Email accounts at icculus.org


Every shell account from icculus.org comes with an associated email address. If you don't have a shell account, email Ryan and tell him why you should have one.

Quick links:


Your email address, and welcome to it:
Once you have an account, your login name is your email. So, if you have the login name foobar, then your email account is [email protected]. Note that there are virtual domains hosted here, too, so you also get foobar@whatever_else_we_host for free; email to both end up in the same place. You may also have aliases. If you want [email protected] to go to your account, ask Ryan, and he'll set it up. Note that your login name never changes, even if you can now also get mail from myrealname or whatever.

Redirecting to another email address:
If all you want to do is have mail coming to [email protected] be immediately forwarded to your normal account at [email protected] (or whatever), then punch this in once at the shell prompt:

echo "&[email protected]" > ~/.qmail

Reading and sending email from your shell account:
If all you want to do is do your mailing from the shell account, use pine:

pine

Other shell-based email programs:
If you want mutt or elm or whatnot, please email Ryan, and he'll see about installing them for the whole system's use. If you want to try them out for yourself, feel free to compile them in your home directory. Note that, by default, your mail gets delivered in mbox format to ~/Mailbox ...that can be changed in your ~/.qmail file. Please read the dot-qmail manpage for details:

man dot-qmail

Accessing your email from offsite through webmail, Outlook, Thunderbird, Mail.app, etc:
This gets tricky, and it will seem very complicated to set up. Once you're up and running, though, everything should go very smoothly.

You must use IMAP over SSL for this. This is for security reasons, but most major mail programs support it.

Our webmail interface uses the IMAP server behind the scenes, so you need to set this up to use that, too.

First, make qmail (our mail transfer agent) use Maildir instead of mbox format:

/var/qmail/bin/maildirmake $HOME/Maildir
echo "./Maildir/" > ~/.qmail

Next, you can optionally try to run mbox2maildir if you've got old email to move to the new format (this is untested):

/var/qmail/bin/mbox2maildir ~/Mailbox ~/Maildir

You can skip the pine stuff if you never plan to use pine, but I'd keep everything consistent if I were you.

Then, go into pine, hit S for setup and then C for configuration.

Change inbox-path to {localhost/imap/ssl/user=YOURUSERNAME}INBOX

Scroll down to Folder Preferences ...
Set enable-lame-list-mode by typing X.
Scroll down to Advanced Command Preferences ...
Set enable-aggregate-command-set by typing X.
Set enable-unix-pipe-cmd by typing X.

Hit E to exit setup, and Y to save the changes. At the Main menu again, hit S for Setup and L for collection Lists.

Hit A to add a collection. On the next screen, fill in this information:

Nickname: imap
Server: localhost/imap/ssl/user=YOURUSERNAME
Path: INBOX. (that's with a '.' at the end)
View: (leave this blank)

Hit Control-X to save it, confirm. You should be back at the list of collections, one of which is labelled imap and one of which is called mail/. Highlight mail/, and hit D to delete it. Hit E to return to the main menu, the Q to quit, and Y to get back to the shell. Next time you load up pine, it should ask you for your password. Look around and make sure everything is working right.

Send yourself a mail. Look at the contents of ~/Maildir/new and see if something showed up. Then look in pine and see if it's there.

Please see Ryan if you have Pine folders in the old (non IMAP) format that you'd like to move over and continue using.

If all you wanted was working webmail, you're done. Go
log in and play.

This is all fine and good, but you still haven't gotten yourself working through Outlook or whatnot. Here's what you do, in a general sense.

Give your email client the following information:


Other things that aren't always asked for (IMAP4 can tell these things to the client, but some broken email programs need you to fill it in):


Save it and try to look at your mail. You might be told that the certificate is unconfirmable or whatnot; that's okay, just ignore that message. This just means that we haven't paid for a commercial SSL certificate. The connection is still encrypted. Send your password and you SHOULD see your mailbox.

Now that you are reading mail,

DO NOT HAMMER THE IMAP SERVER

Do not set your client to automatically check for mail. Either set it for manual checking (you have to click the "check for new mail" button), or set it to only check for mail when you first start the mail program. If you absolutely MUST set it for autochecking, set it high: check once every 30 minutes to an hour. Do NOT check every second. Setting this to check less than every 60 seconds really pisses Ryan off. You do not need to check your mail 1440 times a day, so why do you send your email client to do it for you? 1430 of those times, you wasted system resources just to come up empty. Don't do it, or you will be removed from the mail system.

To send mail, you'll need to define an SMTP server:


The SMTP server will only let you relay mail to hosts outside of icculus.org if you are sending mail from your shell account, or if you use a valid username/login, and TLS encryption. When sending mail, if you get an error like, "553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)", then it usually means that you didn't give a valid login. Make sure that your email client is set up for TLS encryption, and that you typed your username/password correctly.

Note that while SMTP traffic between you and icculus.org is always encrypted, it will be sent in the clear across the Internet when you email someone without an icculus.org account; this is how the Internet currently works, and it's beyond our control. The best way to secure your email is to use either GNU Privacy Guard or Pretty Good Privacy to encrypt the actual contents of the emails prior to being sent. This is important information, but way too much to cover here.

If problems persist, or you're just stumped, email Ryan and he may be able to help you.

Getting mail from another account into your icculus.org inbox:
If you want all new mail from [email protected] to come to your icculus.org account, the best bet is to have the postmaster of the old address have it forward automatically to your new address. Failing that, if you have a shell account on that system AND they happen to be running qmail, just login to that account and do this:

echo "&[email protected]" > ~/.qmail

If you still can't do it, you can run fetchmail at icculus.org. This works if your old account has some form of POP or IMAP server that permitted you to grab your mail remotely. Create the file ~/.fetchmailrc, and put the following lines in it. Obviously, you'll want to customize every line of this, except the smtpaddress line, which is required.

server mail.myoldaccount.com
protocol POP3
username foobar
password XXXXXXXX
smtpaddress icculus.org
fetchall

Make sure to set the permissions correctly, or fetchmail will refuse to run for security reasons:

chmod 0710 ~/.fetchmailrc

Note that most, but not all, protocols that fetchmail can use send your username and password in the clear, which is a security hole. In such a case, it's best if you ween yourself from that email account as quickly as possible, or find some way to forward your mail on without using POP3. Also, definitely read the manpage for fetchmail, as it is very customizable for your individual needs:

man fetchmail

Once that's set up, just run fetchmail:

fetchmail

Any mail it reports as successfully grabbed will end up in your inbox just as any mail sent directly to [email protected] would. It will be addressed to your old address, which helps you differentiate, but any replies you send will be listed as coming from your new address.

If you want fetchmail to run at periodic intervals to grab your mail automatically for you, please email Ryan to discuss the best way to get your mail into your inbox; he doesn't want you hammering other people's mailservers as much as he doesn't want you hammering icculus.org.

Encrypting your mail with GNU Privacy Guard:
(If you don't know what GNU Privacy Guard is, you can skip this section. If you want to know what GnuPG is,
here is more information.

We will assume you are using Pine from your shell account, and that you have already configured a public/private keypair with GnuPG. GNU Privacy Guard is already installed for public use on icculus.org; please be careful about storing a private key on the system, though.

Run this from your shell ONLY ONCE:

pinegpg-install [email protected]

"[email protected]" is optional. If you want all mail that you encrypt to anyone to also be encrypted to a second public key (which will presumably be yours), then specify that user. Leave it out, otherwise. Note that the double encryption takes longer and doubles the size of the message, but if you don't do it, you won't be able to unencrypt (and therefore, read) the email you sent.

Now, you're set to go. Next time you send mail from Pine, after hitting CTRL-X to send it, you will see the word "(unfiltered)" next to the confirmation prompt. Hit CTRL-N to select signed, encrypted, or encrypted+signed email.

When you receive encrypted mail, Pine will automatically ask you for your passphrase so that you can decrypt the mail. Signatures will be automatically verified. Note that the decrypted version is not stored, and you will need your GPG password (and private key) every time.

There is an alternate (and more user-friendly) Pine filter, but you need to set it up manually. Edit ~/.pinerc and make sure there's a line that reads:

sending-filters=/usr/bin/pgpenvelope_encrypt _RECIPIENTS_

...make sure no other "sending-filters" lines exists.

Finally, please note that attachments you send will not be encrypted, nor will encrypted attachments you receive be decrypted. Subject lines and other email headers are also not encrypted. The basic plan is that you should use a vague subject line, encrypt your email, and encrypt attachments separately before attaching them, or find a better email client. :)

Getting alerted to the arrival of new mail:
On your shell account, put the following line into your $HOME/.qmail file:

|qbiff

(Note that the first character is a pipe symbol.) Now, whenever you are logged into your shell account, you can be notified of new email as it arrives. Note that I said "CAN" be notified; you won't actually be notified until you tell the system that you don't mind the interruption. This is done with a program called "biff", which was named after the author's dog. Honest. When you give this command at the shell prompt:

biff y

...you'll be alerted when any new mail shows up. Any new mail that came in before that command will quietly make its way to your inbox. You can put that line in your startup script if you like. icculus.org has it OFF by default. The alert looks something like this:

*** TO <icculus> FROM <[email protected]>
    RE: Hah...//> I'd recommend pointing people towards GnuPG, by the way, but
...If you don't want to be disturbed temporarily (since these messages scroll over whatever you happen to be doing in your terminal with extreme prejudice), just issue the following command:

biff n

...and you won't be bothered, at least by the mail system. :)

...to see the current state of your email alert, run "biff" without arguments:

biff

...for offsite email (Netscape, Outlook, etc)...you're on your own. Most have this sort of thing built in. Don't hammer the IMAP server.

Two-factor auth:
You can use Google Authenticator for two-factor auth on webmail (but not IMAP or SMTP at the moment). You have to enable it in the settings for webmail, where it will let you set up a secret and show you a QR code, etc.
Alternately, you can set up the secret with the "google-authenticator" app from your shell account, if you want one two-factor token that works with both webmail and ssh. You should still choose a strong, unique password in any case.

Spam filtering:
Please read
this.

Further questions:
Can be sent to
Ryan.


--The McManagement.