🔭 Mirador

CLI to watch mailbox changes, based on email-lib

Features

• Watches and executes actions on mailbox changes
• Interactive configuration via wizard (requires wizard feature)
• Supported events: on message added.
• Supported actions: send system notification, execute shell command.
• Supports IMAP mailboxes (requires imap feature)
• Supports Maildir folders (requires maildir feature)
• Supports global system keyring to manage secrets (requires keyring feature)
• Supports OAuth 2.0 (requires oauth2 feature)

Mirador CLI is written in Rust, and relies on cargo features to enable or disable functionalities. Default features can be found in the features section of the Cargo.toml.

Installation

The v1.0.0 is currently being tested on the master branch, and is the prefered version to use. Previous versions (including GitHub beta releases and repositories published versions) are not recommended.

Pre-built binary

Mirador CLI v1.0.0 can be installed with a pre-built binary. Find the latest pre-release GitHub workflow and look for the Artifacts section. You should find a pre-built binary matching your OS.

Cargo (git)

Mirador CLI v1.0.0 can also be installed with cargo:

$ cargo install --frozen --force --git https://github.com/pimalaya/mirador.git

Mirador CLI can be installed with a prebuilt binary:

# As root:
$ curl -sSL https://raw.githubusercontent.com/pimalaya/mirador/master/install.sh | sudo sh

# As a regular user:
$ curl -sSL https://raw.githubusercontent.com/pimalaya/mirador/master/install.sh | PREFIX=~/.local sh

These commands install the latest binary from the GitHub releases section.

Binaries are built with default cargo features. If you want to enable or disable a feature, please use another installation method.

Pre-built binary

Mirador CLI can be installed with a prebuilt binary:

# As root:
$ curl -sSL https://raw.githubusercontent.com/pimalaya/mirador/master/install.sh | sudo sh

# As a regular user:
$ curl -sSL https://raw.githubusercontent.com/pimalaya/mirador/master/install.sh | PREFIX=~/.local sh

These commands install the latest binary from the GitHub releases section.

Binaries are built with default cargo features. If you want to enable or disable a feature, please use another installation method.

Cargo

Mirador CLI can be installed with cargo:

$ cargo install mirador

# With only IMAP support:
$ cargo install mirador --no-default-features --features imap

You can also use the git repository for a more up-to-date (but less stable) version:

$ cargo install --git https://github.com/pimalaya/mirador.git mirador

Nix

Mirador CLI can be installed with Nix:

$ nix-env -i mirador

You can also use the git repository for a more up-to-date (but less stable) version:

$ nix-env -if https://github.com/pimalaya/mirador/archive/master.tar.gz

# or, from within the source tree checkout
$ nix-env -if .

If you have the Flakes feature enabled:

$ nix profile install mirador

# or, from within the source tree checkout
$ nix profile install

# you can also run Mirador directly without installing it:
$ nix run mirador

Sources

Mirador CLI can be installed from sources.

First you need to install the Rust development environment (see the rust installation documentation):

$ curl https://sh.rustup.rs -sSf | sh

Then, you need to clone the repository and install dependencies:

$ git clone https://github.com/pimalaya/mirador.git
$ cd mirador
$ cargo check

Now, you can build Mirador:

$ cargo build --release

Binaries are available under the target/release folder.

Configuration

Just run mirador, the wizard will help you to configure your default account.

You can also manually edit your own configuration, from scratch:

• Copy the content of the documented ./config.sample.toml
• Paste it in a new file ~/.config/mirador/config.toml
• Edit, then comment or uncomment the options you want

Proton Mail (Bridge)

When using Proton Bridge, emails are synchronized locally and exposed via a local IMAP/SMTP server. This implies 2 things:

• Id order may be reversed or shuffled, but envelopes will still be sorted by date.
• SSL/TLS needs to be deactivated manually.
• The password to use is the one generated by Proton Bridge, not the one from your Proton Mail account.

[accounts.proton]
default = true
folder = "INBOX"

backend.type = "imap"
backend.host = "127.0.0.1"
backend.port = 1143
backend.encryption = false
backend.login = "example@proton.me"
backend.auth.type = "password"
backend.auth.raw = "<proton-bridge-generated-password>"

on-message-added.notify.summary = "Proton: new message from {sender}"
on-message-added.notify.body = "{subject}"

Keeping your password inside the configuration file is good for testing purpose, but it is not safe. You have 2 better alternatives:

• Save your password in any password manager that can be queried via the CLI:

  backend.auth.type = "password"
  backend.auth.cmd = "pass show proton"

• Use the global keyring of your system (requires the keyring cargo feature):

  backend.auth.type = "password"
  backend.auth.keyring = "proton-example"

  Running mirador configure -a proton will ask for your IMAP password, just paste the one generated previously.

Gmail

Google passwords cannot be used directly. There is two ways to authenticate yourself:

Using App Passwords

This option is the simplest and the fastest. First, be sure that:

• IMAP is enabled
• Two-step authentication is enabled
• Less secure app access is enabled

First create a dedicated password for Mirador.

[accounts.gmail]
default = true
folder = "INBOX"

backend.type = "imap"
backend.host = "imap.gmail.com"
backend.port = 993
backend.encryption = "tls"
backend.login = "example@gmail.com"
backend.auth.type = "password"
backend.auth.raw = "<generated-password>"

on-message-added.notify.summary = "Gmail: new message from {sender}"
on-message-added.notify.body = "{subject}"

Keeping your password inside the configuration file is good for testing purpose, but it is not safe. You have 2 better alternatives:

• Save your password in any password manager that can be queried via the CLI:

  backend.auth.type = "password"
  backend.auth.cmd = "pass show gmail"

• Use the global keyring of your system (requires the keyring cargo feature):

  backend.auth.type = "password"
  backend.auth.keyring = "gmail-example"

  Running mirador configure -a gmail will ask for your IMAP password, just paste the one generated previously.

Using OAuth 2.0

This option is the most secure but the hardest to configure. It requires the oauth2 and keyring cargo features.

First, you need to get your OAuth 2.0 credentials by following this guide. Once you get your client id and your client secret, you can configure your Mirador account this way:

[accounts.gmail]
default = true
folder = "INBOX"

backend.type = "imap"
backend.host = "imap.gmail.com"
backend.port = 993
backend.login = "example@gmail.com"
backend.auth.type = "oauth2"
backend.auth.client-id = "<client-id>"
backend.auth.auth-url = "https://accounts.google.com/o/oauth2/v2/auth"
backend.auth.token-url = "https://www.googleapis.com/oauth2/v3/token"
backend.auth.pkce = true
backend.auth.scope = "https://mail.google.com/"

on-message-added.notify.summary = "Gmail: new message from {sender}"
on-message-added.notify.body = "{subject}"

Running mirador configure -a gmail will complete your OAuth 2.0 setup and ask for your client secret.

Outlook

[accounts.outlook]
default = true
folder = "INBOX"

backend.type = "imap"
backend.host = "outlook.office365.com"
backend.port = 993
backend.encryption = "tls"
backend.login = "example@outlook.com"
backend.auth.type = "password"
backend.auth.cmd = "pass show outlook"

on-message-added.notify.summary = "Outlook: new message from {sender}"
on-message-added.notify.body = "{subject}"

Using OAuth 2.0

This option is the most secure but the hardest to configure. First, you need to get your OAuth 2.0 credentials by following this guide. Once you get your client id and your client secret, you can configure your Mirador account this way:

[accounts.outlook]
default = true
folder = "INBOX"

backend.type = "imap"
backend.host = "outlook.office365.com"
backend.port = 993
backend.login = "example@outlook.com"
backend.auth.type = "oauth2"
backend.auth.client-id = "<client-id>"
backend.auth.auth-url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
backend.auth.token-url = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
backend.auth.pkce = true
backend.auth.scopes = ["https://outlook.office.com/IMAP.AccessAsUser.All"]

on-message-added.notify.summary = "Outlook: new message from {sender}"
on-message-added.notify.body = "{subject}"

Running mirador configure -a outlook will complete your OAuth 2.0 setup and ask for your client secret.

iCloud Mail

From the iCloud Mail support page:

• IMAP port = 993.
• IMAP login = name of your iCloud Mail email address (for example, johnappleseed, not johnappleseed@icloud.com)
• SMTP port = 587 with STARTTLS
• SMTP login = full iCloud Mail email address (for example, johnappleseed@icloud.com, not johnappleseed)

[accounts.icloud]
default = true
folder = "INBOX"

backend.type = "imap"
backend.host = "imap.mail.me.com"
backend.port = 993
backend.encryption = "tls"
backend.login = "johnappleseed"
backend.auth.type = "password"
backend.auth.cmd = "security find-internet-password -s 'johnappleseed'"

on-message-added.notify.summary = "iCloud: new message from {sender}"
on-message-added.notify.body = "{subject}"

FAQ

How to debug Mirador CLI?

The simplest way is to use --debug and --trace arguments.

The advanced way is based on environment variables:

• RUST_LOG=<level>: determines the log level filter, can be one of off, error, warn, info, debug and trace.
• RUST_SPANTRACE=1: enables the spantrace (a span represent periods of time in which a program was executing in a particular context).
• RUST_BACKTRACE=1: enables the error backtrace.
• RUST_BACKTRACE=full: enables the full error backtrace, which include source lines where the error originated from.

Logs are written to the stderr, which means that you can redirect them easily to a file:

RUST_LOG=debug mirador watch 2>/tmp/mirador.log

How the wizard discovers IMAP configs?

All the lookup mechanisms use the email address domain as base for the lookup. It is heavily inspired from the Thunderbird Autoconfiguration protocol. For example, for the email address test@example.com, the lookup is performed as (in this order):

1. check for autoconfig.example.com
2. look up of example.com in the ISPDB (the Thunderbird central database)
3. look up MX example.com in DNS, and for mx1.mail.hoster.com, look up hoster.com in the ISPDB
4. look up SRV example.com in DNS
5. try to guess (imap.example.com, smtp.example.com…)

Sponsoring

Special thanks to the NLnet foundation and the European Commission that helped the project to receive financial support from various programs:

• NGI Assure in 2022
• NGI Zero Entrust in 2023
• NGI Zero Core in 2024 (still ongoing)

If you appreciate the project, feel free to donate using one of the following providers: