Microsoft 365 con mbsync msmtp su Debian
Questo post è la guida tecnica che segue quanto scritto qui:
https://alanleoni.ch/posts/dopo-mesi-di-silenzio-mi-sono-arrangiato/
Obiettivo
Replicare l’uso della posta di scuola in ambiente GNU/Linux minimale:
- Login Microsoft:
ybn750@edu.ti.ch - From:
alan.leoni@edu.ti.ch - Solo INBOX
- Sync: PullNew + PushFlags
- Token OAuth cifrato con GPG
- Script salvato in:
~/tech/3-risorse/script/ - Ambiente: Debian stable + i3wm
1. Installazione pacchetti
sudo apt update
sudo apt install isync msmtp msmtp-mta \
gnupg pinentry-curses \
libsasl2-modules libsasl2-modules-db \
git build-essential autoconf automake libtool \
libsasl2-dev ca-certificates wget
2. Configurazione GPG
Chiave già esistente:
- ID:
47AFB00CEE84B613 - Recipient:
alan.leoni@edu.ti.ch
Setup ambiente i3
echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
source ~/.bashrc
gpgconf --launch gpg-agent
Impostare pinentry:
sudo update-alternatives --config pinentry
Selezionare: pinentry-curses
Test:
echo test | gpg --encrypt --recipient alan.leoni@edu.ti.ch > /tmp/test.gpg
gpg --decrypt /tmp/test.gpg
3. Installare plugin SASL XOAUTH2
cd /tmp
git clone https://github.com/moriyoshi/cyrus-sasl-xoauth2.git
cd cyrus-sasl-xoauth2
./autogen.sh
./configure --prefix=/usr
make
sudo make install
Importante (Debian stable): verifica path libreria SASL
Su Debian stable spesso libxoauth2.so viene installata in:
/usr/lib/sasl2/
Ma Cyrus SASL cerca i plugin in:
/usr/lib/x86_64-linux-gnu/sasl2/
Verifica dove si trova:
sudo find /usr/lib -name "libxoauth2.so"
Verifica dove SASL cerca i moduli:
ls /usr/lib/x86_64-linux-gnu/sasl2/
Se necessario creare un symlink:
sudo ln -sf /usr/lib/sasl2/libxoauth2.so \
/usr/lib/x86_64-linux-gnu/sasl2/libxoauth2.so
Verifica finale:
ls /usr/lib/x86_64-linux-gnu/sasl2 | grep xoauth
Se non compare nulla, mbsync restituirà:
SASL(-4): no mechanism available: No worthy mechs found
4. Installare mutt_oauth2.py
mkdir -p ~/tech/3-risorse/script
wget -O ~/tech/3-risorse/script/mutt_oauth2.py \
https://raw.githubusercontent.com/muttmua/mutt/master/contrib/mutt_oauth2.py
chmod +x ~/tech/3-risorse/script/mutt_oauth2.py
5. Patch mutt_oauth2.py
Aprire:
nano ~/tech/3-risorse/script/mutt_oauth2.py
A) Recipient GPG
Sostituire ENCRYPTION_PIPE con:
ENCRYPTION_PIPE = ['gpg', '--encrypt', '--recipient', 'alan.leoni@edu.ti.ch']
B) Client ID Microsoft (Thunderbird)
Nella sezione microsoft sostituire client_id con:
client_id = "9e5f94bc-e8a4-4e73-b8be-63364c29d753"
6. Autorizzazione OAuth
rm -f ~/.m365-edu.json
~/tech/3-risorse/script/mutt_oauth2.py \
--verbose \
--authorize \
--authflow devicecode \
~/.m365-edu.json
Risposte:
- microsoft
- devicecode
- ybn750@edu.ti.ch
Autorizzare su:
https://microsoft.com/devicelogin
Test:
~/tech/3-risorse/script/mutt_oauth2.py --test ~/.m365-edu.json
7. Configurazione mbsync
File: ~/.mbsyncrc
IMAPAccount edu365
Host outlook.office365.com
User ybn750@edu.ti.ch
AuthMechs XOAUTH2
PassCmd "/home/leo/tech/3-risorse/script/mutt_oauth2.py ~/.m365-edu.json"
TLSType IMAPS
CertificateFile /etc/ssl/certs/ca-certificates.crt
IMAPStore edu-remote
Account edu365
MaildirStore edu-local
Path /home/leo/Mail/edu/
Inbox /home/leo/Mail/edu/INBOX
SubFolders Verbatim
Channel edu
Far :edu-remote:
Near :edu-local:
Patterns INBOX
Sync PullNew PushFlags
Create Near
SyncState *
Test:
mbsync -V edu
8. Configurazione msmtp
File: ~/.msmtprc
account Edu
host smtp.office365.com
port 587
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
auth xoauth2
user ybn750@edu.ti.ch
from alan.leoni@edu.ti.ch
passwordeval "/home/leo/tech/3-risorse/script/mutt_oauth2.py ~/.m365-edu.json"
Permessi corretti:
chmod 600 ~/.msmtprc
Test invio:
printf "Subject: test\n\nciao\n" | msmtp alan.leoni@edu.ti.ch