October 3, 2023

Start using Mutt: a setup with GPG, mbsync, msmtp and notmuch

This is a blog post documenting how I set up Mutt with GPG (to store encrypted passwords), mbsync, msmtp and notmuch on GNU/Linux. I will write up another blog post about setting up Mutt with GPG to encrypt and sign emails.

Table of contents:

  • Set up Mutt
  • Store your password in an encrypted file with GPG
  • Set up mbsync to download and store emails locally
  • Set up msmtp to send emails
  • Set up notmuch to index and query your email database

Set up Mutt

Download Mutt:

$ sudo apt install mutt

or download Mutt using the package manager of the distribution you use.

Now find Mutt’s configuration file i.e. muttrc. Mine was in ~/.config/mutt/ (I think), but I moved it to ~/.muttrc for easy access.

Now we will write up Mutt’s configuration file. I will post a somehow reduced configuration to get started with. I am assuming you want to get Mutt to work so you can use asap - and then later personalise your configuration file. If you want, you can check out my actual .muttrc here.

So, this is a Mutt configuration file you should be able to start with:

# Char encoding
set send_charset="utf-8" 
set assumed_charset="iso-8859-1"

# Account settings
set from = your_email_address
set realname = 'First_name last_name' 

# Storage settings
set mbox_type = Maildir # type of mailbox format to use; well explained in the manual of Mutt
set folder = "~/Mail/name_of_account/" # folders from which to retrieve emails 

# msmtp settings
set sendmail = "msmtp -a name_of_account"

# cache settings (optional)
set header_cache = "~/Mail/name_of_account/" # optional - speeds up opening large folders
set message_cachedir = "~/Mail/name_of_account/" # optional - speeds up loading messages 

# mailbox settings
set spoolfile=+INBOX 
set postponed = +Drafts
set record = +Sent
set trash = +Trash # tells mutt to store deleted message to folder Trash

name_of_account is arbitrary. It can be email or your username, for example.

Store your password in an encrypted file

Before we move on and set up mbsync we will store the password of your email account in an encrypted file. You do not want to store passwords plain text in your configuration files which you might share in the future. To encrypt your files, you need GnuPG (or GPG) and your own encryption key pair1

If you don’t have GPG key pair, run2

$ sudo apt install gpg # download GnuPG
$ gpg --full-generate-key # start the dialogue interface to generate a key pair

Now you have GPG installed and a GPG key pair on your computer. You will use GPG and your GPG key pair to create and store the password of your email account in an encrypted file.

First create a plain text file containing the password of your email account3

$ cat > path/to/mutt/config/directory/email_password.txt << EOF
> type_your_password

Next feed gpg the unencrypted text file you’ve just created for gpg to create an encrypted copy of that file i.e. a file ending with .gpg.

$ gpg -r your_gpg_id -e path/to/mutt/config/directory/email_password.txt

your_gpg_id is the name or the email address you used when you generated a GPG key pair.

Check that the file was created, run:

$ file email_password.gpg

which should return something like:

email_password.gpg: PGP RSA encrypted session key - keyid: ... RSA (Encrypt or Sign) 3072b 

which tells you that the file is encrypted.

Now you can delete the file where your password is stored in plain text:

$ shred email_password.txt
$ rm -i email_password.txt

That is it! You now have an encrypted file containing your password. You can instruct configuration files to retrieve your password from email_password.gpg instead of having your password scattered around in plain text. That is what we will do below as we set up mbsync and msmtp.

Set up mbsync to download and store emails locally

We download mbsync:

$ sudo apt install isync

I am still learning and fiddling with mbsync, but that’s my current configuration. Look for ~/.mbsync on your computer and edit it with this configuration:

SyncState *
Sync Pull All Push All # not sure
IMAPAccount name_of_account
Host incoming_server_address_of_the_email_provider_you_use
Port 993 # maybe - check the documentation of your email provider
User your_email_address
PassCmd "gpg -dq $HOME/.config/mutt/email_password.gpg" # see explanation in the previous section
SSLType  IMAPS # or something else - check the documentation of your email provider and the manpage of mbsync
AuthMechs PLAIN # or something else - check the documentation of your email provider and the manpage of mbsync

IMAPStore name_of_account-remote
Account name_of_account
MaildirStore name_of_account-local
SubFolders Verbatim
Inbox ~/Mail/name_of_account/INBOX
Path ~/Mail/name_of_account/ # the trailing "/" matters
Flatten . # useful with Mutt according to mbsync manpage
Channel name_of_account
Master :name_of_account-remote:
Slave :name_of_account-local:
# Patterns *
Create Both
Expunge Both

Now you should be able to download your emails. To do so run:

$ mbsync - a

The terminal should print something like this:

C: 1/1  B: 1/1  M: +0/0 *13/13 #0/0  S: +1/1 *0/0 #0/0

or an error message. If so, troubleshoot. Email me if you have problems.

If mbsync does not complain, open Mutt:

$ mutt

You should see your messages. You can’t send email though - yet. We will take care of that now.

Set up msmtp to send emails

Download msmtp:

$ sudo apt install msmtp

The configuration file should be ~/.msmtprc. Mine looks like this below - comments are from another configuration file I used4.

# Set default values for all following accounts.

# Authentication must be used for sending
# Each account will use a different method
auth on

# Always us TLS
tls on

# Set a list of trusted CAs for TLS. The default is to use system settings, but
# you can select your own file.
tls_trust_file /etc/ssl/certs/ca-certificates.crt

# This is the log file - comment it out to stop it collecting
logfile ~/.msmtp/log/msmtp.log

account name_of_account
host mail.email_provider.net # URL of outgoing (SMTP) server name of your email provider
port 587 # maybe - check the documentation of your email provider

from your_email_address
user your_email_address
passwordeval "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.config/mutt/email_password.gpg"

To check whether your configuration of msmtp works, try sending an email from the command line:

$ echo "I am sending this email from the command line" | msmtp -a name_of_acccount -- email_address_of_the_recipient

name_of_acccount is the exact same as the one used in the configuration files.

If sending an email from the command line with msmtp fails, read the output message and troubleshoot. If the recepient received the email, try sending an email from within Mutt.

At this point you should have a Mutt setup with mbsync and msmtp with which you can download, browse and send emails.

Set up notmuch to index and query your email database

Mutt can search for emails. However I find it easier to use the programme notmuch5.

The configuration of notmuch with Mutt is easy. notmuch has a script which does the job for you6.

To download notmuch run7:

$ sudo apt notmuch notmuch-mutt

To start the dialogue interface to set up notmuch run8:

$ notmuch setup

Answer the questions9.

And then run:

$ notmuch new

to index your emails.

Now open mutt i.e. $ mutt and type f810. Your terminal should print this:

search ('?' for man): 

Type a search term or checkout the manual of notmuch by pressing ?.

Don’t forget to run $ notmuch new to incorporate new emails into the database11.

You are done. You should have Mutt setup with mbsync, msmtp and notmuch - and your password encrypted with GPG. Let me know if you have any issue, feedback or questions.

What’s next?

Use the manpages and help menu of Mutt, mbsync, msmtp and notmuch to figure things out. Everything is in there. If you are stuck in Mutt and don’t know how to do something, press ?. Mutt will display all the keybindings.

When I first started, I was wondering how to undelete message, create aliases and tell Mutt I want to use Vim for text editing. You might also want to setup more convenient keybindings or change colors. Take a look at my current Mutt configuration file to get some ideas of what you can do.


I got the above done thanks to:

See also:

  1. to learn about encryption keys read https://www.gnupg.org/gph/en/manual/c173.html and https://www.gnupg.org/gph/en/manual/c14.html)↩︎

  2. You might want to store your private key offline and create another subkey to encrypt emails, but that is another project. If you want to do so I’d suggest reading https://wiki.debian.org/Subkeys.↩︎

  3. To learn more about the syntax used here, read https://yctct.com/add-multiple-lines↩︎

  4. https://futurile.net/resources/msmtp-a-simple-mail-transfer-agent/↩︎

  5. https://notmuchmail.org/↩︎

  6. https://notmuchmail.org/notmuch-mutt/↩︎

  7. I suspect skipping notmuch-mutt also downloads the script. I have not tried though.↩︎

  8. https://upsilon.cc/~zack/blog/posts/2011/01/how_to_use_Notmuch_with_Mutt/↩︎

  9. You can see the configuration file notmuch generated by running $ less ~/.notmuch-config.↩︎

  10. The man page of notmuch-mutt stipulates that macros should be added the configuration of Mutt. Three macros, including f8, already exist in /etc/Muttrc.d/notmuch-mutt.rc .↩︎

  11. The manual of notmuch stipulates that a cron job or a hook could be used to automate. I might do that in the future.↩︎


I do self-funded research and I'm writing a book.

> What's the book about?

About technologies and agency.

Meaning, technologies can foster agency. No doubt. But I am also asking:

Can usage of technologies give us a sense of empowerment while in fact undermining our abilities?

I posted a summary of the prologue on the homepage: https://yctct.com/


personal computing command-line interface (cli) gnu linux trisquel shell literacy office applications wiki mutt mbsync msmtp notmuch start using gpg

No affiliate links, no analytics, no tracking, no cookies. This work © 2016-2024 by yctct.com is licensed under CC BY-ND 4.0 .   about me   contact me   all entries & tags   FAQ   GPG public key

GPG fingerprint: 2E0F FB60 7FEF 11D0 FB45 4DDC E979 E52A 7036 7A88