Hosted Email:Mutt

From XMission Wiki
Jump to: navigation, search

Introduction

Setting up Mutt to work with our Zimbra server is actually quite painless. There are just a few things to know about how Mutt works Zimbra servers:

  • Mutt doesn't automatically sync changes to your mailbox. You must either sync manually with "$", change mailboxes, change accounts, or logout then back in. This is to prevent Mutt from automatically deleting mail, should you accidentally press the "d" key on your keyboard, or other accidents.
  • Mutt, as of 1.5.11, supports IMAP IDLE, which our Zimbra server supports. However, the default push of new mail is once every 29 minutes. You may want to decrease this time by using the mail_check variable, and setting to something like 60 seconds.
  • When sending mail in Mutt using Gmail, your sent messages are automatically stored in "[Gmail]/Sent Mail", whether you like it or not. Zimbra doesn't do this. You must actually tell Mutt to save a copy of every message you send, or it will not be saved in the "/Sent" folder on the Zimbra server.
  • Mutt does support a vast array of address book options. The "default" is to use a plain text aliases file, and save aliases to it as you interact with contacts via email. You could also hook into a Perl or Python script for querying the Zimbra address book on the server, although that isn't covered here.
  • Mutt can subscribe to Zimbra folders in the "Directory" view. Press "c?" to get to the directory view, then press "s" to subscribe to the necessary folder.
  • Lastly, this guide shows how to setup Mutt using encrypted passwords on disk using your GPG key, should you wish to run Mutt on a shared server.

Configuration

Encrypted passwords

By default, Mutt stores its passwords on disk in the Muttrc in plain text. You should encrypt your passwords, and force Mutt to decrypt them as needed. You can use GnuPG, OpenSSL, your operating system keyring or crypto APIs to encrypt and decrypt the IMAP and SMTP passwords. The idea is to create a "master password" that will decrypt the necessary passwords, and place them in RAM for Mutt to take advantage of.

This document describes encrypting your IMAP and SMTP password with your GPG key. Create a plain text file as ~/.mutt/passwords with the following contents:

set imap_pass="password"
set smtp_pass="password"
# d3b07384d113edec49eaa6238ad5ff00

The last line in that file is just to add entropy to the encrypted file. Should an attacker get access to the system, and wish to break the encrypted file, you will have more entropy with random strings in a commented line (starting with "#", which is critical). That third line was created with echo foo | md5sum -. Feel free to use sha1sum(1), sha224sum(1), sha384sum(1), or sha512sum(1) as needed. Of course, it's not required to add, so feel free to leave it out, or add more lines as you see fit. It will have no effect on the performance or operation of Mutt, so long as the line is commented out.

Now, encrypt the file, and remove the plain text version securely:

$ gpg -r [your keyid] -e ~/.mutt/passwords
$ ls ~/.mutt/passwords*
~/.mutt/passwords ~/.mutt/passwords.gpg
$ shred ~/.mutt/passwords
$ rm ~/.mutt/passwords

This assumes that shred(1) is installed. If it is not installed, other utilities like srm(1) or wipe(1) might be installed to perform the same task, or you may need to install them. Removing the file securely is important, as just using rm(1) makes the inode pointing to the file available without actually scrubbing the bits on the filesystem. While difficult, it could be possible to restore the plain text file, and recover the passwords, should the file not be securely wiped. The only thing left to do at this point is decrypt the file in your ~/.mutt/muttrc.

Required configuration

set copy="yes"                           # Save sent mail on Zimbra
set from="username@domain.com"           # Your XMission email
set folder="imaps://zimbra.xmission.com" # The remote Zimbra IMAP URI
set imap_idle="yes"                      # Use IMAP IDLE for pushing mail
set imap_user="username"                 # Your IMAP username
set mail_check="60"                      # Poll every 60 seconds rather than waiting 24 minutes for new mail
set postponed="+Drafts"                  # Saving postponed messages on Zimbra for later
set realname="First Last"                # Your first name and last name
set record="+Sent"                       # Save sent mail to "/Sent" on Zimbra
set reverse_alias="yes"                  # If email is saved in your alias file, show the name of the mail
set signature="~/.mutt/sig.txt"          # Your email signature, if any
set smtp_url="smtps://username@zimbra.xmission.com:465" # The SMTPS URI for sending mail
set sort_alias="alias"                   # Sort the alias file by alias
set spoolfile="imaps://zimbra.xmission.com/Inbox" # Where your inbox is located on Zimbra
set ssl_force_tls="yes"                  # Force TLS rather than SSL. Supercedes "set ssl_starttls"
source ~/.mutt/aliases                   # Alias file to store your "address book"
source ~/.mutt/lists                     # Store any XMission mailing lists here, and respond to the list, rather than "reply to all"
source "gpg --no-tty -qd ~/.mutt/passwords.gpg |" # Decrypt our IMAP and SMTP passwords. The "|" MUST end the string.

Note that the last line is decrypting your encrypted passwords and is piping the result to Mutt. It is critical that "|" terminates the string, or Mutt will not parse the output, and you will not be able to login. When launching Mutt, you will be asked for your GPG passphrase, then your IMAP and SMTP passwords will be stored in RAM in plain text, so Mutt can use them for logging in. If you also use GPG for signing, verifying, encrypting and decrypting mail, then you may want to use the gpg-agent(1) and gpg2(1) to cache your GPG passphrase in RAM.

Additonal configuration

You may wish to add some additional variables to your Muttrc. Here are some sane defaults that I have set:

set askbcc="yes"                         # Ask for Bcc: recipients when composing a message
set askcc="yes"                          # Ask for Cc: recipients when composing a message
set charset="utf-8"                      # Set the character encoding to UTF8
set certificate_file="~/.mutt/certs"     # SASL2 certificate location
set edit_headers="yes"                   # Edit the headers when composing a message
set envelope_from="yes"                  # Use quoted-printable encoded message when "From " is at the beginning of a line
set header_cache="~/.mutt/cache/headers" # Location to save cached mail headers
set hostname="foo.xmission.com"          # Set your hostname in the headers
set imap_check_subscribed="yes"          # Check 'subscribed' folders only
set message_cachedir="~/.mutt/cache/bodies" # Location to save cached mail bodies
set message_cache_clean="yes"            # Delete cache files if deleted off the server
set move="no"                            # Don't move read mail
set pager_index_lines="11"               # Show 11 lines of the index when reading messages
set quote_regexp="^([ \t]*[|>:}])+"      # Quoted messages (got rid of '#' which is in the default
set sort="threads"                       # Show message threads by default
set sort_aux="last-date-received"        # Sort threads by date received
set use_from                             # Allow me to switch email addresses in my editor

# Set editor with automatic line wrapping at 75 characters.
set editor="vim '+set textwidth=75 wrap'"

ignore *                                 # Draconian header weed
unignore from date subject to cc user-agent hostname
unignore organization organisation posted-to
unignore x-mailer x-newsreader x-mailing-list
auto_view text/html                      # Use ~/.mailcap coupled with links2 to view HTML email in text

source ~/.mutt/gnupg                     # Should you wish to use GPG for signing, verifying, encrypting and decrypting mail
source ~/.mutt/auto_view                 # User-define auto_view definitions, if any

That should get you up and running with Mutt. Launch mutt(1) from the command line, and start working.