Tim's blah blah blah

Backing up e-mail with OfflineIMAP

(Updated: )

Last week, Gandi lost quite some customer data and urged users use their own backup. Thinking about this, I realised I don’t backup my (Gandi) e-mail (except for program cache), so I decided to fix using OfflineIMAP.

An alternative could be Mailstore (guide). A similar guide for Protonmail was written by peterrus.

Do you backup your e-mail? How?

I use the following config file which is a bit better than the minimal config as it will never delete, and forces TLS 1.2.

To ensure SSL works, get some CA certificate, for example from curl-ca-bundle on Mac.

# Based on https://github.com/OfflineIMAP/offlineimap/blob/master/offlineimap.conf

# List of accounts to be synced, separated by a comma.
accounts = gandi

[Account gandi]
# Identifier for the local repository; e.g. the maildir to be synced via IMAP.
localrepository = gandi-local

# Identifier for the remote repository; i.e. the actual IMAP, usually non-local.
remoterepository = gandi-remote

[Repository gandi-local]
# OfflineIMAP supports Maildir, GmailMaildir, and IMAP for local repositories.
type = Maildir

# Where should the mail be placed?
localfolders = ~/mail

# Do not propagate delete from local to remote (only add new ones)
sync_deletes = no

# Set filetime from e-mail header
utime_from_header = yes

[Repository gandi-remote]
# Remote repos can be IMAP or Gmail, the latter being a preconfigured IMAP.
type = IMAP
remotehost = mail.gandi.net
remoteuser = <username>

# Do not propagate delete from remote to local (only add new ones)
sync_deletes = no

# Force TLS/SSL
starttls = yes
ssl = yes
# Force TLS to use either tls1.2 or tls1.1
tls_level = tls_secure
# Further force client to only use tls1.2
ssl_version = tls1_2

# Use CA file to validate host. Get from port curl-ca-bundle
sslcacertfile = /opt/local/share/curl/curl-ca-bundle.crt