+++ date = '2024-12-19' draft = true title = 'How to Use Two-Factor Authentication in Neomutt' tags = ['howto', 'tutorial', 'mutt', '2fa', 'oauth2'] categories = ['technical'] +++ ```sh 808 17/12/24 19:06:42 git clone https://github.com/lukesmithxyz/mutt-wizard 809 17/12/24 19:07:18 cd mutt-wizard/ 810 17/12/24 19:07:18 ls 811 17/12/24 19:07:24 which isync 812 17/12/24 19:07:30 sudo pacman -S isync 813 17/12/24 19:07:37 msmtp 814 17/12/24 19:07:42 sudo pacman -S msmtp 815 17/12/24 19:07:47 which pass 816 17/12/24 19:07:51 pacman -Ss pass 817 17/12/24 19:07:54 pacman -S pass 818 17/12/24 19:07:57 sudo pacman -S pass 819 17/12/24 19:08:13 passmenu 820 17/12/24 19:08:44 vim /usr/bin/passmenu 821 17/12/24 19:09:13 sudo vim /usr/bin/passmenu 822 17/12/24 19:09:24 passmenu 823 17/12/24 19:09:43 gpg --full-gen-key 824 17/12/24 19:10:59 pass init asger.gitz@hotmail.com 825 17/12/24 19:11:08 which lynx 826 17/12/24 19:11:13 which notmuch 827 17/12/24 19:11:22 sudo pacman -S notmuch abook 828 17/12/24 19:11:25 sudo pacman -S notmuch 829 17/12/24 19:11:32 pacman -Ss abook 830 17/12/24 19:11:37 yay -Ss abook 831 17/12/24 19:11:47 yay -S abook 832 17/12/24 19:12:15 mw 833 17/12/24 19:12:16 ls 834 17/12/24 19:12:35 ./bin/mw 835 17/12/24 19:12:57 ls 836 17/12/24 19:13:01 cat README.md 837 17/12/24 19:13:04 bat README.md 838 17/12/24 19:03:41 Hyprland 839 17/12/24 19:20:13 pacman -Ss neomutt 840 17/12/24 19:20:18 sudo pacman -S neomutt 841 17/12/24 19:20:31 sudo pacman -Syu 842 17/12/24 19:21:35 sudo pacman -S neomutt 843 17/12/24 19:21:49 neomutt 844 17/12/24 19:22:08 cd git/mutt-wizard/ 845 17/12/24 19:22:09 ls 846 17/12/24 19:22:14 ./bin/mw -a 847 17/12/24 19:22:21 ./bin/mw -a asger.gitz@hotmail.com 848 17/12/24 19:25:41 man neomutt 849 17/12/24 19:25:57 man -s neomutt 850 17/12/24 19:26:05 man -k neomutt 851 17/12/24 19:26:10 apropos mutt 852 17/12/24 19:26:14 man -k mutt 853 17/12/24 19:26:18 man neomutt 854 17/12/24 19:31:34 info neomutt 855 17/12/24 19:31:41 man neomutt 856 17/12/24 19:31:45 man 2 neomutt 857 17/12/24 19:31:46 man 8 neomutt 858 17/12/24 19:33:29 cd /usr/share/doc/neomutt/ 859 17/12/24 19:33:39 pacman -S pandoc 860 17/12/24 19:33:41 sudo pacman -S pandoc 861 17/12/24 19:37:07 pandoc -f html -t epub3 -o neomutt-manual.epub manual.html 862 17/12/24 19:37:54 ls 863 17/12/24 19:37:56 ls -lah 864 17/12/24 19:38:05 pandoc -f html -t epub3 -o ~/neomutt-manual.epub manual.html 865 17/12/24 19:30:34 ls /usr/share/doc/ 866 17/12/24 19:30:38 ls /usr/share/doc/neomutt/ 867 17/12/24 19:30:53 cd /usr/share/doc/neomutt/ 868 17/12/24 19:30:53 ls 869 17/12/24 19:30:54 ll 870 17/12/24 19:30:56 ranger 871 17/12/24 22:01:44 n 872 17/12/24 22:06:13 ls 873 17/12/24 22:07:42 sudo mkdir -p /usr/local/share/mutt-wizard/mbsync-temp 874 17/12/24 22:07:49 mkdir -p /usr/local/share/mutt-wizard/mbsync-temp 875 17/12/24 22:07:52 sudo mkdir -p /usr/local/share/mutt-wizard/mbsync-temp 876 17/12/24 22:08:04 sudo mkdir -p /usr/local/share/mutt-wizard/msmtp-temp 877 17/12/24 22:08:08 sudo mkdir -p /usr/local/share/mutt-wizard/mutt-temp 878 17/12/24 22:08:12 sudo mkdir -p /usr/local/share/mutt-wizard/notmuch-temp 879 17/12/24 22:08:23 ls 880 17/12/24 22:08:31 cp email-token email-token.bak 881 17/12/24 22:19:45 ls 882 17/12/24 22:21:53 ls /usr/local/share/mutt-wizard/notmuch-temp/ 883 17/12/24 22:22:03 ls /usr/local/share/mutt-wizard/ 884 17/12/24 22:22:10 ranger /usr/local/share/mutt-wizard/ 885 17/12/24 22:22:42 sudo rm -rf /usr/local/share/mutt-wizard/* 886 17/12/24 22:31:31 n .mbsyncrc 887 17/12/24 22:33:14 ls 888 17/12/24 22:33:23 mv email-token.bak documents/ 889 17/12/24 22:33:24 ls do 890 17/12/24 22:33:26 ls documents/ 891 17/12/24 22:34:10 lsblk 892 17/12/24 22:34:13 df -h 893 17/12/24 22:34:45 neomutt 894 17/12/24 21:41:57 cd git/mutt-wizard/ 895 17/12/24 21:42:02 ./bin/mw -l 896 17/12/24 21:42:10 ./bin/mw -a asger.gitz@hotmail.com 897 17/12/24 21:43:25 gpg --list-keys 898 17/12/24 21:44:37 pass init asger.gitz@hotmail.com 899 17/12/24 21:44:52 pass help 900 17/12/24 21:44:57 pass ls 901 17/12/24 21:45:02 pass init asger.gitz@hotmail.com 902 17/12/24 21:45:05 ./bin/mw -a asger.gitz@hotmail.com 903 17/12/24 21:45:37 ./bin/mw 904 17/12/24 21:45:46 ./bin/mw -D asger.gitz@hotmail.com 905 17/12/24 21:45:54 pass edit asger.gitz@hotmail.com 906 17/12/24 21:46:13 man pass 907 17/12/24 21:46:44 pass edit asger.gitz@hotmail.com 908 17/12/24 21:48:44 ./bin/mw -a asger.gitz@hotmail.com 909 17/12/24 21:49:25 ./bin/mw -l 910 17/12/24 21:49:30 ./bin/mw -d 911 17/12/24 21:49:41 pass list 912 17/12/24 21:49:46 pass help 913 17/12/24 21:49:56 pass rm asger.gitz@hotmail.com 914 17/12/24 21:50:05 ./bin/mw 915 17/12/24 21:50:11 ./bin/mw -a asger.gitz@hotmail.com 916 17/12/24 21:51:42 ./bin/mw -a asger.gitz@hotmail.com -I 003 -S 587 917 17/12/24 21:52:05 ./bin/mw -a asger.gitz@hotmail.com -I 993 -S 587 918 17/12/24 21:52:42 pass list 919 17/12/24 21:52:48 pass help 920 17/12/24 21:52:59 pass show 921 17/12/24 21:53:03 pass show asger.gitz@hotmail.com 922 17/12/24 21:53:40 pass edit asger.gitz@hotmail.com 923 17/12/24 21:54:08 ./bin/mw -a asger.gitz@hotmail.com -I 993 -S 587 924 17/12/24 22:00:07 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --email "asger.gitz@hotmail.com" --provider microsoft --encryption-pipe "gpg --encrypt --recipient asger.gitz@hotmail.com" 925 17/12/24 22:00:21 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --email "asger.gitz@hotmail.com" --provider microsoft --encryption-pipe "gpg --encrypt --recipient asger.gitz@hotmail.com" token_path 926 17/12/24 22:02:36 ls 927 17/12/24 22:02:39 cat token_path 928 17/12/24 22:03:06 mv token_path .. 929 17/12/24 22:03:09 cd .. 930 17/12/24 22:03:10 ls 931 17/12/24 22:03:14 mv token_path .. 932 17/12/24 22:03:15 cd .. 933 17/12/24 22:03:16 ls 934 17/12/24 22:03:25 mv token_path email-token 935 17/12/24 22:03:28 cd git/mutt-wizard/ 936 17/12/24 22:03:31 lg 937 17/12/24 22:03:47 cd .. 938 17/12/24 22:03:49 rm -rf mutt-wizard/ 939 17/12/24 22:03:54 git clone https://github.com/rampaq/mutt-wizard/tree/oauth2 940 17/12/24 22:04:10 git clone git@github.com:rampaq/mutt-wizard.git 941 17/12/24 22:04:14 cd mutt-wizard/ 942 17/12/24 22:04:15 ls 943 17/12/24 22:04:21 lg 944 17/12/24 22:04:29 ./bin/mw 945 17/12/24 22:05:37 ./bin/mw -a asger.gitz@hotmail.com 946 17/12/24 22:07:19 ;s 947 17/12/24 22:07:20 ls 948 17/12/24 22:08:15 ./bin/mw -a asger.gitz@hotmail.com 949 17/12/24 22:09:30 ls ~ 950 17/12/24 22:09:37 ./bin/mw -l 951 17/12/24 22:09:40 neomutt 952 17/12/24 22:14:36 ./bin/mw -l 953 17/12/24 22:14:39 ./bin/mw 954 17/12/24 22:14:44 ./bin/mw -d 955 17/12/24 22:15:02 mbsync -a 956 17/12/24 22:16:09 cd 957 17/12/24 22:16:16 ls .config/msmtp/config 958 17/12/24 22:16:36 ln -s .config/msmtp/config .msmtprc 959 17/12/24 22:16:40 ll 960 17/12/24 22:17:47 cat .mbsyncrc 961 17/12/24 22:17:56 ll 962 17/12/24 22:18:11 ll .mbsyncrc 963 17/12/24 22:18:29 cat .config/msmtp/config 964 17/12/24 22:18:51 cd git/mutt-wizard/ 965 17/12/24 22:18:55 ./bin/mw 966 17/12/24 22:19:03 ./bin/mw -a asger.gitz@hotmail.com 967 17/12/24 22:19:10 ./bin/mw -d 968 17/12/24 22:19:13 ./bin/mw -a asger.gitz@hotmail.com 969 17/12/24 22:20:03 ls 970 17/12/24 22:20:06 cat ./bin/mw 971 17/12/24 22:20:36 less ./bin/mw 972 17/12/24 22:22:59 ./bin/mw -a asger.gitz@hotmail.com 973 17/12/24 22:23:02 ./bin/mw -d 974 17/12/24 22:23:04 ./bin/mw -a asger.gitz@hotmail.com 975 17/12/24 22:23:48 n bin/mw 976 17/12/24 22:24:10 ./bin/mw -a asger.gitz@hotmail.com 977 17/12/24 22:24:14 ./bin/mw -d 978 17/12/24 22:24:17 ./bin/mw -a asger.gitz@hotmail.com 979 17/12/24 22:24:52 msmtp -a 980 17/12/24 22:24:58 mbsync -a 981 17/12/24 22:25:02 man mbsync 982 17/12/24 22:25:23 n bin/mw 983 17/12/24 22:27:03 ls 984 17/12/24 22:27:08 make 985 17/12/24 22:27:12 sudo make install 986 17/12/24 22:27:27 mw -d 987 17/12/24 22:27:32 n bin/mw 988 17/12/24 22:27:37 sudo make install 989 17/12/24 22:27:47 mw -a asger.gitz@hotmail.com 990 17/12/24 22:28:08 neomutt 991 17/12/24 22:28:17 mbsync -a 992 17/12/24 22:29:24 cd .. 993 17/12/24 22:29:32 yay -Ss cyrus-sasl 994 17/12/24 22:29:47 yay -S cyrus-sasl-xoauth2.git 995 17/12/24 22:29:58 yay -S cyrus-sasl-xoauth2-git 996 17/12/24 22:30:17 mbsync -a 997 17/12/24 22:37:12 mw 998 17/12/24 22:37:18 man mbsync 999 17/12/24 22:37:33 man mbsyncd 1000 17/12/24 21:27:10 Hyprland 1001 18/12/24 07:13:16 cd dotfiles/ 1002 18/12/24 07:13:17 n 1003 18/12/24 07:14:15 cd dotfiles/ 1004 18/12/24 07:14:16 n 1005 18/12/24 07:18:11 neomutt 1006 18/12/24 07:18:21 mbsync -a 1007 18/12/24 07:19:00 ls 1008 18/12/24 07:19:02 ll 1009 18/12/24 07:19:14 mbsync -a 1010 18/12/24 07:19:38 gpg -qe -r asger.gitz@hotmail.com asger.gitz@hotmail.com.tokens 1011 18/12/24 07:19:47 mbsync -a 1012 18/12/24 07:20:03 pass init asger.gitz@hotmail.com 1013 18/12/24 07:20:05 mbsync -a 1014 18/12/24 07:20:14 pass show asger.gitz@hotmail.com 1015 18/12/24 07:20:18 pass list 1016 18/12/24 07:20:22 pass show asger.gitz@hotmail.com.tokens 1017 18/12/24 07:20:42 pass init asger.gitz@hotmail.com.tokens 1018 18/12/24 07:20:45 pass show asger.gitz@hotmail.com.tokens 1019 18/12/24 07:20:51 pass list 1020 18/12/24 07:21:16 mbsync -a 1021 18/12/24 07:29:09 history 927 18/12/24 19:38:06 dwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 928 18/12/24 19:38:29 ./mutt_oauth2.py -v -t --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret "" --email "asger.gitz@hotmail.com" --provider microsoft --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg" /home/agj/email-token 929 18/12/24 19:38:58 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret "" --email "asger.gitz@hotmail.com" --provider microsoft --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg" /home/agj/email-token 930 18/12/24 19:39:08 sudo vim /usr/share/neomutt/oauth2/mutt_oauth2.py 931 18/12/24 19:39:25 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret "" --email "asger.gitz@hotmail.com" --provider microsoft --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg" /home/agj/email-token 932 18/12/24 19:39:39 cat /home/agj/email-token 933 18/12/24 19:39:53 ls .. 934 18/12/24 19:39:56 ls .. -lah 935 18/12/24 19:40:34 history | grep email-token.bak 936 18/12/24 19:40:42 cd .. 937 18/12/24 19:40:44 rm email-token 938 18/12/24 19:40:53 cp documents/email-token.bak email-token 939 18/12/24 19:40:57 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret "" --email "asger.gitz@hotmail.com" --provider microsoft --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg" /home/agj/email-token 940 18/12/24 19:40:58 ls 941 18/12/24 19:40:59 ll 942 18/12/24 19:41:03 cat email-token 943 18/12/24 19:41:19 mw -l 944 18/12/24 19:41:20 mw -d 945 18/12/24 19:41:29 mw -a asger.gitz@hotmail.com 946 18/12/24 19:42:07 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret "" --email "asger.gitz@hotmail.com" --provider microsoft /home/agj/email-token-hest 947 18/12/24 19:42:47 ls 948 18/12/24 19:42:56 cat email-token-hest 949 18/12/24 19:43:00 mailsync 950 18/12/24 19:43:04 n .mbsyncrc 951 18/12/24 19:43:15 mailsync 952 18/12/24 19:43:20 n .mbsyncrc 953 18/12/24 19:43:36 cat .password-store/asger.gitz\@hotmail.com.tokens 954 18/12/24 19:43:45 file .password-store/asger.gitz\@hotmail.com.tokens 955 18/12/24 19:43:49 n .mbsyncrc 956 18/12/24 19:44:05 mailsync 957 18/12/24 19:44:13 mbsync -a 958 18/12/24 19:44:29 n .mbsyncrc 959 18/12/24 19:44:43 mbsync -a 960 18/12/24 19:44:46 n .mbsyncrc 961 18/12/24 19:45:17 mbsync -a 962 18/12/24 19:45:27 g456123 963 18/12/24 19:45:36 mailsync 964 18/12/24 19:32:53 Hyprland 965 18/12/24 19:45:46 sudo reboot 966 18/12/24 19:53:57 which view-mailcap 967 18/12/24 19:47:37 mailsync 968 18/12/24 19:47:49 ls 969 18/12/24 19:48:22 neomutt ``` ## GPG ```sh gpg --full-gen-key ``` ## OAuth2 First, sign in to your mail through the browser. This is needed for the OAuth2 authorization flow. As part of installing neomutt, you should have the oauth2 python script located in `/usr/share/neomutt/oauth2/`. We need to register neomutt as an already trusted app. We will simply abuse the thunderbird client-id for this, which is: `9e5f94bc-e8a4-4e73-b8be-63364c29d753` - with this you don't need to specify a client secret: ```sh /usr/share/neomutt/oauth2/mutt_oauth2.py \ -v \ -t \ --authorize \ --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" \ --client-secret "" \ --email "your-email-here" \ --provider microsoft \ $HOME/email-token ``` This will ask you a couple of questions. Select `authcode` for the preferred OAuth2 flow. If prompted for a client secret, simply press enter. You should get a link - enter that link into your browser and allow the app. By the end of the flow you should end up at an empty website. Copy the last part of the URL and paste it into your terminal. After this you should have a token file located at `$HOME/email-token`. It's a good idea to take a backup of this file just in case you overwrite it. But if you do loose it, you can just run the flow again. ## Mutt-Wizard Phew! That was a lot. We are almost there! Based on [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard). After this, you should edit your `~/.mbsyncrc` file, as the default `PassCmd` is not quite configured yet. It should look something like this (make sure to change `your-email-here` and `username` to the appropriate values): ``` ... PassCmd "/usr/share/neomutt/oauth2/mutt_oauth2.py --encryption-pipe 'gpg -e -r your-email-here' /home/username/email-token" ... ``` You should now be able to run `mailsync`: ```sh mailsync ``` It might ask you to select which profile to sync. Just provide the name you set when setting up your gpg profile and everything should sync now! After a successful sync, you should be able to just open `neomutt` and start reading, replying and whatever you do with email! ```sh neomutt ``` ## TODOs - [ ] introduction - [ ] instructions on installing mutt-wizard (oauth2 version) (ubuntu / arch) - including dependencies - Mention that the oauth2 version might be merged in the future and refer to luke's version if merged - [ ] instructions on registering app passwords (gmail / outlook) - [ ] instructions on how to use `pass` - [x] figure out how to consistently use `mbsync -a` (perhaps a cronjob?) - [ ] Start the article with a demo of what we'll be making