2Command mox is a modern, secure, full-featured, open source mail server for
3low-maintenance self-hosted email.
5Mox is started with the "serve" subcommand, but mox also has many other
8Many of those commands talk to a running mox instance, through the ctl file in
9the data directory. Specify the configuration file (that holds the path to the
10data directory) through the -config flag or MOXCONF environment variable.
12Commands that don't talk to a running mox instance are often for
13testing/debugging email functionality. For example for parsing an email message,
14or looking up SPF/DKIM/DMARC records.
16Below is the usage information as printed by the command when started without
17any parameters. Followed by the help and usage information for each command.
21 mox [-config config/mox.conf] [-pedantic] ...
23 mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
25 mox setaccountpassword account
27 mox loglevels [level [pkg]]
28 mox queue holdrules list
29 mox queue holdrules add [ruleflags]
30 mox queue holdrules remove ruleid
31 mox queue list [filtersortflags]
32 mox queue hold [filterflags]
33 mox queue unhold [filterflags]
34 mox queue schedule [filterflags] [-now] duration
35 mox queue transport [filterflags] transport
36 mox queue requiretls [filterflags] {yes | no | default}
37 mox queue fail [filterflags]
38 mox queue drop [filterflags]
40 mox queue retired list [filtersortflags]
41 mox queue retired print id
42 mox queue suppress list [-account account]
43 mox queue suppress add account address
44 mox queue suppress remove account address
45 mox queue suppress lookup [-account account] address
46 mox queue webhook list [filtersortflags]
47 mox queue webhook schedule [filterflags] duration
48 mox queue webhook cancel [filterflags]
49 mox queue webhook print id
50 mox queue webhook retired list [filtersortflags]
51 mox queue webhook retired print id
52 mox import maildir accountname mailboxname maildir
53 mox import mbox accountname mailboxname mbox
54 mox export maildir [-single] dst-dir account-path [mailbox]
55 mox export mbox [-single] dst-dir account-path [mailbox]
57 mox help [command ...]
59 mox verifydata data-dir
62 mox config dnscheck domain
63 mox config dnsrecords domain
64 mox config describe-domains >domains.conf
65 mox config describe-static >mox.conf
66 mox config account add account address
67 mox config account rm account
68 mox config account disable account message
69 mox config account enable account
70 mox config address add address account
71 mox config address rm address
72 mox config domain add [-disabled] domain account [localpart]
73 mox config domain rm domain
74 mox config domain disable domain
75 mox config domain enable domain
76 mox config tlspubkey list [account]
77 mox config tlspubkey get fingerprint
78 mox config tlspubkey add address [name] < cert.pem
79 mox config tlspubkey rm fingerprint
80 mox config tlspubkey gen stem
81 mox config alias list domain
82 mox config alias print alias
83 mox config alias add alias@domain rcpt1@domain ...
84 mox config alias update alias@domain [-postpublic false|true -listmembers false|true -allowmsgfrom false|true]
85 mox config alias rm alias@domain
86 mox config alias addaddr alias@domain rcpt1@domain ...
87 mox config alias rmaddr alias@domain rcpt1@domain ...
88 mox config describe-sendmail >/etc/moxsubmit.conf
89 mox config printservice >mox.service
90 mox config ensureacmehostprivatekeys
91 mox config example [name]
92 mox admin imapserve preauth-address
95 mox clientconfig domain
96 mox dane dial host:port
97 mox dane dialmx domain [destination-host]
98 mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
99 mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
100 mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
101 mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
102 mox dkim lookup selector domain
103 mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
104 mox dkim verify message
105 mox dkim sign message
106 mox dmarc lookup domain
107 mox dmarc parsereportmsg message ...
108 mox dmarc verify remoteip mailfromaddress helodomain < message
109 mox dmarc checkreportaddrs domain
110 mox dnsbl check zone ip
111 mox dnsbl checkhealth zone
112 mox mtasts lookup domain
113 mox rdap domainage domain
114 mox retrain [accountname]
115 mox sendmail [-Fname] [ignoredflags] [-t] [<message]
116 mox spf check domain ip
117 mox spf lookup domain
118 mox spf parse txtrecord
119 mox tlsrpt lookup domain
120 mox tlsrpt parsereportmsg message ...
122 mox webapi [method [baseurl-with-credentials]
124 mox bumpuidvalidity account [mailbox]
125 mox reassignuids account [mailboxid]
126 mox fixuidmeta account
127 mox fixmsgsize [account]
128 mox reparse [account]
129 mox ensureparsed account
130 mox recalculatemailboxcounts account
131 mox message parse message.eml
132 mox reassignthreads [account]
136Start mox, serving SMTP/IMAP/HTTPS.
138Incoming email is accepted over SMTP. Email can be retrieved by users using
139IMAP. HTTP listeners are started for the admin/account web interfaces, and for
140automated TLS configuration. Missing essential TLS certificates are immediately
141requested, other TLS certificates are requested on demand.
143Only implemented on unix systems, not Windows.
149Quickstart generates configuration files and prints instructions to quickly set up a mox instance.
151Quickstart writes configuration files, prints initial admin and account
152passwords, DNS records you should create. If you run it on Linux it writes a
153systemd service file and prints commands to enable and start mox as service.
155All output is written to quickstart.log for later reference.
157The user or uid is optional, defaults to "mox", and is the user or uid/gid mox
158will run as after initialization.
160Quickstart assumes mox will run on the machine you run quickstart on and uses
161its host name and public IPs. On many systems the hostname is not a fully
162qualified domain name, but only the first dns "label", e.g. "mail" in case of
163"mail.example.org". If so, quickstart does a reverse DNS lookup to find the
164hostname, and as fallback uses the label plus the domain of the email address
165you specified. Use flag -hostname to explicitly specify the hostname mox will
168Mox is by far easiest to operate if you let it listen on port 443 (HTTPS) and
16980 (HTTP). TLS will be fully automatic with ACME with Let's Encrypt.
171You can run mox along with an existing webserver, but because of MTA-STS and
172autoconfig, you'll need to forward HTTPS traffic for two domains to mox. Run
173"mox quickstart -existing-webserver ..." to generate configuration files and
174instructions for configuring mox along with an existing webserver.
176But please first consider configuring mox on port 443. It can itself serve
177domains with HTTP/HTTPS, including with automatic TLS with ACME, is easily
178configured through both configuration files and admin web interface, and can act
179as a reverse proxy (and static file server for that matter), so you can forward
180traffic to your existing backend applications. Look for "WebHandlers:" in the
181output of "mox config describe-domains" and see the output of
182"mox config example webhandlers".
184 usage: mox quickstart [-skipdial] [-existing-webserver] [-hostname host] user@domain [user | uid]
186 use if a webserver is already running, so mox won't listen on port 80 and 443; you'll have to provide tls certificates/keys, and configure the existing webserver as reverse proxy, forwarding requests to mox.
188 hostname mox will run on, by default the hostname of the machine quickstart runs on; if specified, the IPs for the hostname are configured for the public listener
190 skip check for outgoing smtp (port 25) connectivity or for domain age with rdap
194Shut mox down, giving connections maximum 3 seconds to stop before closing them.
196While shutting down, new IMAP and SMTP connections will get a status response
197indicating temporary unavailability. Existing connections will get a 3 second
198period to finish their transaction and shut down. Under normal circumstances,
199only IMAP has long-living connections, with the IDLE command to get notified of
204# mox setaccountpassword
206Set new password an account.
208The password is read from stdin. Secrets derived from the password, but not the
209password itself, are stored in the account database. The stored secrets are for
210authentication with: scram-sha-256, scram-sha-1, cram-md5, plain text (bcrypt
213The parameter is an account name, as configured under Accounts in domains.conf
214and as present in the data/accounts/ directory, not a configured email address
217 usage: mox setaccountpassword account
219# mox setadminpassword
221Set a new admin password, for the web interface.
223The password is read from stdin. Its bcrypt hash is stored in a file named
224"adminpasswd" in the configuration directory.
226 usage: mox setadminpassword
230Print the log levels, or set a new default log level, or a level for the given package.
232By default, a single log level applies to all logging in mox. But for each
233"pkg", an overriding log level can be configured. Examples of packages:
234smtpserver, smtpclient, queue, imapserver, spf, dkim, dmarc, junk, message,
237Specify a pkg and an empty level to clear the configured level for a package.
239Valid labels: error, info, debug, trace, traceauth, tracedata.
241 usage: mox loglevels [level [pkg]]
243# mox queue holdrules list
245List hold rules for the delivery queue.
247Messages submitted to the queue that match a hold rule will be marked as on hold
248and not scheduled for delivery.
250 usage: mox queue holdrules list
252# mox queue holdrules add
254Add hold rule for the delivery queue.
256Add a hold rule to mark matching newly submitted messages as on hold. Set the
257matching rules with the flags. Don't specify any flags to match all submitted
260 usage: mox queue holdrules add [ruleflags]
262 account submitting the message
268# mox queue holdrules remove
270Remove hold rule for the delivery queue.
272Remove a hold rule by its id.
274 usage: mox queue holdrules remove ruleid
278List matching messages in the delivery queue.
280Prints the message with its ID, last and next delivery attempts, last error.
282 usage: mox queue list [filtersortflags]
284 account that queued the message
286 sort ascending instead of descending (default)
288 from address of message, use "@example.com" to match all messages for a domain
290 true or false, whether to match only messages that are (not) on hold
292 comma-separated list of message IDs
294 number of messages to return
296 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
298 field to sort by, "nextattempt" (default) or "queued"
300 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
302 recipient address of message, use "@example.com" to match all messages for a domain
304 transport to use for messages, empty string sets the default behaviour
308Mark matching messages on hold.
310Messages that are on hold are not delivered until marked as off hold again, or
311otherwise handled by the admin.
313 usage: mox queue hold [filterflags]
315 account that queued the message
317 from address of message, use "@example.com" to match all messages for a domain
319 true or false, whether to match only messages that are (not) on hold
321 comma-separated list of message IDs
323 number of messages to return
325 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
327 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
329 recipient address of message, use "@example.com" to match all messages for a domain
331 transport to use for messages, empty string sets the default behaviour
335Mark matching messages off hold.
337Once off hold, messages can be delivered according to their current next
338delivery attempt. See the "queue schedule" command.
340 usage: mox queue unhold [filterflags]
342 account that queued the message
344 from address of message, use "@example.com" to match all messages for a domain
346 true or false, whether to match only messages that are (not) on hold
348 comma-separated list of message IDs
350 number of messages to return
352 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
354 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
356 recipient address of message, use "@example.com" to match all messages for a domain
358 transport to use for messages, empty string sets the default behaviour
362Change next delivery attempt for matching messages.
364The next delivery attempt is adjusted by the duration parameter. If the -now
365flag is set, the new delivery attempt is set to the duration added to the
366current time, instead of added to the current scheduled time.
368Schedule immediate delivery with "mox queue schedule -now 0".
370 usage: mox queue schedule [filterflags] [-now] duration
372 account that queued the message
374 from address of message, use "@example.com" to match all messages for a domain
376 true or false, whether to match only messages that are (not) on hold
378 comma-separated list of message IDs
380 number of messages to return
382 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
384 schedule for duration relative to current time instead of relative to current next delivery attempt for messages
386 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
388 recipient address of message, use "@example.com" to match all messages for a domain
390 transport to use for messages, empty string sets the default behaviour
394Set transport for matching messages.
396By default, the routing rules determine how a message is delivered. The default
397and common case is direct delivery with SMTP. Messages can get a previously
398configured transport assigned to use for delivery, e.g. using submission to
399another mail server or with connections over a SOCKS proxy.
401 usage: mox queue transport [filterflags] transport
403 account that queued the message
405 from address of message, use "@example.com" to match all messages for a domain
407 true or false, whether to match only messages that are (not) on hold
409 comma-separated list of message IDs
411 number of messages to return
413 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
415 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
417 recipient address of message, use "@example.com" to match all messages for a domain
419 transport to use for messages, empty string sets the default behaviour
421# mox queue requiretls
423Set TLS requirements for delivery of matching messages.
425Value "yes" is handled as if the RequireTLS extension was specified during
428Value "no" is handled as if the message has a header "TLS-Required: No". This
429header is not added by the queue. If messages without this header are relayed
430through other mail servers they will apply their own default TLS policy.
432Value "default" is the default behaviour, currently for unverified opportunistic
435 usage: mox queue requiretls [filterflags] {yes | no | default}
437 account that queued the message
439 from address of message, use "@example.com" to match all messages for a domain
441 true or false, whether to match only messages that are (not) on hold
443 comma-separated list of message IDs
445 number of messages to return
447 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
449 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
451 recipient address of message, use "@example.com" to match all messages for a domain
453 transport to use for messages, empty string sets the default behaviour
457Fail delivery of matching messages, delivering DSNs.
459Failing a message is handled similar to how delivery is given up after all
460delivery attempts failed. The DSN (delivery status notification) message
461contains a line saying the message was canceled by the admin.
463 usage: mox queue fail [filterflags]
465 account that queued the message
467 from address of message, use "@example.com" to match all messages for a domain
469 true or false, whether to match only messages that are (not) on hold
471 comma-separated list of message IDs
473 number of messages to return
475 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
477 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
479 recipient address of message, use "@example.com" to match all messages for a domain
481 transport to use for messages, empty string sets the default behaviour
485Remove matching messages from the queue.
487Dangerous operation, this completely removes the message. If you want to store
488the message, use "queue dump" before removing.
490 usage: mox queue drop [filterflags]
492 account that queued the message
494 from address of message, use "@example.com" to match all messages for a domain
496 true or false, whether to match only messages that are (not) on hold
498 comma-separated list of message IDs
500 number of messages to return
502 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
504 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
506 recipient address of message, use "@example.com" to match all messages for a domain
508 transport to use for messages, empty string sets the default behaviour
512Dump a message from the queue.
514The message is printed to stdout and is in standard internet mail format.
516 usage: mox queue dump id
518# mox queue retired list
520List matching messages in the retired queue.
522Prints messages with their ID and results.
524 usage: mox queue retired list [filtersortflags]
526 account that queued the message
528 sort ascending instead of descending (default)
530 from address of message, use "@example.com" to match all messages for a domain
532 comma-separated list of retired message IDs
534 filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
536 number of messages to return
538 "success" or "failure" as result of delivery
540 field to sort by, "lastactivity" (default) or "queued"
542 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
544 recipient address of message, use "@example.com" to match all messages for a domain
546 transport to use for messages, empty string sets the default behaviour
548# mox queue retired print
550Print a message from the retired queue.
552Prints a JSON representation of the information from the retired queue.
554 usage: mox queue retired print id
556# mox queue suppress list
558Print addresses in suppression list.
560 usage: mox queue suppress list [-account account]
562 only show suppression list for this account
564# mox queue suppress add
566Add address to suppression list for account.
568 usage: mox queue suppress add account address
570# mox queue suppress remove
572Remove address from suppression list for account.
574 usage: mox queue suppress remove account address
576# mox queue suppress lookup
578Check if address is present in suppression list, for any or specific account.
580 usage: mox queue suppress lookup [-account account] address
582 only check address in specified account
584# mox queue webhook list
586List matching webhooks in the queue.
588Prints list of webhooks, their IDs and basic information.
590 usage: mox queue webhook list [filtersortflags]
592 account that queued the message/webhook
594 sort ascending instead of descending (default)
596 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
598 comma-separated list of webhook IDs
600 number of webhooks to return
602 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
604 field to sort by, "nextattempt" (default) or "queued"
606 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
608# mox queue webhook schedule
610Change next delivery attempt for matching webhooks.
612The next delivery attempt is adjusted by the duration parameter. If the -now
613flag is set, the new delivery attempt is set to the duration added to the
614current time, instead of added to the current scheduled time.
616Schedule immediate delivery with "mox queue schedule -now 0".
618 usage: mox queue webhook schedule [filterflags] duration
620 account that queued the message/webhook
622 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
624 comma-separated list of webhook IDs
626 number of webhooks to return
628 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
630 schedule for duration relative to current time instead of relative to current next delivery attempt for webhooks
632 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
634# mox queue webhook cancel
636Fail delivery of matching webhooks.
638 usage: mox queue webhook cancel [filterflags]
640 account that queued the message/webhook
642 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
644 comma-separated list of webhook IDs
646 number of webhooks to return
648 filter by time of next delivery attempt relative to now, value must start with "<" (before now) or ">" (after now)
650 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
652# mox queue webhook print
654Print details of a webhook from the queue.
656The webhook is printed to stdout as JSON.
658 usage: mox queue webhook print id
660# mox queue webhook retired list
662List matching webhooks in the retired queue.
664Prints list of retired webhooks, their IDs and basic information.
666 usage: mox queue webhook retired list [filtersortflags]
668 account that queued the message/webhook
670 sort ascending instead of descending (default)
672 event this webhook is about: incoming, delivered, suppressed, delayed, failed, relayed, expanded, canceled, unrecognized
674 comma-separated list of retired webhook IDs
676 filter by time of last activity relative to now, value must start with "<" (before now) or ">" (after now)
678 number of webhooks to return
680 field to sort by, "lastactivity" (default) or "queued"
682 filter by time of submission relative to now, value must start with "<" (before now) or ">" (after now)
684# mox queue webhook retired print
686Print details of a webhook from the retired queue.
688The retired webhook is printed to stdout as JSON.
690 usage: mox queue webhook retired print id
694Import a maildir into an account.
696The mbox/maildir archive is accessed and imported by the running mox process, so
697it must have access to the archive files. The default suggested systemd service
698file isolates mox from most of the file system, with only the "data/" directory
699accessible, so you may want to put the mbox/maildir archive files in a
700directory like "data/import/" to make it available to mox.
702By default, messages will train the junk filter based on their flags and, if
703"automatic junk flags" configuration is set, based on mailbox naming.
705If the destination mailbox is the Sent mailbox, the recipients of the messages
706are added to the message metadata, causing later incoming messages from these
707recipients to be accepted, unless other reputation signals prevent that.
709Users can also import mailboxes/messages through the account web page by
710uploading a zip or tgz file with mbox and/or maildirs.
712Messages are imported even if already present. Importing messages twice will
713result in duplicate messages.
715Mailbox flags, like "seen", "answered", will be imported. An optional
716dovecot-keywords file can specify additional flags, like Forwarded/Junk/NotJunk.
718 usage: mox import maildir accountname mailboxname maildir
722Import an mbox into an account.
724Using mbox is not recommended, maildir is a better defined format.
726The mbox/maildir archive is accessed and imported by the running mox process, so
727it must have access to the archive files. The default suggested systemd service
728file isolates mox from most of the file system, with only the "data/" directory
729accessible, so you may want to put the mbox/maildir archive files in a
730directory like "data/import/" to make it available to mox.
732By default, messages will train the junk filter based on their flags and, if
733"automatic junk flags" configuration is set, based on mailbox naming.
735If the destination mailbox is the Sent mailbox, the recipients of the messages
736are added to the message metadata, causing later incoming messages from these
737recipients to be accepted, unless other reputation signals prevent that.
739Users can also import mailboxes/messages through the account web page by
740uploading a zip or tgz file with mbox and/or maildirs.
742Messages are imported even if already present. Importing messages twice will
743result in duplicate messages.
745 usage: mox import mbox accountname mailboxname mbox
749Export one or all mailboxes from an account in maildir format.
751Export bypasses a running mox instance. It opens the account mailbox/message
752database file directly. This may block if a running mox instance also has the
753database open, e.g. for IMAP connections. To export from a running instance, use
754the accounts web page or webmail.
756 usage: mox export maildir [-single] dst-dir account-path [mailbox]
758 export single mailbox, without any children. disabled if mailbox isn't specified.
762Export messages from one or all mailboxes in an account in mbox format.
764Using mbox is not recommended. Maildir is a better format.
766Export bypasses a running mox instance. It opens the account mailbox/message
767database file directly. This may block if a running mox instance also has the
768database open, e.g. for IMAP connections. To export from a running instance, use
769the accounts web page or webmail.
771For mbox export, "mboxrd" is used where message lines starting with the magic
772"From " string are escaped by prepending a >. All ">*From " are escaped,
773otherwise reconstructing the original could lose a ">".
775 usage: mox export mbox [-single] dst-dir account-path [mailbox]
777 export single mailbox, without any children. disabled if mailbox isn't specified.
781Start a local SMTP/IMAP server that accepts all messages, useful when testing/developing software that sends email.
783Localserve starts mox with a configuration suitable for local email-related
784software development/testing. It listens for SMTP/Submission(s), IMAP(s) and
785HTTP(s), on the regular port numbers + 1000.
787Data is stored in the system user's configuration directory under
788"mox-localserve", e.g. $HOME/.config/mox-localserve/ on linux, but can be
789overridden with the -dir flag. If the directory does not yet exist, it is
790automatically initialized with configuration files, an account with email
791address mox@localhost and password moxmoxmox, and a newly generated self-signed
794Incoming messages are delivered as normal, falling back to accepting and
795delivering to the mox account for unknown addresses.
796Submitted messages are added to the queue, which delivers by ignoring the
797destination servers, always connecting to itself instead.
799Recipient addresses with the following localpart suffixes are handled specially:
801- "temperror": fail with a temporary error code
802- "permerror": fail with a permanent error code
803- [45][0-9][0-9]: fail with the specific error code
804- "timeout": no response (for an hour)
806If the localpart begins with "mailfrom" or "rcptto", the error is returned
807during those commands instead of during "data".
809 usage: mox localserve
811 configuration storage directory (default "$userconfigdir/mox-localserve")
813 write configuration files and exit
815 serve on this ip instead of default 127.0.0.1 and ::1. only used when writing configuration, at first launch.
819Prints help about matching commands.
821If multiple commands match, they are listed along with the first line of their help text.
822If a single command matches, its usage and full help text is printed.
824 usage: mox help [command ...]
828Creates a backup of the config and data directory.
830Backup copies the config directory to <destdir>/config, and creates
831<destdir>/data with a consistent snapshot of the databases and message files
832and copies other files from the data directory. Empty directories are not
833copied. The backup can then be stored elsewhere for long-term storage, or used
834to fall back to should an upgrade fail. Simply copying files in the data
835directory while mox is running can result in unusable database files.
837Message files never change (they are read-only, though can be removed) and are
838hard-linked so they don't consume additional space. If hardlinking fails, for
839example when the backup destination directory is on a different file system, a
840regular copy is made. Using a destination directory like "data/tmp/backup"
841increases the odds hardlinking succeeds: the default systemd service file
842specifically mounts the data directory, causing attempts to hardlink outside it
843to fail with an error about cross-device linking.
845All files in the data directory that aren't recognized (i.e. other than known
846database files, message files, an acme directory, the "tmp" directory, etc),
847are stored, but with a warning.
849Remove files in the destination directory before doing another backup. The
850backup command will not overwrite files, but print and return errors.
852Exit code 0 indicates the backup was successful. A clean successful backup does
853not print any output, but may print warnings. Use the -verbose flag for
854details, including timing.
856To restore a backup, first shut down mox, move away the old data directory and
857move an earlier backed up directory in its place, run "mox verifydata
858<datadir>", possibly with the "-fix" option, and restart mox. After the
859restore, you may also want to run "mox bumpuidvalidity" for each account for
860which messages in a mailbox changed, to force IMAP clients to synchronize
863Before upgrading, to check if the upgrade will likely succeed, first make a
864backup, then use the new mox binary to run "mox verifydata <backupdir>/data".
865This can change the backup files (e.g. upgrade database files, move away
866unrecognized message files), so you should make a new backup before actually
869 usage: mox backup destdir
875Verify the contents of a data directory, typically of a backup.
877Verifydata checks all database files to see if they are valid BoltDB/bstore
878databases. It checks that all messages in the database have a corresponding
879on-disk message file and there are no unrecognized files. If option -fix is
880specified, unrecognized message files are moved away. This may be needed after
881a restore, because messages enqueued or delivered in the future may get those
882message sequence numbers assigned and writing the message file would fail.
883Consistency of message/mailbox UID, UIDNEXT and UIDVALIDITY is verified as
886Because verifydata opens the database files, schema upgrades may automatically
887be applied. This can happen if you use a new mox release. It is useful to run
888"mox verifydata" with a new binary before attempting an upgrade, but only on a
889copy of the database files, as made with "mox backup". Before upgrading, make a
890new backup again since "mox verifydata" may have upgraded the database files,
891possibly making them potentially no longer readable by the previous version.
893 usage: mox verifydata data-dir
895 fix fixable problems, such as moving away message files not referenced by their database
897 skip the check for message size
901Print licenses of mox source code and dependencies.
907Parses and validates the configuration files.
909If valid, the command exits with status 0. If not valid, all errors encountered
912 usage: mox config test
916Check the DNS records with the configuration for the domain, and print any errors/warnings.
918 usage: mox config dnscheck domain
920# mox config dnsrecords
922Prints annotated DNS records as zone file that should be created for the domain.
924The zone file can be imported into existing DNS software. You should review the
925DNS records, especially if your domain previously/currently has email
928 usage: mox config dnsrecords domain
930# mox config describe-domains
932Prints an annotated empty configuration for use as domains.conf.
934The domains configuration file contains the domains and their configuration,
935and accounts and their configuration. This includes the configured email
936addresses. The mox admin web interface, and the mox command line interface, can
937make changes to this file. Mox automatically reloads this file when it changes.
939Like the static configuration, the example domains.conf printed by this command
940needs modifications to make it valid.
942 usage: mox config describe-domains >domains.conf
944# mox config describe-static
946Prints an annotated empty configuration for use as mox.conf.
948The static configuration file cannot be reloaded while mox is running. Mox has
949to be restarted for changes to the static configuration file to take effect.
951This configuration file needs modifications to make it valid. For example, it
952may contain unfinished list items.
954 usage: mox config describe-static >mox.conf
956# mox config account add
958Add an account with an email address and reload the configuration.
960Email can be delivered to this address/account. A password has to be configured
961explicitly, see the setaccountpassword command.
963 usage: mox config account add account address
965# mox config account rm
967Remove an account and reload the configuration.
969Email addresses for this account will also be removed, and incoming email for
970these addresses will be rejected.
972All data for the account will be removed.
974 usage: mox config account rm account
976# mox config account disable
978Disable login for an account, showing message to users when they try to login.
980Incoming email will still be accepted for the account, and queued email from the
981account will still be delivered. No new login sessions are possible.
983Message must be non-empty, ascii-only without control characters including
984newline, and maximum 256 characters because it is used in SMTP/IMAP.
986 usage: mox config account disable account message
988# mox config account enable
990Enable login again for an account.
992Login attempts by the user no long result in an error message.
994 usage: mox config account enable account
996# mox config address add
998Adds an address to an account and reloads the configuration.
1000If address starts with a @ (i.e. a missing localpart), this is a catchall
1001address for the domain.
1003 usage: mox config address add address account
1005# mox config address rm
1007Remove an address and reload the configuration.
1009Incoming email for this address will be rejected after removing an address.
1011 usage: mox config address rm address
1013# mox config domain add
1015Adds a new domain to the configuration and reloads the configuration.
1017The account is used for the postmaster mailboxes the domain, including as DMARC and
1018TLS reporting. Localpart is the "username" at the domain for this account. If
1019must be set if and only if account does not yet exist.
1021The domain can be created in disabled mode, preventing automatically requesting
1022TLS certificates with ACME, and rejecting incoming/outgoing messages involving
1023the domain, but allowing further configuration of the domain.
1025 usage: mox config domain add [-disabled] domain account [localpart]
1027 disable the new domain
1029# mox config domain rm
1031Remove a domain from the configuration and reload the configuration.
1033This is a dangerous operation. Incoming email delivery for this domain will be
1036 usage: mox config domain rm domain
1038# mox config domain disable
1040Disable a domain and reload the configuration.
1042This is a dangerous operation. Incoming/outgoing messages involving this domain
1045 usage: mox config domain disable domain
1047# mox config domain enable
1049Enable a domain and reload the configuration.
1051Incoming/outgoing messages involving this domain will be accepted again.
1053 usage: mox config domain enable domain
1055# mox config tlspubkey list
1057List TLS public keys for TLS client certificate authentication.
1059If account is absent, the TLS public keys for all accounts are listed.
1061 usage: mox config tlspubkey list [account]
1063# mox config tlspubkey get
1065Get a TLS public key for a fingerprint.
1067Prints the type, name, account and address for the key, and the certificate in
1070 usage: mox config tlspubkey get fingerprint
1072# mox config tlspubkey add
1074Add a TLS public key to the account of the given address.
1076The public key is read from the certificate.
1078The optional name is a human-readable descriptive name of the key. If absent,
1079the CommonName from the certificate is used.
1081 usage: mox config tlspubkey add address [name] < cert.pem
1083 Don't automatically switch new IMAP connections authenticated with this key to "authenticated" state after the TLS handshake. For working around clients that ignore the untagged IMAP PREAUTH response and try to authenticate while already authenticated.
1085# mox config tlspubkey rm
1087Remove TLS public key for fingerprint.
1089 usage: mox config tlspubkey rm fingerprint
1091# mox config tlspubkey gen
1093Generate an ed25519 private key and minimal certificate for use a TLS public key and write to files starting with stem.
1095The private key is written to $stem.$timestamp.ed25519privatekey.pkcs8.pem.
1096The certificate is written to $stem.$timestamp.certificate.pem.
1097The private key and certificate are also written to
1098$stem.$timestamp.ed25519privatekey-certificate.pem.
1100The certificate can be added to an account with "mox config account tlspubkey add".
1102The combined file can be used with "mox sendmail".
1104The private key is also written to standard error in raw-url-base64-encoded
1105form, also for use with "mox sendmail". The fingerprint is written to standard
1106error too, for reference.
1108 usage: mox config tlspubkey gen stem
1110# mox config alias list
1112Show aliases (lists) for domain.
1114 usage: mox config alias list domain
1116# mox config alias print
1118Print settings and members of alias (list).
1120 usage: mox config alias print alias
1122# mox config alias add
1124Add new alias (list) with one or more addresses and public posting enabled.
1126An alias is used for delivering incoming email to multiple recipients. If you
1127want to add an address to an account, don't use an alias, just add the address
1130 usage: mox config alias add alias@domain rcpt1@domain ...
1132# mox config alias update
1134Update alias (list) configuration.
1136 usage: mox config alias update alias@domain [-postpublic false|true -listmembers false|true -allowmsgfrom false|true]
1137 -allowmsgfrom string
1138 whether alias address can be used in message from header
1140 whether list members can list members
1142 whether anyone or only list members can post
1144# mox config alias rm
1148 usage: mox config alias rm alias@domain
1150# mox config alias addaddr
1152Add addresses to alias (list).
1154 usage: mox config alias addaddr alias@domain rcpt1@domain ...
1156# mox config alias rmaddr
1158Remove addresses from alias (list).
1160 usage: mox config alias rmaddr alias@domain rcpt1@domain ...
1162# mox config describe-sendmail
1164Describe configuration for mox when invoked as sendmail.
1166 usage: mox config describe-sendmail >/etc/moxsubmit.conf
1168# mox config printservice
1170Prints a systemd unit service file for mox.
1172This is the same file as generated using quickstart. If the systemd service file
1173has changed with a newer version of mox, use this command to generate an up to
1176 usage: mox config printservice >mox.service
1178# mox config ensureacmehostprivatekeys
1180Ensure host private keys exist for TLS listeners with ACME.
1182In mox.conf, each listener can have TLS configured. Long-lived private key files
1183can be specified, which will be used when requesting ACME certificates.
1184Configuring these private keys makes it feasible to publish DANE TLSA records
1185for the corresponding public keys in DNS, protected with DNSSEC, allowing TLS
1186certificate verification without depending on a list of Certificate Authorities
1187(CAs). Previous versions of mox did not pre-generate private keys for use with
1188ACME certificates, but would generate private keys on-demand. By explicitly
1189configuring private keys, they will not change automatedly with new
1190certificates, and the DNS TLSA records stay valid.
1192This command looks for listeners in mox.conf with TLS with ACME configured. For
1193each missing host private key (of type rsa-2048 and ecdsa-p256) a key is written
1194to config/hostkeys/. If a certificate exists in the ACME "cache", its private
1195key is copied. Otherwise a new private key is generated. Snippets for manually
1196updating/editing mox.conf are printed.
1198After running this command, and updating mox.conf, run "mox config dnsrecords"
1199for a domain and create the TLSA DNS records it suggests to enable DANE.
1201 usage: mox config ensureacmehostprivatekeys
1205List available config examples, or print a specific example.
1207 usage: mox config example [name]
1209# mox admin imapserve
1211Initiate a preauthenticated IMAP connection on file descriptor 0.
1213For use with tools that can do IMAP over tunneled connections, e.g. with SSH
1214during migrations. TLS is not possible on the connection, and authentication
1215does not require TLS.
1217 usage: mox admin imapserve preauth-address
1219 write IMAP to file descriptor 0 instead of stdout
1223Check if a newer version of mox is available.
1225A single DNS TXT lookup to _updates.xmox.nl tells if a new version is
1226available. If so, a changelog is fetched from https://updates.xmox.nl, and the
1227individual entries verified with a builtin public key. The changelog is
1230 usage: mox checkupdate
1234Turn an ID from a Received header into a cid, for looking up in logs.
1236A cid is essentially a connection counter initialized when mox starts. Each log
1237line contains a cid. Received headers added by mox contain a unique ID that can
1238be decrypted to a cid by admin of a mox instance only.
1244Print the configuration for email clients for a domain.
1246Sending email is typically not done on the SMTP port 25, but on submission
1247ports 465 (with TLS) and 587 (without initial TLS, but usually added to the
1248connection with STARTTLS). For IMAP, the port with TLS is 993 and without is
1251Without TLS/STARTTLS, passwords are sent in clear text, which should only be
1252configured over otherwise secured connections, like a VPN.
1254 usage: mox clientconfig domain
1258Dial the address using TLS with certificate verification using DANE.
1260Data is copied between connection and stdin/stdout until either side closes the
1263 usage: mox dane dial host:port
1265 allowed usages for dane, comma-separated list (default "pkix-ta,pkix-ee,dane-ta,dane-ee")
1269Connect to MX server for domain using STARTTLS verified with DANE.
1271If no destination host is specified, regular delivery logic is used to find the
1272hosts to attempt delivery too. This involves following CNAMEs for the domain,
1273looking up MX records, and possibly falling back to the domain name itself as
1276If a destination host is specified, that is the only candidate host considered
1279With a list of destinations gathered, each is dialed until a successful SMTP
1280session verified with DANE has been initialized, including EHLO and STARTTLS
1283Once connected, data is copied between connection and stdin/stdout, until
1284either side closes the connection.
1286This command follows the same logic as delivery attempts made from the queue,
1287sharing most of its code.
1289 usage: mox dane dialmx domain [destination-host]
1290 -ehlohostname string
1291 hostname to send in smtp ehlo command (default "localhost")
1293# mox dane makerecord
1295Print TLSA record for given certificate/key and parameters.
1298- usage: pkix-ta (0), pkix-ee (1), dane-ta (2), dane-ee (3)
1299- selector: cert (0), spki (1)
1300- matchtype: full (0), sha2-256 (1), sha2-512 (2)
1302Common DANE TLSA record parameters are: dane-ee spki sha2-256, or 3 1 1,
1303followed by a sha2-256 hash of the DER-encoded "SPKI" (subject public key info)
1304from the certificate. An example DNS zone file entry:
1306 _25._tcp.example.com. TLSA 3 1 1 133b919c9d65d8b1488157315327334ead8d83372db57465ecabf53ee5748aee
1308The first usable information from the pem file is used to compose the TLSA
1309record. In case of selector "cert", a certificate is required. Otherwise the
1310"subject public key info" (spki) of the first certificate or public or private
1311key (pkcs#8, pkcs#1 or ec private key) is used.
1313 usage: mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
1317Lookup DNS name of given type.
1319Lookup always prints whether the response was DNSSEC-protected.
1323mox dns lookup ptr 1.1.1.1
1324mox dns lookup mx xmox.nl
1325mox dns lookup txt _dmarc.xmox.nl.
1326mox dns lookup tlsa _25._tcp.xmox.nl
1328 usage: mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
1330# mox dkim gened25519
1332Generate a new ed25519 key for use with DKIM.
1334Ed25519 keys are much smaller than RSA keys of comparable cryptographic
1335strength. This is convenient because of maximum DNS message sizes. At the time
1336of writing, not many mail servers appear to support ed25519 DKIM keys though,
1337so it is recommended to sign messages with both RSA and ed25519 keys.
1339 usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
1343Generate a new 2048 bit RSA private key for use with DKIM.
1345The generated file is in PEM format, and has a comment it is generated for use
1348 usage: mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
1352Lookup and print the DKIM record for the selector at the domain.
1354 usage: mox dkim lookup selector domain
1358Print a DKIM DNS TXT record with the public key derived from the private key read from stdin.
1360The DNS should be configured as a TXT record at $selector._domainkey.$domain.
1362 usage: mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
1366Verify the DKIM signatures in a message and print the results.
1368The message is parsed, and the DKIM-Signature headers are validated. Validation
1369of older messages may fail because the DNS records have been removed or changed
1370by now, or because the signature header may have specified an expiration time
1373 usage: mox dkim verify message
1377Sign a message, adding DKIM-Signature headers based on the domain in the From header.
1379The message is parsed, the domain looked up in the configuration files, and
1380DKIM-Signature headers generated. The message is printed with the DKIM-Signature
1383 usage: mox dkim sign message
1387Lookup dmarc policy for domain, a DNS TXT record at _dmarc.<domain>, validate and print it.
1389 usage: mox dmarc lookup domain
1391# mox dmarc parsereportmsg
1393Parse a DMARC report from an email message, and print its extracted details.
1395DMARC reports are periodically mailed, if requested in the DMARC DNS record of
1396a domain. Reports are sent by mail servers that received messages with our
1397domain in a From header. This may or may not be legatimate email. DMARC reports
1398contain summaries of evaluations of DMARC and DKIM/SPF, which can help
1399understand email deliverability problems.
1401 usage: mox dmarc parsereportmsg message ...
1405Parse an email message and evaluate it against the DMARC policy of the domain in the From-header.
1407mailfromaddress and helodomain are used for SPF validation. If both are empty,
1408SPF validation is skipped.
1410mailfromaddress should be the address used as MAIL FROM in the SMTP session.
1411For DSN messages, that address may be empty. The helo domain was specified at
1412the beginning of the SMTP transaction that delivered the message. These values
1413can be found in message headers.
1415 usage: mox dmarc verify remoteip mailfromaddress helodomain < message
1417# mox dmarc checkreportaddrs
1419For each reporting address in the domain's DMARC record, check if it has opted into receiving reports (if needed).
1421A DMARC record can request reports about DMARC evaluations to be sent to an
1422email/http address. If the organizational domains of that of the DMARC record
1423and that of the report destination address do not match, the destination
1424address must opt-in to receiving DMARC reports by creating a DMARC record at
1425<dmarcdomain>._report._dmarc.<reportdestdomain>.
1427 usage: mox dmarc checkreportaddrs domain
1431Test if IP is in the DNS blocklist of the zone, e.g. bl.spamcop.net.
1433If the IP is in the blocklist, an explanation is printed. This is typically a
1434URL with more information.
1436 usage: mox dnsbl check zone ip
1438# mox dnsbl checkhealth
1440Check the health of the DNS blocklist represented by zone, e.g. bl.spamcop.net.
1442The health of a DNS blocklist can be checked by querying for 127.0.0.1 and
1443127.0.0.2. The second must and the first must not be present.
1445 usage: mox dnsbl checkhealth zone
1449Lookup the MTASTS record and policy for the domain.
1451MTA-STS is a mechanism for a domain to specify if it requires TLS connections
1452for delivering email. If a domain has a valid MTA-STS DNS TXT record at
1453_mta-sts.<domain> it signals it implements MTA-STS. A policy can then be
1454fetched at https://mta-sts.<domain>/.well-known/mta-sts.txt. The policy
1455specifies the mode (enforce, testing, none), which MX servers support TLS and
1456should be used, and how long the policy can be cached.
1458 usage: mox mtasts lookup domain
1462Lookup the age of domain in RDAP based on latest registration.
1464RDAP is the registration data access protocol. Registries run RDAP services for
1465their top level domains, providing information such as the registration date of
1466domains. This command looks up the "age" of a domain by looking at the most
1467recent "registration", "reregistration" or "reinstantiation" event.
1469Email messages from recently registered domains are often treated with
1470suspicion, and some mail systems are more likely to classify them as junk.
1472On each invocation, a bootstrap file with a list of registries (of top-level
1473domains) is retrieved, without caching. Do not run this command too often with
1476 usage: mox rdap domainage domain
1480Recreate and retrain the junk filter for the account or all accounts.
1482Useful after having made changes to the junk filter configuration, or if the
1483implementation has changed.
1485 usage: mox retrain [accountname]
1489Sendmail is a drop-in replacement for /usr/sbin/sendmail to deliver emails sent by unix processes like cron.
1491If invoked as "sendmail", it will act as sendmail for sending messages. Its
1492intention is to let processes like cron send emails. Messages are submitted to
1493an actual mail server over SMTP. The destination mail server and credentials are
1494configured in /etc/moxsubmit.conf, see mox config describe-sendmail. The From
1495message header is rewritten to the configured address. When the addressee
1496appears to be a local user, because without @, the message is sent to the
1497configured default address.
1499If submitting an email fails, it is added to a directory moxsubmit.failures in
1500the user's home directory.
1502Most flags are ignored to fake compatibility with other sendmail
1503implementations. A single recipient or the -t flag with a To-header is required.
1504With the -t flag, Cc and Bcc headers are not handled specially, so Bcc is not
1505removed and the addresses do not receive the email.
1507/etc/moxsubmit.conf should be group-readable and not readable by others and this
1508binary should be setgid that group:
1511 install -m 2755 -o root -g moxsubmit mox /usr/sbin/sendmail
1512 touch /etc/moxsubmit.conf
1513 chown root:moxsubmit /etc/moxsubmit.conf
1514 chmod 640 /etc/moxsubmit.conf
1515 # edit /etc/moxsubmit.conf
1518 usage: mox sendmail [-Fname] [ignoredflags] [-t] [<message]
1522Check the status of IP for the policy published in DNS for the domain.
1524IPs may be allowed to send for a domain, or disallowed, and several shades in
1525between. If not allowed, an explanation may be provided by the policy. If so,
1526the explanation is printed. The SPF mechanism that matched (if any) is also
1529 usage: mox spf check domain ip
1533Lookup the SPF record for the domain and print it.
1535 usage: mox spf lookup domain
1539Parse the record as SPF record. If valid, nothing is printed.
1541 usage: mox spf parse txtrecord
1545Lookup the TLSRPT record for the domain.
1547A TLSRPT record typically contains an email address where reports about TLS
1548connectivity should be sent. Mail servers attempting delivery to our domain
1549should attempt to use TLS. TLSRPT lets them report how many connection
1550successfully used TLS, and how what kind of errors occurred otherwise.
1552 usage: mox tlsrpt lookup domain
1554# mox tlsrpt parsereportmsg
1556Parse and print the TLSRPT in the message.
1558The report is printed in formatted JSON.
1560 usage: mox tlsrpt parsereportmsg message ...
1564Prints this mox version.
1570Lists available methods, prints request/response parameters for method, or calls a method with a request read from standard input.
1572 usage: mox webapi [method [baseurl-with-credentials]
1576List available examples, or print a specific example.
1578 usage: mox example [name]
1580# mox bumpuidvalidity
1582Change the IMAP UID validity of the mailbox, causing IMAP clients to refetch messages.
1584This can be useful after manually repairing metadata about the account/mailbox.
1586Opens account database file directly. Ensure mox does not have the account
1587open, or is not running.
1589 usage: mox bumpuidvalidity account [mailbox]
1593Reassign UIDs in one mailbox or all mailboxes in an account and bump UID validity, causing IMAP clients to refetch messages.
1595Opens account database file directly. Ensure mox does not have the account
1596open, or is not running.
1598 usage: mox reassignuids account [mailboxid]
1602Fix inconsistent UIDVALIDITY and UIDNEXT in messages/mailboxes/account.
1604The next UID to use for a message in a mailbox should always be higher than any
1605existing message UID in the mailbox. If it is not, the mailbox UIDNEXT is
1608Each mailbox has a UIDVALIDITY sequence number, which should always be lower
1609than the per-account next UIDVALIDITY to use. If it is not, the account next
1610UIDVALIDITY is updated.
1612Opens account database file directly. Ensure mox does not have the account
1613open, or is not running.
1615 usage: mox fixuidmeta account
1619Ensure message sizes in the database matching the sum of the message prefix length and on-disk file size.
1621Messages with an inconsistent size are also parsed again.
1623If an inconsistency is found, you should probably also run "mox
1624bumpuidvalidity" on the mailboxes or entire account to force IMAP clients to
1627 usage: mox fixmsgsize [account]
1631Parse all messages in the account or all accounts again.
1633Can be useful after upgrading mox with improved message parsing. Messages are
1634parsed in batches, so other access to the mailboxes/messages are not blocked
1635while reparsing all messages.
1637 usage: mox reparse [account]
1641Ensure messages in the database have a pre-parsed MIME form in the database.
1643 usage: mox ensureparsed account
1645 store new parsed message for all messages
1647# mox recalculatemailboxcounts
1649Recalculate message counts for all mailboxes in the account, and total message size for quota.
1651When a message is added to/removed from a mailbox, or when message flags change,
1652the total, unread, unseen and deleted messages are accounted, the total size of
1653the mailbox, and the total message size for the account. In case of a bug in
1654this accounting, the numbers could become incorrect. This command will find, fix
1657 usage: mox recalculatemailboxcounts account
1661Parse message, print JSON representation.
1663 usage: mox message parse message.eml
1665 check if message needs smtputf8
1667# mox reassignthreads
1669Reassign message threads.
1671For all accounts, or optionally only the specified account.
1673Threading for all messages in an account is first reset, and new base subject
1674and normalized message-id saved with the message. Then all messages are
1675evaluated and matched against their parents/ancestors.
1677Messages are matched based on the References header, with a fall-back to an
1678In-Reply-To header, and if neither is present/valid, based only on base
1681A References header typically points to multiple previous messages in a
1682hierarchy. From oldest ancestor to most recent parent. An In-Reply-To header
1683would have only a message-id of the parent message.
1685A message is only linked to a parent/ancestor if their base subject is the
1686same. This ensures unrelated replies, with a new subject, are placed in their
1689The base subject is lower cased, has whitespace collapsed to a single
1690space, and some components removed: leading "Re:", "Fwd:", "Fw:", or bracketed
1691tag (that mailing lists often add, e.g. "[listname]"), trailing "(fwd)", or
1692enclosing "[fwd: ...]".
1694Messages are linked to all their ancestors. If an intermediate parent/ancestor
1695message is deleted in the future, the message can still be linked to the earlier
1696ancestors. If the direct parent already wasn't available while matching, this is
1697stored as the message having a "missing link" to its stored ancestors.
1699 usage: mox reassignthreads [account]
1703// NOTE: DO NOT EDIT, this file is generated by gendoc.sh.