Sauvegarde boite mail

je sais pas si ça peut aider, je viens de trouver cet outil : MailStore Home – Free Email Archiving and Backup for Home Users

J’ai galĂ©rĂ© auparavant pour transfĂ©rer des boites mails d’un serveur Ă  un autre.
Avec thunderbird j’ai eu des pertes de donnĂ©es.

Tu peux utiliser Fetchmail pour récupérer les emails et les renvoyer sur une autre boßte, notamment ton serveur de mail sur Yunohost.
En 15 ans d’utilisation, je n’ai jamais eu un problùme avec fetchmail, ce qui pour moi le classe dans le haut du panier.

Il y a mbsync/isync, il est dans les depots Debian.

J’ai utilise imapsync, mais je trouve isync plus fiable et plus rapide.

Je espere vous pouvez comprendre ma Francais, ma Francais n’est pas bon, excuser moi! :slight_smile:

1 Like

Could you please share with us the full commands for :

  1. Installing it
  2. Using it correctly

Thanks a lot

Yes, of course. I hesitated to include it in my previous post. I created a pull request for the English version of our documentation.

Here are the contents:


isync site

The names isync (the project) and mbsync (the program) are about the same ‘thing’

The program is available in the Debian repositories. Install by:

sudo apt install isync

To run mbsync, a configuration file in your home directory is needed. Then run:

mbsync -a

A configuration file for syncing two IMAP mailboxes looks like:

# old account
## account access definition
IMAPAccount friendly_name      # free format
Host imap.domain.tld           # the old/existing mailserver
User email_address@domain.tld  # your credentials for that server
Pass secret_password           # 
SSLType IMAPS                  # probably IMAPS
CertificateFile /etc/ssl/certs/ca-certificates.crt

## mbsync account/data reference
IMAPStore friendly_name  # free format, easy when identical
Account friendly_name    # has to match IMAPAccount above

# new account
## account access definition
IMAPAccount yuno      # again, give it a recognizable name
Host mydomain.tld     # the new Yunohost mailserver 
User my_yuno_user     # your Yunohost SSO username 
Pass password         # and pass 
SSLType IMAPS         # IMAPS for Yunohost
CertificateFile /etc/ssl/certs/ca-certificates.crt 

## mbsync account/data reference 
IMAPStore yuno    # again, free to choose, both yuno is easy
Account yuno      # again, has to match the name above

# synchronization definition 
Channel oldmail2yuno   # give this combination of settings a name 
Master :friendly_name: # the IMAPStore-name where the old mail is 
Slave :yuno:           # the IMAPStore-name of your new Yunohost 
Patterns *             # probably you want everything ...
CopyArrivalDate yes    # ... with the original date 
Create Slave           # if folder/mail does not exist, create it on Yunohost 
Expunge None           # don't throw things away 
Sync All               # without sync it would not be so useful
# this directory needs to exist; mkdir manually in advance
Syncstate /home/my_yuno_user/.mbsync_state/   # mkdir `name` has to match this setting, of course 

In this configuration only 1 mailbox is synced, but it supports syncing of multiple accounts as well. Besides syncing from/to IMAP, it also supports maildir on either end of the synchronisation.

Pay attention that passwords for both accounts are in this config in plain sight.


Hello @wbk !

Following your advice in another thread, I installed mbsync/isync, and tried to alter your .mbsyncrc sample file to suit my needs.

mbsync/isync warned that Master & Slave were now obsolete. So I replaced them with Far & Near.
But this is not the main problem : I got an error that stops the process :

Error, certificate owner does not match hostname mail.domain.tld

I have 3 domains on my YUnoHost server :

  • domain.tld
  • mail.domain.tld
  • www.domain.tld

www.domain.tld is the oldest one (was the only one until I decided to host mail recently), and as such, is considered as the main domain (“Domaine principal”) by YUnoHost.

Each of these 3 domains has its own Let’s Encrypt certificate.

The mailbox I try to import from Gandi is info@domain.tld (the address that was hosted by Gandi is the same as the one now hosted by my server).
I installed Roundcube on the domain called mail.domain.tld, and I can access my emails through Roundcube webmail.

Do you have any idea, why mbsync/isync refuses my certificate ?

Salut @wbk !

J’ai suivi le conseil que tu m’as donnĂ© dans une autre enfilade : j’ai installĂ© mbsync/isync, et essayĂ© de modifier ton modĂšle de fichier .mbsyncrc pour qu’il corresponde Ă  mes besoins.

mbsync/isync m’a alertĂ© que Master & Slave Ă©taient dĂ©sormais obsolĂštes. Je les ai donc remplacĂ©s par Far & Near.
Mais ce n’est pas le problĂšme principal : j’ai une erreur qui arrĂȘte le processus :

Error, certificate owner does not match hostname mail.domain.tld

J’hĂ©berge 3 domaines sur mon serveur YUnoHost :

  • domain.tld
  • mail.domain.tld
  • www.domain.tld

www.domain.tld est le plus ancien (le seul jusqu’à ce que je dĂ©cide d’hĂ©berger mon courriel rĂ©cemment), et en tant que tel, est considĂ©rĂ© comme le “Domaine principal” par YUnoHost.

Chacun de ces 3 domaines a son propre certificat Let’s Encrypt.

La boĂźte mail que j’essaie d’importer de chez Gandi est info@domain.tld (l’adresse qui Ă©tait hĂ©bergĂ©e par Gandi est identique Ă  celle que j’hĂ©berge maintenant sur mon serveur).
J’ai installĂ© Roundcube sur le domaine appelĂ© mail.domain.tld, et j’ai accĂšs Ă  mes mails Ă  travers Roundcube webmail.

Saurais-tu pourquoi mbsync/isync refuse mon certificat ?


Hi Cobus,

Does the error concern the Yunohost-end of the connection, or the connection at the Ghandi-side?

Hi @wbk !

The Yunohost-end of the connection.

Given that I have 3 domains on my YUnoHost server, I think I should alter the path to the CertificateFile. But How ?
I don’t know where YUnoHost stores each domain.

Hi Cobus,

Have a look in

# ls /etc/yunohost/certs/

I just saw the location passing by in /var/log/nginx/error.log of my own server when troubleshooting another issue :smiley:

Thanks for the tip !

There are 7 certificates :

  • domain.tld
  • domain.tld-history
  • mail.domain.tld
  • mail.domain.tld-history
  • www.domain.tld
  • www.domain.tld-history

So I altered the .mbsyncrc file to the following :

# new account
## account access definition
IMAPAccount yuno                    # again, give it a recognizable name
Host mail.domain.tld                # the new Yunohost mailserver
User info                           # your Yunohost SSO username
Pass ****                           # and pass
SSLType IMAPS                       # IMAPS for Yunohost
CertificateFile /etc/yunohost/certs/mail.domain.tld

But mbsync -a returned an error ;

CertificateFile '/etc/yunohost/certs/mail.domain.tld': No such file or directory

Reminder :
www.domain.tld is the oldest one (was the only one until I decided to host mail recently), and as such, is considered as the main domain (“Domaine principal”) by YUnoHost.

Which user runs the command? Does ls /etc/yunhost/certs/ show the certificates, with that user?

I have used isync/mbsync on multiple occasions in the past; I don’t recall having trouble with certificates (but that was before a large portion of websites implemented secure connections as a default). I have run it from my computer (with both mailboxes being remote) as well as from Yunohost itself (connecting only to the far end). I am not sure which user ran the command though.

You might try the working principle for a small mailbox between Ghandi and another mailbox than on Yunohost, to confirm the rest of the mechanism works so you don’t have more surprises when the problem with certificates is solved.

I run it from my computer (“third computer”) (with both mailboxes being remote).

To double check we understand well eachother :

  • the old (=“Far”) mailbox is hosted on Gandi computers (“in the cloud”)
  • the new (=“Near”) mailbox is hosted on my Raspberry Pi2 YUnoHost server
  • I installed mbsync/isync on a “third computer”. The .mbsyncrc file is on the same “third computer”

Of course, ls /etc/yunohost/certs/ returns nothing if ran on the “third computer”.
I ran sudo ssh root@mail.domain.tld on the “third computer”, which led me to the www part of my YUnoHost server through SSH (I guess, this is because www.domain.tld is the main domain from YUnoHost point of view). Here is the prompt :


From this prompt, ls /etc/yunohost/certs/ returns the 7 certificates I listed in message #15.

I tried to log as admin (I ran sudo ssh admin@mail.domain.tld). Buth then, ls /etc/yunohost/certs/ fails :

ls: cannot open directory '/etc/yunohost/certs/': Permission denied

But all this was valid yesterday. Today, the IPv6 address of the “third computer” is banned by sshd and pam-generic.
I put my IPv6 in whitelist :

fail2ban-client set sshd addignoreip xxxx:xxx:xxx:xxxx:xxxx:xxxx:xxxx:xxxx
fail2ban-client set pam-generic addignoreip xxxx:xxx:xxx:xxxx:xxxx:xxxx:xxxx:xxxx

But ssh still returns Permission denied, please try again.
Whitelisting IPv6 addresses does not seem to work. :face_with_raised_eyebrow:


That is annoying! Some process must be trying to log in with incorrect credentials.

Have you been able to log in, in the mean time? (I guess so, else you would not have been able to issue the ignoreip-commands :stuck_out_tongue: )

My next attempt would be to run isync/mbsync from there. Could you give it a try, if you have not yet?

Hi @wbk !
Thanks for the time you spend helping me !

From the “third computer”, no.
But I could SSH with a “fourth computer”.

I am a bit reluctant to install mbsync/isync on my Yunohost server : a Raspberry Pi 2 is not a powerful server. The less things I install on it, the less I will slow it. Plus I fear to break things in the YUnoHost server.

On my agenda today :

  • try to SSH with the “third computer” from another location (in the hope that the IPv6 address will be different)
  • “try the working principle for a small mailbox between Ghandi and another mailbox than on Yunohost, to confirm the rest of the mechanism works”, as you advised in message #17


This failed.
I could not SSH my YUnoHost server with my “third computer”, nor with my “fourth computer”.
All I did until yesterday was done with all computers on the LAN. Today, I am acting from the WAN.
I think that I chose to block SSH from WAN when I installed YUnoHost several years ago.
I still have access to YUnoHost web interface.
I have been searching where the WAN lock can be (un)triggered, but did not find it.

Hello @wbk ,

I can report a success (sort of) !
I could transfer many messages with mbsync/isync to a “” mailbox. But the process stopped because of an overquota (the mailbox at ended up full).


No more banning now.

I am back to the situation I described in the first part of post #18.

I found the solution : I asked YUnoHost to consider that the main domain is domain.tld
This solved my problem with certificates.

J’ai trouvĂ© la solution : j’ai demandĂ© Ă  YUnoHost de considĂ©rer que le domaine principal Ă©tait domain.tld
Ça a rĂ©solu mon problĂšme de certificat.


1 Like

Great! Thanks for posting the solution :slight_smile: