~rjarry/aerc

#Microsoft Email

Assuming IMAP access is enabled in the server, setting up aerc for Microsoft is straightforward: the accounts.conf file needs to be modified post setup as the outgoing emails will fail otherwise.

The main thing that needs to be changed is the outgoing credentials need to be set to smtp+login. The below settings have been made very generic as Microsoft runs many subdomains such as Hotmail, Live, Outlook, and MSN.

[Microsoft]
source        = imaps://youraccount%40provider@imapprovider:993
outgoing      = smtp+login://youraccount%40provider@smtpprovider:587
default       = INBOX
smtp-starttls = yes
from          = Your Name <youraccount@microsoftaccount>
copy-to       = Sent

The website to check settings is located here POP, IMAP, and SMTP Settings.

#Office365 with XOAUTH2

Office365 sometimes uses XOAUTH2, which is a bit of a pain to setup. Instructions are provided below. This topic has been discussed multiple times on the mailing list as well -- those threads may have additional useful information.

Basically clone oauthRefreshToken and follow the steps in the README. After that, the refresh token will be self cycling, replacing itself with a fresh one cached in ~/.cache/aerc/<account>-xoauth.token, so you can delete the initial token generated by refresh_token.py after you see the cached token appear (which should generate after the first use of the account).

If the above doesn't work, see the alternate steps below.

#mutt_oauth2.py

The first step is to use a script such as mutt_oauth2.py or oauth2ms to fetch a token. With mutt_oauth2.py, the basic steps are as follows:

  1. Download the script and make it executable.
  2. Modify the microsoft section of the registrations dictionary based on your Office365 setup. You'll likely need to modify the tenant, client_id, and client_secret, as well as the *_endpoint and redirect_uri fields, replacing common with the value used for tenant. There are some instructions provided by oauth2ms and OfflineIMAP that may help with finding these values.
  3. Do an initial run of the script to obtain a token: ./mutt_oauth2.py /path/to/token --verbose --authorize. You can choose where to store the token. Answer the questions, choosing localhostauthcode when asked, and follow the instructions to visit the authorization webpage. (See also vanormondt.net.)

Once you've followed these steps, you should be able to print a token by running ./mutt_oauth2.py /path/to/token.

Finally, you can add the Office365 account to aerc's accounts.conf:

source            = imaps+xoauth2://you%40email.com@outlook.office365.com
source-cred-cmd   = /path/to/mutt_oauth2.py /path/to/token
outgoing          = smtp+xoauth2://you%40email.com@outlook.office365.com:587
outgoing-cred-cmd = /path/to/mutt_oauth2.py /path/to/token
smtp-starttls     = yes
#Maildir setup

You can also use mbsync to sync your Office365 mailbox with a maildir. First, you'll need to install the Cyrus SASL OAuth2 plugin as described on Stak Exchange:

git clone https://github.com/moriyoshi/cyrus-sasl-xoauth2.git

# Configure and make.
cd cyrus-sasl-xoauth2
./autogen.sh
./configure

# SASL2 libraries on Ubuntu are in /usr/lib/x86_64-linux-gnu/; modify the Makefile accordingly
sed -i 's%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/sasl2%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/x86_64-linux-gnu/sasl2%' Makefile

make
sudo make install

# Verify XOAUTH2 is known to SASL.
saslpluginviewer | grep XOAUTH2

Note that you may need to modify the sed command to ensure the libraries get put in the correct place for your system, and saslpluginviewer may have a different name on your system. For example, on Arch Linux the libraries need to go in /usr/lib64/sasl2/ and saslpluginviewer is just pluginviewer.

Once you have this plugin setup, you can use XOAUTH2 in your .mbsyncrc:

IMAPAccount you@email.com
Host outlook.office365.com
User you@email.com
AuthMechs XOAUTH2
PassCmd "/path/to/mutt_oauth2.py /path/to/token"
SSLType IMAPS

(That isn't the full config -- you'll need to also setup an IMAPStore, MaildirStore, and Channel, but you can reference the mbsync docs for that.)

Then simply setup a Maildir account for aerc as described in aerc-maildir(5).

#Office365 with IMAP disabled

If your Office365 email provider has decided that IMAP is a thing of the past, then you won't be allowed to use aerc, or that's what your provider will assume. In that situation, you need to leverage the Davmail gateway.

With Davmail installed and running, you can access MS Exchange servers in their different flavours, and you'll get a local IMAP server in return. Use that server as your mail server inside aerc, and you're set. Of course, the server being in the same machine as the client, you don't need any security:

source             = imap+insecure://you@email.com@localhost:1143
outgoing           = smtp+insecure://you@email.com@localhost:1025
smtp-starttls      = no

Given that, thanks to davmail, access to IMAP is still possible despite your sysadmins concerns, you can also leverage mbsync to get a local Maildir copy of your emails (and, in turn, enable notmuch on that copy). Your mbsyncrc account definition might look like:

IMAPAccount o365-davmail
  Host localhost
  Port 1143
  User you@email.com
  Pass ""
  SSLType None
  AuthMech LOGIN

Finally, if your sysadmins are even stricter, they might even straightaway forbid the use of different applications to access mail. If you find yourself in that situation, you need to instruct Davmail to mask itself as the very fine Outlook client, as explained elsewhere. In that case, some reports indicate that you need to use Davmail's O365Manual login type. When using O365Manual davmail will provide you with a link where you can authorize your account using the usual procedure you would use to log in. The authorization will end by opening a link with your access token in it (if the page doesn't open, look under developer tools -> console in your browser). Since the link and the access token are not tied to the computer where you are running davmail if you are unable to authorize on your current computer (e.g. you are running davmail in a headless environment), you can either copy the link to a different machine and copy the token back. Alternatively, carbonyl runs chromium in a terminal, complete with the necessary javascript capabilities to access the authorization page on a headless machine.

About this wiki

commit 8e700a643a84d65da56c17acd52f5b5714eb2487
Author: Matěj Cepl <mcepl@cepl.eu>
Date:   2024-09-26T15:33:15+02:00

configurations: add html writing guidelines

When your boss, or your fancy, demand that your next email will contain
nice fonts, lists, tables, and other HTML paraphernalia.

Signed-off-by: Matěj Cepl <mcepl@cepl.eu>
Acked-by: Robin Jarry <robin@jarry.cc>
Clone this wiki
https://git.sr.ht/~rjarry/aerc (read-only)
git@git.sr.ht:~rjarry/aerc (read/write)