Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Unman]

On Sun, Mar 05, 2017 at 01:25:19PM +, sm8ax1 wrote:
> Unman:
> > On Sat, Mar 04, 2017 at 11:30:35PM -, pixr...@mail2tor.com wrote:
> > 
> >> What needs to be done that IMAP goes over TOR? can this be done and if so
> >> how should I set it up in Qubes?
> >>
> > 
> > Just put your mail qubes downstream from a TorVM, so that the traffic is
> > routed through Tor.
> > Or look at implementing this on a whonix workstation.
> > 
> 
> New to this thread (and list) so sorry if I missed something, but
> Icedove (Thunderbird) with TorBirdy is preinstalled in Whonix which is
> included with Qubes. All you have to do is configure it with your email
> account. It only took me a couple of minutes and it works well. I think
> I had to manually add a shortcut via the Qubes VM manager.
> 
> As for which client to use, I think Claws is the only client officially
> deemed safe. Thunderbird+TorBirdy seems pretty safe to me, at least
> there are no critical outstanding bugs, but it's still considered
> experimental. Beyond that, it's a matter of personal preference, but be
> aware of both exploitation and fingerprinting matters especially in
> clients not designed for Tor.
> 

You did miss something - this was the first response.

But Tim suggested trying mutt, and I endorsed that, which is how the
thread progressed.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170305211152.GE16686%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[sm8ax1]

Unman:
> On Sat, Mar 04, 2017 at 11:30:35PM -, pixr...@mail2tor.com wrote:
> 
>> What needs to be done that IMAP goes over TOR? can this be done and if so
>> how should I set it up in Qubes?
>>
> 
> Just put your mail qubes downstream from a TorVM, so that the traffic is
> routed through Tor.
> Or look at implementing this on a whonix workstation.
> 

New to this thread (and list) so sorry if I missed something, but
Icedove (Thunderbird) with TorBirdy is preinstalled in Whonix which is
included with Qubes. All you have to do is configure it with your email
account. It only took me a couple of minutes and it works well. I think
I had to manually add a shortcut via the Qubes VM manager.

As for which client to use, I think Claws is the only client officially
deemed safe. Thunderbird+TorBirdy seems pretty safe to me, at least
there are no critical outstanding bugs, but it's still considered
experimental. Beyond that, it's a matter of personal preference, but be
aware of both exploitation and fingerprinting matters especially in
clients not designed for Tor.

-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c861759-b024-9d37-9a5e-2adc51733192%40vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Unman]

On Sat, Mar 04, 2017 at 11:30:35PM -, pixr...@mail2tor.com wrote:

> What needs to be done that IMAP goes over TOR? can this be done and if so
> how should I set it up in Qubes?
> 

Just put your mail qubes downstream from a TorVM, so that the traffic is
routed through Tor.
Or look at implementing this on a whonix workstation.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170305030914.GA12046%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[pixr811]

Hi Tim,

>On Thu, Feb 23, 2017, pix...@mail2tor.com wrote:
>> [user@mail postfix]$ make
>> Makefile:2: *** missing separator.  Stop.
>>
>> Any idea where to start troubleshooting from this point on?

>On Thu, Feb 24, 2017, timw...@gmail.com wrote:
>This generally indicates that you have a syntax error in the Makefile.
>Spaces not tabs would be an obvious error, particularly if you have
>just done a cut and paste job. Try replacing indent spaces with tabs.

exactly this was the problem (no spaces allowed).
I followed all 3 howtos to install fetchmail + postfix + mutt.

1) Install a MRA (Mail Retrieval Agent) to receive Email via IMAP/POP
   => Fetchmail
  Install Howto: https://www.qubes-os.org/doc/fetchmail/

2) Install a MTA (Mail Transfer Agent) to send Email via SMTP
   => Posfix
  Install Howto: https://www.qubes-os.org/doc/postfix/

3) Install Textmail-Client
   => MUTT
   Install Howto: https://www.qubes-os.org/doc/mutt/

In the end I was unable to receive emails with this setup and honestly I
didn't understand why I need to setup fetchmal+postfix to receive emails
which can just be pulled via IMAP, which seems to work fine with mutt.

>Incidentally, mutt itself does have support for pop and imap, and so
>your use case may enable you to use a much more straightforward set up
>than that described in the docs.


reading some example configurations I was able to setup MUTT to connect to
googlemail for a test.

QUESTION:
In case I have created a mail account somewhere via a WebGUI and I have
used my anon-whonix App-VM nobody should know who this emails belongs to,
as I am hidden behind tor.
What do I need to do, so that all IMAP traffic is now also running via TOR
as I want to keep my identity protected, even when I use IMAP to get my
emails.
What needs to be done that IMAP goes over TOR? can this be done and if so
how should I set it up in Qubes?


To complete the information within this topic, my /home/user/.mutt/muttrc
looks like this (maybe helpfull for others searching the archives)


# accounts
#
set from = "Name "

# Setup to get emails from Googlemail per IMAP
set imap_user = 'usern...@gmail.com'
set imap_pass = 'SUPER-SECRET-PASSWORD'
set folder = imaps://imap.gmail.com/
set spoolfile = +INBOX
set record = "+[Gmail]/Sent Mail"
set postponed = "+[Gmail]/Drafts"

# IMAP Tweaks
# https://gist.github.com/bnagy/8914f712f689cc01c267
#set imap_keepalive=60
#set imap_passive=no
#set imap_check_subscribed=yes
#set imap_idle=yes
#set mail_check=60

#Setup a Sidebar
# https://vigasdeep.com/2014/05/07/install-config-mutt-sidebar/
#change width accordingly
set sidebar_width=30
#Visible at first, then change its value to yes
set sidebar_visible=no
#set sidebar_delim='|'
#set sidebar_sort=yes
mailboxes =inbox =ml
bind index CP sidebar-prev
bind index CN sidebar-next
bind index CO sidebar-open
bind pager CP sidebar-prev
bind pager CN sidebar-next
bind pager CO sidebar-open
macro index b 'toggle sidebar_visible'
macro pager b 'toggle sidebar_visible'
bind index B bounce-message


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1868f414a66744a750e8314531121f2f.squirrel%40_.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Tim W]

On Thursday, February 23, 2017 at 3:57:29 PM UTC-5, pix...@mail2tor.com wrote:
> Hello,
> 
> I tried to install the first parts to get MUTT running, but run into an
> error when launching the make command at the end of the guide.
> 
> > I need to edit: /usr/local/etc/postfix/sender_relay.
> > your.m...@exmaple.com [mail.example.com]:submission
> > your.ot...@mail.com [smtp.mail.com]:smtp
> 
> I have understand that :smtp and :submission are just placeholders for ports.
> As such I have the following entry in my /usr/local/etc/postfix/saslpass:
> 
> [smtp.gmail.com]:587  myusern...@gmail.com:MYPASSWORD
> 
> Strangely I run into an error at the end of the postfix guide
> (https://www.qubes-os.org/doc/postfix/):
> 
> I have copied and pasted the content for the
> "usr/local/etc/postfix/Makefile", but when I enter "sudo make" in
> /usr/local/etc/postfix
>  I get the following error message:
> 
> [user@mail postfix]$ make
> Makefile:2: *** missing separator.  Stop.
> 
> Any idea where to start troubleshooting from this point on?
> 
> I'm running all this command in my App-VM, which is based on the fedora-23
> Template which I have cloned and installed the additional packages as
> suggested in the >Qubes Postfix docu.
> 
> Pixr

Did you get this to work and configured properly?  

  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbc8ea74-a612-4402-8075-5e8111fd0697%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Tim W]

On Thursday, February 23, 2017 at 7:59:44 PM UTC-5, Unman wrote:
> On Thu, Feb 23, 2017 at 08:57:23PM -, pixr...@mail2tor.com wrote:
> > Hello,
> > 
> > I tried to install the first parts to get MUTT running, but run into an
> > error when launching the make command at the end of the guide.
> > 
> > > I need to edit: /usr/local/etc/postfix/sender_relay.
> > > your.m...@exmaple.com [mail.example.com]:submission
> > > your.ot...@mail.com [smtp.mail.com]:smtp
> > 
> > I have understand that :smtp and :submission are just placeholders for 
> > ports.
> > As such I have the following entry in my /usr/local/etc/postfix/saslpass:
> > 
> > [smtp.gmail.com]:587  myusern...@gmail.com:MYPASSWORD
> > 
> > Strangely I run into an error at the end of the postfix guide
> > (https://www.qubes-os.org/doc/postfix/):
> > 
> > I have copied and pasted the content for the
> > "usr/local/etc/postfix/Makefile", but when I enter "sudo make" in
> > /usr/local/etc/postfix
> >  I get the following error message:
> > 
> > [user@mail postfix]$ make
> > Makefile:2: *** missing separator.  Stop.
> > 
> > Any idea where to start troubleshooting from this point on?
> > 
> > I'm running all this command in my App-VM, which is based on the fedora-23
> > Template which I have cloned and installed the additional packages as
> > suggested in the >Qubes Postfix docu.
> > 
> > Pixr
> > 
> 
> This generally indicates that you have a syntax error in the Makefile.
> Spaces not tabs would be an obvious error, particularly if you have
> just done a cut and paste job. Try replacing indent spaces with tabs.
> 
> I don't know what the Fedora package is like, but installing postfix
> using a Debian package is absolutely straightforward to get up and
> running.
> 
> Incidentally, mutt itself does have support for pop and imap, and so
> your use case may enable you to use a much more straightforward set up
> than that described in the docs.
> 
> You say you'll be trying it with a googlemail account, and you should be
> able to find MANY guides online to configuring mutt to work with gmail,
> without struggling with postfix and fetchmail. There is a clear one on
> the mutt wiki.)
> 
> unman

I would say if he wants only pop3 then sure using MUTT built in capabilities is 
ok but for IMAP its far from ideal unless using only a very basic setup.

As he mentioned IMAP I thought the full setup gave a more robust setup.  But 
then again no need to make something more complex than you need so

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27dcf9a3-4dbc-49d9-8e62-29ada4ac736c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Unman]

On Thu, Feb 23, 2017 at 08:57:23PM -, pixr...@mail2tor.com wrote:
> Hello,
> 
> I tried to install the first parts to get MUTT running, but run into an
> error when launching the make command at the end of the guide.
> 
> > I need to edit: /usr/local/etc/postfix/sender_relay.
> > your.m...@exmaple.com [mail.example.com]:submission
> > your.ot...@mail.com [smtp.mail.com]:smtp
> 
> I have understand that :smtp and :submission are just placeholders for ports.
> As such I have the following entry in my /usr/local/etc/postfix/saslpass:
> 
> [smtp.gmail.com]:587  myusern...@gmail.com:MYPASSWORD
> 
> Strangely I run into an error at the end of the postfix guide
> (https://www.qubes-os.org/doc/postfix/):
> 
> I have copied and pasted the content for the
> "usr/local/etc/postfix/Makefile", but when I enter "sudo make" in
> /usr/local/etc/postfix
>  I get the following error message:
> 
> [user@mail postfix]$ make
> Makefile:2: *** missing separator.  Stop.
> 
> Any idea where to start troubleshooting from this point on?
> 
> I'm running all this command in my App-VM, which is based on the fedora-23
> Template which I have cloned and installed the additional packages as
> suggested in the >Qubes Postfix docu.
> 
> Pixr
> 

This generally indicates that you have a syntax error in the Makefile.
Spaces not tabs would be an obvious error, particularly if you have
just done a cut and paste job. Try replacing indent spaces with tabs.

I don't know what the Fedora package is like, but installing postfix
using a Debian package is absolutely straightforward to get up and
running.

Incidentally, mutt itself does have support for pop and imap, and so
your use case may enable you to use a much more straightforward set up
than that described in the docs.

You say you'll be trying it with a googlemail account, and you should be
able to find MANY guides online to configuring mutt to work with gmail,
without struggling with postfix and fetchmail. There is a clear one on
the mutt wiki.)

unman


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170224005942.GA21666%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[pixr711]

Hello,

I tried to install the first parts to get MUTT running, but run into an
error when launching the make command at the end of the guide.

> I need to edit: /usr/local/etc/postfix/sender_relay.
> your.m...@exmaple.com [mail.example.com]:submission
> your.ot...@mail.com [smtp.mail.com]:smtp

I have understand that :smtp and :submission are just placeholders for ports.
As such I have the following entry in my /usr/local/etc/postfix/saslpass:

[smtp.gmail.com]:587  myusern...@gmail.com:MYPASSWORD

Strangely I run into an error at the end of the postfix guide
(https://www.qubes-os.org/doc/postfix/):

I have copied and pasted the content for the
"usr/local/etc/postfix/Makefile", but when I enter "sudo make" in
/usr/local/etc/postfix
 I get the following error message:

[user@mail postfix]$ make
Makefile:2: *** missing separator.  Stop.

Any idea where to start troubleshooting from this point on?

I'm running all this command in my App-VM, which is based on the fedora-23
Template which I have cloned and installed the additional packages as
suggested in the >Qubes Postfix docu.

Pixr


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eba208c3285bb733845373d2dd2f29af.squirrel%40_.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[pixr711]

Hello Tim,

> On Wed, Feb 22, 2017 at 10:25:10PM -0800, Tim W wrote:
>> [...]
>> I have switched to a cmd line email client (mail user agent)using a MTA
>> MTR.  There is qubes doc on how to set it up with MUTT, Postfix and
>> fetchmail or what ever combo you wish.  When I look at the security
>> risks with emails, going to text only client removes 99% and its fast,
>> slick and powerful.  Combine with split GPG and it gives a compete
>> package aong with sticking to light powerful programs that each is
>> dedicated to one goal (Unix doctrine).
>> [...]

Thank you for the suggestions, I try to follow this path.
>From what I have understand using mutt will result in the following "recipe":

1) Install a MRA (Mail Retrieval Agent) to receive Email via IMAP/POP
   => Fetchmail
  Install Howto: https://www.qubes-os.org/doc/fetchmail/

2) Install a MTA (Mail Transfer Agent) to send Email via SMTP
   => Posfix
  Install Howto: https://www.qubes-os.org/doc/postfix/

3) Install Textmail-Client
   => MUTT
   Install Howto: https://www.qubes-os.org/doc/mutt/

4) Optional: SplitGPG
   Install Howto: https://www.qubes-os.org/doc/split-gpg/


Unfortunately the documentation for steps 1-3 is very short, I'll try to
make it work with one of my Googlemail-Accounts

I have problems understanding what to do at the step "Postfix: Lookup
Tables":

I need to edit: /usr/local/etc/postfix/sender_relay.

your.m...@exmaple.com [mail.example.com]:submission
your.ot...@mail.com [smtp.mail.com]:smtp

What is meant with :submission and :smtp?
Do I need to enter this?

Can someone post example files with their configuration for ex. googlemail?
(of course without the personal mail adresses)

Pixr

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5411540e6dad75a8d2e2dcc42622be68.squirrel%40_.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Unman]

On Wed, Feb 22, 2017 at 10:25:10PM -0800, Tim W wrote:
> On Wednesday, February 22, 2017 at 2:47:16 PM UTC-5, pix...@mail2tor.com 
> wrote:
> > Hello group,
> > 
> > I'm (somewhat proudly) running Qubes OS on my Thinkpad and new to this 
> > group.
> > Installation was straight foreward, thanks to the excellent documentation.
> > I'm currently migrating all my date into Qubes OS to use it as my primary 
> > OS.
> > 
> > Using TOR via the builtin anon-whonix is super easy and I have
> > successfully created a new email address via mail2tor.com /
> > http://mail2tor2zyjdctd.onion/.
> > 
> > I would like to use a mailclient with IMAP/SMTP to access my mail2tor
> > mailbox. Within the Anon-Whoonix I haven't found a mailclient.
> > 
> > Question: Which mail client do you suggest to use?
> > 
> > - Thunderbird
> > - Claws
> > - ...
> > 
> > I would like to use GnuPG and maybe S/MIME with my mail2tor-mail-adress
> > via Whoonix/TOR, so the mailclient should support this or offer plugings
> > to do so.
> > Are there any security concerns storing my GnuPG-Keys (for the
> > mail2tor-adress) within the Whoonix VM?
> > 
> > Kind regards
> > 
> > Pixr
> 
> SOemthing you might consider as you are already moving to a new system 
> (Qubes):
> 
> I have switched to a cmd line email client (mail user agent)using a MTA MTR.  
> There is qubes doc on how to set it up with MUTT, Postfix and fetchmail or 
> what ever combo you wish.  When I look at the security risks with emails, 
> going to text only client removes 99% and its fast, slick and powerful.  
> Combine with split GPG and it gives a compete package aong with sticking to 
> light powerful programs that each is dedicated to one goal (Unix doctrine).  
> 

Yes, mutt is great client. I run it in a minimal template.
Make sure that you have mailcap entries to open attachments
in dispVMs - and have the spawned dispVM with no network connection.
Highly recommend this route.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170223130842.GC18687%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to use a and which mailclient in QUBES (via TOR)?

[Tim W]

On Wednesday, February 22, 2017 at 2:47:16 PM UTC-5, pix...@mail2tor.com wrote:
> Hello group,
> 
> I'm (somewhat proudly) running Qubes OS on my Thinkpad and new to this group.
> Installation was straight foreward, thanks to the excellent documentation.
> I'm currently migrating all my date into Qubes OS to use it as my primary OS.
> 
> Using TOR via the builtin anon-whonix is super easy and I have
> successfully created a new email address via mail2tor.com /
> http://mail2tor2zyjdctd.onion/.
> 
> I would like to use a mailclient with IMAP/SMTP to access my mail2tor
> mailbox. Within the Anon-Whoonix I haven't found a mailclient.
> 
> Question: Which mail client do you suggest to use?
> 
> - Thunderbird
> - Claws
> - ...
> 
> I would like to use GnuPG and maybe S/MIME with my mail2tor-mail-adress
> via Whoonix/TOR, so the mailclient should support this or offer plugings
> to do so.
> Are there any security concerns storing my GnuPG-Keys (for the
> mail2tor-adress) within the Whoonix VM?
> 
> Kind regards
> 
> Pixr

SOemthing you might consider as you are already moving to a new system (Qubes):

I have switched to a cmd line email client (mail user agent)using a MTA MTR.  
There is qubes doc on how to set it up with MUTT, Postfix and fetchmail or what 
ever combo you wish.  When I look at the security risks with emails, going to 
text only client removes 99% and its fast, slick and powerful.  Combine with 
split GPG and it gives a compete package aong with sticking to light powerful 
programs that each is dedicated to one goal (Unix doctrine).  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4afc4bd2-6bcd-4533-accf-d3d88e460ee8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.