Difference between revisions of "Hosted Email:Mutt"
Secretions (talk | contribs) m (A space for formatting) |
(Added some headers for a cleaner, easier-to-parse document, and added a paragrph describing the motivation for encrypting the IMAP and SMTP passwords) |
||
Line 1: | Line 1: | ||
+ | == Introduction == | ||
+ | |||
Setting up Mutt to work with our Zimbra server is actually quite painless. There are just a few things to know about how Mutt works Zimbra servers: | Setting up Mutt to work with our Zimbra server is actually quite painless. There are just a few things to know about how Mutt works Zimbra servers: | ||
Line 8: | Line 10: | ||
* Lastly, this guide shows how to setup Mutt using encrypted passwords on disk using your GPG key, should you wish to run Mutt on a shared server. | * Lastly, this guide shows how to setup Mutt using encrypted passwords on disk using your GPG key, should you wish to run Mutt on a shared server. | ||
− | + | == Configuration == | |
+ | === Encrypted passwords === | ||
+ | |||
+ | By default, Mutt stores its passwords on disk in the Muttrc in plain text. You should encrypt your passwords, and force Mutt to decrypt them as needed. You can use GnuPG, OpenSSL, your operating system keyring or crypto APIs to encrypt and decrypt the IMAP and SMTP passwords. The idea is to create a "master password" that will decrypt the necessary passwords, and place them in RAM for Mutt to take advantage of. | ||
+ | |||
+ | This document describes encrypting your IMAP and SMTP password with your GPG key. Create a plain text file as <tt>~/.mutt/passwords</tt> with the following contents: | ||
<pre>set imap_pass="password" | <pre>set imap_pass="password" | ||
Line 24: | Line 31: | ||
$ rm ~/.mutt/passwords</pre> | $ rm ~/.mutt/passwords</pre> | ||
− | This assumes that <tt>shred(1)</tt> is installed. If it is not installed, other utilities like <tt>srm(1)</tt> or <tt>wipe(1)</tt> might be installed to perform the same task, or you may need to install them. Removing the file securely is important, as just using <tt>rm(1)</tt> makes the inode pointing to the file available without actually scrubbing the bits on the filesystem. While difficult, it could be possible to restore the plain text file, and recover the passwords, should the file not be securely wiped. | + | This assumes that <tt>shred(1)</tt> is installed. If it is not installed, other utilities like <tt>srm(1)</tt> or <tt>wipe(1)</tt> might be installed to perform the same task, or you may need to install them. Removing the file securely is important, as just using <tt>rm(1)</tt> makes the inode pointing to the file available without actually scrubbing the bits on the filesystem. While difficult, it could be possible to restore the plain text file, and recover the passwords, should the file not be securely wiped. The only thing left to do at this point is decrypt the file in your <tt>~/.mutt/muttrc</tt>. |
− | + | === Required configuration === | |
<pre>set copy="yes" # Save sent mail on Zimbra | <pre>set copy="yes" # Save sent mail on Zimbra | ||
Line 48: | Line 55: | ||
Note that the last line is decrypting your encrypted passwords and is piping the result to Mutt. It is critical that "|" terminates the string, or Mutt will not parse the output, and you will not be able to login. When launching Mutt, you will be asked for your GPG passphrase, then your IMAP and SMTP passwords will be stored in RAM in plain text, so Mutt can use them for logging in. If you also use GPG for signing, verifying, encrypting and decrypting mail, then you may want to use the <tt>gpg-agent(1)</tt> and <tt>gpg2(1)</tt> to cache your GPG passphrase in RAM. | Note that the last line is decrypting your encrypted passwords and is piping the result to Mutt. It is critical that "|" terminates the string, or Mutt will not parse the output, and you will not be able to login. When launching Mutt, you will be asked for your GPG passphrase, then your IMAP and SMTP passwords will be stored in RAM in plain text, so Mutt can use them for logging in. If you also use GPG for signing, verifying, encrypting and decrypting mail, then you may want to use the <tt>gpg-agent(1)</tt> and <tt>gpg2(1)</tt> to cache your GPG passphrase in RAM. | ||
+ | |||
+ | === Additonal configuration === | ||
You may wish to add some additional variables to your Muttrc. Here are some sane defaults that I have set: | You may wish to add some additional variables to your Muttrc. Here are some sane defaults that I have set: |
Revision as of 09:46, 15 January 2012
Contents
Introduction
Setting up Mutt to work with our Zimbra server is actually quite painless. There are just a few things to know about how Mutt works Zimbra servers:
- Mutt doesn't automatically sync changes to your mailbox. You must either sync manually with "$", change mailboxes, change accounts, or logout then back in. This is to prevent Mutt from automatically deleting mail, should you accidentally press the "d" key on your keyboard, or other accidents.
- Mutt, as of 1.5.11, supports IMAP IDLE, which our Zimbra server supports. However, the default push of new mail is once every 29 minutes. You may want to decrease this time by using the mail_check variable, and setting to something like 60 seconds.
- When sending mail in Mutt using Gmail, your sent messages are automatically stored in "[Gmail]/Sent Mail", whether you like it or not. Zimbra doesn't do this. You must actually tell Mutt to save a copy of every message you send, or it will not be saved in the "/Sent" folder on the Zimbra server.
- Mutt does support a vast array of address book options. The "default" is to use a plain text aliases file, and save aliases to it as you interact with contacts via email. You could also hook into a Perl or Python script for querying the Zimbra address book on the server, although that isn't covered here.
- Mutt can subscribe to Zimbra folders in the "Directory" view. Press "c?" to get to the directory view, then press "s" to subscribe to the necessary folder.
- Lastly, this guide shows how to setup Mutt using encrypted passwords on disk using your GPG key, should you wish to run Mutt on a shared server.
Configuration
Encrypted passwords
By default, Mutt stores its passwords on disk in the Muttrc in plain text. You should encrypt your passwords, and force Mutt to decrypt them as needed. You can use GnuPG, OpenSSL, your operating system keyring or crypto APIs to encrypt and decrypt the IMAP and SMTP passwords. The idea is to create a "master password" that will decrypt the necessary passwords, and place them in RAM for Mutt to take advantage of.
This document describes encrypting your IMAP and SMTP password with your GPG key. Create a plain text file as ~/.mutt/passwords with the following contents:
set imap_pass="password" set smtp_pass="password" # d3b07384d113edec49eaa6238ad5ff00
The last line in that file is just to add entropy to the encrypted file. Should an attacker get access to the system, and wish to break the encrypted file, you will have more entropy with random strings in a commented line (starting with "#", which is critical). That third line was created with echo foo | md5sum -. Feel free to use sha1sum(1), sha224sum(1), sha384sum(1), or sha512sum(1) as needed. Of course, it's not required to add, so feel free to leave it out, or add more lines as you see fit. It will have no effect on the performance or operation of Mutt, so long as the line is commented out.
Now, encrypt the file, and remove the plain text version securely:
$ gpg -r [your keyid] -e ~/.mutt/passwords $ ls ~/.mutt/passwords* ~/.mutt/passwords ~/.mutt/passwords.gpg $ shred ~/.mutt/passwords $ rm ~/.mutt/passwords
This assumes that shred(1) is installed. If it is not installed, other utilities like srm(1) or wipe(1) might be installed to perform the same task, or you may need to install them. Removing the file securely is important, as just using rm(1) makes the inode pointing to the file available without actually scrubbing the bits on the filesystem. While difficult, it could be possible to restore the plain text file, and recover the passwords, should the file not be securely wiped. The only thing left to do at this point is decrypt the file in your ~/.mutt/muttrc.
Required configuration
set copy="yes" # Save sent mail on Zimbra set from="username@domain.com" # Your XMission email set folder="imaps://zimbra.xmission.com" # The remote Zimbra IMAP URI set imap_idle="yes" # Use IMAP IDLE for pushing mail set imap_user="username" # Your IMAP username set mail_check="60" # Poll every 60 seconds rather than waiting 24 minutes for new mail set postponed="+Drafts" # Saving postponed messages on Zimbra for later set realname="First Last" # Your first name and last name set record="+Sent" # Save sent mail to "/Sent" on Zimbra set reverse_alias="yes" # If email is saved in your alias file, show the name of the mail set signature="~/.mutt/sig.txt" # Your email signature, if any set smtp_url="smtps://username@zimbra.xmission.com:465" # The SMTPS URI for sending mail set sort_alias="alias" # Sort the alias file by alias set spoolfile="imaps://zimbra.xmission.com/Inbox" # Where your inbox is located on Zimbra set ssl_force_tls="yes" # Force TLS rather than SSL. Supercedes "set ssl_starttls" source ~/.mutt/aliases # Alias file to store your "address book" source ~/.mutt/lists # Store any XMission mailing lists here, and respond to the list, rather than "reply to all" source "gpg --no-tty -qd ~/.mutt/passwords.gpg |" # Decrypt our IMAP and SMTP passwords. The "|" MUST end the string.
Note that the last line is decrypting your encrypted passwords and is piping the result to Mutt. It is critical that "|" terminates the string, or Mutt will not parse the output, and you will not be able to login. When launching Mutt, you will be asked for your GPG passphrase, then your IMAP and SMTP passwords will be stored in RAM in plain text, so Mutt can use them for logging in. If you also use GPG for signing, verifying, encrypting and decrypting mail, then you may want to use the gpg-agent(1) and gpg2(1) to cache your GPG passphrase in RAM.
Additonal configuration
You may wish to add some additional variables to your Muttrc. Here are some sane defaults that I have set:
set askbcc="yes" # Ask for Bcc: recipients when composing a message set askcc="yes" # Ask for Cc: recipients when composing a message set charset="utf-8" # Set the character encoding to UTF8 set certificate_file="~/.mutt/certs" # SASL2 certificate location set edit_headers="yes" # Edit the headers when composing a message set envelope_from="yes" # Use quoted-printable encoded message when "From " is at the beginning of a line set header_cache="~/.mutt/cache/headers" # Location to save cached mail headers set hostname="foo.xmission.com" # Set your hostname in the headers set imap_check_subscribed="yes" # Check 'subscribed' folders only set message_cachedir="~/.mutt/cache/bodies" # Location to save cached mail bodies set message_cache_clean="yes" # Delete cache files if deleted off the server set move="no" # Don't move read mail set pager_index_lines="11" # Show 11 lines of the index when reading messages set quote_regexp="^([ \t]*[|>:}])+" # Quoted messages (got rid of '#' which is in the default set sort="threads" # Show message threads by default set sort_aux="last-date-received" # Sort threads by date received set use_from # Allow me to switch email addresses in my editor # Set editor with automatic line wrapping at 75 characters. set editor="vim '+set textwidth=75 wrap'" ignore * # Draconian header weed unignore from date subject to cc user-agent hostname unignore organization organisation posted-to unignore x-mailer x-newsreader x-mailing-list auto_view text/html # Use ~/.mailcap coupled with links2 to view HTML email in text source ~/.mutt/gnupg # Should you wish to use GPG for signing, verifying, encrypting and decrypting mail source ~/.mutt/auto_view # User-define auto_view definitions, if any
That should get you up and running with Mutt. Launch mutt(1) from the command line, and start working.