Protonmail-Bridge CLI

Install Protonmail-Bridge on Ubuntu 22.04 with pass and gpg

Installing Protonmail-Bridge

Follow this instructions from Protonmail. I would suggest to alter the last command to

sudo apt --fix-broken install ./protonmail-bridge_X.y.z-z_amd64.deb

In addition we need pass, screen and gpg.

sudo apt install pass screen gnupg

Creating a seperate user for the Bridge

you can run the Bridge with your user, or with a seperate user. for example a user called protonmail.

sudo useradd protonmail
sudo usermod -L protonmail

the user needs a home directory.

cd /home
sudo mkdir protonmail
sudo chown -R protonmail:protonmail /home/protonmail

Setup pass and gpg

We need a key without a password and we are gonna create it with gpg. Somehow it doesnt work if we use script /dev/null or just simply dont type in a password at the prompt. Thats why we use in this case --passphrase ''.

sudo -u protonmail bash
cd ~
gpg --passphrase '' --full-generate-key --pinentry-mode=loopback

Answer the questions like this:

>>> 1 #for RSA
>>> 4096 #for the keysize
>>> 0 #means key doesnt expire
>>> Real name: Your Name
>>> Email address: [email protected]
>>> Comment: Protonmail-Bridge-Key
>>> O #for Okay
#your need this part of the key for the next steps
...
gpg: key 871811C48A78BB8D marked as ultimately trusted
gpg: revocation certificate stored as '/home/protonmail/.gnupg/openpgp-revocs.d/4432E57B616ABCF257442B9F960900B39B69AA9F.rev'
public and secret key created and signed.
...

the interessteing part is this 871811C48A78BB8D.

pass init 871811C48A78BB8D

Start and setup the Bridge

Now the Bridge can be started and we can add a account.

protonmail-bridge --cli
>>>> add #add your protonmail account to bridge
>>>> #enter your protonmail account email address
>>>> #enter your protonmail account password
>>>> list #list configured accounts
>>>> info #list SMTP credentials for configuring any local SMTP compatible service
>>>> help #get familiarized with the bridge options
>>>> exit #exit the bridge console which stops the local SMTP server created

Start the Bridge via script and systemd-service

In order to get the Bridge started even after a reboot, we create a script which starts the Bridge in screen and can be controlled via systemd.

Stop/Start Script

sudo vim /usr/local/bin/protonmail.sh

...
#!/bin/bash

case "$1" in
    start)
#will create an screen in detached mode (background) with name "protonmail"
        screen -S protonmail -dm protonmail-bridge --cli
        echo "Service started."
        ;;
    status)
#that only lists the current user's screens with the name protonmail
        result=$(screen -list | grep "[0-9].protonmail")
        if [ $? == 0 ]; then
            echo "Protonmail bridge service is ON."
        else
            echo "Protonmail bridge service is OFF."
        fi
        ;;
    stop)
#Will quit a screen called "protonmail" and therefore terminate the running protonmail-bridge process
        screen -S protonmail -X quit
        echo "Service stopped."
        ;;
    *)
        echo "Unknown command: $1"
        exit 1
        ;;
esac
...

sudo chown protonmail:protonmail /usr/local/bin/protonmail.sh
sudo chmod +x /usr/local/bin/protonmail.sh

systemd-service

sudo vim /usr/lib/systemd/system/protonmailbridge.service

...
[Unit]
Description=Service to run the Protonmail bridge client
After=network.target

[Service]
Type=oneshot
User=protonmail
ExecStart=/usr/local/bin/protonmail.sh start
ExecStop=/usr/local/bin/protonmail.sh stop
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
...

sudo systemctl enable --now protonmailbridge.service

Check the status

check the Bridge via systemd-service, the script and via the open ports.

sudo -u protonmail /usr/local/bin/protonmail.sh status
...
Protonmail bridge service is ON.
...

sudo systemctl status protonmailbridge.service
...
 protonmailbridge.service - Service to run the Protonmail bridge client
     Loaded: loaded (/lib/systemd/system/protonmailbridge.service; enabled; vendor preset: enabled)
     Active: active (exited) since Sat 2023-03-18 01:44:26 CET; 12h ago
    Process: 130372 ExecStart=/usr/local/bin/protonmail.sh start (code=exited, status=0/SUCCESS)
   Main PID: 130372 (code=exited, status=0/SUCCESS)
      Tasks: 25 (limit: 28554)
     Memory: 69.4M
        CPU: 24.805s
     CGroup: /system.slice/protnmailbridge.service
             ├─130374 SCREEN -S protonmail -dm protonmail-bridge --cli
             ├─130376 protonmail-bridge --cli
             └─130419 /usr/lib/protonmail/bridge/bridge --cli --launcher /usr/lib/protonmail/brid>
...

sudo ss -altenpo | grep bridge
...
LISTEN 0      4096            127.0.0.1:1042       0.0.0.0:*    users:(("bridge",pid=130419,fd=8)) uid:1003 ino:1004774 sk:6 cgroup:/system.slice/protonmailbridge.service <->                                                                                                                                                                                                                           
LISTEN 0      4096            127.0.0.1:1143       0.0.0.0:*    users:(("bridge",pid=130419,fd=9)) uid:1003 ino:1004775 sk:8 cgroup:/system.slice/protonmailbridge.service <->                                                                                                                                                                                                                           
LISTEN 0      4096            127.0.0.1:1025       0.0.0.0:*    users:(("bridge",pid=130419,fd=10)) uid:1003 ino:1004776 sk:a cgroup:/system.slice/protonmailbridge.service <->
...

Sources

• Protonmail on CentOS server
• Protonmail on Ubuntu 20.04 and Debian 10 server
• Generate GPG key without passphrase