Configure the protonmail bridge linux client on Ubuntu 20.04 and Debian 10 server

Protonmail.md

Protonmail on Ubuntu 20.04 and Debian 10 server

#protonmail #debian #linux

Before you start

Currently protonmail bridge for linux is distributed as part of an open beta program, but soon it will be made public (https://protonmail.com/bridge/install).

Consider that the bridge linux client requires a paid protonmail account to work.

Get the protonmail bridge linux installer

Download the latest package into your computer.

wget --no-check-certificate https://protonmail.com/download/bridge/protonmail-bridge_2.1.3-1_amd64.deb

The link above is working at the time of writing this article, but as the bridge team pointed out, they will expire all the previous links once they release a new version to encourage the installation of the latest version.

To get the latest version try replacing/increasing the version numbers on the link provided or write an email to bridge@protonmail.ch (https://protonmail.com/support/knowledge-base/bridge-for-linux/)

Install protonmail bridge

We will need root access for the setup

su root

Import the protonmail bridge public key

nano bridge_pubkey.gpg
(copy the content of the file and save) or the public key bridge_pubkey.gpg can found:https://protonmail.com/download/bridge_pubkey.gpg
rpm --import bridge_pubkey.gpg

Download the protonmail-bridge package

cd /tmp
wget --no-check-certificate https://protonmail.com/download/bridge/protonmail-bridge_2.1.3-1_amd64.deb

Check the rpm package is correctly signed

rpm --checksig protonmail-bridge_2.1.3-1_amd64.deb

Install dependencies for protonmail-bridge

apt install qt5-default libqt5designer5 libqt5multimediawidgets5 libqt5quickwidgets5 libpulse-mainloop-glib0 libsecret-1-0 ttf-dejavu net-tools libsecret-common libsecret-tools

Install the protonmail bridge client

dpkg -i protonmail-bridge_2.1.3-1_amd64.deb

Install additional tools required for the setup

Install the "pass" password manager that protonmail bridge will use to store the passwords

apt install pass

Install the "screen" utility to daemonize the protonmail bridge client

apt install screen

Create a new user

We will create a new user mainly to isolate the access to the passwords of other users.

Notice that the new user will be locked to disable access to this user from outside.

useradd protonmail
usermod -L protonmail

Create a protonmail directory in /home

cd /home
mkdir protonmail

Change folder owner

chown -R protonmail:protonmail /home/protonmail

Setup "pass" password manager

Login as the new isolated user

su protonmail
cd ~

Run a script session to avoid the PGP key passphrase prompt to fail (https://bugzilla.redhat.com/show_bug.cgi?id=659512).

This is required if we are not using a graphical interface due to the way our isolated user runs the shell commands

script /dev/null

Generate PGP key pair for the new user with an empty passphrase.

The empty passphrase is required to run the protonmail bridge on the background on system startup without being prompted for the password and hence causing the process to fail.

gpg --full-generate-key
>>>> Choose 1                (1) RSA and RSA (default)
>>>> Choose 2048             (default)
>>>> Choose 0                0 = key does not expire
>>>> Type your name          e.g. Proty McProtonFace
>>>> Type your email         e.g. a@a.com
>>>> Leave empty comment
>>>> Leave empty passphrase

List the keys to ensure they were created correctly

gpg --list-keys

Init the password manager for the chosen email address in the PGP keys step

pass init a@a.com

Setup the protonmail bridge client

At this point we already set up the password manager that will allow the protonmail bridge to store the passwords so we will now setup your protonmail account.

protonmail-bridge --cli
>>>> add    (add your protonmail account to bridge)
>>>> (enter your protonmail account email address)
>>>> (enter your protonmail account password)
>>>> list   (list configured accounts)
>>>> info   (list SMTP credentials for configuring any local SMTP compatible service)
>>>> help   (get familiarized with the bridge options)
>>>> exit   (exit the bridge console which stops the local SMTP server created)

Exit the scripted mode of the isolated user if you previously ran "script /dev/null"

exit

Daemonize the protonmail bridge client

In order to start automatically the bridge client on system startup we will create a script to run it in the background.

Notice that we will use the "screen" utility since there is no way to run the protonmail linux client in the background currently without a graphical interface.

For this we will need root access again.

exit

Create a basic script that will be able to launch the protonmail bridge client in the background and kill it.

mkdir /var/lib/protonmail
nano /var/lib/protonmail/protonmail.sh
(copy the content of the file and save)
chmod +x /var/lib/protonmail/protonmail.sh

Create a systemd service

nano /etc/systemd/system/protonmail.service
(copy the content of the file and save)

Enable the script so that it can run on system startup

systemctl enable protonmail

Test the protonmail service

systemctl start protonmail
netstat -tulpn | grep 1025

Reboot you system and check if protonmail bridge is bound to the default ports

reboot
netstat -tulpn | grep 1025

Protonmail on Fedora

All the instructions above should work in Fedora. You can replace "yum" commands with "dnf"

Configure SMTP services

Now that you have the protonmail bridge running in the background you can configure SMTP emails on local instances of Jenkins, Jira, Bitbucket, Thunderbird or any service of your choice.

Remember that required credentials and configuration details can be found by executing:

protonmail-bridge --cli
>>>> info
>>>> exit

Problems

Note: When sending an email via PHPMailer, the following message is displayed:

Connection failed. Error #2: stream_socket_client(): unable to connect to 127.0.0.1:1026 (Connection refused)
SMTP ERROR: Failed to connect to server: Connection refused (111)

OR

SMTP INBOUND: "454 4.7.0 account is logged out, use the app to login again"
SERVER -> CLIENT: 454 4.7.0 account is logged out, use the app to login again
SMTP ERROR: Password command failed: 454 4.7.0 account is logged out, use the app to login again
SMTP Error: Could not authenticate.

Solution 1 :

More than one process listens on the same port. Changing the port in Protonmail-bridge may correct the problem.

To solve it I had to: Login as the new isolated user

su protonmail
cd ~

This is required if we are not using a graphical interface due to the way our isolated user runs the shell commands

script /dev/null

Change port setting

change port

Solution 2 :

Two user processes (root and protonmail) are executed at the same time.

1. Stopping the "proton-bridge" process using the killall command

killall -9 proton-bridge

2. Full uninstall protonmail-bridge

apt purge protonmail-bridge

2. remove all protonmail folders and configuration files in the 'root' profile

3. remove the protonmail folder in the "home" folder

rm -rf /home/protonmail

4. reboot

5. Repeat the protonmail-bridge installation procedure

Problems

Note: When running Bridge on command line, I the following message is printed:

WARN[0000] Failed to add test credentials to keychain error="exit status 1: gpg: Passwords: skipped: No public key\ngpg: [stdin]: encryption failed: No public key\nPassword encryption aborted.\n" helper="*pass.Pass"

He had a bug with your keyring and pass.

Solution:

To solve it I had to:

1. uninstall gnupg and pass

apt remove gnupg pass

2. delete the .gnupg and .password-store folders

rm -rf /home/protonmail/.gnupg
rm -rf /home/protonmail/.password-store

3. reinstall gnupg and pass

apt install gnupg pass

4. login as the new isolated user

su protonmail
cd ~

5. run a script session to avoid the PGP key passphrase prompt to fail

script /dev/null

6. run gpg to create the database and its folder

gpg --list-keys

7. create a new key

gpg --full-generate-key
>>>> Choose 1 (1) RSA and RSA (default)
>>>> Choose 2048 (default)
>>>> Choose 0 0 = key does not expire
>>>> Type your name e.g. Proty McProtonFace
>>>> Type your email e.g. a@a.com
>>>> Leave empty comment
>>>> Leave empty passphrase

8. Init the password manager for the chosen email address in the PGP keys step

pass init a@a.com

9. List the keys to ensure they were created correctly

gpg --list-keys

10. Setup the protonmail bridge client, follow the procedure I described here

protonmail.service

[Unit]
Description=Service to run the Protonmail bridge client
After=network.target

[Service]
Type=oneshot
User=protonmail
ExecStart=/var/lib/protonmail/protonmail.sh start
ExecStop=/var/lib/protonmail/protonmail.sh stop
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

protonmail.sh

#!/bin/bash

case "$1" in
  start)
    # will create an screen in detached mode (background) with name "protonmail"
    screen -S protonmail -dm protonmail-bridge --cli
    echo "Service started."
    ;;
  status)
    # ignore this block unless you understand how screen works and that only lists the current user's screens
    result=$(screen -list | grep protonmail)
    if [ $? == 0 ]; then
      echo "Protonmail bridge service is ON."
    else
      echo "Protonmail bridge service is OFF."
    fi
    ;;
  stop)
    # Will quit a screen called "protonmail" and therefore terminate the running protonmail-bridge process
    screen -S protonmail -X quit
    echo "Service stopped."
    ;;
  *)
    echo "Unknown command: $1"
    exit 1
  ;;
esac

z_bridge_pubkey.gpg

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFo9OeEBEAC+fPrLcUBY+YUc5YiMrYJQ6ogrJWMGC00h9fAv3PsrHkBz0z7c
QFDyNdNatokFDtZDX115M0vzDwk5NkcjmO7CWbf6nCZcwYqOSrBoH8wNT9uTS/6p
R3AHk1r3C/36QG3iWx6Wg4ycRkXWYToT3/yh5waE5BbLi/9TSBAdfJzTyxt4IpZG
3OTMnOwuz6eNRWVHkA48CJydWS6M8z+jIsBwFq4nOIChvLjIF42PuAT1VaiCYSmy
4sU1YxxWof5z9HY0XghRpd7aUIgzAIsXUbaEXh/3iCZDUMN5LwkyAn+r5j3SMNzk
2htF8V7qWE8ldYNVrpeEwyor0x1wMzpbb/C4Y8wXe8rP01d0ApiHVRETzsQk2esf
XuSrBCtpyLc6ET1lluiL2sVUUelAPueUQlOyYXfL2X958i0TgBCi6QRPXxbPjCPs
d1UzLPCSUNUO+/7fslZCax26d1r1kbHzJLAN1Jer6rxoEDaEiVSCUTnHgykCq5rO
C3PScGEdOaIi4H5c6YFZrLmdz409YmJEWLKIPV/u5DpI+YGmAfAevrjkMBgQBOmZ
D8Gp19LnRtmqjVh2rVdr8yc5nAjoNOZwanMwD5vCWPUVELWXubNFBv8hqZMxHZqW
GrB8x8hkdgiNmuyqsxzBmOEJHWLlvbFhvHhIedT8paU/spL/qJmWp3EB4QARAQAB
tExQcm90b24gVGVjaG5vbG9naWVzIEFHIChQcm90b25NYWlsIEJyaWRnZSBkZXZl
bG9wZXJzKSA8YnJpZGdlQHByb3Rvbm1haWwuY2g+iQJUBBMBCAA+AhsDBQsJCAcC
BhUICQoLAgQWAgMBAh4BAheAFiEE1R5k0+Y+3D7veGTO4sddaOYjSwcFAmH6ieIF
CQt/twEACgkQ4sddaOYjSwcP4BAAu48suXCbfyZ3RWXFfNZ0KfEjh6UtuIYvZ3qV
GfFSw8BLCNhNbGD/bw8+xDodJSDC1tsI8x08btoTH+zyTbrbvHjhC96fKV+DNonS
GEAPsnKqj/fl58WP67m0wxh8/pfwIsGbzXn03mwmvRNrVSRHW5CMuBsZPIHj4ATg
KKjmc/mY15b9zapk9l+bVCe47RsiM7ZbnD00d1erQu7/8LNAR2MCb0PgKrBT+6AS
UC1XTVc6IuEcIdaf3mLJ4iA5vnrFxtezXtTU7jX12sWEMZOADqf6aPj+U1i+loER
JN3Ry10OJnDJ+kWP7zwXFWcsaYDZbrI/Odt8PImDkxxTdTpGrvHsuDhbPKmlMHYd
A8cVlHmy3Pp0Tn5VpV22+CWSR6UQzd6dpPv+2Ekt2z6VMvWOjyujEfsTJWBPDU1i
slaQoRdchG2kxUEXdOKMTfGwIhNJaeIqvojx7IIxAcOy56KgMuRxmqSOJFuiMC0C
DcVrsg6FbrzQw1D1FhSZSdnu9Wv+pzjZ8zQnxSsMAYU9e9/3OjJ3/VHNpaGo3zUN
kTpYsHh3Y9LuVTFSNmGiBnpVg0hZ8aUipAfoiyyQj5QA8nZv0Pptp86+QS6AUkq7
QvXg8yybYNxsJaxGC9Ea5K1ivAommes0SbzFLg5/3B84o27xeqMMevTMAKZ6txhC
vqagRLuJASIEEAECAAwFAlpcl/gFAwASdQAACgkQlxC4m8pXrXzF1ggAoS7luFCm
S13Vv2w2GGpWOLcVh/RUcsTU8eUr9DY40rlrKVkX5MBL1yeD/XiIXY5aFlBaKxIq
NPjqu0VBZhaYj6ZuGpAodpattzjNOXWxwFtz2JaUfn2VUrZMbDwY9AQMHab/xxir
PmezHMee9Y56qnNPIHDh3pZZ18rHrwY4e1pVkR+N0xYTb4M0vw3AhHjboS8H9noq
V6ykT5F+3C18G5UBHwyGS/wCXf7xB7mAN4voBZq8NMe3bVae8Lk7xSCuXuzmHZPM
5q6MJB+18HSraKsFRlEJSeESb1JlKS0JnocnHxq7pdvAIw10QCC3ZF7Bu0PGDwUI
7ymZvWOsRmqiZYkBIgQQAQIADAUCWn7fTQUDABJ1AAAKCRCXELibyletfFnGB/9b
RumxnZzyoOrsDiV6DVruagouK8RhilAd+3We47l8rtSd27M8AL4RkO6JBqM7MKP/
C9anbY/2R6vRTXVF+hJ06dqek2dba3+bWi5SxmNa4Hqxp16Ip1RuH+yqdGB2gdhN
hgsY0Ojnl7vFWk2DKTzlMzP6TEXXhC4Z4XwtXRx1y7XsHen8/f5+Zo6ro565KuD+
RuE+6WQQ0h6yhtEsuMeohNSLYpqZo9d2hBE09768gdweSSB+4FyIQsIBWjLX/iyB
WiBxw3LtkQwl21TGbntYD12Gr0hJRY7c3meg/PN+XKYTcAml7BOvvdaEpWLVfs/h
W9QOicuL0l/74GZ1GFKuiQEiBBABAgAMBQJakANDBQMAEnUAAAoJEJcQuJvKV618
SwgH/jF/S4jfpKbwid8aigJs8CSSL3GQFtjU5/6qiMUJQD1BC9WpVMZImm+8y+qK
MzTWR479o6GRChq4YPCkzvK74/lbGLacugsBtVkRzvDRcHVNUjl9RhUdxvU1Wwsr
ASSIZdLOMXWpaQhxNgrkM2DDLX+mWWExwsHbuOS0DfFeQeVmtgmfJgWb2bhc9X0V
ZBfcDmQ8F2Fazkf25E+PozfTKxMbCcj4Hzht8eWRGqsvJbM+Guf/7P2GXq69clD2
h7TDdCyTvHWyruCKqrHjYRUXbE8U5j8FnEZh6nvH+1OfF6Pt7SNhMDjeGzcI2ddl
MDBO/EGNPEpyL3Eeh0n7xuE1vL6JASIEEAECAAwFAlqzm54FAwASdQAACgkQlxC4
m8pXrXxCgwf/VsUKgIn5BANRu6tHCuk68aT7gj7RiO3F1Ta2170sy3/hguXP9k+k
dO1wHaILkN5h6ge/Ant+mSO8Vod6nfEakBSfaPfdXf1Wa5fTu0rUI9L9PV2lgTs3
N6R7C0YQ3lDyylvX85cfZbel3n0aSr1XFb1FFPl7CeWy97Qnx3XMHbLI6uiALNK9
8GcYUA/lXWzDfGv86O6n5/d9K2q7QA0XW95IDegy7Jacchtp8AjHuZ6xa8ADFYFL
qNIoK+/4PH0p/piiNHrQ3Ndys31Kpi2X/TrVPhZ0OLtUk1qUdtSLK3fwPXstuSrp
04dyVWRWa/a22Qap+4/JLmGP4J6DUmUisYkBIgQQAQIADAUCWsVn8gUDABJ1AAAK
CRCXELibyletfAdTB/9VNysmCsCD1tV54h45iU91GWy9GzoiqKQ2aKPzHX9CG4uo
GwWSKUj0cMwoqvw0ysAJ78S1G11N3DR4j98PzlcJ7s+jXUB57PC3Va8dhajyjbp7
hbNE2jrgqYQyTp/XcHd2xJWqQtniRtY1bruFP/0HbflAq3t4Y63xTjtM6kj2xi0t
wauvOSzPAvIb7zJj8lmLmzOZ+cCuOfZJG37QrLefMztLQAq2676VQr3wjBU4tcbk
FJctn5cb7VIR/act/aW0mutnPF3fBKO8d0ILFj2j72cuWL5dFlWu6biF/GR2hodE
gQpIcDAfaOKxM2XK7Ii8wBizqgZAo6vVBGsJgC6TiQEiBBABAgAMBQJbC0a8BQMA
EnUAAAoJEJcQuJvKV618gjIH/ib3CEeXjKb5unUoZTSRUiHNRyL8WBnF6jTD8zw3
+8SkBWTZQnlO/29HTU5hth99yG5VoN2wooVusYZuPMXUEoR1DHpPRzR4JeZ2TmON
sB6siXYqpoO4TkSCh0utCzm3SADSiie8rq0ijWNiuooVBfFTiyrrJ4TifS1jP58t
CWWkmb0JcO41jVtGeGLDeYfTcR7iiuYh5EddHeqw4d1WwwE9VnYyy7inR/yyBCFF
I+zHyQ7IXVLlzJkKOIZEWdYsSsbA4LXTaVNRHP73UlONPJLVEdbcgm4GG20WLrFj
eH0E7RQABypCFFZMAovqKhrcc2DuGQjSb1TF3trRp43L9ceJAbMEEAEKAB0WIQQc
kUEqiCSCZfLZBb/QmabVW538jAUCW2q2/wAKCRDQmabVW538jDemC/9ZpRxijeVX
8LjouNaVOh0+TJfQbEpZOIBuoP88m2O9jZoEsRiRLMyd4+3v8TiYZYobPrVZ5/Cl
pX33XmblRq3y2FKnnI8cKKiKqGKpmscV2IbGR53GaV6DYfqTva/sCmAQmKeyLuvo
+t5I7SN1I32vathkvlMxq0YH79PSG3BYYASLOEg9D8eyqKn8DBdsw9uuKnXdzBFB
T+UjqO3Pw8+pD6D2bSQSSYldKTCxwtiZFl2TtrCyWVM03rP3lKSOIx+9xNNw1T4X
mpbflYejFpWj+pAjmTI3Qfy4O5e582F8gUnrlZ3g3R/7jMOmKXw7xpQikFgtfFYo
MZjBd9bs8LhCdyi9KnVLeq3Svd+HaVLb7KS2pk9bcXvpZBja7A1F2U5yBX7dGGg5
1kCgNb/FXhmjb2MrHCNSPCqks4nzvUzsdviI4Q+gjYgZMaytj0uRmAe3bsC1WnMt
QFI+hjKbay92m9OUCen1nwtwxKrv1JeSN08id3UlRK2Y2yyt3NwZtOOJAlQEEwEI
AD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQTVHmTT5j7cPu94ZM7ix11o
5iNLBwUCW/fvvAUJA7ze2wAKCRDix11o5iNLB+GeD/9Y2FmqvRK243gpth1Ab4Vj
5ouKMuGJUjeLiPrBSKz7tRYU0xQZ4+wFSsXvM6vOjhWnXoVJGGGm94hsMxUmDjIa
XPA36Nmv0UG8XzORs6qNqORMXes7KpJAKllWB5qZG3pziAZBM7B/DEHgrmZWDiu/
rkhIgqMtS0JnbuCkPp4mzbkuHJlCcjrkkekcORVqvuhDadta/S2fbCutQoET2FEz
kmfXEZodiStjE94c0MeurElQNs98mFxrngz31uz1C6bcqRPVZZTn/S2sDRXx5Rlr
3fPJ0s3KcklypuopRgG86enMv/SXeF19+aiWlRdYWuUU+U4tVCUrgpzqhCpLYpYH
JJAeD2SVO2jWn1yk1kTew7n5R+V7JdbR03oNxT/GLChgon/7Hglli2+of+Q/uC97
ajOcSwszDqTZBmg7UaKESmhek57Ozjr4RH9gbHhkXad7ZuZifOg45kFsZfCwxlM1
pr1AkdtzVvP2OOMgUFzXOat2LSexuOW8u6ARghtJv9Y/TArAbrrNNq2yVEhDa6eV
Qk2dZvQThUuDP3KrntCm/FLsPfXZ1lXQ2cDCHIMj7nhcCK9dNBvR8AZ9yBu0p0qk
lvV1wAxv1Y4GemsErtcuxZsmPm/mcHcC5Z6vs2FTIkH+iBZC2pFRjVsBwjhwHXMX
Bir88vSxt8AcPHFkQXpeGIkCVAQTAQgAPhYhBNUeZNPmPtw+73hkzuLHXWjmI0sH
BQJaPTnhAhsDBQkB4TOABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEOLHXWjm
I0sHLZIQAIovDkggSMkgjxUn92ZNwTTR8KwKM2tKy9EItpWJl5p0j/5mXFfNsDg7
R93sJnimrS1bOSAiJHN5P+I0gNXOME8pP55B+oM3ttHJbOfUb30gVktlvNILhFxZ
W+TO//LD5KK20TupRe31GOVN6hF9h0WY+EhX2W3tFMVTy48BakwxRa2EbBHLRhE3
Uvo+I+tFSnRNpMyZSo1+Kj4ZGI7tKBNzW9QNTSCB06fhrC3SeAfn3lHCTmbJG42Z
DNY5Yyc9XdBzFoPwXu+kQJ01aI46SwpPjc1tn6K4TJm6mDhyGuOlQfBBoPrr/MOf
UFLJVxviZwy0XKQSaYepzvZDYPAnpfVQ5ig4XR+SN1bYpQua31TZTDuCmRGEUtTU
ZC8xCvzzLWsKa4U6VnPeMwcg3B6vL4r24wFb3hIQej1T7xaLkrTFzWBH8v7vLmQc
qRSvpkU05N9LP+M/C6Q4CMzgPdv3QFHQ5fKiBp/Csk8ZqJb+UsCKhRB/HBDkhxLK
NlMIQTXG7fdeSei6BE39EWqz/BpiJqPPsl9nrnA1nv4EGZefeq6U/fPJcMwszV4S
atGpU+STaU7OvIELSUV/N6KlU9QuFlFM69GfVncfC1K0bOXyA0hN3nakurOKEa6K
Uno8kcDyJkgUnnvmPKh/PmSEa3fRxK/InuCJftl1q3OfqHa0QEv9iQEiBBABAgAM
BQJchPx5BQMAEnUAAAoJEJcQuJvKV618VpkH/j51WqzA0b6SWMFu7vzTV2kSQduO
fgLpYmHSsAQPdeipnIbYQWftYxJ9obbRWjieVyO58g2aiJnorKPNcM0qh2XKszUk
dK5h0930SmDz86yFP4MVeAHIsZVub5c/oXC665IDzp4cqDIGftaX8xomIt9eoUOO
c+Zzp3/yW2wXd8tvpSMhnAU3RDK269DsjF+rz8OAcU5KufxtwyDzxNrha+xHrhp+
NLvCuWdbCvhrpeRWj46EkRfiSNZ2hAUWi6KgPdCR8bVD9eYfSIXa1HrSHHJQOb/Z
mPkF5voi21OPmeH88+WmnkYjUrKgD3b1toETsWgrT6iKmeomsmd+Dx5esCCJASIE
EAECAAwFAlyWyLcFAwASdQAACgkQlxC4m8pXrXwNiwf9Hd87+e2Nmg3QrXGhcTJg
lR0BW8x5FpKekYEJ6rYcbNsyd5mz0SU0FplU924HNgu9m4E8wSpvN6gUEbjMmp0M
yJBohxiyI+Ii5ZqZdg29GYX5IHxFn3x8IfVeOTXR4rtABwidl7eOeUT085iy81Vt
iiB0O/DHf3NhPInCtWkcXuQwEZGnm+Gjb3cpURtg7iOdU7gZFqzvfRt8dPLOJ3+c
nRikseh3bGscB8d3FloX9Yu4a/7QyAXgzcz28GWOhfbQ305Rtr6pnyXEEpaJL5De
xjYPtEVjbRvbFvTGHHlWRovkQLpdXXjXNY57efjIRVbASqpb19LgdwdyMXlcBrlN
xIkBIgQQAQgADAUCXKiU9wUDABJ1AAAKCRCXELibyletfLZsB/4mRQOQ3qnXOzvz
82ZBo1j5XxYzlwHL5qeVqxyyVvbq4obQmO6T4lABD1Fdn6WfqjnP+gCsnapCFC2e
UswxYUyt2m6EWREAsPHaacCsRqgL4FAZKIgdhlFkv8op0gUhs2++n892Asse9Nx7
ZAvkXJiC52LQjxO/HyD07+JmjHjQvvNYr9Lwrli1jqzNQaAYB7zgkxPUGVmLYdsQ
iaMNZq24NTahGwVzxZThZkdN34gOuazxWAxAqYkEmEvM7TucB8HQovxlUsUgw5yI
KkhMsZriZE69yhPMwby7mSJa7k3xjGchTkojKcszLRi+e1HgtTDVbD7fudGaHa0i
NDhEEygxiQEiBBABCAAMBQJcumE2BQMAEnUAAAoJEJcQuJvKV618Oi0IAKUTTb1Y
HIjPe1EAi5lEhnemClZTxhEDsoMJplV8X/hTpsByVhSZa+P7Lgdplko8r7iAXXJl
87hNiZensPB4SMM+/j5pQi+H8rbo03sZUzKmvcn0JT0cFM7sn/g7Q4aDOI9k78kd
XZA7lFRubn2j7QVQVS3BXMTIf8/vFqredK5z0diyLMC/6sCi+l1vAk2Kbf7e4v/X
7HETaDCfqHpIQOv0/VaS3q1NpmSeaYM9fCLOHi0KByEt7oGG7vX/SXkUCgVRF6T6
4oIHHBskm5nJVUzeZTPV9x+bVBy6svJHRkMMHI5bsrlGTnCDJHBTQMMRmef6D+Pj
qMfN6m38q5FGvw25Ag0EWj054QEQALdPQOlRT1omHljxnN64jFuDXXSIb6zqaBvU
wdYoDpV2dfRmzGklsCVA7WHXBmDWbUe9avgO3OO7ANw6/JzzYjP+jwImpJg7cSqT
qW8A1U6TYfGXVUV3a/obIEttl7bI9BsUNgmLsBYIwHov+gl/ajKQdALYHCmq3Bj6
o7BBeWPpVpk9dzjcsLVbmNszNGP1Ik5dKE0jZUi6h+YoVuJE9o/+T+jxoqFRpXNs
ZqWOEKmCHDz6TTs1iTp+CoZ/5g0eKph6XJ+TuNoqF9491IYEFn9oxzsoIBkewTY/
fJWmXf++cnpBODrZLF/GoRFc7MW9Kael9vmQ0J7mjM2bFs308lH0rRrfmdlLAU5i
KgPv0akxnnnUqvCcoekFMURDtP3z09KZXuOMnt834utd7WLe+LZD6dxs+rPhyDiW
80E8Bdlz1Jo+c2g6toIN+uD7/f5gwaZaXhJB0oO7fWSVVo+HJprWBnmf9frgKq1O
cS0BNvA+4Aip2hhFqWJAbUQXCyMaeU2WTWIzy0FQ6SEFFy/RM8O5O1HHsDYjtIic
9QJ/PqSD0qN7LMlkjR8AdWvAxm95i5GpxDZODldsOneeummvsn3I1jCoULTik7iJ
VdRuY1V3vfsYAkefGN/n2ga3MvatCJipwoCGsMgUXGTdokXOqKBgMBuBLCkxj2wl
ol2R9p8RABEBAAGJAjwEGAEIACYCGwwWIQTVHmTT5j7cPu94ZM7ix11o5iNLBwUC
YfqKGgUJC3+3OQAKCRDix11o5iNLB7puD/9TPP63NCPUvl2c2gO2G31YvK4XQvc8
jSGGHkhDXWnC+QxgYLu6O/f/MNt0Hegve8FSDMlLoDrBy217Jsc4uzPpykzesI9Y
BimCDJGvcNgCnu6WoYM3tOZYY5NdmGs6w9Dyu8tTIB+/PVA0rnJc4LJSu01FIYkq
u7mAaF/PKa0lD9TF38axN2EvYTfGuukAHrYnqTxoxPkqJJ+F0MoLHuqEHL3/clgM
95OiC+d/L5xmWMs7+ux/lT81bivLVwtcMCqJoJYjjeN/++auTvK6DWnx5vbEstQR
6CFNWRsvqcT6pMB0xFZVAwz2fTfdkE4CNpxlrxwfxCDVPvYTUQPzAve+qRIarRx7
K8npGSq2pMNBZLeaQXvZbslT9Scuu5NuHSCjrGQ5TpVg1yMpN39Pu3nnB0STwvOp
qcnaHGfvM0wURA7ValXh2xTLc6Oxe8hw+nAFFFXFBqou8qw1zD/DAQFUWGh+yu5q
9MxmtaewGA67fYf098EEqKql+sktYTa0cjDk6qdYkSO9clcLFkYZspmK04k2y1jO
7VYtlSdoeHH1ag+HWKx5KXdsWaE4dE+maUbcsRwc7UVC4111cv94mlOcSWpITxPG
kIV8ldNSpauzaAqHs3qaMO/5rBZbLMynvzjE30JFTdBiepvj88YeAPFols3qa8KO
00IsXQemR6I8Qw==
=QiAL
-----END PGP PUBLIC KEY BLOCK-----

Sorry for my late reply, what is the error message ?
The port is probably already occupied by another process. Try to change the port in the /home/protonmail/.config/protonmail/bridge/prefs.json file.
I finish just performed a new successful installation of Protonmail bridge on a new Debian server.
I updated the tutorial.

Thank you. Tested on clean Ubuntu Server 20.04 install and works fine (before restart).

Wouldn't you et an access denied when you try to access the cert from user protonmail home directory?

in .mbsyncrc
CertificateFile /home/protonmail/.config/prontonmail/bridge/cert.pem

Thanks for this guide. I confirm that this works fine in raspberry pi 3 with a 64bit image.

is there some way to do this on a Synology NAS? (docker?)

I wasn't able to enter an empty passphrase with gpg... ended up going the --batch method

$ cat ./batchthis 
%no-protection
Key-Type:1
Key-Length:2048
Subkey-Type:1
Subkey-Length:2048
Name-Real: Foo Bar (ProtonMail)
Name-Email: foo@bar.io
Expire-Date:0

$ gpg --armor --batch --gen-key  ./batchthis

root@dockersrv:/tmp# apt install qt5-default libqt5designer5 libqt5multimediawidgets5 libqt5quickwidgets5 libpulse-mainloop-glib0 libsecret-1-0 ttf-dejavu net-tools libsecret-common libsecret-tools
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package qt5-default is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'qt5-default' has no installation candidate
E: Unable to locate package ttf-dejavu

root@dockersrv:/tmp# apt install qt5-default libqt5designer5 libqt5multimediawidgets5 libqt5quickwidgets5 libpulse-mainloop-glib0 libsecret-1-0 ttf-dejavu net-tools libsecret-common libsecret-tools Reading package lists... Done Building dependency tree... Done Reading state information... Done Package qt5-default is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source

E: Package 'qt5-default' has no installation candidate E: Unable to locate package ttf-dejavu

I have this issue as well. Is there an update to the dependencies?

There is a way is to install all dependencies of qt5-defalt package with
sudo apt-get install qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools

I have to say thank you. I was pulling my hair out for a minute adding my SMTP settings to my server instance. Your directions worked flawlessly for me. @githubcom13 THANK YOU!

Hi there,

I was able to follow the guide and installed everything correctly, however when I ran some tests with nc, telnet and swaks, i get this error:

=== Trying localhost:1025...
*** Error connecting to localhost:1025:
***     IO::Socket::INET6: connect: Connection refused

Hi there,

I was able to follow the guide and installed everything correctly, however when I ran some tests with nc, telnet and swaks, i get this error:

=== Trying localhost:1025...
*** Error connecting to localhost:1025:
***     IO::Socket::INET6: connect: Connection refused

Check that port 1025 is open on your server

su protonmail
protonmail-bridge --cli

Does not work for me on newer versions (v.3.x.x, has worked on v1.x.x), throws

panic: runtime error: slice bounds out of range [90:63]
goroutine 1 [running]:
github.com/godbus/dbus.getSessionBusPlatformAddress()
        /home/ivan/.local/share/go/pkg/mod/github.com/godbus/dbus@v4.1.0+incompatible/conn_other.go:30 +0x1de
github.com/godbus/dbus.getSessionBusAddress()
        /home/ivan/.local/share/go/pkg/mod/github.com/godbus/dbus@v4.1.0+incompatible/conn.go:96 +0x106
github.com/godbus/dbus.SessionBusPrivate()
        /home/ivan/.local/share/go/pkg/mod/github.com/godbus/dbus@v4.1.0+incompatible/conn.go:101 +0x19
github.com/godbus/dbus.SessionBus()
        /home/ivan/.local/share/go/pkg/mod/github.com/godbus/dbus@v4.1.0+incompatible/conn.go:73 +0xc5
github.com/keybase/go-keychain/secretservice.NewService()
        /home/ivan/.local/share/go/pkg/mod/github.com/cuthix/go-keychain@v0.0.0-20220405075754-31e7cee908fe/secretservice/secretservice.go:73 +0x1d
github.com/ProtonMail/proton-bridge/v3/pkg/keychain.getSession()
        /home/ivan/.local/src/proton-bridge/pkg/keychain/helper_dbus_linux.go:43 +0x19
github.com/ProtonMail/proton-bridge/v3/pkg/keychain.(*SecretServiceDBusHelper).Add(0xc0001e8a80?, 0xc0003928d0)
        /home/ivan/.local/src/proton-bridge/pkg/keychain/helper_dbus_linux.go:98 +0x53
github.com/ProtonMail/proton-bridge/v3/pkg/keychain.isUsable({0x173aa20?, 0x217d340}, {0x0?, 0x0})
        /home/ivan/.local/src/proton-bridge/pkg/keychain/helper_linux.go:89 +0x26e
github.com/ProtonMail/proton-bridge/v3/pkg/keychain.init.0()
        /home/ivan/.local/src/proton-bridge/pkg/keychain/helper_linux.go:39 +0x52

However, it works in its own TTY. But then I have to type the email password and then bridge password manually (luckily, only once per machine).
Anyone has the same problem?

A couple thoughts here, as I'm trying to get this to work in a very low-memory system, so I don't really want a desktop environment running. This is a single-purpose VM, so I'm just using my user account. This VM is a Debian 12 server, with their GNOME desktop installed as well. I think all the packages above were OK, but I believe I also had to install dbus-x11.

This is a better way to generate gpg keys, without needing script or a separate --batch file. Replace USER with your email or something:
$ gpg --batch --passphrase '' --quick-gen-key USER default default
Check & activate the key as above.

Now I had to log into the actual desktop, which was really slow. The application "Passwords and Keys" wasn't installed by default, so I added that. Once you run it, you can right-click on the "login" keyring, and select "Change password". It'll ask for your user password, and then you can leave the new password fields blank. It warns you this is a terrible idea, but again, single-purpose VM.

Since I don't want gnome-desktop & such using up my memory, you can disable X11 on boot via:
$ sudo systemctl set-default multi-user.target
To re-enable:
$ sudo systemctl set-default graphical.target

Reboot, and give everything a try.

As a side note, I'm using getmail6 to backup up my email, and it doesn't speak STARTTLS, but there's an un-documented CLI command to switch to just "SSL":
>>> change imap-security

Of course, this option is available in the GUI client, so it's not a hack or anything. There's a similar option for SMTP, but I'm not using this for outgoing mail.
Hope this helps! And also that my notes are accurate!

Thanks, it was useful info. I am using ProtonMail Bridge v3.6.1, which, when run with option -h, lists --noninteractive as a supported option, but although that option is accepted, it doesn't seem to do anything. Perhaps work in progress. In the meantime, for those who prefer tmux rather than screen, here is my version of protonmail.sh:

#!/bin/bash

case "$1" in
  start)
    # Will create a tmux session in detached mode (background) with name "protonmail"
    tmux new-session -d -s protonmail protonmail-bridge --cli
    echo "Service started."
    ;;
  status)
    # ignore this block unless you understand how tmux works and that it only lists the current user's sessions
    if tmux has-session -t protonmail; then
      echo "Protonmail bridge service is ON."
    else
      echo "Protonmail bridge service is OFF."
    fi
    ;;
  stop)
    # Will quit a tmux session called "protonmail" and therefore terminate the running protonmail-bridge process
    tmux kill-session -t protonmail
    echo "Service stopped."
    ;;
  *)
    echo "Unknown command: $1"
    exit 1
  ;;
esac

Thanks, it was useful info. I am using ProtonMail Bridge v3.6.1, which, when run with option -h, lists --noninteractive as a supported option, but although that option is accepted, it doesn't seem to do anything. Perhaps work in progress. In the meantime, for those who prefer tmux rather than screen, here is my version of protonmail.sh:

#!/bin/bash

case "$1" in
  start)
    # Will create a tmux session in detached mode (background) with name "protonmail"
    tmux new-session -d -s protonmail protonmail-bridge --cli
    echo "Service started."
    ;;
  status)
    # ignore this block unless you understand how tmux works and that it only lists the current user's sessions
    result=$(screen -list | grep protonmail)
    if tmux has-session -t protonmail; then
      echo "Protonmail bridge service is ON."
    else
      echo "Protonmail bridge service is OFF."
    fi
    ;;
  stop)
    # Will quit a tmux session called "protonmail" and therefore terminate the running protonmail-bridge process
    tmux kill-session -t protonmail
    echo "Service stopped."
    ;;
  *)
    echo "Unknown command: $1"
    exit 1
  ;;
esac

Your status section still references screen, I'm sure there is a simple tmux equivalent but I'd have to look it up as I'm not that familiar

Your status section still references screen, I'm sure there is a simple tmux equivalent but I'd have to look it up as I'm not that familiar

Indeed, thanks for noticing. That line result=$(screen -list | grep protonmail) should be deleted. The tmux equivalent on on the next line. I have updated my original listing.