Geary

Geary is a free and open source (Software Libre) lightweight email client designed for the GNOME desktop. Its interface is based on conversations, so you can easily read an entire discussion without having to click from message to message. You can download it here: Geary download

Add your Riseup account

Geary currently only supports IMAP accounts. On first start you are asked to create a new account:

  1. For Service choose Other
  2. Enter a name and your Riseup email address
  3. Set the IMAP server mail.riseup.net, leave the port at 993. If you want to connect via Riseups Tor service, see below.
  4. Enter your Riseup username and password
  5. For IMAP and SMTP choose SSL/TLS Encryption
  6. Set the SMTP server mail.riseup.net, leave the port at 465
  7. Activate Use IMAP credentials, leave No authentication required unchecked
  8. Press Add

Geary will ask you for your GNOME keyring password to save your Riseup password. You can safely cancel this.

Enhance your email security

  • Encrypt your mail! For enhanced message security use Шифрование электронной почты.
  • There are many vulnerabilities with how secure connections work. If you need high security, you should always connect to Riseup services using the Riseup VPN. This will prevent a long list of potential attacks against your communication.
  • To enhance connection security you can use Onion Service configuration to connect to Riseup’s .onion services for IMAP and SMTP. Look for the onion address for mail.riseup.net and smtp.riseup.net addresses and use those instead. Note: * SMTP port 465 is often blocked by exit nodes, but port 587 is less frequently blocked. If you have a problem sending mail, try port 587 or configure your client to use Riseup’s email hidden service in place of the regular mail.riseup.net domain. This is better than sending traffic through a Tor exit as it is MITM resistant, but it will generate certificate errors on the client side.

Verify SSL/TLS certificate

Apparently Geary does not provide an option to display used TLS/SSL certificate. If the certified domain name does not match the actual domain name, a warning is shown, but not the fingerprint (or any helpful info).

Message security

At the moment Geary does not support OpenPGP encryption, so it is necessary to de- and encrypt your messages with an external tool.

Note that while you are drafting new messages, Geary saves them without encryption on the server from time to time. To change this, open your account settings and disable Save drafts on server in the Composer section.

When you received an encrypted file attachment, you need to download it and decrypt it manually. Sorry.

Use Riseup’s .onion-Dienst

To enhance connection security you can use Tor to connect to Riseups .onion services for IMAP and SMTP. Look for the according mail.*.onion and smtp.*.onion addresses on the linked page.

To change your settings later, open the file .local/share/geary/[Your_Email_Address].net/geary.ini with your preferred text editor (eg. gedit).

  1. Search for imap_host=mail.riseup.net and smtp_host=mail.riseup.net.
  2. For both IMAP and SMTP replace mail.riseup.net with the .onion address from above page.

Due to a bug in Geary it is not possible to change your account details while you are connected. You need to recreate your account with the Tor servers from the beginning. In case this has been fixed in the future:

  1. From the Geary menu choose Accounts
  2. Select your Riseup account and click at the pencil symbol at the bottom of the screen.
  3. For both IMAP and SMTP replace mail.riseup.net with the .onion addresses from above page.

Great! You now use Tor to connect to Riseup!