freedombone/doc/EN/app_mailpile.org

Mailpile

Mailpile provides a nice looking webmail interface suitable for use on desktop or mobile clients. It has good support for email encryption and makes that quite an simple process. At present it's usable but still has a few bugs and limitations. If you need a fully functional email client with comprehensive encryption support then either use Mutt or Thunderbird/Icedove.

An advantage of this type of webmail is that it keeps your GPG keys off of any mobile devices so that if you lose your phone, or it gets stolen, then your email might still not be compromised.

One down side is that this appears to be a single user system, so if you have multiple users on your Freedombone server only the administrator will actually be able to use mailpile.

Installation

Log into your system with:

ssh myusername@mydomain -p 2222

Using cursor keys and Enter key select Administrator controls and type in your password.

Select Add/Remove Apps then mailpile. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under Dynamic DNS on the FreeDNS site (the random string from "quick cron example" which appears after update.php? and before >>). For more details on obtaining a domain and making it accessible via dynamic DNS see the FAQ. Typically the domain name you use will be a subdomain, such as mail.mydomainname.net. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.

After the install has completed go to Security settings and select Create a new Let's Encrypt certificate and enter the domain name that you are using for Mailpile. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message.

Initial setup

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Mailpile domain listed there along with an onion address. You can then navigate to your site in a browser.

To see the login password for your site go to Passwords on the Administrator control panel and select the appropriate username and app. The passwords will be different for each user and may not be the same as the password which you used to originally ssh into the system.

If you're viewing your mail domain site on a mobile device via OrFox then make sure you allow the domain in the NoScript settings.

Enter a password and store it within a password manager.

Click on the Privacy and Security button.

Scroll down and select Save Settings. Don't click on the Tor button.

Click Add account.

Enter your name, email address and password.

Uncheck Detect Settings and click Next.

Under Sending Mail select local or if you need to proxy outgoing email through your ISP's server select SMTP/TLS and enter the details, then click Next.

Under Receiving files select IMAP, the domain as localhost, port 143 and your username, then click Next. Astute readers may well be concerned that IMAP over port 143 is not encrypted, but since this is only via localhost communication between the Mail Transport Agent and Mailpile doesn't travel over the internet and port 143 is not opened on the firewall so it's not possible to accidentally connect an external mail client insecurely.

Under Security and Privacy either select your existing encryption key or if you only get the option to create a new one then do so, then click Add or Save.

You will then be asked for a password. Confusingly, this won't be the password you gave initially when setting up Mailpile. It's the original ssh password which you used to set up the Freedombone system.

The process of importing your email should then occur, and can take some time.