Esmtp Riseup
Using esmtp for outgoing SMTP with riseup
Riseup offers authenticated SMTP for outgoing email and they strip the originating IP address which is good for anonymity.
The following notes are based on using esmtp mutt on Blag / Fedora but should work with other distros, also msmtp http://msmtp.sf.net/ provides very similar functionality, see http://msmtp.sourceforge.net/doc/mutt+msmtp.txt and http://msmtp.sourceforge.net/doc/msmtp.html#Using-msmtp-with-Mutt and the msmtp / debian notes at the end of this page.
First install esmtp, http://esmtp.sf.net/ :
yum install esmtp
Then, following the docs, http://esmtp.sourceforge.net/manual.html and create a ~/.esmtprc file like this:
# Configuration file for ESMTP. identity = username@riseup.net hostname = mail.riseup.net:25 username = "username" password = "password" starttls = required default
Of course change the "username" and "password"...
Then previously you needed to install the root cert from ipsCA, http://certs.ipsca.com/Store/Store.asp
mkdir ~/.authenticate chmod 700 ~/.authenticate cd ~/.authenticate wget http://certs.ipsca.com/companyIPSipsCA/IPS-IPSCABUNDLE.CRT mv IPS-IPSCABUNDLE.CRT ca.pem chmod 600 ca.pem
However now riseup used gandi.net:
msmtp --serverinfo --host=mail.riseup.net --tls=on --port=587 --tls-certcheck=off
So, we can follow the instructions that were on the gandi wiki, http://wiki.gandi.net/en/ssl/intermediate?rev=1236084787 :
mkdir ~/.authenticate chmod 700 ~/.authenticate cd ~/.authenticate wget http://crt.gandi.net/GandiStandardSSLCA.crt wget http://crt.usertrust.com/UTNAddTrustServer_CA.crt wget http://crt.usertrust.com/AddTrustExternalCARoot.crt openssl x509 -inform DER -in GandiStandardSSLCA.crt -out GandiStandardSSLCA.pem openssl x509 -inform DER -in AddTrustExternalCARoot.crt -out AddTrustExternalCARoot.pem openssl x509 -inform DER -in UTNAddTrustServer_CA.crt -out UTNAddTrustServer_CA.pem cat GandiStandardSSLCA.pem >> ca.pem cat AddTrustExternalCARoot.pem >> ca.pem cat UTNAddTrustServer_CA.pem >> ca.pem chmod 600 ca.pem
If you need some other roots certs as well you can add these to then end, eg:
cd ~/.authenticate wget http://www.cacert.org/certs/root.crt cat root.crt >> ca.pem
Then add this to your ~/.muttrc
set sendmail="/usr/bin/esmtp"
For other MUAs see the notes here: http://esmtp.sourceforge.net/manual.html
msmtp
Debian won't let you install esmpt without removing the main sendmail / exim / postfix, but you can install and use msmtp.
Install:
apt-get install msmtp
Create a .msmtprc:
touch ~/.msmtprc chmod 600 ~/.msmtprc
Add this to it:
account default host mail.riseup.net from username@riseup.net auth on user username password password tls on tls_trust_file ~/.authenticate/ca.pem tls_certcheck on tls_priorities "SECURE256"
And set up ~/.authenticate as for Esmtp above.
Then add this to your ~/.muttrc
set sendmail="/usr/bin/msmtp" set envelope_from=yes