stuff

[debienna.git] / Kalender / 2019-10-17 / email_journey.md

---
title: email - towards a less terrible setup
author: al.t
...

# **prelude - the used presentation toolchain**

## *how to make presentations easier, faster and more awesome in general*

### Software options
  * patat (uses pandoc to convert from $WHATEVER to terminal-presentation)
    + https://github.com/jaspervdj/patat
  * mdp (uses a specific markdown-flavour for terminal-presentation)
    + https://github.com/visit1985/mdp
  * tpp (uses a own dialect, more control over presentation)
    + https://github.com/cbbrowne/tpp
  * hovercraft (converts reStructuredText to impress.js, needs the GUI)
    + https://regebro.github.io/hovercraft/


### Chosen presentation software

<!-- :.!man patat | head -n 26 -->

NAME
       patat - Presentations Atop The ANSI Terminal

SYNOPSIS
       patat [*options*] file

DESCRIPTION
   Controls
       * Next slide: space, enter, l, →, PageDown
       * Previous slide: backspace, h, ←, PageUp
       * Go forward 10 slides: j, ↓
       * Go backward 10 slides: k, ↑
       * First slide: 0
       * Last slide: G
       * Reload file: r
       * Quit: q



---



# **Content**


## *whoami and why that setup*


## *howto $WHATEVER -> maildir*


## *access online folders*


## *alpine*


## *mbsync (isync)*


## *msmtp*


## *(neo)mutt*


## *notmuch or mu (maildir-utils) or mairix*


## *nmh or mmh*


## *open issues*



---



# **whoami and why that setup**

## legacy backup data

  * used different (non-linux) os
      * restrictive environments (cannot install software)
      * multiple languages (use of many non-ASCII-characters)

  * used different email-clients
      * webmail with saved messages
      * MS Outlook
          * single messages (.msg)
          * message archives (.pst)
      * Mozilla Thunderbird
          * single messages (.eml)
          * message archives (.mbox)

## goals

having an email-setup, which fulfills the following demands

  * not lose any data (although being old)
  * convert everything in a common file format
  * use the same data structure for in-use emails and archived emails
  * be able to perform incremental backups
  * no risk of vendor-lock-in (use only FLOSS-tools in Debian-main-repositories)
  * separation between configuration and email-data
  * not resource-intensive while fast
  * being able to handle > 100K of messages

  * if possible: CLI/TUI-tools

*solution: in a first step, convert legacy messages to maildir*



---



# **howto $WHATEVER -> maildir**


## *detox*

detox - replace problematic characters in filenames

`$ detox -r *`

* -r    recurse to subdirectories


## *msgconvert (libemail-outlook-message-perl)*

libemail-outlook-message-perl - module for reading Outlook .msg files

`$ msgconvert *.msg`

CAVE: msgconvert converts messages by default into .eml-files


## *Mozilla Thunderbird (thunderbird)*

thunderbird: cross platform standalone mail application

usage:
start GUI -> install add-on ImportExportTools NG
right click on folder -> ImportExportTools NG -> "Import messages from directory (including subdirectories)" -> choose directory with .eml-files
right click on folder -> ImportExportTools NG -> "Export folder with subfolders (with structure)" -> choose directory for creating .mbox-file(s)

CAVE: thunderbird stores messages by default in the .mbox-format, so exporting is strictly speaking not needed
CAVE: ugly, better toolchain needed (currently just workaround)


*current status: all messages converted from .msg/.eml to .mbox-files*



---



# **howto $WHATEVER -> maildir**


## *readpst (pst-utils)*

pst-utils: tools for reading Microsoft Outlook PST files

`$ readpst -8 *.pst`

* -8    output email bodies as UTF-8 instead of the original format

CAVE: readpst converts messages by default into .mbox-files



## *mb2md*

mb2md — Converts Mbox mailboxes to Maildir format

`$ mb2md -s $HOME/emails/sourcedir/ -R -d $HOME/emails/destdir/`

* -s    sourcedir
* -R    run recursively
* -d    destdir

CAVE: mb2md does *NOT!* use relative paths from pwd, but from $HOME!


## *jdupes or fdupes* 

jdupes - identify and delete or link duplicate files
fdupes - identifies duplicate files within given directories (old)

`$ jdupes -rdN FOLDER`

* -r    recurse to subdirectories
* -d    delete duplicate files
* -N    don't ask (noprompt)

CAVE: this will *DELETE!* the duplicate files, pause and think before executing this command!


*current status: all messages in maildir-format, deduplicated (if hashes were identical)*


---


# *Interlude*

## random trivia

*The GNOME foundation got sued by a patenet troll (Rothschild Patent Imaging, LLC) for using 'technology to transfer images'.*

sources: 
* https://itsfoss.com/shotwell-lawsuit/
* https://www.patentprogress.org/2019/09/26/mythical-troll-attacks-gnome/
* https://www.pro-linux.de/news/1/27473/patentklage-gegen-gnome-foundation.html
* https://www.golem.de/news/shotwell-patenttroll-verklagt-gnome-foundation-wegen-fotoverwaltung-1909-144089-rss.html
* https://www.zdnet.com/article/leave-gnome-alone-this-patent-troll-is-asking-for-trouble/
* http://techrights.org/2019/09/25/microsoft-patent-troll-intellectual-ventures-gnome/

According to the techrights.org-source, Rothschild Patent Imaging, LLC, is connected to Microsoft


---



# **access online folders (using openssl)**


openssl - Secure Sockets Layer toolkit


*connect to the mail-server*
`$ openssl s_client -connect mail.example.com:993 -crlf`

* -crlf translates a line feed from the terminal into CR+LF as required by some servers


*access the account*
> 1 LOGIN MYUSERNAME MYPASSWORDINPLAINTEXT

alternative
`$ echo 'MYUSERNAMEMYUSERNAMEMYPASSWORDINPLAINTEXT' | base64`
cave: <return> has to be deleted, therefore this doesn't work currently as expected

to test the encoding use
`$ echo 'StringFromAbove' | base64 -d`

`> 1 AUTHENTICATE PLAIN StringFromAbove`


*list the name of all folders within the account*
`> 2 LIST "" "\*"`

<!-- cave: escape-character before '*' -->


*select a folder (e.g. inbox) to test if it works*
`> 3 SELECT INBOX`


*logout*
`> 4 LOGOUT`

## *troubleshoot the connection to each mail server in advance*

*take note of the configuration details for the later steps*
* user names (with or without the addition of ...@example.com?)
* used ports (hopefully 993)
* names of folder (Sent or Inbox.Sent or something else?)


*current status: all accounts are accessable online using openssl*


---



# **alpine**


## *general information*


alpine - text-based email client, friendly for novices but powerful


for creating debug-information use
`$ alpine -d [0-9]`
alpine does *NOT!* store any credential information in its logs

configuration is done in-program and stored in $HOME/.pinerc

configuration is done using shortcuts (case-insensitive) or TUI

information available at *http://alpine.x10host.com/*
the latest release is available at *http://alpine.x10host.com/alpine/release/*
the latest development version at *https://repo.or.cz/alpine.git*

*the current developer and maintainer of alpine, __Eduardo Chappa__ (alpine.chappa@yandex.com or chappa@vfemail.net), is __extremely helpful__!*


## *base configuration*


to add a collection list (aka folder): 
*M* (main menu) - *S* (setup) - *L* (collectionLists) - *A* (add collection list) 

to add a role (aka account details):
*M* - *S* - *R* (rules) - *R* (roles) - *A* (add)

nano ('pico') is the default editor
available commands are displayed below ('nano-style')

exemplary imap-access: *{mail.example.com/ssl/user=MY_USER_NAME}INBOX*
exemplary Fcc (sent): *{mail.example.com/ssl/user=MY_USER_NAME}INBOX.Sent*
exemplary smtp-access: *smtp.example.com/ssl/user=MY_USER_NAME*

multiple accounts can be created using the above mentioned scheme



---



# **alpine**


## *address book*

the addressbook is located in *$HOME/.addressbook*

to convert from abook to alpine-addressbook use 
`$ abook --convert --infile $HOME/.abook/addressbook --outformat pine |  sed 's/,.*//' | sed 's/(//' > ~/.addressbook`
(the sed-command is needed if multiple email-addresses per name are stored)


## *using ~/.pine\_passfile and ~/.alpine-smime/.pwd*
<!-- cave: escape-character before '_' -->

if compiled using `$ ./configure --with-passfile=$HOME/.pine-passfile`, passwords can be stored in that file if it exists (default in debian)

to use this feature, `$ touch ~/.pine-passfile`

the passfile is encrypted using the *$HOME/.alpine-smime/.pwd/MasterPassword.key*

the key is a *2048 bit RSA key* (`$ openssl rsa -text -in ~/.alpine-smime/.pwd/MasterPassword.key`)

private email to maintainer and talking about the security of 2048 bit RSA keys he replied: 
*"I am happy to change the encryption to a higher degreeof encryption. That is not a problem. I can search in openssl how to do that. Should be easy."*
it might also be possible to do this manually, but I haven't tried it yet

the .pine-passfile can be *decrypted using openssl* (`$ openssl smime -decrypt -inform pem -in ~/.pine-passfile -inkey ~/.alpine-smime/.pwd/MasterPassword.key`)
data is obfuscated after encryption (this was the only security measure until some years ago, so beware of old forum posts)




---


# **alpine**


## *issues with alpine*


* not as flexible as (neo)mutt
* should be used as intended (cannot be completely re-configured)
* not as sexy (less perceived users, therefore less information online)
* if the email-server is not configured correctly, problems might arise


## *why should anybody use alpine?*

if you want a TUI-based email program, consider alpine!

* very fast to set up 
    + `$ sudo apt-get install alpine && alpine`
* relatively easy to configure
    + the configuration can be performed from within alpine
    + general behaviour can be changed
    + GPG-key-interaction and signatures can be used
    + the editor can be changed
    + additional customization (e.g. colors) can be used
* stores everything in one configuration file ($HOME/.pinerc)
    + therefore easy to deploy
* the maintainer is awesome



*current status: ability to use a TUI email-client for reading and sending email*


---


# **mbsync (isync)**

isync - IMAP and MailDir mailbox synchronizer
the binary is called *mbsync*

alternative software - offlineimap

## *configuration of mbsync using `$ touch $HOME/.mbsyncrc`*

    IMAPAccount         TEST
    Host                mail.example.org
    User                #CAVE: SEE BELOW
    PassCmd             #CAVE: SEE BELOW
    SSLType             IMAPS               # use secure IMAP 
    SSLVersions         TLSv1.2
    CertificateFile     /etc/ssl/certs/ca-certificates.crt
    
    CopyArrivalDate     yes     

    

for *User* use the username as found by the *openssl s\_client*-command

<!-- cave: escape-character before '_' -->

PassCmd             "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode cancel ~/.password-store/email/TEST.gpg | head -n 1"

* --pinentry-mode cancel    do not ask for passwords, just cancel

this setup can only be used together with a gpg-agent

this setup requires a file being stored in *$HOME/.password-store*, as this is done using *pass*

prequisites

* gnupg
* gpg-agent
* pass


---

# **mbsync (isync)**

## *add information on remote and local folders*


    # ### Remote storage -------------------
    
    IMAPStore           TEST-remote
    Account             TEST


    # ### Local storage --------------------
    
    MaildirStore        TEST-local
    SubFolders          Verbatim

    Path                ~/SOMEWHERE/TEST/
    # CAVE: The trailing "/" under 'Path' is important

    #Inbox               ~/SOMEWHERE/TEST/inbox
    # CAVE: the name of the 'inbox' conflicts with the channel slave name!
    # use this only, of no channels are used
    


---
    
# **mbsync (isync)**

## *add information on the inbox-channel (remote and local folders)*


    Channel             TEST-Inbox
      Master           :TEST-remote:"INBOX"
      Slave            :TEST-local:inbox

    Create              Both
    # Automatically create missing mailboxes, both locally and on the server

    Expunge             Both
    # Automatically delete messages if deleted in other folder

    SyncState           *
    # Save the synchronization state files in the relevant directory

    MaxSize             100m
    # Don't download any email greater than this

    Patterns            *
    # Will copy all the account as specified at under remote

    #Patterns            "INBOX*"
    #Patterns            !* "INBOX*" "Sent*"
    # Exclude everything except the folders mentioned

for remote foldernames use the names as found by the *openssl s\_client*-command 

<!-- cave: escape-character before '_' -->


---
    
# **mbsync (isync)**

## *add information on additional channels*

    Channel             TEST-Sent
      Master           :TEST-remote:"Sent"
      Slave            :TEST-local:sent
    Create              Both
    Expunge             Both
    SyncState           *
    MaxSize             100m
    Patterns            *
    
    Channel             TEST-Draft
      Master           :TEST-remote:"Draft"
      Slave            :TEST-local:draft
    Create              Both
    Expunge             Both
    SyncState           *
    MaxSize             100m
    Patterns            *
    

for remote foldernames use the names as found by the *openssl s\_client*-command 

<!-- cave: escape-character before '_' -->

## *group the channels into a single entity*

    
    # Get all the channels together into a group.
    Group               TEST
    Channel             TEST-Inbox
    Channel             TEST-Sent
    Channel             TEST-Draft




---


# **mbsync (isync)**


test and debug a specific group or channel
`$ mbsync -Dmn TEST`


synchronize messages of all groups
`$ mbsync -a`


## *synchronize messages automatically (as an alternative to cron-jobs)*


`$ touch $HOME/.config/systemd/user/mbsync.service`

    [Unit]
    Description=Manual mailbox synchronization service
    
    [Service]
    Type=oneshot
    ExecStart=/bin/sh -c '/usr/bin/torsocks /usr/bin/mbsync -aq'
    ExecStartPost=ProgramToIndexMessages


`$ touch HOME/.config/systemd/user/mbsync.timer`

    [Unit]
    Description=Manual mailbox synchronization timer
    
    [Timer]
    OnBootSec=2m
    OnUnitActiveSec=5m
    Unit=mbsync.service
    
    [Install]
    WantedBy=timers.target

`$ systemctl start  --user mbsync.timer`
`$ systemctl enable --user mbsync.timer`
`$ systemctl status --user mbsync.timer`


*current status: new messages get automatically synchronized to my computer*


---


# *Interlude*

## random trivia

*Lennart Poettering wants to take away your home directory*


Let's bring the UNIX concept of Home Directories into the 21st century. The
concept of home directories on Linux/UNIX has little changed in the last 39
years. It's time to have a closer look, and bring them up to today's standards,
regarding encryption, storage, authentication, user records, and more. In this
talk we'll talk about "systemd-homed", a new component for systemd, that
reworks how we do home directories on Linux, adds strong encryption that makes
sense, supports automatic enumeration and hot-plugged home directories and
more. (asg2019)


sources:
https://www.theregister.co.uk/2019/09/25/systemd\_inventor\_home\_directories/
https://cfp.all-systems-go.io/ASG2019/talk/VSQRXA/
https://cdn.media.ccc.de/events/all\_systems\_go/2019/h264-hd/asg2019-164-eng-Reinventing\_Home\_Directories\_hd.mp4

<!-- cave: escape-character before '_' -->

---


# **msmtp**

msmtp - light SMTP client with support for server profiles

*configuration of msmtp using `$ touch $HOME/.msmtprc`*

## *general options for all accounts*

    # Set default values for all following accounts.
    defaults            
    
    # Port 465 is designed for required ("implicit") TLS-encryption. 
    # Mail submission port 587 is used for STARTTLS, 
    # port 25 is used for unencrypted communication. 
    # The protocol is smtp (smtps is not an option available, the alternative is lmtp)
    protocol            smtp
    port                465
    
    # Keep a logfile for later evaluation
    #logfile             ~/.mail/msmtp.log
    
    
    # Enable or disable automatic envelope-from addresses. The default is off. 
    # The domain part can be set with the maildomain command.
    # cave: the user-part will be as the login-name on the computer!
    # not usable for emails to be send non-locally!
    #auto_from           off

if you want to send messages via tor, use the following
    
    # Use tor as a proxy (needs tor and tls on)
    proxy_host 127.0.0.1
    proxy_port 9050

prequisites

* tor with SocksPort bound to 9050 (defined in $HOME/.torrc)

---

# **msmtp**

## *options concerning tls for all accounts*

    # Always use TLS
    tls                 on
    
    # STARTTLS turns a previously unencrypted session into an encrypted one 
    # This is by far not as secure as using an encrypted session from the beginning! 
    # Therefore TLS is turned on while STARTTLS is turned off. 
    # Recommendation: if you don't need STARTTLS, then TURN IT OFF!
    tls_starttls        off
    
    # Set a list of trusted CAs for TLS. You can use a system-wide default file, 
    # as in this example, or download the root certificate of your CA and use that.
    # If accounts without tls_trust_file are used, this command should be in each accout!
    #tls_trust_file      /etc/ssl/certs/ca-certificates.crt
    
    # Additionally, you should use the tls_crl_file command to check for 
    # revoked certificates, but unfortunately getting revocation lists 
    # and keeping them up to date is not straightforward.
    #tls_crl_file       ~/.tls-crls
    
    


---


# **msmtp**

## *account-specific options*


    account             TEST
    host                smtp.example.com
    from                username@example.com
    auth                on
    user                #CAVE: SEE BELOW 

    passwordeval        #CAVE: SEE BELOW

    #port                587    # if needed

    #tls_starttls        on     # if needed
    tls_fingerprint     #CAVE: SEE BELOW
    tls_trust_file      /etc/ssl/certs/ca-certificates.crt

    
    
for *User* use the username as found by the *openssl s\_client*-command

<!-- cave: escape-character before '_' -->

use *pass* or *gpg* for decrypting the password
passwordeval        "pass show TEST | head -1"
passwordeval        "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only $HOME/SOMEWHERE/TEST.gpg | head -1"

find tsl\_fingerprint using the following command
 `$ openssl s_client -connect SMTP_SERVER:587 -starttls smtp </dev/null 2>/dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2`
 `$ openssl s_client -connect SMTP_SERVER:465 </dev/null 2>/dev/null | openssl x509 -fingerprint -noout | cut -d'=' -f2`
 change accordingly, if *starttls* is used

output: e.g. 01:23:45:67:89:AB:CD:EF:BA:DC:0F:FE:E0:DD:F0:0D:DE:AD:BE:EF


## *test accounts*

`$ echo "Subject Test" | msmtp some_other_account@example.com -a TEST`
    

---



# **neomutt**

neomutt - text-based mailreader supporting MIME, GPG, PGP and threading


## *account configuration*

    set realname        = "some name"
    set from            = "myusername@example.com"
    
    unmy_hdr            *
    my_hdr              From: some name <myusername@example.com>
    
    set signature       = "~/SOMEWHERE/signature.txt"
    
    
    set pgp_default_key = "DEADBEEF"
    set pgp_sign_as     = "BADC0FFE"
    # use long keys or fingerprints if possible
    
    
    # access server
    
    set mail_check      = 60
    
    set spoolfile       = "imaps://myusername@example.com@example.com:993/INBOX"
    set record          = "imaps://myusername@example.com@example.com:993/Sent"
    set postponed       = "imaps://myusername@example.com@example.com:993/Drafts"
    
    # disabeled online trash folder, so that only local trash folder will be used
    #set trash           = "imaps://myusername@example.com@example.com:993/Trash"
    
    # When using only one folder, everything can be addressed relatively
    #set spoolfile       = "+INBOX"
    #set record          = "+Sent"
    #set postponed       = "+Drafts"
    #set trash           = "+Trash"
    
    # mailbox definitions are either performed here or in a separate sidebar
    #mailboxes =INBOX =Sent =Trash =Drafts =Junk


---


# **neomutt**

## *debugging neomutt*

`$ neomutt -d [1-5]`

**CAVE: neomutt INCLUDES the CREDENTIALS in the DEBUG-LOG!**


## *use passwords within neomutt*

    set smtp_url        = "smtp://myusername@example.com@example.com:587"
    #set smtp_pass       = "`pass TEST`"
    
    set folder          = "imaps://myusername@example.com@example.com:993"
    #set imap_pass       = "`pass TEST`"
    
    source              "pass MUTT_TEST |"  #CAVE: SEE BELOW
    
*source a password-file from within neomutt*

use a pipe ("|") after the file to read so that the content of the file gets executed

content of the password-file

    set imap_pass="MYSUPERSECRETPASSWORD"
    set smtp_pass="MYSUPERSECRETPASSWORD"
    
in addition add the following option to the .muttrc to disable the colon (':')
`bind generic,alias,attach,browser,editor,index,compose,pager,pgp,postpone   ':' noop`
otherwise entering `:set ? imap_pass` or `:set ? smtp_pass` will reveal your password!


---

# **neomutt**


## *account-specific sidebar-options*

use the sidebar for faster navigation between different accounts

    unmailboxes         *
    
    virtual-mailboxes   " ----- "   "=separator"
    virtual-mailboxes   " search"   "~/SOMEWHERE/search"
    virtual-mailboxes   " inbox "   "imaps://myusername@example.com@example.com:993/INBOX" 
    virtual-mailboxes   " sent  "   "imaps://myusername@example.com@example.com:993/Sent" 
    virtual-mailboxes   " drafts"   "imaps://myusername@example.com@example.com:993/Drafts" 
    virtual-mailboxes   " trash "   "imaps://myusername@example.com@example.com:993/Trash" 
    virtual-mailboxes   " junk  "   "imaps://myusername@example.com@example.com:993/Junk"


if a `folder` is set, an abbreviated form can be used

    virtual-mailboxes   " something" "+INBOX"


---

# **neomutt**

## *general options concerning the sidebar*


    # Should the Sidebar be shown?
    set sidebar_visible             = yes
    
    # How wide should the Sidebar be in screen columns?
    set sidebar_width               = 35
    #set sidebar_indicator=green
    
    # Should the mailbox paths be abbreviated?
    set sidebar_short_path          = yes
    
    # When abbreviating mailbox path names, use any of these characters as path
    # separators. Only the part after the last separators will be shown.
    # For file folders '/' is good. For IMAP folders, often '.' is useful.
    set sidebar_delim_chars         = '/.'
    
    # Make the Sidebar only display mailboxes that contain new, or flagged, mail.
    set sidebar_new_mail_only       = no
    
    # When searching for mailboxes containing new mail, should the search wrap
    # around when it reaches the end of the list?
    set sidebar_next_new_wrap       = no
    
    # The character to use as the divider between the Sidebar and the other NeoMutt panels.
    set sidebar_divider_char        = ' | '
    
    # Enable extended mailbox mode to calculate total, new, and flagged
    # message counts for each mailbox.
    set mail_check_stats
    

    bind index,pager B                      sidebar-toggle-visible
    
    bind index,pager \Ck sidebar-prev
    bind index,pager \Cj sidebar-next
    bind index,pager \Cl sidebar-open


---

# **neomutt**

## *design of the sidebar*

    # Sort the mailboxes in the Sidebar using this method:
    #       count   – total number of messages
    #       flagged – number of flagged messages
    #       new     – number of new messages
    #       path    – mailbox path
    #       unsorted– do not sort the mailboxes
    set sidebar_sort_method = 'unsorted'
    

    # Display the Sidebar mailboxes using this format string.
    # additional informatino on https://neomutt.org/guide/reference.html#sidebar-format
    #
    # %B        Name of the mailbox
    # %S        Size of mailbox (total number of messages)
    # %F        Number of Flagged messages in the mailbox
    # %N        Number of New messages in the mailbox
    # %n        If there's new mail, display “ N”, otherwise nothing
    # %!        “ !”: one flagged message; 
                “ !!”: two flagged messages; 
                “ n!”: n flagged messages (for n > 2). Otherwise prints nothing.
    # %d        Number of deleted messages
    # %L        Number of messages after limiting
    # %t        Number of tagged messages
    # %>X       Right justify the rest of the string and pad with “ X”
    # %|X       Pad to the end of the line with “ X”
    # %*X       Soft-fill with character “ X”as pad
    
    # %?F? [%F]?    If flagged emails [%F], otherwise nothing
    # %*            Pad with spaces
    
    set sidebar_format = "%B %?n?[N]&? %*  [%?N?%N/?%S]"
    
    
---

# **neomutt**

## *gpg-integration*

    setenv PINENTRY_USER_DATA       curses
    # In case of problems, change ~/.gnupg/ to include the line 
    #   pinentry-program            /usr/bin/pinentry-curses
    # instead of 
    #   pinentry-program            /usr/bin/pinentry-tty


    # automatically enable PGP encryption/signing for messages (default = yes)
    set crypt_autopgp               = yes
    
    # attempt to cryptographically sign outgoing messages (default = no)
    set crypt_autosign              = no
    
    # attempt to PGP encrypt outgoing messages (default = no)
    set crypt_autoencrypt           = no
    
    # enable S/MIME encryption/signing for messages (default = yes)
    set crypt_autosmime             = yes
    
    
    # automatically PGP or OpenSSL sign replies to messages which are signed 
    # (default = yes)
    set crypt_replysign             = yes
    
    # automatically PGP or OpenSSL encrypt replies to messages which are encrypted 
    # (default = no)
    set crypt_replyencrypt          = yes
    
    # automatically PGP or OpenSSL sign replies to messages which are encrypted 
    # (default = no)
    set crypt_replysignencrypted    = yes
    
    
    # attempt to verify PGP or S/MIME signatures (default = yes)
    set crypt_verify_sig            = yes


---

# **neomutt**

## *gpg-integration*
    
    # include a time stamp in the lines surrounding PGP or S/MIME output, so spoofing 
    # such lines is more difficult. If you are using colors to mark these lines
    # and rely on these, you may unset this setting. (default = yes)
    set crypt_timestamp             = yes
    
    # display non-usable keys on the PGP key selection menu. This includes keys which 
    # have been revoked, have expired, or have been marked as "disabled" by the user. 
    set pgp_show_unusable           = yes
    
    # number of seconds after which a cached passphrase will expire if not used. 
    # is limited by the .gnupg/gpg-agent.conf - option 'max-cache-ttl'
    set pgp_timeout                 = 600
    
    # check the status file descriptor output of 
    #   $pgp_decrypt_command 
    # and 
    #   $pgp_decode_command 
    # for GnuPG status codes indicating successful decryption. (default = yes)
    set pgp_check_gpg_decrypt_status_fd = yes
    
    # PGP signature is only considered verified if the output from 
    #   $pgp_verify_command 
    # contains the text. (default = <empty>)
    set pgp_good_sign               = "^gpg: Good signature from"
    
    # Save a copy of outgoing email, encrypted to yourself
    set pgp_self_encrypt            = yes
    
    #set pgp_default_key            = "PGP-KEY"
    #set pgp_sign_as                = "PGP-SIGNING-KEY"
    
    # Save a copy of outgoing email, encrypted to yourself
    set smime_self_encrypt          = yes
    set smime_is_default            = no
    
    #set smime_default_key          = "SMIME-KEY"
    #set smime_sign_as              = "SMIME-SIGNING-KEY"


---

# **neomutt**

## *gpg-integration*
    

    set pgp_sign_command            ="gpg \
                                      --batch \
                                      --quiet \
                                      --no-verbose \
                                      --textmode \
                                      --armor \
                                      --output - \
                                      --detach-sign \
                                      --passphrase-fd 0 \
                                      %?a?--local-user %a? %f"

    set pgp_encrypt_only_command    = "/usr/lib/neomutt/pgpewrap \
                                      gpg \
                                      --batch \
                                      --quiet \
                                      --no-verbose \
                                      --textmode \
                                      --armor \
                                      --output - \
                                      --encrypt -- \
                                      --recipient %r -- %f"

    set pgp_encrypt_sign_command    = "/usr/lib/neomutt/pgpewrap \
                                      gpg \
                                      --batch \
                                      --quiet \
                                      --no-verbose \
                                      --textmode \
                                      --armor \
                                      --output - \
                                      --encrypt \
                                      --sign \
                                      --passphrase-fd 0 \
                                      %?a?--local-user %a? -- \
                                      --recipient %r --   %f"

CAVE: either put /usr/lib/neomutt in $PATH or explicitly use /usr/lib/neomutt/pgpewrap

CAVE: more complicated config = more risk, that something is incorrectly configured!

---

# *Interlude*

## random trivia

codecrypt - post-quantum encryption and signing tool
*CAVE: software has not undergone a cryptographic audit*

        # This is a GnuPG-like Unix program for encryption and signing 
        # that only uses quantum-resistant algorithms:
        #   McEliece cryptosystem (compact QC-MDPC variant) for encryption.
        #   Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures.
        
        
        # ccr basic command usage
        
        # Generate a strong(er) asymmetric encryption key
        $ ccr -g ENC-256 -N SOME_NAME
        
        # Export specified public key for sharing with contacts
        $ ccr -F SOME_NAME -ap > SOME_NAME.pub
        
        # Export specified private key. The -F parameter chooses the key to be used
        # To enumerate all keys in the keyring run ccr -k for public ones and ccr -K for private
        $ ccr -F SOME_NAME -aP > SOME_NAME_UNENCRYPTED
        
        # Back-up keys: It is easier to backup the ccr folder in the home directory,
        # changing its name from/to .ccr upon restore. 
        # Enable hidden file view with alt + . to see it.


        # ccr key management 
        
        # Import a public key.
        $ ccr -ai < [contactkey]
        
        # Import a private key.
        $ ccr -aI < [myprivatekey]
        
        # Encrypt a plaintext message file only to an already imported contact key. 
        # Note this will be inaccessible to you. Save a plaintext copy for archival purposes.
        $ ccr -aer SOME_NAME -R secret > secret.ccr
        
        # Decrypt a ciphertext message creating plaintext output.
        $ ccr -adR secret.ccr > secret.new



---


# **neomutt**

## *attachments*

    unalternative_order         *
    alternative_order  multipart/mixed multipart/related text/plain text/enriched text/html      
    # define order how to view messages; multipart/* is needed for attachment forwarding

    auto_view                   text/html                               
    # automatically convert text/html into plain text

    bind    attach              <return>    view-mailcap
    # view attachments using 'v', then open in mailcap using 'm'
    
    mime_lookup                 application/octet-stream
    
    # Ask if the user wishes to abort sending if $abort_noattach_regex 
    # is found in the body, but no attachments have been added
    # It can be set to:
    #    "yes"     : always abort
    #    "ask-yes" : ask whether to abort
    #    "no"      : send the mail
    set abort_noattach = ask-yes
    
    # Search for the following regular expression in the body of the email
    # English: attach, attached, attachment, attachments
    set abort_noattach_regex = "\\<attach(|ed|ments?)\\>"
    # Deutsch:
    set abort_noattach_regex = "\\<(Anhang|anhängen|angehängt|anhang|anhänge|hängt an)\\>"

    set attach_format = " %u%D%I %t%2n %T%d%\*    [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] "

    set mailcap_path            = "~/.mutt/config/mutt_mailcap"         
    # define link to filetypes-file
    

---


# **neomutt**

## *attachments*

this should be put into a separate file for mailcap


    # html-emails and other email-formats 
    text/html;          w3m -cols 80 -dump -T text/html '%s'; copiousoutput
    application/rtf;    unrtf '%s' | html2text; copiousoutput
    
    
    # pdf-files 
    application/pdf;    pdftotext '%s' - ; print=zathura '%s'; copiousoutput
    
    
    # office-documents 
    application/vnd.openxmlformats-officedocument.wordprocessingml.document; docx2txt '%s' - | less; copiousoutput
    application/msword; antiword '%s'; copiousoutput
    
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; vd '%s';     needsterminal
    application/vnd.ms-excel; vd '%s'; needsterminal
    
    application/vnd.ms-powerpoint; catppt '%s' | less; copiousoutput
    
    # images 
    image/*;            catimg '%s'; print=sxiv '%s'; needsterminal
    

---

# **neomutt**

## *additional options*


    set ispell  = "aspell -e -c" 
    # use aspell as spellchecker

    set thorough_search = yes


    macro   index,pager \ea "<pipe-message>abook \
                            --add-email<return>" "Add this sender to abook"

    bind    editor  <Tab>   complete-query


additional options depending of the indexing-utility used


    set query_command = "( abook --mutt-query '%s' ; \
                        mu cfind --format=mutt-ab '%s' | sed -n '1!p' )"

---


# **mu (maildir-utils) or notmuch or mairix**

first create an index database

`$ notmuch setup`
`$ mu index --maildir=/SOMEFOLDER`

for mairix the configuration file has to be created manually (using $HOME/.mairixrc)


create symbolic links to a specific folder to be opened in neomutt


    # searching messages 
    macro   generic,index,pager,browser     <Fx>    "<shell-escape>mu \
                                                    find --clearlinks \
                                                    --format=links \
                                                    --linksdir=~/SOMEWHERE/"  "mu find"

    macro   generic,index,pager,browser     <Fx>    "<shell-escape>notmuch-mutt  \
                                                    --output-dir ~/SOMEWHERE \
                                                    --prompt search<enter>"    "notmuch search"
    
    macro   generic,index,pager,browser     <Fx>    "<shell-escape>mairix " "mairix"


    # querying messages 
    macro   generic,index,pager,browser     <Fx>    "<change-folder-readonly>~/SOMEWHERE<enter>"   "search folder"
    
    
    
---
    

# **nmh or mmh**

mmh - set of electronic mail handling programs (legacy code removed from nmh)
nmh - 'new' mail handler (although older than mmh)


## *setup*


currently work in progress (issue - using multiple accounts with sendmail)


---
    
# **open issues**
    
## *converting .eml-files directly into mbox or maildir using cli-tools*

## *how to deal with broken emails (how to prevent and how to fix them)*

## *download messages using isync via a tor-proxy*

solution: use tsocks/torsocks

## *sending messages from different accounts using sendmail*

## *tagging messages using mu*

## *how to handle passwords, while being both obfuscated (within a file) and secure*

possible solution: use tomb and pass

## *searching gpg-encrypted messages*

## *searching tar-archived message folders*

## *open other emails while writing without a second 'mutt -R'-window*

possible solution: postpone messages

## *increase viewing space for attachments when sending messages*

solution: set attach_format = " %u%D%I %t%2n %T%d%\*    [%.15m/%.10M, %.8e%?C?, %.6C?, %.4s] "

<!-- cave: escape-character before '*' -->

## *slow, when changing to different offline folder*

## *mutt sometimes hanging (not able to ^C or ^G)*

## *mutt sometimes sending empty messages (when hanging)*

## *accessing a maildir-folder over ssh with mutt being installed locally*

## *switching between user credentials when accessing local folders*

possible solution: folder-hooks

## *generate a local spam-filter*