Esmtp Riseup

From Aktivix
Jump to: navigation, search

Using esmtp for outgoing SMTP with riseup

Riseup offers authenticated SMTP for outgoing email and they strip the originating IP address which is good for anonymity.

The following notes are based on using esmtp mutt on Blag / Fedora but should work with other distros, also msmtp provides very similar functionality, see and and the msmtp / debian notes at the end of this page.

First install esmtp, :

yum install esmtp

Then, following the docs, and create a ~/.esmtprc file like this:

# Configuration file for ESMTP.

identity =
       hostname =
       username = "username"
       password = "password"
       starttls = required

Of course change the "username" and "password"...

Then previously you needed to install the root cert from ipsCA,

mkdir ~/.authenticate
chmod 700 ~/.authenticate
cd ~/.authenticate
chmod 600 ca.pem

However now riseup used

msmtp --serverinfo --tls=on --port=587 --tls-certcheck=off

So, we can follow the instructions that were on the gandi wiki, :

mkdir ~/.authenticate
chmod 700 ~/.authenticate
cd ~/.authenticate
openssl x509 -inform DER -in GandiStandardSSLCA.crt -out GandiStandardSSLCA.pem
openssl x509 -inform DER -in AddTrustExternalCARoot.crt -out AddTrustExternalCARoot.pem
openssl x509 -inform DER -in UTNAddTrustServer_CA.crt -out UTNAddTrustServer_CA.pem
cat GandiStandardSSLCA.pem >> ca.pem
cat AddTrustExternalCARoot.pem >> ca.pem
cat UTNAddTrustServer_CA.pem >> ca.pem
chmod 600 ca.pem

If you need some other roots certs as well you can add these to then end, eg:

cd ~/.authenticate
cat root.crt >> ca.pem

Then add this to your ~/.muttrc

set sendmail="/usr/bin/esmtp"

For other MUAs see the notes here:


Debian won't let you install esmpt without removing the main sendmail / exim / postfix, but you can install and use msmtp.


apt-get install msmtp

Create a .msmtprc:

touch ~/.msmtprc
chmod 600 ~/.msmtprc

Add this to it:

 account default
   auth on
   user username
   password password
   tls on
   tls_trust_file ~/.authenticate/ca.pem
   tls_certcheck on
   tls_priorities "SECURE256"

And set up ~/.authenticate as for Esmtp above.

Then add this to your ~/.muttrc

set sendmail="/usr/bin/msmtp"
set envelope_from=yes