Setting up gmail with msmtp and mbsync
Setting up gmail with msmtp and mbsync
I, for one, absolutely hate gmail. Having said that, I don't have much choice but to accept it. In some situations, it's the only thing that works.
Some time ago, I had this conversation in Cyberia's offtopic matrix channel about google phasing out direct password access. Thankfully it still maintains app passwords. This is a short guide on how to use it.
Having said this, I personally absolutely detest how unworkable gmail is with SMTP and IMAP, and recommend to use inbox.tv instead, it works beautifully with this. However, their spam filter is not that great, so be prepared to be deleting quite a few emails once in a while (not a huge problem for me).
For ~/.mbsyncrc, my contents look like this:
IMAPAccount Gmail Host imap.gmail.com User user@gmail.com PassCmd "gpg --decrypt --for-your-eyes-only --no-tty --quiet ~/.gmail.gpg" TLSType IMAPS Port 993 IMAPStore Gmail-remote Account Gmail MaildirStore Gmail-local Path ~/Mail/user@gmail.com/ Inbox ~/Mail/user@gmail.com/INBOX SubFolders Verbatim Channel Gmail Far :Gmail-remote: Near :Gmail-local: Patterns * !"[Gmail]/All Mail" !"[Gmail]/Important" !"[Gmail]/Starred" !"[Gmail]/Bin" !"[Gmail]/Spam" !"[Gmail]/Trash" Create Both Expunge Both SyncState *
I like to have my mail in the same folder as the full mail, as it allows some neat integrations with a lot of different tools. Also, mbsync is a lot better than offlineimap, simply because it's written by a kernel dev who can write better code.
For msmtp, here's what the config looks like, thankfully it's simpler:
account gmail host smtp.gmail.com port 587 from user@gmail.com user user@gmail.com passwordeval "gpg --decrypt --for-your-eyes-only --no-tty --quiet ~/.gmail.gpg" auth on tls on tls_starttls on tls_trust_file /etc/ssl/certs/ca-certificates.crt
If you really hate gpg for many reasons, which are all valid, you can use age. I'm sure Filippo has done his due homework with this.
Keep in mind that this is an app password. To get one of those, go to google account settings, enable 2FA, and then search for app passwords in the search bar. Generate a new one, and store it in an encrypted format using age/passage/system keyring (if you have luck with the last one, mail me at 1nn0c3n7z3r0@inbox.lv, I'd love to know).
Here's a quick script I have to sync my mail:
#!/usr/bin/nu
# Some fundamental operations to be executead all at once
# remove deleted mails
notmuch search --output=files tag:deleted | lines | each {|file| rm $file}
# open the passwords once to not fail during the sync
gpg --decrypt --for-your-eyes-only --no-tty --quiet ~/.gmail.gpg | describe
# update the maildir
mbsync -a
# sync the maildir
notmuch new
# tag based on the account as well
ls ~/Mail/ | get name | each {|$dir| $dir | path basename } | each {|$dir| notmuch tag $"+($dir)" $"path:($dir)/**"}
The first two gpg --decrypt ... lines are there to make sure sync doesn't fail when running mbsync.
The last command tags every email with its account as a tag, allowing me to filter in notmuch mua on an account basis as well. notmuch is simply amazing when it comes to scriptability, and also its porcelain frontends. Not the same can be said about a lot of other things really.
Here's a short elisp snippet describing my notmuch emacs config:
(defun i0/init/mail-fccs ()
(require 'cl-lib)
(let ((accounts (i0/init/mail-accounts)))
(cl-loop
for account in accounts
collect (cons account (format "%s/sent" account)))))
(i0/init/configure-package
notmuch
:custom
(send-mail-function 'sendmail-send-it)
(sendmail-program (executable-find "msmtp"))
(mail-user-agent 'notmuch-user-agent)
(mail-specify-envelope-from t)
(message-sendmail-envelope-from 'header)
(mail-envelope-from 'header)
(message-kill-buffer-on-exit t)
(notmuch-fcc-dirs (i0/init/mail-fccs))
:commands (notmuch notmuch-hello))
You can replace the i0/init/configure-package line with use-package and it should just work.
This make it work with multiple accounts with ease, and helps with the fcc-dirs (for gmail I just delete that line from the message composition area because gmail handles it by itself, which would've been nice if it just followed a standard layout and detected dups).
My honest recommendation, yet again, is to use inbox.tv or similar. They even give you more storage (20 Gigs) in their drive. Most importantly, they work with well established conventions in hackerspace. You'd still have to generate an imap password and use it, but it won't make you cry like google. This should get you going once you have the account set up.
Here's my config for inbox.tv:
msmtp
account clear host mail.inbox.tv port 587 from user@inbox.tv user user@inbox.tv passwordeval "gpg --decrypt --for-your-eyes-only --no-tty --quiet ~/.inbox.tv.gpg" auth on tls on tls_starttls on tls_trust_file /etc/ssl/certs/ca-certificates.crt
mbsync
IMAPAccount Clear Host mail.inbox.tv User user@inbox.tv PassCmd "gpg --decrypt --for-your-eyes-only --no-tty --quiet ~/.inbox.tv.gpg" TLSType IMAPS Port 993 IMAPStore Clear-remote Account Clear MaildirStore Clear-local Path ~/Mail/user@inbox.tv/ Inbox ~/Mail/user@inbox.tv/INBOX SubFolders Verbatim
Of course, you'd have to change a bunch of things. However, it works like a charm. Also plays nice with K9-mail.
My notmuch config is not much (pun intended), I just define a default account, and call it a day. The scripts handle the rest of the grunt work for most part.
