Mailpile post-installation tutorial

Ver. 2021-03-14 19:15:40 UTC (first preview release: 2020-10-06)   –   Based on Mailpile 1.0.0rc6
GitHub repository: https://github.com/greenpark-code/Mailpile_tutorial
Community: https://community.mailpile.is/t/mailpile-tutorial-for-newcomers/597

Disclaimers

If you want to jump hands-on on Mailpile, at least don't miss:

• this picture which could save you some time
• this frame with a very few important points

Introduction

Why Mailpile is so extremely interesting and what should be kept in mind while starting to use it.

Breakthrough

Mailpile is a wonderful email client available for Linux, MacOS and Windows.

I've been using Thunderbird+Enigmail during years by now, but Mailpile has winning features.

One of its most innovative and important characteristics is that it can very quickly search through encrypted emails without having to decrypt them. This breakthrough was implemented by mean of a search index.^[1]

Mailpile enables you to easily send and receive encrypted emails (believe it or not, despite all the info and caveats reported here LOL).

It keeps your settings and email messages encrypted in your local storage, optionally also the messages you received unencrypted. You don't need to keep your signatures in separate unencrypted files, easy to read for any intruder.^[2]

Mailpile interacts with the servers of your email service providers, copying emails and folders to your local storage.

Optionally, Mailpile removes your emails from the remote servers, not by default (although that would be the philosophy that the project leader recommends to embrace, keep your emails on your computer^[3]).

I still need to find clarifications on a few things, I'll mark them with this color and add "[needs clarification]".

Open issues

Non-issues to be aware of

• NOTICE: if you send an email to yourself from Mailpile itself, Mailpile won't show it in the Inbox, you'll only see it among Sent emails, despite the fact that by default Mailpile sends a copy to your account.

  (To yourself meaning: using Mailpile to send from one to another of the email accounts you have configured in Mailpile, or to the same one from which you are sending.
  You will see that email in Mailpile's Inbox if you have sent it from another client, e.g. Thunderbird, even if sent from one of the email addresses that you have also configured in Mailpile.)

  This can be confusing at first, but it actually makes it easier to handle your emails both in webmail and with Mailpile, while avoiding to see duplicates of all emails you send, despite having a copy on remote servers.
  (You can choose at any moment not to send a copy to yourself, and not to leave emails on remote servers.)
   
  JackDca kindly shared in-depth knowledge, it does not happen with any ISP:

  Regarding send(ing) an email to yourself from Mailpile, the behaviour depends on the ISP that you are using. Mailpile uses the Message-ID in the email metadata. Emails that have the same Message-ID are treated as duplicates and are not shown.
  Some ISPs replace the Mailpile-generated Message-ID of an outgoing email with their own, with the result that the received email will be shown in the Inbox.
  Other ISPs retain the Message-ID assigned by Mailpile so that the received email is ignored as a duplicate.

• When you add an email account and connect to its server, Mailpile by default starts downloading all emails in it, starting with the most recent ones, it doesn't at the moment offer an option to limit the synchronization to the last n days.
  It has been suggested on GitHub to implement the option to limit download to the last n days. The project leader answered explaining that it isn't straightforward to implement that feature without having to parse all emails, considering that certain servers do not maintain an index on date-time.
   
• I can't see pictures linked to remote storage embedded in emails, despite explicitly asking Mailpile to let me view those pictures.^[8]
  I think it isn't an issue but a render feature not yet implemented.
  There's an easy workaround: save the email and open it in your browser.
  It is actually the best thing to do, call it good practice. Your browser is what you use to surf the web with some protection against malign code, with your preferite plugins, and you might launch a completely separate session so an attack wouldn't directly arrive into your email client.
   
• I'll see if I can find a way to tell Mailpile "please do check right now if there are any new incoming emails".^[9] Often, when going online after some time offline, Mailpile with default source settings checks right away if there are incoming emails, but sometimes it doesn't. At worst, apparently, it's a matter of 5 minutes.^[10]
   
• I'll see if I can find a way to modify the format of a previously typed in e-mail address. For instance: I'm sending an e-mail, I type in the recipient's address, let's say info@somegroup.org and, after realizing that only "info" shows up (unless hovering the mouse cursor), I decide to type in a differently formatted address, for instance:
  • Some Group info@somegroup.org
  • "Some Group" info@somegroup.org
  but Mailpile will always reduce it to what I had typed before, showing just "info". [needs clarification]
   
• I'll see if I can find a way to change word wrap settings.
  • I don't always like the outcome of word wrapping (checking how my emails sent with Mailpile look in Thunderbird).
  • Saving a draft email implies wrapping. Retaking it, adding some text and sending can let the previous parts wrapped and the new one not wrapped.
  I'd like to be able to just switch it off. [needs clarification]
   
• Mouse hover hints in the GUI sometimes get in the way of mouse operations, e.g. when deactivating digitally signing one mail. Simply enlarging horizontally my browser window solves it (above there is mention of another reason for it).  
• I can't edit the text signature at the bottom from inside a new email (something Thunderbird allows).
  For specific recipients, I might want to modify my signature at the bottom, e.g. omit my cell phone number or PGP related lines.
  Apparently Mailpile obliges me to change the signature in the profile. [needs clarification]

• It's possibly good practice not to do anything else while Mailpile is permanently deleting emails. (Today I launched the delete command in the CLIto immediately delete various emails from my huge GMail setup, which was probably going to take a few seconds on this old computer, with fully encrypted index. So, after launching the delete command, I immediately started doing something else via Mailpile's the GUI. The GUI worked fine but I got a message in the CLI that the delete operation had failed. I launched it again without doing anything else and it went through just fine.)

Wish List

I might be adding a few items in the future, but for now this is quite a short list.

In lists of emails

• When the sender is one of the accounts I've configured in Mailpile, I'd like to see the recipient instead of the sender as a priority.
• I'd like to be able to switch to date-hour visualization always, yyyy-mm-dd hh:mm:ss (or without seconds), instead of "Friday" or "10 hours".

Encryption made easy for non-tech savvies

Mailpile can create and manage encryption keys for you, if you prefer, or it can use your own pre-existent keys.

Tags

Mailpile's GUI enables you to classify selected messages by a simple mouse-button click. Tags can work in two ways:

• categories (like folders)
• attributes (cross-folders groups)

Tags can also be nested one inside another. It is an extremely flexible tool to keep your messages organized.

From the CLI, it is also possible to tag and untag emails.
CLI + tags = a powerful mean to classify or trash or immediately delete huge amounts of emails.

Design

The GUI is beautifully designed, keeping functionality in mind. One of Mailpile creators is a real designer.^[12]

Easy installation and setup

The installation procedure was very quick and easy on Ubuntu Linux 18.04^[13], following the instructions on their website to add their repository.^[14]

Multiple email accounts

Mailpile can handle multiple email accounts, I'm not losing this important feature switching from Thunderbird.

Hands-on session

Again: I am using Mailpile 1.0.0rc6, which means the 6^th candidate to become release 1.0.0.

Here is a basic post installation startup tutorial.

When I started this tutorial, I would have liked to have more emails to test on already, but with Thunderbird I used to remove emails from remote servers. I enthusiastically wanted to make this tutorial anyway, because I know quite a few different groups of persons who would be glad to use Mailpile, for instance a few journalists, and a friend in a humanitarian non-profit organization that was needing something exactly like Mailpile, to make a transition towards better protection of their supporters' privacy and financial data, while staying compatible with their pre-existent email services and being able to search through encrypted emails.

Starting Mailpile

On Linux, I start Mailpile from the terminal window:

image 1

By default, Mailpile launches my web browser to be used as the Graphical User Interface.^[16]

Notice the URL: localhost:33411

"localhost" means that the web browser itself is connected to Mailpile which is running locally on my own machine, this browser tab does not connect directly to a remote server.

Mailpile in turn is connecting to the remote servers of my email service providers, if possible, or it is enabling me to work on my emails in local storage, while staying offline.

image 2

In the terminal window, you'll see that Mailpile also has a Command Line Interface (or just CLI).^[17]

This is the command I've used to tell Mailpile "please send now the emails which already are in the Outbox", when I was too impatient to wait during at most 90 seconds, which is the default interval for Mailpile to check if there are any emails in the Outbox:^[18]
sendmail<enter>

I can also access the Command Line Interface via the GUI, clicking the Settings and Tools gear icon in the upper right corner and then the <> CLI button. I prefer the terminal window, which gives me more lines visible at the same time. Both ways, however, I can scroll up to see previous output.

This document includes a section showing how to search and export emails or search and delete emails with the Command Line Interface.

image 3

Now let's go back to the GUI.

First-time setup

I'll choose my preferred language and click the Begin button.

image 4

I'm asked to type a password. Afterwards, the same password will be necessary to unlock the whole setup with my settings and emails.

It can actually be a passphrase made of various words separated by spaces. Mailpile itself suggests a sequence of words, I prefer to create my own sequence some of which modified from any vocabulary (avoiding obvious substitutions which would be part of hackers' dictionaries anyway), including uppercase and lowercase letters, numbers and special characters. After checking that no smartphone cameras or webcams are around, I write it down on paper first (no cameras around) and type it in afterwards, and keep the paper somewhere safe during the first few days. (The same when I change it.)

But you might have other methods.

Just don't lose or forget it!

image 5

image 6

After typing in the same password twice, I'm going to click the Set Mailpile Password button.

And I'm ready to go.

image 7

image 8

On my first login, I am guided through the few easy basic setup steps.

image 9

image 10

I scroll down...

image 11

My personal choice here is to change the above defaults as in the next picture, BUT you should read this note before deciding.

image 12

(Later, I've created a separate Mailpile setup with my GMail accounts (which I'd like to progressively abandon). Mailpile fetched some years of emails. My PC is not too slow for these settings, even with over 46k emails exceeding 14 GB.)

And I'll click the Save Settings button.

image 13

image 14

I'll type in the name I want to be displayed with this email address and the email address itself.

image 15

And I'll click the Next button.

image 16

pub   rsa4096/0xA4A928C769CD6E44 2015-01-06 [SCA] [expires: 2021-01-19]
      734A3680A438DD45AF6F5B99A4A928C769CD6E44
uid                   [ unknown] Glenn Greenwald <Glenn.Greenwald@theintercept.com>
uid                   [ unknown] Glenn Greenwald <Glenn.Greenwald@riseup.net>
uid                   [ unknown] Glenn Greenwald <GlennGreenwald@firstlook.org>
uid                   [ unknown] Glenn Greenwald <Glenn.Greenwald@firstlook.org>
sub   rsa4096/0x30B33AC842F37B85 2015-01-06 [E] [expires: 2021-03-05]

gpg --edir-card
admin
help

unblock

quit

firefox -ProfileManager -no-remote -new-instance "$@"

firejail firefox -ProfileManager -no-remote -new-instance "$@"

Back to our hands-on session

As I've chosen for this tutorial to let Mailpile create and manage my keys, I won't have to type the keys passphrase (and/or touch any sensor button on a hardware device).

Accessing an email account

I'm ready to type this email account password, the password I normally type in when accessing my emails in this account.

By default, Mailpile temporarily remembers this password, so I won't have to type it in again during this session.

The drop-down menu (call it listbox if you prefer) where you can read "Unlock Account" enables me to choose other behaviors. I could prefer to let Mailpile permanently remember my password for that account (and possibly in the future easily tell it to forget it, Incoming Mail settings | Forget password.

image 17

I'll type in my password, I'll leave the default behavior "Unlock Account" and I'll press the button.

More accounts

I get to the following screen, where the + Add Account link enables me to add as many accounts as I need.

Here I have already added a second account.

Basically, for each account, I had to:

• type in the name and email address of the account
• choose the type and management of encryption keys
• type in the password I always use to access the account

With Vivaldi (vivaldi.net), I didn't have to modify any settings from what Mailpile had been suggested by Vivaldi's autoconfig server.

See below for Google Mail.

image 18

The four icons below the small gear labeled Settings allow me to access the account settings.

• Incoming Mail settings (can also add/disable/enable email sources for the specific account, here is how to come back to these settings at any moment, hence to the following ones too)
• Outgoing Mail settings
• Security settings, including keys
• Profile, including a short text usually called "signature" which I might want at the bottom of my emails (not to be confused with the actual digital signature which guarantees that I'm the author of the message and that the message itself hasn't been altered)

I don't need to modify anything now, as the default settings and the ones guessed by Mailpile are just fine for me. I can omit pictures, so this tutorial won't appear unnecessarily (even more) long and scary.

Copy of the remote folders structure and content is accessible in the sidebar

Notice, in the lower right corner of the above picture, that I mistyped the password of one of the two email accounts I've added.
In fact, in the sidebar on the left I have the copy of the remote folders structure of one account only.
No problem, by clicking the please login link under the notification I will be able to type the password again.

We'll see below how to change the order of the elements appearing in the sidebar.

After typing in the correct password:

• the "Invalid username or password" error is no longer there
• in the sidebar on the left I now have the copy of the remote folders structure of both the accounts I've added so far.

image 19

I'm going to click the Inbox link in the upper part of the sidebar, just below Drafts.

Now, back to my Mailpile setup for this tutorial.

Here's my local Inbox.

Moving emails to the trash

I have four lines saying "(Subject not available)".
This is because I don't have the keys with which those messages were sent.^[36]

Let's move those emails to the trash.

image 20

Simply:

1. select the messages by marking their checkboxes on the right
2. click the Trash icon

This is common practice in the interface of various webmail services.

The following tasks are all very easy in Mailpile:

• enabling definitive deletion of emails
• emptying the trash
• immediately and permanently delete a specific message which is out of the trash or in it
• setting a lower number of days of permanence of emails in the trash before automatic definitive deletion (the default is 91 days)

You'd better understand the instructions after reading other parts of this tutorial, but you can jump directly there now if you need to.

image 21

After sending those messages to the Trash, we want to better organize our emails.

Using tags

As mentioned above in this tutorial, Mailpile allows to classify messages with tags.
Each tag can work either as a category (like a folder) or an attribute (cross-folders, possibly assigned to emails of different categories).

Creating a tag

TIP: To create a new tag, we click the + Add link in the lower left corner.

In the first section of the tag settings, we can type in the tag name, change its color by clicking on Color, and by clicking the tag icon at its left we can also assign an icon to our new tag.

image 22

I'll leave to you the pleasure to discover all the icons, their design is very nice, actually I wish there were more icons.^[37]

We'll see below in this doc how to use attributes and nested tags.

I'll type Reddit as the tag name and choose the red color for it. I'll leave the other settings in this section as per defaults:

• Show in sidebar
• Show in search results

image 23

Here's my newly created tag, in the sidebar on the left.

image 25

Moving emails to a tag

To move emails to a tag:

1. after selecting at least one email by marking its checkbox on the right
2. my tags appear in the upper toolbar (unless disabled, see above), and I can click the desired tag in the upper toolbar.

image 26

I'm going to do it now and move that email to the Reddit tag.

Done. As it was an unread message, we now see "1" aside the Reddit tag.

TIP: Numbers aside an email account or tag are telling us how many unread messages are contained there.

TIP: lines of unread messages appear in bold.

image 27

I'll click the tag in the sidebar on the left to see its content.

image 28

The message is there, as expected. It is in bold, meaning it's actually still an unread message.

I'm clicking Inbox almost at the top of the sidebar to go back to the local inbox.

I want to create new tags for the remaining messages, I'll click the + Add link in the lower left corner.

image 29

Here you can see that I have created another tag, Syria, and I'm moving various messages to it.

image 30

Organizing Your Sidebar

This doesn't seem to work with nested tags. [needs clarification]

We'll see later in this document how to edit tags settings.

Two unread messages are now in the tag Syria.

image 31

I notice that I have two more emails from Reddit left in the Inbox, I'll move them to the Reddit tag as well.

image 32

One of the two was an unread message, which added 1 to the counter of unread messages in the Reddit tag-category.

image 33

I'm going to click the Reddit tag in the sidebar to check its content:

image 34

Look in the above picture at the search engine input field after clicking on the tag in the sidebar, in this case we read "in:reddit".

What we see after the ':' character is the tag keyword ("all:mail" is an exception to this format).

We don't see it when creating a tag, it's automatically added by Mailpile according to the tag name, but we can see and modify it later by editing the tag settings, and actually we want to keep it matched to the tag name and change both accordingly, in case, so we don't get confused when searching in the CLI.

(We'll see later that we can use what we see in the search engine input field after clicking a tag to search with the CLI, e.g. search in:inbox<enter>. Then we can export emails, delete, tag or untag them...)

Editing tags settings

We have seen above how to modify the order of the elements in the sidebar.

This document includes a section showing how to search and export emails or search and delete emails with the Command Line Interface.

And I'm already back to the inbox with another tag created (Ereticamente is a literary blog hosting various authors), moving a message to it:

image 35

And the following picture shows what's now left untagged in my local inbox, after also moving the message from Mondiaspora to the Diaspora tag.

Logout + shutdown or directly the latter

If I want to exit from Mailpile, I can either:

1. logout from the GUI then shutdown from the command line interface
   or
2. go to the settings view and directly click the Shutdown button (we'll see it just below here)

Here's the first method, I can click the logout button, the one with the 0/1 icon by now "universally" meaning ON/OFF...

image 36

... then in the command line interface q and of course the <enter> key

image 37

If after Mailpile completes its shutdown the terminal prompt appears but not the blinking cursor, I can either:

1. blindly type reset and of course the <enter> key
   or
2. ctrl-d to just close that terminal tab or window

image 38

Here's the second method. We can go to the settings by clicking the gear icon near the upper right corner of the GUI...

image 39

... and while we are here, we can click the Backup button before leaving.

Backup of Mailpile settings

(Also notice the Password button, enabling to change the Mailpile password.)

image 40

My web browser tells me that it has a file for me (just like when I download a file from a remote server, but here the file origin is local).
I choose to save it.

image 41

I'm going to check if the file is now in the ~/Downloads folder, which is where Firefox is configured to save files on my PC.^[39]

image 42

The file is actually there.
Its contents are encrypted. However, you never know... I prefer to store it away.

NOTICE: I have restored my previous Mailpile setup.^[40] And a few more days have passed.

Tags as attributes

We have already been using tags.
As promised at the end of that section, here are attributes.

One of Mailpile's icons is a star icon.
I could use it for an Important tag-attribute if I wanted to keep this aspect as in Thunderbird.
Then, clicking this tag in the sidebar, I'd see all the emails I've tagged as important, possibly belonging to various tags-categories.

• I have created an Important tag-attribute
• I have created an Interesting tag-attribute

I'm going to click the latter in the sidebar.

image 43

Those emails clearly belong to various tag-categories, or if you want, to various folders.

I think we can create as many tag-attributes as we need. [needs clarification]
However, if we need to see them in the tool bar in order to use them from the GUI, then there is a practical usability limit to the number of tags we can create, at least for now.
Using a greater number of tags from the CLI should never be a problem, though.

Let's open the tag settings dialogue by clicking the small gear icon or its label Edit, above on the left, below the search engine input field.

In the Technical Settings section of the tag configuration, you can see that Behave as attribute is selected.

image 44

Nested tags (subtags)

I have now created two tags nested in the Reddit one.

(Actually, in this moment I am simulating that I have a use case for subtags.
In reality, each one of those emails contains notifications from various groups. I'll delete those subtags later.)

NOTICE: subtags can have a different color from their parent.
I chose the same on purpose.

I'm going to click each subtag in the sidebar, and then their parent.

image 45

(We see that some of the emails above have been tagged with the Interesting attribute, one has also the Important attribute.)

image 46

And here's the parent tag content, we see the emails contained in all its subtags:

image 47

For the emails above, inside the parent tag, the subtags icons now appear as if they were attributes.

Here, I have actually left them configured as categories.
Below, I'm also changing them to attributes.

Let's see the settings of one of the subtags:

image 48

image 49

(Tag Automation)

I'm also showing you the Automation section, which I'm not using in this tutorial.

It should enable me to establish an action which would automatically take place a certain amount of days after tagging an email, choosing among:

• Remove from this tag
• Move to Inbox
• Move to Trash
• Delete e-mails

Below is the default setup: disabled.

image 50

Removing tags from emails

Here are a few ways to remove tags from emails:

• See the picture below: hovering the mouse cursor on an email tag reveals a contextual menu through which we can edit the tag or remove it from that email.
• When you select one or more emails by marking their checkboxes on the right, the rightmost icon in the upper toolbar enables to completely untag that email.
• The CLI enables to very quickly remove and add tags.
• Of course, moving one or more emails from tag A to tag B removes tag A from them and adds tag B.

image 51

After clicking the Interesting tag in the side bar, I see that its content now looks a bit different from before:

image 52

If I wanted to also see the parent tag here, I could have set the subtags as attributes instead of categories.

Here's the result (it's a matter of preferences, comparing the following with the previous picture, I prefer how it looked before, when these subtags where categories):

image 53

Let's see what the content of those subtags looks like now:

image 54

image 55

Again, I prefer how it looked when the subtag was a category.

I have clicked the Inbox link almost at the top of the sidebar and I see that I have no untagged messages.

Composing and sending an email

Now I'd like to compose and send a message. I'm going to click the pen icon above towards the right.
In this case, in my Inbox completely empty, I could also click the Compose a message button.

image 56

Here's the compose message dialogue.

image 57

I've selected from which account I'm sending, I've typed in the recipient address and I've written something in the message body.

When hovering the mouse cursor on the recipient, a contextual menu appears.

image 58

Out of curiosity, I'll click the Show Encryption Keys link.

NOTICE: this is not a necessary step, I could click the Send button right away.

image 59

There is some ongoing activity...

... now finished.

image 60

I'll close this information window by clicking the x in its upper right corner, then I'll click the Save button to save the message as draft or the Send button to send it.

And this is all for now.

This tutorial is far from what I'd like it to be. Had I started out with more time available, I would have possibly ended up having less afterthoughts leading to much more time being put into it than reasonably available at the moment, and getting it out better.
But here it is.

help

output text

output json

output html

output text

export all

export 2,7-9 <enter>
Elapsed: 0.208s (export: Exported 4 messages to mailpile-1602723517.mbx)

{
    "created": "mailpile-1602723517.mbx", 
    "exported": 4
}

Elapsed: 0.002s (search: search)

  1   Reddit               "A more complex take on the b  (Important)22 hours
  2   Reddit              *"Hi, i tried to make a message with a one   Monday
  3   Reddit              *"[D] How do I encrypt and decrypt a messag  Sunday
  4   Reddit               "How to tell how an encrypted message wa  Saturday
  5   Reddit               "S/MIME SSL Question"                       Friday
  6   Reddit               "PLONK by Hand (Part 1: Setup)"           Thursday
  7   Reddit               "A Year and a Half of End-to-End Encryptio  Oct 06
  8   Reddit               "someone give me this code but i don't hav  Oct 05
  9   Reddit              *"I have a quite interesting code that a fr  Oct 04
 10   Reddit              *"What is the connection between stream cip  Oct 03
 11   Reddit               "ccrypt alternative for windows (without c  Oct 02

Elapsed: 0.012s (search: Found 3 results in 0.012s)

  1   Reddit                  "ccrypt alternative for windows (without cygw..."  Oct 02
  2   Reddit                 *"[D] How do I encrypt and decrypt a message u..."  Sunday
  3   Reddit                  "A more complex take on the braille  (Important)Wednesday

o from

o subject

search in:trash`  
delete all

search in:trash

search your keywords

delete 3,10-15

s some words
tag +trash 1-2,5-13

s in:drafts
tag +trash all

s in:trash
tag -trash +drafts 97-103

gpg -k

gpg -K

gpg -a -o pubkey.asc --export myemail@addr.ess

gpg -a -o secretkeys.asc --export-secret-keys myemail@addr.ess<enter>

gpg -a -o secretsubkeys.asc --export-secret-subkeys myemail@addr.ess<enter>

gpg --import filename

gpg -o toX.tar.gpg -u me@airg.xxx -r x@airg.xxx -s -e toX.tar

gpg -a -o toX.txt.asc -c toX.txt

gpg -a -o toX.txt.asc -u me@airg.xxx -s -c toX.txt

gpg -o toX.txt -d toX.txt.asc

gpg -o myFingerprint.txt --fingerprint my.email@addr.ess

gpg --homedir relativePathToReplacementGnupgFolder --whatever-options-and-command

gpg --homedir /media/myuser/ENCR_FLASH/somepath/.gnupg_withMoreSecretKeys -K

NOTES

1. The search index itself can optionally be totally encrypted as well.

   The Security and Privacy Settings page warns with the word "slow" about this choice, and actually the default would be partial encryption of the index.

   I've chosen to cope with the additional time. Here's the lower right portion of the GUI with my second "real" Mailpile setup, which includes two GMail accounts with many years of emails (and spam, which I'm going to be able to move to the trash, or directly permanently delete, much faster in Mailpile than via webmail, while I've used webmail to delete all emails from GMail servers):

   image 60b
   

   Searches can actually take much less time than that, and a repeated search even goes down to 0.001 seconds.
   

   So, what might become slower with full search index encryption?
   (As far as I can speculate at the moment, of course. [needs clarification])

   I'm not sure that what follows is actually related with the full encryption of the search index, but I suspect so because I don't see anything else slow.

   • The first login after starting up Mailpile, with over 46k messages, now takes over 45 secs on this old computer (it would take considerably more on a Raspberry PI4).
     It takes 2-3 seconds in my other non-GMail setup, which has less than 300 messages because the previous ones are all in Thunderbird.
     You can not use Mailpile from the CLI or the GUI before having made at least one login after startup, which can be done in the GUI or in the CLI with the command: login<enter>
     • If you log in via the GUI, you'll also be able to use the CLI.
     • If you log in via the CLI you'll have to type your passphrase again in the GUI in order to be able to use it, hence you may want to login directly in the GUI (unless you are staying with the console alone).

   • After logging out from the GUI without shutting down Mailpile, logging back in is "instantaneous" after typing your passphrase, as is logout.
     Shutdown, on the other hand, occasionally took up to 2-3 minutes on this old computer, even on my non-Gmail setup with less than 300 emails, so don't plan on shutting down and leave home in a hurry, do it with some anticipation.

     In the CLI, part of the answer to the help command is:

     cleanup                       Perform cleanup actions (runs before shutdown)

     I guess that's the reason why shutdown can take some time (possibly a bit more because I've opted for a strong encryption of the search index).

   • It took 3-4 minutes on this old computer to permanently delete at once many (2500+) conversations from the Trash, in my Gmail setup which had more than 46k emails (done with the CLI of course).

   • A "timeout" problem, with a 25.9 MB email containing various pictures, might have been related with the choice of full-encryption for the search index.
    ↩

2. "Signatures" is the common denomination for a few lines of text that you might want to automatically be added at the bottom of your emails (of course it's not about digitally signing emails). ↩

3. Video: Bjarni Einarsson: Mailpile
   From this video, I'd also say that the design philosophy was not that of a "touch and go" e-mail client, but more a process running all day long, keeping things synced, while the user would login in the GUI once in a while. I'm rather using it "touch and go", taking into account that startup and shutdown can take a few seconds to a few minutes. ↩

4. How to reach the "Incoming Mail" settings:
   • click on the Inbox tag in the sidebar
   • in the upper left corner of the GUI click the envelopes icon
   • specifically for the Incoming Mail settings, click the "ethernet + arrow down" icon^[5] for the account which "Incoming Mail" settings you want to modify (right below the small gear icon labeled Settings).
   Some of the settings in this section are:
   • Forget password
   • Leave mail on server
   • Copy all mail and add to search engine
     I haven't tested what happens disabling this one when creating the account, possibly new incoming mails are fetched and not pre-existent ones, but I'm just wondering, I'll have to try [needs clarification]
   • Enable this mail source ↩

5. The color of the "ethernet + arrow down" icon changes, green if the last connection to the incoming mail server succeeded, red if not, and possibly gray – apparently not always – if Mailpile has been offline during some time and is now simply trying to connect to the incoming mail server each n seconds (300 seconds the default interval). [needs clarification]
   By hovering the mouse cursor on the icon, a hint-formatted message appears telling what the situation is. ↩

6. Open the Incoming Mail settings and mark the checkbox labeled Add New, a new section will appear immediately, start by the dropdown menu where you initially read "None", there you choose the connection protocol and immediately more input fields will appear. You can copy the same settings as the first source if the symptoms where simply anomalous, or you can type in alternative settings if you got them from the account provider or the related support forum. Before saving, remember to disable the previous source by "unmarking" the Enable this mail source checkbox ↩

7. I'd look into it (I did very little coding in python in the past but it doesn't seem more difficult than other languages I've worked with... Mailpile, though, is probably a rather complex project requiring some time to dig into it). But I have stormy weather incoming, meaning that I must relocate and outgoing money is going to be multipled by n, which means I'll have less time to work for free. Before, I hope to be able to finish prioritaire ad honorem ongoing works (actually, I've given priority to this tutorial despite a friend's recommendations). ↩

8. These options appear in a small frame with an eye icon, on the left in the message body area. You can see that frame in the lower left fourth of this image and the one which follows it:

   This message references images or other content from the web. Downloading and displaying these images may notify the sender that you have read the mail.

   Okay, display the images
   Always display images from this sender
   No, thanks! ↩

9. Without having to configure a smaller value for the "interval" setting. ↩

10. The default setting is keepalive activated. Apparently, after a certain amount of time offline, Mailpile switches to another mode, just trying once each n seconds, being 300 apparently that value.
    Disabling keepalive and setting an interval of 300 seconds between connections is mentioned in an issue report mentioned above, which links this page explaining how to see all settings and how to modify those settings via the set command.
    You can use the unset command, identifying settings the same way, to restore default values.
    By default, interval = 300 appears to be commented out. I guess it's still a default behavior in case keepalive has not been possible for a while. After having been offline for hours, I'd expect the 300 seconds to have elapsed. Maybe what's not easily detectable in a way that would be portable to different platforms is that the computer is back online without actually trying to connect, in lack of which possibility the philosophy might have been to stop trying on and on. [needs clarification] ↩

11. You'll think "if your keystrokes are being recorded, your Mailpile passphrase is compromised as well". Well, I've come up with a method to raise the bar just a bit, but publishing the trick wouldn't be the best security policy. Not knowing if my keystrokes had been watched before I came up with it, I've changed the Mailpile password afterwards.
    Absolutely secure now? Of course not, I'm simply progressively learning good practices to raise the sophistication level that an attacker should have to succeed. ↩

12. As you can see in the already mentioned 2013 Video Bjarni Einarsson: Mailpile. ↩

13. Yes, I've read rumors about Debian (hence derivatives like Ubuntu) having been infiltrated by the NSA. I've been considering moving to another distro with no specially made kernels (and no plans about making auto-update, update-at-any-moment-without-asking, a characteristic of the next major release, although I admit that I haven't been following the matter since reading a very long Reddit thread with plenty of users preliminarily complaining about that), they might have decided to add an auto-update ON/OFF switch.
    Which Linux distributions would be more secure and still allow to easily run plenty of software available over the Internet? ↩

14. There is a second package, to have Mailpile act as a server for connections from other machines. I've only installed the first package for now. If you want to also test the second one, be sure to read the developers' warnings about security still needing to be checked out and possibly improved. (If you don't need a "real" Apache style server, I think there shouldn't be any problems setting an SSH tunnel from another machine and running the web browser on it, not even X forwarding should be necessary, and on the other machine the port number might be a different one.) ↩

15. You can simply keep different Mailpile folders to have various completely separate setups that you will use one at a time. In Linux you don't even have to rename or move the folders, which could become confusing. You can create a symbolic link to the folder you want to use, making it accessible as ~/.local/share/Mailpile/
    You can put the commands to switch among your setups in one or more bash scripts, which would preventively test pgrep mailpile and exit with an error message if you are trying to switch while Mailpile is running. For instance:

    procName=mailpile
    
    procID=`pgrep -x "$procName"
    if [ "$procID" != "" ]
    then
        echo ""
        1>&2 echo "***** $procName process running (PID $procID) - NOT switching *****"
    else
        ...

    and it deletes your symbolic link and creates another. My own script also checks what the situation is, folders and link found or not found, before doing anything, just in case there were any unexpected problems left previously. ↩

16. This behavior can be modified in the settings. You might prefer to open you browser by yourself, or use a previously open instance of it. ↩

17. The above mentioned video Bjarni Einarsson: Mailpile, starting at 18 minutes, demonstrates that this console offers a tremendous power for advanced users, even a python shell if you enable it with the following steps:
    1. Settings (gear icon in the upper right corner) | Preferences | "Enable developer-only features" => On and click Save Settings
    2. Settings again | Plugins, click on the new button you should now see, labeled <> Enable: hacks
    3. Now you can access the python Command Line Interface, by typing this command in Mailpile's CLI:
       hacks/pycli
    Notice that the setting mentioned in the first step, Enable developer-only features, is in the Danger Zone. That's because you can do a mess if you don't know what you're doing, or you do know but make a mistake. ↩

18. This command shows scheduled jobs:
    cron<enter>
    Here's the result I'm getting (notice the line starting by "sendmail"):

    Elapsed: 0.001s (cron: Displayed CRON schedule)
    
    Background CRON last ran at 2020-10-26 22:30.
    Current schedule:
    
     JOB                     INTERVAL LAST RUN         NEXT RUN         STATUS
     retrain_autotag            86400                  2020-10-27 05:03 new
     save_search_history          900 2020-10-26 22:26 2020-10-26 22:41 ok
     gpl_optimize                  30 2020-10-26 22:30 2020-10-26 22:30 ok
     rescan                       900 2020-10-26 22:24 2020-10-26 22:39 ok
     sendmail                      90 2020-10-26 22:29 2020-10-26 22:30 ok
     refresh_command_cache          5 2020-10-26 22:30 2020-10-26 22:30 ok
     save_metadata_index          900 2020-10-26 22:25 2020-10-26 22:40 ok
     tag_automation             28800                  2020-10-27 01:39 new
     motd                        3600 2020-10-26 22:29 2020-10-26 23:29 ok

19. Our "normal" everyday emails should all be encrypted. For years, I've been seeing blogs on the web recommending to encrypt every email, even "let's go for a picnic". It took me some time to understand why, being "I've nothing to hide" the first thought we all have. One of various good reasons is to help journalists who need to protect their sources. Epistolary secrecy, right to privacy, is a fundamental ingredient of any democracy.
    Aleksandr Solzhenitsyn, despite being a brave officer, went through various years in a gulag because he privately wrote to a friend criticizing how Stalin was leading war.
    Today, NWO-controlled governments are apparently trying to push in the same direction, as per Trilateral Commission statements about correcting an "excess of democracy"... ↩

20. Mailpile will show you the passphrases for the keys it is managing for you, in exchange for your Mailpile login password:
    • move away or phisically cover all webcams and smartphones cameras around
    • if you don't see an icon with colored envelopes in the upper left corner of the GUI, click the Inbox tag in the sidebar
    • click the envelopes icon in the upper left corner, you are now accessing a page with your accounts settings
    • click the small lock icon of the account of which you want to see the keys passphrase
    • type in your Mailpile login password
    and you'll see the passphrase that Mailpile uses to unlock that account secret keys.
    If Mailpile is using the GnuPG keyring, you'll be able to export using gpg on the Linux command line (or the Windows cmd window, I guess). The section about GnuPG mentions exporting secrets from the keyring, but there are also many good tutorials on the web. ↩

21. Mailpile developers already have a draft for an evolution of SMTP, just great. ↩

22. Was this one? I know it wasn't, but how would you know? LOL this reminds me of certain spy movies where nobody can trust anybody. ↩

23. I went to one of many key servers out there and as search string I typed Glenn Greenwald.
    Each one of this servers may not always be up and working correctly. If you get errors like "Bad Gateway" when clicking on a key ID to actually get the key, you may want to wait a few seconds and retry. If you have the hexadecimal key ID, it is also possible to import directly into gpg, for instance in this case:

    gpg --keyserver keyserver.escomposlinux.org --receive-keys 0xA4A928C769CD6E44

    (Of course you would replace the server URL and key ID.) ↩

24. I've read that at first Greenwald was deeming as too complex the security procedures that Snowden was asking from him. He was later convinced by Laura Poitras, the author of the documentary Citizenfour (2014). ↩

25. Months ago I would have added: "... and because by default GnuPG on Tails adds to the randomness more entropy created from keyboard and mouse events". But I have recently created keys on Ubuntu (ver. 18.04.5 with GnuPG ver 2.2.4 and libgcrypt 1.8.1) to simply check the syntax of a few commands I've added to the gpg appendix, and it's quite possible that the random generator was waiting for such events while giving out small chunks of the output sequence of the required size. ↩

26. It can actually be an alphanumeric passphrase up to 127 characters long, if the information I recollected is correct. ↩

27. As far as I can tell (I haven't dug): you are asked the PIN each time you use another subkey, or if many hours – possibly configurable – have elapsed since the last time you used that subkey (I don't know if keeping using it would extend the grace period indefinitely). For instance, if you have typed in the device PIN to sign something, you have only unlocked the use of the signing subkey. If right afterwards you want to use another subkey, e.g. to decrypt, you'll be asked the PIN again. After having enabled each function, the device can stay ON for quite a few hours – if you wish so – and later perform more such operations only requiring your touch on the sensor button. ↩

28. With up to three subkeys, which means that it could also be used to authenticate in SSH connections, but as I just said, it can only hold one PGP credential (it can hold up to 25 credentials or infinite number of credentials of other standards of which I'll use zero to three credentials at most). ↩

29. It contains a microcontroller who is supposed to do all operations. I want to believe that these devices are so highly audited and kept under observation worldwide that putting a backdoor into them would be highly risky for who did it, legally and not, and for a whole lot of countries by now. Yubico however, if I've read correct information, admitted some kind of vulnerability of a "FIPS" series which was actually supposed to have some stronger US Federal certification, and retired the vulnerable model replacing it for customers. ↩

30. It is good practice to check sensitive software you download with the developers' signatures.
    In this document you have an appendix with examples of GnuPG usage on a Linux terminal command line, also showing how to create and verify detached signatures.

    As it has already been reported, in case any piece of software coming from Yubico has been signed with a key which hexadecimal ID you don't find on their Software Signing page, you can search for that ID here https://keys.openpgp.org/ where you should find a primary key ID and a name. Then, you check that the name and key ID are actually listed on their Software Signing page. (Maybe Yubico staff will improve this aspect of their website as suggested in that GitHub issue and you won't have to lose extra time when verifying any of their signatures.) ↩

31. Actually, if you forget to switch on the HUB slot before trying to use the Yubikey, you are normally simply invited to plug in the device. So far (about 40 days of everyday usage), only twice I went into a bit of a trouble and kept getting errors from GnuPG after switching the slot on.
    In case, try unplugging the HUB from your PC and plugging it in again (or plugging the Yubikey into a non-HUB USB port, using it once, then back to the HUB, but I think the first one is the way to go, at least on this Linux PC). ↩

32. If you forget to make secret keys available before opening an encrypted message, Mailpile might later remember that it had no suitable secret keys to decrypt it, despite the fact that afterwards you might have made those keys available and sometimes even despite having shut down down and restarted Mailpile. In case, try moving that message to another tag (and back if you need). Once, so far, that has not worked here.
    (Opening the Security settings of that account and pressing the Save button – after checking that the correct key was appearing – didn't solve it either.)
    But I was able to decrypt that email again – and see it "green" again – minutes later after sending another email using the same secret keys. ↩

33. I find it interesting to analyze and progressively adopt better habits (keeping in mind that our devices and OS'es are so insecure), as if I were handling something worth anybody's efforts to steal or alter, like industrial or military secrets, or the communications of a congressman or minister.
    The more I know, the more I'm convinced that you're never too paranoid.

    Just consider:

    • Kleptography, developed above, while here we can elaborate on:

    • Radio communications. Here are a few lines from "The Perfect Weapon (2020)" (in my opinion an interesting piece of Russophobic Chinophobic Iranophobic propaganda, possibly manufactured by the Deep State / NWO powerful media producing facilities, with a limited hangout when it recognizes "we started the cyber war"):

      At about 3min44s, telling about the StuxNet computer virus:

      John Hultquist: the plan was a piece of malaware would be delivered into the industrial control systems running the Iranian nuclear program.

      Michael Riley: this network was air gapped. In other words, it's not connected to the internet. So you had to have ways in which the code could jump onto those computers.

      Sanger: there's still some mystery about exactly how this code made it from the nsa and the israeli cyber unit into the natanz plant.
      There are many ways, including slipping in a usb key.
      But we also now know that the NSA had designed a brilliant small system, about the size of a briefcase, that could work from six or seven miles away, beaming computer code into a computer that had been set up with a receiver chip.
      And that device could be used not only to put code in, but later to replace it and update it.

      Hultquist: once they got in, the code started unlocking itself, and it started two major tasks.
      The first one was to record everything that the operator would be saying, and essentially, put that on a loop.
      So that every day, when the operator came in to work, everything would look just fine.
      It's sort of like a classic heist movie where the surveillance video is run on a loop, and the guard never knows what's actually going on. While at the same time, somebody's breaking in and stealing something.
      The iranians were thinking the whole time that they're making progress, that they're moving towards their goal, when in fact, these systems are deadlined.
      Because the second task for the code was to take the centrifuges and break them.

      At about 1h15m50s, telling how they analyzed photos found hacking a chinese PC:

      There was a picture of this big white building behind him, that had huge antennae dishes, had reflective coating on the windows, that would prevent signal interception.

    As for the question "am I being too paranoid?", apart from radio waves, I had already mentioned a blocked Yubikey PIN and a firejailed Firefox instance engaging a USB flash drive. ↩

34. Apparently, the hardware of USB ports is too flexibly reprogrammable, it can be used to steal information (maybe it's more difficult with encrypted USB volumes). Such attacks go under the common denomination of "bad-USB exploit". ↩

35. Actually, when first adding the GMail account into Mailpile, I also wanted to test disabling since the beginning "Copy all mail and add to search engine" in the Incoming Mail settings.

    What happened? I could send emails through GMail SMTP server, but Mailpile wasn't fetching any, not even if I sent new emails to that account.

    Immediately after enabling "Copy all mail and add to search engine", the (large) structure of my remote folders in that account appeared and Mailpile was fetching emails. ↩

36. Actually I do have those keys, but not in the gpg keyring I'm using at the moment: I sent those emails to myself earlier today with my previous Mailpile+gpg setup. For this tutorial, I wanted to restart from scratch, so before launching Mailpile from the terminal window I did what follows:

    mv -i ~/.local/share/Mailpile ~/.local/share/Mailpile_renamedToRestartFromScratchForTheTutorial  
    mv -i ~/.gnupg ~/.gnupg_b4_tutorial  
    install -d -m 700 ~/.gnupg  
    gpg -k

    You don't need to do this now, I'm just detailing this possibility of easily switching to/from another entire Mailpile setup (without having to switch to another user on your computer) because it might be useful to you.

    I guess Windows users should also be able to rename the corresponding folders.

    I'll restore my real Mailpile/GnuPG setup later. ↩

37. I don't know if it's possible to add icons without having to modify parts of Mailpile. [needs clarification] ↩

38. How did I learn that?

    By clicking a "learn" link about that when Mailpile kindly offered it to me in the notifications box:

    Mailpile lets you organize your mailbox the way you want it to be.
    You can start customizing your experince by rearranging the sidebar on the left.

    • In the bottom left, click: Organize.
    • From here you can click and drag any of the tags (Inbox, Outbox, etc.) up or down to change its order in the sidebar.
    • To customize each tag individually, click on one of the gears next to any tag.
      • Under Tag Settings you can change the name and color of a tag as well as where it's located and if you want it in your searches.
      • Under Technical Settings you can make sub-tags so that they're more organized. For example:
      • Receipts
        • Bills
        • Groceries
        • Personal
        • Work

    Stay tuned for more helpful hints to guide you in customizing your Mailpile! ↩

39. Off topic: ls -l Mailpile* would have been a more strictly appropriate command, since the -a option is only needed to also list files which names starts by a dot, otherwise "invisible" (apparently, I've made a habit of checking them out as well). -l shows the file size (and permissions). ↩

40. Here is how I restored my previous ~/.local/share/Mailpile folder and my previous ~/.gnupg folder.

    mv -i ~/.local/share/Mailpile ~/.local/share/Mailpile_createdOnlyForTheTutorialWillDeleteSoon  
    mv -i ~/.local/share/Mailpile_renamedToRestartFromScratchForTheTutorial ~/.local/share/Mailpile  
    mv -i ~/.gnupg ~/.gnupg_onlyForTheTutorialWillDeleteSoon  
    mv -i ~/.gnupg_b4_tutorial ~/.gnupg

    You don't need to do this now, I'm just detailing this possibility of easily switching to/from another entire Mailpile setup (without having to switch to another user on your computer) because it might be useful to you. ↩

41. Yes do I realize that the familiy name of the author is not the most reassuring part of the tutorial LOL, in this context it looks like a nickname of somebody playing mind games with his readers.
    And you have probably already read about certain perplexities, here and here, which for now I've chosen to resolve opting for RSA4096 while awaiting for practical applications of upcoming results of research on post-quantum cryptography. ↩