Backing up e-mail with OfflineIMAP
(Updated: )
Last week, Gandi lost quite some customer data (gandi.net) and urged users use their own backup (co.uk). Thinking about this, I realised I don’t backup my (Gandi) e-mail (except for program cache), so I decided to fix using OfflineIMAP (github.com).
An alternative could be Mailstore (mailstore.com) (guide (seniorweb.nl)). A similar guide for Protonmail was written by peterrus (github.com).
Do you backup your e-mail? How?
I use the following config file which is a bit better than the minimal config (offlineimap.org) as it will never delete, and forces TLS 1.2.
To ensure SSL works, get some CA certificate, for example from curl-ca-bundle on Mac.
# Based on https://github.com/OfflineIMAP/offlineimap/blob/master/offlineimap.conf
[general]
# List of accounts to be synced, separated by a comma.
accounts = gandi
[Account gandi]
# Identifier for the local repository; e.g. the maildir to be synced via IMAP.
localrepository = gandi-local
# Identifier for the remote repository; i.e. the actual IMAP, usually non-local.
remoterepository = gandi-remote
[Repository gandi-local]
# OfflineIMAP supports Maildir, GmailMaildir, and IMAP for local repositories.
type = Maildir
# Where should the mail be placed?
localfolders = ~/mail
# Do not propagate delete from local to remote (only add new ones)
sync_deletes = no
# Set filetime from e-mail header
utime_from_header = yes
[Repository gandi-remote]
# Remote repos can be IMAP or Gmail, the latter being a preconfigured IMAP.
type = IMAP
remotehost = mail.gandi.net
remoteuser = <username>
# Do not propagate delete from remote to local (only add new ones)
sync_deletes = no
# Force TLS/SSL
starttls = yes
ssl = yes
# Force TLS to use either tls1.2 or tls1.1
tls_level = tls_secure
# Further force client to only use tls1.2
ssl_version = tls1_2
# Use CA file to validate host. Get from port curl-ca-bundle
sslcacertfile = /opt/local/share/curl/curl-ca-bundle.crt