diff --git a/README.md b/README.md index f13c0861..e5fea0ce 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,10 @@ - [Nix](#nix) - [Sources](#sources) - [Configuration](#configuration) + - [Proton Mail](#proton-mail) - [Gmail](#gmail) + - [Outlook](#outlook) + - [iCloud Mail](#icloud-mail) - [Usage](#usage) - [Shared API](#shared-api) - [Protocol-specific APIs](#protocol-specific-apis) @@ -186,6 +189,32 @@ Override the path with `-c `; multiple paths can be passed at once, separa Accounts can be (re)configured later with `himalaya account configure `. The wizard skips discovery in this mode: it reuses the existing values as prompt defaults. +### Proton Mail + +Proton does not expose IMAP/SMTP directly: run [Proton Bridge](https://proton.me/mail/bridge), which synchronizes mail locally and serves it on a local IMAP/SMTP endpoint. The password is the one generated by the Bridge, not your Proton account password. + +```toml +[accounts.proton] + +imap.server = "imap://127.0.0.1:1143" +imap.sasl.plain.username = "example@proton.me" +imap.sasl.plain.password.command = "pass show proton-bridge" + +smtp.server = "smtp://127.0.0.1:1025" +smtp.sasl.plain.username = "example@proton.me" +smtp.sasl.plain.password.command = "pass show proton-bridge" +``` + +To keep TLS on the local link, export the certificate generated by the Bridge and enable STARTTLS: + +```toml +imap.starttls = true +imap.tls.cert = "/path/to/exported/cert.pem" + +smtp.starttls = true +smtp.tls.cert = "/path/to/exported/cert.pem" +``` + ### Gmail Gmail rejects the account password over SASL PLAIN: generate an [app password](https://myaccount.google.com/apppasswords) (requires 2-step verification) and feed it through `password.command` or `password.raw`. @@ -211,6 +240,42 @@ mailbox.alias.archive = "[Gmail]/All Mail" Every Gmail label shows up as a top-level IMAP mailbox, and the special mailboxes live under the `[Gmail]/` prefix — quote them in the shell (`-m "[Gmail]/Drafts"`) or reach them through an alias. `[Gmail]/All Mail` is the archive containing every message: aliasing it makes "search everything" one flag away (`himalaya envelope search -m archive ...`). +### Outlook + +Microsoft has retired basic authentication: use OAuth 2.0 via `oauthbearer` or `xoauth2`, with the access token supplied by an external helper such as [ortie](https://github.com/pimalaya/ortie). + +```toml +[accounts.outlook] + +imap.server = "imaps://outlook.office365.com:993" +imap.sasl.xoauth2.username = "example@outlook.com" +imap.sasl.xoauth2.token.command = ["ortie", "token", "read", "outlook"] + +smtp.server = "smtp://smtp-mail.outlook.com:587" +smtp.starttls = true +smtp.sasl.xoauth2.username = "example@outlook.com" +smtp.sasl.xoauth2.token.command = ["ortie", "token", "read", "outlook"] +``` + +### iCloud Mail + +From the [iCloud Mail](https://support.apple.com/en-us/HT202304) support page: the IMAP login is the name of your address (`johnappleseed`, not `johnappleseed@icloud.com`) while the SMTP login is the full address, and a dedicated [app-specific password](https://support.apple.com/en-us/HT204397) is required. + +```toml +[accounts.icloud] + +imap.server = "imaps://imap.mail.me.com:993" +imap.sasl.plain.username = "johnappleseed" +imap.sasl.plain.password.command = "pass show icloud" + +smtp.server = "smtp://smtp.mail.me.com:587" +smtp.starttls = true +smtp.sasl.plain.username = "johnappleseed@icloud.com" +smtp.sasl.plain.password.command = "pass show icloud" + +mailbox.alias.sent = "Sent Messages" +``` + ## Usage ### Shared API