Using Alpine Email Client with MFA

Alpine is an alternative messaging app that is text based. There are versions for Windows 32 & 64 bits and Linux OSes.

This document only covers installing on Ubuntu 20.04. This will work in WSL ( Windows Subsystem for Linux ).

Based on https://alpine.x10host.com/alpine/alpine-info/misc/SettingXOAUTH2Outlook.html

Requirements:
1. You must use the same computer when "Authorizing Alpine Access to Outlook Email Services". Attempting initial login via a remote ssh session will not succeed.
Once the access token is preserved, running Alpine from a remote ssh session works until the token expires.
2. IMAP is required so the O365 user attribute "ImapEnabled" must be set to "True". Users who want to be able to use Alpine will need to send a ticket to the Service Desk asking for it to be enabled. It's disabled by default. If it is set to "false" the user will be able to authenticate BUT not connect using Alpine.

Notes:

To check that the O365 user attribute "ImapEnabled" is set to "True" run the powershell command: Get-ADPrincipalGroupMembership "d10073q" | select distinguishedName, name
Look for the CN: CN=Cloud Mailbox IMAP enabled,OU=Infrastructure Services Groups,OU=Security Groups,DC=kiewit,DC=dartmouth,DC=edu

Those with permissions to the MS Exchange system can run the following to confirm that "ImapEnabled" is True.
PS C:\Users\admin123 > Get-CASMailbox -Identity First.M.Lastname@Dartmouth.edu

Name                         ActiveSyncEnabled OWAEnabled PopEnabled ImapEnabled MapiEnabled SmtpClientAuthenticationDisabled
----                             ----------------- ---------- ---------- ----------- ----------- --------------------------------
First M. Lastname    True                          True                   False            True                True

--

Step-by-Step
  1. Download and install the package for your version of Ubuntu

Ubuntu 20.04 (Focal Fossa):

wget https://engineering.purdue.edu/ECN/Support/KB/Docs/UsingAlpinewitho365/alpine_2.25-1_focal_amd64.deb

Algorithm Hash

SHA256 FB089B5064CCBD6742E05C0A04B3134554EF0389670307DF39AF634A2AB66BDE

MD5 ED6AC25EF37C461673B37AA57720AC9B

sudo dpkg -i ./alpine_2.25-1_focal_amd64.deb

Do not use sudo apt-get install alpine as this will install a version of Alpine that does not support OAUTH2. Run the following to see your installed or available versions.

apt show alpine -a

apt search alpine

There may be dependencies you need to install. The alpine install will alert you if needed.

2. Create a password key file for pine

touch ~/.pine-passfile

Doing this will permit Alpine to save the token so you do not need to re-authenticate every time you launch Alpine. This works similar to selecting "Remember me for 30 days" with DUO.

3. Launch Alpine $ alpine

4. Press s for “Setup”

You may need to exit the "Welcome" screen first to proceed.

5. Press c for “Config”

6. Enter values for:
Personal Name                     = First M. Lastname
User Domain                         = dartmouth.edu
SMTP Server (for sending)    = smtp.office365.com:587/tls/user=YourNetID@dartmouth.edu/submit/auth=xoauth2
Inbox Path                            = {outlook.office365.com:993/ssl/user=YourNetID@dartmouth.edu/auth=xoauth2}INBOX

** BE SURE TO REPLACE 'YourNetID' in the config settings with your NetID, i.e f123456 or d765432 **

Note that it may be necessary to update other folders (Trash, Sent, Drafts), folder
collections, and your remote-pinerc to include "/auth=xoauth2" in the appropriate place.

7. Press e to Exit Setup

8. Press y to save your settings

9. Press q to Quit

10. Relaunch alpine

These next steps must be done on the same computer. It will not work via a remote ssh session.

  • The "Authorizing Alpine Access to Outlook Email Services" message should come up.

11. To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code "JG8URSEQ6" without the quotes.

12. If prompted, select your Dartmouth Work account.

13. Select "Continue"

14. You should see the following message.

15. In Alpine you will be asked to "Save token". If you answer yes the token will be encrypted.

You will be asked for a password to encrypt or decrypt the token each time you open Alpine.

This is NOT your NetID password.It is a password for protecting the local .pine-passstore

Enter password of key <MasterPassword> to unlock password file:

To read email:
Select "FOLDER LIST"

Select "Inbox"

Enter "$" to change the sorted email display order.

Enter "R" to reverse current displayed order.

External Resources

Alpine-info -- Alpine Discussion Forum - Hosted by Washington.edu

https://mailman12.u.washington.edu/mailman/listinfo/alpine-info

Using Alpine with Office365

Based on https://alpine.x10host.com/alpine/alpine-info/misc/SettingXOAUTH2Outlook.html

https://engineering.purdue.edu/ECN/Support/KB/Docs/UsingAlpinewitho365

Alpine for Windows

https://fossies.org/windows/mail/alpine-2.26.zip

See Related Articles to the right for more information.

Details

Article ID: 145090
Created
Fri 7/15/22 2:28 PM
Modified
Wed 9/7/22 3:41 PM

Related Articles (2)

These instructions assume that you have already installed Evolution Mail and the corresponding "evolution-ews" package for your Linux distribution.
This KBA discusses email options for Linux users accessing our Microsoft 365 mailboxes.