Introduction
I wanted to be able to store all of my ProtonMail emails locally for archival purposes, with the intention of running a local content search whenever I needed something retrieving.
I'm going to talk through my steps. There's plenty of tutorials out there for email services such as; Gmail, Hotmail etc. But not much around ProtonMail, especially using a headless instance.
ProtonMail bridge
ProtonMail Bridge is an open-source piece of software built by the Proton Team to create a dummy IMAP server locally, with a sole purpose of decrypting your emails locally to enable you to use a desktop email client such as ThunderBird.
ProtonMail Bridge is a paid feature though, with a minimum requirement of the ProtonMail Plus plan ($5/month). ProtonMail Bridge is not available on the ProtonMail Free plan.
Overview
We're going to set up a Cron job on a headless Ubuntu instance to periodically pull down all our emails. This instance will be running ProtonMail Bridge and a tool named Offlineimap, which will be used to store all your emails in a plaintext, searchable format.
Getting Started
Step 1: Setting up your Linux server
You'll need to either have an existing server instance or create one. I use a Proxmox instance running on a server in my loft. You could also use something like Digital Ocean to run your local archive. Using the following link will give you $100 worth of credits for 60 days to play around with, just sign up using this link.
Once you have the server set up, or have logged in. You'll need to do some updates and run some prerequisite installs.
sudo apt-get update
sudo apt-get upgrade
Step 1: gpg and pass
To use ProtonMail Bridge, you need to first set up the dependencies. These dependencies are pass (A password management system), which has a dependency of gpg (A key management system).
Installing GPG
GPG should be installed on your system as part of the update and upgrade commands that you initially ran after provisioning your server. If it's not, you can install GPG by running the following command.
sudo apt-get install gpg
Once GPG is installed, you need to generate a GPG key.
gpg --gen-key
This will run you through a wizard of adding your full name and email address. Also requiring you to create a passphrase for your gpg key. Add a password to satisfy the wizard, but we'll have to remove this later.
Unfortunately, ProtonMail Bridge will not work with a password protected GPG key in headless mode. This is a serious security risk, so make up your own opinion on this, do some research on what implications this has.
Once GPG has finished, you'll have a public key output. It'll look something like the following
7BDD29402175BC627671356BE8AC4A1C3C5J6357
We now need to remove the passphrase associated with this key.
Run the following
gpg --edit-key 7BDD29402175BC627671356BE8AC4A1C3C5J6357
Once you have executed that command, you'll be in the context of gpg
Run then next command
passwd
You'll now need to enter the passphrase you created earlier, which will unlock the GPG key.
There will now be another console prompt to enter a new passphrase.
Leave this blank.
You'll be asked to confirm that you want a blank passphrase, it'll warn you about the security implications.
Hit 'Y' or Yes to confirm this implication.
Finally, quit the GPG context by typing q and hitting Enter.
Installing Pass
Now it's time to install Pass, which is a ProtonMail Bridge dependency.
sudo apt-get install pass
We'll then need to initialise a new pass instance with your previously generated gpg key id.
pass init 7BDD29402175BC627671356BE8AC4A1C3C5J6357
That's, all the setup required for initialising pass.
Step 2: Installing ProtonMail Bridge
Now it's time to install ProtonMail Bridge.
Run the following command to install the latest version of ProtonMail Bridge at time of writing this post.
wget https://protonmail.com/download/beta/protonmail-bridge_1.5.0-1_amd64.deb
Then install
dpkg -i protonmail-bridge_1.5.0-1_amd64.deb
There may be some more missing dependencies when installing. To fix this, run the following
sudo apt --fix-broken install
Step 3: Initialising ProtonMail Bridge
We now need to log in to ProtonMail Bridge, to do this, run the following command
protonmail-bridge --cli
ProtonMail Bridge will start up and ask you to log in with an email and a password.
This will be your standard ProtonMail username and password.
Step 4: Getting your ProtonMail IMAP Username and Password
Whilst in the context of the ProtonMail Bridge session, run the following command.
info
You'll see an output like the following.
Welcome to ProtonMail Bridge interactive shell
___....___
^^ __..-:'':__ :..: __:'':-..__
_.-: __:.-:'': : : :'':-.:__ :-._
.':.-: : : : : : : : : :._:'.
_ :.': : : : : : : : : : : :'.: _
[]: : : : : : : : : : : : : :[]
[]: : : : : : : : : : : : : :[]
:::::::::[]: __:__ : __:__ : __:__ : __:__ : __:__ : __:__ :__:[]:::::::::::
!!!!!!!!![]!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![]!!!!!!!!!!!
^^^^^^^^^[]^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^[]^^^^^^^^^^^
[] []
[] []
jgs [] []
~~^_~^~/ \~^-~^~ _~^-~_^~-^~_^~~ -^~_~^~-~_~-^~_^/ \~^ ~~_ ^
>>> info
Configuration for {your email}
IMAP Settings
Address: 127.0.0.1
IMAP port: 1143
Username: {your email}
Password: {your password}
Security: STARTTLS
SMTP Settings
Address: 127.0.0.1
IMAP port: 1025
Username: {your email}
Password: {your password}
Security: STARTTLS
Take a note of the values {your email} and {your password}. You'll need these later.
Step 5: Setting up Offlineimap
I'm going to be using an open-source tool I found on Github. Written by peterrus.
Run the following command to pull down the repo from Github.
git clone https://github.com/peterrus/protonmail-export-linux.git
The cd into the cloned repo
cd protonmail-export-linux
Next, you need to install offlineimap
sudo apt-get install offlineimap
Once installed, in the protonmail-export-linux directory, there will be a offlineimaprc file. Open this with your favorite text editor. I'll be using vim in this example.
vim offlineimparc
You'll see a file open that looks something like the following
# Feel free to modify this file to your needs
# See https://github.com/OfflineIMAP/offlineimap/blob/master/offlineimap.conf for a full reference
[general]
accounts = Protonmail
metadata = ./offlineimap-metadata
[Account Protonmail]
localrepository = ProtonmailLocal
remoterepository = ProtonmailRemote
# Feel free to change this, or disable it by commenting it out
postsynchook = notify-send 'Protonmail export done'
[Repository ProtonmailLocal]
type = Maildir
localfolders = ./protonmail-export
# If you (accidentally) delete mail locally, it won't get synced to Protonmail
sync_deletes = no
[Repository ProtonmailRemote]
type = IMAP
# Change this to the value provided in the Protonmail bridge
remoteuser = {your email}
remotepass = {your password}
remotehost = localhost
remoteport = 1143
ssl = no
starttls = no
# If you delete mail on Protonmail, this deletion also get's synced to the archive
expunge = yes
# Don't try to sync local changes to Protonmail, we just want a backup
readonly = True
Leave everything how it is, apart from the section where I have specified, {your email} and {your password}. These will need to be replaced with your ProtonMail Bridge email and password that I got you to take note of earlier.
Save your changes and exit your text editor.
Step 6: Setting up screen
I use screen to run services in the background. Both protonmail-bridge and offlineimap need to run simultaneously.
sudo apt-get install screen
Step 7: Creating a startup script
I made it easy for myself and created a startup script to execute both protonmail-bridge and offlineimap
Here's my script, simply create a new file named start-sync.sh in your home directory. Giving it execute permissions by running
sudo chmod +x start-sync.sh
The start-sync.sh file contents should look like this.
#! /bin/bash
echo "killing existing screen sessions"
pkill screen
echo "Starting bridge"
screen -d -m protonmail-bridge --cli
echo "Starting sync"
sleep 10
screen -d -m offlineimap -c /home/{your user}/protonmail-export-linux/offlineimaprc
Change the location of your offlineimaprc file in that shell script.
Step 8: Starting Offlineimap
Now it's time to execute your start-sync.sh
./start-sync.sh
Now, both of your services should have started up. To see them, run the following command
screen -r
You'll see an output like the following
ed@mail:~# screen -r
There are several suitable screens on:
6415..mail (12/05/20 18:06:26) (Detached)
6308..mail (12/05/20 18:06:16) (Detached)
Type "screen [-d] -r [pid.]tty.host" to resume one of them.
ed@mail:~#
Then run
screen -r 6415 // 6415 being the id of the top process on the screen -r output
You should see an output of a successful authentication with ProtonMail Bridge, and a list of emails currently being downloaded.
Copy message UID 2081 (23/3445) ProtonmailRemote:All Mail -> ProtonmailLocal
Folder INBOX [acc: Protonmail]:
etc...
Detach from this screen by hitting Ctrl + a and Ctrl + d.
Step 9: Where are my emails?
Whilst your emails are downloading, they will be saved to ~/protonmail-export. You should see a list of your email folders in this directory, under the cur subdirectory.
Step 10: Setting up a cron job to pull new emails
Now it's time to set this job up to run each day, or each hour, whatever you'd like to pick.
Run the following
sudo crontab -e
At the very bottom of your crontab file, paste in the following command.
0 0 * * * /home/{your user}/start-sync.sh
I use a tool called crontab.guru to assist with picking a schedule to run my command.
My command will run at midnight each day.
That's all
And hopefully, everything should be up and running successfully. Let me know if you receive any issues in to comments, I'll be happy to help you out.
You could now sync all your emails to Dropbox, or something like Syncthing, which I have recently written about here.
Top comments (0)