rob/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f0ee16ebd1d1393d9570c627370ee3a47aead16
dotfiles/MAIL_SETUP.md
Rob Harbaugh 2763011158 Add mail setup guide, remove calendar configs 
Documents the full Outlook.com OAuth2 mail setup (rbw, Azure app registration,
GPG, mutt-oauth2, mbsync, msmtp, neomutt) for reinstall reference.
Removes vdirsyncer/khal configs and calsync alias.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-20 14:47:46 -04:00

2.8 KiB
Raw Blame History

Mail Setup

Neomutt + mbsync + msmtp with OAuth2 for Outlook.com personal accounts. Config files are in the dotfiles repo — this covers the manual steps needed on a fresh install.

Packages

sudo dnf install rbw isync msmtp neomutt

1. rbw (Bitwarden CLI)

rbw config set email robharbaugh@outlook.com
rbw config set base_url https://vault.bitwarden.com
rbw login

2. Azure OAuth2 App Registration

Do this once. The client ID and secret live in Bitwarden.

  1. Go to portal.azure.com — sign in with robharbaugh@outlook.com as a personal account
  2. Search App registrationsNew registration
  3. Name: anything (e.g. neomutt)
  4. Supported account types: Accounts in any organizational directory and personal Microsoft accounts
  5. Redirect URI: Webhttp://localhost/
  6. Click Register, copy the Application (client) ID → save to rbw as outlook-oauth-client-id
  7. Certificates & secretsNew client secret → copy the Value → save to rbw as outlook-oauth-client-secret
  8. API permissionsAdd a permissionAPIs my organization usesOffice 365 Exchange Online
  9. Delegated permissions → add: IMAP.AccessAsUser.All, SMTP.Send, offline_access

3. GPG Key

Check for an existing key first:

gpg --list-secret-keys

If none, generate one:

gpg --full-generate-key

Choose RSA 4096, no expiry, use robharbaugh@outlook.com as the email. Note the short key ID (e.g. A40B4F53) — update the keychain line in .zshrc with it:

eval "$(keychain --eval --quiet --gpg <key-id> github git)"

4. OAuth2 Token

mkdir -p ~/.config/neomutt
export GPG_TTY=$(tty)
python3 /usr/share/neomutt/oauth2/mutt_oauth2.py \
  ~/.config/neomutt/outlook.tokens \
  --authorize \
  --provider microsoft \
  --authflow localhostauthcode \
  --encryption-pipe "gpg --encrypt --recipient robharbaugh@outlook.com" \
  --decryption-pipe "gpg --decrypt" \
  --client-id "$(rbw get outlook-oauth-client-id)" \
  --client-secret "$(rbw get outlook-oauth-client-secret)"

Enter robharbaugh@outlook.com when prompted for email and GPG recipient. This opens a browser for the one-time Microsoft login. Tokens are saved to ~/.config/neomutt/outlook.tokens (encrypted, not in git).

5. Stow configs

cd ~/.dotfiles
stow laptop

This symlinks mbsync, msmtp, neomutt, and all other configs into place.

6. Initial mail sync

mkdir -p ~/mail/outlook ~/.local/share/msmtp
mbsync

The first sync will take a while depending on mailbox size.

Token file

~/.config/neomutt/outlook.tokens is managed by mutt-oauth2 and is not in git. It is GPG-encrypted with your key. If it is lost, re-run step 4. Tokens refresh automatically — you should never need to re-authorize unless you revoke the app in Azure.

Reference in New Issue View Git Blame Copy Permalink