rob/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bbe6c1f7d1aea672e08f6765eef545fca13d496a
dotfiles/MAIL_SETUP.md
Rob Harbaugh 2763011158 Add mail setup guide, remove calendar configs 
Documents the full Outlook.com OAuth2 mail setup (rbw, Azure app registration,
GPG, mutt-oauth2, mbsync, msmtp, neomutt) for reinstall reference.
Removes vdirsyncer/khal configs and calsync alias.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-20 14:47:46 -04:00

99 lines
2.8 KiB
Markdown
Raw Blame History

# Mail Setup
Neomutt + mbsync + msmtp with OAuth2 for Outlook.com personal accounts.
Config files are in the dotfiles repo — this covers the manual steps needed on a fresh install.
## Packages
```bash
sudo dnf install rbw isync msmtp neomutt
```
## 1. rbw (Bitwarden CLI)
```bash
rbw config set email robharbaugh@outlook.com
rbw config set base_url https://vault.bitwarden.com
rbw login
```
## 2. Azure OAuth2 App Registration
Do this once. The client ID and secret live in Bitwarden.
1. Go to portal.azure.com — sign in with robharbaugh@outlook.com as a personal account
2. Search **App registrations****New registration**
3. Name: anything (e.g. `neomutt`)
4. Supported account types: **Accounts in any organizational directory and personal Microsoft accounts**
5. Redirect URI: **Web**`http://localhost/`
6. Click **Register**, copy the **Application (client) ID** → save to rbw as `outlook-oauth-client-id`
7. **Certificates & secrets****New client secret** → copy the **Value** → save to rbw as `outlook-oauth-client-secret`
8. **API permissions****Add a permission****APIs my organization uses****Office 365 Exchange Online**
9. **Delegated permissions** → add: `IMAP.AccessAsUser.All`, `SMTP.Send`, `offline_access`
## 3. GPG Key
Check for an existing key first:
```bash
gpg --list-secret-keys
```
If none, generate one:
```bash
gpg --full-generate-key
```
Choose RSA 4096, no expiry, use robharbaugh@outlook.com as the email.
Note the short key ID (e.g. `A40B4F53`) — update the keychain line in `.zshrc` with it:
```zsh
eval "$(keychain --eval --quiet --gpg <key-id> github git)"
```
## 4. OAuth2 Token
```bash
mkdir -p ~/.config/neomutt
export GPG_TTY=$(tty)
python3 /usr/share/neomutt/oauth2/mutt_oauth2.py \
~/.config/neomutt/outlook.tokens \
--authorize \
--provider microsoft \
--authflow localhostauthcode \
--encryption-pipe "gpg --encrypt --recipient robharbaugh@outlook.com" \
--decryption-pipe "gpg --decrypt" \
--client-id "$(rbw get outlook-oauth-client-id)" \
--client-secret "$(rbw get outlook-oauth-client-secret)"
```
Enter `robharbaugh@outlook.com` when prompted for email and GPG recipient.
This opens a browser for the one-time Microsoft login. Tokens are saved to
`~/.config/neomutt/outlook.tokens` (encrypted, not in git).
## 5. Stow configs
```bash
cd ~/.dotfiles
stow laptop
```
This symlinks mbsync, msmtp, neomutt, and all other configs into place.
## 6. Initial mail sync
```bash
mkdir -p ~/mail/outlook ~/.local/share/msmtp
mbsync
```
The first sync will take a while depending on mailbox size.
## Token file
`~/.config/neomutt/outlook.tokens` is managed by mutt-oauth2 and is not in git.
It is GPG-encrypted with your key. If it is lost, re-run step 4.
Tokens refresh automatically — you should never need to re-authorize unless
you revoke the app in Azure.
Reference in New Issue View Git Blame Copy Permalink