securing muttrc on the mac

[dv1445]

Hello,

A week or two ago there was a thread about how to secure one's .muttrc
file if it has passwords sitting there in plaintext.  A bit of tooling
around has resulted in the following tip for those mutters working on
OSX.

The goal is not to encrypt the .muttrc, but rather to cleanse it of
vulnerable info.  So we want to remove passwords from the muttrc file,
but still not have to enter them in mutt when prompted.  The solution
is to let the OSX Keychain hold on to the passwords securely and give
them to mutt when needed.  The problem is how to make mutt interact
with Keychain Acess.app.

The solution is to (1) make sure Keychain Access.app ("KA") has your
password, (2) invoke a middleman that's already on your computer, and
(3) create another one that isn't.

The already-there middleman is a cli utility called "security" that's
part of OSX.  security will ask KA for the relevant password, and give
it to mutt.  Once mutt has the password(s) it will have them until you
quit mutt.

The middleman you have to create is simply to get mutt to be able to
ask security to ask KA for the password.  This middleman is a shell
script, which I called "vomit.sh".  The script tells security to grab
some info from KA, but KA gives security more than just the password.
Hence there's a ruby command to pluck the password out from the
rest.  Here are the contents of vomit.sh:

#!/bin/bash security 2>&1 >/dev/null find-internet-password -ga \
username|tee|ruby -e 'print $1 if STDIN.gets =~ /^password: \
"(.*)"$/'

NOTE 0: Everything after the #! line should be one line.  The single
backslashes are just for email line break purposes.  End note 0.

NOTE 1: I made this script using a tip from this webpage:
http://blog.macromates.com/2006/keychain-access-from-shell/.  You
should look at it for yourself, especially if you're not sure how to
make sure that KA has your password to begin with.  I don't know
anything about bash *or* ruby, so have at it.  I think this would be
better if we didn't have to rely on ruby.  End note 1.

NOTE 2: I had to modify it a bit (note the tee in between the username
and the ruby; without the tee I could not get security to properly
pass the string it retrived from KA to ruby).  End note 2.

You can test the script by simply running it in the terminal and
observing your password spit back out.  Once this is working properly,
you can do in your .muttrc:

set imap_pass = `~/vomit.sh` # (or wherever you want to put vomit.sh)

Note the backticks rather than apostrophes.  This also worked for me
for smtp_pass, so I assume it will work with POP, etc.

NOTE 3: I tried for a while to get the command housed in vomit.sh to
work properly when placed directly into my .muttrc between the
backticks.  I couldn't get it to work, so I resorted to the script.
I'd bet I just don't know how to properly escape special characters.
If someone knows, great.  End note 3.

I'm no expert, so if someone spies a hole here, let the list know.
The 2>&1 >/dev/null part of the script, taken from the web page, is
supposed to make it so the string from KA is not just left hanging
around, if I understand correctly.

This setup does *not* mean you won't have to type any passwords at all
when using mutt.  It only means you won't have to type any of your
*email* passwords.  You will be prompted (by OSX) for your *keychain*
pw when you hit "mutt", unless of course you have your keychain pw the
same as your OSX login pw *and* have it set to autounlock.  (But
presumably if you're worried about plaintext pw's sitting out there in
.muttrc for all to see, you won't have such lax keychain preferences).
-gmn

Re: sourcing rc

[Kyle Wheeler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Friday, August  8 at 01:44 PM, quoth Ravi Uday:
>Whenever I open mutt, I dont get the threaded view..though I have 
>these:
>
>set sort=threads
>set duplicate_threads=yes
>set sort_aux=last-date
>
>I need to :source ~/.muttrc to get into threaded view mode. Samething
>hapens when I move
>to a different mailbox and back to INBOX.
>
>Do you know why

Sounds like you have a folder-hook somewhere that's changing your 
sort.

~Kyle
- -- 
If women didn't exist, all the money in the world would have no 
meaning.
   -- Aristotle Onassis
-BEGIN PGP SIGNATURE-
Comment: Thank you for using encryption!

iEYEARECAAYFAkictg4ACgkQBkIOoMqOI1578ACfSaJvro9ZlSuvEGvzdy2HvH0A
VNcAmwes9EGqq4sL65nHIl4rVWhi+xCL
=ddZy
-END PGP SIGNATURE-

sourcing rc

[Ravi Uday]

Hi,

Whenever I open mutt, I dont get the threaded view..though I have these:

set sort=threads
set duplicate_threads=yes
set sort_aux=last-date

I need to :source ~/.muttrc to get into threaded view mode. Samething
hapens when I move
to a different mailbox and back to INBOX.

Do you know why

Thanks
Ravi

Re: Sort by most recently active thread

[Kyle Wheeler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Friday, August  8 at 04:07 PM, quoth Ethan Mallove:
> Is there a way to have mutt sort by most recently active thread? It 
> appears that mutt dates an email thread by the timestamp of the 
> initiating thread email.

Yes!

set sort_aux=last-date-received

- From the manual:

sort_aux
Type: sort order
Default: date

When sorting by threads, this variable controls how threads
are sorted in relation to other threads, and how the branches
of the thread trees are sorted.  This can be set to any value 
that "$sort"  can, except threads (in that case, mutt will
just use date-sent).  You can also specify the last- prefix 
in addition to the reverse- prefix, but last- must come after
reverse-.  THE LAST- PREFIX CAUSES MESSAGES TO BE SORTED
AGAINST ITS SIBLINGS BY WHICH HAS THE LAST DESCENDANT, USING
THE REST OF SORT_AUX AS AN ORDERING.  For instance, set
sort_aux=last- date-received would mean that if a new message
is received in a thread, that thread becomes the last one
displayed (or the first, if you have set
sort=reverse-threads.)  Note: For reversed "$sort" order
$sort_aux is reversed again (which is not the right thing to
do, but kept to not break any existing configuration setting).

~Kyle
- -- 
Ten percent of people can think, another ten percent of people think 
that they think, and eighty percent of people would rather die than be 
made to think.
 -- Ralph Waldo Emerson
-BEGIN PGP SIGNATURE-
Comment: Thank you for using encryption!

iEYEARECAAYFAkicrn4ACgkQBkIOoMqOI14sAQCfQdzWJV2zJdiHuJLCEQlbiDzE
YeQAnijcOy+xpMjTDRZh3blnqPBVOxeW
=xyNu
-END PGP SIGNATURE-

Sort by most recently active thread

[Ethan Mallove]

Hello,

Is there a way to have mutt sort by most recently active
thread? It appears that mutt dates an email thread by the
timestamp of the initiating thread email. E.g., instead of
this:

...
 0  N   Thu, Aug/07/2008 08:31:30AM Mutt(5.3K) [Mutt] #3100: 
forward_attribution missing
 1  N   Thu, Aug/07/2008 03:30:51AM Mutt(5.9K) [Mutt] #3099: 
(pager.c) Background of quoted text doesn't fill the whole line
->   2  N   Thu, Aug/07/2008 08:25:42PM Gary Johnson(7.9K) -->
 3  N   Thu, Aug/07/2008 08:30:16PM Christian Ebert (5.7K) -->
 4  N   Thu, Aug/07/2008 08:04:46PM Moritz Barsnick (6.8K) >
 5  N   Wed, Aug/06/2008 05:58:48PM Lars Hecking(5.6K) -->
 6  N   Wed, Aug/06/2008 09:45:37AM Mun Johl(7.3K) -->
 7  Ns  Wed, Aug/06/2008 12:26:45AM Kyle Wheeler(8.1K) -->
 8  N   Tue, Aug/05/2008 09:51:23PM Mun Johl(5.6K) Help needed to 
configure w3m as my HTML viewer

Since the "HTML viewer" thread has more recent activity
then the "#3100" and "#3099" threads, I want to see this:

...
->   1  N   Thu, Aug/07/2008 08:25:42PM Gary Johnson(7.9K) -->
 2  N   Thu, Aug/07/2008 08:30:16PM Christian Ebert (5.7K) -->
 3  N   Thu, Aug/07/2008 08:04:46PM Moritz Barsnick (6.8K) >
 4  N   Wed, Aug/06/2008 05:58:48PM Lars Hecking(5.6K) -->
 5  N   Wed, Aug/06/2008 09:45:37AM Mun Johl(7.3K) -->
 6  Ns  Wed, Aug/06/2008 12:26:45AM Kyle Wheeler(8.1K) -->
 7  N   Tue, Aug/05/2008 09:51:23PM Mun Johl(5.6K) Help needed to 
configure w3m as my HTML viewer
 8  N   Thu, Aug/07/2008 08:31:30AM Mutt(5.3K) [Mutt] #3100: 
forward_attribution missing
 9  N   Thu, Aug/07/2008 03:30:51AM Mutt(5.9K) [Mutt] #3099: 
(pager.c) Background of quoted text doesn't fill the whole line

Is there a way?

-Ethan

Re: How to get single list of mailboxes from two IMAP servers?

[Michelle Konzack]

Hello,

Why not use a tool to get the list?

8<--
#!/usr/bin/perl

use Net::IMAP::Simple;
use strict;
use Getopt::Long;

my $PASS="sag_ich_nischt";
my $USER="linux4michelle";
my $HOST="mx.freenet.de";

GetOptions('user=s'  => \$USER,
   'pass=s'  => \$PASS,
   'host=s'  => \$HOST);

die "Kein Benutzer angegeben\n" unless $USER;
die "Kein Password angegeben\n" unless $PASS;
die "Kein Host angegeben\n" unless $HOST;

my $imap = Net::IMAP::Simple->new($HOST) || die
$Net::IMAP::Simple::errstr."\n";

unless($imap->login($USER, $PASS)){
die "Login failed: " . $imap->errstr() . "\n";
}

my @mb=$imap->mailboxes;

foreach (@mb){
printf "$_\n";
};

8<--

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
Michelle Konzack   Apt. 917  ICQ #328449886
+49/177/935194750, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature