forked from mjl-/mox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
doc.go
1556 lines (1106 loc) · 55.1 KB
/
doc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
Command mox is a modern, secure, full-featured, open source mail server for
low-maintenance self-hosted email.
Mox is started with the "serve" subcommand, but mox also has many other
subcommands.
Many of those commands talk to a running mox instance, through the ctl file in
the data directory. Specify the configuration file (that holds the path to the
data directory) through the -config flag or MOXCONF environment variable.
Commands that don't talk to a running mox instance are often for
testing/debugging email functionality. For example for parsing an email message,
or looking up SPF/DKIM/DMARC records.
Below is the usage information as printed by the command when started without
any parameters. Followed by the help and usage information for each command.
# Usage
mox [-config config/mox.conf] [-pedantic] ...
mox serve
mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
mox stop
mox setaccountpassword account
mox setadminpassword
mox loglevels [level [pkg]]
mox queue holdrules list
mox queue holdrules add [ruleflags]
mox queue holdrules remove ruleid
mox queue list [filtersortflags]
mox queue hold [filterflags]
mox queue unhold [filterflags]
mox queue schedule [filterflags] [-now] duration
mox queue transport [filterflags] transport
mox queue requiretls [filterflags] {yes | no | default}
mox queue fail [filterflags]
mox queue drop [filterflags]
mox queue dump id
mox queue retired list [filtersortflags]
mox queue retired print id
mox queue suppress list [-account account]
mox queue suppress add account address
mox queue suppress remove account address
mox queue suppress lookup [-account account] address
mox queue webhook list [filtersortflags]
mox queue webhook schedule [filterflags] duration
mox queue webhook cancel [filterflags]
mox queue webhook print id
mox queue webhook retired list [filtersortflags]
mox queue webhook retired print id
mox import maildir accountname mailboxname maildir
mox import mbox accountname mailboxname mbox
mox export maildir [-single] dst-dir account-path [mailbox]
mox export mbox [-single] dst-dir account-path [mailbox]
mox localserve
mox help [command ...]
mox backup dest-dir
mox verifydata data-dir
mox licenses
mox config test
mox config dnscheck domain
mox config dnsrecords domain
mox config describe-domains >domains.conf
mox config describe-static >mox.conf
mox config account add account address
mox config account rm account
mox config address add address account
mox config address rm address
mox config domain add domain account [localpart]
mox config domain rm domain
mox config alias list domain
mox config alias print alias
mox config alias add alias@domain rcpt1@domain ...
mox config alias update alias@domain [-postpublic false|true -listmembers false|true -allowmsgfrom false|true]
mox config alias rm alias@domain
mox config alias addaddr alias@domain rcpt1@domain ...
mox config alias rmaddr alias@domain rcpt1@domain ...
mox config describe-sendmail >/etc/moxsubmit.conf
mox config printservice >mox.service
mox config ensureacmehostprivatekeys
mox config example [name]
mox checkupdate
mox cid cid
mox clientconfig domain
mox dane dial host:port
mox dane dialmx domain [destination-host]
mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
mox dkim lookup selector domain
mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
mox dkim verify message
mox dkim sign message
mox dmarc lookup domain
mox dmarc parsereportmsg message ...
mox dmarc verify remoteip mailfromaddress helodomain < message
mox dmarc checkreportaddrs domain
mox dnsbl check zone ip
mox dnsbl checkhealth zone
mox mtasts lookup domain
mox retrain accountname
mox sendmail [-Fname] [ignoredflags] [-t] [<message]
mox spf check domain ip
mox spf lookup domain
mox spf parse txtrecord
mox tlsrpt lookup domain
mox tlsrpt parsereportmsg message ...
mox version
mox webapi [method [baseurl-with-credentials]
mox example [name]
mox bumpuidvalidity account [mailbox]
mox reassignuids account [mailboxid]
mox fixuidmeta account
mox fixmsgsize [account]
mox reparse [account]
mox ensureparsed account
mox recalculatemailboxcounts account
mox message parse message.eml
mox reassignthreads [account]
# mox serve
Start mox, serving SMTP/IMAP/HTTPS.
Incoming email is accepted over SMTP. Email can be retrieved by users using
IMAP. HTTP listeners are started for the admin/account web interfaces, and for
automated TLS configuration. Missing essential TLS certificates are immediately
requested, other TLS certificates are requested on demand.
Only implemented on unix systems, not Windows.
usage: mox serve
# mox quickstart
Quickstart generates configuration files and prints instructions to quickly set up a mox instance.
Quickstart writes configuration files, prints initial admin and account
passwords, DNS records you should create. If you run it on Linux it writes a
systemd service file and prints commands to enable and start mox as service.
The user or uid is optional, defaults to "mox", and is the user or uid/gid mox
will run as after initialization.
Quickstart assumes mox will run on the machine you run quickstart on and uses
its host name and public IPs. On many systems the hostname is not a fully
qualified domain name, but only the first dns "label", e.g. "mail" in case of
"mail.example.org". If so, quickstart does a reverse DNS lookup to find the
hostname, and as fallback uses the label plus the domain of the email address
you specified. Use flag -hostname to explicitly specify the hostname mox will
run on.
Mox is by far easiest to operate if you let it listen on port 443 (HTTPS) and
80 (HTTP). TLS will be fully automatic with ACME with Let's Encrypt.
You can run mox along with an existing webserver, but because of MTA-STS and
autoconfig, you'll need to forward HTTPS traffic for two domains to mox. Run
"mox quickstart -existing-webserver ..." to generate configuration files and
instructions for configuring mox along with an existing webserver.
But please first consider configuring mox on port 443. It can itself serve
domains with HTTP/HTTPS, including with automatic TLS with ACME, is easily
configured through both configuration files and admin web interface, and can act
as a reverse proxy (and static file server for that matter), so you can forward
traffic to your existing backend applications. Look for "WebHandlers:" in the
output of "mox config describe-domains" and see the output of
"mox config example webhandlers".
usage: mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
-existing-webserver
use if a webserver is already running, so mox won't listen on port 80 and 443; you'll have to provide tls certificates/keys, and configure the existing webserver as reverse proxy, forwarding requests to mox.
-hostname string
hostname mox will run on, by default the hostname of the machine quickstart runs on; if specified, the IPs for the hostname are configured for the public listener
-skipdial
skip check for outgoing smtp (port 25) connectivity
# mox stop
Shut mox down, giving connections maximum 3 seconds to stop before closing them.
While shutting down, new IMAP and SMTP connections will get a status response
indicating temporary unavailability. Existing connections will get a 3 second
period to finish their transaction and shut down. Under normal circumstances,
only IMAP has long-living connections, with the IDLE command to get notified of
new mail deliveries.
usage: mox stop
# mox setaccountpassword
Set new password an account.
The password is read from stdin. Secrets derived from the password, but not the
password itself, are stored in the account database. The stored secrets are for
authentication with: scram-sha-256, scram-sha-1, cram-md5, plain text (bcrypt
hash).
The parameter is an account name, as configured under Accounts in domains.conf
and as present in the data/accounts/ directory, not a configured email address
for an account.
usage: mox setaccountpassword account
# mox setadminpassword
Set a new admin password, for the web interface.
The password is read from stdin. Its bcrypt hash is stored in a file named
"adminpasswd" in the configuration directory.
usage: mox setadminpassword
# mox loglevels
Print the log levels, or set a new default log level, or a level for the given package.
By default, a single log level applies to all logging in mox. But for each
"pkg", an overriding log level can be configured. Examples of packages:
smtpserver, smtpclient, queue, imapserver, spf, dkim, dmarc, junk, message,
etc.
Specify a pkg and an empty level to clear the configured level for a package.
Valid labels: error, info, debug, trace, traceauth, tracedata.
usage: mox loglevels [level [pkg]]
# mox queue holdrules list
List hold rules for the delivery queue.
Messages submitted to the queue that match a hold rule will be marked as on hold
and not scheduled for delivery.
usage: mox queue holdrules list
# mox queue holdrules add
Add hold rule for the delivery queue.
Add a hold rule to mark matching newly submitted messages as on hold. Set the
matching rules with the flags. Don't specify any flags to match all submitted
messages.
usage: mox queue holdrules add [ruleflags]
-account string
account submitting the message
-recipientdom string
recipient domain
-senderdom string
sender domain
# mox queue holdrules remove
Remove hold rule for the delivery queue.
Remove a hold rule by its id.
usage: mox queue holdrules remove ruleid
# mox queue list
List matching messages in the delivery queue.
Prints the message with its ID, last and next delivery attempts, last error.
usage: mox queue list [filtersortflags]
-account string
account that queued the message
-asc
sort ascending instead of descending (default)
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-sort value
field to sort by, "nextattempt" (default) or "queued"
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue hold
Mark matching messages on hold.
Messages that are on hold are not delivered until marked as off hold again, or
otherwise handled by the admin.
usage: mox queue hold [filterflags]
-account string
account that queued the message
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue unhold
Mark matching messages off hold.
Once off hold, messages can be delivered according to their current next
delivery attempt. See the "queue schedule" command.
usage: mox queue unhold [filterflags]
-account string
account that queued the message
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue schedule
Change next delivery attempt for matching messages.
The next delivery attempt is adjusted by the duration parameter. If the -now
flag is set, the new delivery attempt is set to the duration added to the
current time, instead of added to the current scheduled time.
Schedule immediate delivery with "mox queue schedule -now 0".
usage: mox queue schedule [filterflags] [-now] duration
-account string
account that queued the message
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-now
schedule for duration relative to current time instead of relative to current next delivery attempt for messages
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue transport
Set transport for matching messages.
By default, the routing rules determine how a message is delivered. The default
and common case is direct delivery with SMTP. Messages can get a previously
configured transport assigned to use for delivery, e.g. using submission to
another mail server or with connections over a SOCKS proxy.
usage: mox queue transport [filterflags] transport
-account string
account that queued the message
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue requiretls
Set TLS requirements for delivery of matching messages.
Value "yes" is handled as if the RequireTLS extension was specified during
submission.
Value "no" is handled as if the message has a header "TLS-Required: No". This
header is not added by the queue. If messages without this header are relayed
through other mail servers they will apply their own default TLS policy.
Value "default" is the default behaviour, currently for unverified opportunistic
TLS.
usage: mox queue requiretls [filterflags] {yes | no | default}
-account string
account that queued the message
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue fail
Fail delivery of matching messages, delivering DSNs.
Failing a message is handled similar to how delivery is given up after all
delivery attempts failed. The DSN (delivery status notification) message
contains a line saying the message was canceled by the admin.
usage: mox queue fail [filterflags]
-account string
account that queued the message
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue drop
Remove matching messages from the queue.
Dangerous operation, this completely removes the message. If you want to store
the message, use "queue dump" before removing.
usage: mox queue drop [filterflags]
-account string
account that queued the message
-from string
from address of message, use "@example.com" to match all messages for a domain
-hold value
true or false, whether to match only messages that are (not) on hold
-ids value
comma-separated list of message IDs
-n int
number of messages to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue dump
Dump a message from the queue.
The message is printed to stdout and is in standard internet mail format.
usage: mox queue dump id
# mox queue retired list
List matching messages in the retired queue.
Prints messages with their ID and results.
usage: mox queue retired list [filtersortflags]
-account string
account that queued the message
-asc
sort ascending instead of descending (default)
-from string
from address of message, use "@example.com" to match all messages for a domain
-ids value
comma-separated list of retired message IDs
-lastactivity string
filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
-n int
number of messages to return
-result value
"success" or "failure" as result of delivery
-sort value
field to sort by, "lastactivity" (default) or "queued"
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
-to string
recipient address of message, use "@example.com" to match all messages for a domain
-transport value
transport to use for messages, empty string sets the default behaviour
# mox queue retired print
Print a message from the retired queue.
Prints a JSON representation of the information from the retired queue.
usage: mox queue retired print id
# mox queue suppress list
Print addresses in suppression list.
usage: mox queue suppress list [-account account]
-account string
only show suppression list for this account
# mox queue suppress add
Add address to suppression list for account.
usage: mox queue suppress add account address
# mox queue suppress remove
Remove address from suppression list for account.
usage: mox queue suppress remove account address
# mox queue suppress lookup
Check if address is present in suppression list, for any or specific account.
usage: mox queue suppress lookup [-account account] address
-account string
only check address in specified account
# mox queue webhook list
List matching webhooks in the queue.
Prints list of webhooks, their IDs and basic information.
usage: mox queue webhook list [filtersortflags]
-account string
account that queued the message/webhook
-asc
sort ascending instead of descending (default)
-event value
event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
-ids value
comma-separated list of webhook IDs
-n int
number of webhooks to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-sort value
field to sort by, "nextattempt" (default) or "queued"
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
# mox queue webhook schedule
Change next delivery attempt for matching webhooks.
The next delivery attempt is adjusted by the duration parameter. If the -now
flag is set, the new delivery attempt is set to the duration added to the
current time, instead of added to the current scheduled time.
Schedule immediate delivery with "mox queue schedule -now 0".
usage: mox queue webhook schedule [filterflags] duration
-account string
account that queued the message/webhook
-event value
event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
-ids value
comma-separated list of webhook IDs
-n int
number of webhooks to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-now
schedule for duration relative to current time instead of relative to current next delivery attempt for webhooks
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
# mox queue webhook cancel
Fail delivery of matching webhooks.
usage: mox queue webhook cancel [filterflags]
-account string
account that queued the message/webhook
-event value
event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
-ids value
comma-separated list of webhook IDs
-n int
number of webhooks to return
-nextattempt string
filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
# mox queue webhook print
Print details of a webhook from the queue.
The webhook is printed to stdout as JSON.
usage: mox queue webhook print id
# mox queue webhook retired list
List matching webhooks in the retired queue.
Prints list of retired webhooks, their IDs and basic information.
usage: mox queue webhook retired list [filtersortflags]
-account string
account that queued the message/webhook
-asc
sort ascending instead of descending (default)
-event value
event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
-ids value
comma-separated list of retired webhook IDs
-lastactivity string
filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
-n int
number of webhooks to return
-sort value
field to sort by, "lastactivity" (default) or "queued"
-submitted string
filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
# mox queue webhook retired print
Print details of a webhook from the retired queue.
The retired webhook is printed to stdout as JSON.
usage: mox queue webhook retired print id
# mox import maildir
Import a maildir into an account.
The mbox/maildir archive is accessed and imported by the running mox process, so
it must have access to the archive files. The default suggested systemd service
file isolates mox from most of the file system, with only the "data/" directory
accessible, so you may want to put the mbox/maildir archive files in a
directory like "data/import/" to make it available to mox.
By default, messages will train the junk filter based on their flags and, if
"automatic junk flags" configuration is set, based on mailbox naming.
If the destination mailbox is the Sent mailbox, the recipients of the messages
are added to the message metadata, causing later incoming messages from these
recipients to be accepted, unless other reputation signals prevent that.
Users can also import mailboxes/messages through the account web page by
uploading a zip or tgz file with mbox and/or maildirs.
Messages are imported even if already present. Importing messages twice will
result in duplicate messages.
Mailbox flags, like "seen", "answered", will be imported. An optional
dovecot-keywords file can specify additional flags, like Forwarded/Junk/NotJunk.
usage: mox import maildir accountname mailboxname maildir
# mox import mbox
Import an mbox into an account.
Using mbox is not recommended, maildir is a better defined format.
The mbox/maildir archive is accessed and imported by the running mox process, so
it must have access to the archive files. The default suggested systemd service
file isolates mox from most of the file system, with only the "data/" directory
accessible, so you may want to put the mbox/maildir archive files in a
directory like "data/import/" to make it available to mox.
By default, messages will train the junk filter based on their flags and, if
"automatic junk flags" configuration is set, based on mailbox naming.
If the destination mailbox is the Sent mailbox, the recipients of the messages
are added to the message metadata, causing later incoming messages from these
recipients to be accepted, unless other reputation signals prevent that.
Users can also import mailboxes/messages through the account web page by
uploading a zip or tgz file with mbox and/or maildirs.
Messages are imported even if already present. Importing messages twice will
result in duplicate messages.
usage: mox import mbox accountname mailboxname mbox
# mox export maildir
Export one or all mailboxes from an account in maildir format.
Export bypasses a running mox instance. It opens the account mailbox/message
database file directly. This may block if a running mox instance also has the
database open, e.g. for IMAP connections. To export from a running instance, use
the accounts web page or webmail.
usage: mox export maildir [-single] dst-dir account-path [mailbox]
-single
export single mailbox, without any children. disabled if mailbox isn't specified.
# mox export mbox
Export messages from one or all mailboxes in an account in mbox format.
Using mbox is not recommended. Maildir is a better format.
Export bypasses a running mox instance. It opens the account mailbox/message
database file directly. This may block if a running mox instance also has the
database open, e.g. for IMAP connections. To export from a running instance, use
the accounts web page or webmail.
For mbox export, "mboxrd" is used where message lines starting with the magic
"From " string are escaped by prepending a >. All ">*From " are escaped,
otherwise reconstructing the original could lose a ">".
usage: mox export mbox [-single] dst-dir account-path [mailbox]
-single
export single mailbox, without any children. disabled if mailbox isn't specified.
# mox localserve
Start a local SMTP/IMAP server that accepts all messages, useful when testing/developing software that sends email.
Localserve starts mox with a configuration suitable for local email-related
software development/testing. It listens for SMTP/Submission(s), IMAP(s) and
HTTP(s), on the regular port numbers + 1000.
Data is stored in the system user's configuration directory under
"mox-localserve", e.g. $HOME/.config/mox-localserve/ on linux, but can be
overridden with the -dir flag. If the directory does not yet exist, it is
automatically initialized with configuration files, an account with email
address mox@localhost and password moxmoxmox, and a newly generated self-signed
TLS certificate.
Incoming messages are delivered as normal, falling back to accepting and
delivering to the mox account for unknown addresses.
Submitted messages are added to the queue, which delivers by ignoring the
destination servers, always connecting to itself instead.
Recipient addresses with the following localpart suffixes are handled specially:
- "temperror": fail with a temporary error code
- "permerror": fail with a permanent error code
- [45][0-9][0-9]: fail with the specific error code
- "timeout": no response (for an hour)
If the localpart begins with "mailfrom" or "rcptto", the error is returned
during those commands instead of during "data".
usage: mox localserve
-dir string
configuration storage directory (default "$userconfigdir/mox-localserve")
-initonly
write configuration files and exit
-ip string
serve on this ip instead of default 127.0.0.1 and ::1. only used when writing configuration, at first launch.
# mox help
Prints help about matching commands.
If multiple commands match, they are listed along with the first line of their help text.
If a single command matches, its usage and full help text is printed.
usage: mox help [command ...]
# mox backup
Creates a backup of the data directory.
Backup creates consistent snapshots of the databases and message files and
copies other files in the data directory. Empty directories are not copied.
These files can then be stored elsewhere for long-term storage, or used to fall
back to should an upgrade fail. Simply copying files in the data directory
while mox is running can result in unusable database files.
Message files never change (they are read-only, though can be removed) and are
hard-linked so they don't consume additional space. If hardlinking fails, for
example when the backup destination directory is on a different file system, a
regular copy is made. Using a destination directory like "data/tmp/backup"
increases the odds hardlinking succeeds: the default systemd service file
specifically mounts the data directory, causing attempts to hardlink outside it
to fail with an error about cross-device linking.
All files in the data directory that aren't recognized (i.e. other than known
database files, message files, an acme directory, the "tmp" directory, etc),
are stored, but with a warning.
Remove files in the destination directory before doing another backup. The
backup command will not overwrite files, but print and return errors.
Exit code 0 indicates the backup was successful. A clean successful backup does
not print any output, but may print warnings. Use the -verbose flag for
details, including timing.
To restore a backup, first shut down mox, move away the old data directory and
move an earlier backed up directory in its place, run "mox verifydata",
possibly with the "-fix" option, and restart mox. After the restore, you may
also want to run "mox bumpuidvalidity" for each account for which messages in a
mailbox changed, to force IMAP clients to synchronize mailbox state.
Before upgrading, to check if the upgrade will likely succeed, first make a
backup, then use the new mox binary to run "mox verifydata" on the backup. This
can change the backup files (e.g. upgrade database files, move away
unrecognized message files), so you should make a new backup before actually
upgrading.
usage: mox backup dest-dir
-verbose
print progress
# mox verifydata
Verify the contents of a data directory, typically of a backup.
Verifydata checks all database files to see if they are valid BoltDB/bstore
databases. It checks that all messages in the database have a corresponding
on-disk message file and there are no unrecognized files. If option -fix is
specified, unrecognized message files are moved away. This may be needed after
a restore, because messages enqueued or delivered in the future may get those
message sequence numbers assigned and writing the message file would fail.
Consistency of message/mailbox UID, UIDNEXT and UIDVALIDITY is verified as
well.
Because verifydata opens the database files, schema upgrades may automatically
be applied. This can happen if you use a new mox release. It is useful to run
"mox verifydata" with a new binary before attempting an upgrade, but only on a
copy of the database files, as made with "mox backup". Before upgrading, make a
new backup again since "mox verifydata" may have upgraded the database files,
possibly making them potentially no longer readable by the previous version.
usage: mox verifydata data-dir
-fix
fix fixable problems, such as moving away message files not referenced by their database
-skip-size-check
skip the check for message size
# mox licenses
Print licenses of mox source code and dependencies.
usage: mox licenses
# mox config test
Parses and validates the configuration files.
If valid, the command exits with status 0. If not valid, all errors encountered
are printed.
usage: mox config test
# mox config dnscheck
Check the DNS records with the configuration for the domain, and print any errors/warnings.
usage: mox config dnscheck domain
# mox config dnsrecords
Prints annotated DNS records as zone file that should be created for the domain.
The zone file can be imported into existing DNS software. You should review the
DNS records, especially if your domain previously/currently has email
configured.
usage: mox config dnsrecords domain
# mox config describe-domains
Prints an annotated empty configuration for use as domains.conf.
The domains configuration file contains the domains and their configuration,
and accounts and their configuration. This includes the configured email
addresses. The mox admin web interface, and the mox command line interface, can
make changes to this file. Mox automatically reloads this file when it changes.
Like the static configuration, the example domains.conf printed by this command
needs modifications to make it valid.
usage: mox config describe-domains >domains.conf
# mox config describe-static
Prints an annotated empty configuration for use as mox.conf.
The static configuration file cannot be reloaded while mox is running. Mox has
to be restarted for changes to the static configuration file to take effect.
This configuration file needs modifications to make it valid. For example, it
may contain unfinished list items.
usage: mox config describe-static >mox.conf
# mox config account add
Add an account with an email address and reload the configuration.
Email can be delivered to this address/account. A password has to be configured
explicitly, see the setaccountpassword command.
usage: mox config account add account address
# mox config account rm
Remove an account and reload the configuration.
Email addresses for this account will also be removed, and incoming email for
these addresses will be rejected.
All data for the account will be removed.
usage: mox config account rm account
# mox config address add
Adds an address to an account and reloads the configuration.
If address starts with a @ (i.e. a missing localpart), this is a catchall
address for the domain.
usage: mox config address add address account
# mox config address rm
Remove an address and reload the configuration.
Incoming email for this address will be rejected after removing an address.
usage: mox config address rm address
# mox config domain add
Adds a new domain to the configuration and reloads the configuration.
The account is used for the postmaster mailboxes the domain, including as DMARC and
TLS reporting. Localpart is the "username" at the domain for this account. If
must be set if and only if account does not yet exist.
usage: mox config domain add domain account [localpart]
# mox config domain rm
Remove a domain from the configuration and reload the configuration.
This is a dangerous operation. Incoming email delivery for this domain will be
rejected.
usage: mox config domain rm domain
# mox config alias list
List aliases for domain.