I’ve just gotten ProtonMail email working in mu4e in emacs via IMAP, with ProtonMail’s Bridge application and mbsync.
Most of these moving parts are new to me, so I’m not sure if what follows is 100% accurate or correct. But in case it’ll be of help to others (and to me in 3 months) here are the steps I needed and the resources I used to get it up and running.
ProtonMail Bridge
To get an IMAP client working with ProtonMail, you also need to set up a separate app called Bridge. I haven’t looked that much into the nitty-gritty of it, but I think the main point of Bridge is to keep the end-to-end encryption when using ProtonMail with IMAP – i.e. so the encryption continues all the way until it reaches your mail client. I think Bridge functions as a local IMAP server (and SMTP server) that you point your client apps at, and Bridge does all the encryption/decryption locally before communicating with ProtonMail’s servers.
To be honest, given the caveats around the utility of ProtonMail’s encryption (e.g. that it only really works end-to-end if it’s two ProtonMail users communicating), setting up the Bridge is a bit of an extra annoyance that I imagine would put plenty of people off. But anyway kudos to ProtonMail for making it so at least you can use IMAP.
It’s probably not too hard to set up on Windows or MacOS. But the Bridge app on Linux is beta, so it’s a bit extra work. You have to email ProtonMail to get access to it first of all, then they send you a bunch of instructions to set it up. On Debian derivatives, it’s basically just installing a deb file, but first with a bunch of steps for verifying the provenance of that deb.
Then you run ProtonMail Bridge and set up your account in there, same as on the other platforms. That’s easy enough.
mbsync
So that’s all fine and dandy. Next step is to point your IMAP client at ProtonMail Bridge. There’s instructions on the ProtonMail site for using Thunderbird with Bridge on Linux, which is probably the easiest next step if you’re happy to use Thunderbird.
I wanna use mu4e in emacs though. Because emails are predominantly text, and anything involving a fair amount of text manipulation I would prefer to do in emacs.
So to use mu4e, you need your emails in Maildir format. I don’t know much about what this is. From what I’ve seen I’m guessing a file-based, Unix-y way of storing mail. Possibly better/more efficient, possibly just historical intransigence. I dunno.
mbsync is a utility to sync between IMAP and Maildir. I gotta say, any project still knocking around on sourceforge I immediately expect to be dead as a dodo. But mbsync kept on coming up when coming across recent-ish reddit posts about ProtonMail and IMAP, so it seems to be an OK choice for the syncing. Another option is offlineimap.
On Mint, I installed mbsync with:
sudo apt install isync
So then you need to configure mbsync to point at an IMAP server, and to map your IMAP folders to your Maildir folders. This goes in your .mbsync
config file.
This reddit post has a handy minimal guide of how to set up your mbsync config… or at least it would, if it hadn’t been posted on ghostbin and ghostbin hadn’t gone kaput. Luckily though someone made a copy of it in a gist on github.
I’ll copy it here too for posterity:
IMAPAccount protonmail
Host 127.0.0.1
Port 1143
User USERNAME_HERE@protonmail.com
Pass PASSWORD_PROVIDED_BY_BRIDGE
#Alternatively you can enter a command to retrieve your password
#PassCmd "gpg2 -q -d ~/.authinfo.gpg | awk 'FNR == 1 {print $8}'"
SSLType NONE
IMAPStore remote
Account protonmail
#You can change .mail to something else
MaildirStore local
Path ~/.mail/
Inbox ~/.mail/INBOX/
Channel inbox
Master :remote:
Slave :local:
Patterns * !"Drafts" !"All Mail"
Create Slave
#Expunge Both
SyncState *
Group protonmail
Channel inbox
I actually got an error with that as is, something about unknown section keyword 'SSLType'
. You need to delete the blank line before SSLType NONE
.
I also found a different .mbsync that was helpful, posted on pastebin. Copying below:
IMAPAccount protonmail
Host 127.0.0.1
Port 1143
User YOURMAILHERE
#Here you enter a command to retrieve your password
PassCmd "gpg2 -q -d ~/.authinfo.gpg | awk 'FNR == 1 {print $8}'"
SSLType NONE
#SSLVersions SSLv3
#SSLVersions SSLv3
#CertificateFile /etc/ssl/certs/ca-bundle.crt
IMAPStore pm-remote
Account protonmail
MaildirStore pm-local
Path ~/.mail/
Inbox ~/.mail/INBOX/
Channel pm-inbox
Master :pm-remote:
Slave :pm-local:
Patterns "INBOX"
Create Both
Expunge Both
SyncState *
Channel pm-sent
Master :pm-remote:"Sent"
Slave :pm-local:"sent"
Create Both
Expunge Both
SyncState *
Channel pm-trash
Master :pm-remote:"Trash"
Slave :pm-local:"trash"
Create Both
Expunge Both
SyncState *
Channel pm-spam
Master :pm-remote:"Spam"
Slave :pm-local:"spam"
Create Both
Expunge Both
SyncState *
Group protonmail
Channel pm-inbox
Channel pm-sent
Channel pm-trash
Channel pm-spam
This one has a few other folders mapped, and with a pm
prefix, which is probably useful if you’re also syncing other accounts (but maybe there’s a better way of doing that).
I don’t know what Create
, Expunge
, and SyncState
do.
Once configured, you should be able to sync with
$ mbsync protonmail
At this point we should be able to read emails in mu4e.
mu4e
I’m using spacemacs, for which there’s a mu4e layer, so I just added that to my list of active layers in .spacemacs config. This promptly gave an error when refreshing the config, something to do with maildirs. Commenting out the line
mu4e-maildirs-extension
in .emacs.d/layers/+email/mu4e/packages.el
sorted it out. Haven’t looked into exactly what it does, so will have to go back and figure out some other solution at some point.
OK, now I could start mu4e with M-x mu4e
… and got another error:
error in process sentinel: Database empty; try indexing some messages
Don’t know why, but running:
mu index --maildir=~/.mail
sorted that out. And mu4e worked, woohoo!
smtpmail
To also send mail via ProtonMail from within mu4e, a bit of extra config is needed for the smtp side of things.
The previously mentioned ghostbin/gist had all the details for that, copying again:
Create a file ~/.authinfo with the following contents:
machine 127.0.0.1 login USERNAME_HERE@protonmail.com port 1143 password PASSWORD_PROVIDED_BY_BRIDGE
machine 127.0.0.1 login USERNAME_HERE@protonmail.com port 1025 password PASSWORD_PROVIDED_BY_BRIDGE
This should be secured so the password isn’t included in plaintext in the authinfo file, there’s more info on that in the gist.
Note that the email domain doesn’t need to be protonmail.com – I used my custom domain and it works fine.
mu4e config
The same mini-tutorial also has some handy (and I think required) mu4e config:
(setq mu4e-maildir "~/.mail"
mu4e-attachment-dir "~/downloads"
mu4e-sent-folder "/Sent"
mu4e-drafts-folder "/Drafts"
mu4e-trash-folder "/Trash"
mu4e-refile-folder "/Archive")
(setq user-mail-address "USERNAME_HERE@protonmail.com"
user-full-name "YOUR_NAME")
;; Get mail
(setq mu4e-get-mail-command "mbsync protonmail"
mu4e-change-filenames-when-moving t ; needed for mbsync
mu4e-update-interval 120) ; update every 2 minutes
;; Send mail
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-auth-credentials "~/.authinfo.gpg" ;; Here I assume you encrypted the credentials
smtpmail-smtp-server "127.0.0.1"
smtpmail-smtp-service 1025)
Tweaking
With all that, everything seems to be just about working – now I just need to get used to using mu4e. But I’m liking it already – much quicker to navigate around emails and to write responses.
I also need to figure out if all of the mbsync mappings are correct, for things like Archives, Spam and Trash folders.
Cannot connect to 127.0.0.1 (127.0.0.1:1025): Connection refused
No working address found for 127.0.0.1
C: 1/1 B: 0/0 M: +0/0 *0/0 #0/0 S: +0/0 *0/0 #0/0
Most likely you forgot the Port value.