July 7, 2020

OpenBSD: protonmail and mutt

I have been using mutt for the last ~20 years of my life. I have changed several times my affiliation, and each time I get a new e-mail account and then I need to update anything official linked to it, such as journals, committee boards, reviewer panels etc. On the other hand, I have a protonmail account since it was created, +/- a few months. I have always wanted to use protonmail with mutt and OpenBSD. The problem so far has been that protonmail only offered a web interface or an app for smartphones and such. They later offered a “bridge” to use it on the most usual mailers which, as you can guess, did not include mutt.

Install a bridge-like programme

Get a text-based “bridge-like” MIT-licensed programme, hydroxide:

# pkg_add go
$ git clone https://github.com/emersion/hydroxide.git
$ go build ./cmd/hydroxide

Note that with the current version of go in OpenBSD (go1.13.9), running

$ GO111MODULE=on go get github.com/emersion/hydroxide/cmd/hydroxide

will fail.

Start it

$ hydroxide auth YOURLOGIN@protonmail.com
$ hydroxide imap &
$ hydroxide smtp &

  • The first line authenticates and decrypts your protonmail account in memory, prompts for your protonmail password, and spits out a temporary password for the client “login” to the bridge, which is hydroxide in our case.
  • The second line runs IMAP server for receiving email.
  • The third line runs SMTP server for sending email.

Configure mutt

A minimal configuration of muttrc must contain these lines to get it to work:

set imap_user="YOURLOGIN@protonmail.com"
set imap_pass = "what hydroxide auth spits as password when you start it"

To send e-mails, set this:

set smtp_pass = ${imap_pass}
set smtp_url=smtp://YOURLOGIN@protonmail.com@127.0.0.1:1025/

That little “/” that you see at the end of the second line is crucial… it took me quite a while to figure out. This is my amazing contribution to humankind.

A script to do it automatically

I cannot stand writing my password every single time I check my e-mail, so that I store it locally. It’s foolish, some people say but if you are using OpenBSD and an encrypted /home, you should be more than safe.

#!/bin/sh

# Define paths to hydroxide and muttrc
OHneg=$HOME/fitx_confg/mutt/hydroxide/hydroxide
MuttRC=$HOME/fitx_confg/mutt/protonmail.muttrc

# Just in case of, kill all running processes
pkill -9 hydroxide

# Feed the password to the bridge and redirect output to /tmp
echo 'your protonmail password' \
| $OHneg auth YOURLOGIN@protonmail.com >> /tmp/$$

# Fetch the bridge password from the /tmp file and remove it
bridgepasswd=`cat /tmp/$$ | awk '{print $4}'`
rm /tmp/$$

# Remove previous set imap_pass line from muttrc
sed -i '/^set imap_pass/d' $MuttRC

# Add the new line containing the bridge password
echo "set imap_pass = $bridgepasswd" >> $MuttRC

# Start services
$OHneg imap&
$OHneg smtp&

# Start mutt
mutt -F $MuttRC

I have this defined as a bind-key in cwm,

bind-key 4-M /home/pau/bin/Xtm_MuttProtonMail.sh