Skip to content

Instantly share code, notes, and snippets.

@ptn

ptn/spam.md

Last active December 28, 2020 15:19
Show Gist options
  • Save ptn/6a0bbc02d893c83585c11bfb62287013 to your computer and use it in GitHub Desktop.
Save ptn/6a0bbc02d893c83585c11bfb62287013 to your computer and use it in GitHub Desktop.
Download ZIP
Doom Emacs + mu4e + ProtonMail Bridge: mail always ends up in Spam
Raw
spam.md

Solution

When you install Bridge, you're supposed to get a certificate in ~/.config/protonmail/bridge, but I didn't get it. I extracted it with:

   openssl s_client -starttls smtp -connect 127.0.0.1:1025 -showcerts

and saved it at ~/.cert/protonmail.smtp.crt. I then had to point gnutls to it, I used the customize interface and now I have this entry in my custom.el:

   '(gnutls-trustfiles
     '(DEFAULT VALUES FIRST "/Users/ptorres/.cert/protonmail.smtp.crt"))

On your first mail send, gnutls will ask if it should trust the certificate, as it's signed by localhost (not a CA). I trusted it, and now my emails don't go to Spam.

What's the Problem?

I am sending email through ProtonMail's Bridge using Emacs' mu4e (with Doom Emacs), and recipient always receives it in Spam. Gmail shows this message as a red banner on the email:

rr.com did not encrypt this message

and ProtonMail shows this:

This email has failed its domain's authentication requirements. It may be spoofed or improperly forwarded!

Configuration and Error Messages

I am composing with org-msg and sending via M-x mail-send. My Doom Emacs config.el contains this block:

(set-email-account! "protonmail.com"
  '((mu4e-sent-folder       . "/proton/Sent Mail")
    (mu4e-drafts-folder     . "/proton/Drafts")
    (mu4e-trash-folder      . "/proton/Trash")
    (mu4e-refile-folder     . "/proton/All Mail")
    (smtpmail-smtp-user     . "my-user@protonmail.com")
    (smtpmail-auth-credentials . "~/.authinfo.gpg")
    (smtpmail-smtp-server   . "127.0.0.1")
    (smtpmail-smtp-service  . 1025)
    (mu4e-compose-signature . "---\n~ Pablo")
    (user-mail-address . "my-user@protonmail.com"))
  t)

My authinfo.gpg looks like this:

machine 127.0.0.1 port 1025 login my-user@protonmail.com password BRIDGE_PWD

If I instead use:

machine 127.0.0.1 port 1025 login my-user@protonmail.com password BRIDGE_PWD cert ~/.cert/protonmail.smtp.cert

where the cert file was generated with:

$ openssl s_client -starttls smtp -connect 127.0.0.1:1025 -showcerts

then they are not received at all, and I see this in my Messages buffer:

gnutls-negotiate: Certificate validation failed 127.0.0.1, verification code 42

I also get this from gnutls-cli:

$ gnutls-cli localhost -p 1025
Processed 164 CA certificate(s).
Resolving 'localhost:1025'...
Connecting to '::1:1025'...
Connecting to '127.0.0.1:1025'...
|<1>| Received record packet of unknown type 50
\*** Fatal error: An unexpected TLS packet was received.

Questions

  1. Am I not pointing Emacs' smtpmail to my certificate correctly?
  2. Should I not be generating one at all? Kinda sounds like I should be using a ProtonMail-issued certificate...?
  3. Is that even the problem?
@ptn
Copy link
Author

ptn commented Dec 27, 2020

Also asked here:

https://www.reddit.com/r/emacs/comments/kkuow9/xpost_sending_mail_via_protonmail_bridge_mu4e/
https://www.reddit.com/r/ProtonMail/comments/kkun57/my_emails_from_emacs_mu4e_always_go_to_spam/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment