#+TITLE:
#+AUTHOR: Bob Mottram
#+EMAIL: bob@freedombone.net
#+KEYWORDS: freedombone, mailpile
#+DESCRIPTION: How to use Mailpile
#+OPTIONS: ^:nil toc:nil
#+HTML_HEAD:
#+BEGIN_CENTER
[[file:images/logo.png]]
#+END_CENTER
#+BEGIN_EXPORT html
Mailpile
#+END_EXPORT
Mailpile provides a nice looking webmail interface suitable for use on desktop or mobile clients. It has good support for email encryption and makes that quite an simple process. At present it's usable but still has a few bugs and limitations. If you need a fully functional email client with comprehensive encryption support then either use Mutt or Thunderbird/Icedove.
An advantage of this type of webmail is that /it keeps your GPG keys off of any mobile devices/ so that if you lose your phone, or it gets stolen, then your email might still not be compromised.
One down side is that this appears to be a single user system, so if you have multiple users on your Freedombone server only the administrator will actually be able to use mailpile.
* Installation
Log into your system with:
#+begin_src bash
ssh myusername@mydomain -p 2222
#+end_src
Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
Select *Add/Remove Apps* then *mailpile*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /mail.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for Mailpile. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message.
* Initial setup
If you have just obtained a Lets Encrypt certificate as above then go to *About* on the administrator control panel and you should see your Mailpile domain listed there along with an onion address. You can then navigate to your site in a browser.
To see the login password for your site go to *Passwords* on the *Administrator control panel* and select the appropriate username and app. The passwords will be different for each user and may not be the same as the password which you used to originally ssh into the system.
If you're viewing your mail domain site on a mobile device via OrFox then make sure you allow the domain in the NoScript settings.
Enter a password and store it within a password manager.
Click on the *Privacy and Security* button.
Scroll down and select *Save Settings*. Don't click on the Tor button.
Click *Add account*.
Enter your name, email address and password.
Uncheck *Detect Settings* and click *Next*.
Under *Sending Mail* select *local* or if you need to proxy outgoing email through your ISP's server select *SMTP/TLS* and enter the details, then click *Next*.
#+BEGIN_CENTER
[[file:images/mailpile_setup.jpg]]
#+END_CENTER
Under *Receiving files* select *IMAP*, the domain as *localhost*, port *143*, your username and password, then click *Next*. Astute readers may well be concerned that IMAP over port 143 is not encrypted, but since this is only via localhost communication between the Mail Transport Agent and Mailpile doesn't travel over the internet and port 143 is not opened on the firewall so it's not possible to accidentally connect an external mail client insecurely.
#+BEGIN_CENTER
[[file:images/mailpile_setup_keys.jpg]]
#+END_CENTER
Under *Security and Privacy* either select your existing encryption key or if you only get the option to create a new one then do so, then click *Add* or *Save*.
The process of importing your email should then occur, and can take some time.