Installation

sudo apt-get install libpam-dev libssl-dev libncurses-dev

Eduardo Chappa maintains http://patches.freeiz.com/alpine/ and has setup a Git repository too. We want to checkout via https, so we have to install their root certificate first:

sudo mkdir -m0755 /usr/local/share/ca-certificates/repo-or-cz
sudo wget https://repo.or.cz/rorcz_root_cert.pem -O /usr/local/share/ca-certificates/repo-or-cz/rorcz_root_cert.crt
sudo update-ca-certificates

With that in place, we can checkout without setting GIT_SSL_NO_VERIFY=1:

git clone https://repo.or.cz/alpine.git alpine-git

For historical reasons, the old snapshots could be obtained here:

wget ftp://ftp.cac.washington.edu/alpine/alpine.tar.bz2              # MD5: 84e44cbf71ed674800a5d57eed9c1c52
svn co https://svn.cac.washington.edu/public/alpine/snapshots

There's also re-alpine, which is kinda maintained:

git clone git://re-alpine.git.sourceforge.net/gitroot/re-alpine/re-alpine 

With the source in place, let's build this thing:

./configure --prefix=/opt/alpine --disable-mouse --disable-keyboard-lock --without-krb5 \
    --without-ldap --without-tcl --with-ssl --with-default-dead-letter-folder=.dead.letter
make
sudo make install

Configuration

We can configure alpine via the builtin SETUP or by editing .pinerc.

SETUP

• start Alpine
• press S for SETUP, L for COLLECTION LISTS.
  • That way we can have more than one account, e.g. your local mbox, your imap inbox and so on
• press A for ADD, type in a Nickname
• Servername: mail.server.net/tls/novalidate-cert/user="alice"
• Path: while this depends on the namespace of your IMAP server, in many cases that will be INBOX
• View: again, this depends on your IMAP server. I'll enter *, see the builtin help for details.
• press !^X to save
• press $ and then U to move your new collection to the top - we want to use it as our default inbox from now on
• press E to EXIT the COLLECTION LIST menu.
• press S, then C for CONFIG
• personal-name: John Doe
• smtp-server: mail.server.net/tls/novalidate-cert/user="alice"
• inbox-path: {mail.server.net/tls/novalidate-cert/user="alice"}INBOX
• default-fcc: {mail.server.net/tls/novalidate-cert/user="alice"}INBOX.Sent
• postponed-folder: {mail.server.net/tls/novalidate-cert/user="alice"}INBOX.Drafts
• specify a witty signature-file
• I prefer enabling single-column-folder-list, enable-full-header-cmd and no-enable-arrow-navigation-relaxed - YMMV

.pinerc

Fire up your editor of choice and modify at least the following values:

 personal-name=Alice P.
 inbox-path={mail.server.net/novalidate-cert/user="alice"}INBOX
 default-fcc={mail.server.net/novalidate-cert/user="alice"}INBOX.Sent
 postponed-folder={mail.server.net/tls/novalidate-cert/user="alice"}INBOX.Drafts
 folder-collections=mail.server.net {mail.server.net/tls/novalidate-cert/user="alice"}INBOX.[*],
 smtp-server=mail.server.net/novalidate-cert/user="alice"

SSL Notes

• /novalidate-cert is only needed, when using self-signed certs. While this might be needed in your case (certificates from one of the big CAs are expensive!), be sure to verify the certificate and its fingerprint at least once!

• If a PEM encoded CA-certifcate is available (ask your ISP!):

 openssl s_client -connect mail.server.net:993 -CAfile CA-cert.pem
 openssl s_client -connect mail.server.net:993
 openssl x509 -fingerprint -noout -in cert.pem      # to print the fingerprint of cert.pem

• To verify the server's cert with the CA certificate (ask your ISP!):

 openssl verify -CAfile CA-cert.pem server-cert.pem

PGP

TBD...

• GnuPG frontends
• Topal (2012-02-26)
• PinePGP (2002-05-03)
• pgpenvelope (2001-11-03)
• PGPPINE (2001-06-09)
• pgp4pine

Pine

Note: Pine has been discontinued in 2006!

$ sudo apt-get install libpam-dev libssl-dev libncurses-dev
$ wget ftp://ftp.cac.washington.edu/pine/pine.tar.bz2
$ openssl md5 pine.tar.bz2 | grep 39ca07b3d305b4cd0d6aaf4585123275
MD5(pine.tar.bz2)= 39ca07b3d305b4cd0d6aaf4585123275

Unpack & build:

bzip2 -dc pine*.tar.bz2 | tar -xf -
cd pine-*
./build SSLDIR=/usr/lib/ssl SSLCERTS=/etc/ssl/certs SSLINCLUDE=/usr/include/openssl lnp  # Linux,   +PAM,SSL
./build SSLDIR=/usr/lib/ssl SSLCERTS=/etc/ssl/certs SSLINCLUDE=/usr/include/openssl gs5  # Solaris, +SSL
./build CC=/usr/sfw/bin/gcc   SSLDIR=/usr/lib/ssl   SSLINCLUDE=/usr/include/openssl      # Solaris, +SSL,
                                                                                         # gcc instead of SUNWspro

$ ldd bin/pine | egrep 'pam|ssl|curs'
  libncurses.so.5 => /lib/libncurses.so.5 (0xb7f42000)
  libpam.so.0 => /lib/libpam.so.0 (0xb7f3a000)
  libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7ef7000)

$ sudo cp bin/pine /usr/local/bin/
$ sudo chown root:root /usr/local/bin/pine

• Be sure to specify ./build first, then pass the environment variables, then the target - order matters here!
• SSLDIR is 'openssl version -d'
• SSLINCLUDE and SSLCERTS may vary from system to system :(
• SSLCERTS is needed to verify the authenticity of the server's certificates

Bugs

• NULL ice in paint_index_line: reg index ([NULL ice in paint_index_line: reg index, msgno=4,118 line=3], see the "commited Alpine 1.10 tree" commit)

Links

• Sourceforge: re-alpine
• Alpine Messaging System
• Pine Information Center
• alpine 2.10

• RFC 2060 (IMAP4)
• RFC 2246 (TLS)