search

pimalaya / neverest

CLI to synchronize, backup and restore emails
https://pimalaya.org
MIT License
183 stars 5 forks source link
backup cli email imap jmap maildir notmuch restore rust sync synchronizer terminal

readme

Logo

📫 Neverest

CLI to synchronize, backup and restore emails,
based on email-lib

Release Repology Matrix

screenshot

The project is under active development, do not use in production before the final v1.0.0 (or at least do some manual backups).

Features

Neverest CLI is written in Rust, and relies on cargo features to enable or disable functionalities. Default features can be found in the features section of the Cargo.toml.

Installation

The v1.0.0 is currently being tested on the master branch, and is the prefered version to use. Previous versions (including GitHub beta releases and repositories published versions) are not recommended.

Pre-built binary

Neverest CLI v1.0.0 can be installed with a pre-built binary. Find the latest pre-release GitHub workflow and look for the Artifacts section. You should find a pre-built binary matching your OS.

Cargo (git)

Neverest CLI v1.0.0 can also be installed with cargo:

$ cargo install --git https://github.com/pimalaya/neverest.git --force neverest

Other outdated methods

These installation methods should not be used until the v1.0.0 is finally released, as they are all (temporarily) outdated:

Pre-built binary Neverest CLI can be installed with a prebuilt binary: ```bash # As root: $ curl -sSL https://raw.githubusercontent.com/pimalaya/neverest/master/install.sh | sudo sh # As a regular user: $ curl -sSL https://raw.githubusercontent.com/pimalaya/neverest/master/install.sh | PREFIX=~/.local sh ``` These commands install the latest binary from the GitHub [releases](https://github.com/pimalaya/neverest/releases) section. *Binaries are built with [default](https://github.com/pimalaya/neverest/blob/master/Cargo.toml#L18) cargo features. If you want to enable or disable a feature, please use another installation method.*
Cargo Neverest CLI can be installed with [cargo](https://doc.rust-lang.org/cargo/): ```bash $ cargo install neverest # With only IMAP support: $ cargo install neverest --no-default-features --features imap ``` You can also use the git repository for a more up-to-date (but less stable) version: ```bash $ cargo install --git https://github.com/pimalaya/neverest.git neverest ```
Nix Neverest CLI can be installed with [Nix](https://serokell.io/blog/what-is-nix): ```bash $ nix-env -i neverest ``` You can also use the git repository for a more up-to-date (but less stable) version: ```bash $ nix-env -if https://github.com/pimalaya/neverest/archive/master.tar.gz # or, from within the source tree checkout $ nix-env -if . ``` If you have the [Flakes](https://nixos.wiki/wiki/Flakes) feature enabled: ```bash $ nix profile install neverest # or, from within the source tree checkout $ nix profile install # you can also run Neverest directly without installing it: $ nix run neverest ```
Sources Neverest CLI can be installed from sources. First you need to install the Rust development environment (see the [rust installation documentation](https://doc.rust-lang.org/cargo/getting-started/installation.html)): ```bash $ curl https://sh.rustup.rs -sSf | sh ``` Then, you need to clone the repository and install dependencies: ```bash $ git clone https://github.com/pimalaya/neverest.git $ cd neverest $ cargo check ``` Now, you can build Neverest: ```bash $ cargo build --release ``` *Binaries are available under the `target/release` folder.*

Configuration

Just run neverest, the wizard will help you to configure your default account.

You can also manually edit your own configuration, from scratch:

Proton Mail (Bridge) When using Proton Bridge, emails are synchronized locally and exposed via a local IMAP/SMTP server. This implies 2 things: - Id order may be reversed or shuffled, but envelopes will still be sorted by date. - SSL/TLS needs to be deactivated manually. - The password to use is the one generated by Proton Bridge, not the one from your Proton Mail account. ```toml [accounts.proton] email = "example@proton.me" backend = "imap" imap.host = "127.0.0.1" imap.port = 1143 imap.encryption = false imap.login = "example@proton.me" imap.passwd.raw = "" message.send.backend = "smtp" smtp.host = "127.0.0.1" smtp.port = 1025 smtp.encryption = false smtp.login = "example@proton.me" smtp.passwd.raw = "" ``` Keeping your password inside the configuration file is good for testing purpose, but it is not safe. You have 2 better alternatives: - Save your password in any password manager that can be queried via the CLI: ```toml imap.passwd.cmd = "pass show proton" ``` - Use the global keyring of your system (requires the `keyring` cargo feature): ```toml imap.passwd.keyring = "proton-example" ``` Running `neverest configure -a proton` will ask for your IMAP password, just paste the one generated previously.
Gmail Google passwords cannot be used directly. There is two ways to authenticate yourself: ### Using [App Passwords](https://support.google.com/mail/answer/185833) This option is the simplest and the fastest. First, be sure that: - IMAP is enabled - Two-step authentication is enabled - Less secure app access is enabled First create a [dedicated password](https://myaccount.google.com/apppasswords) for Neverest. ```toml [accounts.gmail] email = "example@gmail.com" folder.alias.inbox = "INBOX" folder.alias.sent = "[Gmail]/Sent Mail" folder.alias.drafts = "[Gmail]/Drafts" folder.alias.trash = "[Gmail]/Trash" backend = "imap" imap.host = "imap.gmail.com" imap.port = 993 imap.login = "example@gmail.com" imap.passwd.cmd = "pass show gmail" message.send.backend = "smtp" smtp.host = "smtp.gmail.com" smtp.port = 465 smtp.login = "example@gmail.com" smtp.passwd.cmd = "pass show gmail" ``` Keeping your password inside the configuration file is good for testing purpose, but it is not safe. You have 2 better alternatives: - Save your password in any password manager that can be queried via the CLI: ```toml imap.passwd.cmd = "pass show gmail" ``` - Use the global keyring of your system (requires the `keyring` cargo feature): ```toml imap.passwd.keyring = "gmail-example" ``` Running `neverest configure -a gmail` will ask for your IMAP password, just paste the one generated previously. ### Using OAuth 2.0 This option is the most secure but the hardest to configure. It requires the `oauth2` and `keyring` cargo features. First, you need to get your OAuth 2.0 credentials by following [this guide](https://developers.google.com/identity/protocols/oauth2#1.-obtain-oauth-2.0-credentials-from-the-dynamic_data.setvar.console_name-.). Once you get your client id and your client secret, you can configure your Neverest account this way: ```toml [accounts.gmail] email = "example@gmail.com" folder.alias.inbox = "INBOX" folder.alias.sent = "[Gmail]/Sent Mail" folder.alias.drafts = "[Gmail]/Drafts" folder.alias.trash = "[Gmail]/Trash" backend = "imap" imap.host = "imap.gmail.com" imap.port = 993 imap.login = "example@gmail.com" imap.oauth2.client-id = "" imap.oauth2.auth-url = "https://accounts.google.com/o/oauth2/v2/auth" imap.oauth2.token-url = "https://www.googleapis.com/oauth2/v3/token" imap.oauth2.pkce = true imap.oauth2.scope = "https://mail.google.com/" message.send.backend = "smtp" smtp.host = "smtp.gmail.com" smtp.port = 465 smtp.login = "example@gmail.com" smtp.oauth2.client-id = "" smtp.oauth2.auth-url = "https://accounts.google.com/o/oauth2/v2/auth" smtp.oauth2.token-url = "https://www.googleapis.com/oauth2/v3/token" smtp.oauth2.pkce = true smtp.oauth2.scope = "https://mail.google.com/" # If you want your SMTP to share the same client id (and so the same access token) # as your IMAP config, you can add the following: # # imap.oauth2.client-id = "" # imap.oauth2.client-secret.keyring = "gmail-oauth2-client-secret" # imap.oauth2.access-token.keyring = "gmail-oauth2-access-token" # imap.oauth2.refresh-token.keyring = "gmail-oauth2-refresh-token" # # imap.oauth2.client-id = "" # imap.oauth2.client-secret.keyring = "gmail-oauth2-client-secret" # imap.oauth2.access-token.keyring = "gmail-oauth2-access-token" # smtp.oauth2.refresh-token.keyring = "gmail-oauth2-refresh-token" ``` Running `neverest configure -a gmail` will complete your OAuth 2.0 setup and ask for your client secret.
Outlook ```toml [accounts.outlook] email = "example@outlook.com" backend = "imap" imap.host = "outlook.office365.com" imap.port = 993 imap.login = "example@outlook.com" imap.passwd.cmd = "pass show outlook" message.send.backend = "smtp" smtp.host = "smtp.mail.outlook.com" smtp.port = 587 smtp.encryption = "start-tls" smtp.login = "example@outlook.com" smtp.passwd.cmd = "pass show outlook" ``` ### Using OAuth 2.0 This option is the most secure but the hardest to configure. First, you need to get your OAuth 2.0 credentials by following [this guide](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Once you get your client id and your client secret, you can configure your Neverest account this way: ```toml [accounts.outlook] email = "example@outlook.com" backend = "imap" imap.host = "outlook.office365.com" imap.port = 993 imap.login = "example@outlook.com" imap.oauth2.client-id = "" imap.oauth2.auth-url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize" imap.oauth2.token-url = "https://login.microsoftonline.com/common/oauth2/v2.0/token" imap.oauth2.pkce = true imap.oauth2.scope = "https://outlook.office.com/IMAP.AccessAsUser.All" message.send.backend = "smtp" smtp.host = "smtp.mail.outlook.com" smtp.port = 587 smtp.starttls = true smtp.login = "example@outlook.com" smtp.oauth2.client-id = "" smtp.oauth2.auth-url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize" smtp.oauth2.token-url = "https://login.microsoftonline.com/common/oauth2/v2.0/token" smtp.oauth2.pkce = true smtp.oauth2.scope = "https://outlook.office.com/SMTP.Send" # If you want your SMTP to share the same client id (and so the same access token) # as your IMAP config, you can add the following: # # imap.oauth2.client-id = "" # imap.oauth2.client-secret.keyring = "outlook-oauth2-client-secret" # imap.oauth2.access-token.keyring = "outlook-oauth2-access-token" # imap.oauth2.refresh-token.keyring = "outlook-oauth2-refresh-token" # # imap.oauth2.client-id = "" # imap.oauth2.client-secret.keyring = "outlook-oauth2-client-secret" # imap.oauth2.access-token.keyring = "outlook-oauth2-access-token" # smtp.oauth2.refresh-token.keyring = "outlook-oauth2-refresh-token" ``` Running `neverest configure -a outlook` will complete your OAuth 2.0 setup and ask for your client secret.
iCloud Mail From the [iCloud Mail](https://support.apple.com/en-us/HT202304) support page: - IMAP port = `993`. - IMAP login = name of your iCloud Mail email address (for example, `johnappleseed`, not `johnappleseed@icloud.com`) - SMTP port = `587` with `STARTTLS` - SMTP login = full iCloud Mail email address (for example, `johnappleseed@icloud.com`, not `johnappleseed`) ```toml [accounts.icloud] email = "johnappleseed@icloud.com" backend = "imap" imap.host = "imap.mail.me.com" imap.port = 993 imap.login = "johnappleseed" imap.passwd.cmd = "pass show icloud" message.send.backend = "smtp" smtp.host = "smtp.mail.me.com" smtp.port = 587 smtp.encryption = "start-tls" smtp.login = "johnappleseed@icloud.com" smtp.passwd.cmd = "pass show icloud" ```

FAQ

How to debug Neverest CLI? The simplest way is to use `--debug` and `--trace` arguments. The advanced way is based on environment variables: - `RUST_LOG=`: determines the log level filter, can be one of `off`, `error`, `warn`, `info`, `debug` and `trace`. - `RUST_SPANTRACE=1`: enables the spantrace (a span represent periods of time in which a program was executing in a particular context). - `RUST_BACKTRACE=1`: enables the error backtrace. - `RUST_BACKTRACE=full`: enables the full error backtrace, which include source lines where the error originated from. Logs are written to the `stderr`, which means that you can redirect them easily to a file: ``` RUST_LOG=debug neverest 2>/tmp/neverest.log ```
How the wizard discovers IMAP/SMTP configs? All the lookup mechanisms use the email address domain as base for the lookup. It is heavily inspired from the Thunderbird [Autoconfiguration](https://udn.realityripple.com/docs/Mozilla/Thunderbird/Autoconfiguration) protocol. For example, for the email address `test@example.com`, the lookup is performed as (in this order): 1. check for `autoconfig.example.com` 2. look up of `example.com` in the ISPDB (the Thunderbird central database) 3. look up `MX example.com` in DNS, and for `mx1.mail.hoster.com`, look up `hoster.com` in the ISPDB 4. look up `SRV example.com` in DNS 5. try to guess (`imap.example.com`, `smtp.example.com`…)

Sponsoring

nlnet

Special thanks to the NLnet foundation and the European Commission that helped the project to receive financial support from:

If you appreciate the project, feel free to donate using one of the following providers:

GitHub Ko-fi Buy Me a Coffee Liberapay thanks.dev PayPal