Assuming IMAP access is enabled in the server, setting up aerc for Microsoft is
straightforward: the accounts.conf
file needs to be modified post setup as
the outgoing emails will fail otherwise.
The main thing that needs to be changed is the outgoing credentials need to
be set to smtp+login
. The below settings have been made very generic as
Microsoft runs many subdomains such as Hotmail, Live, Outlook, and MSN.
[Microsoft]
source = imaps://youraccount%40provider@imapprovider:993
outgoing = smtp+login://youraccount%40provider@smtpprovider:587
default = INBOX
smtp-starttls = yes
from = Your Name <youraccount@microsoftaccount>
copy-to = Sent
The website to check settings is located here POP, IMAP, and SMTP Settings.
Office365 sometimes uses XOAUTH2, which is a bit of a pain to setup. Instructions are provided below. This topic has been discussed multiple times on the mailing list as well -- those threads may have additional useful information.
Basically clone oauthRefreshToken and follow the steps in the README.
After that, the refresh token will be self cycling, replacing itself with a
fresh one cached in ~/.cache/aerc/<account>-xoauth.token
, so you can delete
the initial token generated by refresh_token.py
after you see the cached
token appear (which should generate after the first use of the account).
If the above doesn't work, see the alternate steps below.
The first step is to use a script such as mutt_oauth2.py
or oauth2ms
to fetch a token. With mutt_oauth2.py
, the basic steps are as follows:
microsoft
section of the registrations
dictionary based on
your Office365 setup. You'll likely need to modify the tenant
, client_id
,
and client_secret
, as well as the *_endpoint
and redirect_uri
fields,
replacing common
with the value used for tenant
. There are some
instructions provided by oauth2ms and OfflineIMAP that may help
with finding these values../mutt_oauth2.py /path/to/token --verbose --authorize
. You can choose where to store the
token. Answer the questions, choosing localhostauthcode
when asked, and
follow the instructions to visit the authorization webpage. (See also
vanormondt.net.)Once you've followed these steps, you should be able to print a token by running
./mutt_oauth2.py /path/to/token
.
Finally, you can add the Office365 account to aerc's accounts.conf
:
source = imaps+xoauth2://you%40email.com@outlook.office365.com
source-cred-cmd = /path/to/mutt_oauth2.py /path/to/token
outgoing = smtp+xoauth2://you%40email.com@outlook.office365.com:587
outgoing-cred-cmd = /path/to/mutt_oauth2.py /path/to/token
smtp-starttls = yes
You can also use mbsync to sync your Office365 mailbox with a maildir. First, you'll need to install the Cyrus SASL OAuth2 plugin as described on Stak Exchange:
git clone https://github.com/moriyoshi/cyrus-sasl-xoauth2.git
# Configure and make.
cd cyrus-sasl-xoauth2
./autogen.sh
./configure
# SASL2 libraries on Ubuntu are in /usr/lib/x86_64-linux-gnu/; modify the Makefile accordingly
sed -i 's%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/sasl2%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/x86_64-linux-gnu/sasl2%' Makefile
make
sudo make install
# Verify XOAUTH2 is known to SASL.
saslpluginviewer | grep XOAUTH2
Note that you may need to modify the sed
command to ensure the libraries get
put in the correct place for your system, and saslpluginviewer
may have a
different name on your system. For example, on Arch Linux the libraries need to
go in /usr/lib64/sasl2/
and saslpluginviewer
is just pluginviewer
.
Once you have this plugin setup, you can use XOAUTH2 in your .mbsyncrc
:
IMAPAccount you@email.com
Host outlook.office365.com
User you@email.com
AuthMechs XOAUTH2
PassCmd "/path/to/mutt_oauth2.py /path/to/token"
SSLType IMAPS
(That isn't the full config -- you'll need to also setup an IMAPStore
,
MaildirStore
, and Channel
, but you can reference the mbsync docs for that.)
Then simply setup a Maildir account for aerc as described in aerc-maildir(5).
If your Office365 email provider has decided that IMAP is a thing of the past, then you won't be allowed to use aerc, or that's what your provider will assume. In that situation, you need to leverage the Davmail gateway.
With Davmail installed and running, you can access MS Exchange servers in their different flavours, and you'll get a local IMAP server in return. Use that server as your mail server inside aerc, and you're set. Of course, the server being in the same machine as the client, you don't need any security:
source = imap+insecure://you@email.com@localhost:1143
outgoing = smtp+insecure://you@email.com@localhost:1025
smtp-starttls = no
Given that, thanks to davmail, access to IMAP is still possible despite your
sysadmins concerns, you can also leverage mbsync to get a local Maildir copy of
your emails (and, in turn, enable notmuch on that copy). Your mbsyncrc
account
definition might look like:
IMAPAccount o365-davmail
Host localhost
Port 1143
User you@email.com
Pass ""
SSLType None
AuthMech LOGIN
Finally, if your sysadmins are even stricter, they might even straightaway
forbid the use of different applications to access mail. If you find yourself
in that situation, you need to instruct Davmail to mask itself as the very fine
Outlook client, as explained elsewhere. In that case, some reports
indicate that you need to use Davmail's O365Manual
login type. When using
O365Manual
davmail will provide you with a link where you can authorize your
account using the usual procedure you would use to log in. The authorization
will end by opening a link with your access token in it (if the page doesn't
open, look under developer tools -> console in your browser). Since the link
and the access token are not tied to the computer where you are running
davmail
if you are unable to authorize on your current computer (e.g. you are
running davmail in a headless environment), you can either copy the link to
a different machine and copy the token back. Alternatively, carbonyl runs
chromium in a terminal, complete with the necessary javascript capabilities to
access the authorization page on a headless machine.
commit 8e700a643a84d65da56c17acd52f5b5714eb2487 Author: Matěj Cepl <mcepl@cepl.eu> Date: 2024-09-26T15:33:15+02:00 configurations: add html writing guidelines When your boss, or your fancy, demand that your next email will contain nice fonts, lists, tables, and other HTML paraphernalia. Signed-off-by: Matěj Cepl <mcepl@cepl.eu> Acked-by: Robin Jarry <robin@jarry.cc>