OfflineIMAP

The following file is a commented version of offlineimap.conf.minimal.

For synchronizing only certain folders, you can use a folderfilter in the remote section of the account in ~/.offlineimaprc. For example, the following configuration will only synchronize the folders Inbox and Sent:

For more options, see the official documentation.

Some IMAP servers might require you to connect on a custom port, instead of the default 993 port. To do so, add a remoteport option to the remote section in ~/.offlineimaprc:

Most other mail transfer agents assume that the user will be using the tool as a daemon by making the program sync periodically by default. In offlineimap, there are a few settings that control backgrounded tasks.

Confusingly, they are spread thin all-over the configuration file:

To start the daemon automatically on login, start/enable the systemd/User service using the flag.

In case you have more than one account configured, it is advised to use offlineimap@.service instead of increasing maxsyncaccounts parameter. Simply start/enable .

Alternatively, it is possible to manage OfflineIMAP completely using systemd-user timers, start/enable with the flag.

This timer by default runs OfflineIMAP every 15 minutes. This can be easily changed by creating a drop-in snippet. For example, the following modifies the timer to check every 5 minutes:

For more robust solution it is possible to set a watchdog which will kill OfflineIMAP in case of freeze:

Mutt cannot be simply pointed to an IMAP or maildir directory and be expected to guess which subdirectories happen to be the mailboxes, yet offlineimap can generate a muttrc fragment containing the mailboxes that it syncs.

Then add the following lines to .

is the name you have given to your IMAP account in ~/.offlineimaprc.

This remote repository is configured specifically for Gmail support, substituting folder names in uppercase for lowercase, among other small additions. Keep in mind that this configuration does not sync the All Mail folder, since it is usually unnecessary and skipping it prevents bandwidth costs:

mailctl (mailctl-bin^AUR) is a utility which provides IMAP/SMTP clients with renewal capabilities and authorization of OAuth2 credentials.

OfflineIMAP can call Python code from its configuration. So in the section at the beginning, we add the line:

And in the python file, we add this code to retrieve OAuth2 access tokens via mailctl:

And now back to our configuration file, in the repository section of a Gmail account, we add the following:

And that's it.

Add the following lines to your :

machine hostname.tld
    login [your username]
    password [your password]

Do not forget to give the file appropriate rights like 600 or 700:

$ chmod 600 ~/.netrc

GNU Privacy Guard can be used for storing a password in an encrypted file. First set up GnuPG and then follow the steps in this section. It is assumed that you can use your GPG private key without entering a password all the time.

First type in the password for the email account in a plain text file. Do this in a secure directory with permissions located on a tmpfs to avoid writing the unencrypted password to the disk. Then encrypt the file with GnuPG setting yourself as the recipient.

Remove the plain text file since it is no longer needed. Move the encrypted file to the final location, e.g. .

Now create a python function that will decrypt the password:

Load this file from ~/.offlineimaprc and specify the defined function:

~/.offlineimaprc

[general]
# Path to file with arbitrary Python code to be loaded
pythonfile = ~/.offlineimap.py
...

[Repository ''example'']
# Decrypt and read the encrypted password
remotepasseval = get_pass()
...

pass is a simple password manager from the command line based on GPG.

First create a password for your email account(s):

$ pass insert Mail/account

Now create a python function that will decrypt the password:

This is an example for a multi-account setup. You can customize the argument to pass as defined previously.

Load this file from ~/.offlineimaprc and specify the defined function:

In configuration for remote repositories the remoteusereval/remotepasseval fields can be set to custom python code that evaluates to the username/password. The code can be a call to a function defined in a Python script pointed to by 'pythonfile' config field. Create ~/.offlineimap.py according to the subsection below and use it in the configuration:

Ensure that , , and are installed. Then create ~/.offlineimap.py with the following contents: gkgetsecret.py and set pythonfile = ~/.offlineimap.py in ~/.offlineimaprc as described above.

If you created a password using , you can retrieve it from its description. For instance, the password for a repository Work which is stored in gnome-keyring with the description Password for me@myworkemail.com can be retrieved by adding the following to ~/.offlineimaprc:

[Repository Work]
...
remotepasseval = get_pw_from_desc("Password for me@myworkemail.com")

For configurations where you wish to store the username as well, it is better if the password is created using secret-tool as this can be used to set attributes such as the username and repository name. Consider a password created with the following command:

$ secret-tool store --label "Password for Work Email" username me@myworkemail.com repo Work

The username and password for this account can be retrieved by adding the following to ~/.offlineimaprc:

[Repository Work]
...
remoteusereval = get_val_from_attrs("username", "repo", "Work")
remotepasseval = get_pw_from_attrs("repo", "Work")

There is a general solution that should work for any keyring. Install and then change your ~/.offlineimaprc to say something like:

and somewhere in ~/offlineimap.py add import keyring. Now all you have to do is set your password, like so:

and it will grab the password from your (kwallet/gnome-) keyring instead of having to keep it in plaintext or enter it each time.

See https://www.emacswiki.org/emacs/OfflineIMAP#toc2

Install , in KeepassXC settings enable Freedesktop.org secret-service integration, expose entries in Database Settings > Secret Service Integration and add additional attribute with in Edit Entry > Advanced settings. Now the command secret-tool lookup Title account@name.org should print the password in the console. Next create a python script:

An equivalent script which relies on is:

Load this file from ~/.offlineimaprc and specify the defined function:

For the sake of troubleshooting, it is sometimes convenient to launch offlineimap with a more verbose UI, no background syncs and perhaps even a debug level:

$ offlineimap [ -o ] [ -d <debug_type> ] [ -u <ui> ]

-o

Disable autorefresh, keepalive, etc.

-d <debug_type>

Where <debug_type> is one of , maildir or . Debugging imap and maildir are, by far, the most useful.

-u <ui>

Where <ui> is one of , , , or MACHINE.MACHINEUI. TTY.TTYUI is sufficient for debugging purposes.

In version 6.5.3, offlineimap gained the ability to create folders in the remote repository, as described here.

This can lead to errors of the following form when using on the remote repository:

ERROR: Creating folder bar on repository foo-remote
  Folder 'bar'[foo-remote] could not be created. Server responded: ('NO', ['[ALREADYEXISTS] Duplicate folder name bar (Failure)'])

The solution is to provide an inverse lambda for the local repository, e.g.

• For working out the correct inverse mapping. the output of offlineimap --info should help.
• After updating the mapping, it may be necessary to remove all of the folders under for the affected accounts.

ERROR: Server SSL fingerprint 'keykeykey' for hostname 'example.com' does not match configured fingerprint. Please verify and set 'cert_fingerprint' accordingly if not set yet.

To solve this, add to ~/.offlineimaprc (in the same section as ) one of the following:

• either add , with the certificate fingerprint of the remote server. This checks whether the remote server certificate matches the given fingerprint.
• or add with the path to the system CA certificates file. Needs ca-certificates installed. This validates the remote ssl certificate chain against the Certification Authorities in that file.

ERROR: Copying message -2 [acc: email] connection closed
Folder sent [acc: email]: ERROR: while syncing sent [account email] connection closed

Cause of this can be creation of same message both locally and on server. This happens if your email provider automatically saves sent mails to same folder as your local client. If you encounter this, disable save of sent messages in your local client.