Protonmail on CentOS server
#protonmail #centos #fedora #linux
Before you start
Currently protonmail bridge for linux is distributed as part of an open beta program, but soon it will be made public (https://protonmail.com/bridge/install).
Consider that the bridge linux client requires a paid protonmail account to work.
Get the protonmail bridge linux installer
Download the latest package into your computer.
The link above is working at the time of writing this article, but as the bridge team pointed out, they will expire all the previous links once they release a new version to encourage the installation of the latest version.
To get the latest version try replacing/increasing the version numbers on the link provided or write an email to email@example.com (https://protonmail.com/support/knowledge-base/bridge-for-linux/)
Install protonmail bridge
We will need root access for the setup
Import the protonmail bridge public key
nano bridge_pubkey.gpg (copy the content of the file and save) rpm --import bridge_pubkey.gpg
Check the rpm package is correctly signed
rpm --checksig protonmail-bridge-1.1.1-1.x86_64.rpm
Install the protonmail bridge client
yum install protonmail-bridge-1.1.1-1.x86_64.rpm
Install additional tools required for the setup
Install the "pass" password manager that protonmail bridge will use to store the passwords
yum install pass
Install the "screen" utility to daemonize the protonmail bridge client
yum install screen
Create a new user
We will create a new user mainly to isolate the access to the passwords of other users.
Notice that the new user will be locked to disable access to this user from outside.
useradd protonmail usermod -L protonmail
Setup "pass" password manager
Login as the new isolated user
su protonmail cd ~
Run a script session to avoid the PGP key passphrase prompt to fail (https://bugzilla.redhat.com/show_bug.cgi?id=659512).
This is required if we are not using a graphical interface due to the way our isolated user runs the shell commands
Generate PGP key pair for the new user with an empty passphrase.
The empty passphrase is required to run the protonmail bridge on the background on system startup without being prompted for the password and hence causing the process to fail.
gpg --gen-key >>>> Choose 1 (1) RSA and RSA (default) >>>> Choose 2048 (default) >>>> Choose 0 0 = key does not expire >>>> Type your name e.g. Proty McProtonFace >>>> Type your email e.g. firstname.lastname@example.org >>>> Leave empty comment >>>> Leave empty passphrase
List the keys to ensure they were created correctly
Init the password manager for the chosen email address in the PGP keys step
pass init email@example.com
Setup the protonmail bridge client
At this point we already set up the password manager that will allow the protonmail bridge to store the passwords so we will now setup your protonmail account.
protonmail-bridge --cli >>>> add (add your protonmail account to bridge) >>>> (enter your protonmail account email address) >>>> (enter your protonmail account password) >>>> list (list configured accounts) >>>> info (list SMTP credentials for configuring any local SMTP compatible service) >>>> help (get familiarized with the bridge options) >>>> exit (exit the bridge console which stops the local SMTP server created)
Exit the scripted mode of the isolated user if you previously ran "script /dev/null"
Daemonize the protonmail bridge client
In order to start automatically the bridge client on system startup we will create a script to run it in the background.
Notice that we will use the "screen" utility since there is no way to run the protonmail linux client in the background currently without a graphical interface.
For this we will need root access again.
Create a basic script that will be able to launch the protonmail bridge client in the background and kill it.
mkdir /var/lib/protonmail nano /var/lib/protonmail/protonmail.sh (copy the content of the file and save) chmod +x /var/lib/protonmail/protonmail.sh
Create a systemd service
nano /etc/systemd/system/protonmail.service (copy the content of the file and save)
Enable the script so that it can run on system startup
systemctl enable protonmail
Test the protonmail service
systemctl start protonmail netstat -tulpn | grep 1025
Reboot you system and check if protonmail bridge is bound to the default ports
reboot netstat -tulpn | grep 1025
Protonmail on Fedora
All the instructions above should work in Fedora. You can replace "yum" commands with "dnf"
Configure SMTP services
Now that you have the protonmail bridge running in the background you can configure SMTP emails on local instances of Jenkins, Jira, Bitbucket, Thunderbird or any service of your choice.
Remember that required credentials and configuration details can be found by executing:
protonmail-bridge --cli >>>> info >>>> exit