Gmail Hashcash Notifications To Your Phone

Gmail Inbox Setup for Hashcash Notifications To Your Phone

If you install my Hashcash for Gmail google script to scan & validate your incoming email according to the presence or absence of hashcash stamps, and you just want notifications for verified emails coming in, you can tweak how the inbox notifies you on your mobile phone. Here's one possible setup:

It's quickest to set this up from the desktop:

  1. From the gmail web interface Gear->Settings
  2. Inbox tab
  3. Inbox type 'Priority'
  4. For Inbox sections 1-4, Options->Remove Section
  5. Redefine Inbox section 1. Options->More Options...->Show All From Label [#$]
  6. Save Changes

Then on your Android phone, configure Gmail:
  1. Menu->More->Settings
  2. Account Settings->[your email address]
  3. -Check Priority Inbox (make default for this account)
  4. -Labels to Notify
  5.   ->Inbox: off
  6.   ->Priority Inbox: off (was: [subtle, always, notify for every msg])
  7.   -> [#$]: [subtle, always, notify for every msg]
NOTE: This is a pretty strict set-up in the respect that you won't get notifications for anything that doesn't have a valid Hashcash stamp. Not too useful until most people in your local network also are using Hashcash. That's the problem with network effects.. the usefulness of a thing only becomes apparent once many people are using it together.

If you look into Gmail's Priority inbox rules it's a pretty powerful way to tailor how/when you get notifications.


Tugging at the chains 'twixt myself and The Cloud

[Otherwise, less poetically-entitled: Screw you, NSAGoogle. I'll make my own damn webmail, with blackjack and hookers. Thing is, I actually -want- the webmail too. Really.]

2013-11-18: experiments setting up my own webmail server with IMAP and (eventually) OSS webmail client access

Part I: The MTA and IMAP service (dovecot), plus Thunderbird client access [DONE]
Part II: Webmail client for easy access anywhere (TODO)
Part III: End-to-end encryption using clients in (I) and (II), for anyone (TODO.. and non-trivial, I know)

1. Exim4:
   * just install using debian defaults
   * edit /etc/exim4/update-exim4.conf.conf for your smarthost
     (a smarthost is an SMTP server that will relay mail for you; usually
      smtp.<your_isp> -- note many ISPs these days don't allow any outgoing email
      even from their own customers' IP blocks. Complain bitterly to them that they're
      breaking the internet, not that it will do any good... other than some cathartic anger on your part. Then go find another provider, if you can.)

2. Get an IMAP server:
  apt-get install dovecot-imapd dovecot-sqlite dovecot-pop3d

   * Nice! Top of /etc/dovecot/dovecot.conf:
     "If you're in a hurry, see"

2.1. Configuring dovecot
  2.1.1 Authentication
   * [Further research here is required. I ended up using the default 'passwd-file'
      accounts rather than 'passwd' account auth which would use PAM to match against
      the system user accounts. It's safer to use 'passwd-file' anyways since that
      means users' email accounts don't have to use their shell accounts.]

  2.1.2 Mailbox setup/privileges
   * My deb system appears to use 'mail' group for /var/mail, so I set
     mail_privileged_group = mail,
     #! mbox_very_dirty_syncs = yes
     #! maildir_very_dirty_syncs = yes
     .. in /etc/dovecot/conf.d/10-mail.conf

  2.1.3 IMAP Compatibility Options
   * Since I like Thunderbird, enable the following IMAP workarounds
     in 20-imap.conf:
     imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags

  2.1.4 SSL setup
   * Consider after getting things going, enabling SSL. Generate a self-signed cert
     using Dovecot's doc/ script (see _SSL_ link)
   ** NOTE SSL is required by default, you have to set disabled_plaintext_auth = no

    i) Go to
    ii) Download the two files doc/ (or find in the downloaded dist files),
        and doc/dovecot-openssl.cnf
    iii) Edit dovecot-openssl.cnf to match your site install; also edit
         itself if you want to lengthen/shorten cert expiry and/or the name of the
         generated cert (default: /etc/ssl/private/dovecot.pem)

  2.1.5 IMAP account (server-side): see
    Default appears to be 'passwd-file' which sets up a separate username/pass DB for
    IMAP access. One could set up 'driver = passwd' to use the server's local user
    accounts, but that would also grant shell access (usually). Probably a good idea
    if setting up a public server to use the default.

    i) edit /etc/dovecot/conf.d/auth-passwdfile.conf.ext
       Set scheme=SHA512-CRYPT
    ii) $ doveadm pw -s SHA512-CRYPT -u <username>
    iii) cut and paste the resulting string into /etc/dovecot/users
    iv) edit /etc/dovecot/conf.d/10-auth.conf
        auth_mechanisms = plain login  (? Not required apparently)
        (default install only has 'plain')

3. Get a desktop or web-based mail client. I went through a few here:
  x IlohaMail - obsolete, the whole domain is gone, even though it's still a package in
    Debian repos and written in PHP4. So, no docs. Doesn't support POP-over-SSL or other
    encrypted auth schemes due to its age; too bad, it was easy to install. -REJECTED-
  x <lots of other webmail clients, too complicated to get going> -REJECTED-
  x <RoundCube? Still need to evaluate>
  x <MailPile? Looks promising, actively developed but very incomplete. They are working
     on integrated PGP/GPG support, perhaps a post-Snowden emphasis on e2e-crypto? Hope!>
  x .. or a desktop mail client such as Thunderbird.
      Thunderbird Account Settings:
        Server Settings: Server Type: IMAP Mail Server
                         Server Name: <server hostname>
                         User Name: <username> (without @domain.tld)
                         Security Settings: Connection security: SSL/TLS
                         Authentication method: Normal password (?)
        Outgoing Server (SMTP): Description: (your choice)
                                Server Name: <smtp smarthost server hostname>
                                Port: 25 (** NOTE default is 587, won't work!)
        Sec. and Authentication:
                                Connection security: None
                                Authentication method: No authentication