imap_open

(PHP 4, PHP 5, PHP 7, PHP 8)

imap_openOpen an IMAP stream to a mailbox

Description

imap_open(
    string $mailbox,
    string $user,
    string $password,
    int $flags = 0,
    int $retries = 0,
    array $options = []
): IMAP\Connection|false

Opens an IMAP stream to a mailbox.

This function can also be used to open streams to POP3 and NNTP servers, but some functions and features are only available on IMAP servers.

Parameters

mailbox

A mailbox name consists of a server and a mailbox path on this server. The special name INBOX stands for the current users personal mailbox. Mailbox names that contain international characters besides those in the printable ASCII space have to be encoded with imap_utf7_encode().

Warning

Passing untrusted data to this parameter is insecure, unless imap.enable_insecure_rsh is disabled.

The server part, which is enclosed in '{' and '}', consists of the servers name or ip address, an optional port (prefixed by ':'), and an optional protocol specification (prefixed by '/').

The server part is mandatory in all mailbox parameters.

All names which start with { are remote names, and are in the form "{" remote_system_name [":" port] [flags] "}" [mailbox_name] where:

  • remote_system_name - Internet domain name or bracketed IP address of server.
  • port - optional TCP port number, default is the default port for that service
  • flags - optional flags, see following table.
  • mailbox_name - remote mailbox name, default is INBOX

Optional flags for names
Flag Description
/service=service mailbox access service, default is "imap"
/user=user remote user name for login on the server
/authuser=user remote authentication user; if specified this is the user name whose password is used (e.g. administrator)
/anonymous remote access as anonymous user
/debug record protocol telemetry in application's debug log
/secure do not transmit a plaintext password over the network
/imap, /imap2, /imap2bis, /imap4, /imap4rev1 equivalent to /service=imap
/pop3 equivalent to /service=pop3
/nntp equivalent to /service=nntp
/norsh do not use rsh or ssh to establish a preauthenticated IMAP session
/ssl use the Secure Socket Layer to encrypt the session
/validate-cert validate certificates from TLS/SSL server (this is the default behavior)
/novalidate-cert do not validate certificates from TLS/SSL server, needed if server uses self-signed certificates
/tls force use of start-TLS to encrypt the session, and reject connection to servers that do not support it
/notls do not do start-TLS to encrypt the session, even with servers that support it
/readonly request read-only mailbox open (IMAP only; ignored on NNTP, and an error with SMTP and POP3)
user

The user name

password

The password associated with the user

flags

The flags are a bit mask with one or more of the following:

retries

Number of maximum connect attempts

options

Connection parameters, the following (string) keys maybe used to set one or more connection parameters:

  • DISABLE_AUTHENTICATOR - Disable authentication properties

Return Values

Returns an IMAP\Connection instance on success, or false on failure.

Changelog

Version Description
8.1.0 Returns an IMAP\Connection instance now; previously, a resource was returned.

Examples

Example #1 Different use of imap_open()

<?php
// To connect to an IMAP server running on port 143 on the local machine,
// do the following:
$mbox = imap_open("{localhost:143}INBOX", "user_id", "password");

// To connect to a POP3 server on port 110 on the local server, use:
$mbox = imap_open ("{localhost:110/pop3}INBOX", "user_id", "password");

// To connect to an SSL IMAP or POP3 server, add /ssl after the protocol
// specification:
$mbox = imap_open ("{localhost:993/imap/ssl}INBOX", "user_id", "password");

// To connect to an SSL IMAP or POP3 server with a self-signed certificate,
// add /ssl/novalidate-cert after the protocol specification:
$mbox = imap_open ("{localhost:995/pop3/ssl/novalidate-cert}", "user_id", "password");

// To connect to an NNTP server on port 119 on the local server, use:
$nntp = imap_open ("{localhost:119/nntp}comp.test", "", "");
// To connect to a remote server replace "localhost" with the name or the
// IP address of the server you want to connect to.
?>

Example #2 imap_open() example

<?php
$mbox
= imap_open("{imap.example.org:143}", "username", "password");

echo
"<h1>Mailboxes</h1>\n";
$folders = imap_listmailbox($mbox, "{imap.example.org:143}", "*");

if (
$folders == false) {
echo
"Call failed<br />\n";
} else {
foreach (
$folders as $val) {
echo
$val . "<br />\n";
}
}

echo
"<h1>Headers in INBOX</h1>\n";
$headers = imap_headers($mbox);

if (
$headers == false) {
echo
"Call failed<br />\n";
} else {
foreach (
$headers as $val) {
echo
$val . "<br />\n";
}
}

imap_close($mbox);
?>

See Also

add a note

User Contributed Notes 37 notes

up
29
php at dsgvoseidank dot de
2 years ago
Google dropped the support of user/password authentication as of 30 may 2022.
imap_open can not be used anymore, without the support of xoauth2.
https://support.google.com/accounts/answer/6010255

There is a ToDo from 2020 that didn't make it.
https://wiki.php.net/todo/ext/imap/xoauth2

The only way is to switch to a third party lib. "php-imap"
This is so sad.
up
7
neekToO
2 years ago
To reply to "dsgvoseidank" saying it doesnt work anymore with Gmail :

As today 26 august 2022 it is still working but you need to use google parameters to generate a password for your app on a 2FA account
up
13
kay at rrr dot de
14 years ago
imap_open is very simple to use, but struggles a litte bit on setups with ssl and tls.

this are tested examples for different hosts and protocols.

uncomment the host/protocol line and fill in correct username and password.

Kay

<?php

#######
# localhost pop3 with and without ssl
# $authhost="{localhost:995/pop3/ssl/novalidate-cert}";
# $authhost="{localhost:110/pop3/notls}";

# localhost imap with and without ssl
# $authhost="{localhost:993/imap/ssl/novalidate-cert}";
# $authhost="{localhost:143/imap/notls}";
# $user="localuser";

# localhost nntp with and without ssl
# you have to specify an existing group, control.cancel should exist
# $authhost="{localhost:563/nntp/ssl/novalidate-cert}control.cancel";
# $authhost="{localhost:119/nntp/notls}control.cancel";

######
# web.de pop3 without ssl
# $authhost="{pop3.web.de:110/pop3/notls}";
# $user="kay.marquardt@web.de";

#########
# goggle with pop3 or imap
# $authhost="{pop.gmail.com:995/pop3/ssl/novalidate-cert}";
# $authhost="{imap.gmail.com:993/imap/ssl/novalidate-cert}";
# $user="username@gmail.com";

$user="username like above";
$pass="yourpass";

if (
$mbox=imap_open( $authhost, $user, $pass ))
{
echo
"<h1>Connected</h1>\n";
imap_close($mbox);
} else
{
echo
"<h1>FAIL!</h1>\n";
}

?>
up
12
jeff at newscloud dot com
10 years ago
One of the issues with gmail IMAP SSL authentication is related to Google's account security.

Once you get the login error once, sign out of all your google accounts. Then, visit this link:
http://www.google.com/accounts/DisplayUnlockCaptcha

Log in with the account you're attempting to access via imap.

Follow the steps and you'll then be able to login in to gmail with php imap.

It's visually shown here:
http://jeffreifman.com/filtered-open-source-imap-mail-filtering-software-for-php/configuring-gmail/
up
13
guilherme dot geronimo at gmail dot com
13 years ago
Using:
<?php
imap_open
( "{server.example.com:143}INBOX" , 'login' , 'password' );
?>

Got this error:
"Couldn't open stream {server.example.com:143}INBOX"

Solved by adding the flag "novalidate-cert":
<?php
imap_open
( "{server.example.com:143/novalidate-cert}INBOX" , 'login' , 'password' );
?>

=D
up
6
hashampel at yahoo dot de
9 years ago
Subfolders of INBOX have to be seperate by dot like this: 'INBOX.test'
$mailbox = '{example.example.com:143/imap/novalidate-cert}INBOX.test'
up
4
dominic_mayers at yahoo dot com
7 years ago
This code demonstrates features that are not well documented at this time. The main feature is that the selected mailbox in imap_open (or reopen) and the specified mailbox in other imap functions are unrelated. It has been tested with Gmail and with a Dovecot IMAP server. The mailbox separator depends on the server. Gmail: "/" Dovecot: "." If you want to test with Gmail, you need to turn on "Access for less secure apps" in your account.

<?php
// Change these.
$server = "{imap.gmail.com:993/imap/ssl/novalidate-cert}";
$email = "example@gmail.com";
$password = "password";

// The code assumes that the folders Test/Sub1/Sub11, etc. exist.
$selected = "{$server}Test/Sub1/Sub12";
$conn = imap_open($selected, $email , $password);

// This returns the $specified mailbox and its sub mailboxes,
// even if the $specified mailbox is outside the $selected mailbox.
$specified = "{$server}Test/Sub1";
$boxes = imap_list($conn, $specified , '*');
print_r($boxes);

// This appends the message in the $specified mailbox.
// It ignores the $selected mailbox.
imap_append($conn, $specified
, "From: me@example.com\r\n"
. "To: you@example.com\r\n"
. "Subject: test\r\n"
. "\r\n"
. "this is a test message, please ignore\r\n");

// This changes the $selected mailbox
$selected = "{$server}Test/Sub1";
imap_reopen($conn, $selected);

// This moves a message from the $selected to the $specified mailbox
// In this case, the specified mailbox does not include the server.
imap_mail_move ($conn , "1" , "Test");
imap_expunge($conn);
imap_close($conn);
// If you executed this code with a real IMAP server,
// the message is now in the Test mailbox !
?>
up
4
me at achronos dot ca
10 years ago
Do not bother using "/debug" flag in $mailbox or OP_DEBUG in $options. They do not do anything.

When you set either one, the underlying IMAP c-client library will gather protocol debugging data and pass it back to PHP.
However, the debug handler defined by PHP is an empty function, it doesn't do anything.

So unless you're using a customized version of the IMAP extension that does something with that handler (mm_dlog), there is no point using "/debug" or OP_DEBUG.
up
1
LANGE.LUDO
5 years ago
If you get Kerberos errors like:
« Notice: Unknown: Kerberos error: Credentials cache file '/tmp/krb5cc_0123' not found (try running kinit) ».

Try to add as a $param:
<?php array('DISABLE_AUTHENTICATOR' => 'GSSAPI') ?>

eg.
<?php
$imap_stream
= imap_open('{mail.domain.tld:993/imap/ssl}' , 'username' , 'password', null, 1, array('DISABLE_AUTHENTICATOR' => 'GSSAPI'));
?>
up
1
Lisboa
9 years ago
The error: Unknown: Mailbox is empty (errflg=1) in Unknown on line 0
appears when:

1) use imap_open to connect
2) then use imap_search ALL to retrieve emails

but there are no messages available. To avoid this error, check first the number of messages in a mailbox using imap_status. Only if there are messages available then you can use the imap_search.
up
5
Martin Eckardt
13 years ago
Since Version 5.3.2 there's a 6th parameter available to disable authentication with GSSAPI or NTLM:

Example:
<?php
$mbox
= imap_open("{w2010ExchangeServer:993/imap/ssl}", $user, $password, NULL, 1, array('DISABLE_AUTHENTICATOR' => 'GSSAPI'));
?>

This solves the problem with Exchange 2010 for me. As a reference see https://bugs.php.net/bug.php?id=33500
up
2
Anonymous
6 years ago
Function to test most of the possible options of a connection:

function imapConfig($options, $i=0, $till = array()) {
if(sizeof($options)==$i)
return $till;

if(sizeof($till)==0)
$till[] = '';

$opt = $options[$i];
$new = array();
foreach($till as $t) {
foreach($opt as $o) {
if(strlen($o)==0)
$new[] = $t;
else
$new[] = $t.'/'.$o;
}
}
return imapConfig($options, $i+1, $new);
}

function imap_test($server, $port, $dir, $username, $passw) {
$options = array();
//$options[] = array('debug');
$options[] = array('imap', 'imap2', 'imap2bis', 'imap4', 'imap4rev1', 'pop3'); //nntp
$options[] = array('', 'norsh');
$options[] = array('', 'ssl');
$options[] = array('', 'validate-cert', 'novalidate-cert');
$options[] = array('', 'tls', 'notls');

$configOptions = imapConfig($options);
foreach($configOptions as $c) {
$mbox = @imap_open("{".$server.":".$port.$c."}".$dir, $username, $passw);
echo "<b>{".$server.":".$port.$c."}".$dir."</b> ... ";
if (false !== $mbox) {
echo '<span style="color: green"> success</span>';
}
else {
echo '<span style="color: red"> failed</span>';
}
echo '<br>';
}
}

imap_test('mail.server.de', 143, 'INBOX', 'username', 'pwd');
up
2
liamr at umich dot edu
20 years ago
To authenticate using kerberos V / GSSAPI, you might need to add "user=" to the connection string.. eg:

$mbox = imap_open( "\{imap.example.com:143/imap/notls/user=" . $user . "}INBOX", $user, $passwd );

Our IMAP servers won't allow a user other than the user specified in the kerberos credentials connect using those credentials unless you specify that extra "user=" in the connection string. Passing it as an argument to imap_open() doesn't seem to be enough.
up
2
shaikh_zaid at yahoo dot com
18 years ago
imap_open will not open a stream if your server operates with Transport Layer Security (i.e. TLS) imap_open connects with SSL if its there. So try opening mailbox as

$mailbox="{mail.domain.com:143/imap/notls}";
or
$mailbox="{mail.domain.com:110/pop3/notls}"; This works...

Some mail server requires you to provide username@domain.com so you can always use. user@doamin.com

$conn=imap_open($mailbox, $username, $password);

Some server may ask for username as "user=user@domain.com"

:)
up
2
rvarkelen AT hortimax.nl
20 years ago
In order to make a IMAP connection to a Microsoft Exchange Server 5.5, I used this connection-string :

<?php
if(imap_open ("{192.168.1.6:143/imap}Inbox", "DOMAIN/USERNAME/ALIAS", "PASSWORD"))
{
echo
'Connection success!';
}
else
{
echo
'Connection failed';
}
?>

By replacing "Inbox" with, e.g. "Tasks", its possible to see all your tasks. I Hope this helps anybody!

Regards
up
3
frederik at roal dot no
22 years ago
For all imap functions where you specify the mailbox string it is important that you ALWAYS use IP (not hostname) and the portnumber. If you do not do this imap functions will be painfully slow.
Using hostname instead of IP adds 3 seconds to each IMAP call, not using portnumber adds 10 seconds to each imap call. (hint: use gethostbyname() )
up
1
mightycpa
15 years ago
My script kept on timing out, even though the syntax was spot on... ultimately, I figured out that the port was blocked by my webhost, where I ran this on a shared server...

I post this just in case you miss this obvious, like I did.
up
1
avizion at relay dot dk
19 years ago
For FreeBSD users...

If you want to have SSL support, you want to install the ports:

mail/php5-imap
security/php5-openssl

Cheers :)

- avizion
up
2
brojann at netscape dot com
22 years ago
You can do

<? $foo = imap_errors(); ?>

to clear unwanted warning messages like 'Mailbox is empty'
up
1
m dot stoel at cyberkinetic dot nl
19 years ago
a little tip for those who get really frustrated even after reading all the right solutions and implementing them but still get the same errors or none at all..:
after having changed the code.. restart the httpd deamon..

for Fedora or any other Red Hat Linux OS (/etc/init.d/httpd restart).

After this you will be able to make a imap/pop3 stream from apache..
up
1
kaper at nexgc dot com
21 years ago
I had been having lots of trouble trying to get imap_open to connect to an imap server. Then I found another post online that suggested this and it worked, so I am going to post it here. I hope this helps others..

"I have tried with the following strings instead and it works:

for pop3: {www.server.com:110/pop3/notls}INBOX

and for imap: {www.server.com:143/notls}INBOX.
up
0
Stefano
1 year ago
``There is one thing I learned over the years,
if someone says: "it's not possible", prove them wrong.`` ~ Stefano Kocka '99

test date: 2022-11-20
php version: PHP 8.0.10 (cli)
extension=imap
extension=openssl

imap: IMAP c-Client Version => 2007f
SSL Support => enabled

https://support.google.com/accounts/answer/185833?hl=en

<?php
$cnx
= '{imap.gmail.com:993/imap/ssl/readonly}';
$mbox = imap_open($cnx, 'user@gmail.com', 'MyAppPassword');
$folders = imap_listmailbox($mbox, $cnx, '*');
print_r($folders);
/*
Array
(
[0] => {imap.gmail.com:993/imap/ssl/readonly}INBOX
[1] => {imap.gmail.com:993/imap/ssl/readonly}LABEL1
[2] => {imap.gmail.com:993/imap/ssl/readonly}LABEL2
[3] => {imap.gmail.com:993/imap/ssl/readonly}Queue
[4] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/All
[5] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Drafts
[6] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Sent
[7] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Spam
[8] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Starred
[9] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Trash
)
*/
?>
Kind regards
up
0
Ap.Muthu
8 years ago
An old archived 2006 PHP script to retrieve IMAP POP3 email into a MySQL database and as files is at:
http://web.archive.org/web/20060411020022/http://www.sellchain.com/phPOP3/phPOP3.txt
up
0
egoman69 at hotmail
13 years ago
"Couldn't open stream {127.0.0.1:143/imap/notls}INBOX"

Solved by only replacing 127.0.0.1 with localhost, php and IMAP server both in same machine, not through Proxy or anything. Weird!
up
-1
askalski at synacor dot com
16 years ago
By default, imap_open() will retry an incorrect password 3 times before giving up. This is a feature built into the c-client library intended for interactive mail clients (which can prompt the end user for a new username/password combo.)

The new optional parameter "$n_retries" allows PHP to override the default retry limit. There is absolutely no reason to leave this at default, or to set it to any value other than 1. This is especially important if the mail server you're using locks users out after too many login failures.
up
-1
itstooloud
16 years ago
Works with Gmail's new IMAP function for personal and for Google Apps.

$mbox = imap_open ("{imap.gmail.com:993/imap/ssl}INBOX", "username@gmail.com", "password")
or die("can't connect: " . imap_last_error());
up
-1
david at brayworth dot com dot au
13 years ago
I managed to use this function against Exchange 2010 without recompiling to disable kerberos

It's important to me that php installs per the standard package (yum install php)

Exchange 2010 triggers kerberos in php, and you require the kinit thing (search around google for "imap_open kinit exchange 2010" and you will find this)

To get it working I had to:
1. setup the krb5.conf file correctly
2. do a kinit username@DOMAIN.DOM with a valid username / password
3. rename the ticket file to reflect the user id of apache (usually 48)
/tmp/krb5cc_48
4. fix ownership
chown apache.apache /tmp/krb5cc_48

but the exchange server will use the kerberos ticket and not the username password - unless you use ssl

<?php

$imap_user
= "username";
$imap_pass = "password";
$imap_server = "{w2010kExchangeServer:993/novalidate-cert/ssl}";

$mbox = imap_open("{$imap_server}INBOX", $imap_user, $imap_pass);

$sorted_mbox = imap_sort($mbox, SORTDATE, 0);
$totalrows = imap_num_msg($mbox);
print
"$imap_server\n";

$startvalue = 0;
while (
$startvalue < $totalrows) {

$headers = imap_fetchheader($mbox, $sorted_mbox[ $startvalue ] );
$subject = array();
preg_match_all('/^Subject: (.*)/m', $headers, $subject);
print
$subject[1][0] . "\n";

$startvalue++;
}
?>

One small step for php / exchange, one Giant leap for David ....
up
-1
Tim
9 years ago
Hi

I was struggling with the Gmail Imap/pop connection. It keeps saying too many failed login connections were made.

Thing I did:
https://www.google.com/settings/security/lesssecureapps
Clicked "Turn on"
> worked!

So last step could be used but remember your account will be at a certain security risk. Anyway it comes in handy to develop...
up
-2
jeff1326
13 years ago
If your connection is too slow, try it with port and without domain.

<?php
//Normal connection
$mailbox = imap_open("{SERVER}INBOX", $username, $password);

//Faster connection
$mailbox = imap_open("{SERVER:143}INBOX", $username, $password);

//Very slow connection
$mailbox = imap_open ("{SERVER.DOMAIN}INBOX", "DOMAIN/".$username, $password);
?>
up
-1
bandpay at hotmail dot com
23 years ago
I have a single comment to add about imap_open.
If you want to connect to a news server, without specifying any news gruop, you can use the following:

<?php
$server
= "{news.servername.com/nntp:119}";
$nntp = imap_open($server,"","",OP_HALFOPEN);
?>

and $nntp will become the connection ID.

Regards
//Babak
up
-2
phpnet at danepowell dot com
12 years ago
If you are accessing a local mailbox file, i.e. imap_open('/var/mail/www-data', '', ''), you may be restricted in what files you can access.

If PHP IMAP was compiled with the restrictBox option (which I believe most packages are these days), you can only access files relative to $HOME. Paths starting with '/' or '../' will be rejected.
up
-1
reg1barclay at REMOVETHIS dot live dot it
5 years ago
On Windows, this function does not use certificates in directories listed by openssl_get_cert_locations(): it use system's certificates store. If you want to use a certificate signed by a test authority, you must add root certificate of your test authority to Window's certificates store.
up
-1
Valerio Pulese
8 years ago
If you get slow imap4/pop3 authentication step
i.e. 5-10 sec just for response, maybe you are connecting to an imap server which is advertising GSSAPI auth mechanism.
Martin Eckardt note could help to speed it up.
<?php
$mbox
= imap_open("{imap server with GSSAPI :993/imap/ssl}", $user, $password, NULL, 1, array('DISABLE_AUTHENTICATOR' => 'GSSAPI'));
?>

Disable GSSAPI if you dont use it.
If your imap/pop server is Dovecot
/etc/dovecot/conf.d/10-auth.conf
...
auth_mechanisms = plain login gssapi
-> auth_mechanisms = plain login
up
-1
Brian Law
10 years ago
imap_open()
validate SSL certificate does not support Subject Alternative Name (SAN) certificate. It only validate against the Subject/Common name.
up
-1
oz49erfan
14 years ago
Make sure your PHP is enabled with imap via the phpinfo() function

'--with-imap-dir=/opt/lampp' '--with-imap-ssl' '--with-imap=/opt/lampp'

and

IMAP c-Client Version 2007e
SSL Support Yes

I noticed that my apache script was working but my cli script was not. Turns out my php cli executable didn't have imap setup so I had to use another php cli executable.
up
-3
marshall /AT\ pacdemon.org
20 years ago
Thanks for all your comments. The user comments have saved me countless times.

I'd like to give back in my small way by providing this little tip. To test your pop or imap services you can use telnet (almost all operating systems should come with a command line telnet client).

Here's the pop3 example (the lines that start with + are the server's response):

telnet your.pop.host.com 110
+OK POP3 your.pop.host.com v2001.78 server ready
user your_username
+OK User name accepted, password please
pass your_password
+OK Mailbox open, 23 messages

Note that your pop server may be on some other port than 110 but that is the default/standard.

Here's the imap example (Lines that have OK near the begining are server responses):

telnet your.imap.host.com 143
* OK [CAPABILITY IMAP4REV1...]
1 LOGIN "your_username" "your_password"
1 OK [CAPABILITY...] ... User your_username authenticated

This might be old news to some people but I hope it's helpful for many.
up
-5
chris at ocproducts dot com
4 years ago
imap_open supports SSL/TLS and start-TLS, and also totally unencrypted sessions.

The documentation here slightly conflates things.

Where it is referring to SSL (/ssl) it is really referring to SSL/TLS of the immediate variety. The initial connection will immediately be SSL/TLS, rather than later upgraded. (I don't know the specifics about which versions of SSL/TLS c-client is going to be negotiating/using.)

The '/tls' and '/notls' options are just about start-TLS, i.e. upgraded connections.

Note there is a '/notls' option but not a '/nossl' option. That is because by default c-client is going to upgrade to TLS (start-TLS) when it sees it as an advertised option by the IMAP server. i.e. it is going to do it based on auto-detection. The '/notls' option disables that auto-detection, which is sometimes necessary. For example, I just helped someone whose IMAP server advertises start-TLS to connections on port 143 but it actually only works on port 993. Regular SSL/TLS doesn't do any auto-detection as the connection mode has to be explicitly made upfront anyway.
To Top