-.TH MSGCHK %manext1% "April 14, 2013" "%nmhversion%"
+.TH MSGCHK %manext1% "October 9, 2016" "%nmhversion%"
.\"
.\" %nmhwarning%
.\"
.HP 5
.na
.B msgchk
+.RB [ \-help ]
+.RB [ \-version ]
.RB [ \-date " | " \-nodate ]
.RB [ \-notify
all/mail/nomail ]
.IR hostname ]
.RB [ \-user
.IR username ]
-.RB [ \-sasl ]
+.RB [ \-sasl " | " \-nosasl ]
.RB [ \-saslmech
.IR mechanism ]
+.RB [ \-initialtls ]
+.RB [ \-notls ]
+.RB [ \-certverify " | " \-nocertverify ]
+.RB [ \-authservice
+.IR service ]
.RB [ \-snoop ]
.RI [ users
\&... ]
-.RB [ \-version ]
-.RB [ \-help ]
.ad
.SH DESCRIPTION
The
To specify a username for authentication with the POP server, use the
.B \-user
.I username
-switch. The credentials profile entry in the mh_profile(5) man page
+switch. The credentials profile entry in the mh\-profile(5) man page
describes the ways to supply a username and password.
.PP
For debugging purposes, there is also a switch
.BR \-snoop ,
which will
allow you to watch the POP transaction take place between you and the
-POP server.
+POP server. If
+.B \-sasl \-saslmech xoauth2
+is used, the HTTP transaction is also shown.
.PP
If
.B nmh
switch can be used to select a particular SASL mechanism.
.PP
If SASL authentication is successful,
-.B inc
+.B msgchk
will attempt to negotiate
a security layer for session encryption. Encrypted traffic is labelled
with `(encrypted)' and `(decrypted)' when viewing the POP transaction
with the
.B \-snoop
-switch.
+switch; see the
+.B post
+man page description of
+.B \-snoop
+for its other features.
+.PP
+If
+.B nmh
+has been compiled with OAuth support, the
+.B \-sasl \-saslmech xoauth2
+switch will enable OAuth authentication. The
+.B \-user
+switch must be used, and the
+.I user-name
+must be an email address the user has for the service, which must
+be specified with the
+.B \-authservice
+.I service
+switch. Before using this, the user must authorize nmh by running
+.B mhlogin
+and grant authorization to that account. See the
+.B mhlogin
+man page for more details.
+.PP
+If
+.B nmh
+has been compiled with TLS support, the
+.B \-initialtls
+switch will require the negotiation of TLS when connecting
+to the remote POP server. The
+.B \-initialtls
+switch will negotiate TLS immediately after the connection has taken place,
+before any POP commands are sent or received. Data encrypted by TLS is
+labeled `(tls-encrypted)' and `(tls-decrypted)` with viewing the POP
+transaction with the
+.B \-snoop
+switch. The
+.B \-notls
+switch will disable all attempts to negotiate TLS.
+.PP
+When using TLS the default is to verify the remote certificate and SubjectName
+against the local trusted certificate store. This can be controlled by
+the
+.B \-certverify
+and
+.B \-nocertverify
+switches. See your OpenSSL documentation for more information on certificate
+verification.
.SH FILES
.fc ^ ~
.nf
-.ta \w'%etcdir%/ExtraBigFileName 'u
+.ta \w'%nmhetcdir%/ExtraBigFileName 'u
^$HOME/\&.mh\(ruprofile~^The user profile
-^%etcdir%/mts.conf~^nmh mts configuration file
+^%nmhetcdir%/mts.conf~^nmh mts configuration file
^%mailspool%/$USER~^Location of mail drop
.fi
.SH "PROFILE COMPONENTS"
.SH "SEE ALSO"
.IR inc (1),
.IR mh\-mail (5)
+.IR post (8)
.SH DEFAULTS
.nf
.RB ` user "' defaults to the current user"
projects / nmh / blobdiff