E-mail with Aerc, isync, pass and GnuPG

May 26, 2024, 1:36 pm

I already use pass and GnuPG to handle my passwords, but now I wanted to setup the Aerc e-mail client on my laptop.

Here’s how I did it on Atomic Fedora Sway 40.

Thinking in containers

With Atomic Fedora I try to run everything I can in a container, to keep modifications to the host OS down to a minimum.

Here’s what I install in a toolbox container.

sudo dnf install aerc isync pinentry-gnome3 bat pandoc

The last two are personal preference.

gpg-agent

Fedora already handles starting gpg-agent with /usr/lib/systemd/user/gpg-agent.socket, but we need to tell gpg-agent to use a different pinentry program by adding this line to ~/.gnupg/gpg-agent.conf.

pinentry-program /usr/bin/pinentry-gnome3

We need to use the gnome3 pinentry because in a lot of cases gpg will not be called using a TTY, so even if you can get pinentry-curses working by setting GPG_TTY=$(tty) it still causes a lot of problems when called from aerc.

isync/mbsync

A lot of people mention mbsync online without saying it’s part of the isync package, mbsync is merely the binary name.

Here is how I configure my mbsync in ~/.mbsyncrc, YMMV, but note that I use the pass command to fetch my password.

IMAPAccount work-imap
Host mailserver.example.com
User stefan@example.com
PassCmd "pass mailserver.example.com/stefan@example.com"
SSLType IMAPS

MaildirStore work-maildir
Path ~/Mail/work/
INBOX ~/Mail/work/INBOX
SubFolders Verbatim

IMAPStore work-imap
Account work-imap

Channel work
Far :work-imap:
Near :work-maildir:
Patterns INBOX Archive Sent Junk Drafts
Create Both
SyncState *
# Uncomment this when you're confident, because it deletes deleted mails on
# your IMAP server.
#Expunge Both

Don’t forget to create the Maildir directory structure, mkdir -p ~/Mail/work.

Now run mbsync to test it, mbsync -c ~/.config/isync/mbsyncrc work.

mbsync timer

I’d like to run mbsync regularly and also send a notification if there is new mail, so save something like this script in ~/.local/bin/mbsync.bash.

#!/usr/bin/bash

killall mbsync &>/dev/null

test -z "$1" && exit 1
channel=$1

/usr/bin/mbsync -c $HOME/.config/isync/mbsyncrc -q "$channel"

maildirnew="$HOME/Mail/$channel/INBOX/new/"
new="$(find $maildirnew -type f | wc -l)"

maildirold="$HOME/Mail/$channel/INBOX/cur/"
old="$(find $maildirold -type f | wc -l)"

export DISPLAY=:0; export XAUTHORITY=~/.Xauthority

if [ $new -gt 0 ]; then
  /usr/bin/notify-send --icon='/usr/share/icons/breeze/actions/16/mail-message-new.svg' \
    -a "mbsync" "You've got mail" "($new/$old)"
fi

You can change the icon and other paths to suit your environment.

And setup the timer to run a service that calls toolbox run ~/.local/bin/mbsync.bash, these files go in ~/.config/systemd/user/mbsync@.timer and ~/.config/systemd/user/mbsync@.service respectively.

[Unit]
Description=IMAP sync to Maildir

[Timer]
OnCalendar=*:0/10

[Install]
WantedBy=timers.target

[Unit]
Description=IMAP sync to Maildir

[Service]
Type=oneshot
ExecStart=/usr/bin/toolbox run %h/.local/bin/mbsync.bash %i

Use the name of the mbsync channel in the timer, this will run the corresponding service mbsync@work.service.

systemctl --user enable mbsync@work.timer
systemctl --user start mbsync@work.timer

Aerc

Bootstrap the aerc config dirs like this, mkdir -p ~/.config/aerc/{templates,filters}.

Signature template

A very basic default e-mail template with a signature that I create like this.

printf '\n\n\n/ Stefan Midjich @ Work' > ~/.config/aerc/templates/work-signature.txt

General config

~/.config/aerc/aerc.conf

[general]
pgp-provider = gpg
log-file = ~/.config/aerc/messages.log

[ui]
styleset-name = nord
icon-unencrypted = 🔓
icon-encrypted = 🔒
icon-signed = ✔
icon-signed-encrypted = ✅

[viewer]
pager = bat --pager=always
always-show-mime = true
max-mime-height = 5

[filters]
text/plain=bat
text/html=pandoc -f html -t plain

[templates]
new-message = work-signature.txt

Accounts config

~/.config/aerc/accounts.conf is where you put passwords for outgoing SMTP, and need to use pass again.

[work]
source = maildir://~/Mail/work
outgoing = smtp+login://user@smtp.example.com:587
outgoing-cred-cmd = pass mailserver.example.com/user@smtp.example.com
check-mail-cmd = mbsync -c ~/.config/isync/mbsyncrc work
from = Stefan Midjich <stefan@example.com>
copy-to = Sent
pgp-auto-sign = true
pgp-attach-key = true
pgp-opportunistic-encrypt = true
pgp-key-id = XXXXXX

How to use Aerc

Now you can run the :check-mail command from aerc and it will call mbsync, display the pinentry-gnome3 dialog and you can enter your PGP password.

Same with any PGP operations, and when sending e-mail, the correct pinentry will be used.

My advice is to start by reading the 4 manpages aerc(1), aerc-config(5), aerc-accounts(5) and aerc-tutorial(7).

aerc.desktop

Placing this file in ~/.local/share/applications allows my Sway rofi menu to find aerc and start it.

[Desktop Entry]
Type=Application
Version=1.0
Name=aerc
GenericName=E-mail client
Comment=Terminal e-mail client with tmux-like navigation.
Icon=aerc
Exec=/usr/bin/toolbox run aerc
Terminal=true