blog/content/posts/how-to-2famutt.md
2025-01-04 18:49:15 +01:00

2.8 KiB

+++ date = '2024-12-19' title = 'Neomutt and Outlook' tags = ['howto', 'tutorial', 'mutt', '2fa', 'oauth2'] categories = ['technical'] +++

GPG

You will need a gpg key for encryption purposes. If you don't already have a gpg key, you can generate one with the --full-gen-key flag.

gpg --full-gen-key

OAuth2

First, sign in to your mail through the browser. This is needed for the OAuth2 authorization flow. As part of installing neomutt, you should have the oauth2 python script located in /usr/share/neomutt/oauth2/. We need to register neomutt as an already trusted app. We will simply abuse the thunderbird client-id for this, which is: 9e5f94bc-e8a4-4e73-b8be-63364c29d753 - with this you don't need to specify a client secret:

/usr/share/neomutt/oauth2/mutt_oauth2.py \
    -v \
    -t \
    --authorize \
    --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" \
    --client-secret "" \
    --email "your-email-here" \
    --provider microsoft \
    $HOME/email-token

This will ask you a couple of questions. Select authcode for the preferred OAuth2 flow. If prompted for a client secret, simply press enter. You should get a link - enter that link into your browser and allow the app. By the end of the flow you should end up at an empty website. Copy the last part of the URL and paste it into your terminal. After this you should have a token file located at $HOME/email-token. It's a good idea to take a backup of this file just in case you overwrite it. But if you do loose it, you can just run the flow again.

Mutt-Wizard

Phew! That was a lot. We are almost there! Based on mutt-wizard.

After this, you should edit your ~/.mbsyncrc file, as the default PassCmd is not quite configured yet. It should look something like this (make sure to change your-email-here and username to the appropriate values):

...
PassCmd "/usr/share/neomutt/oauth2/mutt_oauth2.py --encryption-pipe 'gpg -e -r your-email-here' /home/username/email-token"
...

You should now be able to run mailsync:

mailsync

It might ask you to select which profile to sync. Just provide the name you set when setting up your gpg profile and everything should sync now! After a successful sync, you should be able to just open neomutt and start reading, replying and whatever you do with email!

neomutt

TODOs

  • introduction
  • instructions on installing mutt-wizard (oauth2 version) (ubuntu / arch) - including dependencies
  • Mention that the oauth2 version might be merged in the future and refer to luke's version if merged
  • instructions on registering app passwords (gmail / outlook)
  • figure out how to consistently use mbsync -a (perhaps a cronjob?)
  • Start the article with a demo of what we'll be making