Slackware-13.1-Hacks-Claws Mail GnuPG
Posted 03-02-2011 at 12:02 PM by arniekat
Claws-Mail with GnuPG Encryption
This tutorial will setup Claws-Mail with HTML Mail Viewing, Spam Filtering and GnuPG Encryption. If you use Yahoo Mail or some other service, you will need to get the settings for your email from your provider. The information here came from the Claws-Mail Help and from SlackBuilds.org.
Compile and install the following applications in the following order from SlackBuilds.org
1. libetpan-1.0 (Dependency of Claws-Mail)
2. bogofilter-1.2.1 (Optional-Only if you want a spam filter)
3. icu4c-4.4.1 (Dependency of WebKit)
4. libsoup-2.32.2 (Dependency of WebKit)
5. webkit-r61056 (Optional-Only if you want to able to view HTML Mail instead of Text Only)
6. claws-mail-3.7.8
7. claws-mail-extra-plugins-3.7.8
NOTE-Be sure to remove the geolocation_plugin from the claws-mail-extra-plugins.SlackBuild since we are not including this in the package.
CREATING GNUPG PRIVATE-PUBLIC KEYS
Open the application Gnu Privacy Assistant, which is included with your default Slackware installation. You can use KGPG if you are comfortable with that. Since I use the GNOME Desktop, I also have the Seahorse apllication.
Here are the prompts/responses from Gnu Privacy Assistant:
You do not have a private key yet. Do you want to generate one now (recommended) or do it later? Click "Generate Key Now"
Please insert your full name now: <Your Full Name>
Click Forward
Your email address: <Your_email_address_at_gmail.com>
Click Forward
Please choose a passphrase for your new key.
Passphrase: <GnuPG_Passphrase>
Repeat Passphrase: <GnuPG_Passphrase>
Click Forward
Do you want to create a backup copy? Create a backup copy.
Click Apply
Your key is being generated.
A backup copy of your key is stored in /home/user/sec_key.asc
Copy this key to a secure place, then shred the backup key with the following command:
$ shred -u /home/user/sec_key.asc
Close the Gnu Privacy Assistant
SECURING GNUPG KEYS WITH ENCFS/CRYPTKEEPER
If you have an unencrypted /home partition and would like to further protect your GnuPG Private Key, compile/install/setup the EncFS/Cryptkeeper application (see the separate Hacks section), copy your GnuPG keys to the encrypted Private Directory, then shred the old GnuPG keys in the .gnupg folder. Create symlinks from the .gnupg folder to the encrypted Private Folder where your keys are stored. Whenever you want to use your GnuPG keys, you will need to decrypt your Private Folder so your GnuPG keys will also be decrypted before you open the Gnu Privacy Assistant or before you encrypt emails with Claws Mail. Let's assume your created the folder /home/user/Private for the decrypted contents and /home/user/.Private for the encrypted contents using EncFS. Here are the commands:
$ cp /home/user/.gnupg/pubring.gpg /home/user/Private/pubring.gpg
$ cp /home/user/.gnupg/secring.gpg /home/user/Private/secring.gpg
$ shred -u /home/user/.gnupg/pubring.gpg
$ shred -u /home/user/.gnupg/pubring.gpg~
$ shred -u /home/user/.gnupg/secring.gpg
$ cd /home/user/.gnupg
$ ln -s /home/user/Private/pubring.gpg ./pubring.gpg
$ ln -s /home/user/Private/secring.gpg ./secring.gpg
Now open Gnu Privacy Assistant and you should still see your GnuPG keys. If not, then we have a problem.
SETUP CLAWS-MAIL
Open the application and input the email address, settings, etc. If you do not use GMail, you can get your settings from your email provider's website. Here are the prompts and responses:
Welcome to the Claws-Mail Setup Wizard
Click Forward
Your Name: <Your_Full_Name>
Your EMail Address: <Your_email_address_at_gmail.com>
Your Organization: <Organization_Name>
Click Forward
Receiving Mail Dialog Box
Server Type: POP3
Server Address: pop.gmail.com
Username: <gmail_username>
Password: <gmail_password>
CHECKED BOX: Use SSL to connect to Receiving Server
Click Forward
Sending Mail Dialog Box
SMTP Server Address: smtp.gmail.com
CHECKED BOX: Use Authentication
SMTP Username: <Empty to use same name as receive>
SMTP Password: <Empty to use same name as receive>
CHECKED BOX: Use SSL to connect to SMTP Server
Click Forward
Saving Mail To Disk Dialog Box
Mailbox Name: Mail
Click Forward
Configuration Finished
Click Save to Save Settings and Start Claws-Mail
Click "Get Mail" to download all messages
When you first click "Get Mail", you will have to accept the Unknown SSL Certificate gmail-pop.l.google.com
Click "Accept and Save"
When you first click "Compose", you will have to accept the Unknown SSL Certificate gmail-smtp-msa.l.google.com
Click "Accept and Save"
CLAWS-MAIL PLUGINS
A) EMail Encryption Plugins
Go to Configuration--Plugins, then select "Load" to load a plugin. A second dialog box will open at the /usr/lib/claws-mail/plugins directory. Select the pgpcore.so, pgpmime.so and pgpinline.so plugins and click "Open". Click "Close" to exit the Plugins Dialog Box. Go to Configuration--Preferences for current account... Select Account > Privacy Menu Item. Select "PGP/Inline" from the “Default privacy system” drop-down box. I uncheck all the boxes so I have to specifically select to encrypt or sign emails. Click on "Apply". Click on "OK" to exit the dialog box.
Go to Configuration--Preferences. Now select the Plugins > GPG Menu Item. Select the box to enable "Automatically check signatures". Click on "Apply". Click on "OK" to exit the dialog box.
Digitally Signing a clear-text email.
Hit the "Compose Mail" button.
1. Compose your message.
2. Go to Options, then select "Sign" if you want to digitally sign the email. GnuPG will use your Private Key to sign the email so that someone with your Public Key will verify that it came from you. When you hit "Send" you will be asked for the GnuPG Private Key Passphrase. Enter it and the mail should be on its way digitally signed. When the mail is received, the recipient will click on the email to read it. It will have a section entitled "BEGIN PGP SIGNED MESSAGE", then you will see the clear-text message. The next section will have a "BEGIN PGP SIGNATURE", a bunch of random-looking garbage and an "END PGP SIGNATURE" section. If your recipient is also using Claws-Mail, when they receive a digitally-signed email, they will see at the bottom of the Claws-Mail dialog box, a note "Good Signature from ..." if the signature was verified. Note - The recipient of your email MUST have your Public Key in their keyring in order to verify the signature. A Digitally-Signed email verifies that the email HAS NOT changed.
Creating an encrypted email.
Hit the "Compose Mail" button./
NOTE - You must have the recipient's Public Key in your keyring before you create the encrypted message. You will be using their Public Key to encrypt the message so only the recipient can decrypt it with their Private Key. It is linked by email address.
1. Compose your message.
2. Go to Options, then select "Encrypt" if you want to completely encrypt the email. When you hit "Send", you will receive an Encryption Warning that "Attachments are not encrypted by the PGP/Inline system, nor are mail headers, like the Subject line". Claws-Mail will look for a Public Key that matches the email address of the recipient. If it cannot find one, Claws-Mail will ask you to select a Public Key to encrypt the message. Click "Continue" to send it. When the mail is received, the recipient will click on the email to read it. Assuming they are using Claws-Mail, they will then be asked for the passphrase of their Private Key. Then the message will be decrypted with it. The message will have a section entitled "Start of PGP/Inline encrypted data", then the decrypted message and finally an "End of PGP/Inline encrypted data".
B) Bogofilter Spam Filter Plugin
This plugin can check all messages that are received from an IMAP, LOCAL or POP account for spam using Bogofilter. You will need Bogofilter installed locally. Before Bogofilter can recognize spam messages, you have to train it by marking a few hundred spam and ham messages with the use of "/Mark/Mark as spam" and "/Mark/Mark as ham". The button is at the top next to the Trash button. When a message is identified as spam it can be deleted or saved in a specially designated folder.
The options can be found in Configuration--Preferences, then Plugins > Bogofilter.
The options/changes I made are as follows:
Save spam in - I create a folder named "spam" to put the junk in.
Click OK
C) Fancy HTML Mail Plugin
This plugin renders HTML mail using the WebKit library. By default all remote content is blocked and images are not automatically loaded.
Go to Configuration--Plugins, then select "Load" to load a plugin. A second dialog box will open at the /usr/lib/claws-mail/plugins directory. Select the fancy.so and click "Open". Click "Close" to exit the Plugins Dialog Box. Now, whenever you are reading an email, you can select to see the HTML version by clicking the 3rd button on the right which is a "text/html" button. Now you will see the HTML version of the email.
Options can be found in Configuration--Preferences, then Plugins > Fancy. The options available are as follows (the defaults are shown below, but you can change as you see fit):
Auto-Load Images UNCHECK
Block External Content CHECK
Enable Javascript UNCHECK
Enable Plugins UNCHECK
Open Links With External Browser UNCHECK
This tutorial will setup Claws-Mail with HTML Mail Viewing, Spam Filtering and GnuPG Encryption. If you use Yahoo Mail or some other service, you will need to get the settings for your email from your provider. The information here came from the Claws-Mail Help and from SlackBuilds.org.
Compile and install the following applications in the following order from SlackBuilds.org
1. libetpan-1.0 (Dependency of Claws-Mail)
2. bogofilter-1.2.1 (Optional-Only if you want a spam filter)
3. icu4c-4.4.1 (Dependency of WebKit)
4. libsoup-2.32.2 (Dependency of WebKit)
5. webkit-r61056 (Optional-Only if you want to able to view HTML Mail instead of Text Only)
6. claws-mail-3.7.8
7. claws-mail-extra-plugins-3.7.8
NOTE-Be sure to remove the geolocation_plugin from the claws-mail-extra-plugins.SlackBuild since we are not including this in the package.
CREATING GNUPG PRIVATE-PUBLIC KEYS
Open the application Gnu Privacy Assistant, which is included with your default Slackware installation. You can use KGPG if you are comfortable with that. Since I use the GNOME Desktop, I also have the Seahorse apllication.
Here are the prompts/responses from Gnu Privacy Assistant:
You do not have a private key yet. Do you want to generate one now (recommended) or do it later? Click "Generate Key Now"
Please insert your full name now: <Your Full Name>
Click Forward
Your email address: <Your_email_address_at_gmail.com>
Click Forward
Please choose a passphrase for your new key.
Passphrase: <GnuPG_Passphrase>
Repeat Passphrase: <GnuPG_Passphrase>
Click Forward
Do you want to create a backup copy? Create a backup copy.
Click Apply
Your key is being generated.
A backup copy of your key is stored in /home/user/sec_key.asc
Copy this key to a secure place, then shred the backup key with the following command:
$ shred -u /home/user/sec_key.asc
Close the Gnu Privacy Assistant
SECURING GNUPG KEYS WITH ENCFS/CRYPTKEEPER
If you have an unencrypted /home partition and would like to further protect your GnuPG Private Key, compile/install/setup the EncFS/Cryptkeeper application (see the separate Hacks section), copy your GnuPG keys to the encrypted Private Directory, then shred the old GnuPG keys in the .gnupg folder. Create symlinks from the .gnupg folder to the encrypted Private Folder where your keys are stored. Whenever you want to use your GnuPG keys, you will need to decrypt your Private Folder so your GnuPG keys will also be decrypted before you open the Gnu Privacy Assistant or before you encrypt emails with Claws Mail. Let's assume your created the folder /home/user/Private for the decrypted contents and /home/user/.Private for the encrypted contents using EncFS. Here are the commands:
$ cp /home/user/.gnupg/pubring.gpg /home/user/Private/pubring.gpg
$ cp /home/user/.gnupg/secring.gpg /home/user/Private/secring.gpg
$ shred -u /home/user/.gnupg/pubring.gpg
$ shred -u /home/user/.gnupg/pubring.gpg~
$ shred -u /home/user/.gnupg/secring.gpg
$ cd /home/user/.gnupg
$ ln -s /home/user/Private/pubring.gpg ./pubring.gpg
$ ln -s /home/user/Private/secring.gpg ./secring.gpg
Now open Gnu Privacy Assistant and you should still see your GnuPG keys. If not, then we have a problem.
SETUP CLAWS-MAIL
Open the application and input the email address, settings, etc. If you do not use GMail, you can get your settings from your email provider's website. Here are the prompts and responses:
Welcome to the Claws-Mail Setup Wizard
Click Forward
Your Name: <Your_Full_Name>
Your EMail Address: <Your_email_address_at_gmail.com>
Your Organization: <Organization_Name>
Click Forward
Receiving Mail Dialog Box
Server Type: POP3
Server Address: pop.gmail.com
Username: <gmail_username>
Password: <gmail_password>
CHECKED BOX: Use SSL to connect to Receiving Server
Click Forward
Sending Mail Dialog Box
SMTP Server Address: smtp.gmail.com
CHECKED BOX: Use Authentication
SMTP Username: <Empty to use same name as receive>
SMTP Password: <Empty to use same name as receive>
CHECKED BOX: Use SSL to connect to SMTP Server
Click Forward
Saving Mail To Disk Dialog Box
Mailbox Name: Mail
Click Forward
Configuration Finished
Click Save to Save Settings and Start Claws-Mail
Click "Get Mail" to download all messages
When you first click "Get Mail", you will have to accept the Unknown SSL Certificate gmail-pop.l.google.com
Click "Accept and Save"
When you first click "Compose", you will have to accept the Unknown SSL Certificate gmail-smtp-msa.l.google.com
Click "Accept and Save"
CLAWS-MAIL PLUGINS
A) EMail Encryption Plugins
Go to Configuration--Plugins, then select "Load" to load a plugin. A second dialog box will open at the /usr/lib/claws-mail/plugins directory. Select the pgpcore.so, pgpmime.so and pgpinline.so plugins and click "Open". Click "Close" to exit the Plugins Dialog Box. Go to Configuration--Preferences for current account... Select Account > Privacy Menu Item. Select "PGP/Inline" from the “Default privacy system” drop-down box. I uncheck all the boxes so I have to specifically select to encrypt or sign emails. Click on "Apply". Click on "OK" to exit the dialog box.
Go to Configuration--Preferences. Now select the Plugins > GPG Menu Item. Select the box to enable "Automatically check signatures". Click on "Apply". Click on "OK" to exit the dialog box.
Digitally Signing a clear-text email.
Hit the "Compose Mail" button.
1. Compose your message.
2. Go to Options, then select "Sign" if you want to digitally sign the email. GnuPG will use your Private Key to sign the email so that someone with your Public Key will verify that it came from you. When you hit "Send" you will be asked for the GnuPG Private Key Passphrase. Enter it and the mail should be on its way digitally signed. When the mail is received, the recipient will click on the email to read it. It will have a section entitled "BEGIN PGP SIGNED MESSAGE", then you will see the clear-text message. The next section will have a "BEGIN PGP SIGNATURE", a bunch of random-looking garbage and an "END PGP SIGNATURE" section. If your recipient is also using Claws-Mail, when they receive a digitally-signed email, they will see at the bottom of the Claws-Mail dialog box, a note "Good Signature from ..." if the signature was verified. Note - The recipient of your email MUST have your Public Key in their keyring in order to verify the signature. A Digitally-Signed email verifies that the email HAS NOT changed.
Creating an encrypted email.
Hit the "Compose Mail" button./
NOTE - You must have the recipient's Public Key in your keyring before you create the encrypted message. You will be using their Public Key to encrypt the message so only the recipient can decrypt it with their Private Key. It is linked by email address.
1. Compose your message.
2. Go to Options, then select "Encrypt" if you want to completely encrypt the email. When you hit "Send", you will receive an Encryption Warning that "Attachments are not encrypted by the PGP/Inline system, nor are mail headers, like the Subject line". Claws-Mail will look for a Public Key that matches the email address of the recipient. If it cannot find one, Claws-Mail will ask you to select a Public Key to encrypt the message. Click "Continue" to send it. When the mail is received, the recipient will click on the email to read it. Assuming they are using Claws-Mail, they will then be asked for the passphrase of their Private Key. Then the message will be decrypted with it. The message will have a section entitled "Start of PGP/Inline encrypted data", then the decrypted message and finally an "End of PGP/Inline encrypted data".
B) Bogofilter Spam Filter Plugin
This plugin can check all messages that are received from an IMAP, LOCAL or POP account for spam using Bogofilter. You will need Bogofilter installed locally. Before Bogofilter can recognize spam messages, you have to train it by marking a few hundred spam and ham messages with the use of "/Mark/Mark as spam" and "/Mark/Mark as ham". The button is at the top next to the Trash button. When a message is identified as spam it can be deleted or saved in a specially designated folder.
The options can be found in Configuration--Preferences, then Plugins > Bogofilter.
The options/changes I made are as follows:
Save spam in - I create a folder named "spam" to put the junk in.
Click OK
C) Fancy HTML Mail Plugin
This plugin renders HTML mail using the WebKit library. By default all remote content is blocked and images are not automatically loaded.
Go to Configuration--Plugins, then select "Load" to load a plugin. A second dialog box will open at the /usr/lib/claws-mail/plugins directory. Select the fancy.so and click "Open". Click "Close" to exit the Plugins Dialog Box. Now, whenever you are reading an email, you can select to see the HTML version by clicking the 3rd button on the right which is a "text/html" button. Now you will see the HTML version of the email.
Options can be found in Configuration--Preferences, then Plugins > Fancy. The options available are as follows (the defaults are shown below, but you can change as you see fit):
Auto-Load Images UNCHECK
Block External Content CHECK
Enable Javascript UNCHECK
Enable Plugins UNCHECK
Open Links With External Browser UNCHECK
Total Comments 0
