Difference between revisions of "OfflineIMAP"

From ArchWiki
Jump to: navigation, search
m
(Add troubleshooting of error I encountered recently.)
 
(75 intermediate revisions by 33 users not shown)
Line 1: Line 1:
[[Category:Email Client]]
+
[[Category:Email clients]]
{{Warning|OfflineIMAP has sporadic problems with random crashes and hangups requiring [[#Sporadic_Crashes|intermittent application restarts]]. Users looking for an alternative application for two-way IMAP synchronization, are advised to check [[Isync]], written in C.}}
+
[[ja:OfflineIMAP]]
 +
{{Related articles start}}
 +
{{Related|isync}}
 +
{{Related|notmuch}}
 +
{{Related|msmtp}}
 +
{{Related articles end}}
 +
 
 
[http://offlineimap.org/ OfflineIMAP] is a Python utility to sync mail from IMAP servers. It does not work with the POP3 protocol or mbox, and is usually paired with a MUA such as [[Mutt]].
 
[http://offlineimap.org/ OfflineIMAP] is a Python utility to sync mail from IMAP servers. It does not work with the POP3 protocol or mbox, and is usually paired with a MUA such as [[Mutt]].
==Installing==
 
Install the {{Pkg|offlineimap}} package with [[pacman]]:
 
# pacman -S offlineimap
 
  
==Configuring==
+
== Installation ==
 +
 
 +
Install {{pkg|offlineimap}}. For a development version, install {{AUR|offlineimap-git}}.
 +
 
 +
== Configuration ==
 +
 
 
Offlineimap is distributed with two default configuration files, which are both located in {{ic|/usr/share/offlineimap/}}. {{ic|offlineimap.conf}} contains every setting and is thorougly documented. Alternatively, {{ic|offlineimap.conf.minimal}} is not commented and only contains a small number of settings (see: [[#Minimal|Minimal]]).
 
Offlineimap is distributed with two default configuration files, which are both located in {{ic|/usr/share/offlineimap/}}. {{ic|offlineimap.conf}} contains every setting and is thorougly documented. Alternatively, {{ic|offlineimap.conf.minimal}} is not commented and only contains a small number of settings (see: [[#Minimal|Minimal]]).
  
Line 13: Line 21:
 
{{note|Writing a comment after an option/value on the same line is invalid syntax, hence take care that comments are placed on their own separate line.}}
 
{{note|Writing a comment after an option/value on the same line is invalid syntax, hence take care that comments are placed on their own separate line.}}
  
===Minimal===
+
=== Minimal ===
 +
 
 
The following file is a commented version of {{ic|offlineimap.conf.minimal}}.
 
The following file is a commented version of {{ic|offlineimap.conf.minimal}}.
{{hc|~/.offlineimaprc|2=
+
 
<nowiki>
+
{{hc|~/.offlineimaprc|<nowiki>
 
[general]
 
[general]
 
# List of accounts to be synced, separated by a comma.
 
# List of accounts to be synced, separated by a comma.
Line 40: Line 49:
 
remotehost = host.domain.tld
 
remotehost = host.domain.tld
 
remoteuser = username
 
remoteuser = username
</nowiki>
+
</nowiki>}}
 +
 
 +
=== Selective folder synchronization ===
 +
 
 +
For synchronizing only certain folders, you can use a [http://offlineimap.org/doc/nametrans.html#folderfilter folderfilter] in the '''remote''' section of the account in {{ic|~/.offlineimaprc}}. For example, the following configuration will only synchronize the folders {{ic|Inbox}} and {{ic|Sent}}:
 +
 
 +
{{hc|~/.offlineimaprc|2=
 +
[Repository main-remote]
 +
# Synchronize only the folders Inbox and Sent:
 +
folderfilter = lambda foldername: foldername in ["Inbox", "Sent"]
 +
...
 
}}
 
}}
  
==Usage==
+
For more options, see the [http://offlineimap.org/doc/nametrans.html#folderfilter official documentation].
 +
 
 +
== Usage ==
 +
 
 
Before running offlineimap, create any parent directories that were allocated to local repositories:
 
Before running offlineimap, create any parent directories that were allocated to local repositories:
 
  $ mkdir ~/Maildir
 
  $ mkdir ~/Maildir
Line 50: Line 72:
 
  $ offlineimap
 
  $ offlineimap
  
Mail accounts will now be synced. If anything goes wrong, take a closer look at the error messages. OfflineIMAP is usually very verbose about problems; partly because the developers didn't bother with taking away tracebacks from the final product.
+
Mail accounts will now be synced. If anything goes wrong, take a closer look at the error messages. OfflineIMAP is usually very verbose about problems; partly because the developers did not bother with taking away tracebacks from the final product.
  
==Miscellaneous==
+
== Miscellaneous ==
''Various settings and improvements''
+
 
 +
=== Running offlineimap in the background ===
  
===Running offlineimap in the background===
 
 
Most other mail transfer agents assume that the user will be using the tool as a [[daemon]] by making the program sync periodically by default. In offlineimap, there are a few settings that control backgrounded tasks.
 
Most other mail transfer agents assume that the user will be using the tool as a [[daemon]] by making the program sync periodically by default. In offlineimap, there are a few settings that control backgrounded tasks.
  
 
Confusingly, they are spread thin all-over the configuration file:
 
Confusingly, they are spread thin all-over the configuration file:
{{hc|~/.offlineimaprc|2=
+
 
<nowiki>
+
{{hc|~/.offlineimaprc|<nowiki>
 
# In the general section
 
# In the general section
 
[general]
 
[general]
Line 69: Line 91:
 
[Account main]
 
[Account main]
 
# Minutes between syncs
 
# Minutes between syncs
autorefresh = 5
+
autorefresh = 0.5
# Number of quick-syncs between autorefreshes. Quick-syncs do not update if the
+
# Quick-syncs do not update if the only changes were to IMAP flags.
# only changes were to IMAP flags
+
# autorefresh=0.5 together with quick=10 yields
 +
# 10 quick refreshes between each full refresh, with 0.5 minutes between every
 +
# refresh, regardless of type.
 
quick = 10
 
quick = 10
  
Line 85: Line 109:
 
# the global option autorefresh is specified.  If you wish it to keep the
 
# the global option autorefresh is specified.  If you wish it to keep the
 
# connection open, set this to true. This setting has no effect if autorefresh
 
# connection open, set this to true. This setting has no effect if autorefresh
is not set.
+
# is not set.
 
holdconnectionopen = yes
 
holdconnectionopen = yes
</nowiki>
+
</nowiki>}}
}}
+
 
 +
==== systemd service ====
 +
 
 +
When configured to run background jobs, offlineimap can be managed with the following systemd service:
  
====systemd Service====
+
{{hc|/etc/systemd/system/offlineimap@.service|<nowiki>
Writing a systemd service for offlineimap is trivial, just be sure to run it as the correct user by replacing the {{ic|User&#61;UserToRunAs}} with your user. (e.g. {{ic|User&#61;wgiokas}})
+
{{hc|offlineimap-user.service|2=
+
<nowiki>
+
 
[Unit]
 
[Unit]
 
Description=Start offlineimap as a daemon
 
Description=Start offlineimap as a daemon
Requires=network.target
+
Requires=network-online.target
 
After=network.target
 
After=network.target
  
 
[Service]
 
[Service]
User=UserToRunAs
+
User=%i
 
ExecStart=/usr/bin/offlineimap
 
ExecStart=/usr/bin/offlineimap
 +
KillSignal=SIGUSR2
 +
Restart=always
  
 
[Install]
 
[Install]
 
WantedBy=multi-user.target
 
WantedBy=multi-user.target
</nowiki>
+
</nowiki>}}
}}
+
  
====cron job====
+
Then [[enable]] {{ic|offlineimap@''user''.service}}.
1. Configure background jobs as shown in [[#Running offlineimap in the background]].
+
  
2. Use a log-friendly user interface:
+
{{Note|If your configuration involves [[D-Bus]] operations, e.g. [[#Gnome keyring]], you should adapt this service for systemd user instance as described in [[systemd/User]] instead of using it directly. This approach is necessary to set the {{ic|DBUS_SESSION_BUS_ADDRESS}} variable correctly.}}
{{hc|~/.offlineimaprc|2=
+
<nowiki>
+
[general]
+
# This will suppress anything but errors
+
ui = quiet
+
</nowiki>
+
}}
+
  
3. Write a wrapper script for [[daemon]]izing programs, or use the one shown below:
+
=== Automatic mailbox generation for mutt ===
{{hc|/usr/local/bin/start_daemon|2=
+
<nowiki>
+
#!/bin/sh
+
  
set -efu
 
 
ionice_class=
 
ionice_priority=
 
nice=
 
 
while getopts c:p:n: f; do
 
case $f in
 
c) ionice_class=$OPTARG;;
 
p) ionice_priority=$OPTARG;;
 
n) nice=$OPTARG;;
 
*) exit 2;;
 
esac
 
done
 
shift $((OPTIND - 1))
 
 
cmd=$*
 
io=
 
 
if pgrep -u "$(id -u)" -xf -- "$cmd" >/dev/null 2>&1; then
 
exit 0
 
fi
 
 
if type ionice >/dev/null 2>&1; then
 
[ -n "$ionice_class" ]    && { io=1; cmd="-c $ionice_class $cmd"; }
 
[ -n "$ionice_priority" ] && { io=1; cmd="-n $ionice_priority $cmd"; }
 
[ -n "$io" ] && cmd="ionice $cmd"
 
fi
 
 
if type nice >/dev/null 2>&1; then
 
[ -n "$nice" ] && cmd="nice -n $nice $cmd"
 
fi
 
 
exec $cmd
 
</nowiki>
 
}}
 
 
4. Finally, add a crontab entry:
 
$ crontab -e
 
The line should specify the interpreter for correct {{Ic|pgrep -xf}} results:
 
*/5 * * * * exec /usr/local/bin/start_daemon -n19 -c2 -p7 python2 /usr/bin/offlineimap
 
 
<span id="Sporadic_Crashes">The wrapper script is needed because offlineimap has the tendency to sporadically crash, even more so when facing connection problems.</span>
 
 
===Automatic mutt mailbox generation===
 
 
[[Mutt]] cannot be simply pointed to an IMAP or maildir directory and be expected to guess which subdirectories happen to be the mailboxes, yet offlineimap can generate a muttrc fragment containing the mailboxes that it syncs.
 
[[Mutt]] cannot be simply pointed to an IMAP or maildir directory and be expected to guess which subdirectories happen to be the mailboxes, yet offlineimap can generate a muttrc fragment containing the mailboxes that it syncs.
{{hc|~/.offlineimaprc|2=
+
 
<nowiki>
+
{{hc|~/.offlineimaprc|<nowiki>
 
[mbnames]
 
[mbnames]
 
enabled = yes
 
enabled = yes
Line 180: Line 149:
 
sep = " "
 
sep = " "
 
footer = "\n"
 
footer = "\n"
</nowiki>
+
</nowiki>}}
}}
+
  
Then add {{Ic|source ~/.mutt/mailboxes}} to {{ic|~/.mutt/muttrc}}.
+
Then add the following lines to {{ic|~/.mutt/muttrc}}.
 +
 
 +
{{hc|~/.mutt/muttrc|<nowiki>
 +
# IMAP: offlineimap
 +
set folder = "~/Mail"
 +
source ~/.mutt/mailboxes
 +
set spoolfile = "+account/INBOX"
 +
set record = "+account/Sent\ Items"
 +
set postponed = "+account/Drafts"
 +
</nowiki>}}
 +
 
 +
{{ic|account}} is the name you have given to your IMAP account in {{ic|~/.offlineimaprc}}.
 +
 
 +
=== Gmail configuration ===
  
===Gmail configuration===
 
 
This remote repository is configured specifically for Gmail support, substituting folder names in uppercase for lowercase, among other small additions. Keep in mind that this configuration does not sync the ''All Mail'' folder, since it is usually unnecessary and skipping it prevents bandwidth costs:
 
This remote repository is configured specifically for Gmail support, substituting folder names in uppercase for lowercase, among other small additions. Keep in mind that this configuration does not sync the ''All Mail'' folder, since it is usually unnecessary and skipping it prevents bandwidth costs:
  
{{hc|~/.offlineimaprc|2=
+
{{hc|~/.offlineimaprc|<nowiki>
<nowiki>
+
 
[Repository gmail-remote]
 
[Repository gmail-remote]
 
type = Gmail
 
type = Gmail
Line 198: Line 177:
 
                               re.sub ('starred', 'flagged',
 
                               re.sub ('starred', 'flagged',
 
                               re.sub (' ', '_', foldername.lower()))))
 
                               re.sub (' ', '_', foldername.lower()))))
folderfilter = lambda foldername: foldername not in '[Gmail]/All Mail'
+
folderfilter = lambda foldername: foldername not in ['[Gmail]/All Mail']
 
# Necessary as of OfflineIMAP 6.5.4
 
# Necessary as of OfflineIMAP 6.5.4
 
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
 
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
</nowiki>
+
</nowiki>}}
 +
 
 +
{{Note|
 +
* If you have Gmail set to another language, the folder names may appear translated too, e.g. "verzonden_berichten" instead of "sent_mail".
 +
* After version 6.3.5, offlineimap also creates remote folders to match your local ones. Thus you may need a nametrans rule for your local repository too that reverses the effects of this nametrans rule. If you don't want to make a reverse nametrans rule, you can disable remote folder creation by putting this in your remote configuration: {{ic|<nowiki>createfolders = False</nowiki>}}
 +
* As of 1 October 2012 gmail SSL certificate fingerprint is not always the same. This prevents from using {{ic|cert_fingerprint}} and makes the {{ic|sslcacertfile}} way a better solution for the SSL verification (see [[#SSL fingerprint does not match]]).
 
}}
 
}}
  
{{Note|If you have Gmail set to another language, the folder names may appear translated too, e.g. "verzonden_berichten" instead of "sent_mail".}}
+
=== Password management ===
  
{{Note|After version 6.3.5, offlineimap also creates remote folders to match your local ones. Thus you may need a nametrans rule for your local repository too that reverses the effects of this nametrans rule.}}
+
==== .netrc ====
  
{{Note|As of 1 October 2012 gmail SSL certificate fingerprint is not always the same. This prevents from using {{ic|cert_fingerprint}} and makes the {{ic|sslcacertfile}} way a better solution for the SSL verification (see [[OfflineIMAP#SSL fingerprint does not match]]).}}
 
 
===Not having to enter the password all the time===
 
====.netrc====
 
 
Add the following lines to your {{ic|~/.netrc}}:
 
Add the following lines to your {{ic|~/.netrc}}:
  
    machine hostname.tld
+
machine hostname.tld
    login [your username]
+
    login [your username]
    password [your password]
+
    password [your password]
  
Don't forget to give the file appropriate rights like 600 or 700:
+
Do not forget to give the file appropriate rights like 600 or 700:
  chmod 600 ~/.netrc
+
$ chmod 600 ~/.netrc
  
====Gnome Keyring====
+
==== Using GPG ====
http://www.clasohm.com/blog/one-entry?entry_id=90957 gives an example of how to use gnome-keyring to store the password.
+
  
====python-keyring====
+
GNU Privacy Guard can be used for storing a password in an encrypted file. First set up [[GnuPG]] and then follow the steps in this section. It is assumed that you can use your GPG private key [[GnuPG#gpg-agent|without entering a password]] all the time.
There's a general solution that should work for any keyring. Install [http://pypi.python.org/pypi/keyring python-keyring] from [[AUR]], then change  your ~/.offlineimaprc to say something like:
+
  
{{bc|1=
+
First type in the password for the email account in a plain text file. Do this in a secure directory with {{ic|700}} permissions located on a [[tmpfs]] to avoid writing the unencrypted password to the disk. Then encrypt the file with your private key:
 +
 
 +
$ gpg --default-recipient-self -e ''/path/to/plain/password''
 +
 
 +
Remove the plain text file since it is no longer needed. Move the encrypted file to the final location, e.g. {{ic|~/.offlineimappass.gpg}}.
 +
 
 +
Now create a python function that will decrypt the password:
 +
 
 +
{{hc|~/.offlineimap.py|2=
 +
#! /usr/bin/env python2
 +
from subprocess import check_output
 +
 
 +
def get_pass():
 +
    return check_output("gpg -dq ~/.offlineimappass.gpg", shell=True).strip("\n")
 +
}}
 +
 
 +
Load this file from {{ic|~/.offlineimaprc}} and specify the defined function:
 +
 
 +
{{hc|~/.offlineimaprc|2=
 +
[general]
 +
# Path to file with arbitrary Python code to be loaded
 +
pythonfile = ~/.offlineimap.py
 +
...
 +
 
 +
[Repository ''example'']
 +
# Decrypt and read the encrypted password
 +
remotepasseval = get_pass()
 +
...
 +
}}
 +
 
 +
==== Using pass ====
 +
 
 +
[[pass]] is a simple password manager from the command line based on GPG.
 +
 
 +
First create a password for your email account(s):
 +
 
 +
$ pass insert Mail/''account''
 +
 
 +
Now create a python function that will decrypt the password:
 +
 
 +
{{hc|~/.offlineimap.py|2=
 +
#! /usr/bin/env python2
 +
from subprocess import check_output
 +
 
 +
def get_pass(account):
 +
    return check_output("pass Mail/" + account, shell=True).splitlines()[0]
 +
}}
 +
 
 +
This is an example for a multi-account setup. You can customize the argument to ''pass'' as defined previously.
 +
 
 +
Load this file from {{ic|~/.offlineimaprc}} and specify the defined function:
 +
 
 +
{{hc|~/.offlineimaprc|2=
 +
[general]
 +
# Path to file with arbitrary Python code to be loaded
 +
pythonfile = ~/.offlineimap.py
 +
...
 +
 
 +
[Repository Gmail]
 +
# Decrypt and read the encrypted password
 +
remotepasseval = get_pass("Gmail")
 +
...
 +
}}
 +
 
 +
==== Gnome keyring ====
 +
 
 +
In configuration for remote repositories the remoteusereval/remotepasseval fields can be set to custom python code that evaluates to the username/password. The code can be a call to a function defined in a Python script pointed to by 'pythonfile' config field. Create {{ic|~/.offlineimap.py}} according to either of the two options below and use it in the configuration:
 +
 
 +
{{bc|<nowiki>
 +
[general]
 +
pythonfile = ~/.offlineimap.py
 +
 
 +
[Repository examplerepo]
 +
type = IMAP
 +
remotehost = mail.example.com
 +
remoteusereval = get_username("examplerepo")
 +
remotepasseval = get_password("examplerepo")
 +
</nowiki>}}
 +
 
 +
===== Option 1: using gnomekeyring Python module =====
 +
Install {{pkg|python2-gnomekeyring}}. Then:
 +
 
 +
{{hc|~/.offlineimap.py|<nowiki>
 +
#! /usr/bin/env python2
 +
 
 +
import gnomekeyring as gkey
 +
 
 +
def set_credentials(repo, user, pw):
 +
    KEYRING_NAME = "offlineimap"
 +
    attrs = { "repo": repo, "user": user }
 +
    keyring = gkey.get_default_keyring_sync()
 +
    gkey.item_create_sync(keyring, gkey.ITEM_NETWORK_PASSWORD,
 +
        KEYRING_NAME, attrs, pw, True)
 +
 
 +
def get_credentials(repo):
 +
    keyring = gkey.get_default_keyring_sync()
 +
    attrs = {"repo": repo}
 +
    items = gkey.find_items_sync(gkey.ITEM_NETWORK_PASSWORD, attrs)
 +
    return (items[0].attributes["user"], items[0].secret)
 +
 
 +
def get_username(repo):
 +
    return get_credentials(repo)[0]
 +
def get_password(repo):
 +
    return get_credentials(repo)[1]
 +
 
 +
if __name__ == "__main__":
 +
    import sys
 +
    import os
 +
    import getpass
 +
    if len(sys.argv) != 3:
 +
        print "Usage: %s <repository> <username>" \
 +
            % (os.path.basename(sys.argv[0]))
 +
        sys.exit(0)
 +
    repo, username = sys.argv[1:]
 +
    password = getpass.getpass("Enter password for user '%s': " % username)
 +
    password_confirmation = getpass.getpass("Confirm password: ")
 +
    if password != password_confirmation:
 +
        print "Error: password confirmation does not match"
 +
        sys.exit(1)
 +
    set_credentials(repo, username, password)
 +
</nowiki>}}
 +
 
 +
To set the credentials, run this script from a shell.
 +
 
 +
===== Option 2: using {{AUR|gnome-keyring-query}} tool =====
 +
 
 +
{{hc|~/.offlineimap.py|<nowiki>
 +
#! /usr/bin/env python2
 +
# executes gnome-keyring-query get passwd
 +
# and returns the output
 +
 
 +
import locale
 +
from subprocess import Popen, PIPE
 +
 
 +
encoding = locale.getdefaultlocale()[1]
 +
 
 +
def get_password(p):
 +
    (out, err) = Popen(["gnome-keyring-query", "get", p], stdout=PIPE).communicate()
 +
    return out.decode(encoding).strip()
 +
</nowiki>}}
 +
 
 +
==== python2-keyring ====
 +
 
 +
There is a general solution that should work for any keyring. Install [http://pypi.python.org/pypi/keyring python2-keyring] from [[AUR]], then change  your ~/.offlineimaprc to say something like:
 +
 
 +
{{bc|<nowiki>
 
[general]
 
[general]
 
pythonfile = /home/user/offlineimap.py
 
pythonfile = /home/user/offlineimap.py
+
...
 
[Repository RemoteEmail]
 
[Repository RemoteEmail]
 
remoteuser = username@host.net
 
remoteuser = username@host.net
 
remotepasseval = keyring.get_password("offlineimap","username@host.net")
 
remotepasseval = keyring.get_password("offlineimap","username@host.net")
+
...
}}
+
</nowiki>}}
  
 
and somewhere in ~/offlineimap.py add {{ic|import keyring}}. Now all you have to do is set your password, like so:
 
and somewhere in ~/offlineimap.py add {{ic|import keyring}}. Now all you have to do is set your password, like so:
Line 241: Line 364:
 
{{bc|$ python2  
 
{{bc|$ python2  
 
>>> import keyring
 
>>> import keyring
>>> keyring.set_password("offlineimap","username@host.net", "MYPASSWORD")'}}
+
>>> keyring.set_password("offlineimap","username@host.net", "MYPASSWORD")}}
  
and it'll grab the password from your (kwallet/gnome-) keyring instead of having to keep it in plaintext or enter it each time.
+
and it will grab the password from your (kwallet/gnome-) keyring instead of having to keep it in plaintext or enter it each time.
 +
 
 +
==== Emacs EasyPG ====
  
====Emacs EasyPG====
 
 
See http://www.emacswiki.org/emacs/OfflineIMAP#toc2
 
See http://www.emacswiki.org/emacs/OfflineIMAP#toc2
  
===Kerberos authentication===
+
==== KeePass / KeePassX ====
Install python2-kerberos from [https://aur.archlinux.org/packages.php?ID=50639 AUR] and do not specify remotepass in your .offlineimaprc.  
+
 
 +
Install {{AUR|python2-keepass-git}} from the AUR, then add the following to your offlineimap.py file:
 +
 
 +
{{bc|<nowiki>
 +
#! /usr/bin/env python2
 +
import os, getpass
 +
from keepass import kpdb
 +
 +
def get_keepass_pw(dbpath, title="", username=""):
 +
    if os.path.isfile(dbpath):
 +
        db = kpdb.Database(dbpath, getpass.getpass("Master password for '" + dbpath +    "': "))
 +
        for entry in db.entries:
 +
            if (entry.title == title) and (entry.username == username):
 +
                return entry.password
 +
    else:
 +
        print "Error: '" + dbpath + "' does not exist."
 +
        return
 +
 
 +
</nowiki>}}
 +
(Credit to aki--aki: https://gist.github.com/aki--aki/5180359)
 +
 
 +
Next, edit your ~/.offlineimaprc:
 +
 
 +
{{bc|<nowiki>
 +
[general]
 +
# VVV Set this path correctly VVV
 +
pythonfile = /home/user/offlineimap.py
 +
...
 +
[Repository RemoteEmail]
 +
remoteuser = username@host.net
 +
# Set the DB path as well as the title and username of the specific entry you'd like to use.
 +
# This will prompt you on STDIN at runtime for the kdb master password.
 +
remotepasseval = get_keepass_pw("/path/to/database.kdb", title="<entry title>", username="<entry username>")
 +
...
 +
</nowiki>}}
 +
 
 +
Note that as-is, this does not support KDBs with keyfiles, only KDBs with password-only auth.
 +
 
 +
=== Kerberos authentication ===
 +
 
 +
Install {{AUR|python2-kerberos}} from [[AUR]] and do not specify remotepass in your .offlineimaprc.  
 
OfflineImap figure out the reset all if have a valid Kerberos TGT.  
 
OfflineImap figure out the reset all if have a valid Kerberos TGT.  
 
If you have 'maxconnections', it will fail for some connection. Comment 'maxconnections' out will solve this problem.
 
If you have 'maxconnections', it will fail for some connection. Comment 'maxconnections' out will solve this problem.
  
==Troubleshooting==
+
== Troubleshooting ==
 +
 
 +
=== Overriding UI and autorefresh settings ===
  
===Overriding UI and autorefresh settings===
 
 
For the sake of troubleshooting, it is sometimes convenient to launch offlineimap with a more verbose UI, no background syncs and perhaps even a debug level:
 
For the sake of troubleshooting, it is sometimes convenient to launch offlineimap with a more verbose UI, no background syncs and perhaps even a debug level:
 
  $ offlineimap [ -o ] [ -d <debug_type> ] [ -u <ui> ]
 
  $ offlineimap [ -o ] [ -d <debug_type> ] [ -u <ui> ]
Line 269: Line 434:
 
{{Note|More recent versions use the following for <ui>: {{Ic|blinkenlights}}, {{Ic|ttyui}}, {{Ic|basic}}, {{Ic|quiet}} or {{Ic|machineui}}.}}
 
{{Note|More recent versions use the following for <ui>: {{Ic|blinkenlights}}, {{Ic|ttyui}}, {{Ic|basic}}, {{Ic|quiet}} or {{Ic|machineui}}.}}
  
===Curses interface (Curses.Blinkenlights) locks terminal===
+
=== Folder could not be created ===
Because of a bug in Python's ncurses package (http://bugs.python.org/issue7567) the Curses interface of OfflineIMAP breaks the terminal on exit.
+
While it appears to irreparably lock the terminal, in reality it only prevents commands from being displayed.
+
The bug has been fixed in Python's SVN for all versions 2.6 up to 3.2 but the current package in the repositories (Python 2.6.5) is still buggy.
+
  
In order to solve the issue:
 
*either append {{Ic|reset}} to OfflineIMAP's launch command:
 
$ offlineimap; reset
 
*or change the {{Ic|ui}} field in {{ic|~/.offlineimaprc}} to select a fully functional one:
 
ui = TTY.TTYUI
 
*or as quick workaround you can just use the following command to skip the reset() function in Curses.py which causes the problem
 
# sed -i '125i\ \ \ \ \ \ \ \ return' /usr/lib/python2.6/site-packages/offlineimap/ui/Curses.py
 
 
===netrc authentication===
 
There are some bugs in the current {{Pkg|offlineimap}} which makes it impossible to read the authentication data from {{ic|~/.netrc}} if there are multiple Accounts per remote machine. ( see [http://comments.gmane.org/gmane.mail.imap.offlineimap.general/3024 Mail Archive ] ) But they are fixed in the GIT package {{AUR|offlineimap-git}} (note that is AUR package is flagged as out of date; see the current GitHub external link below).
 
Using the package you can collect all passwords in {{ic|~/.netrc}}. And do not forget to set it's access rights:
 
chmod 600 ~/.netrc
 
An example netrc file would be
 
{{hc|~/.netrc|
 
machine mail.myhost.de
 
    login mr_smith
 
    password secret
 
}}
 
 
===socket.ssl deprecation warnings===
 
Depending on the currently installed python version, running offlineimap throws this warning:
 
DeprecationWarning: socket.ssl() is deprecated.  Use ssl.wrap_socket() instead.
 
 
This can be particularly annoying when offlineimap's output is being logged or mailed through [[cron]].
 
 
To fix the problem, apply this [http://github.com/jgoerzen/offlineimap/commit/a7810166335bb0e6f5c7dab26adf707c38adf6ff upstream] patch or install {{AUR|offlineimap-git}}:
 
{{bc|<nowiki>
 
--- offlineimap/imaplibutil.py.orig 2009-08-12 01:24:23.000000000 -0430
 
+++ offlineimap/imaplibutil.py 2010-06-07 11:17:37.849038683 -0430
 
@@ -23,9 +23,11 @@
 
# Import the symbols we need that aren't exported by default
 
from imaplib import IMAP4_PORT, IMAP4_SSL_PORT, InternalDate, Mon2num
 
 
-# ssl is new in python 2.6
 
-if (sys.version_info[0] == 2 and sys.version_info[1] >= 6) or sys.version_info[0] >= 3:
 
+try:
 
    import ssl
 
+    ssl_wrap = ssl.wrap_socket
 
+except ImportError:
 
+    ssl_wrap = socket.ssl
 
 
class IMAP4_Tunnel(IMAP4):
 
    """IMAP4 client class over a tunnel
 
@@ -169,7 +171,7 @@
 
        if last_error != 0:
 
            # FIXME
 
            raise socket.error(last_error)
 
-        self.sslobj = socket.ssl(self.sock, self.keyfile, self.certfile)
 
+        self.sslobj = ssl_wrap(self.sock, self.keyfile, self.certfile)
 
        self.sslobj = sslwrapper(self.sslobj)
 
 
mustquote = re.compile(r"[^\w!#$%&'+,.:;<=>?^`|~-]")
 
</nowiki>}}
 
 
The diff is relative to the root buildir and it can be applied by using [[ABS]].
 
 
===Folder could not be created===
 
 
In version 6.5.3, offlineimap gained the ability to create folders in the remote repository, as described [http://comments.gmane.org/gmane.mail.imap.offlineimap.general/4784 here].
 
In version 6.5.3, offlineimap gained the ability to create folders in the remote repository, as described [http://comments.gmane.org/gmane.mail.imap.offlineimap.general/4784 here].
  
Line 338: Line 443:
  
 
The solution is to provide an inverse {{Ic|nametrans}} lambda for the local repository, e.g.
 
The solution is to provide an inverse {{Ic|nametrans}} lambda for the local repository, e.g.
{{hc|~/.offlineimaprc|2=
+
 
<nowiki>
+
{{hc|~/.offlineimaprc|<nowiki>
 
[Repository foo-local]
 
[Repository foo-local]
 
nametrans = lambda foldername: foldername.replace('bar', 'BAR')
 
nametrans = lambda foldername: foldername.replace('bar', 'BAR')
Line 345: Line 450:
 
[Repository foo-remote]
 
[Repository foo-remote]
 
nametrans = lambda foldername: foldername.replace('BAR', 'bar')
 
nametrans = lambda foldername: foldername.replace('BAR', 'bar')
</nowiki>
+
</nowiki>}}
}}
+
  
 
* For working out the correct inverse mapping. the output of {{Ic|offlineimap --info}} should help.
 
* For working out the correct inverse mapping. the output of {{Ic|offlineimap --info}} should help.
 
* After updating the mapping, it may be necessary to remove all of the folders under {{Ic|$HOME/.offlineimap/}} for the affected accounts.
 
* After updating the mapping, it may be necessary to remove all of the folders under {{Ic|$HOME/.offlineimap/}} for the affected accounts.
  
===SSL fingerprint does not match===
+
=== SSL fingerprint does not match ===
  ERROR: Server SSL fingerprint 'keykeykey' for hostname 'example.com' does not match configured fingerprint. Please verify and set 'cert_fingerprint' accordingly if not set yet.
+
 
 +
ERROR: Server SSL fingerprint 'keykeykey' for hostname 'example.com' does not match configured fingerprint. Please verify and set 'cert_fingerprint' accordingly if not set yet.
  
 
To solve this, add to {{ic|~/.offlineimaprc}} (in the same section as {{ic|1=ssl = yes}}) one of the following:
 
To solve this, add to {{ic|~/.offlineimaprc}} (in the same section as {{ic|1=ssl = yes}}) one of the following:
 
* either add {{ic|cert_fingerprint}}, with the certificate fingerprint of the remote server. This checks whether the remote server certificate matches the given fingerprint.
 
* either add {{ic|cert_fingerprint}}, with the certificate fingerprint of the remote server. This checks whether the remote server certificate matches the given fingerprint.
  cert_fingerprint = keykeykey
+
cert_fingerprint = keykeykey
 
* or add {{ic|sslcacertfile}} with the path to the system CA certificates file. Needs {{Pkg|ca-certificates}} installed. This validates the remote ssl certificate chain against the Certification Authorities in that file.
 
* or add {{ic|sslcacertfile}} with the path to the system CA certificates file. Needs {{Pkg|ca-certificates}} installed. This validates the remote ssl certificate chain against the Certification Authorities in that file.
  sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
 +
 
 +
=== Copying message, connection closed ===
 +
 
 +
ERROR: Copying message -2 [acc: email] connection closed
 +
Folder sent [acc: email]: ERROR: while syncing sent [account email] connection closed
 +
 
 +
Cause of this can be creation of same message both locally and on server. This happens if your email provider automatically saves sent mails to same folder as your local client. If you encounter this, disable save of sent messages in your local client.
 +
 
 +
== See also ==
  
==External links==
 
 
* [http://lists.alioth.debian.org/mailman/listinfo/offlineimap-project Official OfflineIMAP mailing list]
 
* [http://lists.alioth.debian.org/mailman/listinfo/offlineimap-project Official OfflineIMAP mailing list]
* [http://roland.entierement.nu/blog/2010/09/08/gnus-dovecot-offlineimap-search-a-howto.html Gnus, Dovecot, OfflineIMAP, search: a HOWTO]
+
* [http://pbrisbin.com/posts/mutt_gmail_offlineimap/ Mutt + Gmail + Offlineimap] - An outline of brisbin's simple gmail/mutt setup using cron to keep offlineimap syncing.
** This setup worked for me, only difference being I had to add {{ic|1=mail_location = maildir:~/Maildir}} to {{ic|/etc/dovecot/dovecot.conf}}. Also, I used the [[OfflineIMAP#Gmail_configuration|Gmail configuration above]]. --[[User:Unhammer|Unhammer]] 09:24, 22 October 2010 (EDT)
+
* [http://pbrisbin.com/posts/mutt_gmail_offlineimap/ Mutt + Gmail + Offlineimap]
+
** An outline of brisbin's simple gmail/mutt setup using cron to keep offlineimap syncing.
+
* [https://github.com/nicolas33/offlineimap Current OfflineIMAP maintainer's fork on GitHub]
+
** Note that a strict build of this on current Arch will fail due to python references unless they are replaced with python2
+

Latest revision as of 23:21, 19 August 2016

Related articles

OfflineIMAP is a Python utility to sync mail from IMAP servers. It does not work with the POP3 protocol or mbox, and is usually paired with a MUA such as Mutt.

Installation

Install offlineimap. For a development version, install offlineimap-gitAUR.

Configuration

Offlineimap is distributed with two default configuration files, which are both located in /usr/share/offlineimap/. offlineimap.conf contains every setting and is thorougly documented. Alternatively, offlineimap.conf.minimal is not commented and only contains a small number of settings (see: Minimal).

Copy one of the default configuration files to ~/.offlineimaprc.

Note: Writing a comment after an option/value on the same line is invalid syntax, hence take care that comments are placed on their own separate line.

Minimal

The following file is a commented version of offlineimap.conf.minimal.

~/.offlineimaprc
[general]
# List of accounts to be synced, separated by a comma.
accounts = main

[Account main]
# Identifier for the local repository; e.g. the maildir to be synced via IMAP.
localrepository = main-local
# Identifier for the remote repository; i.e. the actual IMAP, usually non-local.
remoterepository = main-remote
# Status cache. Default is plain, which eventually becomes huge and slow.
status_backend = sqlite

[Repository main-local]
# Currently, offlineimap only supports maildir and IMAP for local repositories.
type = Maildir
# Where should the mail be placed?
localfolders = ~/Maildir

[Repository main-remote]
# Remote repos can be IMAP or Gmail, the latter being a preconfigured IMAP.
type = IMAP
remotehost = host.domain.tld
remoteuser = username

Selective folder synchronization

For synchronizing only certain folders, you can use a folderfilter in the remote section of the account in ~/.offlineimaprc. For example, the following configuration will only synchronize the folders Inbox and Sent:

~/.offlineimaprc
[Repository main-remote]
# Synchronize only the folders Inbox and Sent:
folderfilter = lambda foldername: foldername in ["Inbox", "Sent"]
...

For more options, see the official documentation.

Usage

Before running offlineimap, create any parent directories that were allocated to local repositories:

$ mkdir ~/Maildir

Now, run the program:

$ offlineimap

Mail accounts will now be synced. If anything goes wrong, take a closer look at the error messages. OfflineIMAP is usually very verbose about problems; partly because the developers did not bother with taking away tracebacks from the final product.

Miscellaneous

Running offlineimap in the background

Most other mail transfer agents assume that the user will be using the tool as a daemon by making the program sync periodically by default. In offlineimap, there are a few settings that control backgrounded tasks.

Confusingly, they are spread thin all-over the configuration file:

~/.offlineimaprc
# In the general section
[general]
# Controls how many accounts may be synced simultaneously
maxsyncaccounts = 1

# In the account identifier
[Account main]
# Minutes between syncs
autorefresh = 0.5
# Quick-syncs do not update if the only changes were to IMAP flags.
# autorefresh=0.5 together with quick=10 yields
# 10 quick refreshes between each full refresh, with 0.5 minutes between every 
# refresh, regardless of type.
quick = 10

# In the remote repository identifier
[Repository main-remote]
# Instead of closing the connection once a sync is complete, offlineimap will
# send empty data to the server to hold the connection open. A value of 60
# attempts to hold the connection for a minute between syncs (both quick and
# autorefresh).This setting has no effect if autorefresh and holdconnectionopen
# are not both set.
keepalive = 60
# OfflineIMAP normally closes IMAP server connections between refreshes if
# the global option autorefresh is specified.  If you wish it to keep the
# connection open, set this to true. This setting has no effect if autorefresh
# is not set.
holdconnectionopen = yes

systemd service

When configured to run background jobs, offlineimap can be managed with the following systemd service:

/etc/systemd/system/offlineimap@.service
[Unit]
Description=Start offlineimap as a daemon
Requires=network-online.target
After=network.target

[Service]
User=%i
ExecStart=/usr/bin/offlineimap
KillSignal=SIGUSR2
Restart=always

[Install]
WantedBy=multi-user.target

Then enable offlineimap@user.service.

Note: If your configuration involves D-Bus operations, e.g. #Gnome keyring, you should adapt this service for systemd user instance as described in systemd/User instead of using it directly. This approach is necessary to set the DBUS_SESSION_BUS_ADDRESS variable correctly.

Automatic mailbox generation for mutt

Mutt cannot be simply pointed to an IMAP or maildir directory and be expected to guess which subdirectories happen to be the mailboxes, yet offlineimap can generate a muttrc fragment containing the mailboxes that it syncs.

~/.offlineimaprc
[mbnames]
enabled = yes
filename = ~/.mutt/mailboxes
header = "mailboxes "
peritem = "+%(accountname)s/%(foldername)s"
sep = " "
footer = "\n"

Then add the following lines to ~/.mutt/muttrc.

~/.mutt/muttrc
# IMAP: offlineimap
set folder = "~/Mail"
source ~/.mutt/mailboxes
set spoolfile = "+account/INBOX"
set record = "+account/Sent\ Items"
set postponed = "+account/Drafts"

account is the name you have given to your IMAP account in ~/.offlineimaprc.

Gmail configuration

This remote repository is configured specifically for Gmail support, substituting folder names in uppercase for lowercase, among other small additions. Keep in mind that this configuration does not sync the All Mail folder, since it is usually unnecessary and skipping it prevents bandwidth costs:

~/.offlineimaprc
[Repository gmail-remote]
type = Gmail
remoteuser = user@gmail.com
remotepass = password
nametrans = lambda foldername: re.sub ('^\[gmail\]', 'bak',
                               re.sub ('sent_mail', 'sent',
                               re.sub ('starred', 'flagged',
                               re.sub (' ', '_', foldername.lower()))))
folderfilter = lambda foldername: foldername not in ['[Gmail]/All Mail']
# Necessary as of OfflineIMAP 6.5.4
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
Note:
  • If you have Gmail set to another language, the folder names may appear translated too, e.g. "verzonden_berichten" instead of "sent_mail".
  • After version 6.3.5, offlineimap also creates remote folders to match your local ones. Thus you may need a nametrans rule for your local repository too that reverses the effects of this nametrans rule. If you don't want to make a reverse nametrans rule, you can disable remote folder creation by putting this in your remote configuration: createfolders = False
  • As of 1 October 2012 gmail SSL certificate fingerprint is not always the same. This prevents from using cert_fingerprint and makes the sslcacertfile way a better solution for the SSL verification (see #SSL fingerprint does not match).

Password management

.netrc

Add the following lines to your ~/.netrc:

machine hostname.tld
    login [your username]
    password [your password]

Do not forget to give the file appropriate rights like 600 or 700:

$ chmod 600 ~/.netrc

Using GPG

GNU Privacy Guard can be used for storing a password in an encrypted file. First set up GnuPG and then follow the steps in this section. It is assumed that you can use your GPG private key without entering a password all the time.

First type in the password for the email account in a plain text file. Do this in a secure directory with 700 permissions located on a tmpfs to avoid writing the unencrypted password to the disk. Then encrypt the file with your private key:

$ gpg --default-recipient-self -e /path/to/plain/password

Remove the plain text file since it is no longer needed. Move the encrypted file to the final location, e.g. ~/.offlineimappass.gpg.

Now create a python function that will decrypt the password:

~/.offlineimap.py
#! /usr/bin/env python2
from subprocess import check_output

def get_pass():
    return check_output("gpg -dq ~/.offlineimappass.gpg", shell=True).strip("\n")

Load this file from ~/.offlineimaprc and specify the defined function:

~/.offlineimaprc
[general]
# Path to file with arbitrary Python code to be loaded
pythonfile = ~/.offlineimap.py
...

[Repository example]
# Decrypt and read the encrypted password
remotepasseval = get_pass()
...

Using pass

pass is a simple password manager from the command line based on GPG.

First create a password for your email account(s):

$ pass insert Mail/account

Now create a python function that will decrypt the password:

~/.offlineimap.py
#! /usr/bin/env python2
from subprocess import check_output

def get_pass(account):
    return check_output("pass Mail/" + account, shell=True).splitlines()[0]

This is an example for a multi-account setup. You can customize the argument to pass as defined previously.

Load this file from ~/.offlineimaprc and specify the defined function:

~/.offlineimaprc
[general]
# Path to file with arbitrary Python code to be loaded
pythonfile = ~/.offlineimap.py
...

[Repository Gmail]
# Decrypt and read the encrypted password
remotepasseval = get_pass("Gmail")
...

Gnome keyring

In configuration for remote repositories the remoteusereval/remotepasseval fields can be set to custom python code that evaluates to the username/password. The code can be a call to a function defined in a Python script pointed to by 'pythonfile' config field. Create ~/.offlineimap.py according to either of the two options below and use it in the configuration:

[general]
pythonfile = ~/.offlineimap.py

[Repository examplerepo]
type = IMAP
remotehost = mail.example.com
remoteusereval = get_username("examplerepo")
remotepasseval = get_password("examplerepo")
Option 1: using gnomekeyring Python module

Install python2-gnomekeyring. Then:

~/.offlineimap.py
#! /usr/bin/env python2

import gnomekeyring as gkey

def set_credentials(repo, user, pw):
    KEYRING_NAME = "offlineimap"
    attrs = { "repo": repo, "user": user }
    keyring = gkey.get_default_keyring_sync()
    gkey.item_create_sync(keyring, gkey.ITEM_NETWORK_PASSWORD,
        KEYRING_NAME, attrs, pw, True)

def get_credentials(repo):
    keyring = gkey.get_default_keyring_sync()
    attrs = {"repo": repo}
    items = gkey.find_items_sync(gkey.ITEM_NETWORK_PASSWORD, attrs)
    return (items[0].attributes["user"], items[0].secret)

def get_username(repo):
    return get_credentials(repo)[0]
def get_password(repo):
    return get_credentials(repo)[1]

if __name__ == "__main__":
    import sys
    import os
    import getpass
    if len(sys.argv) != 3:
        print "Usage: %s <repository> <username>" \
            % (os.path.basename(sys.argv[0]))
        sys.exit(0)
    repo, username = sys.argv[1:]
    password = getpass.getpass("Enter password for user '%s': " % username)
    password_confirmation = getpass.getpass("Confirm password: ")
    if password != password_confirmation:
        print "Error: password confirmation does not match"
        sys.exit(1)
    set_credentials(repo, username, password)

To set the credentials, run this script from a shell.

Option 2: using gnome-keyring-queryAUR tool
~/.offlineimap.py
#! /usr/bin/env python2
# executes gnome-keyring-query get passwd
# and returns the output

import locale
from subprocess import Popen, PIPE

encoding = locale.getdefaultlocale()[1]

def get_password(p):
    (out, err) = Popen(["gnome-keyring-query", "get", p], stdout=PIPE).communicate()
    return out.decode(encoding).strip()

python2-keyring

There is a general solution that should work for any keyring. Install python2-keyring from AUR, then change your ~/.offlineimaprc to say something like:

[general]
pythonfile = /home/user/offlineimap.py
...
[Repository RemoteEmail]
remoteuser = username@host.net
remotepasseval = keyring.get_password("offlineimap","username@host.net")
...

and somewhere in ~/offlineimap.py add import keyring. Now all you have to do is set your password, like so:

$ python2 
>>> import keyring
>>> keyring.set_password("offlineimap","username@host.net", "MYPASSWORD")

and it will grab the password from your (kwallet/gnome-) keyring instead of having to keep it in plaintext or enter it each time.

Emacs EasyPG

See http://www.emacswiki.org/emacs/OfflineIMAP#toc2

KeePass / KeePassX

Install python2-keepass-gitAUR from the AUR, then add the following to your offlineimap.py file:

#! /usr/bin/env python2
import os, getpass
from keepass import kpdb
 
def get_keepass_pw(dbpath, title="", username=""):
    if os.path.isfile(dbpath):
        db = kpdb.Database(dbpath, getpass.getpass("Master password for '" + dbpath +    "': "))
        for entry in db.entries:
            if (entry.title == title) and (entry.username == username):
                return entry.password
    else:
        print "Error: '" + dbpath + "' does not exist."
        return

(Credit to aki--aki: https://gist.github.com/aki--aki/5180359)

Next, edit your ~/.offlineimaprc:

[general]
# VVV Set this path correctly VVV
pythonfile = /home/user/offlineimap.py
...
[Repository RemoteEmail]
remoteuser = username@host.net
# Set the DB path as well as the title and username of the specific entry you'd like to use.
# This will prompt you on STDIN at runtime for the kdb master password.
remotepasseval = get_keepass_pw("/path/to/database.kdb", title="<entry title>", username="<entry username>")
...

Note that as-is, this does not support KDBs with keyfiles, only KDBs with password-only auth.

Kerberos authentication

Install python2-kerberosAUR from AUR and do not specify remotepass in your .offlineimaprc. OfflineImap figure out the reset all if have a valid Kerberos TGT. If you have 'maxconnections', it will fail for some connection. Comment 'maxconnections' out will solve this problem.

Troubleshooting

Overriding UI and autorefresh settings

For the sake of troubleshooting, it is sometimes convenient to launch offlineimap with a more verbose UI, no background syncs and perhaps even a debug level:

$ offlineimap [ -o ] [ -d <debug_type> ] [ -u <ui> ]
-o
Disable autorefresh, keepalive, etc.
-d <debug_type>
Where <debug_type> is one of imap, maildir or thread. Debugging imap and maildir are, by far, the most useful.
-u <ui>
Where <ui> is one of CURSES.BLINKENLIGHTS, TTY.TTYUI, NONINTERACTIVE.BASIC, NONINTERACTIVE.QUIET or MACHINE.MACHINEUI. TTY.TTYUI is sufficient for debugging purposes.
Note: More recent versions use the following for <ui>: blinkenlights, ttyui, basic, quiet or machineui.

Folder could not be created

In version 6.5.3, offlineimap gained the ability to create folders in the remote repository, as described here.

This can lead to errors of the following form when using nametrans on the remote repository:

ERROR: Creating folder bar on repository foo-remote
  Folder 'bar'[foo-remote] could not be created. Server responded: ('NO', ['[ALREADYEXISTS] Duplicate folder name bar (Failure)'])

The solution is to provide an inverse nametrans lambda for the local repository, e.g.

~/.offlineimaprc
[Repository foo-local]
nametrans = lambda foldername: foldername.replace('bar', 'BAR')

[Repository foo-remote]
nametrans = lambda foldername: foldername.replace('BAR', 'bar')
  • For working out the correct inverse mapping. the output of offlineimap --info should help.
  • After updating the mapping, it may be necessary to remove all of the folders under $HOME/.offlineimap/ for the affected accounts.

SSL fingerprint does not match

ERROR: Server SSL fingerprint 'keykeykey' for hostname 'example.com' does not match configured fingerprint. Please verify and set 'cert_fingerprint' accordingly if not set yet.

To solve this, add to ~/.offlineimaprc (in the same section as ssl = yes) one of the following:

  • either add cert_fingerprint, with the certificate fingerprint of the remote server. This checks whether the remote server certificate matches the given fingerprint.
cert_fingerprint = keykeykey
  • or add sslcacertfile with the path to the system CA certificates file. Needs ca-certificates installed. This validates the remote ssl certificate chain against the Certification Authorities in that file.
sslcacertfile = /etc/ssl/certs/ca-certificates.crt

Copying message, connection closed

ERROR: Copying message -2 [acc: email] connection closed
Folder sent [acc: email]: ERROR: while syncing sent [account email] connection closed

Cause of this can be creation of same message both locally and on server. This happens if your email provider automatically saves sent mails to same folder as your local client. If you encounter this, disable save of sent messages in your local client.

See also