will be loaded
(<code>~/.mpoprc</code> by default). This file must have no more permissions
than user read/write. Configuration file settings can be changed by command
line options.
<p>A configuration file is a simple text file. Empty lines and comment lines
(whose first non-blank character is '#') are ignored. Every other line must
contain a command and may contain an argument to that command.
The argument may be enclosed in double quotes (").
<p>If the first character of a filename is the tilde (~), this tilde will be
replaced by <code>$HOME</code>.
<p>If a command accepts the argument ‘<samp><span class="samp">on</span></samp>’, it also accepts an empty argument
and treats that as if it was ‘<samp><span class="samp">on</span></samp>’.
<p>Commands form groups. Each group starts with the ‘<samp><span class="samp">account</span></samp>’ command and
defines the settings for one POP3 server.
<p>See <a href="#Examples">Examples</a>.
<h3 class="section">2.1 General commands</h3>
<dl>
<a name="defaults"></a><dt>‘<samp><span class="samp">defaults</span></samp>’<dd><a name="index-defaults-1"></a>Set defaults. The following configuration commands will set default values for
all following account definitions.
<a name="account"></a><br><dt>‘<samp><span class="samp">account </span><var>name</var><span class="samp"> [ : </span><var>account</var><span class="samp">[,...] ]</span></samp>’<dd><a name="index-account-2"></a>Start a new account definition with the given name. The current default values
are filled in (see <a href="#defaults">defaults</a>).<br>
If a colon and a list of previously defined accounts is given after the account
name, the new account, with the filled in default values, will inherit all
settings from the accounts in the list.
<a name="host"></a><br><dt>‘<samp><span class="samp">host </span><var>hostname</var></samp>’<dd><a name="index-host-3"></a>The POP3 server to retrieve mails from.
The argument may be a host name or a network address.
Every account definition must contain this command.
<a name="port"></a><br><dt>‘<samp><span class="samp">port </span><var>number</var></samp>’<dd><a name="index-port-4"></a>The port that the POP3 server listens on. The default is 110, unless TLS without
STARTTLS is used, in which case it is 995.
<a name="timeout"></a><br><dt>‘<samp><span class="samp">timeout (off|</span><var>seconds</var><span class="samp">)</span></samp>’<dd><a name="index-timeout-5"></a>Set or unset a network timeout, in seconds. The default is 180 seconds. The
argument ‘<samp><span class="samp">off</span></samp>’ means that no timeout will be set, which means that the
operating system default will be used.
<a name="pipelining"></a><br><dt>‘<samp><span class="samp">pipelining (auto|on|off)</span></samp>’<dd><a name="index-pipelining-6"></a>Enable or disable POP3 pipelining. The default is ‘<samp><span class="samp">auto</span></samp>’, which means that
mpop enables pipelining for POP3 servers that advertize this capability, and
disables it for all other servers. See <a href="#Pipelining">Pipelining</a>.
<a name="received_005fheader"></a><br><dt>‘<samp><span class="samp">received_header [(on|off)]</span></samp>’<dd><a name="index-received_005fheader-7"></a>Enable or disable the Received header. By default, mpop prepends a Received
header to the mail during delivery. This is required by the RFCs if the mail
is subsequently further delivered e.g. via SMTP, and it is a good idea in all
other cases. Nevertheless, if you absolutely have to, you can disable the
Received header with this command.
</dl>
<h3 class="section">2.2 Authentication commands</h3>
<p>See <a href="#Authentication">Authentication</a>.
<dl>
<a name="auth"></a><dt>‘<samp><span class="samp">auth [(on|</span><var>method</var><span class="samp">)]</span></samp>’<dd><a name="index-auth-8"></a>This command chooses the POP3 authentication method. With the argument
‘<samp><span class="samp">on</span></samp>’, mpop will choose the best one available for you (see below). This is
the default. Accepted methods are ‘<samp><span class="samp">user</span></samp>’, ‘<samp><span class="samp">apop</span></samp>’, ‘<samp><span class="samp">plain</span></samp>’,
‘<samp><span class="samp">cram-md5</span></samp>’, ‘<samp><span class="samp">digest-md5</span></samp>’, ‘<samp><span class="samp">scram-sha-1</span></samp>’, ‘<samp><span class="samp">gssapi</span></samp>’,
‘<samp><span class="samp">external</span></samp>’, ‘<samp><span class="samp">login</span></samp>’, and ‘<samp><span class="samp">ntlm</span></samp>’.
See <a href="#Authentication">Authentication</a>.<br>
<a name="user"></a><br><dt>‘<samp><span class="samp">user [</span><var>username</var><span class="samp">]</span></samp>’<dd><a name="index-user-9"></a>Set your user name for POP3 authentication. An empty argument unsets the user
name.
<a name="password"></a><br><dt>‘<samp><span class="samp">password [</span><var>secret</var><span class="samp">]</span></samp>’<dd><a name="index-password-10"></a>Set your password for POP3 authentication. An empty argument unsets the
password.
If no password is set but one is needed during authentication, mpop will try to
find it. First, if ‘<samp><span class="samp">passwordeval</span></samp>’ is set, it will evaluate that command. If
‘<samp><span class="samp">passwordeval</span></samp>’ is not set, mpop will try to find the password in
<code>~/.netrc</code>. If that fails, it will try to find it in
<code>SYSCONFDIR/netrc</code> (use <code>--version</code> to find out what <code>SYSCONFDIR</code>
is on your platform). If that fails, it will try to get it from a system
specific keyring (if available). If that fails, mpop will prompt you for it.
See <a href="#Authentication">Authentication</a>.
<a name="passwordeval"></a><br><dt>‘<samp><span class="samp">passwordeval [</span><var>eval</var><span class="samp">]</span></samp>’<dd><a name="index-passwordeval-11"></a>Set your password for authentication to the output (stdout) of the
execution of <var>eval</var>.
<a name="ntlmdomain"></a><br><dt>‘<samp><span class="samp">ntlmdomain [</span><var>ntlmdomain</var><span class="samp">]</span></samp>’<dd><a name="index-ntlmdomain-12"></a>Set a domain for the ‘<samp><span class="samp">ntlm</span></samp>’ authentication method. The default is to use
no domain (equivalent to an empty argument), but some servers seem to require
one, even if it is an arbitrary string.
</dl>
<h3 class="section">2.3 TLS commands</h3>
<p>See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<dl>
<a name="tls"></a><dt>‘<samp><span class="samp">tls [(on|off)]</span></samp>’<dd><a name="index-tls-13"></a>This command enables or disables TLS/SSL encrypted connections to the POP3
server. Not every server supports TLS, and many that support it require the
‘<samp><span class="samp">tls_starttls off</span></samp>’ command.<br>
To use TLS/SSL, it is required to either use the ‘<samp><span class="samp">tls_trust_file</span></samp>’ command
(highly recommended) or to disable ‘<samp><span class="samp">tls_certcheck</span></samp>’.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fstarttls"></a><br><dt>‘<samp><span class="samp">tls_starttls [(on|off)]</span></samp>’<dd><a name="index-tls_005fstarttls-14"></a>This command chooses the TLS/SSL variant: with STARTTLS (‘<samp><span class="samp">on</span></samp>’, default) or
POP3-over-TLS (‘<samp><span class="samp">off</span></samp>’). Most servers support the latter variant, which is
also commonly referred to as "POP3 with SSL".
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005ftrust_005ffile"></a><br><dt>‘<samp><span class="samp">tls_trust_file [</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-tls_005ftrust_005ffile-15"></a>This command activates strict server certificate verification.
The given file must contain one or more certificates of trusted Certification
Authorities (CAs) in PEM format.<br>
On Debian based systems, you can install the ‘<samp><span class="samp">ca-certificates</span></samp>’ package and
use the file <samp><span class="file">/etc/ssl/certs/ca-certificates.crt</span></samp>.<br>
An empty argument disables this feature.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fcrl_005ffile"></a><br><dt>‘<samp><span class="samp">tls_crl_file [</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-tls_005fcrl_005ffile-16"></a>This command sets or unsets a certificate revocation list (CRL) file for TLS,
to be used during strict server certificate verification as enabled by the
<a href="#tls_005ftrust_005ffile">tls_trust_file</a> command. This allows the verification procedure to detect
revoked certificates.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005ffingerprint"></a><br><dt>‘<samp><span class="samp">tls_fingerprint [</span><var>fingerprint</var><span class="samp">]</span></samp>’<dd><a name="index-tls_005ffingerprint-17"></a>This command sets or unsets the fingerprint of a particular TLS certificate.
This certificate will then be trusted, regardless of its contents. This can be
used to trust broken certificates (e.g. with a non-matching hostname) or in
situations where ‘<samp><span class="samp">tls_trust_file</span></samp>’ cannot be used for some reason.
You can give either an SHA1 (recommended) or an MD5 fingerprint in the format
<code>01:23:45:67:...</code>.
You can use ‘<samp><span class="samp">--serverinfo --tls --tls-certcheck=off</span></samp>’ to get the peer
certificate's fingerprints.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fkey_005ffile"></a><br><dt>‘<samp><span class="samp">tls_key_file [</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-tls_005fkey_005ffile-18"></a>This command (together with the ‘<samp><span class="samp">tls_cert_file</span></samp>’) command enables mpop to
send a client certificate to the POP3 server if requested.
The file must contain the private key of a certificate in PEM format.
An empty argument disables this feature.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fcert_005ffile"></a><br><dt>‘<samp><span class="samp">tls_cert_file [</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-tls_005fcert_005ffile-19"></a>This command (together with the ‘<samp><span class="samp">tls_key_file</span></samp>’ command) enables mpop to
send a client certificate to the POP3 server if requested.
The file must contain a certificate in PEM format.
An empty argument disables this feature.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fcertcheck"></a><br><dt>‘<samp><span class="samp">tls_certcheck [(on|off)]</span></samp>’<dd><a name="index-tls_005fcertcheck-20"></a>This command enables or disables checks for the server certificate.<br>
WARNING: When the checks are disabled, TLS/SSL sessions will be vulnerable to
man-in-the-middle attacks!
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fforce_005fsslv3"></a><br><dt>‘<samp><span class="samp">tls_force_sslv3 [(on|off)]</span></samp>’<dd><a name="index-tls_005fforce_005fsslv3-21"></a>Force TLS/SSL version SSLv3. This might be needed to use SSL with some old and
broken servers. Do not use this unless you have to.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fmin_005fdh_005fprime_005fbits"></a><br><dt>‘<samp><span class="samp">tls_min_dh_prime_bits [</span><var>bits</var><span class="samp">]</span></samp>’<dd><a name="index-tls_005fmin_005fdh_005fprime_005fbits-22"></a>Set or unset the minimum number of Diffie-Hellman (DH) prime bits that mpop
will accept for TLS sessions. The default is set by the TLS library and can be
selected by using an empty argument to this command. Only lower the default
(for example to 512 bits) if there is no other way to make TLS work with the
remote server.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<a name="tls_005fpriorities"></a><br><dt>‘<samp><span class="samp">tls_priorities [</span><var>priorities</var><span class="samp">]</span></samp>’<dd><a name="index-tls_005fpriorities-23"></a>Set the priorities for TLS sessions. The default is set by the TLS library and
can be selected by using an empty argument to this command. Currently this
command only works with sufficiently recent GnuTLS releases. See the GnuTLS
documentation of the ‘<samp><span class="samp">gnutls_priority_init</span></samp>’ function for a description of
the <var>priorities</var> string.
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
</dl>
<h3 class="section">2.4 Commands specific to mail retrieval mode</h3>
<p>See <a href="#Mail-retrieval-mode">Mail retrieval mode</a>.
<dl>
<a name="delivery"></a><dt>‘<samp><span class="samp">delivery </span><var>method</var> <var>method_arguments<small class="dots">...</small></var></samp>’<dd><a name="index-delivery-24"></a>How to deliver messages received from this account.
<ul>
<li>delivery mda <var>command</var><br>
Deliver the mails through a mail delivery agent (MDA).<br>
All occurences of <code>%F</code> in the command will be replaced with the envelope
from address of the current message (or MAILER-DAEMON if none is found). Note
that this address is guaranteed to contain only letters <code>a-z</code> and
<code>A-Z</code>, digits <code>0-9</code>, and any of <code>.@_-+/</code>, even though that is
only a subset of what is theoretically allowed in a mail address. Other
characters, including those interpreted by the shell, are replaced with
<code>_</code>. Nevertheless, you should put <code>%F</code> into single quotes:
<code>'%F'</code>.<br>
Use <code>delivery mda "/usr/bin/procmail -f '%F' -d $USER"</code> for the procmail
MDA.<br>
Use <code>delivery mda "/usr/sbin/sendmail -oi -oem -f '%F' -- $USER"</code> to let
your MTA handle the mail.<br>
Use <code>delivery mda /usr/local/bin/msmtp --host=localhost --from='%F' --
$USER@`hostname`.`dnsdomainname`"</code> to pass the mail to your MTA via SMTP.
(This is what fetchmail does by default.)
<li>delivery maildir <var>directory</var><br>
Deliver the mails to the given maildir directory. The directory must exist and
it must be a valid maildir directory; mpop will not create directories. This
delivery type only works on file systems that support hard links.
<li>delivery mbox <var>mbox-file</var><br>
Deliver the mails to the given file in mbox format. The file will be locked
with <code>fcntl(2)</code>. mpop uses the MBOXRD mbox format variant; see the
documentation of the mbox format.
<li>delivery exchange <var>directory</var><br>
Deliver the mails to the given Exchange pickup directory. The directory must
exist.
</ul>
If the delivery method needs to parse the mail headers for an envelope from
address (the mda method if the command contains <code>%F</code>, and the mbox method),
then it needs to create a temporary file to store the mail headers (but not the
body) in. See <code>$TMPDIR</code> in <a href="#Environment-_002f-Files">Environment / Files</a>.
<a name="uidls_005ffile"></a><br><dt>‘<samp><span class="samp">uidls_file </span><var>filename</var></samp>’<dd><a name="index-uidls_005ffile-25"></a>The file to store UIDLs in. These are needed to identify new messages.
<code>%U</code> in the filename will be replaced by the username of the current
account. <code>%H</code> in the filename will be replaced by the hostname of the
current account. If the filename contains directories that do not exist, mpop
will create them. mpop locks this file for exclusive access when accessing the
associated POP3 account.<br>
The default value is <code>~/.mpop_uidls/%U_at_%H</code>. You can also use a single
UIDLS file for multiple accounts, but then you cannot poll more than one of
these accounts at the same time.
<a name="only_005fnew"></a><br><dt>‘<samp><span class="samp">only_new [(on|off)]</span></samp>’<dd><a name="index-only_005fnew-26"></a>By default, mpop processes only new messages (new messages are those that were
not already successfully retrieved in an earlier session). If this option is
turned off, mpop will process all messages.
<a name="keep"></a><br><dt>‘<samp><span class="samp">keep [(on|off)]</span></samp>’<dd><a name="index-keep-27"></a>Keep all mails on the POP3 server, never delete them. The default behavior is
to delete mails that have been successfully delivered or filtered by kill
filters.
<a name="killsize"></a><br><dt>‘<samp><span class="samp">killsize (off|</span><var>size</var><span class="samp">)</span></samp>’<dd><a name="index-killsize-28"></a>Mails larger than the given size will be deleted, not downloaded (unless the
keep command is used, in which case they will just be skipped). The size
argument must be zero or greater. If it is followed by a 'k' or an 'm', the
size is measured in kibibytes/mebibytes instead of bytes. Note that some POP3
servers report slightly incorrect sizes for mails. See <a href="#Filtering">Filtering</a>.<br>
When ‘<samp><span class="samp">killsize</span></samp>’ is set to 0 and ‘<samp><span class="samp">keep</span></samp>’ is set to on, then all mails
are marked as retrieved, but no mail gets deleted from the server. This can be
used to synchronize the UID list on the client to the UID list on the server.
<a name="skipsize"></a><br><dt>‘<samp><span class="samp">skipsize (off|</span><var>size</var><span class="samp">)</span></samp>’<dd><a name="index-skipsize-29"></a>Mails larger than the given size will be skipped (not downloaded). The size
argument must be zero or greater. If it is followed by a 'k' or an 'm', the
size is measured in kibibytes/mebibytes instead of bytes. Note that some POP3
servers report slightly incorrect sizes for mails. See <a href="#Filtering">Filtering</a>.
<a name="filter"></a><br><dt>‘<samp><span class="samp">filter [</span><var>COMMAND</var><span class="samp">]</span></samp>’<dd><a name="index-filter-30"></a>Set a filter which will decide whether to retrieve, skip, or delete each mail
by investigating the mail's headers. The POP3 server must support the POP3 TOP
command for this to work; see <a href="#Server-information-mode">Server information mode</a>. An empty argument
disables filtering.<br>
All occurences of <code>%F</code> in the command will be replaced with the envelope
from address of the current message (or MAILER-DAEMON if none is found).
Note that this address is guaranteed to contain only letters <code>a-z</code> and
<code>A-Z</code>, digits <code>0-9</code>, and any of <code>.@_-+/</code>, even though that is
only a subset of what is theoretically allowed in a mail address. Other
characters, including those interpreted by the shell, are replaced with
<code>_</code>. Nevertheless, you should put <code>%F</code> into single quotes:
<code>'%F'</code>.<br>
All occurences of <code>%S</code> in the command will be replaced with the size of
the current mail as reported by the POP3 server.<br>
The mail headers (plus the blank line separating the headers from the body)
will be piped to the command. Based on the return code, mpop decides
what to do with the mail:
<ul>
<li>0: proceed normally; no special action
<li>1: delete the mail; do not retrieve it
<li>2: skip the mail; do not retrieve it
</ul>
Return codes greater than or equal to 3 mean that an error occurred. The
<code>sysexits.h</code> error codes may be used to give information about the kind of
the error, but this is not necessary. See <a href="#Filtering">Filtering</a>.
</dl>
<div class="node">
<a name="Invocation"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Transport-Layer-Security">Transport Layer Security</a>,
Previous: <a rel="previous" accesskey="p" href="#Configuration-file">Configuration file</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">3 Invocation</h2>
<h3 class="section">3.1 Synopsis</h3>
<ul>
<li>Mail retrieval mode (default):<br>
<code>mpop [</code><var>option</var><code>...] [--] [</code><var>account</var><code>...]</code><br>
<li>Server information mode:<br>
<code>mpop [</code><var>option</var><code>...] --serverinfo [</code><var>account</var><code>...]</code><br>
</ul>
<h3 class="section">3.2 Exit code</h3>
<p>The standard exit codes from <code>sysexits.h</code> are used.
<p><a name="Environment-_002f-Files"></a>
<h3 class="section">3.3 Environment / Files</h3>
<dl>
<dt>‘<samp><code>~/.mpoprc</code></samp>’<dd>The default user configuration file.
<br><dt>‘<samp><code>~/.mpop_uidls</code></samp>’<dd>Default directory to store UIDLs files in.
<br><dt>‘<samp><code>~/.netrc</code><span class="samp"> and </span><code>SYSCONFDIR/netrc</code></samp>’<dd>The <code>netrc</code> file contains login information. If a password is not found
in the configuration file, mpop will search it in <code>~/.netrc</code> and
<code>SYSCONFDIR</code> before prompting the user for it. The syntax of <code>netrc</code>
files is described in the <code>netrc(5)</code> or <code>ftp(1)</code> manual page.
<br><dt>‘<samp><code>$USER</code><span class="samp">, </span><code>$LOGNAME</code></samp>’<dd>These variables override the user's login name. <code>$LOGNAME</code> is only used if
<code>$USER</code> is unset. The user's login name is used for <code>Received</code>
headers.
<br><dt>‘<samp><code>$TMPDIR</code></samp>’<dd>Directory to create temporary files in. If this is unset, a system specific
default directory is used.<br>
</dl>
<h3 class="section">3.4 Options</h3>
<p>Options override configuration file settings. The following options are
accepted:
<h4 class="subsection">3.4.1 General options</h4>
<dl>
<dt>‘<samp><span class="samp">--version</span></samp>’<dd><a name="index-g_t_002d_002dversion-31"></a>Print version information. This includes information about the library used for
TLS/SSL support (if any), the library used for authentication, and the
authentication mechanisms supported by this library.
<br><dt>‘<samp><span class="samp">--help</span></samp>’<dd><a name="index-g_t_002d_002dhelp-32"></a>Print help.
<br><dt>‘<samp><span class="samp">-P</span></samp>’<dt>‘<samp><span class="samp">--pretend</span></samp>’<dd><a name="index-g_t_002dP-33"></a><a name="index-g_t_002d_002dpretend-34"></a>Print the configuration settings that would be used, but do not take further
action. An asterisk ('*') will be printed instead of the password.
<br><dt>‘<samp><span class="samp">-d</span></samp>’<dt>‘<samp><span class="samp">--debug</span></samp>’<dd><a name="index-g_t_002dd-35"></a><a name="index-g_t_002d_002ddebug-36"></a>Print lots of debugging information, including the whole conversation with the
POP3 server. Be careful with this option: the (potentially dangerous) output
will not be sanitized, and your password may get printed in an easily decodable
format!<br>
This option implies ‘<samp><span class="samp">--half-quiet</span></samp>’, because the debugging output would
otherwise interfere with the progress output.
</dl>
<h4 class="subsection">3.4.2 Changing the mode of operation</h4>
<dl>
<a name="g_t_002d_002dserverinfo"></a><dt>‘<samp><span class="samp">-S</span></samp>’<dt>‘<samp><span class="samp">--serverinfo</span></samp>’<dd><a name="index-g_t_002dS-37"></a><a name="index-g_t_002d_002dserverinfo-38"></a>Print information about the POP3 server and exit. This includes information
about supported features (pipelining, authentication methods, TOP command,
<small class="dots">...</small>), about parameters (time for which mails will not be deleted, minimum
time between logins, <small class="dots">...</small>), and about the TLS certificate (if TLS is
active).
See <a href="#Server-information-mode">Server information mode</a>.
</dl>
<h4 class="subsection">3.4.3 Configuration options</h4>
<p>Most options in this category correspond to a configuration file command.
Please refer to <a href="#Configuration-file">Configuration file</a> for detailed information.
<dl>
<dt>‘<samp><span class="samp">-C </span><var>filename</var></samp>’<dt>‘<samp><span class="samp">--file=</span><var>filename</var></samp>’<dd><a name="index-g_t_002dC-39"></a><a name="index-g_t_002d_002dfile-40"></a>Use the given file instead of <code>~/.mpoprc</code> as the configuration file.
<dt>‘<samp><span class="samp">--host=</span><var>hostname</var></samp>’<dd><a name="index-g_t_002d_002dhost-41"></a>Use this POP3 server with settings from the command line; do not use any
configuration file data. This option disables loading of the configuration
file. You cannot use both this option and account names on the command line.
<dt>‘<samp><span class="samp">--port=</span><var>number</var></samp>’<dd><a name="index-g_t_002d_002dport-42"></a>Set the port number to connect to. See <a href="#port">port</a>.
<dt>‘<samp><span class="samp">--timeout=(off|</span><var>seconds</var><span class="samp">)</span></samp>’<dd><a name="index-g_t_002d_002dtimeout-43"></a>Set or unset a network timeout, in seconds. See <a href="#timeout">timeout</a>.
<a name="g_t_002d_002dpipelining"></a><dt>‘<samp><span class="samp">--pipelining=(auto|on|off)</span></samp>’<dd><a name="index-g_t_002d_002dpipelining-44"></a>Enable or disable POP3 pipelining. See <a href="#pipelining">pipelining</a>.
<a name="g_t_002d_002dreceived_005fheader"></a><dt>‘<samp><span class="samp">--received-header[=(on|off)]</span></samp>’<dd><a name="index-g_t_002d_002dreceived_002dheader-45"></a>Enable or disable the Received header. See <a href="#received_005fheader">received_header</a>.
<a name="g_t_002d_002dauth"></a><dt>‘<samp><span class="samp">--auth[=(on|</span><var>method</var><span class="samp">)]</span></samp>’<dd><a name="index-g_t_002d_002dauth-46"></a>Set the authentication method to automatic (with "on") or manually choose an
authentication method. See <a href="#auth">auth</a>.
<a name="g_t_002d_002duser"></a><dt>‘<samp><span class="samp">--user=[</span><var>username</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002duser-47"></a>Set or unset the user name for authentication. See <a href="#user">user</a>.
<a name="g_t_002d_002dpasswordeval"></a><dt>‘<samp><span class="samp">--passwordeval=[</span><var>eval</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dpasswordeval-48"></a>Evaluate password for authentication. See <a href="#passwordeval">passwordeval</a>.
<dt>‘<samp><span class="samp">--tls[=(on|off)]</span></samp>’<dd><a name="index-g_t_002d_002dtls-49"></a>Enable or disable TLS/SSL. See <a href="#tls">tls</a>.
<a name="g_t_002d_002dtls_002dstarttls"></a><dt>‘<samp><span class="samp">--tls-starttls[=(on|off)]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dstarttls-50"></a>Enable or disable STARTTLS for TLS encryption. See <a href="#tls_005fstarttls">tls_starttls</a>.
<a name="g_t_002d_002dtls_002dtrust_002dfile"></a><dt>‘<samp><span class="samp">--tls-trust-file=[</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dtrust_002dfile-51"></a>Set or unset a trust file for TLS encryption. See <a href="#tls_005ftrust_005ffile">tls_trust_file</a>.
<a name="g_t_002d_002dtls_002dcrl_002dfile"></a><dt>‘<samp><span class="samp">--tls-crl-file=[</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dcrl_002dfile-52"></a>Set or unset a certificate revocation list (CRL) file for TLS.
See <a href="#tls_005fcrl_005ffile">tls_crl_file</a>.
<a name="g_t_002d_002dtls_002dfingerprint"></a><dt>‘<samp><span class="samp">--tls-fingerprint=[</span><var>fingerprint</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dfingerprint-53"></a>Set ot unset the fingerprint of a trusted TLS certificate.
See <a href="#tls_005ffingerprint">tls_fingerprint</a>.
<a name="g_t_002d_002dtls_002dkey_002dfile"></a><dt>‘<samp><span class="samp">--tls-key-file=[</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dkey_002dfile-54"></a>Set or unset a key file for TLS encryption. See <a href="#tls_005fkey_005ffile">tls_key_file</a>.
<a name="g_t_002d_002dtls_002dcert_002dfile"></a><dt>‘<samp><span class="samp">--tls-cert-file=[</span><var>file</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dcert_002dfile-55"></a>Set or unset a cert file for TLS encryption. See <a href="#tls_005fcert_005ffile">tls_cert_file</a>.
<a name="g_t_002d_002dtls_002dcertcheck"></a><dt>‘<samp><span class="samp">--tls-certcheck[=(on|off)]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dcertcheck-56"></a>Enable or disable server certificate checks for TLS encryption.
See <a href="#tls_005fcertcheck">tls_certcheck</a>.
<a name="g_t_002d_002dtls_002dforce_002dsslv3"></a><dt>‘<samp><span class="samp">--tls-force-sslv3=(on|off)]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dforce_002dsslv3-57"></a>Force TLS/SSL version SSLv3. See <a href="#tls_005fforce_005fsslv3">tls_force_sslv3</a>.
<a name="g_t_002d_002dtls_002dmin_002ddh_002dprime_002dbits"></a><dt>‘<samp><span class="samp">--tls-min-dh-prime-bits=[</span><var>bits</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dmin_002ddh_002dprime_002dbits-58"></a>Set or unset minimum bit size of the Diffie-Hellman (DH) prime.
See <a href="#tls_005fmin_005fdh_005fprime_005fbits">tls_min_dh_prime_bits</a>.
<a name="g_t_002d_002dtls_002dpriorities"></a><dt>‘<samp><span class="samp">--tls-priorities=[</span><var>priorities</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dtls_002dpriorities-59"></a>Set or unset TLS priorities. See <a href="#tls_005fpriorities">tls_priorities</a>.
</dl>
<h4 class="subsection">3.4.4 Options specific to mail retrieval mode</h4>
<dl>
<a name="g_t_002d_002dquiet"></a><dt>‘<samp><span class="samp">-q</span></samp>’<dt>‘<samp><span class="samp">--quiet</span></samp>’<dd><a name="index-g_t_002dq-60"></a><a name="index-g_t_002d_002dquiet-61"></a>Do not print status or progress information.
<a name="g_t_002d_002dhalf_002dquiet"></a><br><dt>‘<samp><span class="samp">-Q</span></samp>’<dt>‘<samp><span class="samp">--half-quiet</span></samp>’<dd><a name="index-g_t_002dQ-62"></a><a name="index-g_t_002d_002dhalf_002dquiet-63"></a>Print status but not progress information.
<a name="g_t_002d_002dall_002daccounts"></a><br><dt>‘<samp><span class="samp">-a</span></samp>’<dt>‘<samp><span class="samp">--all-accounts</span></samp>’<dd><a name="index-g_t_002da-64"></a><a name="index-g_t_002d_002dall_002daccounts-65"></a>Query all accounts in the configuration file.
<a name="g_t_002d_002dauth_002donly"></a><br><dt>‘<samp><span class="samp">-A</span></samp>’<dt>‘<samp><span class="samp">--auth-only</span></samp>’<dd><a name="index-g_t_002dA-66"></a><a name="index-g_t_002d_002dauth_002donly-67"></a>Authenticate only; do not retrieve mail. Useful for SMTP-after-POP.
<a name="g_t_002d_002dstatus_002donly"></a><br><dt>‘<samp><span class="samp">-s</span></samp>’<dt>‘<samp><span class="samp">--status-only</span></samp>’<dd><a name="index-g_t_002ds-68"></a><a name="index-g_t_002d_002dstatus_002donly-69"></a>Print number and size of mails in each account only; do not retrieve mail.
<a name="g_t_002d_002donly_002dnew"></a><br><dt>‘<samp><span class="samp">-n</span></samp>’<dt>‘<samp><span class="samp">--only-new[=(on|off)]</span></samp>’<dd><a name="index-g_t_002d_002donly_002dnew-70"></a>Process only new messages. See <a href="#only_005fnew">only_new</a>.
<a name="g_t_002d_002dkeep"></a><br><dt>‘<samp><span class="samp">-k</span></samp>’<dt>‘<samp><span class="samp">--keep[=(on|off)]</span></samp>’<dd><a name="index-g_t_002d_002dkeep-71"></a>Do not delete mails from POP3 servers, regardless of other options or settings.
See <a href="#keep">keep</a>.
<a name="g_t_002d_002dkillsize"></a><dt>‘<samp><span class="samp">--killsize=(off|</span><var>size</var><span class="samp">)</span></samp>’<dd><a name="index-g_t_002d_002dkillsize-72"></a>Set or unset kill size. See <a href="#killsize">killsize</a>.
<a name="g_t_002d_002dskipsize"></a><dt>‘<samp><span class="samp">--skipsize=(off|</span><var>size</var><span class="samp">)</span></samp>’<dd><a name="index-g_t_002d_002dskipsize-73"></a>Set or unset skip size. See <a href="#skipsize">skipsize</a>.
<a name="g_t_002d_002dfilter"></a><dt>‘<samp><span class="samp">--filter=[</span><var>command</var><span class="samp">]</span></samp>’<dd><a name="index-g_t_002d_002dfilter-74"></a>Set a filter which will decide whether to retrieve, skip, or delete each mail by
investigating the mail's headers. See <a href="#filter">filter</a>.
<a name="g_t_002d_002ddelivery"></a><br><dt>‘<samp><span class="samp">--delivery=</span><var>method</var><span class="samp">,</span><var>method_arguments<small class="dots">...</small></var></samp>’<dd><a name="index-g_t_002d_002ddelivery-75"></a>How to deliver messages received from this account. See <a href="#delivery">delivery</a>. Note that a
comma is used instead of a blank to separate the method from its arguments.
<a name="g_t_002d_002duidls_002dfile"></a><dt>‘<samp><span class="samp">--uidls-file=</span><var>filename</var></samp>’<dd><a name="index-g_t_002d_002duidls_002dfile-76"></a>File to store UIDLs in. See <a href="#uidls_005ffile">uidls_file</a>.
</dl>
<div class="node">
<a name="Transport-Layer-Security"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Authentication">Authentication</a>,
Previous: <a rel="previous" accesskey="p" href="#Invocation">Invocation</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">4 Transport Layer Security</h2>
<p>Transport Layer Security (TLS) is a new name for Secure Socket Layer (SSL).
The TLS 1.0 protocol is an updated version of the SSL 3.0 protocol. TLS and
SSL mean the same thing.
<p>Quoting from RFC2246 - the TLS 1.0 protocol specification:<br>
"The TLS protocol provides communications privacy over the Internet.
The protocol allows client/server applications to communicate in a way that
is designed to prevent eavesdropping, tampering, or message forgery."
<p>POP3 servers can use TLS in one of two modes:
<ul>
<li>Immediately<br>
This is known as POP3 tunneled through TLS. The default port for this mode is
995 (pop3s). This is what most servers support, and is often simply called
"POP3 with SSL".
<li>Via the STARTTLS POP3 command<br>
The POP3 session begins normally. The client sends the STLS command when it
wishes to begin TLS encryption. The default port for this mode is the default
POP3 port: 110 (pop3).
</ul>
mpop can switch between these modes with the ‘<samp><span class="samp">tls_starttls</span></samp>’ command (see
<a href="#tls_005fstarttls">tls_starttls</a>) command or the ‘<samp><span class="samp">--tls-starttls</span></samp>’ option (see
<a href="#g_t_002d_002dtls_002dstarttls">–tls-starttls</a>).
<p>When TLS is started, the server sends a certificate to identify itself. This
certificate contains information about the certificate owner, the certificate
issuer, and the activation and expiration times of the certificate. This
information can be displayed in server information mode.
See <a href="#Server-information-mode">Server information mode</a>.
<p>To use TLS, it is required to either enable full server certificate verification
using the ‘<samp><span class="samp">tls_trust_file</span></samp>’ command or ‘<samp><span class="samp">--tls-trust-file</span></samp>’ option, or to
trust one particular peer certificate using the ‘<samp><span class="samp">tls_fingerprint</span></samp>’ command
or ‘<samp><span class="samp">--tls-fingerprint</span></samp>’ option, or to disable all certificate checks using
‘<samp><span class="samp">tls_certcheck off</span></samp>’ or ‘<samp><span class="samp">--tls-certcheck=off</span></samp>’.
WARNING: When certificate checks are disabled, TLS/SSL sessions are vulnerable
to man-in-the-middle attacks!
See <a href="#tls_005ftrust_005ffile">tls_trust_file</a>, <a href="#g_t_002d_002dtls_002dtrust_002dfile">–tls-trust-file</a>, <a href="#tls_005ffingerprint">tls_fingerprint</a>,
<a href="#g_t_002d_002dtls_002dfingerprint">–tls-fingerprint</a>, <a href="#tls_005fcertcheck">tls_certcheck</a>, <a href="#g_t_002d_002dtls_002dcertcheck">–tls-certcheck</a>.
<p>If your system has a file that collects all system-wide trusted CA
certificates, it is easiest to just use this in the ‘<samp><span class="samp">defaults</span></samp>’ section of
your configuration file. On Debian-based systems, for example, the adequate
command would be ‘<samp><span class="samp">tls_trust_file /etc/ssl/certs/ca-certificates.crt</span></samp>’.
<p>But you can also find out manually which CA certificate you need to
trust. First, issue the following command:
<pre class="example"> $ mpop --serverinfo --host=pop.example.com --tls=on --tls-certcheck=off
</pre>
<p>The option ‘<samp><span class="samp">--tls-certcheck=off</span></samp>’ allows mpop to accept any certificate, so
that it can print some information about it. The output of this command tells
you the common name of the server certificate issuer. You have to trust this
issuer to use full TLS security. Usually you can find the CA certificate
on the issuer's homepage. With this CA certificate, the following should
succeed:
<pre class="example"> $ mpop --serverinfo --host=pop.example.com --tls=on \
--tls-trust-file=ca_cert.txt
</pre>
<p>If the server requests it, the client can send a certificate, too. This allows
the server to verify the identity of the client. See the EXTERNAL mechanism in
<a href="#Authentication">Authentication</a>. The ‘<samp><span class="samp">tls_key_file</span></samp>’/‘<samp><span class="samp">tls_cert_file</span></samp>’ commands or
the ‘<samp><span class="samp">--tls-key-file</span></samp>’/‘<samp><span class="samp">--tls-cert-file</span></samp>’ options can be used to set a
client certificate. See <a href="#tls_005fkey_005ffile">tls_key_file</a>/<a href="#g_t_002d_002dtls_002dkey_002dfile">–tls-key-file</a>,
<a href="#tls_005fcert_005ffile">tls_cert_file</a>/<a href="#g_t_002d_002dtls_002dcert_002dfile">–tls-cert-file</a>.
Note that GnuTLS will only send a client certificate if it matches one of the
CAs advertised by the server. If you set a client certificate but it is not sent
to the server, probably does not match any CA that the server trusts.
<p>If you need to fine tune TLS parameters or have problems connecting to your
server, have a look at the <a href="#tls_005fforce_005fsslv3">tls_force_sslv3</a>, <a href="#tls_005fmin_005fdh_005fprime_005fbits">tls_min_dh_prime_bits</a>,
and <a href="#tls_005fpriorities">tls_priorities</a> commands.
<div class="node">
<a name="Authentication"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Pipelining">Pipelining</a>,
Previous: <a rel="previous" accesskey="p" href="#Transport-Layer-Security">Transport Layer Security</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">5 Authentication</h2>
<p>POP3 servers require a client to authenticate itself before it is allowed to
retrieve mail.
<p>Multiple authentication methods exist. Most POP3 servers support only some of
them. Some methods send authentication data in plain text (or nearly plain
text) to the server, and some others are vulnerable to attacks. These methods
should only be used when TLS is active to prevent others from stealing the
password. See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<p>By default, mpop chooses a method automatically, and it will never choose one
that puts the authentication data at risk. See below for details.
<p>mpop supports the following authentication methods:
<ul>
<li>‘<samp><span class="samp">USER</span></samp>’<br>
This authentication method needs a user name and a password.
Both are send in plain text. All POP3 servers support this authentication
method.
<li>‘<samp><span class="samp">PLAIN</span></samp>’<br>
This authentication method needs a user name and a password.
Both are send in BASE64 encoding, which can be easily decoded to plain text.
<li>‘<samp><span class="samp">APOP</span></samp>’<br>
This authentication method needs a user name and a password.
The authentication data is not sent in plain text, but APOP is vulnerable to
man-in-the-middle attacks. This method should not be used unless TLS is active.
<li>‘<samp><span class="samp">CRAM-MD5</span></samp>’<br>
This authentication method needs a user name and a password.
The authentication data is not sent in plain text, which means this method can
safely be used without TLS.
<li>‘<samp><span class="samp">DIGEST-MD5</span></samp>’<br>
This authentication method needs a user name and a password.
The authentication data is not sent in plain text, which means this method can
safely be used without TLS.
<li>‘<samp><span class="samp">SCRAM-SHA-1</span></samp>’<br>
This authentication method needs a user name and a password.
The authentication data is not sent in plain text, which means this method can
safely be used without TLS.
<li>‘<samp><span class="samp">GSSAPI</span></samp>’<br>
This authentication method needs a user name. The Kerberos framework takes care
of secure authentication, therefore this method can safely be used without TLS.
<li>‘<samp><span class="samp">EXTERNAL</span></samp>’<br>
This is a special authentication method: The actual authentication happens
outside of the POP3 protocol, typically by sending a TLS client certificate
(see <a href="#Transport-Layer-Security">Transport Layer Security</a>).<br>
The EXTERNAL method merely confirms that this authentication succeeded for the
given user (or, if no user name is given, confirms that authentication
succeeded). Thus it may not be necessary for authentication to use this method,
and if the server does not support the EXTERNAL method, this does not mean that
it does not support authentication with TLS client certificates.<br>
This authentication method is not chosen automatically; you have to request it
manually.<br>
Note: (SMTP) Sendmail 8.12.11 advertises the EXTERNAL mechanism only after a
TLS client certificate has been send. It seems to ignore the optional user
name. Does anyone know more about this?
<li>‘<samp><span class="samp">LOGIN</span></samp>’<br>
This is a non-standard authentication method similar to (but worse than) PLAIN.
It needs a user name and a password, both of which are send in BASE64 encoding,
which can be easily decoded to plain text.
<li>‘<samp><span class="samp">NTLM</span></samp>’<br>
This is an obscure non-standard authentication method. It needs a user name and
a password and in some cases a special domain parameter (see <a href="#ntlmdomain">ntlmdomain</a>).
The authentication data is not send in plain text, but since NTLM is not an open
standard, it should be considered broken and insecure.
</ul>
<p>It depends on the underlying authentication library and its version whether a
particular method is supported or not. Use <samp><span class="option">--version</span></samp> to find out which
methods are supported by your version of mpop.
<p>Authentication data can be set with the ‘<samp><span class="samp">user</span></samp>’ and ‘<samp><span class="samp">password</span></samp>’ commands
or with the ‘<samp><span class="samp">--user</span></samp>’ option. See <a href="#user">user</a>, <a href="#password">password</a>, <a href="#g_t_002d_002duser">–user</a>.
If no password is set but one is needed during authentication, mpop will try to
find it. First, if ‘<samp><span class="samp">passwordeval</span></samp>’ is set, it will evaluate that command. If
‘<samp><span class="samp">passwordeval</span></samp>’ is not set, mpop will try to find the password in
<code>~/.netrc</code>. If that fails, it will try to find it in
<code>SYSCONFDIR/netrc</code> (use <code>--version</code> to find out what <code>SYSCONFDIR</code>
is on your platform). If that fails, it will try to get it from a system
specific keyring (if available). If that fails, mpop will prompt you for it.
<p>Currently supported keyrings are the Gnome Keyring and the Mac OS X Keychain.
The script <code>mpop-gnome-tool.py</code> can be used to manage Gnome Keyring
passwords for mpop. To manage Mac OS X Keychain passwords, use the Keychain
Access GUI application. The ‘<samp><span class="samp">account name</span></samp>’ is same as the mpop ‘<samp><span class="samp">user</span></samp>’
argument. The ‘<samp><span class="samp">keychain item name</span></samp>’ is <code>pop3://<hostname></code> where
<code><hostname></code> matches the mpop ‘<samp><span class="samp">host</span></samp>’ argument.
<p>The authentication method can be chosen with the ‘<samp><span class="samp">auth</span></samp>’ command or
‘<samp><span class="samp">--auth</span></samp>’ option, but it is usually sufficient to just use the ‘<samp><span class="samp">on</span></samp>’
argument to let mpop choose the method itself. See <a href="#auth">auth</a>, <a href="#g_t_002d_002dauth">–auth</a>.
<p>If mpop chooses the method itself, it will never choose an insecure method.
If TLS is active, all methods are considered secure in this context, because the
connection to the server is protected by TLS. If TLS is not active, only the
CRAM-MD5, DIGEST-MD5, SCRAM-SHA-1, and GSSAPI methods are considered secure in
this context, because all the others methods put the authentication data at
risk.
<p>If you really want to risk your authentication data, you have to force mpop to
do that by manually setting the authentication method while TLS is off.
<div class="node">
<a name="Pipelining"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Defective-POP3-servers">Defective POP3 servers</a>,
Previous: <a rel="previous" accesskey="p" href="#Authentication">Authentication</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">6 Pipelining</h2>
<p>A POP3 client that sends multiple POP3 commands at once to a POP3 server before
starting to read the server's answers is using POP3 pipelining. Since the client
does not have to wait for the server's answer before sending the next command,
and the server does not have to wait for the next command from the client,
pipelining can speed up a POP3 session substantially.
<p>Pipelining in mpop works by sending up to ‘<samp><span class="samp">PIPELINE_MAX</span></samp>’ commands to the
server, then begin to read its answers, and refill the command pipeline when the
number of unanswered commands drops to ‘<samp><span class="samp">PIPELINE_MIN</span></samp>’. ‘<samp><span class="samp">PIPELINE_MIN</span></samp>’
and ‘<samp><span class="samp">PIPELINE_MAX</span></samp>’ are compile time constants.
<p>By default, mpop will enable pipelining automatically if the server supports
the CAPA command and advertizes the pipelining capability, and disable it for
all other servers. See <a href="#Server-information-mode">Server information mode</a>.
<p>You can change this behaviour with the ‘<samp><span class="samp">pipelining</span></samp>’ command or
‘<samp><span class="samp">--pipelining</span></samp>’ option. See <a href="#pipelining">pipelining</a>, <a href="#g_t_002d_002dpipelining">–pipelining</a>. It is
always safe to disable pipelining. It is not recommended to force pipelining
for servers that are not known to support it.
<div class="node">
<a name="Defective-POP3-servers"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Mail-retrieval-mode">Mail retrieval mode</a>,
Previous: <a rel="previous" accesskey="p" href="#Pipelining">Pipelining</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">7 Defective POP3 servers</h2>
<p>Some POP3 servers still do not support the UIDL command. In this case, mpop
cannot recognize messages that were already successfully retrieved, and will
treat all messages as new. Use the ‘<samp><span class="samp">--serverinfo</span></samp>’ option to find out if a
server supports the UIDL command.
<p>Some POP3 servers count end-of-line characters as two bytes (CRLF) instead
of one (LF), so that the size of a mail as reported by the POP3 server is
slightly larger than the actual size. This has the following consequences:
The size filters are not accurate. Do not rely on exact size filtering.
The progress output may display inaccurate (slightly too low) percentage values
for the first mail retrieved from a POP3 server. mpop will detect this after
the first mail has been read and will display corrected values for subsequent
mails.
<div class="node">
<a name="Mail-retrieval-mode"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Filtering">Filtering</a>,
Previous: <a rel="previous" accesskey="p" href="#Defective-POP3-servers">Defective POP3 servers</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">8 Mail retrieval mode</h2>
<p>In this mode, mpop retrieves mail from one or more POP3 servers. It delivers
each of them using the method that was given with the ‘<samp><span class="samp">delivery</span></samp>’ command
or ‘<samp><span class="samp">--delivery</span></samp>’ option. See <a href="#delivery">delivery</a>, <a href="#g_t_002d_002ddelivery">–delivery</a>.
<p>While retrieving the mail, mpop displays approximate progress information,
which can be turned off with the ‘<samp><span class="samp">--half-quiet</span></samp>’ or ‘<samp><span class="samp">--quiet</span></samp>’ options;
see <a href="#g_t_002d_002dhalf_002dquiet">–half-quiet</a>, <a href="#g_t_002d_002dquiet">–quiet</a>.
<p>If the delivery succeeded, the mail is deleted from the POP3 server by default.
The ‘<samp><span class="samp">keep</span></samp>’ command and ‘<samp><span class="samp">--keep</span></samp>’ option can prevent the deletion of
mails; see <a href="#keep">keep</a>, <a href="#g_t_002d_002dkeep">–keep</a>.
<p><em>Important note:</em> Some POP3 servers will delete mails without any user
interaction. See EXPIRE in <a href="#Server-information-mode">Server information mode</a>. mpop can do nothing
about that.
<p>If you don't want to download certain mails, but skip them or delete them
directly, you can do filtering based on the mail headers. See <a href="#Filtering">Filtering</a>.
<p>If you just want to know if you have new mails (and how many), use the
‘<samp><span class="samp">--status-only</span></samp>’ option. See <a href="#g_t_002d_002dstatus_002donly">–status-only</a>.
<p>If you just want to authenticate to the POP3 server, but don't want to look at
your mails, use the ‘<samp><span class="samp">--auth-only</span></samp>’ option. See <a href="#g_t_002d_002dauth_002donly">–auth-only</a>. This can be
useful for sending mail through SMTP servers that require SMTP-after-POP
(aka POP-before-SMTP).
<p>Before mpop delivers a mail, it prepends a Received header to it. This is
necessary if the delivery method transmits the mail to an SMTP server, for
example. mpop does not change the contents of the mail in any other way.
<div class="node">
<a name="Server-information-mode"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Examples">Examples</a>,
Previous: <a rel="previous" accesskey="p" href="#Filtering">Filtering</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">9 Server information mode</h2>
<p>In server information mode, mpop prints as much information about the POP3
server as it can get and then exits.
<p>The POP3 features that can be detected are:
<ul>
<li>IMPLEMENTATION<br>
The implementation string of the POP3 server.
<li>CAPA<br>
Support for the POP3 CAPA command. The server sends a list of its capabilities
in response to this command.
<li>PIPELINING<br>
Support for POP3 pipelining. See <a href="#Pipelining">Pipelining</a>.
<li>TOP<br>
Support for the POP3 TOP command. This is needed for header based filtering to
work. See <a href="#Filtering">Filtering</a>.
<li>UIDL<br>
Support for the POP3 UIDL command. This is needed to distinguish between new and
already retrieved messages.
<li>LOGIN-DELAY<br>
The minimum time between two POP3 sessions. The server may refuse a POP3 session
if the last one was active less than this time period ago.
<li>EXPIRE<br>
The time after which old mails are deleted by the POP3 server.
<ul>
<li>NEVER: The POP3 server will not delete mail without the user requesting
it.
<li>0: The POP3 server will not keep mails; all mails will be deleted after
they have been downloaded, regardless of the user's wishes.
<li><var>number</var>: The number of days that the POP3 server will keep mails
before deleting them without user interaction.
</ul>
<li>STARTTLS<br>
See <a href="#Transport-Layer-Security">Transport Layer Security</a>.
<li>AUTH<br>
See <a href="#Authentication">Authentication</a>.
<li>RESP-CODES<br>
If authentication fails and the POP3 server issues an error message beginning
with a square bracket, this message will include additional information about
the source of the error:
<ul>
<li><code>[LOGIN-DELAY]</code>: The login delay period hast not yet expired.
<li><code>[IN-USE]</code>: Authentication succeeded but the mailbox is currently
in use, possibly by another POP3 session.
</ul>
<li>AUTH-RESP-CODE<br>
If authentication fails and the POP3 server issues an error message beginning
with a square bracket, this message will include additional information about
the source of the error:
<ul>
<li><code>[LOGIN-DELAY]</code>: The login delay period hast not yet expired.
<li><code>[IN-USE]</code>: Authentication succeeded but the mailbox is currently
in use, possibly by another POP3 session.
<li><code>[SYS/TEMP]</code>: Temporary system failure; try again later.
<li><code>[SYS/PERM]</code>: Permanent system failure; ask the administrator.
<li><code>[AUTH]</code>: Incorrect user name or password or some other problem with
the user's credentials.
</ul>
</ul>
<p>If TLS is activated for server information mode, the following information will
be printed about the POP3 server's TLS certificate (if available):
<ul>
<li>Owner information
<ul>
<li>Common Name
<li>Organization
<li>Organizational unit
<li>Locality
<li>State or Province
<li>Country
</ul>
<li>Issuer information
<ul>
<li>Common Name
<li>Organization
<li>Organizational unit
<li>Locality
<li>State or Province
<li>Country
</ul>
<li>General
<ul>
<li>Activation time
<li>Expiration time
<li>SHA1 fingerprint
<li>MD5 fingerprint
</ul>
</ul>
<div class="node">
<a name="Filtering"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Server-information-mode">Server information mode</a>,
Previous: <a rel="previous" accesskey="p" href="#Mail-retrieval-mode">Mail retrieval mode</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">10 Filtering</h2>
<p>There are three filtering commands available. They will be executed in the
following order:
<ol type=1 start=1>
<li>‘<samp><span class="samp">killsize</span></samp>’
<li>‘<samp><span class="samp">skipsize</span></samp>’
<li>‘<samp><span class="samp">filter</span></samp>’
</ol>
<p>If a filtering command applies to a mail, the remaining filters will not be
executed.
<p>The POP3 server must support the POP3 TOP command
(<a href="#Server-information-mode">Server information mode</a>) for filtering with a filter command:
It is used to read the mail headers (plus the blank line separating the header
from the body) and pipe them to the filter command.
<p>Note that, if the filter decides that the mail should be retrieved, the complete
mail has to be downloaded, including the headers, so the headers will be
downloaded twice. This is because there's no way in POP3 to download just
the mail body. Sometimes this overhead surpasses the savings of the filtering.
<p>The filter command looks at the mail headers and signals with its exit code what
mpop should do with the mail:
<ul>
<li>0: retrieve the mail
<li>1: delete the mail; do not retrieve it
<li>2: skip the mail; do not retrieve it
</ul>
Return codes greater than or equal to 3 mean that an error occurred.
The <code>sysexits.h</code> error codes may be used to give information about the kind
of the error, but this is optional.
<p>Since the filter command will be passed to a shell, you can use all shell
command constructs in addition to just calling a script or program. This allows
flexible filter constructs. See <a href="#Filtering-with-SpamAssassin">Filtering with SpamAssassin</a>.
<p>Some POP3 servers count end-of-line characters as two bytes (CRLF) instead of
one (LF), so that the size of a mail as reported by the POP3 server is slightly
larger than the actual size. The filters use the size values reported by the
POP3 server since they cannot know the actual size in advance. Thus you cannot
rely on <em>exact</em> size filtering.
<div class="node">
<a name="Examples"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Development">Development</a>,
Previous: <a rel="previous" accesskey="p" href="#Server-information-mode">Server information mode</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">11 Examples</h2>
<ul class="menu">
<li><a accesskey="1" href="#A-configuration-file">A configuration file</a>
<li><a accesskey="2" href="#Filtering-with-SpamAssassin">Filtering with SpamAssassin</a>
</ul>
<div class="node">
<a name="A-configuration-file"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Filtering-with-SpamAssassin">Filtering with SpamAssassin</a>,
Up: <a rel="up" accesskey="u" href="#Examples">Examples</a>
</div>
<h3 class="section">11.1 A configuration file</h3>
<pre class="example"> #
# Default values for all accounts.
#
defaults
# Activate TLS.
tls on
# Enable full TLS certificate checks.
tls_trust_file /etc/ssl/certs/ca-certificates.crt
# Use the POP3-over-TLS variant instead of the STARTTLS variant.
# This is also known as "POP3 with SSL". Most servers support this.
tls_starttls off
# Use the procmail mail delivery agent.
delivery mda "/usr/bin/procmail -f '%F' -d $USER"
# For Sendmail:
#delivery mda "/usr/sbin/sendmail -oi -oem -f '%F' -- $USER"
# For msmtp (delivery via SMTP):
#delivery mda "/usr/bin/msmtp --host=localhost --from='%F' -- $USER"
# Delivery to a maildir folder:
#delivery maildir ~/Mail/incoming
# Delivery to a MBOX mail folder:
#delivery mbox ~/Mail/new
# Delivery to an Exchange pickup directory:
#delivery exchange c:\exchange\pickup
#
# Two pop3 mailboxes at the provider.
#
account provider1
host mx.provider.example
user john_smith
password secret
# Copy the settings from the previous account, and only override the
# settings that differ.
account provider2 : provider1
user joey
password secret2
#
# A freemail service.
#
account freemail
host pop.freemail.example
user 1238476
passwordeval gpg -d ~/.mpop.password.gpg
# The service runs SpamAssassin, so test each mail for the "X-Spam-Status: Yes"
# header, and delete all mails with this header before downloading them.
filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi
#
# Set a default account (optional).
#
account default : provider1
</pre>
<div class="node">
<a name="Filtering-with-SpamAssassin"></a>
<p><hr>
Previous: <a rel="previous" accesskey="p" href="#A-configuration-file">A configuration file</a>,
Up: <a rel="up" accesskey="u" href="#Examples">Examples</a>
</div>
<h3 class="section">11.2 Filtering with SpamAssassin</h3>
<p>Use the following to delete all mails that SpamAssassin classifies as spam:
<pre class="example"> filter "/path/to/spamc -c > /dev/null"
</pre>
<p>Since no message body is passed to SpamAssassin, you should disable all
body-specific tests in the SpamAssassin configuration file; for example set
use_bayes 0.
<p>If your mail provider runs SpamAssassin for you, you just have to check for
the result. The following script can do that when used as an mpop filter:
<pre class="example"> #!/bin/sh
if [ "`grep "^X-Spam-Status: Yes"`" ]; then
exit 1 # kill this message
else
exit 0 # proceed normally
fi
</pre>
<p>Since the filter command is passed to a shell, all shell constructs are usable,
so you can also use this directly:
<pre class="example"> filter if [ "`grep "^X-Spam-Status: Yes"`" ]; then exit 1; else exit 0; fi
</pre>
<div class="node">
<a name="Development"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Copying-Information">Copying Information</a>,
Previous: <a rel="previous" accesskey="p" href="#Examples">Examples</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="chapter">12 Development</h2>
<p>The homepage of mpop is <a href="http://mpop.sourceforge.net/">http://mpop.sourceforge.net/</a>;
the SourceForge project page is at <a href="http://sourceforge.net/projects/mpop/">http://sourceforge.net/projects/mpop/</a>.
<p>The mailing lists <code>mpop-users</code> can be accessed from the project page.
<p>Please send any questions, suggestions, and bug reports either to the mailing
list or to Martin Lambers (<a href="mailto:marlam@marlam.de">marlam@marlam.de</a>, OpenPGP key:
<a href="http://www.marlam.de/key.txt">http://www.marlam.de/key.txt</a>).
If you send a bug report, please include the output of <code>mpop --version</code>.
<div class="node">
<a name="Copying-Information"></a>
<p><hr>
Previous: <a rel="previous" accesskey="p" href="#Development">Development</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
</div>
<h2 class="appendix">Appendix A Copying Information</h2>
<ul class="menu">
<li><a accesskey="1" href="#GNU-Free-Documentation-License">GNU Free Documentation License</a>: License for copying this manual.
<li><a accesskey="2" href="#GNU-GPL">GNU GPL</a>: License for copying the program.
</ul>
<div class="node">
<a name="GNU-Free-Documentation-License"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#GNU-GPL">GNU GPL</a>,
Up: <a rel="up" accesskey="u" href="#Copying-Information">Copying Information</a>
</div>
<h3 class="unnumberedsec">GNU Free Documentation License</h3>
<!-- The GNU Free Documentation License. -->
<div align="center">Version 1.2, November 2002</div>
<!-- This file is intended to be included within another document, -->
<!-- hence no sectioning command or @node. -->
<pre class="display"> Copyright © 2000,2001,2002 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
</pre>
<ol type=1 start=0>
<li>PREAMBLE
<p>The purpose of this License is to make a manual, textbook, or other
functional and useful document <dfn>free</dfn> in the sense of freedom: to
assure everyone the effective freedom to copy and redistribute it,
with or without modifying it, either commercially or noncommercially.
Secondarily, this License preserves for the author and publisher a way
to get credit for their work, while not being considered responsible
for modifications made by others.
<p>This License is a kind of “copyleft”, which means that derivative
works of the document must themselves be free in the same sense. It
complements the GNU General Public License, which is a copyleft
license designed for free software.
<p>We have designed this License in order to use it for manuals for free
software, because free software needs free documentation: a free
program should come with manuals providing the same freedoms that the
software does. But this License is not limited to software manuals;
it can be used for any textual work, regardless of subject matter or
whether it is published as a printed book. We recommend this License
principally for works whose purpose is instruction or reference.
<li>APPLICABILITY AND DEFINITIONS
<p>This License applies to any manual or other work, in any medium, that
contains a notice placed by the copyright holder saying it can be
distributed under the terms of this License. Such a notice grants a
world-wide, royalty-free license, unlimited in duration, to use that
work under the conditions stated herein. The “Document”, below,
refers to any such manual or work. Any member of the public is a
licensee, and is addressed as “you”. You accept the license if you
copy, modify or distribute the work in a way requiring permission
under copyright law.
<p>A “Modified Version” of the Document means any work containing the
Document or a portion of it, either copied verbatim, or with
modifications and/or translated into another language.
<p>A “Secondary Section” is a named appendix or a front-matter section
of the Document that deals exclusively with the relationship of the
publishers or authors of the Document to the Document's overall
subject (or to related matters) and contains nothing that could fall
directly within that overall subject. (Thus, if the Document is in
part a textbook of mathematics, a Secondary Section may not explain
any mathematics.) The relationship could be a matter of historical
connection with the subject or with related matters, or of legal,
commercial, philosophical, ethical or political position regarding
them.
<p>The “Invariant Sections” are certain Secondary Sections whose titles
are designated, as being those of Invariant Sections, in the notice
that says that the Document is released under this License. If a
section does not fit the above definition of Secondary then it is not
allowed to be designated as Invariant. The Document may contain zero
Invariant Sections. If the Document does not identify any Invariant
Sections then there are none.
<p>The “Cover Texts” are certain short passages of text that are listed,
as Front-Cover Texts or Back-Cover Texts, in the notice that says that
the Document is released under this License. A Front-Cover Text may
be at most 5 words, and a Back-Cover Text may be at most 25 words.
<p>A “Transparent” copy of the Document means a machine-readable copy,
represented in a format whose specification is available to the
general public, that is suitable for revising the document
straightforwardly with generic text editors or (for images composed of
pixels) generic paint programs or (for drawings) some widely available
drawing editor, and that is suitable for input to text formatters or
for automatic translation to a variety of formats suitable for input
to text formatters. A copy made in an otherwise Transparent file
format whose markup, or absence of markup, has been arranged to thwart
or discourage subsequent modification by readers is not Transparent.
An image format is not Transparent if used for any substantial amount
of text. A copy that is not “Transparent” is called “Opaque”.
<p>Examples of suitable formats for Transparent copies include plain
<span class="sc">ascii</span> without markup, Texinfo input format, LaTeX input
format, <acronym>SGML</acronym> or <acronym>XML</acronym> using a publicly available
<acronym>DTD</acronym>, and standard-conforming simple <acronym>HTML</acronym>,
PostScript or <acronym>PDF</acronym> designed for human modification. Examples
of transparent image formats include <acronym>PNG</acronym>, <acronym>XCF</acronym> and
<acronym>JPG</acronym>. Opaque formats include proprietary formats that can be
read and edited only by proprietary word processors, <acronym>SGML</acronym> or
<acronym>XML</acronym> for which the <acronym>DTD</acronym> and/or processing tools are
not generally available, and the machine-generated <acronym>HTML</acronym>,
PostScript or <acronym>PDF</acronym> produced by some word processors for
output purposes only.
<p>The “Title Page” means, for a printed book, the title page itself,
plus such following pages as are needed to hold, legibly, the material
this License requires to appear in the title page. For works in
formats which do not have any title page as such, “Title Page” means
the text near the most prominent appearance of the work's title,
preceding the beginning of the body of the text.
<p>A section “Entitled XYZ” means a named subunit of the Document whose
title either is precisely XYZ or contains XYZ in parentheses following
text that translates XYZ in another language. (Here XYZ stands for a
specific section name mentioned below, such as “Acknowledgements”,
“Dedications”, “Endorsements”, or “History”.) To “Preserve the Title”
of such a section when you modify the Document means that it remains a
section “Entitled XYZ” according to this definition.
<p>The Document may include Warranty Disclaimers next to the notice which
states that this License applies to the Document. These Warranty
Disclaimers are considered to be included by reference in this
License, but only as regards disclaiming warranties: any other
implication that these Warranty Disclaimers may have is void and has
no effect on the meaning of this License.
<li>VERBATIM COPYING
<p>You may copy and distribute the Document in any medium, either
commercially or noncommercially, provided that this License, the
copyright notices, and the license notice saying this License applies
to the Document are reproduced in all copies, and that you add no other
conditions whatsoever to those of this License. You may not use
technical measures to obstruct or control the reading or further
copying of the copies you make or distribute. However, you may accept
compensation in exchange for copies. If you distribute a large enough
number of copies you must also follow the conditions in section 3.
<p>You may also lend copies, under the same conditions stated above, and
you may publicly display copies.
<li>COPYING IN QUANTITY
<p>If you publish printed copies (or copies in media that commonly have
printed covers) of the Document, numbering more than 100, and the
Document's license notice requires Cover Texts, you must enclose the
copies in covers that carry, clearly and legibly, all these Cover
Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on
the back cover. Both covers must also clearly and legibly identify
you as the publisher of these copies. The front cover must present
the full title with all words of the title equally prominent and
visible. You may add other material on the covers in addition.
Copying with changes limited to the covers, as long as they preserve
the title of the Document and satisfy these conditions, can be treated
as verbatim copying in other respects.
<p>If the required texts for either cover are too voluminous to fit
legibly, you should put the first ones listed (as many as fit
reasonably) on the actual cover, and continue the rest onto adjacent
pages.
<p>If you publish or distribute Opaque copies of the Document numbering
more than 100, you must either include a machine-readable Transparent
copy along with each Opaque copy, or state in or with each Opaque copy
a computer-network location from which the general network-using
public has access to download using public-standard network protocols
a complete Transparent copy of the Document, free of added material.
If you use the latter option, you must take reasonably prudent steps,
when you begin distribution of Opaque copies in quantity, to ensure
that this Transparent copy will remain thus accessible at the stated
location until at least one year after the last time you distribute an
Opaque copy (directly or through your agents or retailers) of that
edition to the public.
<p>It is requested, but not required, that you contact the authors of the
Document well before redistributing any large number of copies, to give
them a chance to provide you with an updated version of the Document.
<li>MODIFICATIONS
<p>You may copy and distribute a Modified Version of the Document under
the conditions of sections 2 and 3 above, provided that you release
the Modified Version under precisely this License, with the Modified
Version filling the role of the Document, thus licensing distribution
and modification of the Modified Version to whoever possesses a copy
of it. In addition, you must do these things in the Modified Version:
<ol type=A start=1>
<li>Use in the Title Page (and on the covers, if any) a title distinct
from that of the Document, and from those of previous versions
(which should, if there were any, be listed in the History section
of the Document). You may use the same title as a previous version
if the original publisher of that version gives permission.
<li>List on the Title Page, as authors, one or more persons or entities
responsible for authorship of the modifications in the Modified
Version, together with at least five of the principal authors of the
Document (all of its principal authors, if it has fewer than five),
unless they release you from this requirement.
<li>State on the Title page the name of the publisher of the
Modified Version, as the publisher.
<li>Preserve all the copyright notices of the Document.
<li>Add an appropriate copyright notice for your modifications
adjacent to the other copyright notices.
<li>Include, immediately after the copyright notices, a license notice
giving the public permission to use the Modified Version under the
terms of this License, in the form shown in the Addendum below.
<li>Preserve in that license notice the full lists of Invariant Sections
and required Cover Texts given in the Document's license notice.
<li>Include an unaltered copy of this License.
<li>Preserve the section Entitled “History”, Preserve its Title, and add
to it an item stating at least the title, year, new authors, and
publisher of the Modified Version as given on the Title Page. If
there is no section Entitled “History” in the Document, create one
stating the title, year, authors, and publisher of the Document as
given on its Title Page, then add an item describing the Modified
Version as stated in the previous sentence.
<li>Preserve the network location, if any, given in the Document for
public access to a Transparent copy of the Document, and likewise
the network locations given in the Document for previous versions
it was based on. These may be placed in the “History” section.
You may omit a network location for a work that was published at
least four years before the Document itself, or if the original
publisher of the version it refers to gives permission.
<li>For any section Entitled “Acknowledgements” or “Dedications”, Preserve
the Title of the section, and preserve in the section all the
substance and tone of each of the contributor acknowledgements and/or
dedications given therein.
<li>Preserve all the Invariant Sections of the Document,
unaltered in their text and in their titles. Section numbers
or the equivalent are not considered part of the section titles.
<li>Delete any section Entitled “Endorsements”. Such a section
may not be included in the Modified Version.
<li>Do not retitle any existing section to be Entitled “Endorsements” or
to conflict in title with any Invariant Section.
<li>Preserve any Warranty Disclaimers.
</ol>
<p>If the Modified Version includes new front-matter sections or
appendices that qualify as Secondary Sections and contain no material
copied from the Document, you may at your option designate some or all
of these sections as invariant. To do this, add their titles to the
list of Invariant Sections in the Modified Version's license notice.
These titles must be distinct from any other section titles.
<p>You may add a section Entitled “Endorsements”, provided it contains
nothing but endorsements of your Modified Version by various
parties—for example, statements of peer review or that the text has
been approved by an organization as the authoritative definition of a
standard.
<p>You may add a passage of up to five words as a Front-Cover Text, and a
passage of up to 25 words as a Back-Cover Text, to the end of the list
of Cover Texts in the Modified Version. Only one passage of
Front-Cover Text and one of Back-Cover Text may be added by (or
through arrangements made by) any one entity. If the Document already
includes a cover text for the same cover, previously added by you or
by arrangement made by the same entity you are acting on behalf of,
you may not add another; but you may replace the old one, on explicit
permission from the previous publisher that added the old one.
<p>The author(s) and publisher(s) of the Document do not by this License
give permission to use their names for publicity for or to assert or
imply endorsement of any Modified Version.
<li>COMBINING DOCUMENTS
<p>You may combine the Document with other documents released under this
License, under the terms defined in section 4 above for modified
versions, provided that you include in the combination all of the
Invariant Sections of all of the original documents, unmodified, and
list them all as Invariant Sections of your combined work in its
license notice, and that you preserve all their Warranty Disclaimers.
<p>The combined work need only contain one copy of this License, and
multiple identical Invariant Sections may be replaced with a single
copy. If there are multiple Invariant Sections with the same name but
different contents, make the title of each such section unique by
adding at the end of it, in parentheses, the name of the original
author or publisher of that section if known, or else a unique number.
Make the same adjustment to the section titles in the list of
Invariant Sections in the license notice of the combined work.
<p>In the combination, you must combine any sections Entitled “History”
in the various original documents, forming one section Entitled
“History”; likewise combine any sections Entitled “Acknowledgements”,
and any sections Entitled “Dedications”. You must delete all
sections Entitled “Endorsements.”
<li>COLLECTIONS OF DOCUMENTS
<p>You may make a collection consisting of the Document and other documents
released under this License, and replace the individual copies of this
License in the various documents with a single copy that is included in
the collection, provided that you follow the rules of this License for
verbatim copying of each of the documents in all other respects.
<p>You may extract a single document from such a collection, and distribute
it individually under this License, provided you insert a copy of this
License into the extracted document, and follow this License in all
other respects regarding verbatim copying of that document.
<li>AGGREGATION WITH INDEPENDENT WORKS
<p>A compilation of the Document or its derivatives with other separate
and independent documents or works, in or on a volume of a storage or
distribution medium, is called an “aggregate” if the copyright
resulting from the compilation is not used to limit the legal rights
of the compilation's users beyond what the individual works permit.
When the Document is included in an aggregate, this License does not
apply to the other works in the aggregate which are not themselves
derivative works of the Document.
<p>If the Cover Text requirement of section 3 is applicable to these
copies of the Document, then if the Document is less than one half of
the entire aggregate, the Document's Cover Texts may be placed on
covers that bracket the Document within the aggregate, or the
electronic equivalent of covers if the Document is in electronic form.
Otherwise they must appear on printed covers that bracket the whole
aggregate.
<li>TRANSLATION
<p>Translation is considered a kind of modification, so you may
distribute translations of the Document under the terms of section 4.
Replacing Invariant Sections with translations requires special
permission from their copyright holders, but you may include
translations of some or all Invariant Sections in addition to the
original versions of these Invariant Sections. You may include a
translation of this License, and all the license notices in the
Document, and any Warranty Disclaimers, provided that you also include
the original English version of this License and the original versions
of those notices and disclaimers. In case of a disagreement between
the translation and the original version of this License or a notice
or disclaimer, the original version will prevail.
<p>If a section in the Document is Entitled “Acknowledgements”,
“Dedications”, or “History”, the requirement (section 4) to Preserve
its Title (section 1) will typically require changing the actual
title.
<li>TERMINATION
<p>You may not copy, modify, sublicense, or distribute the Document except
as expressly provided for under this License. Any other attempt to
copy, modify, sublicense or distribute the Document is void, and will
automatically terminate your rights under this License. However,
parties who have received copies, or rights, from you under this
License will not have their licenses terminated so long as such
parties remain in full compliance.
<li>FUTURE REVISIONS OF THIS LICENSE
<p>The Free Software Foundation may publish new, revised versions
of the GNU Free Documentation License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns. See
<a href="http://www.gnu.org/copyleft/">http://www.gnu.org/copyleft/</a>.
<p>Each version of the License is given a distinguishing version number.
If the Document specifies that a particular numbered version of this
License “or any later version” applies to it, you have the option of
following the terms and conditions either of that specified version or
of any later version that has been published (not as a draft) by the
Free Software Foundation. If the Document does not specify a version
number of this License, you may choose any version ever published (not
as a draft) by the Free Software Foundation.
</ol>
<h3 class="heading">ADDENDUM: How to use this License for your documents</h3>
<p>To use this License in a document you have written, include a copy of
the License in the document and put the following copyright and
license notices just after the title page:
<pre class="smallexample"> Copyright (C) <var>year</var> <var>your name</var>.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the license is included in the section entitled ``GNU
Free Documentation License''.
</pre>
<p>If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
replace the “with<small class="dots">...</small>Texts.” line with this:
<pre class="smallexample"> with the Invariant Sections being <var>list their titles</var>, with
the Front-Cover Texts being <var>list</var>, and with the Back-Cover Texts
being <var>list</var>.
</pre>
<p>If you have Invariant Sections without Cover Texts, or some other
combination of the three, merge those two alternatives to suit the
situation.
<p>If your document contains nontrivial examples of program code, we
recommend releasing these examples in parallel under your choice of
free software license, such as the GNU General Public License,
to permit their use in free software.
<!-- Local Variables: -->
<!-- ispell-local-pdict: "ispell-dict" -->
<!-- End: -->
<div class="node">
<a name="GNU-GPL"></a>
<p><hr>
Previous: <a rel="previous" accesskey="p" href="#GNU-Free-Documentation-License">GNU Free Documentation License</a>,
Up: <a rel="up" accesskey="u" href="#Copying-Information">Copying Information</a>
</div>
<h3 class="unnumberedsec">GNU GPL</h3>
<!-- The GNU General Public License. -->
<div align="center">Version 3, 29 June 2007</div>
<!-- This file is intended to be included within another document, -->
<!-- hence no sectioning command or @node. -->
<pre class="display"> Copyright © 2007 Free Software Foundation, Inc. <a href="http://fsf.org/">http://fsf.org/</a>
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
</pre>
<h3 class="heading">Preamble</h3>
<p>The GNU General Public License is a free, copyleft license for
software and other kinds of works.
<p>The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom
to share and change all versions of a program—to make sure it remains
free software for all its users. We, the Free Software Foundation,
use the GNU General Public License for most of our software; it
applies also to any other work released this way by its authors. You
can apply it to your programs, too.
<p>When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
<p>To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you
have certain responsibilities if you distribute copies of the
software, or if you modify it: responsibilities to respect the freedom
of others.
<p>For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too,
receive or can get the source code. And you must show them these
terms so they know their rights.
<p>Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
<p>For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
<p>Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the
manufacturer can do so. This is fundamentally incompatible with the
aim of protecting users' freedom to change the software. The
systematic pattern of such abuse occurs in the area of products for
individuals to use, which is precisely where it is most unacceptable.
Therefore, we have designed this version of the GPL to prohibit the
practice for those products. If such problems arise substantially in
other domains, we stand ready to extend this provision to those
domains in future versions of the GPL, as needed to protect the
freedom of users.
<p>Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish
to avoid the special danger that patents applied to a free program
could make it effectively proprietary. To prevent this, the GPL
assures that patents cannot be used to render the program non-free.
<p>The precise terms and conditions for copying, distribution and
modification follow.
<h3 class="heading">TERMS AND CONDITIONS</h3>
<ol type=1 start=0>
<li>Definitions.
<p>“This License” refers to version 3 of the GNU General Public License.
<p>“Copyright” also means copyright-like laws that apply to other kinds
of works, such as semiconductor masks.
<p>“The Program” refers to any copyrightable work licensed under this
License. Each licensee is addressed as “you”. “Licensees” and
“recipients” may be individuals or organizations.
<p>To “modify” a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of
an exact copy. The resulting work is called a “modified version” of
the earlier work or a work “based on” the earlier work.
<p>A “covered work” means either the unmodified Program or a work based
on the Program.
<p>To “propagate” a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
<p>To “convey” a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user
through a computer network, with no transfer of a copy, is not
conveying.
<p>An interactive user interface displays “Appropriate Legal Notices” to
the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
<li>Source Code.
<p>The “source code” for a work means the preferred form of the work for
making modifications to it. “Object code” means any non-source form
of a work.
<p>A “Standard Interface” means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
<p>The “System Libraries” of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
“Major Component”, in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
<p>The “Corresponding Source” for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
<p>The Corresponding Source need not include anything that users can
regenerate automatically from other parts of the Corresponding Source.
<p>The Corresponding Source for a work in source code form is that same
work.
<li>Basic Permissions.
<p>All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
<p>You may make, run and propagate covered works that you do not convey,
without conditions so long as your license otherwise remains in force.
You may convey covered works to others for the sole purpose of having
them make modifications exclusively for you, or provide you with
facilities for running those works, provided that you comply with the
terms of this License in conveying all material for which you do not
control copyright. Those thus making or running the covered works for
you must do so exclusively on your behalf, under your direction and
control, on terms that prohibit them from making any copies of your
copyrighted material outside their relationship with you.
<p>Conveying under any other circumstances is permitted solely under the
conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
<li>Protecting Users' Legal Rights From Anti-Circumvention Law.
<p>No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
<p>When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such
circumvention is effected by exercising rights under this License with
respect to the covered work, and you disclaim any intention to limit
operation or modification of the work as a means of enforcing, against
the work's users, your or third parties' legal rights to forbid
circumvention of technological measures.
<li>Conveying Verbatim Copies.
<p>You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
<p>You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
<li>Conveying Modified Source Versions.
<p>You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these
conditions:
<ol type=a start=1>
<li>The work must carry prominent notices stating that you modified it,
and giving a relevant date.
<li>The work must carry prominent notices stating that it is released
under this License and any conditions added under section 7. This
requirement modifies the requirement in section 4 to “keep intact all
notices”.
<li>You must license the entire work, as a whole, under this License to
anyone who comes into possession of a copy. This License will
therefore apply, along with any applicable section 7 additional terms,
to the whole of the work, and all its parts, regardless of how they
are packaged. This License gives no permission to license the work in
any other way, but it does not invalidate such permission if you have
separately received it.
<li>If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your work
need not make them do so.
</ol>
<p>A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
“aggregate” if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
<li>Conveying Non-Source Forms.
<p>You may convey a covered work in object code form under the terms of
sections 4 and 5, provided that you also convey the machine-readable
Corresponding Source under the terms of this License, in one of these
ways:
<ol type=a start=1>
<li>Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium customarily
used for software interchange.
<li>Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a written
offer, valid for at least three years and valid for as long as you
offer spare parts or customer support for that product model, to give
anyone who possesses the object code either (1) a copy of the
Corresponding Source for all the software in the product that is
covered by this License, on a durable physical medium customarily used
for software interchange, for a price no more than your reasonable
cost of physically performing this conveying of source, or (2) access
to copy the Corresponding Source from a network server at no charge.
<li>Convey individual copies of the object code with a copy of the written
offer to provide the Corresponding Source. This alternative is
allowed only occasionally and noncommercially, and only if you
received the object code with such an offer, in accord with subsection
6b.
<li>Convey the object code by offering access from a designated place
(gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to copy
the object code is a network server, the Corresponding Source may be
on a different server (operated by you or a third party) that supports
equivalent copying facilities, provided you maintain clear directions
next to the object code saying where to find the Corresponding Source.
Regardless of what server hosts the Corresponding Source, you remain
obligated to ensure that it is available for as long as needed to
satisfy these requirements.
<li>Convey the object code using peer-to-peer transmission, provided you
inform other peers where the object code and Corresponding Source of
the work are being offered to the general public at no charge under
subsection 6d.
</ol>
<p>A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
<p>A “User Product” is either (1) a “consumer product”, which means any
tangible personal property which is normally used for personal,
family, or household purposes, or (2) anything designed or sold for
incorporation into a dwelling. In determining whether a product is a
consumer product, doubtful cases shall be resolved in favor of
coverage. For a particular product received by a particular user,
“normally used” refers to a typical or common use of that class of
product, regardless of the status of the particular user or of the way
in which the particular user actually uses, or expects or is expected
to use, the product. A product is a consumer product regardless of
whether the product has substantial commercial, industrial or
non-consumer uses, unless such uses represent the only significant
mode of use of the product.
<p>“Installation Information” for a User Product means any methods,
procedures, authorization keys, or other information required to
install and execute modified versions of a covered work in that User
Product from a modified version of its Corresponding Source. The
information must suffice to ensure that the continued functioning of
the modified object code is in no case prevented or interfered with
solely because modification has been made.
<p>If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
<p>The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or
updates for a work that has been modified or installed by the
recipient, or for the User Product in which it has been modified or
installed. Access to a network may be denied when the modification
itself materially and adversely affects the operation of the network
or violates the rules and protocols for communication across the
network.
<p>Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
<li>Additional Terms.
<p>“Additional permissions” are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
<p>When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
<p>Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders
of that material) supplement the terms of this License with terms:
<ol type=a start=1>
<li>Disclaiming warranty or limiting liability differently from the terms
of sections 15 and 16 of this License; or
<li>Requiring preservation of specified reasonable legal notices or author
attributions in that material or in the Appropriate Legal Notices
displayed by works containing it; or
<li>Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
<li>Limiting the use for publicity purposes of names of licensors or
authors of the material; or
<li>Declining to grant rights under trademark law for use of some trade
names, trademarks, or service marks; or
<li>Requiring indemnification of licensors and authors of that material by
anyone who conveys the material (or modified versions of it) with
contractual assumptions of liability to the recipient, for any
liability that these contractual assumptions directly impose on those
licensors and authors.
</ol>
<p>All other non-permissive additional terms are considered “further
restrictions” within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
<p>If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
<p>Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions; the
above requirements apply either way.
<li>Termination.
<p>You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
<p>However, if you cease all violation of this License, then your license
from a particular copyright holder is reinstated (a) provisionally,
unless and until the copyright holder explicitly and finally
terminates your license, and (b) permanently, if the copyright holder
fails to notify you of the violation by some reasonable means prior to
60 days after the cessation.
<p>Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
<p>Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
<li>Acceptance Not Required for Having Copies.
<p>You are not required to accept this License in order to receive or run
a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
<li>Automatic Licensing of Downstream Recipients.
<p>Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
<p>An “entity transaction” is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
<p>You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
<li>Patents.
<p>A “contributor” is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's “contributor version”.
<p>A contributor's “essential patent claims” are all patent claims owned
or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, “control” includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
<p>Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
<p>In the following three paragraphs, a “patent license” is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To “grant” such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
<p>If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. “Knowingly relying” means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
<p>If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
<p>A patent license is “discriminatory” if it does not include within the
scope of its coverage, prohibits the exercise of, or is conditioned on
the non-exercise of one or more of the rights that are specifically
granted under this License. You may not convey a covered work if you
are a party to an arrangement with a third party that is in the
business of distributing software, under which you make payment to the
third party based on the extent of your activity of conveying the
work, and under which the third party grants, to any of the parties
who would receive the covered work from you, a discriminatory patent
license (a) in connection with copies of the covered work conveyed by
you (or copies made from those copies), or (b) primarily for and in
connection with specific products or compilations that contain the
covered work, unless you entered into that arrangement, or that patent
license was granted, prior to 28 March 2007.
<p>Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
<li>No Surrender of Others' Freedom.
<p>If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey
a covered work so as to satisfy simultaneously your obligations under
this License and any other pertinent obligations, then as a
consequence you may not convey it at all. For example, if you agree
to terms that obligate you to collect a royalty for further conveying
from those to whom you convey the Program, the only way you could
satisfy both those terms and this License would be to refrain entirely
from conveying the Program.
<li>Use with the GNU Affero General Public License.
<p>Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
<li>Revised Versions of this License.
<p>The Free Software Foundation may publish revised and/or new versions
of the GNU General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
<p>Each version is given a distinguishing version number. If the Program
specifies that a certain numbered version of the GNU General Public
License “or any later version” applies to it, you have the option of
following the terms and conditions either of that numbered version or
of any later version published by the Free Software Foundation. If
the Program does not specify a version number of the GNU General
Public License, you may choose any version ever published by the Free
Software Foundation.
<p>If the Program specifies that a proxy can decide which future versions
of the GNU General Public License can be used, that proxy's public
statement of acceptance of a version permanently authorizes you to
choose that version for the Program.
<p>Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
<li>Disclaimer of Warranty.
<p>THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.
<li>Limitation of Liability.
<p>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
<li>Interpretation of Sections 15 and 16.
<p>If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
</ol>
<h3 class="heading">END OF TERMS AND CONDITIONS</h3>
<h3 class="heading">How to Apply These Terms to Your New Programs</h3>
<p>If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these
terms.
<p>To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the “copyright” line and a pointer to where the full notice is found.
<pre class="smallexample"> <var>one line to give the program's name and a brief idea of what it does.</var>
Copyright (C) <var>year</var> <var>name of author</var>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at
your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.
</pre>
<p>Also add information on how to contact you by electronic and paper mail.
<p>If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<pre class="smallexample"> <var>program</var> Copyright (C) <var>year</var> <var>name of author</var>
This program comes with ABSOLUTELY NO WARRANTY; for details type ‘<samp><span class="samp">show w</span></samp>’.
This is free software, and you are welcome to redistribute it
under certain conditions; type ‘<samp><span class="samp">show c</span></samp>’ for details.
</pre>
<p>The hypothetical commands ‘<samp><span class="samp">show w</span></samp>’ and ‘<samp><span class="samp">show c</span></samp>’ should show
the appropriate parts of the General Public License. Of course, your
program's commands might be different; for a GUI interface, you would
use an “about box”.
<p>You should also get your employer (if you work as a programmer) or school,
if any, to sign a “copyright disclaimer” for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.
<p>The GNU General Public License does not permit incorporating your
program into proprietary programs. If your program is a subroutine
library, you may consider it more useful to permit linking proprietary
applications with the library. If this is what you want to do, use
the GNU Lesser General Public License instead of this License. But
first, please read <a href="http://www.gnu.org/philosophy/why-not-lgpl.html">http://www.gnu.org/philosophy/why-not-lgpl.html</a>.
</body></html>
