From i at scateu.me Thu Jul 6 08:59:26 2023 From: i at scateu.me (Wang Kang) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] Use Pine Remote Data to sync one text file Message-ID: <5ea5bb02-6146-f127-106a-70277d708de6@scateu.me> Dear list, I am so happy to share my new use case -- sync a plain text file (.taskpaper) between computers. upload: rpload -t sig -l my.taskpaper -r {example.com:993/ssl/user=me@example.com}INBOX.taskpaper.personal download: rpdump -l imac.taskpaper -r {example.com:993/ssl/user=me@example.com}INBOX.taskpaper.personal It works like a charm! Plus, each version is uploaded to and perserved in the imap folder for backup. Hope it helps. Cheers, -- Wang Kang From robin.listas at telefonica.net Mon Jul 10 03:32:10 2023 From: robin.listas at telefonica.net (Carlos E. R.) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] Timeout on sort operations Message-ID: <3721c482-59b6-296e-b280-0d7ff8e881da@telefonica.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have some big folders (local). For example, I have a mbox folder with 73000 on same computer on dovecot. When I ask, for instance, to sort it, the operation times out: No reply in 15 seconds from server localhost. Break connection? I have to type "N", and repeat several times. Where is that timeout configured? I don't find the string "15" in the configuration. However, if I look at the configuration .pinerc with an editor, I do see several variables that contain "15". Possibly this one: # If this much time has elapsed at the time of a tcp read or write # timeout, pine will ask if you want to break the connection. # Default is 60 seconds, minimum is 5, maximum is 1000. tcp-query-timeout=15 Yes, seems to work. I had to change that setting to 15 in the past because of some broken imap server (if it doesn't work, the operation can't be interrupted till timeout). Let's see how it goes. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZKveKhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVcRcAoJRASE6gIGx+CnZm+/Wq vKHoiKfVAJ0YtTNWsB8JCTlg2AadWlZeQMKaJw== =TN4Z -----END PGP SIGNATURE----- From andrew at aitchison.me.uk Mon Jul 10 07:11:51 2023 From: andrew at aitchison.me.uk (Andrew C Aitchison) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] PGP and Web Key Directory Message-ID: <02523e73-4849-692f-8cad-0dc26cd2a8a2@aitchison.me.uk> I know that Alpine caches S/MIME keys that it receives, but has no PGP support, so this is just for info. Web Key Directory https://wiki.gnupg.org/WKD looks like an interesting way of acquiring and managing PGP keys with little user effort. With Protonmail, Debian, Gentoo, Gnupg and f-droid amongst the providers and organisations using WKD it may be useful to some people here. -- Andrew C. Aitchison Kendal, UK andrew@aitchison.me.uk From bradford.chamberlain at hpe.com Mon Jul 17 09:55:34 2023 From: bradford.chamberlain at hpe.com (Chamberlain, Brad) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token Message-ID: Hello alpine community ? I returned from a week's vacation this morning, fired up alpine and have been getting error messages that are unfamiliar to me. Upon trying to open my inbox, I get: ??????[>Code 400: invalid_grant: AADSTS70043: The refresh token has expired or is invalid due to sign-in frequenc<] And when trying to send a mail, I get the similar error: ??????[>Error sending: Code 400: invalid_grant: AADSTS70043: The refresh token has expired or is invali<] The mention of sign-in frequency is confusing to me since I haven't signed in ~10 days time (unless it's actually referring to a lack of frequency?). This is running alpine from my desktop Mac using the homebrew formula for alpine 2.26 and an outlook.office365.com inbox path using xoauth2 authorization. This configuration has been working like a charm since I switched to it a month or so ago, so I'm hoping the fix is something simple. In the past, I've been directed to do the little handshake with Outlook through a web browser at some frequency (every few months) and am wondering whether I just need to force / request that to happen in some way? Thanks for any tips, -Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradford.chamberlain at hpe.com Mon Jul 17 11:19:31 2023 From: bradford.chamberlain at hpe.com (Chamberlain, Brad) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token In-Reply-To: References: Message-ID: Aha, I think I was able to solve my problem by looking through the alpine --help? options and taking a stab at one of them. Specifically, when I re-ran alpine -erase_stored_passwords?, I was taken to the Microsoft device login page. I'm not sure why I haven't had to do this in the past, though... maybe this is the first time I've had a device token expire since using alpine 2.26 on a Mac? I saw a message flash by very briefly after I asked it to save my credentials for future re-use about deleting something from the keychain, so maybe that is a factor as well? Anyway, I'm still interested in improving my knowledge and understanding here, if anyone can provide more details as to what might have been going on. Thanks! -Brad ________________________________ From: Chamberlain, Brad Sent: Monday, July 17, 2023 9:55 AM To: Alpine Users Subject: invalid_grant error AADSTS70043: expired or invalid refresh token Hello alpine community ? I returned from a week's vacation this morning, fired up alpine and have been getting error messages that are unfamiliar to me. Upon trying to open my inbox, I get: ??????[>Code 400: invalid_grant: AADSTS70043: The refresh token has expired or is invalid due to sign-in frequenc<] And when trying to send a mail, I get the similar error: ??????[>Error sending: Code 400: invalid_grant: AADSTS70043: The refresh token has expired or is invali<] The mention of sign-in frequency is confusing to me since I haven't signed in ~10 days time (unless it's actually referring to a lack of frequency?). This is running alpine from my desktop Mac using the homebrew formula for alpine 2.26 and an outlook.office365.com inbox path using xoauth2 authorization. This configuration has been working like a charm since I switched to it a month or so ago, so I'm hoping the fix is something simple. In the past, I've been directed to do the little handshake with Outlook through a web browser at some frequency (every few months) and am wondering whether I just need to force / request that to happen in some way? Thanks for any tips, -Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: From alpine.chappa at yandex.com Mon Jul 17 19:34:21 2023 From: alpine.chappa at yandex.com (Eduardo Chappa) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token In-Reply-To: References: Message-ID: On Mon, 17 Jul 2023, Chamberlain, Brad wrote: > Hello alpine community ? > > I returned from a week's vacation this morning, fired up alpine and have > been getting error messages that are unfamiliar to me.? Upon trying to open > my inbox, I get: > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?? > ??????[>Code 400: invalid_grant: AADSTS70043: The refresh token has expired > or is invalid due to sign-in frequenc<] Dear Brad, the issue is that the refresh token was revoked by the server. Who knows why that happen. It was an internal policy. Tokens can be revoked for several reasons, including, but not limited to, expiration: The refresh token has outlived its validity; change in account settings: for example, change in the password; confirmation of account settings: checking that your information is up-to-date. Apparently you hit another one: not loging into your account for a week. When this happens simply try to reopen your INBOX. For example, if the error happens when you are opening Alpine, a failure to open your inbox will put you in a screen from where you need to navigate to your INBOX and then try to open int again. This time Alpine will display the screen to grant authorization to Alpine and create the refresh token that you can use in the future. > And when trying to send a mail, I get the similar error: > > ??????[>Error sending: Code 400: invalid_grant: AADSTS70043: The refresh > token has expired or is invali<] The refresh token that is used to login to your inbox is the same that is used to login to your smtp server. Revocation of the refresh token will prevent you from reading your inbox and sending email. It is an "all or none" scheme. I hope this helps. -- Eduardo From bradford.chamberlain at hpe.com Tue Jul 18 10:08:42 2023 From: bradford.chamberlain at hpe.com (Brad Chamberlain) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token In-Reply-To: References: Message-ID: Hi Eduardo ? Thanks for the tips! I guess I didn't say in my original message, but when the failure originally occurred (upon running 'alpine'), the reason for the failure was completely unclear. It just said something vague like "unable to open INBOX" or the like. It was only when trying to manually reopen the INBOX as you describe that I was able to see the more detailed error message and copy-paste it into my queries here. I kept hoping that I'd eventually get the device login prompt and web redirect if I waited long enough or restarted enough times or tried reopening it enough times, but I never did. It was only when re-running with the '-erase_stored_passwords' flag that I was offered the chance to do a new device login / get a new token from Outlook. If I were to get into this situation again, are there other ways to force getting a new refresh token other than using that flag, or did I end up finding the best practice? Thanks again! -Brad On Tue, 18 Jul 2023, Eduardo Chappa wrote: > On Mon, 17 Jul 2023, Chamberlain, Brad wrote: > >> Hello alpine community ? >> >> I returned from a week's vacation this morning, fired up alpine and have >> been getting error messages that are unfamiliar to me.? Upon trying to open >> my inbox, I get: >> >> ??????[>Code 400: invalid_grant: AADSTS70043: The refresh token has expired >> or is invalid due to sign-in frequenc<] > > Dear Brad, > > the issue is that the refresh token was revoked by the server. Who knows > why that happen. It was an internal policy. Tokens can be revoked for several > reasons, including, but not limited to, expiration: The refresh token has > outlived its validity; change in account settings: for example, change in the > password; confirmation of account settings: checking that your information is > up-to-date. Apparently you hit another one: not loging into your account for > a week. > > When this happens simply try to reopen your INBOX. For example, if the > error happens when you are opening Alpine, a failure to open your inbox will > put you in a screen from where you need to navigate to your INBOX and then > try to open int again. This time Alpine will display the screen to grant > authorization to Alpine and create the refresh token that you can use in the > future. > >> And when trying to send a mail, I get the similar error: >> >> ??????[>Error sending: Code 400: invalid_grant: AADSTS70043: The refresh >> token has expired or is invali<] > > The refresh token that is used to login to your inbox is the same that is > used to login to your smtp server. Revocation of the refresh token will > prevent you from reading your inbox and sending email. It is an "all or none" > scheme. > > I hope this helps. > > -- > Eduardo From alpine.chappa at yandex.com Tue Jul 18 14:24:03 2023 From: alpine.chappa at yandex.com (Eduardo Chappa) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token In-Reply-To: References: Message-ID: <70a9a6a1-19d5-18fe-39ef-266525e348fd@yandex.com> On Tue, 18 Jul 2023, Brad Chamberlain wrote: > Thanks for the tips! I guess I didn't say in my original message, but > when the failure originally occurred (upon running 'alpine'), the reason > for the failure was completely unclear. It just said something vague > like "unable to open INBOX" or the like. Dear Brad, my memory is not the best, nor do I have direct experience with Macs, so I till tell you what I remember from my Linux experience. First, depending on the version of Alpine that you are using, the error that prevented you from opening the inbox might not be fully displayed, but the latest version of Alpine will. The error you displayed is consistent with using version 2.26, so you are up to date in that side. > I kept hoping that I'd eventually get the device login prompt and web > redirect if I waited long enough or restarted enough times or tried > reopening it enough times, but I never did. It was only when re-running > with the '-erase_stored_passwords' flag that I was offered the chance to > do a new device login / get a new token from Outlook. My experience is that you do not need to restart Alpine. My thinking is that (in Linux, and Windows, but probably not in Mac OS) when the access token created by the refresh token fails fails, the refresh token is erased, so the next time the process is attempted it starts from scratch. I will have to double check that this is the case. > If I were to get into this situation again, are there other ways to > force getting a new refresh token other than using that flag, or did I > end up finding the best practice? using the erase-passwords option seems to be the correct way to solve this issue, albeit it erases all your passwords. If the problem happened every time that you opened alpine, then it means that the alpine version is not deleting that credential, and I need to look into that. All of this would be much easier if Mac and Windows did not have their own way to deal with password support. I am thinking of doing one of two things: either forcing everyone to use password file support or adding a password file into the windows credentials and the mac keychain. This would make it much simpler to support alpine across several platforms. I know I upset people when I do this kind of things, so if anyone has opinions that I should consider, I will be happy to read them. -- Eduardo From bradford.chamberlain at hpe.com Tue Jul 18 14:42:00 2023 From: bradford.chamberlain at hpe.com (Brad Chamberlain) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token In-Reply-To: <70a9a6a1-19d5-18fe-39ef-266525e348fd@yandex.com> References: <70a9a6a1-19d5-18fe-39ef-266525e348fd@yandex.com> Message-ID: <304fd27b-47fa-9f0a-fbd5-1afee4b421aa@hpe.com> Hi Eduardo ? Off-list to avoid potential churn, though I can respond back on-list with anything that comes out of this and seems useful: > using the erase-passwords option seems to be the correct way to solve this > issue, albeit it erases all your passwords. When you say "All my passwords", what does that mean? All alpine passwords? (presumably not all Mac keychain passwords?) Does having multiple passwords only come up when using alpine with multiple email servers / inboxes? Would another way to force it to get a new token be to delete some entry from the Mac keychain manually? Personally, I don't have a problem with things as they stand now that I have a workaround. I think I used a password file when I was building alpine from source on my Linux box, but now that I'm using homebrew on my Mac, using its formula was convenient (and I don't think it's configured to use a password file by default? Or at least, I didn't notice if it is). Thanks again, -Brad From superaorta at gmail.com Thu Jul 20 03:25:18 2023 From: superaorta at gmail.com (superaorta@gmail.com) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] attachments and ms defender - ideas? Message-ID: <2436293.NgBsaNRSFp@lunesta> This might be a dumb question so please be patient! My mail provider via outlook has turned on ms defender attachment scanning. If I understand this correctly emails are delivered immediately but attachments are scanned off-line. In the immediate delivery the attachments are replaced by a link to a "preview". If the attachments are found to be "safe" then, in outlook, these preview links are replaced by the attachment. Since I hook emails off the outlook server before the scans take place (but end up reading them after the scans have completed) I only receive the preview link (which is dead by then because the scan is complete). I can't be the only person to have encountered this... Any idea how to deal with this situation or to turn this behaviour off? I realise this isn't an "alpine" problem per se and just a problem using alpine against a dumb idea/policy but I'm stuck with it and need to work out a way around! -------------- next part -------------- An HTML attachment was scrubbed... URL: From alpine.chappa at yandex.com Thu Jul 20 10:41:06 2023 From: alpine.chappa at yandex.com (Eduardo Chappa) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] attachments and ms defender - ideas? In-Reply-To: <2436293.NgBsaNRSFp@lunesta> References: <2436293.NgBsaNRSFp@lunesta> Message-ID: On Thu, 20 Jul 2023, superaorta@gmail.com wrote: > Since I hook emails off the outlook server before the scans take place > (but end up reading them after the scans have completed) I only receive > the preview link (which is dead by then because the scan is complete). If I understand you correctly, you are downloading messages out of the outlook server while the scanning process is happening. If this is the case, you are seeing that your actions and those of the server are incompatible, and one has to stop so you can resume handling your email properly. Fortunately I do not have this issue, so I would not know how to stop in on the Outlook side. My hunch is that this is an administrator decision pushed on you, and you cannot disable it, so the only thing left to do is to change your flow of work. Here are some suggestions that you can explore: 1. Be selective about what you download. If your tool to download message allows filters, create one to not to download everything and only what you are ready to read. 2. Filter messages upon delivery. If messages have attachments, send them to a special folder. Then manually check messages in that folder and download them through a different process that you download those from your inbox. 3. Do not download and erase the message in the server, but download a copy of it and keep track of what you have downloaded. Then use a tool that can syncrhonize what you have downloaded and needs to be deleted. If the tool is smart, you can delete a message from your local folder and make your tool re-download it when needed. I hope this helps. -- Eduardo From andrew at aitchison.me.uk Thu Jul 20 14:47:11 2023 From: andrew at aitchison.me.uk (Andrew C Aitchison) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] attachments and ms defender - ideas? In-Reply-To: <2436293.NgBsaNRSFp@lunesta> References: <2436293.NgBsaNRSFp@lunesta> Message-ID: On Thu, 20 Jul 2023, superaorta@gmail.com wrote: > My mail provider via outlook has turned on ms defender attachment > scanning. If I understand this correctly emails are delivered > immediately but attachments are scanned off-line. In the immediate > delivery the attachments are replaced by a link to a "preview". If > the attachments are found to be "safe" then, in outlook, these > preview links are replaced by the attachment. > > Since I hook emails off the outlook server before the scans take > place (but end up reading them after the scans have completed) I > only receive the preview link (which is dead by then because the > scan is complete). > > I can't be the only person to have encountered this... > > Any idea how to deal with this situation or to turn this behaviour > off? I realise this isn't an "alpine" problem per se and just a > problem using alpine against a dumb idea/policy but I'm stuck with > it and need to work out a way around! This appears to be called "Dynamic Delivery" https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-about?view=o365-worldwide#dynamic-delivery-in-safe-attachments-policies It is possible that the malware is not known when the message was recieved, but is known when you come to read it, so the attachments may not actually be scanned until you attempt to download them from the server. How do the messages reach Alpine ? If I remember correctly (and I may not) with IMAP (but not POP3) Alpine keeps a list of messages it has downloaded. Maybe you could adjust that file to cause the messages to be downloaded again ? -- Andrew C. Aitchison Kendal, UK andrew@aitchison.me.uk From jerryyhom at gmail.com Sat Jul 22 05:48:52 2023 From: jerryyhom at gmail.com (Jerry) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token In-Reply-To: References: Message-ID: <0c34ed7c-0228-d468-f537-8ce455d6a4a9@gmail.com> In Digest format, Eduardo Chappa wrote: > Date: Tue, 18 Jul 2023 15:24:03 -0600 (MDT) > From: Eduardo Chappa > To: Brad Chamberlain > Cc: Alpine Users > Subject: Re: [Alpine-info] invalid_grant error AADSTS70043: expired or > invalid refresh token > Message-ID: <70a9a6a1-19d5-18fe-39ef-266525e348fd@yandex.com> > Content-Type: text/plain; charset=US-ASCII; format=flowed > [deleted for brevity] > > All of this would be much easier if Mac and Windows did not have their own > way to deal with password support. I am thinking of doing one of two > things: either forcing everyone to use password file support or adding a > password file into the windows credentials and the mac keychain. This > would make it much simpler to support alpine across several platforms. > I know I upset people when I do this kind of things, so if anyone has > opinions that I should consider, I will be happy to read them. Thanks Eduardo for the explanation. I use alpine on a Mac, and frankly, considering that you do not program on a Mac, I'm impressed that alpine has Mac specific code. Anyhow, in reply to your idea, I believe the better option is using the generic password file support instead of the windows/mac specific options. I emphatically agree the code would be much simpler to support across platforms. As it is now, the #ifdef logic is complicated. A few years ago, I made a focused effort tracing through the logic and discovered a minor bug with the Mac Keychain support. I forget the details by now, but the logic is more complicated than it should be. I would definitely favor simplifying the code. From alpine.chappa at yandex.com Sat Jul 22 11:19:27 2023 From: alpine.chappa at yandex.com (Eduardo Chappa) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] invalid_grant error AADSTS70043: expired or invalid refresh token In-Reply-To: <0c34ed7c-0228-d468-f537-8ce455d6a4a9@gmail.com> References: <0c34ed7c-0228-d468-f537-8ce455d6a4a9@gmail.com> Message-ID: On Sat, 22 Jul 2023, Jerry wrote: > Thanks Eduardo for the explanation. I use alpine on a Mac, and frankly, > considering that you do not program on a Mac, I'm impressed that alpine > has Mac specific code. For clarification purposes. The KeyChain code comes from the team at the University of Washington. I'm hoping I will never have to deal with it, since I do not have a Mac, so I have no way to maintain it. > Anyhow, in reply to your idea, I believe the better option is using the > generic password file support instead of the windows/mac specific > options. Thank you for your feedback! > I emphatically agree the code would be much simpler to support across > platforms. As it is now, the #ifdef logic is complicated. A few years > ago, I made a focused effort tracing through the logic and discovered a > minor bug with the Mac Keychain support. I forget the details by now, > but the logic is more complicated than it should be. I would definitely > favor simplifying the code. Oh! I was not aware of a bug in the code. Hopefully it is easy to fix. If you find it again, please let me know so we can investigate it. -- Eduardo From robin.listas at telefonica.net Sat Jul 29 05:13:40 2023 From: robin.listas at telefonica.net (Carlos E. R.) Date: Fri Mar 22 14:17:33 2024 Subject: [Alpine-info] attachments and ms defender - ideas? In-Reply-To: References: <2436293.NgBsaNRSFp@lunesta> Message-ID: On 2023-07-20 19:41, Eduardo Chappa wrote: > On Thu, 20 Jul 2023, superaorta@gmail.com wrote: > >> Since I hook emails off the outlook server before the scans take place >> (but end up reading them after the scans have completed) I only >> receive the preview link (which is dead by then because the scan is >> complete). > > If I understand you correctly, you are downloading messages out of the > outlook server while the scanning process is happening. If this is the > case, you are seeing that your actions and those of the server are > incompatible, and one has to stop so you can resume handling your email > properly. This is called "ATP dynamic delivery"; I just noticed a thread about it in the Fetchmail-users mail list, with some more details (but not enough yet): From: superaorta@gmail.com To: fetchmail-users@lists.sourceforge.net Date: Thu, 27 Jul 2023 08:25:12 +0100 Message-ID: <5851305.MhkbZ0Pkbq@lunesta> Subject: [Fetchmail-users] ATP dynamic delivery List-Id: "general discussion on fetchmail, its use, and support" List-Archive: Link to thread: > Fortunately I do not have this issue, so I would not know how to stop in > on the Outlook side. My hunch is that this is an administrator decision > pushed on you, and you cannot disable it, so the only thing left to do > is to change your flow of work. Here are some suggestions that you can > explore: Change the server delivery policy to "replace" instead of "dynamic" The idea on what to do next seems to be to locate a header or something to know if a message contains those previews, then don't download it (talking of fetchmail), till the message is complete. But they don't know if it will have the same UID. But this finding out needs some user with access (as client at least) to such a server, so that's you, superaorta ;-) You could also try with Thunderbird. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 209 bytes Desc: OpenPGP digital signature URL: