Configuring Mutt for connect.uwaterloo.ca
As of this writing, the University of Waterloo runs a campus-wide email server for faculty, staff and graduate students at connect.uwaterloo.ca . As of this writing, that server runs Exchange 2016.
I did not want to use the Outlook Web App functionality of their Exchange server (because it is slow on my computer and OWA kind of sucks), so I looked into configuring the system to work with mutt, using IMAP and SMTP. I had reason to believe that this would work: the university provides instructions on configuring Thunderbird.
But I spent several days fighting with mutt to get it working.
IMAP was fairly easy to configure. In my .muttrc
I have:
set folder=imaps://pnijjar@connect.uwaterloo.ca
set spoolfile=+Inbox
set imap_keepalive=10
I found I needed imap_keepalive
. Otherwise the connection would
close itself after a few minutes. pnijjar
in this case is my UW
userID.
SMTP was a pain to configure. Here is the magic incantation:
set smtp_url="smtp://pnijjar@connect.uwaterloo.ca:587"
set ssl_starttls=yes
set smtp_authenticators=login
The smtp_authenticators
part was the magic. Without it, mutt will
attempt NTLM authentication before plain logins, and that does not
work because NTLM is an authentication mechanism designed for Windows
domains, and my machine was not joined to that domain. We can see this
with a trace (generated with mutt -d 4
):
[2017-08-19 11:19:45] Connecting to connect.uwaterloo.ca...
[2017-08-19 11:19:45] Connected to connect.uwaterloo.ca:587 on fd=6
[2017-08-19 11:19:45] 6< 220 connhm01.connect.uwaterloo.ca Microsoft
ESMTP MAI
L Service ready at Sat, 19 Aug 2017 11:19:45 -0400
[2017-08-19 11:19:45] 6> EHLO nb-heartburn
[2017-08-19 11:19:45] 6< 250-connhm01.connect.uwaterloo.ca Hello
[24.212.219.1
19]
[2017-08-19 11:19:45] 6< 250-SIZE 52428800
[2017-08-19 11:19:45] 6< 250-PIPELINING
[2017-08-19 11:19:45] 6< 250-DSN
[2017-08-19 11:19:45] 6< 250-ENHANCEDSTATUSCODES
[2017-08-19 11:19:45] 6< 250-STARTTLS
[2017-08-19 11:19:45] 6< 250-AUTH GSSAPI NTLM
[2017-08-19 11:19:45] 6< 250-8BITMIME
[2017-08-19 11:19:45] 6< 250-BINARYMIME
[2017-08-19 11:19:45] 6< 250 CHUNKING
[2017-08-19 11:19:45] 6> STARTTLS
[2017-08-19 11:19:45] 6< 220 2.0.0 SMTP server ready
[2017-08-19 11:19:46] SSL/TLS connection using TLS1.2
(ECDHE-RSA/AES-256-CBC/SHA384)
[2017-08-19 11:19:47] 6> EHLO nb-heartburn
[2017-08-19 11:19:47] 6< 250-connhm01.connect.uwaterloo.ca Hello
[24.212.219.119]
[2017-08-19 11:19:47] 6< 250-SIZE 52428800
[2017-08-19 11:19:47] 6< 250-PIPELINING
[2017-08-19 11:19:47] 6< 250-DSN
[2017-08-19 11:19:47] 6< 250-ENHANCEDSTATUSCODES
[2017-08-19 11:19:47] 6< 250-AUTH GSSAPI NTLM LOGIN
[2017-08-19 11:19:47] 6< 250-8BITMIME
[2017-08-19 11:19:47] 6< 250-BINARYMIME
[2017-08-19 11:19:47] 6< 250 CHUNKING
[2017-08-19 11:40:34] smtp_authenticate: Trying method login
[2017-08-19 11:40:34] SASL local ip: 192.168.0.100;48007, remote ip:10.97.28.3;587
[2017-08-19 11:40:34] mutt_sasl_cb_authname: getting authname for connect.uwaterloo.ca:587
[2017-08-19 11:40:34] mutt_sasl_cb_pass: getting password for pnijjar@connect.uwaterloo.ca:587
[2017-08-19 11:40:47] 6> cG5pamphcg==
[2017-08-19 11:40:47] 6< 334 UGFzc2983mQ6
[2017-08-19 11:40:47] 6> VW5mOjpsdG9uNzIyMS8vQnluaWtp
[2017-08-19 11:40:48] 6< 235 2.7.0 Authentication successful target
host connhm01.connect.uwaterloo.ca
The magic line is
[2017-08-19 11:19:47] 6< 250-AUTH GSSAPI NTLM LOGIN
which I guess tells Mutt to try GSSAPI (aka Kerberos), then NTLM, then plain logins. Mutt does not try GSSAPI but does try NTLM, which does not work.
There is of course a bunch of other Mutt twiddling in my .muttrc
, but
you can figure that out yourself. I hope eventually this information
is added to official UW documentation (and I have requested as much)
but at least it is available here.