Esmtp Riseup

From Aktivix
Jump to: navigation, search

Using esmtp for outgoing SMTP with riseup

Riseup offers authenticated SMTP for outgoing email and they strip the originating IP address which is good for anonymity.

The following notes are based on using esmtp mutt on Blag / Fedora but should work with other distros, also msmtp http://msmtp.sf.net/ provides very similar functionality, see http://msmtp.sourceforge.net/doc/mutt+msmtp.txt and http://msmtp.sourceforge.net/doc/msmtp.html#Using-msmtp-with-Mutt and the msmtp / debian notes at the end of this page.

First install esmtp, http://esmtp.sf.net/ :

yum install esmtp

Then, following the docs, http://esmtp.sourceforge.net/manual.html and create a ~/.esmtprc file like this:


# Configuration file for ESMTP.

identity = username@riseup.net
       hostname = mail.riseup.net:25
       username = "username"
       password = "password"
       starttls = required
       default

Of course change the "username" and "password"...

Then previously you needed to install the root cert from ipsCA, http://certs.ipsca.com/Store/Store.asp

mkdir ~/.authenticate
chmod 700 ~/.authenticate
cd ~/.authenticate
wget http://certs.ipsca.com/companyIPSipsCA/IPS-IPSCABUNDLE.CRT
mv IPS-IPSCABUNDLE.CRT ca.pem
chmod 600 ca.pem

However now riseup used gandi.net:

msmtp --serverinfo --host=mail.riseup.net --tls=on --port=587 --tls-certcheck=off

So, we can follow the instructions that were on the gandi wiki, http://wiki.gandi.net/en/ssl/intermediate?rev=1236084787 :

mkdir ~/.authenticate
chmod 700 ~/.authenticate
cd ~/.authenticate
wget http://crt.gandi.net/GandiStandardSSLCA.crt
wget http://crt.usertrust.com/UTNAddTrustServer_CA.crt
wget http://crt.usertrust.com/AddTrustExternalCARoot.crt
openssl x509 -inform DER -in GandiStandardSSLCA.crt -out GandiStandardSSLCA.pem
openssl x509 -inform DER -in AddTrustExternalCARoot.crt -out AddTrustExternalCARoot.pem
openssl x509 -inform DER -in UTNAddTrustServer_CA.crt -out UTNAddTrustServer_CA.pem
cat GandiStandardSSLCA.pem >> ca.pem
cat AddTrustExternalCARoot.pem >> ca.pem
cat UTNAddTrustServer_CA.pem >> ca.pem
chmod 600 ca.pem

If you need some other roots certs as well you can add these to then end, eg:

cd ~/.authenticate
wget http://www.cacert.org/certs/root.crt
cat root.crt >> ca.pem

Then add this to your ~/.muttrc

set sendmail="/usr/bin/esmtp"

For other MUAs see the notes here: http://esmtp.sourceforge.net/manual.html

msmtp

Debian won't let you install esmpt without removing the main sendmail / exim / postfix, but you can install and use msmtp.

Install:

apt-get install msmtp

Create a .msmtprc:

touch ~/.msmtprc
chmod 600 ~/.msmtprc

Add this to it:

 account default
   host mail.riseup.net
   from username@riseup.net
   auth on
   user username
   password password
   tls on
   tls_trust_file ~/.authenticate/ca.pem
   tls_certcheck on
   tls_priorities "SECURE256"

And set up ~/.authenticate as for Esmtp above.

Then add this to your ~/.muttrc

set sendmail="/usr/bin/msmtp"
set envelope_from=yes