Trying to link to Protonmail

ElwoodSoup · December 5, 2020, 10:02pm

Hi guys,

I’m trying to use my Protonmail account through Nextcloud on Debian Buster and I think I’m making some good progress. I successfully followed this guide to build the Protonmail Bridge from source without a gui. I’m working on running it as a systemd service. I just can’t seem to get Nextcloud Mail to complete the configuration, I keep getting this error:

Creating account failed: Could not connect to IMAP host localhost:1143: Could not open secure TLS connection to the IMAP server.

I think I may have the same problem the guy writing that guide had, where Nextcloud isn’t trusting the self-signed certificate generated by the bridge app. I tried symlinking the certificate into /usr/lib/ssl/certs, same result. Any help would be appreciated.

ElwoodSoup · December 5, 2020, 11:57pm

If anyone else has similar problems, I got my setup working by using hydroxide instead of the standard bridge: https://github.com/emersion/hydroxide

eganonoa · January 12, 2021, 6:13pm

For anyone looking to address this without resorting to a third-party app like hydroxide, the solution using the official Protonmail Bridge is as follows:

Disable TLS verification for IMAP/SMTP in the Mail App: In your config.php add: ‘app.mail.verify-tls-peer’ => false (see mail/admin.md at master · nextcloud/mail · GitHub)
Set IMAP/SMTP Security to None: In the mail app when you are adding in your settings, choose “None” for IMAP and SMTP security. (see Bridge connection issues with Thunderbird, Outlook & Apple Mail - ProtonMail Support)

While not related to this specific question, note that the instructions in the article linked about building the protonmail bridge are outdated. You can directly build-nogui when building protonmail with latest releases. And there is no need to do the additional steps of creating folders for pass and gpg and adding to path.

And for anyone who is seeking it and comes here, if all you are after is setting it all up to use Protonmail for the standard smtp that can all be done without messing around with the config.php (at least in Nextcloud 20.0.4) as that will already work without checking for TLS verification if you select “None”.

wisdomlight · January 14, 2021, 9:45pm

Hi @eganonoa

Can I just confrim my understanding with you please.
Protonmail can be connected to the Nextcloud Mail App - simply by adding the following
Manual

Name
Name

Mail Address user@protonmail.com

IMAP Settings

IMAP Host imap.protonmail.tld

IMAP Security None
IMAP Port 993
IMAP User user@protonmail.com
IMAP Password - normal account password

SMTP Settings
SMTP Security None
SMTP Port 587
SMTP User user@protonmail.com
SMTP Password normal account password

eganonoa · January 14, 2021, 10:43pm

No. You need the bridge installed (as per above) and then need to use the bridge to connect.

IMAP Host 127.0.0.1

IMAP Security None
IMAP Port 1143
IMAP User user@protonmail.com
IMAP Password - bridge provided password

SMTP Settings
SMTP Security None
SMTP Port 1025
SMTP User user@protonmail.com
SMTP Password bridge provided password

vascocb · January 14, 2021, 11:37pm

I made a request for a Protonmail bridge with headless server support at their new feature request area.

Go there and vote

wisdomlight · January 15, 2021, 10:14am

The bridge should be installed on the same machine that hosts the NextcoudPi?
or on any machine that uses the same LAN?

eganonoa · January 15, 2021, 5:09pm

Same machine. There has been some discussion about how to make it work over a network, but it seems that for that you need the third-party hydroxide application: see https://www.reddit.com/r/ProtonMail/comments/czl56b/support_for_remote_bridges_on_the_same_network/

vascocb · January 15, 2021, 5:52pm

Like @eganonoa said needs to be in the same machine but at this moment does not support terminal configuration, you need a GUI.

I received an email from the Protonmail bridge team where they say they are already looking into implementing a headless version for Bridge in the future.

wisdomlight · January 15, 2021, 6:08pm

Hi @vascocb and @eganonoa
Thank you
Do you mind telling me if I got it right or not -

On my Nextcloudpi instance (which is on my RPi4 - which has no monitor attached)

Install the Protonmail Bridge Application
Attach a monitor to fire the GUI
Get the password generated by that GUI
Put that passwrod in the Nextcoud Mail App

vascocb · January 15, 2021, 6:26pm

Nextcloudpi does not have a GUI itself (like gnome or KDE). You can not use the GUI from the bridge.
Never installed one and and I prefer to stay without a GUI and wait for the Protonmail Bridge GUI-free version from Protonmail

eganonoa · January 15, 2021, 7:14pm

Actually that’s no longer accurate. You can build with no-gui and have it work perfectly. Indeed this is how I have it now on my Nextcloud machine.

It’s actually quite simple. To do the build you may need to install some dependencies (I needed golang and libsecret-1-0-dev). After that it’s just:

GitHub - ProtonMail/proton-bridge: Proton Mail Bridge application
cd proton-bridge
make build-nogui

And then you will have a proton-bridge binary built without a GUI and that you can run either run interactively ( ./proton-bridge -c) or without interaction so it can run automatically in future (./proton-bridge --noninteractive).

You absolutely do not need the GUI anymore.

eganonoa · January 15, 2021, 7:16pm

As per my comment below you can build with no gui. Absolutely no need for a GUI, the entire thing can be run headless, which will definitely help with performance.

eganonoa · January 15, 2021, 7:25pm

Having said that, re the fact that you can build and run bridge without a gui now, I do not think there is an Arm build for Protonmail Bridge. So I don’t think you will be able to do this with a raspberry pi.

vascocb · January 15, 2021, 7:53pm

What I said is the information I have and what I’m going to do.
I’m not a developer, IT professional or a technical guy.
Build something and mantaine (sorry for my english) I don’t understand doesn’t make any sense to me.
I will use the tools I have available and anyone else can choose what they want to do.
If you know how/want to build good for you, you will be better than me.

wisdomlight · January 15, 2021, 9:46pm

@vascocb and @eganonoa
Thank you both -
@eganonoa - Because I use RPi4 which is an ARM - I probably not able to have the Protonmail Bridge app.
Soon I may have my Nextcloud instance on a x86 at which time I will be able to install as you suggested.
Just one thing - how will i find the password from the Protonmail bridge without the gui?

vascocb · January 15, 2021, 10:15pm

Anytime.
Can not help with the password. I use the bridge only on a desktop.

eganonoa · January 15, 2021, 11:46pm

You basically just run the bridge in the terminal. The easiest way is to load it in interactive mode (proton-bridge -c) and then follow the instructions to log in. It’ll then give you all you need.

sohrabsa · August 6, 2023, 7:45am

I had the same issue with connecting protonmail bridge to Nextcloud and everytime I searched the issue online I would come across this post so I will post it here for anyone who wants to do the same (after you completely setup protonmail bridge with a password manager):

Basically you have to disable peer verification and allow local server.

to disable peer verification add this to Config.php

"mail_smtpstreamoptions" => array(
    'ssl' => array(
        'allow_self_signed' => true,
        'verify_peer' => false,
        'verify_peer_name' => false
    )
),

and then allow local server:

'allow_local_remote_servers' => true,

This lets you setup the SMTP setting and enable the Mail app.

for STARTTSL, you have to choose “None” as the Encryption, both in the Basic Settings and when setting up Mail application.

further reading: Email — Nextcloud latest Administration Manual latest documentation

Edit: Just to add here, I found this guide for Protonmail bridge very useful for setting the bridge up

gist.github.com

https://gist.github.com/githubcom13/2f30f46cd5273db2453a6e7fdb3c422b#file-protonmail-service

Protonmail.md

# Protonmail on Ubuntu 20.04 and Debian 10 server

#protonmail #debian #linux

## Before you start
Currently protonmail bridge for linux is distributed as part of an open beta program, but soon it will be made public (https://protonmail.com/bridge/install).

Consider that the bridge linux client requires a paid protonmail account to work.

## Get the protonmail bridge linux installer

This file has been truncated. show original

protonmail.service

[Unit]
Description=Service to run the Protonmail bridge client
After=network.target

[Service]
Type=oneshot
User=protonmail
ExecStart=/var/lib/protonmail/protonmail.sh start
ExecStop=/var/lib/protonmail/protonmail.sh stop
RemainAfterExit=yes

This file has been truncated. show original

protonmail.sh

#!/bin/bash

case "$1" in
  start)
    # will create an screen in detached mode (background) with name "protonmail"
    screen -S protonmail -dm protonmail-bridge --cli
    echo "Service started."
    ;;
  status)
    # ignore this block unless you understand how screen works and that only lists the current user's screens

This file has been truncated. show original

There are more than three files. show original