Claws Mail was the default mail client bundled with Tails – The Amnesiac Incognito Live System. Since Tails 1.8 it has been replaced with Thunderbird (Migrating from Claws Mail to Icedove). It is Free Software and is available for a variety of Unix-type platforms, and Windows. You can download Claws Mail from the Claws Mail website.
Claws Mail aims to be feature rich, fast, and stable. It has IMAP and POP support, multiple account support, colored labels, spell checking, filtering, and support for OpenPGP encryption.
The first time you run Claws Mail, the setup wizard will walk you through setting up an account. If the wizard does not open, see section “Manual Account Creation” below.
If using Tails you will almost certainly want to configure a persistent volume and enable “GnuPG”, and “Claws Mail”.
- Enter your name/alias and e-mail address on the first page
- Click “Forward” to advance to the next screen
- Choose server type as POP3 or IMAP (IMAP leaves mail on server, POP3 downloads it locally – this means IMAP is a good choice if you have multiple machines accessing the mailbox and POP3 is a slightly better choice for privacy, the POP3 user experience is much faster and it unburdens your Quota)
- Enter mail.riseup.net for the Server address (both for IMAP and POP3)
- Enter your username (without @riseup.net) and password
- Select Use SSL to connect to receiving server and also select Use SSL via STARTTLS
- Click Forward to advance to the next screen
- Enter mail.riseup.net for the SMTP server address
- Select Use authentication (you can leave the SMTP username and password fields blank)
- Select Use SSL to connect to receiving server" and also select "Use SSL via STARTTLS
- Click Forward to advance to the next screen
- If using POP3 on Tails: For “Mailbox name” enter /home/amnesia/.claws-mail/Mail (this step is very important for Tails users because the default Mail folder location is not-persisted between reboots) and click “Forward” to advance to the next screen
- Click Save to complete the process
While running Claws Mail select Configuration > Create New Account from the menubar.
- Basic Settings – enter a name for your account, enter your name, mail address, select POP3 or IMAP, enter mail.riseup.net for both the “Server for receiving” and “SMTP server (send)” fields, and your riseup.net userid (without @riseup.net) and password
- Send Settings – select SMTP Authentication
- SSL Settings – Select STARTTLS for both POP3 and SMTP.
- Advanced settings – Change the SMTP port to 587 (POP3 can stay as 110)
- Click “OK” to finish adding your new account
When checking your mail for the first time, and also sending your first message, you will see an SSL confirmation dialog. Click View certificate (the fingerprint shown on the image may be outdated):
On first use claws Mail will store these certificates and let you know if they ever change which may indicate an attempted man-in-the-attack, or just that riseup.net updated their certificates. Every time you get this SSL pop-up, verify the fingerprints with the ones published by Riseup]]!
- If you are using the Claws Mail under Tails it is important to verify that your local mail folders are setup in a persistent location before permanently removing any mail from the server or you may lose mail!
If you are using IMAP everything should just work automatically. If you are using POP3 click the “Get Mail” icon in the toolbar to refresh your mail.
- Don’t enable secure passwords or secure authentication. These are somewhat of a misnomer. These methods of specifying passwords require that the email server keep a cleartext copy of your password. We would consider this a security risk, so we don’t enable “secure passwords.” Because the connection to riseup.net is encrypted anyway, these are not needed.
- Encrypt your mail! For enhanced message security use Encrypted Email.
- The secure connection may be of type TLS or StartTLS. For security reasons, we no longer support SSL. You should not use StartTLS. Instead, it is much better to use regular TLS. For added security, go to your account settings and change your connection type from StartTLS to TLS.
- There are many vulnerabilities with how secure connections work. If you need high security, you should always connect to Riseup services using the Riseup VPN. This will prevent a long list of potential attacks against your communication.
- To enhance connection security you can use Tor to connect to Riseup’s .onion services for IMAP and SMTP. Look for the according
smtp.*.onionaddresses on the linked page and replace
mail.riseup.netfor each server. Note: * SMTP port 465 is often blocked by exit nodes, but port 587 is less frequently blocked. If you have a problem sending mail, try port 587 or configure your client to use Riseup’s email hidden service in place of the regular
mail.riseup.netdomain. This is better than sending traffic through a Tor exit as it is MITM resistant, but it will generate certificate errors on the client side.