Mutt

What is Mutt?

Mutt is a small but very powerful text based program for reading and sending electronic mail under unix operating systems, including support for color terminals, MIME, OpenPGP, and a threaded sorting mode.

Installation

  • Debian/Ubuntu Linux: sudo apt install mutt

Configuration

Edit ~/.mutt/muttrc. Choose either IMAP or POP. What is the difference between IMAP and POP email servers?

Personal information

Add the following lines to ~/.mutt/muttrc:

# Account
set realname  = 'Foo Bar'
set from      = foo@riseup.net

# Send
set smtp_url  = smtps://$imap_user@mail.riseup.net/
set smtp_pass = $imap_pass

# Connection
set ssl_force_tls = yes
set ssl_starttls  = yes

Using IMAP with mutt

Add the following lines to ~/.mutt/muttrc:

# Receive
set imap_user = foo@riseup.net
set imap_pass = 'password'
set folder    = imaps://foo@mail.riseup.net/
set imap_check_subscribed

# Folder
set spoolfile = +INBOX
set postponed = +Drafts
set record    = +Sent

Using POP with mutt

Look at wiki.archlinux.org/index.php/Mutt#POP3 for more info.

Enhance your email security

  • Don’t enable secure passwords or secure authentication. These are somewhat of a misnomer. These methods of specifying passwords require that the email server keep a cleartext copy of your password. We would consider this a security risk, so we don’t enable “secure passwords.” Because the connection to riseup.net is encrypted anyway, these are not needed.
  • Encrypt your mail! For enhanced message security use Encrypted Email.
  • The secure connection may be of type TLS or StartTLS. For security reasons, we no longer support SSL. You should not use StartTLS. Instead, it is much better to use regular TLS. For added security, go to your account settings and change your connection type from StartTLS to TLS.
  • There are many vulnerabilities with how secure connections work. If you need high security, you should always connect to Riseup services using the Riseup VPN. This will prevent a long list of potential attacks against your communication.
  • To enhance connection security you can use Tor to connect to Riseup’s .onion services for IMAP and SMTP. Look for the according mail.*.onion and smtp.*.onion addresses on the linked page and replace mail.riseup.net for each server. Note: * SMTP port 465 is often blocked by exit nodes, but port 587 is less frequently blocked. If you have a problem sending mail, try port 587 or configure your client to use Riseup’s email hidden service in place of the regular mail.riseup.net domain. This is better than sending traffic through a Tor exit as it is MITM resistant, but it will generate certificate errors on the client side.

Using Encrypted Email in mutt

  1. Setup OpenPGP
  2. Add the following lines to ~/.mutt/muttrc and change 0xDBD0F842 with sec key in gpg -K
set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xDBD0F842 -- -r %r -- %f"
set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xDBD0F842 -- -r %r -- %f"
set pgp_import_command="gpg --no-verbose --import -v %f"
set pgp_export_command="gpg --no-verbose --export --armor %r"
set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r"
set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r"
set pgp_autosign=yes
set pgp_sign_as=0xDBD0F842
set postpone_encrypt_as=0xDBD0F842
set postpone_encrypt=yes
set pgp_replyencrypt=yes
set pgp_timeout=1800
set pgp_good_sign="^gpg: Good signature from"

Using Tor with mutt

For added security, access our mail service via Tor hidden service.

  1. Setup Tor.
  2. Replace the mail.riseup.net with the corresponding “.onion” address found on the Tor page (in ~/.mutt/muttrc).
  3. Add alias mutt="torify mutt 2>/dev/null" to ~/.bashrc or ~/.zshenv. For fish users, add alias mutt="torify mutt ^ /dev/null" to ~/.config/fish/config.fish

Enjoy using mutt! Look at wiki.archlinux.org/index.php/Mutt for more info.