Geary
Geary is a free and open source (Software Libre) lightweight email client designed for the GNOME desktop. Its interface is based on conversations, so you can easily read an entire discussion without having to click from message to message. You can download it here: Geary download
Add your Riseup account
Geary currently only supports IMAP accounts. On first start you are asked to create a new account:
- For Service choose Other
- Enter a name and your Riseup email address
- Set the IMAP server
mail.riseup.net
, leave the port at 993. If you want to connect via Riseups Tor service, see below. - Enter your Riseup username and password
- For IMAP and SMTP choose
SSL/TLS
Encryption - Set the SMTP server
mail.riseup.net
, leave the port at 465 - Activate Use IMAP credentials, leave No authentication required unchecked
- Press Add
Geary will ask you for your GNOME keyring password to save your Riseup password. You can safely cancel this.
Enhance your email security
- Encrypt your mail! For enhanced message security use Шифрование электронной почты.
- There are many vulnerabilities with how secure connections work. If you need high security, you should always connect to Riseup services using the Riseup VPN. This will prevent a long list of potential attacks against your communication.
- To enhance connection security you can use Onion Service configuration to connect to Riseup’s .onion services for IMAP and SMTP. Look for the onion address for mail.riseup.net and smtp.riseup.net addresses and use those instead. Note: * SMTP port 465 is often blocked by exit nodes, but port 587 is less frequently blocked. If you have a problem sending mail, try port 587 or configure your client to use Riseup’s email hidden service in place of the regular
mail.riseup.net
domain. This is better than sending traffic through a Tor exit as it is MITM resistant, but it will generate certificate errors on the client side.
Verify SSL/TLS certificate
Apparently Geary does not provide an option to display used TLS/SSL certificate. If the certified domain name does not match the actual domain name, a warning is shown, but not the fingerprint (or any helpful info).
Message security
At the moment Geary does not support OpenPGP encryption, so it is necessary to de- and encrypt your messages with an external tool.
Note that while you are drafting new messages, Geary saves them without encryption on the server from time to time. To change this, open your account settings and disable Save drafts on server in the Composer section.
When you received an encrypted file attachment, you need to download it and decrypt it manually. Sorry.
Use Riseup’s .onion-Dienst
To enhance connection security you can use Tor to connect to Riseups .onion services for IMAP and SMTP. Look for the according mail.*.onion
and smtp.*.onion
addresses on the linked page.
To change your settings later, open the file .local/share/geary/[Your_Email_Address].net/geary.ini
with your preferred text editor (eg. gedit).
- Search for
imap_host=mail.riseup.net
andsmtp_host=mail.riseup.net
. - For both IMAP and SMTP replace mail.riseup.net with the .onion address from above page.
Due to a bug in Geary it is not possible to change your account details while you are connected. You need to recreate your account with the Tor servers from the beginning. In case this has been fixed in the future:
- From the Geary menu choose Accounts
- Select your Riseup account and click at the pencil symbol at the bottom of the screen.
- For both IMAP and SMTP replace
mail.riseup.net
with the .onion addresses from above page.
Great! You now use Tor to connect to Riseup!