Practical Local Email Backups With Dovecot and imapsync
Digital resilience is mentioned a lot these days, and while I thought I was well-prepared I realized that I had a blind spot: my emails. The problem is that I have lots of them (> 50.000) and neither do I want to stop hoarding or pay an enterprise-tier service at a provider that I trust (I do pay the private-tier, though 🙂). For me, this meant to create a local backup but I still want it to behave like a standard email server which you can connect to with your favorite client. What behaves like an email server? An email server!
Dovecot
My solution is to run Dovecot, an open-source IMAP server with a market share of over 75%, within my local network and backup all emails there. While I will not expose it to the internet, I can still securely access it via VPN or a web-based email client in the same network that is externally accessible.
Have a look at docker-mailserver if this is what you are interested in.
To make this as simple as possible, the only thing required will be Docker.
Dovecot provides a lightweight Docker container dovecot/dovecot which we can run after a few preparations.
First, we create a dovecot folder with two subfolders: vmail and config.
vmail will store all mail and in config we need a configuration file allow_plaintext.conf with the following contents:
auth_mechanisms = plain
auth_allow_cleartext = yes
ssl = no
Everything needs to be accessible by the user id 1000, which you can ensure by running chown -R 1000:1000 dovecot.
Then we can run the following command to make IMAP accessible via port 143 (unencrypted!):
docker run -d \
-p 143:31143 \
-v $(pwd)/dovecot/vmail:/srv/vmail \
-v $(pwd)/dovecot/config:/etc/dovecot/conf.d \
-e USER_PASSWORD=password \
dovecot/dovecot:latest-2.4
This will start an IMAP server which we can connect to with any username and the password “password”, which can be changed by changing USER_PASSWORD.
In Thunderbird, this would look like this (where 192.168.100.5 is the local IP address of the host I am running dovecot on):
Example Thunderbird settings for the local Dovecot IMAP server
The SMTP (sending) settings can be anything and left nonfunctional or used from another mail account. Then, Dovecot will automatically create a new subfolder for the given user, and behave like any mail account.
imapsync
The next problem is to reliably get tens of thousands of emails to our local server. This is surprisingly simple with the great “imapsync” tool by Gilles Lamiral who even provides a docker container: gilleslamiral/imapsync. Assuming the same settings as above, we simply run:
docker run --rm gilleslamiral/imapsync imapsync \
--host1 imap.sourceserver.net --user1 account@sourceserver.net --password1 verysecret \
--host2 192.168.100.5 --port2 143 --user2 marvin --password2 password
If Thunderbird is setup as above, we will see one mail after the other appear. imapsync will provide an ETA, depending on the mailbox size this can take a few hours at first run. Subsequent runs will be much faster.
imapsync is very powerful and has a lot of commandline options.
Notably, --maxage X will limit the mail to be transferred to the ones received within the last X days.
There are for example also specific flags for transferring from GMail, Office365 or Exchange.
Extensions
This quick tip is basic but can of course be extended.
If you for example have Nextcloud running on the same network, you can install the Nextcloud Mail app and access your email backups from the browser.
It is not really hard to add SSL/TLS encryption, and further you can run imapsync periodically as it nicely supports incremental backups.
You might also want to backup your mails in the dovecot folder to a NAS or external drive using rsync or rsnapshot.