~sircmpwn/aerc

18 3

Unable to send mail using ProtonMail Bridge

Details
Message ID
<sKAqwHGvZF1-6fOtTG59zTsLQ2SEOvgnxDg4nSqSJGgmJfdhbqVw7--EH3HrG4uPZKavIftLBL735io14_Tzbtt3fp_Vv9xp6yebPlsWpCM=@pm.me>
DKIM signature
pass
Download raw message
Hey!

I discovered aerc today and was positively impressed by it, so I wanted to give it a shot.
As you can tell from my address, I use ProtonMail. I've successfully set the bridge up and I've used neomutt well so far. However, after setting up my account through aerc's (very nice) wizard, it was unable to receive incoming mail. I looked in these lists and found a thread by a person using Hydroxide. That is not my case, but the suggestion of adding `insecure` to the IMAP protocol worked. Sending email is still not a thing though. I always get this error message:

`StartTLS: x509: certificate doesn't match any name, but wanted to match localhost`

What can the issue here be? Disabling STARTTLS (like it was also suggested in that thread) doesn't work either, as it complains the server supports it, thus it should be used.

Thanks in advance!

~Tmpod

PS: I have one concern regarding the `insecure` part on the source URI. Does that expose my incoming mail in transaction from the bridge to aerc? My laptop is personal and the only user is mine, but still I'd like to know for sure.
Details
Message ID
<ZogMfTRTo1ZFqHs0GDsR8zUjeNchKu57ei7RM4NRoL4_9P8fdPJGaDTimoIhlkpQwtEuII7CkXwf30P0hFIkfshvYCAUg0P22M2JQ0Xi43k=@pm.me>
In-Reply-To
<sKAqwHGvZF1-6fOtTG59zTsLQ2SEOvgnxDg4nSqSJGgmJfdhbqVw7--EH3HrG4uPZKavIftLBL735io14_Tzbtt3fp_Vv9xp6yebPlsWpCM=@pm.me> (view parent)
DKIM signature
pass
Download raw message
Oh, apologies for the long lines, forgot PM doesn't wrap lines automatically.
Still new to email workflow!
Details
Message ID
<zMvKVDifc-eAfZOGduM4i_FcYR28vBNPo10lVKdLBkmVbqvLRNlEaPP9zt4J0iuKf8wuK-3IMKXLxalbYg8ge83l-QnYxvNxtt7sULkBCi0=@emersion.fr>
In-Reply-To
<sKAqwHGvZF1-6fOtTG59zTsLQ2SEOvgnxDg4nSqSJGgmJfdhbqVw7--EH3HrG4uPZKavIftLBL735io14_Tzbtt3fp_Vv9xp6yebPlsWpCM=@pm.me> (view parent)
DKIM signature
pass
Download raw message
On Monday, February 22nd, 2021 at 1:18 PM, <Tmpod@pm.me> wrote:

> PS: I have one concern regarding the `insecure` part on the source
> URI. Does that expose my incoming mail in transaction from the bridge
> to aerc? My laptop is personal and the only user is mine, but still
> I'd like to know for sure.

As long as the bridge runs on the same machine as the e-mail client,
nothing should leak with plain-text connections.
Details
Message ID
<VoW5z3Otp4gBFdqK18Pg5_XtnN8MV_DYej4FZu7UdCCr08FiVrrbjLhm46BlSlZ3hhZw5Nj3y4E4Se4YUiytnVYEQjPJN_aN-kXSda2nayA=@pm.me>
In-Reply-To
<zMvKVDifc-eAfZOGduM4i_FcYR28vBNPo10lVKdLBkmVbqvLRNlEaPP9zt4J0iuKf8wuK-3IMKXLxalbYg8ge83l-QnYxvNxtt7sULkBCi0=@emersion.fr> (view parent)
DKIM signature
pass
Download raw message
I see, thanks for the quick reply!

Regarding the issue, do you have any idea?
Details
Message ID
<JF8aqmtVcLN2pViQ7giJJkALXwZw8xEjhKfI19RTuRoMscoDPC1q8IpCtriBg_fZv-CvrJsAseaj1dZrfAkldfOTP6Bf4SKJ7RnGryNOO74=@emersion.fr>
In-Reply-To
<VoW5z3Otp4gBFdqK18Pg5_XtnN8MV_DYej4FZu7UdCCr08FiVrrbjLhm46BlSlZ3hhZw5Nj3y4E4Se4YUiytnVYEQjPJN_aN-kXSda2nayA=@pm.me> (view parent)
DKIM signature
pass
Download raw message
On Monday, February 22nd, 2021 at 1:26 PM, <Tmpod@pm.me> wrote:

> Regarding the issue, do you have any idea?

No, sorry. It would make sense to not try to negotiate STARTTLS when
explicitly disabled by the user, I think.
Details
Message ID
<20210222124401.ezm7225qnws5rzgx@feather.localdomain>
In-Reply-To
<sKAqwHGvZF1-6fOtTG59zTsLQ2SEOvgnxDg4nSqSJGgmJfdhbqVw7--EH3HrG4uPZKavIftLBL735io14_Tzbtt3fp_Vv9xp6yebPlsWpCM=@pm.me> (view parent)
DKIM signature
pass
Download raw message
On Mon, Feb 22, 2021 at 12:18:15PM +0000, Tmpod@pm.me wrote:
> `StartTLS: x509: certificate doesn't match any name, but wanted to match localhost`
> What can the issue here be? Disabling STARTTLS (like it was also suggested in that thread) doesn't work either, as it complains the server supports it, thus it should be used.

The cert the bridge creates is invalid (as it is self signed).

You have two options:
1) add the CA of the protonmail bridge to the CA cert store
2) Use hydroxide

> PS: I have one concern regarding the `insecure` part on the source URI. Does that expose my incoming mail in transaction from the bridge to aerc? My laptop is personal and the only user is mine, but still I'd like to know for sure.

It is the connection between aerc and the bridge on localhost, which is not encrypted.

[aerc] --(horribly insecure)--> [proton bridge] --(TLS one would hope)--> [protonmail]
Details
Message ID
<20210222124636.yl4jr4n5lsytpkxu@feather.localdomain>
In-Reply-To
<JF8aqmtVcLN2pViQ7giJJkALXwZw8xEjhKfI19RTuRoMscoDPC1q8IpCtriBg_fZv-CvrJsAseaj1dZrfAkldfOTP6Bf4SKJ7RnGryNOO74=@emersion.fr> (view parent)
DKIM signature
pass
Download raw message
On Mon, Feb 22, 2021 at 12:28:13PM +0000, Simon Ser wrote:
> No, sorry. It would make sense to not try to negotiate STARTTLS when
> explicitly disabled by the user, I think.

Not particularly fond of it... If you can trivially disable protections people
will just blindly do that without thinking about it much.

Better would be cert pinning which is https://todo.sr.ht/~sircmpwn/aerc2/329
Details
Message ID
<x-Niso0YPmOHUzHZFUbQJlW8re0o0A6SyjI8DJorob-JWrkEXdNanOd8Z7T1GqtcU5AkHsBsP50iiiouFIQ_GAbRRLVHUJY4_s392D5BoxM=@pm.me>
In-Reply-To
<20210222124401.ezm7225qnws5rzgx@feather.localdomain> (view parent)
DKIM signature
pass
Download raw message
Yeah, I could look into Hydroxide ig, but I'd like to know more about what the downsides of adding the bridge CA to the store.

Also, how could I fix the "horribly insecure" transactions between aerc and the bridge?

Thanks
Details
Message ID
<tqvSpY6w04b-4SoVohGRq3t9fyRaHkBFpxthPHg4KPcWyjIMithf2hq35RY33AISlHgZr2s-ks6ge1TGxknKKA9u3rHAPrbgUvTZFt2f-X8=@emersion.fr>
In-Reply-To
<x-Niso0YPmOHUzHZFUbQJlW8re0o0A6SyjI8DJorob-JWrkEXdNanOd8Z7T1GqtcU5AkHsBsP50iiiouFIQ_GAbRRLVHUJY4_s392D5BoxM=@pm.me> (view parent)
DKIM signature
pass
Download raw message
On Monday, February 22nd, 2021 at 1:51 PM, <Tmpod@pm.me> wrote:

> Yeah, I could look into Hydroxide ig, but I'd like to know more about
> what the downsides of adding the bridge CA to the store.

It basically allows the bridge to create a trusted certificate for any
domain. I don't think it's a good idea.

> Also, how could I fix the "horribly insecure" transactions between
> aerc and the bridge?

There's no need to do this, since everything is local. Unix sockets
would maybe make more sense than TCP for this use-case.

If the bridge is on another machine, certificate pinning would be the
way to go, I think. Or Let's Encrypt if the system has a dedicated
domain name.
Details
Message ID
<Qn08FwpvUU3SVIQdwLYGIVhSYp8TPhAfSgRQboPplLNgQfJSrMuh2gV5g4ECLny12L4WUylQCeWiwdM9Z54OHTV7G07Gfrn-lurieP0uGI0=@emersion.fr>
In-Reply-To
<20210222124636.yl4jr4n5lsytpkxu@feather.localdomain> (view parent)
DKIM signature
pass
Download raw message
On Monday, February 22nd, 2021 at 1:46 PM, Reto <reto@labrat.space> wrote:

> On Mon, Feb 22, 2021 at 12:28:13PM +0000, Simon Ser wrote:
>
> > No, sorry. It would make sense to not try to negotiate STARTTLS when
> > explicitly disabled by the user, I think.
>
> Not particularly fond of it... If you can trivially disable
> protections people will just blindly do that without thinking about
> it much.

TLS without certificate checks is as good as cleartext anyways.
Details
Message ID
<20210222130629.y2fjqnj3a7uetu2n@feather.localdomain>
In-Reply-To
<Qn08FwpvUU3SVIQdwLYGIVhSYp8TPhAfSgRQboPplLNgQfJSrMuh2gV5g4ECLny12L4WUylQCeWiwdM9Z54OHTV7G07Gfrn-lurieP0uGI0=@emersion.fr> (view parent)
DKIM signature
pass
Download raw message
On Mon, Feb 22, 2021 at 01:01:17PM +0000, Simon Ser wrote:
> TLS without certificate checks is as good as cleartext anyways.

Indeed, that's why I don't want to blindly trust the cert.
If you pin it then at least you notice if it is different from the time you generated
the fingerprint...

Essentially you are then back to TOFU property wise, which is way better than just
using plain text.

Or do you have a different opinion here?
Details
Message ID
<20210222130924.pvadxjwhha7e24he@feather.localdomain>
In-Reply-To
<tqvSpY6w04b-4SoVohGRq3t9fyRaHkBFpxthPHg4KPcWyjIMithf2hq35RY33AISlHgZr2s-ks6ge1TGxknKKA9u3rHAPrbgUvTZFt2f-X8=@emersion.fr> (view parent)
DKIM signature
pass
Download raw message
On Mon, Feb 22, 2021 at 01:00:15PM +0000, Simon Ser wrote:
> > Also, how could I fix the "horribly insecure" transactions between
> > aerc and the bridge?
>
> There's no need to do this, since everything is local. Unix sockets
> would maybe make more sense than TCP for this use-case.

Assuming you trust everything on the host that can mess with routing tables and
firewalls and such, whatever can reroute and copy packets.

If you aren't the admin of the box (say on a company owned server) then that's
not guaranteed. If you are the sole user and admin, sure.
Details
Message ID
<rJ8CMnmSiYnS4lSADv1iO7XnmOIk4Kw91yHILb9hwaN5vy8UbEoIx-WkjzJM0_KdQtbrptPEVBX9_xuYHatO2hyQz8_Fdks4aTq6YJxMfhc=@emersion.fr>
In-Reply-To
<20210222130629.y2fjqnj3a7uetu2n@feather.localdomain> (view parent)
DKIM signature
pass
Download raw message
On Monday, February 22nd, 2021 at 2:06 PM, Reto <reto@labrat.space> wrote:

> On Mon, Feb 22, 2021 at 01:01:17PM +0000, Simon Ser wrote:
>
> > TLS without certificate checks is as good as cleartext anyways.
>
> Indeed, that's why I don't want to blindly trust the cert.
>
> If you pin it then at least you notice if it is different from the time you generated
> the fingerprint...
>
> Essentially you are then back to TOFU property wise, which is way better than just
> using plain text.
>
> Or do you have a different opinion here?

The "insecure" option blindly trusts the cert. So I don't think it's a
big deal to *not* negotiate STARTTLS when insecure is explicitly
specified by the user.

Yes, cert pinning is way better than accepting all certificates. For
the use-case of a local SMTP server, none of this matters, since there
can't be any man in the middle.
Details
Message ID
<zIXlCasYkNY7zJzcWgHeNWvbE0EhH76QiTDGjp92q4-7PBv2mk2dbceuRblfTtAa5MP288ocIq9PzGxttPUkzhPFxdHuQtHdMfa_512_nMo=@emersion.fr>
In-Reply-To
<20210222130924.pvadxjwhha7e24he@feather.localdomain> (view parent)
DKIM signature
pass
Download raw message
On Monday, February 22nd, 2021 at 2:09 PM, Reto <reto@labrat.space> wrote:

> On Mon, Feb 22, 2021 at 01:00:15PM +0000, Simon Ser wrote:
>
> > > Also, how could I fix the "horribly insecure" transactions between
> > > aerc and the bridge?
> >
> > There's no need to do this, since everything is local. Unix sockets
> > would maybe make more sense than TCP for this use-case.
>
> Assuming you trust everything on the host that can mess with routing tables and
> firewalls and such, whatever can reroute and copy packets.
>
> If you aren't the admin of the box (say on a company owned server) then that's
> not guaranteed. If you are the sole user and admin, sure.

Your admin could just install a keylogger, instead of going through the
trouble of re-routing hydroxide traffic.

If you don't trust your admin, all bets are off.
Details
Message ID
<1oCM3VUEZ8Nz3VTdSpe8M4XRaGW8DmBNxvHup8ZfyRNT6d7GheOUyOeHjzusknrdlERKXU1X9gXmnDBsDHLrxCu0sFHm_nR6YUVodhJm7f4=@pm.me>
In-Reply-To
<tqvSpY6w04b-4SoVohGRq3t9fyRaHkBFpxthPHg4KPcWyjIMithf2hq35RY33AISlHgZr2s-ks6ge1TGxknKKA9u3rHAPrbgUvTZFt2f-X8=@emersion.fr> (view parent)
DKIM signature
pass
Download raw message
> It basically allows the bridge to create a trusted certificate for any
domain. I don't think it's a good idea.

I mean, I trust Proton, the bridge is open-source and I don't believe my installation has been tampered with, so I'd be fine with doing that, unless of course there's some way other programs could exploit that.

Either way, I will try Hydroxide too.


PS: Unrelated question, but how do I select text in aerc? The mouse doesn't change over to the I beam, so I'm unable to select any text, which would rather annoying when replying.
Details
Message ID
<mqI2uNMrCZyiwFC1oVdtUK6EyiNHUrbO6Z-VTbS_cbgOhjxgLHKFuC1fInfTfUW5TLQOElMyYTHw15wicq7ejz7HOe5q84A05JkHyFHlPpM=@pm.me>
In-Reply-To
<1oCM3VUEZ8Nz3VTdSpe8M4XRaGW8DmBNxvHup8ZfyRNT6d7GheOUyOeHjzusknrdlERKXU1X9gXmnDBsDHLrxCu0sFHm_nR6YUVodhJm7f4=@pm.me> (view parent)
DKIM signature
pass
Download raw message
And I forgot to mind the lines again, I'm so sorry! :/
Details
Message ID
<ax4lPPXdvbpZCIZcvRiSQUuZKiiK6h9YWnKvi13WkIfKRTJTjw5kqzpnkm_srdPw93Fly8_19pFv9iGLQNwYA6DkDJFiYmkHnka_IGiNlGY=@pm.me>
In-Reply-To
<1oCM3VUEZ8Nz3VTdSpe8M4XRaGW8DmBNxvHup8ZfyRNT6d7GheOUyOeHjzusknrdlERKXU1X9gXmnDBsDHLrxCu0sFHm_nR6YUVodhJm7f4=@pm.me> (view parent)
DKIM signature
pass
Download raw message
Regarding the issue with text selection, it was due to having mouse mode enabled.
Can't both things work at the same time?
I've seen it done in things like the micro editor.
Anyways, off-topic.
Details
Message ID
<48B508A6-4DBC-48B5-8E77-7DA6BD5891E2@labrat.space>
In-Reply-To
<ax4lPPXdvbpZCIZcvRiSQUuZKiiK6h9YWnKvi13WkIfKRTJTjw5kqzpnkm_srdPw93Fly8_19pFv9iGLQNwYA6DkDJFiYmkHnka_IGiNlGY=@pm.me> (view parent)
DKIM signature
pass
Download raw message
On 22 February 2021 15:47:04 CET, Tmpod@pm.me wrote:
>Can't both things work at the same time?

Sure, hold shift while dragging
Details
Message ID
<GKW-LzepvpfAaXt_VOvNgcrh1go6RxXTRjqNZs_GzaXfrors7Do-39JAJ7eTSE_7X5JPKHFMWc5pz_X9HNBGNhGrd7Ms_SUDljbFpDZZ7Eg=@pm.me>
In-Reply-To
<48B508A6-4DBC-48B5-8E77-7DA6BD5891E2@labrat.space> (view parent)
DKIM signature
pass
Download raw message
Oh perfect! Thanks :)
Reply to thread Export thread (mbox)