Important
This README documents Himalaya v2, which is not yet released. If you are running v1 (himalaya v1.2.0 or earlier), refer to the v1.2.0 README instead. The MIGRATION.md guide walks v1 users through the breaking changes.
- Shared API that maps
mailboxes,envelopes,flags,messagesandattachmentsto the active backend - Protocol-specific APIs exposing each backend's full surface (
himalaya imap/smtp/maildir/jmap…) - Remote backend support: IMAP, SMTP, JMAP
- Local (filesystem) backends support: Maildir specs, m2dir specs
- Simple auth support for IMAP/SMTP: anonymous, login, plain, oauthbearer, xoauth2, scram-sha-256
- HTTP auth support for JMAP: basic, bearer
- TLS support:
- Rustls with ring crypto
- Rustls with aws crypto (requires
rustls-awsfeature) - Native TLS (requires
native-tlsfeature)
- Discovery support:
- TOML configuration with multi-account support
- Shared configuration file with
himalaya-tui: same[accounts.<name>]blocks load on both binaries (see Configuration) - JSON output via
--json
Tip
Himalaya is written in Rust and uses cargo features to gate backend support. The default feature set is declared in Cargo.toml.
Himalaya can be installed with the installer:
As root:
curl -sSL https://raw.githubusercontent.com/pimalaya/himalaya/master/install.sh | sudo sh
As a regular user:
curl -sSL https://raw.githubusercontent.com/pimalaya/himalaya/master/install.sh | PREFIX=~/.local sh
These commands install the latest binary from the GitHub releases section.
For a more up-to-date version than the latest release, check out the releases GitHub workflow and look for the Artifacts section. These pre-built binaries are built from the master branch.
Note
Such binaries are built with the default cargo features. If you need specific features, please use another installation method.
cargo install --locked --git https://github.com/pimalaya/himalaya.git
With only IMAP+SMTP support:
cargo install --locked --git https://github.com/pimalaya/himalaya.git \
--no-default-features \
--features imap,smtp,rustls-ring
From the community repository:
pacman -S himalaya
Or the user repository:
git clone https://aur.archlinux.org/himalaya-git.git
cd himalaya-git
makepkg -isc
Or with yay:
yay -S himalaya-git
brew install himalaya
Note
Cargo features are not compatible with brew. If you need a different feature set, please use another installation method.
scoop install himalaya
From the COPR repo:
dnf copr enable atim/himalaya
dnf install himalaya
If you have the Flakes feature enabled:
nix profile install github:pimalaya/himalaya
Or run without installing:
nix run github:pimalaya/himalaya
git clone https://github.com/pimalaya/himalaya
cd himalaya
nix run
Run himalaya. With no configuration file on disk the wizard prompts for an account name and an email address, runs provider discovery (PACC, then Thunderbird Autoconfiguration, then RFC 6186 SRV), fills the IMAP/SMTP (or JMAP) prompts with the discovered defaults, then writes the result to disk.
A persistent configuration is loaded from the first valid path among:
$XDG_CONFIG_HOME/himalaya/config.toml$HOME/.config/himalaya/config.toml$HOME/.himalayarc
These are the same paths the himalaya-tui TUI looks at: one TOML file backs both binaries. CLI-only fields and TUI-only sections coexist without errors. See config.sample.toml for a documented template.
Override the path with -c <PATH>; multiple paths can be passed at once, separated by :. The first one is the base and the rest are deep-merged on top.
Accounts can be (re)configured later with himalaya account configure <name>. The wizard skips discovery in this mode: it reuses the existing values as prompt defaults.
Proton does not expose IMAP/SMTP directly: run Proton Bridge, which synchronizes mail locally and serves it on a local IMAP/SMTP endpoint. The password is the one generated by the Bridge, not your Proton account password.
[accounts.proton]
imap.server = "imap://127.0.0.1:1143"
imap.sasl.plain.username = "example@proton.me"
imap.sasl.plain.password.command = "pass show proton-bridge"
smtp.server = "smtp://127.0.0.1:1025"
smtp.sasl.plain.username = "example@proton.me"
smtp.sasl.plain.password.command = "pass show proton-bridge"To keep TLS on the local link, export the certificate generated by the Bridge and enable STARTTLS:
imap.starttls = true
imap.tls.cert = "/path/to/exported/cert.pem"
smtp.starttls = true
smtp.tls.cert = "/path/to/exported/cert.pem"Gmail rejects the account password over SASL PLAIN: generate an app password (requires 2-step verification) and feed it through password.command or password.raw.
[accounts.gmail]
default = true
imap.server = "imaps://imap.gmail.com:993"
imap.sasl.plain.username = "example@gmail.com"
imap.sasl.plain.password.command = "pass show gmail"
smtp.server = "smtps://smtp.gmail.com:465"
smtp.sasl.plain.username = "example@gmail.com"
smtp.sasl.plain.password.command = "pass show gmail"
mailbox.alias.inbox = "INBOX"
mailbox.alias.sent = "[Gmail]/Sent Mail"
mailbox.alias.drafts = "[Gmail]/Drafts"
mailbox.alias.trash = "[Gmail]/Trash"
mailbox.alias.archive = "[Gmail]/All Mail"Every Gmail label shows up as a top-level IMAP mailbox, and the special mailboxes live under the [Gmail]/ prefix — quote them in the shell (-m "[Gmail]/Drafts") or reach them through an alias. [Gmail]/All Mail is the archive containing every message: aliasing it makes "search everything" one flag away (himalaya envelope search -m archive ...).
Microsoft has retired basic authentication: use OAuth 2.0 via oauthbearer or xoauth2, with the access token supplied by an external helper such as ortie.
[accounts.outlook]
imap.server = "imaps://outlook.office365.com:993"
imap.sasl.xoauth2.username = "example@outlook.com"
imap.sasl.xoauth2.token.command = ["ortie", "token", "read", "outlook"]
smtp.server = "smtp://smtp-mail.outlook.com:587"
smtp.starttls = true
smtp.sasl.xoauth2.username = "example@outlook.com"
smtp.sasl.xoauth2.token.command = ["ortie", "token", "read", "outlook"]From the iCloud Mail support page: the IMAP login is the name of your address (johnappleseed, not johnappleseed@icloud.com) while the SMTP login is the full address, and a dedicated app-specific password is required.
[accounts.icloud]
imap.server = "imaps://imap.mail.me.com:993"
imap.sasl.plain.username = "johnappleseed"
imap.sasl.plain.password.command = "pass show icloud"
smtp.server = "smtp://smtp.mail.me.com:587"
smtp.starttls = true
smtp.sasl.plain.username = "johnappleseed@icloud.com"
smtp.sasl.plain.password.command = "pass show icloud"
mailbox.alias.sent = "Sent Messages"Backend-agnostic commands operate on the account's first configured backend, or the one selected with -b/--backend:
himalaya mailbox list
himalaya envelope list -m INBOX --page 2
himalaya envelope search from alice and after 2026-01-01 order by date desc
himalaya flag add -m INBOX --flag seen 1:3,5
himalaya message copy --from INBOX --to Archives 42
himalaya attachment download -m INBOX 42
When the inbox alias is configured under [mailbox.alias], -m/--mailbox becomes optional: shared commands fall back to that id. With [mailbox.alias] inbox = "INBOX", the calls above shorten to envelope list --page 2, flag add --flag seen 1:3,5, etc.
envelope list is plain pagination, ordered by date descending. To filter or sort, use envelope search with a trailing query covering date, after, from, to, subject, body, flag conditions (combined with and, or, not, grouped with parens) and an order by date|from|to|subject [asc|desc] sort chain. Date clauses target the Date: header (sent-at) on every backend. The full grammar lives in himalaya envelope search --help, which is the source of truth for the query DSL.
The query DSL is himalaya's own and compiles to each backend's native search: provider-specific operators (Gmail's in:/label: syntax, X-GM-RAW, …) are not supported. On IMAP the search currently runs server-side as UID SORT, so it requires the SORT capability — servers without it (notably Gmail) reject the command for now (see #698).
The shared surface is a strict least-common-denominator subset across IMAP, JMAP and Maildir. Operations that do not generalize (mailbox roles, attribute flags, JMAP-specific queries…) live under the protocol-specific subcommands.
Each backend exposes its full native API under its own subgroup:
himalaya imap mailbox select INBOX
himalaya imap mailbox status INBOX
himalaya imap mailbox subscribe INBOX
himalaya jmap mailboxes query --role drafts
himalaya jmap identity get
himalaya jmap vacation get
himalaya maildir create Archives
himalaya maildir messages save -m ~/Mail/example/Archives < message.eml
himalaya smtp messages send < message.eml
The -b/--backend flag is only consumed by the shared commands; protocol subcommands always use their own backend.
The built-in message compose / reply / forward commands cover simple cases via CLI flags:
himalaya message compose --from me@example.org --to you@example.org \
--subject "Hello" --body "Hi!" --send
For richer composition (multipart MIME, MML directives, signing/encryption, editor-driven workflows), chain a standalone composer such as mml into message send / message add through a tempfile or bash/zsh process substitution:
# Explicit tempfile, works in plain POSIX sh
mml compose /tmp/draft.eml && himalaya message send /tmp/draft.eml
# Bash / zsh process substitution, single command, no tempfile
mml compose >(himalaya message send)
himalaya message read 42 | mml reply >(himalaya message send)The path-arg or process-substitution forms keep the composer's stdout connected to the terminal, so any $EDITOR it spawns sees a real tty. The bare-pipe form (mml compose | himalaya message send) hangs because the editor inherits a pipe on its stdout.
A prepared RFC 5322 file can also be staged as a draft instead of sent right away — handy for "compose, review in another client, then send" workflows:
himalaya message add -m drafts --flag draft < message.eml # save as draft
himalaya message send --save sent < message.eml # send + keep a copyBoth -m/--save values are resolved through the account's [mailbox.alias] map.
himalaya message read <ID> renders headers and text bodies; --raw dumps the original RFC 5322 bytes; --json emits the parsed message. A few behaviours worth knowing, especially when scripting:
- Reading is side-effect-free: messages are fetched with
BODY.PEEK, somessage readnever sets\Seen. Mark explicitly withflag add --flag seen <ID>. - Ids are per-mailbox (IMAP UID, JMAP email id or Maildir filename id): the same message gets a new id when copied or moved. The
message-idfield exposed in--jsonenvelope output is the stable cross-mailbox key. - Every command accepts
--json; envelope listings serialize as{"envelopes": [{"id", "message-id", "flags": [{"raw", "iana"}], "subject", "from": [{"name", "email"}], "to", "date", "size", "has-attachment"}]}.
Each invocation opens a fresh TCP+TLS+SASL session by default. To amortize the handshake across many commands, pair himalaya with sirup: sirup exposes a pre-authenticated IMAP/SMTP session over a Unix socket, and himalaya can point its imap.server / smtp.server at that socket.
Himalaya CLI is one of several front-ends to the Pimalaya libraries:
- pimalaya/himalaya-tui: official TUI (in active development)
- pimalaya/himalaya-vim: Vim plugin
- dantecatalfamo/himalaya-emacs: Emacs plugin
- jns/himalaya: Raycast extension
- openclaw/openclaw: OpenClaw SKILL
- parisni/dfzf: dfzf integration
How different is it from aerc, mutt or alpine?
Aerc, mutt and alpine can be categorized as Terminal User Interfaces (TUI). When the program is executed, your terminal is locked into an event loop and you interact with your emails using keybinds.
Himalaya is a Command-Line Interface (CLI). There is no event loop: you interact with your emails using shell commands, in a stateless way.
A dedicated TUI (himalaya-tui) is in active development on top of the same Pimalaya libraries, and is definitely closer to aerc, mutt and alpine.
How are secrets resolved?
Every *.passwd / *.password / *.token field accepts either a raw literal or a shell command that prints the secret on stdout. The raw form is convenient for testing but should not be used in production:
imap.sasl.plain.passwd.raw = "***"
imap.sasl.plain.passwd.command = "pass show example"
imap.sasl.plain.passwd.command = ["pass", "show", "example"]Native keyring support was removed in v2. Use pimalaya/mimosa (or pass, secret-tool, gopass…) as the command.
How is OAuth 2.0 handled?
v2 does not ship OAuth flows. Use pimalaya/ortie (or any other token broker) to obtain an access token, then plug it as a command returning the token on stdout. For JMAP, point jmap.auth.bearer.token.command at the broker; for IMAP/SMTP, route the bearer through a SASL mechanism that consumes a command-sourced password.
How does the wizard discover IMAP/SMTP/JMAP configs?
The wizard runs three discovery mechanisms in series on the email address domain; the first non-empty hit wins:
- PACC draft-ietf-mailmaint-pacc-02: well-known JSON, digest-verified against the
_ua-auto-configTXT record. - Thunderbird Autoconfiguration: ISP main / well-known / ISPDB lookups, then MX-based retry, then the
mailconf=<URL>TXT redirect. - RFC 6186 SRV:
_imap._tcp,_imaps._tcp,_submission._tcplookups assembled into a single report.
See pimconf for the full chain.
How to debug Himalaya?
Use --log-level <level> (alias --log) where <level> is one of off, error, warn, info, debug, trace:
himalaya --log trace mailbox list
The RUST_LOG environment variable is consulted when --log is not passed, and supports per-target filters (see the env_logger documentation). RUST_BACKTRACE=1 enables full error backtraces.
Logs are written to stderr, so they can be redirected easily to a file:
himalaya --log trace mailbox list 2>/tmp/himalaya.log
You can also send logs straight to a file via --log-file <path>:
himalaya --log trace --log-file /tmp/himalaya.log mailbox list
How to disable color output?
Set NO_COLOR=1 in your environment.
This project is licensed under either of:
at your option.
This project is developed with AI assistance. This section documents how, so users and downstream packagers can make informed decisions.
-
Tools: Claude Code (Anthropic), Opus 4.7, invoked locally with a persistent project-scoped memory and a small set of repo-specific rules.
-
Used for: Refactors, mechanical multi-file edits, boilerplate (feature gates, error enums, derive macros, trait impls), test scaffolding, doc polish, exploratory design conversations.
-
Not used for: Engineering, critical code, git manipulation (commit, merge, rebase…), real-world tests.
-
Verification: Every AI-assisted change is read, compiled, tested, and formatted before commit (
nix develop --command cargo check / cargo test / cargo fmt). Behavioural correctness is verified against the relevant RFC or upstream spec, not assumed from the model output. Tests are never adjusted to fit AI-generated code; the code is adjusted to fit correct behaviour. -
Limitations: AI models occasionally produce code that compiles and passes tests but is subtly wrong: off-by-one errors, missed edge cases, plausible but nonexistent APIs, stale RFC references. The verification workflow catches most of this; it does not catch all of it. Bug reports are welcome and taken seriously.
-
Last reviewed: 31/05/2026
- Chat on Matrix
- News on Mastodon or RSS
- Mail at pimalaya.org@posteo.net
Special thanks to the NLnet foundation and the European Commission that have been financially supporting the project for years:
- 2022 → 2023: NGI Assure
- 2023 → 2024: NGI Zero Entrust
- 2024 → 2026: NGI Zero Core
- 2027 in preparation…
If you appreciate the project, feel free to donate using one of the following providers: