# Mail Setup Neomutt + mbsync + msmtp with OAuth2 for Outlook.com personal accounts. Config files are in the dotfiles repo — this covers the manual steps needed on a fresh install. ## Packages ```bash sudo dnf install rbw isync msmtp neomutt ``` ## 1. rbw (Bitwarden CLI) ```bash rbw config set email robharbaugh@outlook.com rbw config set base_url https://vault.bitwarden.com rbw login ``` ## 2. Azure OAuth2 App Registration Do this once. The client ID and secret live in Bitwarden. 1. Go to portal.azure.com — sign in with robharbaugh@outlook.com as a personal account 2. Search **App registrations** → **New registration** 3. Name: anything (e.g. `neomutt`) 4. Supported account types: **Accounts in any organizational directory and personal Microsoft accounts** 5. Redirect URI: **Web** → `http://localhost/` 6. Click **Register**, copy the **Application (client) ID** → save to rbw as `outlook-oauth-client-id` 7. **Certificates & secrets** → **New client secret** → copy the **Value** → save to rbw as `outlook-oauth-client-secret` 8. **API permissions** → **Add a permission** → **APIs my organization uses** → **Office 365 Exchange Online** 9. **Delegated permissions** → add: `IMAP.AccessAsUser.All`, `SMTP.Send`, `offline_access` ## 3. GPG Key Check for an existing key first: ```bash gpg --list-secret-keys ``` If none, generate one: ```bash gpg --full-generate-key ``` Choose RSA 4096, no expiry, use robharbaugh@outlook.com as the email. Note the short key ID (e.g. `A40B4F53`) — update the keychain line in `.zshrc` with it: ```zsh eval "$(keychain --eval --quiet --gpg github git)" ``` ## 4. OAuth2 Token ```bash mkdir -p ~/.config/neomutt export GPG_TTY=$(tty) python3 /usr/share/neomutt/oauth2/mutt_oauth2.py \ ~/.config/neomutt/outlook.tokens \ --authorize \ --provider microsoft \ --authflow localhostauthcode \ --encryption-pipe "gpg --encrypt --recipient robharbaugh@outlook.com" \ --decryption-pipe "gpg --decrypt" \ --client-id "$(rbw get outlook-oauth-client-id)" \ --client-secret "$(rbw get outlook-oauth-client-secret)" ``` Enter `robharbaugh@outlook.com` when prompted for email and GPG recipient. This opens a browser for the one-time Microsoft login. Tokens are saved to `~/.config/neomutt/outlook.tokens` (encrypted, not in git). ## 5. Stow configs ```bash cd ~/.dotfiles stow laptop ``` This symlinks mbsync, msmtp, neomutt, and all other configs into place. ## 6. Initial mail sync ```bash mkdir -p ~/mail/outlook ~/.local/share/msmtp mbsync ``` The first sync will take a while depending on mailbox size. ## Token file `~/.config/neomutt/outlook.tokens` is managed by mutt-oauth2 and is not in git. It is GPG-encrypted with your key. If it is lost, re-run step 4. Tokens refresh automatically — you should never need to re-authorize unless you revoke the app in Azure.