Chapter 6. Optional Features

Mutt supports several of optional features which can be enabled or disabled at compile-time by giving the configure script certain arguments. These are listed in the “Optional features” section of the configure --help output.

Which features are enabled or disabled can later be determined from the output of mutt -v. If a compile option starts with “+” it is enabled and disabled if prefixed with “-”. For example, if Mutt was compiled using GnuTLS for encrypted communication instead of OpenSSL, mutt -v would contain:

-USE_SSL_OPENSSL +USE_SSL_GNUTLS

Mutt optionally supports the IMAP, POP3 and SMTP protocols which require to access servers using URLs. The canonical syntax for specifying URLs in Mutt is (an item enclosed in [] means it is optional and may be omitted):

proto[s]://[username[:password]@]server[:port][/path]

proto is the communication protocol: imap for IMAP, pop for POP3 and smtp for SMTP. If “s” for “secure communication” is appended, Mutt will attempt to establish an encrypted communication using SSL or TLS.

Since all protocols supported by Mutt support/require authentication, login credentials may be specified in the URL. This has the advantage that multiple IMAP, POP3 or SMTP servers may be specified (which isn't possible using, for example, $imap_user). The username may contain the “@” symbol being used by many mail systems as part of the login name. The special characters “/” (%2F), “:” (%3A) and “%” (%25) have to be URL-encoded in usernames using the %-notation.

A password can be given, too but is not recommended if the URL is specified in a configuration file on disk.

If no port number is given, Mutt will use the system's default for the given protocol (usually consulting /etc/services).

The optional path is only relevant for IMAP and ignored elsewhere.

pops://host/
imaps://user@host/INBOX/Sent
smtp://user@host:587/

When non-secure URL protocols imap://, pop://, and smtp:// are used, the initial connection to the server will be unencrypted. STARTTLS can be used to negotiate an encrypted connection after the initial unencrypted connection and exchange.

Two configuration variables control Mutt's behavior with STARTTLS. $ssl_starttls will initiate STARTTLS if the server advertises support for it. $ssl_force_tls will always try to initiate it, whether the server advertises support or not.

Mutt highly recommends setting $ssl_force_tls unless you need to connect to an unencrypted server. It's possible for an attacker to spoof interactions during the initial connection and hide support for STARTTLS. The only way to prevent these attacks is by forcing STARTTLS with the $ssl_force_tls configuration variable.

When connecting through a $tunnel and $tunnel_is_secure is set (the default), Mutt will assume the connection to the server through the pipe is already secured. Mutt will ignore $ssl_starttls and $ssl_force_tls, behaving as if TLS has already been negotiated.

When $tunnel_is_secure is unset, Mutt will respect the values of $ssl_starttls and $ssl_force_tls. It is highly recommended to set $ssl_force_tls in this case, to force STARTTLS negotiation. Note that doing so will prevent connection to an IMAP server configured for preauthentication (PREAUTH). If you use this configuration, it is recommended to use a secure tunnel.

As of version 1.2, Mutt supports browsing mailboxes on an IMAP server. This is mostly the same as the local file browser, with the following differences:

Mutt supports four authentication methods with IMAP servers: SASL, GSSAPI, CRAM-MD5, and LOGIN (there is a patch by Grant Edwards to add NTLM authentication for you poor exchange users out there, but it has yet to be integrated into the main tree). There is also support for the pseudo-protocol ANONYMOUS, which allows you to log in to a public IMAP server without having an account. To use ANONYMOUS, simply make your username blank or “anonymous”.

SASL is a special super-authenticator, which selects among several protocols (including GSSAPI, CRAM-MD5, ANONYMOUS, and DIGEST-MD5) the most secure method available on your host and the server. Using some of these methods (including DIGEST-MD5 and possibly GSSAPI), your entire session will be encrypted and invisible to those teeming network snoops. It is the best option if you have it. To use it, you must have the Cyrus SASL library installed on your system and compile Mutt with the --with-sasl flag.

Mutt will try whichever methods are compiled in and available on the server, in the following order: SASL, ANONYMOUS, GSSAPI, CRAM-MD5, LOGIN.

There are a few variables which control authentication:

Support for the deprecated XOAUTH2 protocol is also available. To enable this, add “xoauth2” to the $imap_authenticators, $pop_authenticators, or $smtp_authenticators config variables. XOAUTH2 uses the same refresh command configuration variables as OAUTHBEARER: $imap_oauth_refresh_command, $pop_oauth_refresh_command, and $smtp_oauth_refresh_command. Those will need to be set to a script to generate the appropriate XOAUTH2 token.

Mutt provides optional support for caching message headers for the following types of folders: IMAP, POP, Maildir and MH. Header caching greatly speeds up opening large folders because for remote folders, headers usually only need to be downloaded once. For Maildir and MH, reading the headers from a single file is much faster than looking at possibly thousands of single files (since Maildir and MH use one file per message.)

Header caching can be enabled via the configure script and the --enable-hcache option. It's not turned on by default because external database libraries are required: one of tokyocabinet, kyotocabinet, lmdb, qdbm, gdbm or bdb must be present.

If enabled, $header_cache can be used to either point to a file or a directory. If set to point to a file, one database file for all folders will be used (which may result in lower performance), but one file per folder if it points to a directory.

Both cache methods can be combined using the same directory for storage (and for IMAP/POP even provide meaningful file names) which simplifies manual maintenance tasks.

In addition to caching message headers only, Mutt can also cache whole message bodies. This results in faster display of messages for POP and IMAP folders because messages usually have to be downloaded only once.

For configuration, the variable $message_cachedir must point to a directory. There, Mutt will create a hierarchy of subdirectories named like the account and mailbox path the cache is for.

For using both, header and body caching, $header_cache and $message_cachedir can be safely set to the same value.

In a header or body cache directory, Mutt creates a directory hierarchy named like: proto:user@hostname where proto is either “pop” or “imap.” Within there, for each folder, Mutt stores messages in single files and header caches in files with the “.hcache” extension. All files can be removed as needed if the consumed disk space becomes an issue as Mutt will silently fetch missing items again. Pathnames are always stored in UTF-8 encoding.

For Maildir and MH, the header cache files are named after the MD5 checksum of the path.

Mutt does not (yet) support maintenance features for header cache database files so that files have to be removed in case they grow too big. It depends on the database library used for header caching whether disk space freed by removing messages is re-used.

For body caches, Mutt can keep the local cache in sync with the remote mailbox if the $message_cache_clean variable is set. Cleaning means to remove messages from the cache which are no longer present in the mailbox which only happens when other mail clients or instances of Mutt using a different body cache location delete messages (Mutt itself removes deleted messages from the cache when syncing a mailbox). As cleaning can take a noticeable amount of time, it should not be set in general but only occasionally.

The Sidebar shows a list of all your mailboxes. The list can be turned on and off, it can be themed and the list style can be configured.

Sidebar adds the following functions to Mutt. By default, none of them are bound to keys.

This command specifies mailboxes that will always be displayed in the sidebar, even if $sidebar_new_mail_only is set and the mailbox does not contain new mail.

The “unsidebar_whitelist” command is used to remove a mailbox from the list of whitelisted mailboxes. Use “unsidebar_whitelist *” to remove all mailboxes.

If the sidebar_indicator color isn't set, then the default Mutt indicator color will be used (the color used in the index panel).

The Compressed Folder patch allows Mutt to read mailbox files that are compressed. But it isn't limited to compressed files. It works well with encrypted files, too. In fact, if you can create a program/script to convert to and from your format, then Mutt can read it.

The patch adds three hooks to Mutt: open-hook, close-hook and append-hook. They define commands to: uncompress a file; compress a file; append messages to an already compressed file.

There are some examples of both compressed and encrypted files, later. For now, the documentation will just concentrate on compressed files.

The shell-command must contain two placeholders for filenames: %f and %t. These represent “from” and “to” filenames. These placeholders should be placed inside single-quotes to prevent unintended shell expansions.

If you need the exact string “%f” or “%t” in your command, simply double up the “%” character, e.g. “%%f” or “%%t”.

open-hook regexp shell-command

open-hook '\.gz$' "gzip -cd '%f' > '%t'"

close-hook regexp shell-command

close-hook '\.gz$' "gzip -c '%t' > '%f'"

append-hook regexp shell-command

append-hook '\.gz$' "gzip -c '%t' >> '%f'"

Autocrypt requires support for ECC cryptography, and Mutt by default will generate ECC keys. Therefore GnuPG 2.1 or greater is required. Additionally, Mutt's Autocrypt implementation uses GPGME and requires at least version 1.8.0.

Account and peer information is stored in a sqlite3 database, and so Mutt must be configured with the --with-sqlite3 flag when autocrypt is enabled.

It is highly recommended Mutt be configured --with-idn or --with-idn2 so that Autocrypt can properly deal with international domain names.

While Mutt uses GPGME for Autocrypt, normal keyring operations can still be performed via classic mode (i.e. with $crypt_use_gpgme unset). However, to avoid unnecessary prompts, it is recommended gpg not be configured in loopback pinentry mode, and that $pgp_use_gpg_agent remain set (the default).

To enable Autocrypt, set $autocrypt, and if desired change the value of $autocrypt_dir in your muttrc. The first time Mutt is run after that, you will be prompted to create $autocrypt_dir. Mutt will then automatically create an sqlite3 database and GPG keyring in that directory. Note since these files should be considered private, Mutt will create this directory with mode 700. If you create the directory manually, you should do the same.

Mutt recommends keeping the $autocrypt_dir directory set differently from your GnuPG keyring directory (e.g. ~/.gnupg). Keys are automatically imported into the keyring from Autocrypt: headers. Compared to standard “web of trust” keys, Autocrypt keys are somewhat ephemeral, and the autocrypt database is used to track when keys change or fall out of use. Having these keys mixed in with your normal keyring will make it more difficult to use features such as $crypt_opportunistic_encrypt and Autocrypt at the same time.

The $autocrypt_dir variable is not designed to be changed while Mutt is running. The database is created (if necessary) and connected to during startup. Changing the variable can result in a situation where Mutt is looking in one place for the database and a different place for the GPG keyring, resulting in strange behavior.

Once the directory, keyring, and database are created, Mutt will ask whether you would like to create an account. In order to use Autocrypt, each sending address needs an account. As a convenience you can create an account during the first run. If you would like to add additional accounts later, this can be done via the <autocrypt-acct-menu> function in the index, by default bound to A.

Account creation will first ask you for an email address. Next, it will ask whether you want to create a new key or select an existing key. (Note key selection takes place from the $autocrypt_dir keyring, which will normally be empty during first run). Finally, it will ask whether this address should prefer encryption or not. Autocrypt 1.1 allows automatically enabling encryption if both sender and receiver have set “prefer encryption”. Otherwise, you will need to manually enable autocrypt encryption in the compose menu. For more details, see the compose menu section below.

After optionally creating an account, Mutt will prompt you to scan mailboxes for Autocrypt headers. This step occurs because header cached messages are not re-scanned for Autocrypt headers. Scanning during this step will temporarily disable the header cache while opening each mailbox. If you wish to do this manually later, you can simulate the same thing by unsetting $header_cache and opening a mailbox.

A final technical note: the first run process takes place between reading the muttrc and opening the initial mailbox. Some muttrc files will push macros to be run after opening the mailbox. To prevent this from interfering with the first run prompts, Mutt disables all macros during the first run.

When enabled, Autocrypt will add a line to the compose menu with two fields: Autocrypt: and Recommendation:.

The Autocrypt: field shows whether the message will be encrypted by Autocrypt when sent. It has two values: Encrypt and Off. Encrypt can be enabled using the <autocrypt-menu> function, by default bound to o.

The Recommendation: field shows the output of the Autocrypt recommendation engine. This can have one of five values:

As mentioned above the <autocrypt-menu> function, by default bound to o, can be used to change the Encrypt: field value. (e)ncrypt will toggle encryption on. (c)lear will toggle encryption off. If either of these are chosen, the field will remain in that state despite what the Recommendation: field shows. Lastly, (a)utomatic will set the value based on the recommendation engine's output.

Autocrypt encryption defers to normal encryption or signing. Anything that enables normal encryption or signing will cause autocrypt encryption to turn off. The only exception is when replying to an autocrypt-encrypted email (i.e. an email decrypted from the $autocrypt_dir keyring). Then, if $autocrypt_reply is set, autocrypt mode will be forced on, overriding the settings $crypt_autosign, $crypt_autoencrypt, $crypt_replyencrypt, $crypt_replysign, $crypt_replysignencrypted, and $crypt_opportunistic_encrypt.

When postponing a message, autocrypt will respect $postpone_encrypt, but will use the autocrypt account key to encrypt the message. Be sure to set $postpone_encrypt to ensure postponed messages marked for autocrypt encryption are encrypted.

The Autocrypt Account Menu is available from the index via <autocrypt-acct-menu>, by default bound to A. See Autocrypt Account Menu for the list of functions and their default keybindings.

In this menu, you can create new accounts, delete accounts, toggle an account active/inactive, and toggle the “prefer encryption” flag for an account.

Deleting an account only removes the account from the database. The GPG key is kept, to ensure you still have the ability to read past encrypted emails.

The Autocrypt 1.1 “Setup Message” feature is not available yet, but will be added in the future.

Mutt by default partitions Autocrypt from normal keyring encryption/signing. It does this by using a separate GPG keyring (in $autocrypt_dir) and creating a new ECC key in that keyring for accounts. There are good reasons for doing this by default. It keeps random keys found inside email headers out of your normal keyring. ECC keys are compact and better suited for email headers. Autocrypt key selection is completely different from “web of trust” key selection, based on last-seen rules as opposed to trust and validity. It also allows Mutt to distinguish Autocrypt encrypted emails from regular encrypted emails, and set the mode appropriately when replying to each type of email.

Still, some users may want to use an existing key from their normal keyring for Autocrypt too. There are two ways this can be accomplished. The recommended way is to set $autocrypt_dir to your normal keyring directory (e.g. ~/.gnupg). During account creation, choosing “(s)elect existing GPG key” will then list and allow selecting your existing key for the new account.

An alternative is to copy your key over to the Autocrypt keyring, but there is a severe downside. Mutt first tries to decrypt messages using the Autocrypt keyring, and if that fails tries the normal keyring second. This means all encrypted emails to that key will be decrypted, and have signatures verified from, the Autocrypt keyring. Keys signatures and web of trust from your normal keyring will no longer show up in signatures when decrypting.

For that reason, if you want to use an existing key from your normal keyring, it is recommended to just set $autocrypt_dir to ~/.gnupg. This allows “web of trust” to show an appropriate signature message for verified messages. Autocrypt header keys will be imported into your keyring, but if you don't want them mixed you should strongly consider using a separate autocrypt key and keyring instead.

Both methods have a couple additional caveats: