From: Sebastian Bachmann Date: Mon, 21 Oct 2019 18:47:35 +0000 (+0200) Subject: stuff X-Git-Url: https://git.deb.at/w?a=commitdiff_plain;h=45573968220ffb35f41f08cbecc706eb3f7a3232;p=debienna.git stuff --- diff --git a/Kalender/2019-10-17/email_journey.md b/Kalender/2019-10-17/email_journey.md new file mode 100644 index 0000000..b6fdb58 --- /dev/null +++ b/Kalender/2019-10-17/email_journey.md @@ -0,0 +1,1309 @@ +--- +title: email - towards a less terrible setup +author: al.t +... + +# **prelude - the used presentation toolchain** + +## *how to make presentations easier, faster and more awesome in general* + +### Software options + * patat (uses pandoc to convert from $WHATEVER to terminal-presentation) + + https://github.com/jaspervdj/patat + * mdp (uses a specific markdown-flavour for terminal-presentation) + + https://github.com/visit1985/mdp + * tpp (uses a own dialect, more control over presentation) + + https://github.com/cbbrowne/tpp + * hovercraft (converts reStructuredText to impress.js, needs the GUI) + + https://regebro.github.io/hovercraft/ + + +### Chosen presentation software + + + +NAME + patat - Presentations Atop The ANSI Terminal + +SYNOPSIS + patat [*options*] file + +DESCRIPTION + Controls + * Next slide: space, enter, l, →, PageDown + * Previous slide: backspace, h, ←, PageUp + * Go forward 10 slides: j, ↓ + * Go backward 10 slides: k, ↑ + * First slide: 0 + * Last slide: G + * Reload file: r + * Quit: q + + + +--- + + + +# **Content** + + +## *whoami and why that setup* + + +## *howto $WHATEVER -> maildir* + + +## *access online folders* + + +## *alpine* + + +## *mbsync (isync)* + + +## *msmtp* + + +## *(neo)mutt* + + +## *notmuch or mu (maildir-utils) or mairix* + + +## *nmh or mmh* + + +## *open issues* + + + +--- + + + +# **whoami and why that setup** + +## legacy backup data + + * used different (non-linux) os + * restrictive environments (cannot install software) + * multiple languages (use of many non-ASCII-characters) + + * used different email-clients + * webmail with saved messages + * MS Outlook + * single messages (.msg) + * message archives (.pst) + * Mozilla Thunderbird + * single messages (.eml) + * message archives (.mbox) + +## goals + +having an email-setup, which fulfills the following demands + + * not lose any data (although being old) + * convert everything in a common file format + * use the same data structure for in-use emails and archived emails + * be able to perform incremental backups + * no risk of vendor-lock-in (use only FLOSS-tools in Debian-main-repositories) + * separation between configuration and email-data + * not resource-intensive while fast + * being able to handle > 100K of messages + + * if possible: CLI/TUI-tools + +*solution: in a first step, convert legacy messages to maildir* + + + +--- + + + +# **howto $WHATEVER -> maildir** + + +## *detox* + +detox - replace problematic characters in filenames + +`$ detox -r *` + +* -r recurse to subdirectories + + +## *msgconvert (libemail-outlook-message-perl)* + +libemail-outlook-message-perl - module for reading Outlook .msg files + +`$ msgconvert *.msg` + +CAVE: msgconvert converts messages by default into .eml-files + + +## *Mozilla Thunderbird (thunderbird)* + +thunderbird: cross platform standalone mail application + +usage: +start GUI -> install add-on ImportExportTools NG +right click on folder -> ImportExportTools NG -> "Import messages from directory (including subdirectories)" -> choose directory with .eml-files +right click on folder -> ImportExportTools NG -> "Export folder with subfolders (with structure)" -> choose directory for creating .mbox-file(s) + +CAVE: thunderbird stores messages by default in the .mbox-format, so exporting is strictly speaking not needed +CAVE: ugly, better toolchain needed (currently just workaround) + + +*current status: all messages converted from .msg/.eml to .mbox-files* + + + +--- + + + +# **howto $WHATEVER -> maildir** + + +## *readpst (pst-utils)* + +pst-utils: tools for reading Microsoft Outlook PST files + +`$ readpst -8 *.pst` + +* -8 output email bodies as UTF-8 instead of the original format + +CAVE: readpst converts messages by default into .mbox-files + + + +## *mb2md* + +mb2md — Converts Mbox mailboxes to Maildir format + +`$ mb2md -s $HOME/emails/sourcedir/ -R -d $HOME/emails/destdir/` + +* -s sourcedir +* -R run recursively +* -d destdir + +CAVE: mb2md does *NOT!* use relative paths from pwd, but from $HOME! + + +## *jdupes or fdupes* + +jdupes - identify and delete or link duplicate files +fdupes - identifies duplicate files within given directories (old) + +`$ jdupes -rdN FOLDER` + +* -r recurse to subdirectories +* -d delete duplicate files +* -N don't ask (noprompt) + +CAVE: this will *DELETE!* the duplicate files, pause and think before executing this command! + + +*current status: all messages in maildir-format, deduplicated (if hashes were identical)* + + +--- + + +# *Interlude* + +## random trivia + +*The GNOME foundation got sued by a patenet troll (Rothschild Patent Imaging, LLC) for using 'technology to transfer images'.* + +sources: +* https://itsfoss.com/shotwell-lawsuit/ +* https://www.patentprogress.org/2019/09/26/mythical-troll-attacks-gnome/ +* https://www.pro-linux.de/news/1/27473/patentklage-gegen-gnome-foundation.html +* https://www.golem.de/news/shotwell-patenttroll-verklagt-gnome-foundation-wegen-fotoverwaltung-1909-144089-rss.html +* https://www.zdnet.com/article/leave-gnome-alone-this-patent-troll-is-asking-for-trouble/ +* http://techrights.org/2019/09/25/microsoft-patent-troll-intellectual-ventures-gnome/ + +According to the techrights.org-source, Rothschild Patent Imaging, LLC, is connected to Microsoft + + +--- + + + +# **access online folders (using openssl)** + + +openssl - Secure Sockets Layer toolkit + + +*connect to the mail-server* +`$ openssl s_client -connect mail.example.com:993 -crlf` + +* -crlf translates a line feed from the terminal into CR+LF as required by some servers + + +*access the account* +> 1 LOGIN MYUSERNAME MYPASSWORDINPLAINTEXT + +alternative +`$ echo 'MYUSERNAMEMYUSERNAMEMYPASSWORDINPLAINTEXT' | base64` +cave: has to be deleted, therefore this doesn't work currently as expected + +to test the encoding use +`$ echo 'StringFromAbove' | base64 -d` + +`> 1 AUTHENTICATE PLAIN StringFromAbove` + + +*list the name of all folders within the account* +`> 2 LIST "" "\*"` + + + + +*select a folder (e.g. inbox) to test if it works* +`> 3 SELECT INBOX` + + +*logout* +`> 4 LOGOUT` + +## *troubleshoot the connection to each mail server in advance* + +*take note of the configuration details for the later steps* +* user names (with or without the addition of ...@example.com?) +* used ports (hopefully 993) +* names of folder (Sent or Inbox.Sent or something else?) + + +*current status: all accounts are accessable online using openssl* + + +--- + + + +# **alpine** + + +## *general information* + + +alpine - text-based email client, friendly for novices but powerful + + +for creating debug-information use +`$ alpine -d [0-9]` +alpine does *NOT!* store any credential information in its logs + +configuration is done in-program and stored in $HOME/.pinerc + +configuration is done using shortcuts (case-insensitive) or TUI + +information available at *http://alpine.x10host.com/* +the latest release is available at *http://alpine.x10host.com/alpine/release/* +the latest development version at *https://repo.or.cz/alpine.git* + +*the current developer and maintainer of alpine, __Eduardo Chappa__ (alpine.chappa@yandex.com or chappa@vfemail.net), is __extremely helpful__!* + + +## *base configuration* + + +to add a collection list (aka folder): +*M* (main menu) - *S* (setup) - *L* (collectionLists) - *A* (add collection list) + +to add a role (aka account details): +*M* - *S* - *R* (rules) - *R* (roles) - *A* (add) + +nano ('pico') is the default editor +available commands are displayed below ('nano-style') + +exemplary imap-access: *{mail.example.com/ssl/user=MY_USER_NAME}INBOX* +exemplary Fcc (sent): *{mail.example.com/ssl/user=MY_USER_NAME}INBOX.Sent* +exemplary smtp-access: *smtp.example.com/ssl/user=MY_USER_NAME* + +multiple accounts can be created using the above mentioned scheme + + + +--- + + + +# **alpine** + + +## *address book* + +the addressbook is located in *$HOME/.addressbook* + +to convert from abook to alpine-addressbook use +`$ abook --convert --infile $HOME/.abook/addressbook --outformat pine | sed 's/,.*//' | sed 's/(//' > ~/.addressbook` +(the sed-command is needed if multiple email-addresses per name are stored) + + +## *using ~/.pine\_passfile and ~/.alpine-smime/.pwd* + + +if compiled using `$ ./configure --with-passfile=$HOME/.pine-passfile`, passwords can be stored in that file if it exists (default in debian) + +to use this feature, `$ touch ~/.pine-passfile` + +the passfile is encrypted using the *$HOME/.alpine-smime/.pwd/MasterPassword.key* + +the key is a *2048 bit RSA key* (`$ openssl rsa -text -in ~/.alpine-smime/.pwd/MasterPassword.key`) + +private email to maintainer and talking about the security of 2048 bit RSA keys he replied: +*"I am happy to change the encryption to a higher degreeof encryption. That is not a problem. I can search in openssl how to do that. Should be easy."* +it might also be possible to do this manually, but I haven't tried it yet + +the .pine-passfile can be *decrypted using openssl* (`$ openssl smime -decrypt -inform pem -in ~/.pine-passfile -inkey ~/.alpine-smime/.pwd/MasterPassword.key`) +data is obfuscated after encryption (this was the only security measure until some years ago, so beware of old forum posts) + + + + +--- + + +# **alpine** + + +## *issues with alpine* + + +* not as flexible as (neo)mutt +* should be used as intended (cannot be completely re-configured) +* not as sexy (less perceived users, therefore less information online) +* if the email-server is not configured correctly, problems might arise + + +## *why should anybody use alpine?* + +if you want a TUI-based email program, consider alpine! + +* very fast to set up + + `$ sudo apt-get install alpine && alpine` +* relatively easy to configure + + the configuration can be performed from within alpine + + general behaviour can be changed + + GPG-key-interaction and signatures can be used + + the editor can be changed + + additional customization (e.g. colors) can be used +* stores everything in one configuration file ($HOME/.pinerc) + + therefore easy to deploy +* the maintainer is awesome + + + +*current status: ability to use a TUI email-client for reading and sending email* + + +--- + + +# **mbsync (isync)** + +isync - IMAP and MailDir mailbox synchronizer +the binary is called *mbsync* + +alternative software - offlineimap + +## *configuration of mbsync using `$ touch $HOME/.mbsyncrc`* + + IMAPAccount TEST + Host mail.example.org + User #CAVE: SEE BELOW + PassCmd #CAVE: SEE BELOW + SSLType IMAPS # use secure IMAP + SSLVersions TLSv1.2 + CertificateFile /etc/ssl/certs/ca-certificates.crt + + CopyArrivalDate yes + + + +for *User* use the username as found by the *openssl s\_client*-command + + + +PassCmd "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode cancel ~/.password-store/email/TEST.gpg | head -n 1" + +* --pinentry-mode cancel do not ask for passwords, just cancel + +this setup can only be used together with a gpg-agent + +this setup requires a file being stored in *$HOME/.password-store*, as this is done using *pass* + +prequisites + +* gnupg +* gpg-agent +* pass + + +--- + +# **mbsync (isync)** + +## *add information on remote and local folders* + + + # ### Remote storage ------------------- + + IMAPStore TEST-remote + Account TEST + + + # ### Local storage -------------------- + + MaildirStore TEST-local + SubFolders Verbatim + + Path ~/SOMEWHERE/TEST/ + # CAVE: The trailing "/" under 'Path' is important + + #Inbox ~/SOMEWHERE/TEST/inbox + # CAVE: the name of the 'inbox' conflicts with the channel slave name! + # use this only, of no channels are used + + + +--- + +# **mbsync (isync)** + +## *add information on the inbox-channel (remote and local folders)* + + + Channel TEST-Inbox + Master :TEST-remote:"INBOX" + Slave :TEST-local:inbox + + Create Both + # Automatically create missing mailboxes, both locally and on the server + + Expunge Both + # Automatically delete messages if deleted in other folder + + SyncState * + # Save the synchronization state files in the relevant directory + + MaxSize 100m + # Don't download any email greater than this + + Patterns * + # Will copy all the account as specified at under remote + + #Patterns "INBOX*" + #Patterns !* "INBOX*" "Sent*" + # Exclude everything except the folders mentioned + +for remote foldernames use the names as found by the *openssl s\_client*-command + + + + +--- + +# **mbsync (isync)** + +## *add information on additional channels* + + Channel TEST-Sent + Master :TEST-remote:"Sent" + Slave :TEST-local:sent + Create Both + Expunge Both + SyncState * + MaxSize 100m + Patterns * + + Channel TEST-Draft + Master :TEST-remote:"Draft" + Slave :TEST-local:draft + Create Both + Expunge Both + SyncState * + MaxSize 100m + Patterns * + + +for remote foldernames use the names as found by the *openssl s\_client*-command + + + +## *group the channels into a single entity* + + + # Get all the channels together into a group. + Group TEST + Channel TEST-Inbox + Channel TEST-Sent + Channel TEST-Draft + + + + +--- + + +# **mbsync (isync)** + + +test and debug a specific group or channel +`$ mbsync -Dmn TEST` + + +synchronize messages of all groups +`$ mbsync -a` + + +## *synchronize messages automatically (as an alternative to cron-jobs)* + + +`$ touch $HOME/.config/systemd/user/mbsync.service` + + [Unit] + Description=Manual mailbox synchronization service + + [Service] + Type=oneshot + ExecStart=/bin/sh -c '/usr/bin/torsocks /usr/bin/mbsync -aq' + ExecStartPost=ProgramToIndexMessages + + +`$ touch HOME/.config/systemd/user/mbsync.timer` + + [Unit] + Description=Manual mailbox synchronization timer + + [Timer] + OnBootSec=2m + OnUnitActiveSec=5m + Unit=mbsync.service + + [Install] + WantedBy=timers.target + +`$ systemctl start --user mbsync.timer` +`$ systemctl enable --user mbsync.timer` +`$ systemctl status --user mbsync.timer` + + +*current status: new messages get automatically synchronized to my computer* + + +--- + + +# *Interlude* + +## random trivia + +*Lennart Poettering wants to take away your home directory* + + +Let's bring the UNIX concept of Home Directories into the 21st century. The +concept of home directories on Linux/UNIX has little changed in the last 39 +years. It's time to have a closer look, and bring them up to today's standards, +regarding encryption, storage, authentication, user records, and more. In this +talk we'll talk about "systemd-homed", a new component for systemd, that +reworks how we do home directories on Linux, adds strong encryption that makes +sense, supports automatic enumeration and hot-plugged home directories and +more. (asg2019) + + +sources: +https://www.theregister.co.uk/2019/09/25/systemd\_inventor\_home\_directories/ +https://cfp.all-systems-go.io/ASG2019/talk/VSQRXA/ +https://cdn.media.ccc.de/events/all\_systems\_go/2019/h264-hd/asg2019-164-eng-Reinventing\_Home\_Directories\_hd.mp4 + + + +--- + + +# **msmtp** + +msmtp - light SMTP client with support for server profiles + +*configuration of msmtp using `$ touch $HOME/.msmtprc`* + +## *general options for all accounts* + + # Set default values for all following accounts. + defaults + + # Port 465 is designed for required ("implicit") TLS-encryption. + # Mail submission port 587 is used for STARTTLS, + # port 25 is used for unencrypted communication. + # The protocol is smtp (smtps is not an option available, the alternative is lmtp) + protocol smtp + port 465 + + # Keep a logfile for later evaluation + #logfile ~/.mail/msmtp.log + + + # Enable or disable automatic envelope-from addresses. The default is off. + # The domain part can be set with the maildomain command. + # cave: the user-part will be as the login-name on the computer! + # not usable for emails to be send non-locally! + #auto_from off + +if you want to send messages via tor, use the following + + # Use tor as a proxy (needs tor and tls on) + proxy_host 127.0.0.1 + proxy_port 9050 + +prequisites + +* tor with SocksPort bound to 9050 (defined in $HOME/.torrc) + +--- + +# **msmtp** + +## *options concerning tls for all accounts* + + # Always use TLS + tls on + + # STARTTLS turns a previously unencrypted session into an encrypted one + # This is by far not as secure as using an encrypted session from the beginning! + # Therefore TLS is turned on while STARTTLS is turned off. + # Recommendation: if you don't need STARTTLS, then TURN IT OFF! + tls_starttls off + + # Set a list of trusted CAs for TLS. You can use a system-wide default file, + # as in this example, or download the root certificate of your CA and use that. + # If accounts without tls_trust_file are used, this command should be in each accout! + #tls_trust_file /etc/ssl/certs/ca-certificates.crt + + # Additionally, you should use the tls_crl_file command to check for + # revoked certificates, but unfortunately getting revocation lists + # and keeping them up to date is not straightforward. + #tls_crl_file ~/.tls-crls + + + + +--- + + +# **msmtp** + +## *account-specific options* + + + account TEST + host smtp.example.com + from username@example.com + auth on + user #CAVE: SEE BELOW + + passwordeval #CAVE: SEE BELOW + + #port 587 # if needed + + #tls_starttls on # if needed + tls_fingerprint #CAVE: SEE BELOW + tls_trust_file /etc/ssl/certs/ca-certificates.crt + + + +for *User* use the username as found by the *openssl s\_client*-command + + + +use *pass* or *gpg* for decrypting the password +passwordeval "pass show TEST | head -1" +passwordeval "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only $HOME/SOMEWHERE/TEST.gpg | head -1" + +find tsl\_fingerprint using the following command + `$ openssl s_client -connect SMTP_SERVER:587 -starttls smtp /dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2` + `$ openssl s_client -connect SMTP_SERVER:465 /dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2` + change accordingly, if *starttls* is used + +output: e.g. 01:23:45:67:89:AB:CD:EF:BA:DC:0F:FE:E0:DD:F0:0D:DE:AD:BE:EF + + +## *test accounts* + +`$ echo "Subject Test" | msmtp some_other_account@example.com -a TEST` + + +--- + + + +# **neomutt** + +neomutt - text-based mailreader supporting MIME, GPG, PGP and threading + + +## *account configuration* + + set realname = "some name" + set from = "myusername@example.com" + + unmy_hdr * + my_hdr From: some name + + set signature = "~/SOMEWHERE/signature.txt" + + + set pgp_default_key = "DEADBEEF" + set pgp_sign_as = "BADC0FFE" + # use long keys or fingerprints if possible + + + # access server + + set mail_check = 60 + + set spoolfile = "imaps://myusername@example.com@example.com:993/INBOX" + set record = "imaps://myusername@example.com@example.com:993/Sent" + set postponed = "imaps://myusername@example.com@example.com:993/Drafts" + + # disabeled online trash folder, so that only local trash folder will be used + #set trash = "imaps://myusername@example.com@example.com:993/Trash" + + # When using only one folder, everything can be addressed relatively + #set spoolfile = "+INBOX" + #set record = "+Sent" + #set postponed = "+Drafts" + #set trash = "+Trash" + + # mailbox definitions are either performed here or in a separate sidebar + #mailboxes =INBOX =Sent =Trash =Drafts =Junk + + +--- + + +# **neomutt** + +## *debugging neomutt* + +`$ neomutt -d [1-5]` + +**CAVE: neomutt INCLUDES the CREDENTIALS in the DEBUG-LOG!** + + +## *use passwords within neomutt* + + set smtp_url = "smtp://myusername@example.com@example.com:587" + #set smtp_pass = "`pass TEST`" + + set folder = "imaps://myusername@example.com@example.com:993" + #set imap_pass = "`pass TEST`" + + source "pass MUTT_TEST |" #CAVE: SEE BELOW + +*source a password-file from within neomutt* + +use a pipe ("|") after the file to read so that the content of the file gets executed + +content of the password-file + + set imap_pass="MYSUPERSECRETPASSWORD" + set smtp_pass="MYSUPERSECRETPASSWORD" + +in addition add the following option to the .muttrc to disable the colon (':') +`bind generic,alias,attach,browser,editor,index,compose,pager,pgp,postpone ':' noop` +otherwise entering `:set ? imap_pass` or `:set ? smtp_pass` will reveal your password! + + +--- + +# **neomutt** + + +## *account-specific sidebar-options* + +use the sidebar for faster navigation between different accounts + + unmailboxes * + + virtual-mailboxes " ----- " "=separator" + virtual-mailboxes " search" "~/SOMEWHERE/search" + virtual-mailboxes " inbox " "imaps://myusername@example.com@example.com:993/INBOX" + virtual-mailboxes " sent " "imaps://myusername@example.com@example.com:993/Sent" + virtual-mailboxes " drafts" "imaps://myusername@example.com@example.com:993/Drafts" + virtual-mailboxes " trash " "imaps://myusername@example.com@example.com:993/Trash" + virtual-mailboxes " junk " "imaps://myusername@example.com@example.com:993/Junk" + + +if a `folder` is set, an abbreviated form can be used + + virtual-mailboxes " something" "+INBOX" + + +--- + +# **neomutt** + +## *general options concerning the sidebar* + + + # Should the Sidebar be shown? + set sidebar_visible = yes + + # How wide should the Sidebar be in screen columns? + set sidebar_width = 35 + #set sidebar_indicator=green + + # Should the mailbox paths be abbreviated? + set sidebar_short_path = yes + + # When abbreviating mailbox path names, use any of these characters as path + # separators. Only the part after the last separators will be shown. + # For file folders '/' is good. For IMAP folders, often '.' is useful. + set sidebar_delim_chars = '/.' + + # Make the Sidebar only display mailboxes that contain new, or flagged, mail. + set sidebar_new_mail_only = no + + # When searching for mailboxes containing new mail, should the search wrap + # around when it reaches the end of the list? + set sidebar_next_new_wrap = no + + # The character to use as the divider between the Sidebar and the other NeoMutt panels. + set sidebar_divider_char = ' | ' + + # Enable extended mailbox mode to calculate total, new, and flagged + # message counts for each mailbox. + set mail_check_stats + + + bind index,pager B sidebar-toggle-visible + + bind index,pager \Ck sidebar-prev + bind index,pager \Cj sidebar-next + bind index,pager \Cl sidebar-open + + +--- + +# **neomutt** + +## *design of the sidebar* + + # Sort the mailboxes in the Sidebar using this method: + # count – total number of messages + # flagged – number of flagged messages + # new – number of new messages + # path – mailbox path + # unsorted– do not sort the mailboxes + set sidebar_sort_method = 'unsorted' + + + # Display the Sidebar mailboxes using this format string. + # additional informatino on https://neomutt.org/guide/reference.html#sidebar-format + # + # %B Name of the mailbox + # %S Size of mailbox (total number of messages) + # %F Number of Flagged messages in the mailbox + # %N Number of New messages in the mailbox + # %n If there's new mail, display “ N”, otherwise nothing + # %! “ !”: one flagged message; + “ !!”: two flagged messages; + “ n!”: n flagged messages (for n > 2). Otherwise prints nothing. + # %d Number of deleted messages + # %L Number of messages after limiting + # %t Number of tagged messages + # %>X Right justify the rest of the string and pad with “ X” + # %|X Pad to the end of the line with “ X” + # %*X Soft-fill with character “ X”as pad + + # %?F? [%F]? If flagged emails [%F], otherwise nothing + # %* Pad with spaces + + set sidebar_format = "%B %?n?[N]&? %* [%?N?%N/?%S]" + + +--- + +# **neomutt** + +## *gpg-integration* + + setenv PINENTRY_USER_DATA curses + # In case of problems, change ~/.gnupg/ to include the line + # pinentry-program /usr/bin/pinentry-curses + # instead of + # pinentry-program /usr/bin/pinentry-tty + + + # automatically enable PGP encryption/signing for messages (default = yes) + set crypt_autopgp = yes + + # attempt to cryptographically sign outgoing messages (default = no) + set crypt_autosign = no + + # attempt to PGP encrypt outgoing messages (default = no) + set crypt_autoencrypt = no + + # enable S/MIME encryption/signing for messages (default = yes) + set crypt_autosmime = yes + + + # automatically PGP or OpenSSL sign replies to messages which are signed + # (default = yes) + set crypt_replysign = yes + + # automatically PGP or OpenSSL encrypt replies to messages which are encrypted + # (default = no) + set crypt_replyencrypt = yes + + # automatically PGP or OpenSSL sign replies to messages which are encrypted + # (default = no) + set crypt_replysignencrypted = yes + + + # attempt to verify PGP or S/MIME signatures (default = yes) + set crypt_verify_sig = yes + + +--- + +# **neomutt** + +## *gpg-integration* + + # include a time stamp in the lines surrounding PGP or S/MIME output, so spoofing + # such lines is more difficult. If you are using colors to mark these lines + # and rely on these, you may unset this setting. (default = yes) + set crypt_timestamp = yes + + # display non-usable keys on the PGP key selection menu. This includes keys which + # have been revoked, have expired, or have been marked as "disabled" by the user. + set pgp_show_unusable = yes + + # number of seconds after which a cached passphrase will expire if not used. + # is limited by the .gnupg/gpg-agent.conf - option 'max-cache-ttl' + set pgp_timeout = 600 + + # check the status file descriptor output of + # $pgp_decrypt_command + # and + # $pgp_decode_command + # for GnuPG status codes indicating successful decryption. (default = yes) + set pgp_check_gpg_decrypt_status_fd = yes + + # PGP signature is only considered verified if the output from + # $pgp_verify_command + # contains the text. (default = ) + set pgp_good_sign = "^gpg: Good signature from" + + # Save a copy of outgoing email, encrypted to yourself + set pgp_self_encrypt = yes + + #set pgp_default_key = "PGP-KEY" + #set pgp_sign_as = "PGP-SIGNING-KEY" + + # Save a copy of outgoing email, encrypted to yourself + set smime_self_encrypt = yes + set smime_is_default = no + + #set smime_default_key = "SMIME-KEY" + #set smime_sign_as = "SMIME-SIGNING-KEY" + + +--- + +# **neomutt** + +## *gpg-integration* + + + set pgp_sign_command ="gpg \ + --batch \ + --quiet \ + --no-verbose \ + --textmode \ + --armor \ + --output - \ + --detach-sign \ + --passphrase-fd 0 \ + %?a?--local-user %a? %f" + + set pgp_encrypt_only_command = "/usr/lib/neomutt/pgpewrap \ + gpg \ + --batch \ + --quiet \ + --no-verbose \ + --textmode \ + --armor \ + --output - \ + --encrypt -- \ + --recipient %r -- %f" + + set pgp_encrypt_sign_command = "/usr/lib/neomutt/pgpewrap \ + gpg \ + --batch \ + --quiet \ + --no-verbose \ + --textmode \ + --armor \ + --output - \ + --encrypt \ + --sign \ + --passphrase-fd 0 \ + %?a?--local-user %a? -- \ + --recipient %r -- %f" + +CAVE: either put /usr/lib/neomutt in $PATH or explicitly use /usr/lib/neomutt/pgpewrap + +CAVE: more complicated config = more risk, that something is incorrectly configured! + +--- + +# *Interlude* + +## random trivia + +codecrypt - post-quantum encryption and signing tool +*CAVE: software has not undergone a cryptographic audit* + + # This is a GnuPG-like Unix program for encryption and signing + # that only uses quantum-resistant algorithms: + # McEliece cryptosystem (compact QC-MDPC variant) for encryption. + # Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures. + + + # ccr basic command usage + + # Generate a strong(er) asymmetric encryption key + $ ccr -g ENC-256 -N SOME_NAME + + # Export specified public key for sharing with contacts + $ ccr -F SOME_NAME -ap > SOME_NAME.pub + + # Export specified private key. The -F parameter chooses the key to be used + # To enumerate all keys in the keyring run ccr -k for public ones and ccr -K for private + $ ccr -F SOME_NAME -aP > SOME_NAME_UNENCRYPTED + + # Back-up keys: It is easier to backup the ccr folder in the home directory, + # changing its name from/to .ccr upon restore. + # Enable hidden file view with alt + . to see it. + + + # ccr key management + + # Import a public key. + $ ccr -ai < [contactkey] + + # Import a private key. + $ ccr -aI < [myprivatekey] + + # Encrypt a plaintext message file only to an already imported contact key. + # Note this will be inaccessible to you. Save a plaintext copy for archival purposes. + $ ccr -aer SOME_NAME -R secret > secret.ccr + + # Decrypt a ciphertext message creating plaintext output. + $ ccr -adR secret.ccr > secret.new + + + +--- + + +# **neomutt** + +## *attachments* + + unalternative_order * + alternative_order multipart/mixed multipart/related text/plain text/enriched text/html + # define order how to view messages; multipart/* is needed for attachment forwarding + + auto_view text/html + # automatically convert text/html into plain text + + bind attach view-mailcap + # view attachments using 'v', then open in mailcap using 'm' + + mime_lookup application/octet-stream + + # Ask if the user wishes to abort sending if $abort_noattach_regex + # is found in the body, but no attachments have been added + # It can be set to: + # "yes" : always abort + # "ask-yes" : ask whether to abort + # "no" : send the mail + set abort_noattach = ask-yes + + # Search for the following regular expression in the body of the email + # English: attach, attached, attachment, attachments + set abort_noattach_regex = "\\" + # Deutsch: + set abort_noattach_regex = "\\<(Anhang|anhängen|angehängt|anhang|anhänge|hängt an)\\>" + + set attach_format = " %u%D%I %t%2n %T%d%\* [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] " + + set mailcap_path = "~/.mutt/config/mutt_mailcap" + # define link to filetypes-file + + +--- + + +# **neomutt** + +## *attachments* + +this should be put into a separate file for mailcap + + + # html-emails and other email-formats + text/html; w3m -cols 80 -dump -T text/html '%s'; copiousoutput + application/rtf; unrtf '%s' | html2text; copiousoutput + + + # pdf-files + application/pdf; pdftotext '%s' - ; print=zathura '%s'; copiousoutput + + + # office-documents + application/vnd.openxmlformats-officedocument.wordprocessingml.document; docx2txt '%s' - | less; copiousoutput + application/msword; antiword '%s'; copiousoutput + + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; vd '%s'; needsterminal + application/vnd.ms-excel; vd '%s'; needsterminal + + application/vnd.ms-powerpoint; catppt '%s' | less; copiousoutput + + # images + image/*; catimg '%s'; print=sxiv '%s'; needsterminal + + +--- + +# **neomutt** + +## *additional options* + + + set ispell = "aspell -e -c" + # use aspell as spellchecker + + set thorough_search = yes + + + macro index,pager \ea "abook \ + --add-email" "Add this sender to abook" + + bind editor complete-query + + +additional options depending of the indexing-utility used + + + set query_command = "( abook --mutt-query '%s' ; \ + mu cfind --format=mutt-ab '%s' | sed -n '1!p' )" + +--- + + +# **mu (maildir-utils) or notmuch or mairix** + +first create an index database + +`$ notmuch setup` +`$ mu index --maildir=/SOMEFOLDER` + +for mairix the configuration file has to be created manually (using $HOME/.mairixrc) + + +create symbolic links to a specific folder to be opened in neomutt + + + # searching messages + macro generic,index,pager,browser "mu \ + find --clearlinks \ + --format=links \ + --linksdir=~/SOMEWHERE/" "mu find" + + macro generic,index,pager,browser "notmuch-mutt \ + --output-dir ~/SOMEWHERE \ + --prompt search" "notmuch search" + + macro generic,index,pager,browser "mairix " "mairix" + + + # querying messages + macro generic,index,pager,browser "~/SOMEWHERE" "search folder" + + + +--- + + +# **nmh or mmh** + +mmh - set of electronic mail handling programs (legacy code removed from nmh) +nmh - 'new' mail handler (although older than mmh) + + +## *setup* + + +currently work in progress (issue - using multiple accounts with sendmail) + + +--- + +# **open issues** + +## *converting .eml-files directly into mbox or maildir using cli-tools* + +## *how to deal with broken emails (how to prevent and how to fix them)* + +## *download messages using isync via a tor-proxy* + +solution: use tsocks/torsocks + +## *sending messages from different accounts using sendmail* + +## *tagging messages using mu* + +## *how to handle passwords, while being both obfuscated (within a file) and secure* + +possible solution: use tomb and pass + +## *searching gpg-encrypted messages* + +## *searching tar-archived message folders* + +## *open other emails while writing without a second 'mutt -R'-window* + +possible solution: postpone messages + +## *increase viewing space for attachments when sending messages* + +solution: set attach_format = " %u%D%I %t%2n %T%d%\* [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] " + + + +## *slow, when changing to different offline folder* + +## *mutt sometimes hanging (not able to ^C or ^G)* + +## *mutt sometimes sending empty messages (when hanging)* + +## *accessing a maildir-folder over ssh with mutt being installed locally* + +## *switching between user credentials when accessing local folders* + +possible solution: folder-hooks + +## *generate a local spam-filter* + diff --git a/Kalender/2019-10-17/index.mdwn b/Kalender/2019-10-17/index.mdwn index 47fc01c..3e6d70a 100644 --- a/Kalender/2019-10-17/index.mdwn +++ b/Kalender/2019-10-17/index.mdwn @@ -12,5 +12,4 @@ Baustelle) ### Themen -- The Go must show on -- Dingens mit Debian +- E-Mail Journy Vortrag (mutt und anderes): [E-Mail Journey](email_journey)