NeoMutt supports several of optional features which can be enabled or disabled at compile-time by giving the configure script certain arguments. These are listed in the “ Optional features” section of the configure --help output.
Which features are enabled or disabled can later be determined from the output of
neomutt -v. If a compile option starts with
“+” it is enabled and disabled if prefixed with
“-”. For example, if NeoMutt was compiled using GnuTLS for encrypted communication instead of OpenSSL,
neomutt -v would contain:
NeoMutt optionally supports the IMAP, POP3 and SMTP protocols which require to access servers using URLs. The canonical syntax for specifying URLs in NeoMutt is (an item enclosed in
means it is optional and may be omitted):
is the communication protocol:
imap for IMAP,
pop for POP3 and
smtp for SMTP. If
“secure communication” is appended, NeoMutt will attempt to establish an encrypted communication using SSL or TLS.
Since all protocols supported by NeoMutt support/require authentication, login credentials may be specified in the URL. This has the advantage that multiple IMAP, POP3 or SMTP servers may be specified (which isn't possible using, for example,
$imap_user). The username may contain the
“@” symbol being used by many mail systems as part of the login name. The special characters
%25) have to be URL-encoded in usernames using the
A password can be given, too but is not recommended if the URL is specified in a configuration file on disk.
If no port number is given, NeoMutt will use the system's default for the given protocol (usually consulting
The optional path is only relevant for IMAP and ignored elsewhere.
If NeoMutt is compiled with IMAP, POP3 and/or SMTP support, it can also be compiled with support for SSL or TLS using either OpenSSL or GnuTLS (by running the configure script with the --ssl=... option for OpenSSL or --gnutls=... for GnuTLS). NeoMutt can then attempt to encrypt communication with remote servers if these protocols are suffixed with “s” for “secure communication”.
When non-secure URL protocols
smtp://are used, the initial connection to the server will be unencrypted.
STARTTLS can be used to negotiate an encrypted connection after the initial unencrypted connection and exchange.
Two configuration variables control NeoMutt's behavior with
$ssl_starttls will initiate
STARTTLS if the server advertises support for it.
$ssl_force_tls will always try to initiate it, whether the server advertises support or not.
$ssl_force_tls unless you need to connect to an unencrypted server. It's possible for an attacker to spoof interactions during the initial connection and hide support for
STARTTLS. The only way to prevent these attacks is by forcing
STARTTLS with the
$ssl_force_tls configuration variable.
When connecting through a $tunnel and $tunnel_is_secure is set(the default), NeoMutt will assume the connection to the server through the pipe is already secured. NeoMutt will ignore $ssl_starttls and $ssl_force_tls, behaving as if TLS has already been negotiated.
$tunnel_is_secure is unset, NeoMutt will respect the values of
$ssl_force_tls. It is
$ssl_force_tls in this case, to force
STARTTLS negotiation. Note that doing so will prevent connection to an IMAP server configured for preauthentication(
PREAUTH). If you use this configuration, it is recommended to use a secure tunnel.
NeoMutt has POP3 support and has the ability to work with mailboxes located on a remote POP3 server and fetch mail for local browsing.
Remote POP3 servers can be accessed using URLs with the
pop protocol for unencrypted and
pops for encrypted communication, see
Section 1.2, “URL Syntax” for details.
Polling for new mail is more expensive over POP3 than locally. For this reason the frequency at which NeoMutt will check for mail remotely can be controlled by the $pop_check_interval variable, which defaults to every 60 seconds.
POP is read-only which doesn't allow for some features like editing messages or changing flags. However, using Section 8.1, “Header Caching” and Section 8.2, “Body Caching” NeoMutt simulates the new/old/read flags as well as flagged and replied. NeoMutt applies some logic on top of remote messages but cannot change them so that modifications of flags are lost when messages are downloaded from the POP server (either by NeoMutt or other tools).
Another way to access your POP3 mail is the
<fetch-mail>function (default: G). It allows to connect to
$pop_host, fetch all your new mail and place it in the local
$spool_file. After this point, NeoMutt runs exactly as if the mail had always been local.
If you only need to fetch all messages to a local mailbox you should consider using a specialized program, such as
NeoMutt has IMAP support and has the ability to work with folders located on a remote IMAP server.
You can access the remote inbox by selecting the folder by its URL (see
Section 1.2, “URL Syntax” for details) using the
imaps protocol. Alternatively, a pine-compatible notation is also supported, i.e.
Note that not all servers use “/” as the hierarchy separator. NeoMutt should correctly notice which separator is being used by the server and convert paths accordingly.
The IMAP protocol has a subscription feature where the server manages a list of of subscribed folders. To add or remove a folder to the list of subscribed folders use the commands:
imap-folder-uri must be an IMAP URI, from which the server and the folder is derived, e.g.
Instead of the above commands you can also use the
<unsubscribe>functions of the browser (default keys
u) to subscribe to or unsubscribe from a folder while browsing the folders on the IMAP server. The browser can be instructed to only display the folders you are subscribed to with the
<toggle-subscribed>functions. See also the
Because the list of subscribed folders is managed by the IMAP server, NeoMutt can also ask the server for that list. If $imap_check_subscribed is set, NeoMutt will do that and add those folders to its mailboxes list just as if you had used the mailboxes command on each of them, so that these folders get checked periodically for new mail.
Polling for new mail on an IMAP server can cause noticeable delays. So, you'll want to carefully tune the $mail_check and $timeout variables. Reasonable values are:
set mail_check=90 set timeout=15
with relatively good results even over slow modem lines.
Note that if you are using mbox as the mail store on UW servers prior to v12.250, the server has been reported to disconnect a client if another client selects the same folder.
As of version 1.2, NeoMutt supports browsing mailboxes on an IMAP server. This is mostly the same as the local file browser, with the following differences:
In lieu of file permissions, NeoMutt displays the string “ IMAP”, possibly followed by the symbol “ +”, indicating that the entry contains both messages and subfolders. On Cyrus-like servers folders will often contain both messages and subfolders. A mailbox name with a trailing delimiter (usually “ /” or “ .”) indicates subfolders.
For the case where an entry can contain both messages and subfolders, the selection key (bound to
enter by default) will choose to descend into the subfolder view. If you wish to view the messages in that folder, you must use
view-file instead (bound to
space by default).
You can create, delete and rename mailboxes with the
<rename-mailbox>commands (default bindings:
r, respectively). You may also
<unsubscribe>to mailboxes (normally these are bound to
NeoMutt supports four authentication methods with IMAP servers: SASL, GSSAPI, CRAM-MD5, and LOGIN. There is also support for the pseudo-protocol ANONYMOUS, which allows you to log in to a public IMAP server without having an account. To use ANONYMOUS, simply make your username blank or “anonymous”.
SASL is a special super-authenticator, which selects among several protocols (including GSSAPI, CRAM-MD5, ANONYMOUS, and DIGEST-MD5) the most secure method available on your host and the server. Using some of these methods (including DIGEST-MD5 and possibly GSSAPI), your entire session will be encrypted and invisible to those teeming network snoops. It is the best option if you have it. To use it, you must have the Cyrus SASL library installed on your system and compile NeoMutt with the --with-sasl flag.
NeoMutt will try whichever methods are compiled in and available on the server, in the following order: SASL, ANONYMOUS, GSSAPI, CRAM-MD5, LOGIN.
There are a few variables which control authentication:
$imap_user– controls the username under which you request authentication on the IMAP server, for all authenticators. This is overridden by an explicit username in the mailbox path (i.e. by using a mailbox name of the form
$imap_pass– a password which you may preset, used by all authentication methods where a password is needed.
$imap_authenticators– a colon-delimited list of IMAP authentication methods to try, in the order you wish to try them. If specified, this overrides NeoMutt's default (attempt everything, in the order listed above).
Besides supporting traditional mail delivery through a sendmail-compatible program, NeoMutt supports delivery through SMTP.
If the configuration variable $smtp_url is set, NeoMutt will contact the given SMTP server to deliver messages; if it is unset, NeoMutt will use the program specified by $sendmail.
For details on the URL syntax, please see Section 1.2, “URL Syntax”.
The built-in SMTP support supports encryption (the
smtps protocol using SSL or TLS) as well as SMTP authentication using SASL. The authentication mechanisms for SASL are specified in
$smtp_authenticators defaulting to an empty list which makes NeoMutt try all available methods from most-secure to least-secure.
Preliminary OAUTH support for IMAP, POP, and SMTP is provided via external scripts.
At least for Gmail, you can use the
oauth2.py script from Google's gmail-oauth2-tools:
You'll need to get your own oauth client credentials for Gmail here: https://console.developers.google.com/apis/credentials
Then, you'd use
--generate_oauth2_token to get a refresh token, and configure NeoMutt with:
set imap_authenticators="oauthbearer" set imap_oauth_refresh_command="/path/to/oauth2.py --quiet --user=[email_address]\ --client_id=[client_id] --client_secret=[client_secret]\ --refresh_token=[refresh_token]"
For Office365, you can use the
mutt_oauth2.py script written by Alexander Perlis:
You'll need to get your own oauth client credentials by following the script instructions: https://github.com/neomutt/neomutt/blob/main/contrib/oauth2/mutt_oauth2.py.README
set imap_authenticators="xoauth2" set imap_oauth_refresh_command="/path/to/mutt_oauth2.py /path/to/token"
Substitute pop or smtp for imap in the above examples to configure for those. Please note that xoauth2 support has not yet been implemented for pop.
If you happen to have accounts on multiple IMAP, POP and/or SMTP servers, you may find managing all the authentication settings inconvenient and error-prone. The account-hook command may help. This hook works like folder-hook but is invoked whenever NeoMutt needs to access a remote mailbox (including inside the folder browser), not just when you open the mailbox. This includes (for example) polling for new mail, storing Fcc messages and saving messages to a folder. As a consequence, account-hook should only be used to set connection-related settings such as passwords or tunnel commands but not settings such as sender address or name (because in general it should be considered unpredictable which account-hook was last used).
account-hook . 'unset imap_user; unset imap_pass; unset tunnel' account-hook imap://host1/ 'set imap_user=me1 imap_pass=foo' account-hook imap://host2/ 'set tunnel="ssh host2 /usr/libexec/imapd"' account-hook smtp://user@host3/ 'set tunnel="ssh host3 /usr/libexec/smtpd"'
To manage multiple accounts with, for example, different values of $record or sender addresses, folder-hook has to be be used together with the mailboxes command.
Example 6.2. Managing multiple accounts
mailboxes imap://user@host1/INBOX folder-hook imap://user@host1/ 'set folder=imap://host1/ ; set record=+INBOX/Sent' mailboxes imap://user@host2/INBOX folder-hook imap://user@host2/ 'set folder=imap://host2/ ; set record=+INBOX/Sent'
In example Example 6.2, “Managing multiple accounts” the folders are defined using mailboxes so NeoMutt polls them for new mail. Each folder-hook triggers when one mailbox below each IMAP account is opened and sets $folder to the account's root folder. Next, it sets $record to the INBOX/Sent folder below the newly set $folder. Please notice that the value the “+” mailbox shortcut refers to depends on the current value of $folder and therefore has to be set separately per account. Setting other values like $from or $signature is analogous to setting $record.
NeoMutt contains two types of local caching: (1) the so-called “header caching” and (2) the so-called “body caching” which are both described in this section.
Header caching is optional as it depends on external libraries, body caching is always enabled if NeoMutt is compiled with POP and/or IMAP support as these use it (body caching requires no external library).
NeoMutt provides optional support for caching message headers for the following types of folders: IMAP, POP, Maildir and MH. Header caching greatly speeds up opening large folders because for remote folders, headers usually only need to be downloaded once. For Maildir and MH, reading the headers from a single file is much faster than looking at possibly thousands of single files (since Maildir and MH use one file per message.)
Header caching can be enabled by configuring one of the database backends. One of bdb, gdbm, kyotocabinet, lmdb, qdbm, rocksdb, tdb, tokyocabinet.
If enabled, $header_cache can be used to either point to a file or a directory. If set to point to a file, one database file for all folders will be used (which may result in lower performance), but one file per folder if it points to a directory.
Additionally, $header_cache_backend can be set to specify which backend to use. The list of available backends can be specified at configure time with a set of --with-<backend> options. Currently, the following backends are supported: bdb, gdbm, kyotocabinet, lmdb, qdbm, rocksdb, tdb, tokyocabinet.
Take a look at the benchmark script provided in the following repository: contrib-hcache-benchmark. There you can find a way of finding the storage backend for your needs.
Both cache methods can be combined using the same directory for storage (and for IMAP/POP even provide meaningful file names) which simplifies manual maintenance tasks.
In addition to caching message headers only, NeoMutt can also cache whole message bodies. This results in faster display of messages for POP and IMAP folders because messages usually have to be downloaded only once.
For configuration, the variable $message_cache_dir must point to a directory. There, NeoMutt will create a hierarchy of subdirectories named like the account and mailbox path the cache is for.
For using both, header and body caching, $header_cache and $message_cache_dir can be safely set to the same value.
In a header or body cache directory, NeoMutt creates a directory hierarchy named like:
proto is either
“imap.” Within there, for each folder, NeoMutt stores messages in single files and header caches in files with the
“.hcache” extension. All files can be removed as needed if the consumed disk space becomes an issue as NeoMutt will silently fetch missing items again. Pathnames are always stored in UTF-8 encoding.
For Maildir and MH, the header cache files are named after the MD5 checksum of the path.
NeoMutt does not (yet) support maintenance features for header cache database files so that files have to be removed in case they grow too big. It depends on the database library used for header caching whether disk space freed by removing messages is re-used.
For body caches, NeoMutt can keep the local cache in sync with the remote mailbox if the $message_cache_clean variable is set. Cleaning means to remove messages from the cache which are no longer present in the mailbox which only happens when other mail clients or instances of NeoMutt using a different body cache location delete messages (NeoMutt itself removes deleted messages from the cache when syncing a mailbox). As cleaning can take a noticeable amount of time, it should not be set in general but only occasionally.
You may also have compiled NeoMutt to co-operate with Mixmaster, an anonymous remailer. Mixmaster permits you to send your messages anonymously using a chain of remailers. Mixmaster support in NeoMutt is for mixmaster version 2.04 or later.
To use it, you'll have to obey certain restrictions. Most important, you cannot use the
Bcc headers. To tell NeoMutt to use mixmaster, you have to select a remailer chain, using the mix function on the compose menu.
The chain selection screen is divided into two parts. In the (larger) upper part, you get a list of remailers you may use. In the lower part, you see the currently selected chain of remailers.
You can navigate in the chain using the
<chain-next>functions, which are by default bound to the left and right arrows and to the
l keys (think vi keyboard bindings). To insert a remailer at the current chain position, use the
<insert>function. To append a remailer behind the current chain position, use
<append>. You can also delete entries from the chain, using the corresponding function. Finally, to abandon your changes, leave the menu, or
<accept>them pressing (by default) the
Note that different remailers do have different capabilities, indicated in the %c entry of the remailer menu lines (see $mix_entry_format). Most important is the “middleman” capability, indicated by a capital “M”: This means that the remailer in question cannot be used as the final element of a chain, but will only forward messages to other mixmaster remailers. For details on the other capabilities, please have a look at the mixmaster documentation.