Using Secure IMAP with PINE

Warning: I am in the process of updating this document to reflect the authentication steps needed for Microsoft365. At present, not all of this document will contain current/correct information. (March, 2021)

Before getting started: Configuring PINE

Now that UW is using Microsoft365 mail services, you must be running a version of the mail client that supports xoauth2 as an authentication method. This means a version of alpine that's version 2.23 or newer, and built with the xoauth mechanisms.

You can check this if you run:

alpine -supported

And you see XOAUTH2 under the Authenticators section, looking something like:

Authenticators:
  EXTERNAL
  CRAM-MD5
  PLAIN
  LOGIN
  OAUTHBEARER
  XOAUTH2

When you connect to alpine, you'll be asked to open up a web browser to authenticate. This is currently not documented here, but you can get an idea of the process from the documentation on the alpine website

Both PINE and MUTT store their configuration/setup in resource files, or dot-rc files, (.pinerc for PINE, .muttrc for MUTT, in your home directory,) in a format that will be familiar to most UNIX users.

PINE has the added advantage that most (but not all) options are configurable through the PINE program itself, and will automatically update the .pinerc file for you. PINE also creates a skeleton dot-rc file for you, the first time you run PINE. So all of the options are listed, even if they're not set to any specific value.

If you're comfortable editing your dot-rc files yourself, then making these changes with either mail program should be a piece of cake. If not, then you might find using the configuration menus within PINE easier.

Quick setup or TL;DR

This document attempts to explain as much about the why and how as possible, but if you just want to get up and running, and don't have the time to read the whole thing, then here are the changes you want to add to your .pinerc (for users of pine and alpine) or .muttrc (for users of mutt) file.

However, I strongly urge you to come back and read the whole document if you have problems, as it will give you some idea of where things are going wrong, and what to do about it.

For pine, add the following lines to your .pinerc file:

user-domain=uwaterloo.ca
smtp-server=smtp.office365.com/user=yourusername@uwaterloo.ca/submit/auth=xoauth2
inbox-path={outlook.office365.com/ssl/user=yourusername@uwaterloo.ca/auth=xoauth2}INBOX
folder-collections="UW O365" {outlook.office365.com/ssl/user=yourusername@uwaterloo.ca/auth=xoauth2}[]

Getting started: Connecting to the mail server the easy way

If you just want to connect to your inbox, that's fairly easy.

pine -f '{outlook.office365.com/ssl/user=yourusername@uwaterloo.ca/auth=xoauth2}INBOX'

This is more than enough, if all you want to do is read mail, view an attachment, or otherwise not make huge changes to your mailbox.

But typing -f blahblahblah all the time gets cumbersome, and so we have a configuration option that says "Make my inbox default to here:". In your .pinerc file:

inbox-path='{outlook.office365.com/ssl/user=yourusername@uwaterloo.ca/auth=xoauth2}INBOX'

Mail folders and staying organised

By default, PINE sets up INBOX, sent-mail and saved-messages folders for you, on your local system. If you want instead, to use the same folders on the server, you need to configure PINE to look there, instead of on your local machine.

You can set the following variables in your .pinerc file. Note that you can set some of them by going throught he configuration menus within PINE, but not all of them.


folder-collections={outlook.office365.com/ssl/user=yourusername@uwaterloo.ca/auth=xoauth2}[]

If you set the folder-collections variable, then PINE will look there for your Drafts, saved and sent folders. (PINE will replace the [] for the appropriate folder for you.)

The exact location of the folders depends on the server you connect to. The math mail servers at Waterloo use regular directories in your home directory on the unix filesystem. So if you use pine on the math servers, this will be "[]". Some servers, such as mailservices will use "INBOX.[]". If you're unsure, check with your system administrator.

Sending mail

While not strictly IMAP, if you're going to be reading your e-mail remotely, you'll also want to connect to the mail server to send your mail as well.

In PINE, you can do this by setting the smtp-server variable:

user-domain=uwaterloo.ca
smtp-server=smtp.office365.com/user=yourusername@uwaterloo.ca/submit/auth=xoauth2

If something goes wrong

If you have problems connecting to the mail server, it's important to figure out which layer is causing the problem.

  1. Can the user log on to the web-based mail client at https://connect.uwaterloo.ca/? If they can't, maybe they don't have an account set up, or their password is wrong.
  2. If you've just added the options to the .pinerc file listed in the Quick setup section, try removing all of those, except for the inbox-path line, to see if they can at least connect, and see their inbox. If that works, then add the other lines in one at a time until pine starts complaining.