freedombone/website/EN/usage_email.html

736 lines
23 KiB
HTML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<!-- 2018-03-10 Sat 21:40 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="Turn the Beaglebone Black into a personal communications server"
/>
<meta name="keywords" content="freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber" />
<style type="text/css">
<!--/*--><![CDATA[/*><!--*/
.title { text-align: center; }
.todo { font-family: monospace; color: red; }
.done { color: green; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.right { margin-left: auto; margin-right: 0px; text-align: right; }
.left { margin-left: 0px; margin-right: auto; text-align: left; }
.center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #ccc;
box-shadow: 3px 3px 3px #eee;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: visible;
padding-top: 1.2em;
}
pre.src:before {
display: none;
position: absolute;
background-color: white;
top: -10px;
right: 10px;
padding: 3px;
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
pre.src-sh:before { content: 'sh'; }
pre.src-bash:before { content: 'sh'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-R:before { content: 'R'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-java:before { content: 'Java'; }
pre.src-sql:before { content: 'SQL'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.right { text-align: center; }
th.left { text-align: center; }
th.center { text-align: center; }
td.right { text-align: right; }
td.left { text-align: left; }
td.center { text-align: center; }
dt { font-weight: bold; }
.footpara:nth-child(2) { display: inline; }
.footpara { display: block; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="freedombone.css" />
<script type="text/javascript">
/*
@licstart The following is the entire license notice for the
JavaScript code in this tag.
Copyright (C) 2012-2013 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
General Public License (GNU GPL) as published by the Free Software
Foundation, either version 3 of the License, or (at your option)
any later version. The code is distributed WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
As additional permission under GNU GPL version 3 section 7, you
may distribute non-source (e.g., minimized or compacted) forms of
that code without the copy of the GNU GPL normally required by
section 4, provided you include this license notice and a URL
through which recipients can access the Corresponding Source.
@licend The above is the entire license notice
for the JavaScript code in this tag.
*/
<!--/*--><![CDATA[/*><!--*/
function CodeHighlightOn(elem, id)
{
var target = document.getElementById(id);
if(null != target) {
elem.cacheClassElem = elem.className;
elem.cacheClassTarget = target.className;
target.className = "code-highlighted";
elem.className = "code-highlighted";
}
}
function CodeHighlightOff(elem, id)
{
var target = document.getElementById(id);
if(elem.cacheClassElem)
elem.className = elem.cacheClassElem;
if(elem.cacheClassTarget)
target.className = elem.cacheClassTarget;
}
/*]]>*///-->
</script>
</head>
<body>
<div id="preamble" class="status">
<a name="top" id="top"></a>
</div>
<div id="content">
<h1 class="title"></h1>
<div class="center">
<div class="figure">
<p><img src="images/logo.png" alt="logo.png" />
</p>
</div>
</div>
<table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
<colgroup>
<col class="left" />
</colgroup>
<tbody>
<tr>
<td class="left"><a href="#sec-1">Things to be aware of</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-2">A technical note about email transport security</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-3">Add a password to your GPG key</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-4">Publishing your GPG public key</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-5">Mutt email client</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-6">Thunderbird/Icedove</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-7">Android apps</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-8">Subscribing to mailing lists</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-9">Adding email addresses to a group/folder</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-10">Ignoring incoming emails</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-11">Using I2P for email transport</a></td>
</tr>
</tbody>
</table>
<div id="outline-container-sec-1" class="outline-2">
<h2 id="sec-1">Things to be aware of</h2>
<div class="outline-text-2" id="text-1">
<p>
Even though this system makes it easy to set up an email server, running your own email system is still not easy and this is mainly due to the huge amount of collatoral damage caused by spammers over a long period of time, which in turn is due to the inherent insecurity of email protocols which enabled spam to become a big problem. Email is still very popular though and most internet services require that you have an email address in order to register.
</p>
<p>
In using an email address hosted on your own system you will quite likely find that it is blocked and bounced by other popular email systems. Such blocking is almost never based upon any evidence that your system is actually producing spam and usually it's just because your IP address happens to be within a certain range. Rather arrogantly many of the anti-spam rule sets assume that if an email is sent from an IP address range which is "residential" (i.e. not a company or other organisation) then <i>it must therefore be spam</i>.
</p>
<p>
So if you want to use your own email address hosted on your own system you do need to be prepared to encounter some difficulties and annoyances. Sadly, often these annoyances will be unsolvable and are not a matter of using different software or configuring things differently.
</p>
</div>
</div>
<div id="outline-container-sec-2" class="outline-2">
<h2 id="sec-2">A technical note about email transport security</h2>
<div class="outline-text-2" id="text-2">
<p>
Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are <a href="https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks">possible attacks against STARTTLS</a> in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
</p>
<p>
From <a href="https://motherboard.vice.com/read/email-encryption-is-broken">https://motherboard.vice.com/read/email-encryption-is-broken</a>:
</p>
<blockquote>
<p>
<i>The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor</i>
</p>
</blockquote>
</div>
</div>
<div id="outline-container-sec-3" class="outline-2">
<h2 id="sec-3">Add a password to your GPG key</h2>
<div class="outline-text-2" id="text-3">
<p>
If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
gpg --edit-key username@domain
passwd
save
quit
exit
</pre>
</div>
<p>
Having a password on your GPG key will prevent someone from reading your email <i>even if your server gets lost or stolen</i> or if someone else has physical access to it. Make the password something long and unlikely to be guessable or vulnerable to a brute force <a href="https://en.wikipedia.org/wiki/Dictionary_attack">dictionary attack</a>.
</p>
</div>
</div>
<div id="outline-container-sec-4" class="outline-2">
<h2 id="sec-4">Publishing your GPG public key</h2>
<div class="outline-text-2" id="text-4">
<p>
If you havn't already then you should publish your GPG public key so that others can find it.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
gpg --send-keys username@domainname
exit
</pre>
</div>
</div>
</div>
<div id="outline-container-sec-5" class="outline-2">
<h2 id="sec-5">Mutt email client</h2>
<div class="outline-text-2" id="text-5">
<div class="center">
<div class="figure">
<p><img src="./images/mutt.jpeg" alt="mutt.jpeg" />
</p>
</div>
</div>
<p>
Mutt is a terminal based email client which comes already installed onto the Freedombone. To access it you'll need to access it via ssh with:
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
</pre>
</div>
<p>
If you're using Windows there is an ssh client called putty, on Linux just open a terminal and enter the above command with your username and domain name. On Android you can use the ConnectBot app with the hostname <b>username@domain:2222</b>
</p>
<p>
Once you have logged in via ssh then just type <b>mutt</b>. Like most terminal programs mutt is quite easy once you've learned the main keys.
</p>
<p>
Some useful keys to know are:
</p>
<table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
<colgroup>
<col class="left" />
<col class="left" />
</colgroup>
<tbody>
<tr>
<td class="left">"/"</td>
<td class="left">Search for text within headers</td>
</tr>
<tr>
<td class="left">*</td>
<td class="left">Move to the last message</td>
</tr>
<tr>
<td class="left">TAB</td>
<td class="left">Move to the next unread message</td>
</tr>
<tr>
<td class="left">d</td>
<td class="left">Delete a message</td>
</tr>
<tr>
<td class="left">u</td>
<td class="left">Undelete a mail which is pending deletion</td>
</tr>
<tr>
<td class="left">$</td>
<td class="left">Delete all messages selected and check for new messages</td>
</tr>
<tr>
<td class="left">a</td>
<td class="left">Add to the address book</td>
</tr>
<tr>
<td class="left">m</td>
<td class="left">Send a new mail</td>
</tr>
<tr>
<td class="left">ESC-m</td>
<td class="left">Mark all messages as having been read</td>
</tr>
<tr>
<td class="left">S</td>
<td class="left">Mark a message as spam</td>
</tr>
<tr>
<td class="left">H</td>
<td class="left">Mark a message as ham</td>
</tr>
<tr>
<td class="left">CTRL-b</td>
<td class="left">Toggle side bar on/off</td>
</tr>
<tr>
<td class="left">CTRL-n</td>
<td class="left">Next mailbox (on side bar)</td>
</tr>
<tr>
<td class="left">CTRL-p</td>
<td class="left">Previous mailbox (on side bar)</td>
</tr>
<tr>
<td class="left">CTRL-o</td>
<td class="left">Open mailbox (on side bar)</td>
</tr>
<tr>
<td class="left">r</td>
<td class="left">Reply to an email</td>
</tr>
<tr>
<td class="left">L</td>
<td class="left">Reply to a mailing list email</td>
</tr>
<tr>
<td class="left">]</td>
<td class="left">Expand or collapse all threads</td>
</tr>
<tr>
<td class="left">[</td>
<td class="left">Expand of collapse the current thread</td>
</tr>
<tr>
<td class="left">CTRL-k</td>
<td class="left">Import a PGP/GPG public key</td>
</tr>
<tr>
<td class="left">v</td>
<td class="left">View current email in different formats, such as HTML</td>
</tr>
<tr>
<td class="left">CTRL-u</td>
<td class="left">View long URLs</td>
</tr>
<tr>
<td class="left">q</td>
<td class="left">Quit</td>
</tr>
</tbody>
</table>
<p>
To use the address book system open an email by pressing the enter key on it and then to add the sender to the address list press the A key. It will ask you for an alias which may be used the next time you want to send a mail. Alternatively you may just edit the <b>~/.mutt-alias</b> file directly to add email addresses.
</p>
<p>
One of the most common things which you might wish to do is to send an email. To do this first press <i>m</i> to create a new message. Enter the address to send to and the subject, then after a few seconds the Emacs editor will appear with a blank document. Type your email then press <i>CTRL-x CTRL-s</i> to save it and <i>CTRL-x CTRL-c</i> to exit. You will then see a summary of the email to be sent out. Press <i>y</i> to send it and then enter your GPG key passphrase (the one you gave when creating a PGP/GPG key). The purpose of that is to add a signature which is a strong proof that the email was written by you and not by someone else.
</p>
<p>
When reading emails you will initially need to enter your GPG password. It will be retained in RAM for a while afterwards.
</p>
<p>
There is one irksome thing about email within mutt, and that's if you get sent a confirmation with a very long URL. It's usually not possible to view URLs which span over multiple lines, and trying to copy/paste them is annoying. A solution is to use <i>CTRL-u</i> then select the url and press Enter. You can then navigate to it via the lynx browser.
</p>
</div>
</div>
<div id="outline-container-sec-6" class="outline-2">
<h2 id="sec-6">Thunderbird/Icedove</h2>
<div class="outline-text-2" id="text-6">
<p>
Another common way in which you may want to access email is via Thunderbird (also known as Icedove on Debian). This may be especially useful if you're trying to convert former Windows users who may previously have been using some version of Outlook.
</p>
<p>
The following instructions should be carried out on the client machines (laptop, etc), not on the BBB itself.
</p>
</div>
<div id="outline-container-sec-6-0-1" class="outline-4">
<h4 id="sec-6-0-1">Initial setup</h4>
<div class="outline-text-4" id="text-6-0-1">
<p>
Install <b>Thunderbird</b> and <b>Enigmail</b>. How you do this just depends upon your distro and software manager or "app store".
</p>
<p>
Open Thinderbird
</p>
<p>
Select "<b>Skip this and use existing email</b>"
</p>
<p>
Enter your name, email address (myusername@mydomainname.com) and the password for your user.
</p>
<p>
You'll get a message saying "<i>Thunderbird failed to find the settings</i>"
</p>
<p>
The settings should be as follows, substituting <i>mydomainname.com</i> for your domain name and <i>myusername</i> for the username.
</p>
<ul class="org-ul">
<li>Incoming: IMAP, mydomainname.com, 993, SSL/TLS, Normal Password
</li>
<li>Outgoing: SMTP, mydomainname.com, 465, SSL/TLS, Normal Password
</li>
<li>Username: myusername
</li>
</ul>
<p>
Click <b>Done</b>.
</p>
<p>
Click <b>Get Certificate</b> and make sure "<b>permanently store this exception</b>" is selected", then click <b>Store Security Exception</b>.
</p>
<p>
From OpenPGP setup select "<b>Yes, I would like the wizard to get me started</b>". If the wizard doesn't start automatically then "setup wizard" can be selected from OpenPGP on the menu bar.
</p>
<p>
Select "<b>Yes, I want to sign all of my email</b>"
</p>
<p>
Select "<b>No, I will create per-recipient rules</b>"
</p>
<p>
Select "<b>yes</b>" to change default settings.
</p>
</div>
</div>
<div id="outline-container-sec-6-0-2" class="outline-4">
<h4 id="sec-6-0-2">Import your GPG keys</h4>
<div class="outline-text-4" id="text-6-0-2">
<p>
On the Freedombone export your GPG public and private keys.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
gpg --list-keys username@domainname
gpg --output ~/public_key.gpg --armor --export KEY_ID
gpg --output ~/private_key.gpg --armor --export-secret-key KEY_ID
</pre>
</div>
<p>
On your laptop or desktop you can import the keys with:
</p>
<div class="org-src-container">
<pre class="src src-bash">scp -P 2222 username@domain:/home/username/*.gpg ~/
</pre>
</div>
<p>
Select "<b>I have existing public and private keys</b>".
</p>
<p>
Select your public and private GPG exported key files.
</p>
<p>
Select the account which you want to use and click <b>Next</b>, <b>Next</b> and <b>Finish</b>.
</p>
<p>
Remove your exported key files, both on your laptop/desktop and also on the Freedombone.
</p>
<div class="org-src-container">
<pre class="src src-bash">shred -zu ~/public_key.gpg
shred -zu ~/private_key.gpg
</pre>
</div>
</div>
</div>
<div id="outline-container-sec-6-0-3" class="outline-4">
<h4 id="sec-6-0-3">Using for the first time</h4>
<div class="outline-text-4" id="text-6-0-3">
<p>
Click on the Thunderbird menu, which looks like three horizontal bars on the right hand side.
</p>
<p>
Hover over <b>preferences</b> and then <b>Account settings</b>.
</p>
<p>
Select <b>OpenPGP Security</b> and make sure that <b>use PGP/MIME by default</b> is ticked. This will enable you to sign/encrypt attachments, HTML bodies and UTF-8 without any problems.
</p>
<p>
Select <b>Synchronization &amp; Storage</b>.
</p>
<p>
Make sure that <b>Keep messages for this account on this computer</b> is unticked, then click <b>Ok</b>.
</p>
<p>
Click on <b>Inbox</b>. Depending upon how much email you have it may take a while to import the subject lines.
</p>
<p>
Note that when sending an email for the first time you will also need to accept the SSL certificate.
</p>
<p>
Get into the habit of using email encryption and encourage others to do so. Remember that you may not think that your emails are very interesting but the Surveillance State is highly interested in them and will be actively trying to data mine your private life looking for "suspicious" patterns, regardless of whether you are guilty of any crime or not.
</p>
</div>
</div>
<div id="outline-container-sec-6-0-4" class="outline-4">
<h4 id="sec-6-0-4">Making folders visible</h4>
<div class="outline-text-4" id="text-6-0-4">
<p>
By default you won't be able to see any folders which you may have created earlier using the <i>mailinglistrule</i> script. To make folders visible select:
</p>
<p>
<b>Menu</b>, hover over <b>Preferences</b>, select <b>Account Settings</b>, select <b>Server Settings</b> then click on the <b>Advanced</b> button.
</p>
<p>
Make sure that "<b>show only subscribed folders</b>" is not checked. Then click the <b>ok</b> buttons. Folders will be re-scanned, which may take some time depending upon how much email you have, but your folders will then appear.
</p>
</div>
</div>
</div>
<div id="outline-container-sec-7" class="outline-2">
<h2 id="sec-7">Android apps</h2>
<div class="outline-text-2" id="text-7">
<p>
Mobile devices have a reputation for being quite insecure, so it's recommended that you don't store emails or GPG keys on your phone. Instead <a href="./app_mailpile.html">install Mailpile</a> and access your email via the webmail interface.
</p>
</div>
</div>
<div id="outline-container-sec-8" class="outline-2">
<h2 id="sec-8">Subscribing to mailing lists</h2>
<div class="outline-text-2" id="text-8">
<p>
To subscribe to a mailing list log in as your user (i.e. not the root user).
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
</pre>
</div>
<p>
Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Add a user to a mailing list</b>. If you want to do it purely from the commandline then see the manpage for <b>freedombone-addlist</b>.
</p>
</div>
</div>
<div id="outline-container-sec-9" class="outline-2">
<h2 id="sec-9">Adding email addresses to a group/folder</h2>
<div class="outline-text-2" id="text-9">
<p>
Similar to adding mailing list folders you can also add specified email addresses into a group/folder.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
</pre>
</div>
<p>
Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Add email rule</b>. To do the same from the commandline see the manpage for <b>freedombone-addemail</b>.
</p>
</div>
</div>
<div id="outline-container-sec-10" class="outline-2">
<h2 id="sec-10">Ignoring incoming emails</h2>
<div class="outline-text-2" id="text-10">
<p>
It is possible to ignore incoming emails if they are from a particular email address or if the subject line contains particular text.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
</pre>
</div>
<p>
Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Block/Unblock and email address</b> or <b>Block/Unblock email with subject line</b>. Also see the manpage for <b>freedombone-ignore</b>.
</p>
</div>
</div>
<div id="outline-container-sec-11" class="outline-2">
<h2 id="sec-11">Using I2P for email transport</h2>
<div class="outline-text-2" id="text-11">
<p>
For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the <a href="./app_bdsmail.html">bdsmail app</a>. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client.
</p>
</div>
</div>
</div>
<div id="postamble" class="status">
<style type="text/css">
.back-to-top {
position: fixed;
bottom: 2em;
right: 0px;
text-decoration: none;
color: #000000;
background-color: rgba(235, 235, 235, 0.80);
font-size: 12px;
padding: 1em;
display: none;
}
.back-to-top:hover {
background-color: rgba(135, 135, 135, 0.50);
}
</style>
<div class="back-to-top">
<a href="#top">Back to top</a> | <a href="mailto:bob@freedombone.net">E-mail me</a>
</div>
</div>
</body>
</html>