Protonmail Bridge on Unraid

Now more than ever in this Social Media day and age I think it is important to encrypt your private communications.  Most people think they are boring but as the current news feeds amplify, if you dare speak out on a subject you may be a target.  I won’t get into details beyond that but …….why not encrypt your on-line conversations?   No one needs to know what you like and don’t like, and what you stand for or don’t stand for.  Or what your vaccination status is.

If you think Gmail, Hotmail, and Yahoo are not spying on you there is no hope for you.  You need to move on from here.  Email encryption is nothing new and in fact I remember the first consumer grade stuff ………Pretty Good Privacy (PGP) in the mid 90’s.   It was super cool but people just would not take the extra steps to do this.   I suspect they still won’t.  But they should.

There are several secure email services and in this blog I will focus on ProtonMail   They use end to end encryption and if you have a ProtonMail account and you email someone that doesn’t…….you can still create an encrypted environment.

ProtonMail is web based, and for most of you that isn’t an issue.  You are used to logging into your Gmail or Yahoo account on a web browser, so don’t let this scare you.  You’re simply using another service except this one is more secure.

Let’s move on with this discussion.


Yes you can use Protonmail online and yes that might be the easiest way to do it.   But Protonmail has added something called a Bridge (for paying customers) that allows you to see your emails in Outlook, Mac Mail, Thunderbird, etc.  NOTE:  Paying may seem a bit extreme but with a Plus account you also get a secure file storage area (ProtonDrive) and a VPN.  Yes, a freaking VPN.  So I pay $5 a month but I also have another VPN service that costs $5.  I can dump it now and keep more stuff together.

You can download a free bridge client for each OS you are on but that is another program running on your computer using your resources.  There is another way.  You can install ProtonMail-bridge on a server and just connect that account to it.

Sure.  You travel.  And in that instance you can just use the app on your tablet or computer that acts as a bridge.  But if you have multiple devices, and usually use them at home………put that resource on a server and let your server handle the load.

I use Unraid.  And there is a ProtonMail-bridge, app but it is a home-made mother to install and get working.  And as usual in cool things…..nobody puts all the data in one place. The answer to crack the code is in 3 or 4 or 5 places.

That’s where I come in.  I put it all together Barney style and make it so a layman can take advantage of this powerful solution.  I spent 2 days figuring this out and the installation literally takes 5 minutes if you do it correctly.  Such is my life.

So let’s get started. I’m going to install ProtonMail-bridge on Unraid. It is based on this docker container and is Open Source  And configuration is a snap.  Go to apps, find it and install it.  The installation page pops up and you only need to populate a couple of things.  Add 1025 to the port 25 container and 1143 to the 143 container and hit apply. Bam.  Bob = Uncle.

Protonmail-bridge Configuration (click pic to enlarge)

That was easy.

Now we want to open the docker terminal and run the following commands:

docker exec -it protonmail-bridge /bin/bash
chmod +x entrypoint.sh
./entrypoint.sh init

Also easy.  Now you need to run the command (actually the script above runs this command but following up the script with “login” will never actually let you login).

protonmail-bridge --cli

Except there is one problem. It won’t work.  You can issue a “login” command but it won’t log you in. You first need to run the command “top”.

top

Now let’s kill “Proton-bridge”

Kill Protonmail-bridge (click pic to enlarge)

Issue this command:

kill 18

or whatever your process number is.

Once it is killed we can again run this command:

protonmail-bridge --cli

Yer doing it. Now you can log in with your ProtonMail account.  I don’t know why killing the process and re-issuing the command works……but it does.

ProtonMail login (click to enlarge pic)

Again, you have to have a paid account to do this and you have to know all your ProtonMail credentials.

Once you log in you can issue the command:

info

to see your login details.
Easy.

Login Bridge (click pic to enlarge)

Be sure to copy this info so you can add it to your email client.  That’s really all you do.  Set up your IMAP server, and SMTP server.  This is the account config on Thunderbird.  It is super easy.

Now, this part is important.  GO TO YOUR DOCKER AND RESTART PROTONMAIL-BRIDGE.  Check the logs to make sure it is okay.

Thunderbird Email Server Config (click to enlarge pics)

Just add your:

  • Host IP (address of your Unraid server)
  • Port Number (1143 for IMAP, and 1025 for SMTP)
  • Security Settings (STARTTLS)
  • Authentication (PASSWORD)
  • user name
  • Bridge password

The BRIDGE PASSWORD is DIFFERENT than your ProtonMail credentials and what you saw after running the “info” command above.

Again, you can install the bridge from ProtonMail on your computer easily by downloading the bridge app.

I have no less than 10 computers at home and it just makes sense to install the bridge on my server and I can configure MOST email client apps to work with it.  I can confirm that Mac Mail, and Thunderbird work great.

This is great but again I want to remind you that if you want to send a fully end-to-end encrypted email …….. you need to use their web app. Or the email has to be from a ProtonMail address TO a ProtonMail address.

Again, the bridge JUST LETS YOU SEE YOUR EMAIL ACCOUNT.  To use end to end encryption for a person who DOES NOT HAVE Protonmail, you have to log into the web based app, and click the lock button to encrypt.  They then get an email with a web link, and they need a password to open your encrypted email.  That password has to be pre-determined by the users.

ProtonMail Encryption (click pics to enlarge)

When using the bridge though……….everything is not end to end encrypted.  Here are two emails I sent myself.  One from proton to outside proton, and one proton to proton.  Note that the proton to proton is END TO END ENCRYPTED………EVEN FROM THE BRIDGE!

Bridge Encryption Comparison (click pics to enlarge)

If both the sender and recipient have Protonmail accounts everything is encrypted from the bridge.  Again, if the recipient is not, you have to send it from the web based ProtonMail which creates a link they click and apply a password too.

If you are using free email, why not use an Open Source, encrypted service?

So the next time you want to email someone that you are headed to the shooting range, or going to the school board meeting………..you probably should encrypt your communications.  I hate that the world has come to this but it has.

NO ONE HAS ANY BUSINESS KNOWING YOUR BUSINESS.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *