title: email - towards a less terrible setup author: al.t ...

prelude - the used presentation toolchain

how to make presentations easier, faster and more awesome in general

Software options

  • patat (uses pandoc to convert from $WHATEVER to terminal-presentation)
    • https://github.com/jaspervdj/patat
  • mdp (uses a specific markdown-flavour for terminal-presentation)
    • https://github.com/visit1985/mdp
  • tpp (uses a own dialect, more control over presentation)
    • https://github.com/cbbrowne/tpp
  • hovercraft (converts reStructuredText to impress.js, needs the GUI)
    • https://regebro.github.io/hovercraft/

Chosen presentation software

NAME patat - Presentations Atop The ANSI Terminal

SYNOPSIS patat [options] file

DESCRIPTION Controls * Next slide: space, enter, l, →, PageDown * Previous slide: backspace, h, ←, PageUp * Go forward 10 slides: j, ↓ * Go backward 10 slides: k, ↑ * First slide: 0 * Last slide: G * Reload file: r * Quit: q


Content

whoami and why that setup

howto $WHATEVER -> maildir

access online folders

alpine

mbsync (isync)

msmtp

(neo)mutt

notmuch or mu (maildir-utils) or mairix

nmh or mmh

open issues


whoami and why that setup

legacy backup data

  • used different (non-linux) os

    • restrictive environments (cannot install software)
    • multiple languages (use of many non-ASCII-characters)
  • used different email-clients

    • webmail with saved messages
    • MS Outlook
      • single messages (.msg)
      • message archives (.pst)
    • Mozilla Thunderbird
      • single messages (.eml)
      • message archives (.mbox)

goals

having an email-setup, which fulfills the following demands

  • not lose any data (although being old)
  • convert everything in a common file format
  • use the same data structure for in-use emails and archived emails
  • be able to perform incremental backups
  • no risk of vendor-lock-in (use only FLOSS-tools in Debian-main-repositories)
  • separation between configuration and email-data
  • not resource-intensive while fast
  • being able to handle > 100K of messages

  • if possible: CLI/TUI-tools

solution: in a first step, convert legacy messages to maildir


howto $WHATEVER -> maildir

detox

detox - replace problematic characters in filenames

$ detox -r *

  • -r recurse to subdirectories

msgconvert (libemail-outlook-message-perl)

libemail-outlook-message-perl - module for reading Outlook .msg files

$ msgconvert *.msg

CAVE: msgconvert converts messages by default into .eml-files

Mozilla Thunderbird (thunderbird)

thunderbird: cross platform standalone mail application

usage: start GUI -> install add-on ImportExportTools NG right click on folder -> ImportExportTools NG -> "Import messages from directory (including subdirectories)" -> choose directory with .eml-files right click on folder -> ImportExportTools NG -> "Export folder with subfolders (with structure)" -> choose directory for creating .mbox-file(s)

CAVE: thunderbird stores messages by default in the .mbox-format, so exporting is strictly speaking not needed CAVE: ugly, better toolchain needed (currently just workaround)

current status: all messages converted from .msg/.eml to .mbox-files


howto $WHATEVER -> maildir

readpst (pst-utils)

pst-utils: tools for reading Microsoft Outlook PST files

$ readpst -8 *.pst

  • -8 output email bodies as UTF-8 instead of the original format

CAVE: readpst converts messages by default into .mbox-files

mb2md

mb2md — Converts Mbox mailboxes to Maildir format

$ mb2md -s $HOME/emails/sourcedir/ -R -d $HOME/emails/destdir/

  • -s sourcedir
  • -R run recursively
  • -d destdir

CAVE: mb2md does NOT! use relative paths from pwd, but from $HOME!

jdupes or fdupes

jdupes - identify and delete or link duplicate files fdupes - identifies duplicate files within given directories (old)

$ jdupes -rdN FOLDER

  • -r recurse to subdirectories
  • -d delete duplicate files
  • -N don't ask (noprompt)

CAVE: this will DELETE! the duplicate files, pause and think before executing this command!

current status: all messages in maildir-format, deduplicated (if hashes were identical)


Interlude

random trivia

The GNOME foundation got sued by a patenet troll (Rothschild Patent Imaging, LLC) for using 'technology to transfer images'.

sources: * https://itsfoss.com/shotwell-lawsuit/ * https://www.patentprogress.org/2019/09/26/mythical-troll-attacks-gnome/ * https://www.pro-linux.de/news/1/27473/patentklage-gegen-gnome-foundation.html * https://www.golem.de/news/shotwell-patenttroll-verklagt-gnome-foundation-wegen-fotoverwaltung-1909-144089-rss.html * https://www.zdnet.com/article/leave-gnome-alone-this-patent-troll-is-asking-for-trouble/ * http://techrights.org/2019/09/25/microsoft-patent-troll-intellectual-ventures-gnome/

According to the techrights.org-source, Rothschild Patent Imaging, LLC, is connected to Microsoft


access online folders (using openssl)

openssl - Secure Sockets Layer toolkit

connect to the mail-server $ openssl s_client -connect mail.example.com:993 -crlf

  • -crlf translates a line feed from the terminal into CR+LF as required by some servers

access the account

1 LOGIN MYUSERNAME MYPASSWORDINPLAINTEXT

alternative $ echo 'MYUSERNAMEMYUSERNAMEMYPASSWORDINPLAINTEXT' | base64 cave: has to be deleted, therefore this doesn't work currently as expected

to test the encoding use $ echo 'StringFromAbove' | base64 -d

> 1 AUTHENTICATE PLAIN StringFromAbove

list the name of all folders within the account > 2 LIST "" "\*"

select a folder (e.g. inbox) to test if it works > 3 SELECT INBOX

logout > 4 LOGOUT

troubleshoot the connection to each mail server in advance

take note of the configuration details for the later steps * user names (with or without the addition of ...@example.com?) * used ports (hopefully 993) * names of folder (Sent or Inbox.Sent or something else?)

current status: all accounts are accessable online using openssl


alpine

general information

alpine - text-based email client, friendly for novices but powerful

for creating debug-information use $ alpine -d [0-9] alpine does NOT! store any credential information in its logs

configuration is done in-program and stored in $HOME/.pinerc

configuration is done using shortcuts (case-insensitive) or TUI

information available at http://alpine.x10host.com/ the latest release is available at http://alpine.x10host.com/alpine/release/ the latest development version at https://repo.or.cz/alpine.git

the current developer and maintainer of alpine, Eduardo Chappa (alpine.chappa@yandex.com or chappa@vfemail.net), is extremely helpful!

base configuration

to add a collection list (aka folder): M (main menu) - S (setup) - L (collectionLists) - A (add collection list)

to add a role (aka account details): M - S - R (rules) - R (roles) - A (add)

nano ('pico') is the default editor available commands are displayed below ('nano-style')

exemplary imap-access: {mail.example.com/ssl/user=MY_USER_NAME}INBOX exemplary Fcc (sent): {mail.example.com/ssl/user=MY_USER_NAME}INBOX.Sent exemplary smtp-access: smtp.example.com/ssl/user=MY_USER_NAME

multiple accounts can be created using the above mentioned scheme


alpine

address book

the addressbook is located in $HOME/.addressbook

to convert from abook to alpine-addressbook use $ abook --convert --infile $HOME/.abook/addressbook --outformat pine | sed 's/,.*//' | sed 's/(//' > ~/.addressbook (the sed-command is needed if multiple email-addresses per name are stored)

using ~/.pine_passfile and ~/.alpine-smime/.pwd

if compiled using $ ./configure --with-passfile=$HOME/.pine-passfile, passwords can be stored in that file if it exists (default in debian)

to use this feature, $ touch ~/.pine-passfile

the passfile is encrypted using the $HOME/.alpine-smime/.pwd/MasterPassword.key

the key is a 2048 bit RSA key ($ openssl rsa -text -in ~/.alpine-smime/.pwd/MasterPassword.key)

private email to maintainer and talking about the security of 2048 bit RSA keys he replied: "I am happy to change the encryption to a higher degreeof encryption. That is not a problem. I can search in openssl how to do that. Should be easy." it might also be possible to do this manually, but I haven't tried it yet

the .pine-passfile can be decrypted using openssl ($ openssl smime -decrypt -inform pem -in ~/.pine-passfile -inkey ~/.alpine-smime/.pwd/MasterPassword.key) data is obfuscated after encryption (this was the only security measure until some years ago, so beware of old forum posts)


alpine

issues with alpine

  • not as flexible as (neo)mutt
  • should be used as intended (cannot be completely re-configured)
  • not as sexy (less perceived users, therefore less information online)
  • if the email-server is not configured correctly, problems might arise

why should anybody use alpine?

if you want a TUI-based email program, consider alpine!

  • very fast to set up
    • $ sudo apt-get install alpine && alpine
  • relatively easy to configure
    • the configuration can be performed from within alpine
    • general behaviour can be changed
    • GPG-key-interaction and signatures can be used
    • the editor can be changed
    • additional customization (e.g. colors) can be used
  • stores everything in one configuration file ($HOME/.pinerc)
    • therefore easy to deploy
  • the maintainer is awesome

current status: ability to use a TUI email-client for reading and sending email


mbsync (isync)

isync - IMAP and MailDir mailbox synchronizer the binary is called mbsync

alternative software - offlineimap

configuration of mbsync using $ touch $HOME/.mbsyncrc

IMAPAccount         TEST
Host                mail.example.org
User                #CAVE: SEE BELOW
PassCmd             #CAVE: SEE BELOW
SSLType             IMAPS               # use secure IMAP 
SSLVersions         TLSv1.2
CertificateFile     /etc/ssl/certs/ca-certificates.crt

CopyArrivalDate     yes     

for User use the username as found by the openssl s_client-command

PassCmd "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode cancel ~/.password-store/email/TEST.gpg | head -n 1"

  • --pinentry-mode cancel do not ask for passwords, just cancel

this setup can only be used together with a gpg-agent

this setup requires a file being stored in $HOME/.password-store, as this is done using pass

prequisites

  • gnupg
  • gpg-agent
  • pass

mbsync (isync)

add information on remote and local folders

# ### Remote storage -------------------

IMAPStore           TEST-remote
Account             TEST


# ### Local storage --------------------

MaildirStore        TEST-local
SubFolders          Verbatim

Path                ~/SOMEWHERE/TEST/
# CAVE: The trailing "/" under 'Path' is important

#Inbox               ~/SOMEWHERE/TEST/inbox
# CAVE: the name of the 'inbox' conflicts with the channel slave name!
# use this only, of no channels are used

mbsync (isync)

add information on the inbox-channel (remote and local folders)

Channel             TEST-Inbox
  Master           :TEST-remote:"INBOX"
  Slave            :TEST-local:inbox

Create              Both
# Automatically create missing mailboxes, both locally and on the server

Expunge             Both
# Automatically delete messages if deleted in other folder

SyncState           *
# Save the synchronization state files in the relevant directory

MaxSize             100m
# Don't download any email greater than this

Patterns            *
# Will copy all the account as specified at under remote

#Patterns            "INBOX*"
#Patterns            !* "INBOX*" "Sent*"
# Exclude everything except the folders mentioned

for remote foldernames use the names as found by the openssl s_client-command


mbsync (isync)

add information on additional channels

Channel             TEST-Sent
  Master           :TEST-remote:"Sent"
  Slave            :TEST-local:sent
Create              Both
Expunge             Both
SyncState           *
MaxSize             100m
Patterns            *

Channel             TEST-Draft
  Master           :TEST-remote:"Draft"
  Slave            :TEST-local:draft
Create              Both
Expunge             Both
SyncState           *
MaxSize             100m
Patterns            *

for remote foldernames use the names as found by the openssl s_client-command

group the channels into a single entity

# Get all the channels together into a group.
Group               TEST
Channel             TEST-Inbox
Channel             TEST-Sent
Channel             TEST-Draft

mbsync (isync)

test and debug a specific group or channel $ mbsync -Dmn TEST

synchronize messages of all groups $ mbsync -a

synchronize messages automatically (as an alternative to cron-jobs)

$ touch $HOME/.config/systemd/user/mbsync.service

[Unit]
Description=Manual mailbox synchronization service

[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/torsocks /usr/bin/mbsync -aq'
ExecStartPost=ProgramToIndexMessages

$ touch HOME/.config/systemd/user/mbsync.timer

[Unit]
Description=Manual mailbox synchronization timer

[Timer]
OnBootSec=2m
OnUnitActiveSec=5m
Unit=mbsync.service

[Install]
WantedBy=timers.target

$ systemctl start --user mbsync.timer $ systemctl enable --user mbsync.timer $ systemctl status --user mbsync.timer

current status: new messages get automatically synchronized to my computer


Interlude

random trivia

Lennart Poettering wants to take away your home directory

Let's bring the UNIX concept of Home Directories into the 21st century. The concept of home directories on Linux/UNIX has little changed in the last 39 years. It's time to have a closer look, and bring them up to today's standards, regarding encryption, storage, authentication, user records, and more. In this talk we'll talk about "systemd-homed", a new component for systemd, that reworks how we do home directories on Linux, adds strong encryption that makes sense, supports automatic enumeration and hot-plugged home directories and more. (asg2019)

sources: https://www.theregister.co.uk/2019/09/25/systemd_inventor_home_directories/ https://cfp.all-systems-go.io/ASG2019/talk/VSQRXA/ https://cdn.media.ccc.de/events/all_systems_go/2019/h264-hd/asg2019-164-eng-Reinventing_Home_Directories_hd.mp4


msmtp

msmtp - light SMTP client with support for server profiles

configuration of msmtp using $ touch $HOME/.msmtprc

general options for all accounts

# Set default values for all following accounts.
defaults            

# Port 465 is designed for required ("implicit") TLS-encryption. 
# Mail submission port 587 is used for STARTTLS, 
# port 25 is used for unencrypted communication. 
# The protocol is smtp (smtps is not an option available, the alternative is lmtp)
protocol            smtp
port                465

# Keep a logfile for later evaluation
#logfile             ~/.mail/msmtp.log


# Enable or disable automatic envelope-from addresses. The default is off. 
# The domain part can be set with the maildomain command.
# cave: the user-part will be as the login-name on the computer!
# not usable for emails to be send non-locally!
#auto_from           off

if you want to send messages via tor, use the following

# Use tor as a proxy (needs tor and tls on)
proxy_host 127.0.0.1
proxy_port 9050

prequisites

  • tor with SocksPort bound to 9050 (defined in $HOME/.torrc)

msmtp

options concerning tls for all accounts

# Always use TLS
tls                 on

# STARTTLS turns a previously unencrypted session into an encrypted one 
# This is by far not as secure as using an encrypted session from the beginning! 
# Therefore TLS is turned on while STARTTLS is turned off. 
# Recommendation: if you don't need STARTTLS, then TURN IT OFF!
tls_starttls        off

# Set a list of trusted CAs for TLS. You can use a system-wide default file, 
# as in this example, or download the root certificate of your CA and use that.
# If accounts without tls_trust_file are used, this command should be in each accout!
#tls_trust_file      /etc/ssl/certs/ca-certificates.crt

# Additionally, you should use the tls_crl_file command to check for 
# revoked certificates, but unfortunately getting revocation lists 
# and keeping them up to date is not straightforward.
#tls_crl_file       ~/.tls-crls

msmtp

account-specific options

account             TEST
host                smtp.example.com
from                username@example.com
auth                on
user                #CAVE: SEE BELOW 

passwordeval        #CAVE: SEE BELOW

#port                587    # if needed

#tls_starttls        on     # if needed
tls_fingerprint     #CAVE: SEE BELOW
tls_trust_file      /etc/ssl/certs/ca-certificates.crt

for User use the username as found by the openssl s_client-command

use pass or gpg for decrypting the password passwordeval "pass show TEST | head -1" passwordeval "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only $HOME/SOMEWHERE/TEST.gpg | head -1"

find tsl_fingerprint using the following command $ openssl s_client -connect SMTP_SERVER:587 -starttls smtp </dev/null 2>/dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2 $ openssl s_client -connect SMTP_SERVER:465 </dev/null 2>/dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2 change accordingly, if starttls is used

output: e.g. 01:23:45:67:89:AB:CD:EF:BA:DC:0F:FE:E0:DD:F0:0D:DE:AD:BE:EF

test accounts

$ echo "Subject Test" | msmtp some_other_account@example.com -a TEST


neomutt

neomutt - text-based mailreader supporting MIME, GPG, PGP and threading

account configuration

set realname        = "some name"
set from            = "myusername@example.com"

unmy_hdr            *
my_hdr              From: some name <myusername@example.com>

set signature       = "~/SOMEWHERE/signature.txt"


set pgp_default_key = "DEADBEEF"
set pgp_sign_as     = "BADC0FFE"
# use long keys or fingerprints if possible


# access server

set mail_check      = 60

set spoolfile       = "imaps://myusername@example.com@example.com:993/INBOX"
set record          = "imaps://myusername@example.com@example.com:993/Sent"
set postponed       = "imaps://myusername@example.com@example.com:993/Drafts"

# disabeled online trash folder, so that only local trash folder will be used
#set trash           = "imaps://myusername@example.com@example.com:993/Trash"

# When using only one folder, everything can be addressed relatively
#set spoolfile       = "+INBOX"
#set record          = "+Sent"
#set postponed       = "+Drafts"
#set trash           = "+Trash"

# mailbox definitions are either performed here or in a separate sidebar
#mailboxes =INBOX =Sent =Trash =Drafts =Junk

neomutt

debugging neomutt

$ neomutt -d [1-5]

CAVE: neomutt INCLUDES the CREDENTIALS in the DEBUG-LOG!

use passwords within neomutt

set smtp_url        = "smtp://myusername@example.com@example.com:587"
#set smtp_pass       = "`pass TEST`"

set folder          = "imaps://myusername@example.com@example.com:993"
#set imap_pass       = "`pass TEST`"

source              "pass MUTT_TEST |"  #CAVE: SEE BELOW

source a password-file from within neomutt

use a pipe ("|") after the file to read so that the content of the file gets executed

content of the password-file

set imap_pass="MYSUPERSECRETPASSWORD"
set smtp_pass="MYSUPERSECRETPASSWORD"

in addition add the following option to the .muttrc to disable the colon (':') bind generic,alias,attach,browser,editor,index,compose,pager,pgp,postpone ':' noop otherwise entering :set ? imap_pass or :set ? smtp_pass will reveal your password!


neomutt

account-specific sidebar-options

use the sidebar for faster navigation between different accounts

unmailboxes         *

virtual-mailboxes   " ----- "   "=separator"
virtual-mailboxes   " search"   "~/SOMEWHERE/search"
virtual-mailboxes   " inbox "   "imaps://myusername@example.com@example.com:993/INBOX" 
virtual-mailboxes   " sent  "   "imaps://myusername@example.com@example.com:993/Sent" 
virtual-mailboxes   " drafts"   "imaps://myusername@example.com@example.com:993/Drafts" 
virtual-mailboxes   " trash "   "imaps://myusername@example.com@example.com:993/Trash" 
virtual-mailboxes   " junk  "   "imaps://myusername@example.com@example.com:993/Junk"

if a folder is set, an abbreviated form can be used

virtual-mailboxes   " something" "+INBOX"

neomutt

general options concerning the sidebar

# Should the Sidebar be shown?
set sidebar_visible             = yes

# How wide should the Sidebar be in screen columns?
set sidebar_width               = 35
#set sidebar_indicator=green

# Should the mailbox paths be abbreviated?
set sidebar_short_path          = yes

# When abbreviating mailbox path names, use any of these characters as path
# separators. Only the part after the last separators will be shown.
# For file folders '/' is good. For IMAP folders, often '.' is useful.
set sidebar_delim_chars         = '/.'

# Make the Sidebar only display mailboxes that contain new, or flagged, mail.
set sidebar_new_mail_only       = no

# When searching for mailboxes containing new mail, should the search wrap
# around when it reaches the end of the list?
set sidebar_next_new_wrap       = no

# The character to use as the divider between the Sidebar and the other NeoMutt panels.
set sidebar_divider_char        = ' | '

# Enable extended mailbox mode to calculate total, new, and flagged
# message counts for each mailbox.
set mail_check_stats


bind index,pager B                      sidebar-toggle-visible

bind index,pager \Ck sidebar-prev
bind index,pager \Cj sidebar-next
bind index,pager \Cl sidebar-open

neomutt

design of the sidebar

# Sort the mailboxes in the Sidebar using this method:
#       count   – total number of messages
#       flagged – number of flagged messages
#       new     – number of new messages
#       path    – mailbox path
#       unsorted– do not sort the mailboxes
set sidebar_sort_method = 'unsorted'


# Display the Sidebar mailboxes using this format string.
# additional informatino on https://neomutt.org/guide/reference.html#sidebar-format
#
# %B        Name of the mailbox
# %S        Size of mailbox (total number of messages)
# %F        Number of Flagged messages in the mailbox
# %N        Number of New messages in the mailbox
# %n        If there's new mail, display “ N”, otherwise nothing
# %!        “ !”: one flagged message; 
            “ !!”: two flagged messages; 
            “ n!”: n flagged messages (for n > 2). Otherwise prints nothing.
# %d        Number of deleted messages
# %L        Number of messages after limiting
# %t        Number of tagged messages
# %>X       Right justify the rest of the string and pad with “ X”
# %|X       Pad to the end of the line with “ X”
# %*X       Soft-fill with character “ X”as pad

# %?F? [%F]?    If flagged emails [%F], otherwise nothing
# %*            Pad with spaces

set sidebar_format = "%B %?n?[N]&? %*  [%?N?%N/?%S]"

neomutt

gpg-integration

setenv PINENTRY_USER_DATA       curses
# In case of problems, change ~/.gnupg/ to include the line 
#   pinentry-program            /usr/bin/pinentry-curses
# instead of 
#   pinentry-program            /usr/bin/pinentry-tty


# automatically enable PGP encryption/signing for messages (default = yes)
set crypt_autopgp               = yes

# attempt to cryptographically sign outgoing messages (default = no)
set crypt_autosign              = no

# attempt to PGP encrypt outgoing messages (default = no)
set crypt_autoencrypt           = no

# enable S/MIME encryption/signing for messages (default = yes)
set crypt_autosmime             = yes


# automatically PGP or OpenSSL sign replies to messages which are signed 
# (default = yes)
set crypt_replysign             = yes

# automatically PGP or OpenSSL encrypt replies to messages which are encrypted 
# (default = no)
set crypt_replyencrypt          = yes

# automatically PGP or OpenSSL sign replies to messages which are encrypted 
# (default = no)
set crypt_replysignencrypted    = yes


# attempt to verify PGP or S/MIME signatures (default = yes)
set crypt_verify_sig            = yes

neomutt

gpg-integration

# include a time stamp in the lines surrounding PGP or S/MIME output, so spoofing 
# such lines is more difficult. If you are using colors to mark these lines
# and rely on these, you may unset this setting. (default = yes)
set crypt_timestamp             = yes

# display non-usable keys on the PGP key selection menu. This includes keys which 
# have been revoked, have expired, or have been marked as "disabled" by the user. 
set pgp_show_unusable           = yes

# number of seconds after which a cached passphrase will expire if not used. 
# is limited by the .gnupg/gpg-agent.conf - option 'max-cache-ttl'
set pgp_timeout                 = 600

# check the status file descriptor output of 
#   $pgp_decrypt_command 
# and 
#   $pgp_decode_command 
# for GnuPG status codes indicating successful decryption. (default = yes)
set pgp_check_gpg_decrypt_status_fd = yes

# PGP signature is only considered verified if the output from 
#   $pgp_verify_command 
# contains the text. (default = <empty>)
set pgp_good_sign               = "^gpg: Good signature from"

# Save a copy of outgoing email, encrypted to yourself
set pgp_self_encrypt            = yes

#set pgp_default_key            = "PGP-KEY"
#set pgp_sign_as                = "PGP-SIGNING-KEY"

# Save a copy of outgoing email, encrypted to yourself
set smime_self_encrypt          = yes
set smime_is_default            = no

#set smime_default_key          = "SMIME-KEY"
#set smime_sign_as              = "SMIME-SIGNING-KEY"

neomutt

gpg-integration

set pgp_sign_command            ="gpg \
                                  --batch \
                                  --quiet \
                                  --no-verbose \
                                  --textmode \
                                  --armor \
                                  --output - \
                                  --detach-sign \
                                  --passphrase-fd 0 \
                                  %?a?--local-user %a? %f"

set pgp_encrypt_only_command    = "/usr/lib/neomutt/pgpewrap \
                                  gpg \
                                  --batch \
                                  --quiet \
                                  --no-verbose \
                                  --textmode \
                                  --armor \
                                  --output - \
                                  --encrypt -- \
                                  --recipient %r -- %f"

set pgp_encrypt_sign_command    = "/usr/lib/neomutt/pgpewrap \
                                  gpg \
                                  --batch \
                                  --quiet \
                                  --no-verbose \
                                  --textmode \
                                  --armor \
                                  --output - \
                                  --encrypt \
                                  --sign \
                                  --passphrase-fd 0 \
                                  %?a?--local-user %a? -- \
                                  --recipient %r --   %f"

CAVE: either put /usr/lib/neomutt in $PATH or explicitly use /usr/lib/neomutt/pgpewrap

CAVE: more complicated config = more risk, that something is incorrectly configured!


Interlude

random trivia

codecrypt - post-quantum encryption and signing tool CAVE: software has not undergone a cryptographic audit

# This is a GnuPG-like Unix program for encryption and signing 
# that only uses quantum-resistant algorithms:
#   McEliece cryptosystem (compact QC-MDPC variant) for encryption.
#   Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures.


# ccr basic command usage

# Generate a strong(er) asymmetric encryption key
$ ccr -g ENC-256 -N SOME_NAME

# Export specified public key for sharing with contacts
$ ccr -F SOME_NAME -ap > SOME_NAME.pub

# Export specified private key. The -F parameter chooses the key to be used
# To enumerate all keys in the keyring run ccr -k for public ones and ccr -K for private
$ ccr -F SOME_NAME -aP > SOME_NAME_UNENCRYPTED

# Back-up keys: It is easier to backup the ccr folder in the home directory,
# changing its name from/to .ccr upon restore. 
# Enable hidden file view with alt + . to see it.


# ccr key management 

# Import a public key.
$ ccr -ai < [contactkey]

# Import a private key.
$ ccr -aI < [myprivatekey]

# Encrypt a plaintext message file only to an already imported contact key. 
# Note this will be inaccessible to you. Save a plaintext copy for archival purposes.
$ ccr -aer SOME_NAME -R secret > secret.ccr

# Decrypt a ciphertext message creating plaintext output.
$ ccr -adR secret.ccr > secret.new

neomutt

attachments

unalternative_order         *
alternative_order  multipart/mixed multipart/related text/plain text/enriched text/html      
# define order how to view messages; multipart/* is needed for attachment forwarding

auto_view                   text/html                               
# automatically convert text/html into plain text

bind    attach              <return>    view-mailcap
# view attachments using 'v', then open in mailcap using 'm'

mime_lookup                 application/octet-stream

# Ask if the user wishes to abort sending if $abort_noattach_regex 
# is found in the body, but no attachments have been added
# It can be set to:
#    "yes"     : always abort
#    "ask-yes" : ask whether to abort
#    "no"      : send the mail
set abort_noattach = ask-yes

# Search for the following regular expression in the body of the email
# English: attach, attached, attachment, attachments
set abort_noattach_regex = "\\<attach(|ed|ments?)\\>"
# Deutsch:
set abort_noattach_regex = "\\<(Anhang|anhängen|angehängt|anhang|anhänge|hängt an)\\>"

set attach_format = " %u%D%I %t%2n %T%d%\*    [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] "

set mailcap_path            = "~/.mutt/config/mutt_mailcap"         
# define link to filetypes-file

neomutt

attachments

this should be put into a separate file for mailcap

# html-emails and other email-formats 
text/html;          w3m -cols 80 -dump -T text/html '%s'; copiousoutput
application/rtf;    unrtf '%s' | html2text; copiousoutput


# pdf-files 
application/pdf;    pdftotext '%s' - ; print=zathura '%s'; copiousoutput


# office-documents 
application/vnd.openxmlformats-officedocument.wordprocessingml.document; docx2txt '%s' - | less; copiousoutput
application/msword; antiword '%s'; copiousoutput

application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; vd '%s';     needsterminal
application/vnd.ms-excel; vd '%s'; needsterminal

application/vnd.ms-powerpoint; catppt '%s' | less; copiousoutput

# images 
image/*;            catimg '%s'; print=sxiv '%s'; needsterminal

neomutt

additional options

set ispell  = "aspell -e -c" 
# use aspell as spellchecker

set thorough_search = yes


macro   index,pager \ea "<pipe-message>abook \
                        --add-email<return>" "Add this sender to abook"

bind    editor  <Tab>   complete-query

additional options depending of the indexing-utility used

set query_command = "( abook --mutt-query '%s' ; \
                    mu cfind --format=mutt-ab '%s' | sed -n '1!p' )"

mu (maildir-utils) or notmuch or mairix

first create an index database

$ notmuch setup $ mu index --maildir=/SOMEFOLDER

for mairix the configuration file has to be created manually (using $HOME/.mairixrc)

create symbolic links to a specific folder to be opened in neomutt

# searching messages 
macro   generic,index,pager,browser     <Fx>    "<shell-escape>mu \
                                                find --clearlinks \
                                                --format=links \
                                                --linksdir=~/SOMEWHERE/"  "mu find"

macro   generic,index,pager,browser     <Fx>    "<shell-escape>notmuch-mutt  \
                                                --output-dir ~/SOMEWHERE \
                                                --prompt search<enter>"    "notmuch search"

macro   generic,index,pager,browser     <Fx>    "<shell-escape>mairix " "mairix"


# querying messages 
macro   generic,index,pager,browser     <Fx>    "<change-folder-readonly>~/SOMEWHERE<enter>"   "search folder"

nmh or mmh

mmh - set of electronic mail handling programs (legacy code removed from nmh) nmh - 'new' mail handler (although older than mmh)

setup

currently work in progress (issue - using multiple accounts with sendmail)


open issues

converting .eml-files directly into mbox or maildir using cli-tools

how to deal with broken emails (how to prevent and how to fix them)

download messages using isync via a tor-proxy

solution: use tsocks/torsocks

sending messages from different accounts using sendmail

tagging messages using mu

how to handle passwords, while being both obfuscated (within a file) and secure

possible solution: use tomb and pass

searching gpg-encrypted messages

searching tar-archived message folders

open other emails while writing without a second 'mutt -R'-window

possible solution: postpone messages

increase viewing space for attachments when sending messages

solution: set attach_format = " %u%D%I %t%2n %T%d%* [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] "

slow, when changing to different offline folder

mutt sometimes hanging (not able to ^C or ^G)

mutt sometimes sending empty messages (when hanging)

accessing a maildir-folder over ssh with mutt being installed locally

switching between user credentials when accessing local folders

possible solution: folder-hooks

generate a local spam-filter