title: email - towards a less terrible setup author: al.t ...
prelude - the used presentation toolchain
how to make presentations easier, faster and more awesome in general
Software options
- patat (uses pandoc to convert from $WHATEVER to terminal-presentation)
- https://github.com/jaspervdj/patat
- mdp (uses a specific markdown-flavour for terminal-presentation)
- https://github.com/visit1985/mdp
- tpp (uses a own dialect, more control over presentation)
- https://github.com/cbbrowne/tpp
- hovercraft (converts reStructuredText to impress.js, needs the GUI)
- https://regebro.github.io/hovercraft/
Chosen presentation software
NAME patat - Presentations Atop The ANSI Terminal
SYNOPSIS patat [options] file
DESCRIPTION Controls * Next slide: space, enter, l, →, PageDown * Previous slide: backspace, h, ←, PageUp * Go forward 10 slides: j, ↓ * Go backward 10 slides: k, ↑ * First slide: 0 * Last slide: G * Reload file: r * Quit: q
Content
whoami and why that setup
howto $WHATEVER -> maildir
access online folders
alpine
mbsync (isync)
msmtp
(neo)mutt
notmuch or mu (maildir-utils) or mairix
nmh or mmh
open issues
whoami and why that setup
legacy backup data
used different (non-linux) os
- restrictive environments (cannot install software)
- multiple languages (use of many non-ASCII-characters)
used different email-clients
- webmail with saved messages
- MS Outlook
- single messages (.msg)
- message archives (.pst)
- Mozilla Thunderbird
- single messages (.eml)
- message archives (.mbox)
goals
having an email-setup, which fulfills the following demands
- not lose any data (although being old)
- convert everything in a common file format
- use the same data structure for in-use emails and archived emails
- be able to perform incremental backups
- no risk of vendor-lock-in (use only FLOSS-tools in Debian-main-repositories)
- separation between configuration and email-data
- not resource-intensive while fast
being able to handle > 100K of messages
if possible: CLI/TUI-tools
solution: in a first step, convert legacy messages to maildir
howto $WHATEVER -> maildir
detox
detox - replace problematic characters in filenames
$ detox -r *
- -r recurse to subdirectories
msgconvert (libemail-outlook-message-perl)
libemail-outlook-message-perl - module for reading Outlook .msg files
$ msgconvert *.msg
CAVE: msgconvert converts messages by default into .eml-files
Mozilla Thunderbird (thunderbird)
thunderbird: cross platform standalone mail application
usage: start GUI -> install add-on ImportExportTools NG right click on folder -> ImportExportTools NG -> "Import messages from directory (including subdirectories)" -> choose directory with .eml-files right click on folder -> ImportExportTools NG -> "Export folder with subfolders (with structure)" -> choose directory for creating .mbox-file(s)
CAVE: thunderbird stores messages by default in the .mbox-format, so exporting is strictly speaking not needed CAVE: ugly, better toolchain needed (currently just workaround)
current status: all messages converted from .msg/.eml to .mbox-files
howto $WHATEVER -> maildir
readpst (pst-utils)
pst-utils: tools for reading Microsoft Outlook PST files
$ readpst -8 *.pst
- -8 output email bodies as UTF-8 instead of the original format
CAVE: readpst converts messages by default into .mbox-files
mb2md
mb2md — Converts Mbox mailboxes to Maildir format
$ mb2md -s $HOME/emails/sourcedir/ -R -d $HOME/emails/destdir/
- -s sourcedir
- -R run recursively
- -d destdir
CAVE: mb2md does NOT! use relative paths from pwd, but from $HOME!
jdupes or fdupes
jdupes - identify and delete or link duplicate files fdupes - identifies duplicate files within given directories (old)
$ jdupes -rdN FOLDER
- -r recurse to subdirectories
- -d delete duplicate files
- -N don't ask (noprompt)
CAVE: this will DELETE! the duplicate files, pause and think before executing this command!
current status: all messages in maildir-format, deduplicated (if hashes were identical)
Interlude
random trivia
The GNOME foundation got sued by a patenet troll (Rothschild Patent Imaging, LLC) for using 'technology to transfer images'.
sources: * https://itsfoss.com/shotwell-lawsuit/ * https://www.patentprogress.org/2019/09/26/mythical-troll-attacks-gnome/ * https://www.pro-linux.de/news/1/27473/patentklage-gegen-gnome-foundation.html * https://www.golem.de/news/shotwell-patenttroll-verklagt-gnome-foundation-wegen-fotoverwaltung-1909-144089-rss.html * https://www.zdnet.com/article/leave-gnome-alone-this-patent-troll-is-asking-for-trouble/ * http://techrights.org/2019/09/25/microsoft-patent-troll-intellectual-ventures-gnome/
According to the techrights.org-source, Rothschild Patent Imaging, LLC, is connected to Microsoft
access online folders (using openssl)
openssl - Secure Sockets Layer toolkit
connect to the mail-server
$ openssl s_client -connect mail.example.com:993 -crlf
- -crlf translates a line feed from the terminal into CR+LF as required by some servers
access the account
1 LOGIN MYUSERNAME MYPASSWORDINPLAINTEXT
alternative
$ echo 'MYUSERNAMEMYUSERNAMEMYPASSWORDINPLAINTEXT' | base64
cave: has to be deleted, therefore this doesn't work currently as expected
to test the encoding use
$ echo 'StringFromAbove' | base64 -d
> 1 AUTHENTICATE PLAIN StringFromAbove
list the name of all folders within the account
> 2 LIST "" "\*"
select a folder (e.g. inbox) to test if it works
> 3 SELECT INBOX
logout
> 4 LOGOUT
troubleshoot the connection to each mail server in advance
take note of the configuration details for the later steps * user names (with or without the addition of ...@example.com?) * used ports (hopefully 993) * names of folder (Sent or Inbox.Sent or something else?)
current status: all accounts are accessable online using openssl
alpine
general information
alpine - text-based email client, friendly for novices but powerful
for creating debug-information use
$ alpine -d [0-9]
alpine does NOT! store any credential information in its logs
configuration is done in-program and stored in $HOME/.pinerc
configuration is done using shortcuts (case-insensitive) or TUI
information available at http://alpine.x10host.com/ the latest release is available at http://alpine.x10host.com/alpine/release/ the latest development version at https://repo.or.cz/alpine.git
the current developer and maintainer of alpine, Eduardo Chappa (alpine.chappa@yandex.com or chappa@vfemail.net), is extremely helpful!
base configuration
to add a collection list (aka folder): M (main menu) - S (setup) - L (collectionLists) - A (add collection list)
to add a role (aka account details): M - S - R (rules) - R (roles) - A (add)
nano ('pico') is the default editor available commands are displayed below ('nano-style')
exemplary imap-access: {mail.example.com/ssl/user=MY_USER_NAME}INBOX exemplary Fcc (sent): {mail.example.com/ssl/user=MY_USER_NAME}INBOX.Sent exemplary smtp-access: smtp.example.com/ssl/user=MY_USER_NAME
multiple accounts can be created using the above mentioned scheme
alpine
address book
the addressbook is located in $HOME/.addressbook
to convert from abook to alpine-addressbook use
$ abook --convert --infile $HOME/.abook/addressbook --outformat pine | sed 's/,.*//' | sed 's/(//' > ~/.addressbook
(the sed-command is needed if multiple email-addresses per name are stored)
using ~/.pine_passfile and ~/.alpine-smime/.pwd
if compiled using $ ./configure --with-passfile=$HOME/.pine-passfile, passwords can be stored in that file if it exists (default in debian)
to use this feature, $ touch ~/.pine-passfile
the passfile is encrypted using the $HOME/.alpine-smime/.pwd/MasterPassword.key
the key is a 2048 bit RSA key ($ openssl rsa -text -in ~/.alpine-smime/.pwd/MasterPassword.key)
private email to maintainer and talking about the security of 2048 bit RSA keys he replied: "I am happy to change the encryption to a higher degreeof encryption. That is not a problem. I can search in openssl how to do that. Should be easy." it might also be possible to do this manually, but I haven't tried it yet
the .pine-passfile can be decrypted using openssl ($ openssl smime -decrypt -inform pem -in ~/.pine-passfile -inkey ~/.alpine-smime/.pwd/MasterPassword.key)
data is obfuscated after encryption (this was the only security measure until some years ago, so beware of old forum posts)
alpine
issues with alpine
- not as flexible as (neo)mutt
- should be used as intended (cannot be completely re-configured)
- not as sexy (less perceived users, therefore less information online)
- if the email-server is not configured correctly, problems might arise
why should anybody use alpine?
if you want a TUI-based email program, consider alpine!
- very fast to set up
$ sudo apt-get install alpine && alpine
- relatively easy to configure
- the configuration can be performed from within alpine
- general behaviour can be changed
- GPG-key-interaction and signatures can be used
- the editor can be changed
- additional customization (e.g. colors) can be used
- stores everything in one configuration file ($HOME/.pinerc)
- therefore easy to deploy
- the maintainer is awesome
current status: ability to use a TUI email-client for reading and sending email
mbsync (isync)
isync - IMAP and MailDir mailbox synchronizer the binary is called mbsync
alternative software - offlineimap
configuration of mbsync using $ touch $HOME/.mbsyncrc
IMAPAccount TEST
Host mail.example.org
User #CAVE: SEE BELOW
PassCmd #CAVE: SEE BELOW
SSLType IMAPS # use secure IMAP
SSLVersions TLSv1.2
CertificateFile /etc/ssl/certs/ca-certificates.crt
CopyArrivalDate yes
for User use the username as found by the openssl s_client-command
PassCmd "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode cancel ~/.password-store/email/TEST.gpg | head -n 1"
- --pinentry-mode cancel do not ask for passwords, just cancel
this setup can only be used together with a gpg-agent
this setup requires a file being stored in $HOME/.password-store, as this is done using pass
prequisites
- gnupg
- gpg-agent
- pass
mbsync (isync)
add information on remote and local folders
# ### Remote storage -------------------
IMAPStore TEST-remote
Account TEST
# ### Local storage --------------------
MaildirStore TEST-local
SubFolders Verbatim
Path ~/SOMEWHERE/TEST/
# CAVE: The trailing "/" under 'Path' is important
#Inbox ~/SOMEWHERE/TEST/inbox
# CAVE: the name of the 'inbox' conflicts with the channel slave name!
# use this only, of no channels are used
mbsync (isync)
add information on the inbox-channel (remote and local folders)
Channel TEST-Inbox
Master :TEST-remote:"INBOX"
Slave :TEST-local:inbox
Create Both
# Automatically create missing mailboxes, both locally and on the server
Expunge Both
# Automatically delete messages if deleted in other folder
SyncState *
# Save the synchronization state files in the relevant directory
MaxSize 100m
# Don't download any email greater than this
Patterns *
# Will copy all the account as specified at under remote
#Patterns "INBOX*"
#Patterns !* "INBOX*" "Sent*"
# Exclude everything except the folders mentioned
for remote foldernames use the names as found by the openssl s_client-command
mbsync (isync)
add information on additional channels
Channel TEST-Sent
Master :TEST-remote:"Sent"
Slave :TEST-local:sent
Create Both
Expunge Both
SyncState *
MaxSize 100m
Patterns *
Channel TEST-Draft
Master :TEST-remote:"Draft"
Slave :TEST-local:draft
Create Both
Expunge Both
SyncState *
MaxSize 100m
Patterns *
for remote foldernames use the names as found by the openssl s_client-command
group the channels into a single entity
# Get all the channels together into a group.
Group TEST
Channel TEST-Inbox
Channel TEST-Sent
Channel TEST-Draft
mbsync (isync)
test and debug a specific group or channel
$ mbsync -Dmn TEST
synchronize messages of all groups
$ mbsync -a
synchronize messages automatically (as an alternative to cron-jobs)
$ touch $HOME/.config/systemd/user/mbsync.service
[Unit]
Description=Manual mailbox synchronization service
[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/torsocks /usr/bin/mbsync -aq'
ExecStartPost=ProgramToIndexMessages
$ touch HOME/.config/systemd/user/mbsync.timer
[Unit]
Description=Manual mailbox synchronization timer
[Timer]
OnBootSec=2m
OnUnitActiveSec=5m
Unit=mbsync.service
[Install]
WantedBy=timers.target
$ systemctl start --user mbsync.timer
$ systemctl enable --user mbsync.timer
$ systemctl status --user mbsync.timer
current status: new messages get automatically synchronized to my computer
Interlude
random trivia
Lennart Poettering wants to take away your home directory
Let's bring the UNIX concept of Home Directories into the 21st century. The concept of home directories on Linux/UNIX has little changed in the last 39 years. It's time to have a closer look, and bring them up to today's standards, regarding encryption, storage, authentication, user records, and more. In this talk we'll talk about "systemd-homed", a new component for systemd, that reworks how we do home directories on Linux, adds strong encryption that makes sense, supports automatic enumeration and hot-plugged home directories and more. (asg2019)
sources: https://www.theregister.co.uk/2019/09/25/systemd_inventor_home_directories/ https://cfp.all-systems-go.io/ASG2019/talk/VSQRXA/ https://cdn.media.ccc.de/events/all_systems_go/2019/h264-hd/asg2019-164-eng-Reinventing_Home_Directories_hd.mp4
msmtp
msmtp - light SMTP client with support for server profiles
configuration of msmtp using $ touch $HOME/.msmtprc
general options for all accounts
# Set default values for all following accounts.
defaults
# Port 465 is designed for required ("implicit") TLS-encryption.
# Mail submission port 587 is used for STARTTLS,
# port 25 is used for unencrypted communication.
# The protocol is smtp (smtps is not an option available, the alternative is lmtp)
protocol smtp
port 465
# Keep a logfile for later evaluation
#logfile ~/.mail/msmtp.log
# Enable or disable automatic envelope-from addresses. The default is off.
# The domain part can be set with the maildomain command.
# cave: the user-part will be as the login-name on the computer!
# not usable for emails to be send non-locally!
#auto_from off
if you want to send messages via tor, use the following
# Use tor as a proxy (needs tor and tls on)
proxy_host 127.0.0.1
proxy_port 9050
prequisites
- tor with SocksPort bound to 9050 (defined in $HOME/.torrc)
msmtp
options concerning tls for all accounts
# Always use TLS
tls on
# STARTTLS turns a previously unencrypted session into an encrypted one
# This is by far not as secure as using an encrypted session from the beginning!
# Therefore TLS is turned on while STARTTLS is turned off.
# Recommendation: if you don't need STARTTLS, then TURN IT OFF!
tls_starttls off
# Set a list of trusted CAs for TLS. You can use a system-wide default file,
# as in this example, or download the root certificate of your CA and use that.
# If accounts without tls_trust_file are used, this command should be in each accout!
#tls_trust_file /etc/ssl/certs/ca-certificates.crt
# Additionally, you should use the tls_crl_file command to check for
# revoked certificates, but unfortunately getting revocation lists
# and keeping them up to date is not straightforward.
#tls_crl_file ~/.tls-crls
msmtp
account-specific options
account TEST
host smtp.example.com
from username@example.com
auth on
user #CAVE: SEE BELOW
passwordeval #CAVE: SEE BELOW
#port 587 # if needed
#tls_starttls on # if needed
tls_fingerprint #CAVE: SEE BELOW
tls_trust_file /etc/ssl/certs/ca-certificates.crt
for User use the username as found by the openssl s_client-command
use pass or gpg for decrypting the password passwordeval "pass show TEST | head -1" passwordeval "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only $HOME/SOMEWHERE/TEST.gpg | head -1"
find tsl_fingerprint using the following command
$ openssl s_client -connect SMTP_SERVER:587 -starttls smtp </dev/null 2>/dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2
$ openssl s_client -connect SMTP_SERVER:465 </dev/null 2>/dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2
change accordingly, if starttls is used
output: e.g. 01:23:45:67:89:AB:CD:EF:BA:DC:0F:FE:E0:DD:F0:0D:DE:AD:BE:EF
test accounts
$ echo "Subject Test" | msmtp some_other_account@example.com -a TEST
neomutt
neomutt - text-based mailreader supporting MIME, GPG, PGP and threading
account configuration
set realname = "some name"
set from = "myusername@example.com"
unmy_hdr *
my_hdr From: some name <myusername@example.com>
set signature = "~/SOMEWHERE/signature.txt"
set pgp_default_key = "DEADBEEF"
set pgp_sign_as = "BADC0FFE"
# use long keys or fingerprints if possible
# access server
set mail_check = 60
set spoolfile = "imaps://myusername@example.com@example.com:993/INBOX"
set record = "imaps://myusername@example.com@example.com:993/Sent"
set postponed = "imaps://myusername@example.com@example.com:993/Drafts"
# disabeled online trash folder, so that only local trash folder will be used
#set trash = "imaps://myusername@example.com@example.com:993/Trash"
# When using only one folder, everything can be addressed relatively
#set spoolfile = "+INBOX"
#set record = "+Sent"
#set postponed = "+Drafts"
#set trash = "+Trash"
# mailbox definitions are either performed here or in a separate sidebar
#mailboxes =INBOX =Sent =Trash =Drafts =Junk
neomutt
debugging neomutt
$ neomutt -d [1-5]
CAVE: neomutt INCLUDES the CREDENTIALS in the DEBUG-LOG!
use passwords within neomutt
set smtp_url = "smtp://myusername@example.com@example.com:587"
#set smtp_pass = "`pass TEST`"
set folder = "imaps://myusername@example.com@example.com:993"
#set imap_pass = "`pass TEST`"
source "pass MUTT_TEST |" #CAVE: SEE BELOW
source a password-file from within neomutt
use a pipe ("|") after the file to read so that the content of the file gets executed
content of the password-file
set imap_pass="MYSUPERSECRETPASSWORD"
set smtp_pass="MYSUPERSECRETPASSWORD"
in addition add the following option to the .muttrc to disable the colon (':')
bind generic,alias,attach,browser,editor,index,compose,pager,pgp,postpone ':' noop
otherwise entering :set ? imap_pass or :set ? smtp_pass will reveal your password!
neomutt
account-specific sidebar-options
use the sidebar for faster navigation between different accounts
unmailboxes *
virtual-mailboxes " ----- " "=separator"
virtual-mailboxes " search" "~/SOMEWHERE/search"
virtual-mailboxes " inbox " "imaps://myusername@example.com@example.com:993/INBOX"
virtual-mailboxes " sent " "imaps://myusername@example.com@example.com:993/Sent"
virtual-mailboxes " drafts" "imaps://myusername@example.com@example.com:993/Drafts"
virtual-mailboxes " trash " "imaps://myusername@example.com@example.com:993/Trash"
virtual-mailboxes " junk " "imaps://myusername@example.com@example.com:993/Junk"
if a folder is set, an abbreviated form can be used
virtual-mailboxes " something" "+INBOX"
neomutt
general options concerning the sidebar
# Should the Sidebar be shown?
set sidebar_visible = yes
# How wide should the Sidebar be in screen columns?
set sidebar_width = 35
#set sidebar_indicator=green
# Should the mailbox paths be abbreviated?
set sidebar_short_path = yes
# When abbreviating mailbox path names, use any of these characters as path
# separators. Only the part after the last separators will be shown.
# For file folders '/' is good. For IMAP folders, often '.' is useful.
set sidebar_delim_chars = '/.'
# Make the Sidebar only display mailboxes that contain new, or flagged, mail.
set sidebar_new_mail_only = no
# When searching for mailboxes containing new mail, should the search wrap
# around when it reaches the end of the list?
set sidebar_next_new_wrap = no
# The character to use as the divider between the Sidebar and the other NeoMutt panels.
set sidebar_divider_char = ' | '
# Enable extended mailbox mode to calculate total, new, and flagged
# message counts for each mailbox.
set mail_check_stats
bind index,pager B sidebar-toggle-visible
bind index,pager \Ck sidebar-prev
bind index,pager \Cj sidebar-next
bind index,pager \Cl sidebar-open
neomutt
design of the sidebar
# Sort the mailboxes in the Sidebar using this method:
# count – total number of messages
# flagged – number of flagged messages
# new – number of new messages
# path – mailbox path
# unsorted– do not sort the mailboxes
set sidebar_sort_method = 'unsorted'
# Display the Sidebar mailboxes using this format string.
# additional informatino on https://neomutt.org/guide/reference.html#sidebar-format
#
# %B Name of the mailbox
# %S Size of mailbox (total number of messages)
# %F Number of Flagged messages in the mailbox
# %N Number of New messages in the mailbox
# %n If there's new mail, display “ N”, otherwise nothing
# %! “ !”: one flagged message;
“ !!”: two flagged messages;
“ n!”: n flagged messages (for n > 2). Otherwise prints nothing.
# %d Number of deleted messages
# %L Number of messages after limiting
# %t Number of tagged messages
# %>X Right justify the rest of the string and pad with “ X”
# %|X Pad to the end of the line with “ X”
# %*X Soft-fill with character “ X”as pad
# %?F? [%F]? If flagged emails [%F], otherwise nothing
# %* Pad with spaces
set sidebar_format = "%B %?n?[N]&? %* [%?N?%N/?%S]"
neomutt
gpg-integration
setenv PINENTRY_USER_DATA curses
# In case of problems, change ~/.gnupg/ to include the line
# pinentry-program /usr/bin/pinentry-curses
# instead of
# pinentry-program /usr/bin/pinentry-tty
# automatically enable PGP encryption/signing for messages (default = yes)
set crypt_autopgp = yes
# attempt to cryptographically sign outgoing messages (default = no)
set crypt_autosign = no
# attempt to PGP encrypt outgoing messages (default = no)
set crypt_autoencrypt = no
# enable S/MIME encryption/signing for messages (default = yes)
set crypt_autosmime = yes
# automatically PGP or OpenSSL sign replies to messages which are signed
# (default = yes)
set crypt_replysign = yes
# automatically PGP or OpenSSL encrypt replies to messages which are encrypted
# (default = no)
set crypt_replyencrypt = yes
# automatically PGP or OpenSSL sign replies to messages which are encrypted
# (default = no)
set crypt_replysignencrypted = yes
# attempt to verify PGP or S/MIME signatures (default = yes)
set crypt_verify_sig = yes
neomutt
gpg-integration
# include a time stamp in the lines surrounding PGP or S/MIME output, so spoofing
# such lines is more difficult. If you are using colors to mark these lines
# and rely on these, you may unset this setting. (default = yes)
set crypt_timestamp = yes
# display non-usable keys on the PGP key selection menu. This includes keys which
# have been revoked, have expired, or have been marked as "disabled" by the user.
set pgp_show_unusable = yes
# number of seconds after which a cached passphrase will expire if not used.
# is limited by the .gnupg/gpg-agent.conf - option 'max-cache-ttl'
set pgp_timeout = 600
# check the status file descriptor output of
# $pgp_decrypt_command
# and
# $pgp_decode_command
# for GnuPG status codes indicating successful decryption. (default = yes)
set pgp_check_gpg_decrypt_status_fd = yes
# PGP signature is only considered verified if the output from
# $pgp_verify_command
# contains the text. (default = <empty>)
set pgp_good_sign = "^gpg: Good signature from"
# Save a copy of outgoing email, encrypted to yourself
set pgp_self_encrypt = yes
#set pgp_default_key = "PGP-KEY"
#set pgp_sign_as = "PGP-SIGNING-KEY"
# Save a copy of outgoing email, encrypted to yourself
set smime_self_encrypt = yes
set smime_is_default = no
#set smime_default_key = "SMIME-KEY"
#set smime_sign_as = "SMIME-SIGNING-KEY"
neomutt
gpg-integration
set pgp_sign_command ="gpg \
--batch \
--quiet \
--no-verbose \
--textmode \
--armor \
--output - \
--detach-sign \
--passphrase-fd 0 \
%?a?--local-user %a? %f"
set pgp_encrypt_only_command = "/usr/lib/neomutt/pgpewrap \
gpg \
--batch \
--quiet \
--no-verbose \
--textmode \
--armor \
--output - \
--encrypt -- \
--recipient %r -- %f"
set pgp_encrypt_sign_command = "/usr/lib/neomutt/pgpewrap \
gpg \
--batch \
--quiet \
--no-verbose \
--textmode \
--armor \
--output - \
--encrypt \
--sign \
--passphrase-fd 0 \
%?a?--local-user %a? -- \
--recipient %r -- %f"
CAVE: either put /usr/lib/neomutt in $PATH or explicitly use /usr/lib/neomutt/pgpewrap
CAVE: more complicated config = more risk, that something is incorrectly configured!
Interlude
random trivia
codecrypt - post-quantum encryption and signing tool CAVE: software has not undergone a cryptographic audit
# This is a GnuPG-like Unix program for encryption and signing
# that only uses quantum-resistant algorithms:
# McEliece cryptosystem (compact QC-MDPC variant) for encryption.
# Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures.
# ccr basic command usage
# Generate a strong(er) asymmetric encryption key
$ ccr -g ENC-256 -N SOME_NAME
# Export specified public key for sharing with contacts
$ ccr -F SOME_NAME -ap > SOME_NAME.pub
# Export specified private key. The -F parameter chooses the key to be used
# To enumerate all keys in the keyring run ccr -k for public ones and ccr -K for private
$ ccr -F SOME_NAME -aP > SOME_NAME_UNENCRYPTED
# Back-up keys: It is easier to backup the ccr folder in the home directory,
# changing its name from/to .ccr upon restore.
# Enable hidden file view with alt + . to see it.
# ccr key management
# Import a public key.
$ ccr -ai < [contactkey]
# Import a private key.
$ ccr -aI < [myprivatekey]
# Encrypt a plaintext message file only to an already imported contact key.
# Note this will be inaccessible to you. Save a plaintext copy for archival purposes.
$ ccr -aer SOME_NAME -R secret > secret.ccr
# Decrypt a ciphertext message creating plaintext output.
$ ccr -adR secret.ccr > secret.new
neomutt
attachments
unalternative_order *
alternative_order multipart/mixed multipart/related text/plain text/enriched text/html
# define order how to view messages; multipart/* is needed for attachment forwarding
auto_view text/html
# automatically convert text/html into plain text
bind attach <return> view-mailcap
# view attachments using 'v', then open in mailcap using 'm'
mime_lookup application/octet-stream
# Ask if the user wishes to abort sending if $abort_noattach_regex
# is found in the body, but no attachments have been added
# It can be set to:
# "yes" : always abort
# "ask-yes" : ask whether to abort
# "no" : send the mail
set abort_noattach = ask-yes
# Search for the following regular expression in the body of the email
# English: attach, attached, attachment, attachments
set abort_noattach_regex = "\\<attach(|ed|ments?)\\>"
# Deutsch:
set abort_noattach_regex = "\\<(Anhang|anhängen|angehängt|anhang|anhänge|hängt an)\\>"
set attach_format = " %u%D%I %t%2n %T%d%\* [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] "
set mailcap_path = "~/.mutt/config/mutt_mailcap"
# define link to filetypes-file
neomutt
attachments
this should be put into a separate file for mailcap
# html-emails and other email-formats
text/html; w3m -cols 80 -dump -T text/html '%s'; copiousoutput
application/rtf; unrtf '%s' | html2text; copiousoutput
# pdf-files
application/pdf; pdftotext '%s' - ; print=zathura '%s'; copiousoutput
# office-documents
application/vnd.openxmlformats-officedocument.wordprocessingml.document; docx2txt '%s' - | less; copiousoutput
application/msword; antiword '%s'; copiousoutput
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; vd '%s'; needsterminal
application/vnd.ms-excel; vd '%s'; needsterminal
application/vnd.ms-powerpoint; catppt '%s' | less; copiousoutput
# images
image/*; catimg '%s'; print=sxiv '%s'; needsterminal
neomutt
additional options
set ispell = "aspell -e -c"
# use aspell as spellchecker
set thorough_search = yes
macro index,pager \ea "<pipe-message>abook \
--add-email<return>" "Add this sender to abook"
bind editor <Tab> complete-query
additional options depending of the indexing-utility used
set query_command = "( abook --mutt-query '%s' ; \
mu cfind --format=mutt-ab '%s' | sed -n '1!p' )"
mu (maildir-utils) or notmuch or mairix
first create an index database
$ notmuch setup
$ mu index --maildir=/SOMEFOLDER
for mairix the configuration file has to be created manually (using $HOME/.mairixrc)
create symbolic links to a specific folder to be opened in neomutt
# searching messages
macro generic,index,pager,browser <Fx> "<shell-escape>mu \
find --clearlinks \
--format=links \
--linksdir=~/SOMEWHERE/" "mu find"
macro generic,index,pager,browser <Fx> "<shell-escape>notmuch-mutt \
--output-dir ~/SOMEWHERE \
--prompt search<enter>" "notmuch search"
macro generic,index,pager,browser <Fx> "<shell-escape>mairix " "mairix"
# querying messages
macro generic,index,pager,browser <Fx> "<change-folder-readonly>~/SOMEWHERE<enter>" "search folder"
nmh or mmh
mmh - set of electronic mail handling programs (legacy code removed from nmh) nmh - 'new' mail handler (although older than mmh)
setup
currently work in progress (issue - using multiple accounts with sendmail)
open issues
converting .eml-files directly into mbox or maildir using cli-tools
how to deal with broken emails (how to prevent and how to fix them)
download messages using isync via a tor-proxy
solution: use tsocks/torsocks
sending messages from different accounts using sendmail
tagging messages using mu
how to handle passwords, while being both obfuscated (within a file) and secure
possible solution: use tomb and pass
searching gpg-encrypted messages
searching tar-archived message folders
open other emails while writing without a second 'mutt -R'-window
possible solution: postpone messages
increase viewing space for attachments when sending messages
solution: set attach_format = " %u%D%I %t%2n %T%d%* [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] "
slow, when changing to different offline folder
mutt sometimes hanging (not able to ^C or ^G)
mutt sometimes sending empty messages (when hanging)
accessing a maildir-folder over ssh with mutt being installed locally
switching between user credentials when accessing local folders
possible solution: folder-hooks