1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
---
title: "aerc-wiki: Providers/Microsoft"
---
# Microsoft Email
Assuming IMAP access is enabled in the server, setting up aerc for Microsoft is
straightforward: the `accounts.conf` file needs to be modified post setup as
the outgoing emails will fail otherwise.
The main thing that needs to be changed is the outgoing credentials need to
be set to `smtp+login`. The below settings have been made very generic as
Microsoft runs many subdomains such as Hotmail, Live, Outlook, and MSN.
```ini
[Microsoft]
source = imaps://youraccount%40provider@imapprovider:993
outgoing = smtp+login://youraccount%40provider@smtpprovider:587
default = INBOX
smtp-starttls = yes
from = Your Name <youraccount@microsoftaccount>
copy-to = Sent
```
The website to check settings is located here [POP, IMAP, and SMTP Settings][1].
## Office365 with XOAUTH2
Office365 sometimes uses XOAUTH2, which is a bit of a pain to setup.
Instructions are provided below. This topic has been discussed [multiple][9]
[times][10] on the mailing list as well -- those threads may have additional
useful information.
Basically clone [oauthRefreshToken][11] and follow the steps in the README.
After that, the refresh token will be self cycling, replacing itself with a
fresh one cached in `~/.cache/aerc/<account>-xoauth.token`, so you can delete
the initial token generated by `refresh_token.py` after you see the cached
token appear (which should generate after the first use of the account).
If the above doesn't work, see the alternate steps below.
### mutt_oauth2.py
The first step is to use a script such as [`mutt_oauth2.py`][2] or [oauth2ms][3]
to fetch a token. With `mutt_oauth2.py`, the basic steps are as follows:
1. Download the [script][2] and make it executable.
2. Modify the `microsoft` section of the `registrations` dictionary based on
your Office365 setup. You'll likely need to modify the `tenant`, `client_id`,
and `client_secret`, as well as the `*_endpoint` and `redirect_uri` fields,
replacing `common` with the value used for `tenant`. There are some
instructions provided by [oauth2ms][4] and [OfflineIMAP][5] that may help
with finding these values.
3. Do an initial run of the script to obtain a token: `./mutt_oauth2.py
/path/to/token --verbose --authorize`. You can choose where to store the
token. Answer the questions, choosing `localhostauthcode` when asked, and
follow the instructions to visit the authorization webpage. (See also
[vanormondt.net][6].)
Once you've followed these steps, you should be able to print a token by running
`./mutt_oauth2.py /path/to/token`.
Finally, you can add the Office365 account to aerc's `accounts.conf`:
```ini
source = imaps+xoauth2://you%40email.com@outlook.office365.com
source-cred-cmd = /path/to/mutt_oauth2.py /path/to/token
outgoing = smtp+xoauth2://you%40email.com@outlook.office365.com:587
outgoing-cred-cmd = /path/to/mutt_oauth2.py /path/to/token
smtp-starttls = yes
```
### Maildir setup
You can also use [mbsync][7] to sync your Office365 mailbox with a maildir.
First, you'll need to install the Cyrus SASL OAuth2 plugin as described on [Stak
Exchange][8]:
```
git clone https://github.com/moriyoshi/cyrus-sasl-xoauth2.git
# Configure and make.
cd cyrus-sasl-xoauth2
./autogen.sh
./configure
# SASL2 libraries on Ubuntu are in /usr/lib/x86_64-linux-gnu/; modify the Makefile accordingly
sed -i 's%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/sasl2%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/x86_64-linux-gnu/sasl2%' Makefile
make
sudo make install
# Verify XOAUTH2 is known to SASL.
saslpluginviewer | grep XOAUTH2
```
Note that you may need to modify the `sed` command to ensure the libraries get
put in the correct place for your system, and `saslpluginviewer` may have a
different name on your system. For example, on Arch Linux the libraries need to
go in `/usr/lib64/sasl2/` and `saslpluginviewer` is just `pluginviewer`.
Once you have this plugin setup, you can use XOAUTH2 in your `.mbsyncrc`:
```
IMAPAccount you@email.com
Host outlook.office365.com
User you@email.com
AuthMechs XOAUTH2
PassCmd "/path/to/mutt_oauth2.py /path/to/token"
SSLType IMAPS
```
(That isn't the full config -- you'll need to also setup an `IMAPStore`,
`MaildirStore`, and `Channel`, but you can reference the mbsync docs for that.)
Then simply setup a Maildir account for aerc as described in aerc-maildir(5).
## Office365 with IMAP disabled
If your Office365 email provider has decided that IMAP is a thing of the past,
then you won't be allowed to use aerc, or that's what your provider will assume.
In that situation, you need to leverage the [Davmail][12] gateway.
With Davmail installed and running, you can access MS Exchange servers in their
different flavours, and you'll get a local IMAP server in return. Use that
server as your mail server inside aerc, and you're set. Of course, the server
being in the same machine as the client, you don't need any security:
```ini
source = imap+insecure://you@email.com@localhost:1143
source-cred-cmd = pass you@email.com
outgoing = smtp+insecure://you@email.com@localhost:1025
outgoing-cred-cmd = pass you@email.com
smtp-starttls = no
```
Given that, thanks to davmail, access to IMAP is still possible despite your
sysadmins concerns, you can also leverage mbsync to get a local Maildir copy of
your emails (and, in turn, enable notmuch on that copy). Your `mbsyncrc` account
definition might look like:
```ini
IMAPAccount o365-davmail
Host localhost
Port 1143
User you@email.com
PassCmd "pass email.com/you@email.com"
SSLType None
AuthMech LOGIN
```
Finally, if your sysadmins are even stricter, they might even straightaway
forbid the use of different applications to access mail. If you find yourself in
that situation, you need to instruct Davmail to mask itself as the very fine
Outlook client, as explained [elsewhere][13]. In that case, some reports
indicate that you need to use Davmail's `O365Manual` login type.
[1]: https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353
[2]: https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py
[3]: https://github.com/harishkrupo/oauth2ms
[4]: https://github.com/harishkrupo/oauth2ms/blob/main/steps.org
[5]: https://github.com/UvA-FNWI/M365-IMAP
[6]: https://www.vanormondt.net/~peter/blog/2021-03-16-mutt-office365-mfa.html
[7]: https://github.com/gburd/isync
[8]: https://unix.stackexchange.com/questions/625637/configuring-mbsync-with-authmech-xoauth2
[9]: https://lists.sr.ht/~rjarry/aerc-discuss/%3CCA%2BrC5JmSTNDTd%3DKB0h-NeXRExB2QpHCWCOXch4%2BA%3DCiTX0wFAw%40mail.gmail.com%3E
[10]: https://lists.sr.ht/~rjarry/aerc-discuss/%3CCNKU4TGF41CJ.3HIV0H45QQWU2%40manjaro%3E
[11]: https://github.com/gaoDean/oauthRefreshToken
[12]: https://davmail.sourceforge.net/
[13]: https://github.com/mguessan/davmail/issues/321#issuecomment-1867072418
|
