Email accounts at icculus.org
Every shell account from icculus.org comes with an associated email
address. If you don't have a shell account, email
Ryan and tell him why you
should have one.
Quick links:
Your email address, and welcome to it:
Once you have an account, your login name is your email. So, if you
have the login name foobar, then your email account is
foobar@icculus.org. Note that there are virtual domains hosted
here, too, so you also get foobar@whatever_else_we_host for free;
email to both end up in the same place. You may also have aliases. If
you want myrealname@icculus.org to go to your account, ask
Ryan, and he'll set it up. Note that your login name never changes,
even if you can now also get mail from myrealname or whatever.
Redirecting to another email address:
If all you want to do is have mail coming to foobar@icculus.org
be immediately forwarded to your normal account at
foobar@hotmail.com (or whatever), then punch this in once at the
shell prompt:
echo "&foobar@hotmail.com" > ~/.qmail
Reading and sending email from your shell account:
If all you want to do is do your mailing from the shell account, use
pine:
pine
Other shell-based email programs:
If you want mutt or elm or whatnot, please email Ryan, and he'll see
about installing them for the whole system's use. If you want to try
them out for yourself, feel free to compile them in your home directory.
Note that, by default, your mail gets delivered in mbox format to
~/Mailbox ...that can be changed in your ~/.qmail file. Please read the
dot-qmail manpage for details:
man dot-qmail
Accessing your email from offsite through webmail, Outlook, Thunderbird, Mail.app, etc:
This gets tricky, and it will seem very complicated to set up. Once
you're up and running, though, everything should go very smoothly.
You must use IMAP over SSL for this. This is for security reasons, but
most major mail programs support it.
Our webmail interface uses the IMAP server behind the scenes, so you
need to set this up to use that, too.
First, make qmail (our mail transfer agent) use Maildir instead of mbox
format:
/var/qmail/bin/maildirmake $HOME/Maildir
echo "./Maildir/" > ~/.qmail
Next, you can optionally try to run mbox2maildir if you've got old
email to move to the new format (this is untested):
/var/qmail/bin/mbox2maildir ~/Mailbox ~/Maildir
You can skip the pine stuff if you never plan to
use pine, but I'd keep everything consistent if I were you.
Then, go into pine, hit S for setup and then C for
configuration.
Change inbox-path to
{localhost/imap/ssl/user=YOURUSERNAME}INBOX
Scroll down to Folder Preferences ...
Set enable-lame-list-mode by typing X.
Scroll down to Advanced Command Preferences ...
Set enable-aggregate-command-set by typing X.
Set enable-unix-pipe-cmd by typing X.
Hit E to exit setup, and Y to save the changes. At the
Main menu again, hit S for Setup and L for collection
Lists.
Hit A to add a collection. On the next screen, fill in this
information:
Nickname: imap
Server: localhost/imap/ssl/user=YOURUSERNAME
Path: INBOX.
(that's with a '.' at the end)
View: (leave this blank)
Hit Control-X to save it, confirm. You should be back at the list of
collections, one of which is labelled imap and one of which is
called mail/. Highlight mail/, and hit D to delete
it. Hit E to return to the main menu, the Q to quit, and
Y to get back to the shell. Next time you load up pine, it
should ask you for your password. Look around and make sure everything
is working right.
Send yourself a mail. Look at the contents of
~/Maildir/new and see if something showed up. Then look in pine and
see if it's there.
Please see Ryan if you have Pine folders in the old (non IMAP) format
that you'd like to move over and continue using.
If all you wanted was working webmail, you're done. Go
log in and play.
This is all fine and good, but you still haven't gotten yourself working
through Outlook or whatnot. Here's what you do, in a general sense.
Give your email client the following information:
- Mail server hostname: mail.icculus.org
- Server type: IMAP4 (other option is usually something like POP3)
- Use SSL: yes
- IMAP4 port: 993 (you can use 23 if 993 is firewalled)
- Username: (Whatever your shell account login name is.)
Other things that aren't always asked for (IMAP4 can tell these things
to the client, but some broken email programs need you to fill it in):
- Server supports subfolders: yes
- Personal namespace: INBOX. (leave the period)
- Public namespace: shared. (leave the period)
- IMAP server directory: (just leave this blank.)
Save it and try to look at your mail. You might be told that the
certificate is unconfirmable or whatnot; that's okay, just ignore that
message. This just means that we haven't paid for a commercial SSL
certificate. The connection is still encrypted. Send your password
and you SHOULD see your mailbox.
Now that you are reading mail,
DO NOT HAMMER THE IMAP SERVER
Do not set your client to automatically check for mail. Either set it
for manual checking (you have to click the "check for new mail" button),
or set it to only check for mail when you first start the mail program.
If you absolutely MUST set it for autochecking, set it high: check once
every 30 minutes to an hour. Do NOT check every second. Setting this to
check less than every 60 seconds really pisses Ryan off. You do not
need to check your mail 1440 times a day, so why do you send your email
client to do it for you? 1430 of those times, you wasted system
resources just to come up empty. Don't do it, or you will be removed
from the mail system.
To send mail, you'll need to define an SMTP server:
- Mail server hostname: mail.icculus.org
- Server type: SMTP
- Use SSL: no
- Use TLS: yes
- SMTP port: 25 (37 also works if 25 is firewalled.)
The SMTP server will only let you relay mail to hosts outside of
icculus.org if you are sending mail from your shell account, or if you
use a valid username/login, and TLS encryption.
When sending mail, if you get an error like,
"553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)",
then it usually means that you didn't give a valid login. Make sure
that your email client is set up for TLS encryption, and that you
typed your username/password correctly.
Note that while SMTP traffic between you and icculus.org is always
encrypted, it will be sent in the clear across the Internet when you
email someone without an icculus.org account; this is how the Internet
currently works, and it's beyond our control. The
best way to secure your email is to use either
GNU Privacy Guard or
Pretty Good Privacy to encrypt the
actual contents of the emails prior to being sent. This is important
information, but way too much to cover here.
If problems persist, or you're just stumped, email Ryan and he may be
able to help you.
Getting mail from another account into your icculus.org inbox:
If you want all new mail from foobar@myoldaccount.com to come to
your icculus.org account, the best bet is to have the postmaster of the
old address have it forward automatically to your new address. Failing
that, if you have a shell account on that system AND they happen to
be running qmail, just login to that account and do this:
echo "&foobar@icculus.org" > ~/.qmail
If you still can't do it, you can run fetchmail at icculus.org. This
works if your old account has some form of POP or IMAP server that
permitted you to grab your mail remotely.
Create the file ~/.fetchmailrc
, and put the following
lines in it. Obviously, you'll want to customize every line of this,
except the smtpaddress line, which is required.
server mail.myoldaccount.com
protocol POP3
username foobar
password XXXXXXXX
smtpaddress icculus.org
fetchall
Make sure to set the permissions correctly, or fetchmail will refuse to
run for security reasons:
chmod 0710 ~/.fetchmailrc
Note that most, but not all, protocols that fetchmail can use send your
username and password in the clear, which is a security hole. In such
a case, it's best if you ween yourself from that email account as
quickly as possible, or find some way to forward your mail on without
using POP3. Also, definitely read the manpage for fetchmail, as it is
very customizable for your individual needs:
man fetchmail
Once that's set up, just run fetchmail:
fetchmail
Any mail it reports as successfully grabbed will end up in your inbox
just as any mail sent directly to foobar@icculus.org would.
It will be addressed to your old address, which helps you differentiate,
but any replies you send will be listed as coming from your new
address.
If you want fetchmail to run at periodic intervals to grab your mail
automatically for you, please email Ryan to discuss the best way to get
your mail into your inbox; he doesn't want you hammering other people's
mailservers as much as he doesn't want you hammering icculus.org.
Encrypting your mail with GNU Privacy Guard:
(If you don't know what GNU Privacy Guard is, you can skip this
section. If you want to know what GnuPG is,
here is more information.
We will assume you are using Pine from your shell account, and that you
have already configured a public/private keypair with GnuPG. GNU
Privacy Guard is already installed for public use on icculus.org;
please be careful about storing a private key on the system, though.
Run this from your shell ONLY ONCE:
pinegpg-install username@icculus.org
"username@icculus.org" is optional. If you want all mail that you
encrypt to anyone to also be encrypted to a second public key (which
will presumably be yours), then specify that user. Leave it out,
otherwise. Note that the double encryption takes longer and doubles the
size of the message, but if you don't do it, you won't be able to
unencrypt (and therefore, read) the email you sent.
Now, you're set to go. Next time you send mail from Pine, after hitting
CTRL-X to send it, you will see the word "(unfiltered)" next to the
confirmation prompt. Hit CTRL-N to select signed, encrypted, or
encrypted+signed email.
When you receive encrypted mail, Pine will automatically ask you for
your passphrase so that you can decrypt the mail. Signatures will be
automatically verified. Note that the decrypted version is not stored,
and you will need your GPG password (and private key) every time.
There is an alternate (and more user-friendly) Pine filter, but you
need to set it up manually. Edit ~/.pinerc and make sure there's a line
that reads:
sending-filters=/usr/bin/pgpenvelope_encrypt _RECIPIENTS_
...make sure no other "sending-filters" lines exists.
Finally, please note that attachments you send will not be encrypted,
nor will encrypted attachments you receive be decrypted. Subject lines
and other email headers are also not encrypted. The basic plan is that
you should use a vague subject line, encrypt your email, and encrypt
attachments separately before attaching them, or find a better email
client. :)
Getting alerted to the arrival of new mail:
On your shell account, put the following line into your
$HOME/.qmail
file:
|qbiff
(Note that the first character is a pipe symbol.) Now, whenever you
are logged into your shell account, you can be notified of new email as
it arrives. Note that I said "CAN" be notified; you won't actually be
notified until you tell the system that you don't mind the interruption.
This is done with a program called "biff", which was named after the
author's dog. Honest. When you give this command at the shell
prompt:
biff y
...you'll be alerted when any new mail shows up. Any new mail that came
in before that command will quietly make its way to your inbox. You
can put that line in your startup script if you like. icculus.org has
it OFF by default. The alert looks something like this:
*** TO <icculus> FROM <zephy@clutteredmind.org>
RE: Hah...//> I'd recommend pointing people towards GnuPG, by the way, but
...If you don't want to be disturbed temporarily (since these messages
scroll over whatever you happen to be doing in your terminal with
extreme prejudice), just issue the following command:
biff n
...and you won't be bothered, at least by the mail system. :)
...to see the current state of your email alert, run "biff" without
arguments:
biff
...for offsite email (Netscape, Outlook, etc)...you're on your own. Most
have this sort of thing built in. Don't hammer the IMAP server.
Two-factor auth:
You can use Google Authenticator for two-factor auth on webmail (but not IMAP or SMTP at the moment).
You have to enable it in the settings for webmail, where it will let you set up a secret and show
you a QR code, etc.
Alternately, you can set up the secret with the "google-authenticator" app from your shell account,
if you want one two-factor token that works with both webmail and ssh.
You should still choose a strong, unique password in any case.
Spam filtering:
Please read this.
Further questions:
Can be sent to Ryan.
--The McManagement.