Provided by: interimap_0.5.7-3_all bug

NAME

       InterIMAP - Fast bidirectional synchronization for QRESYNC-capable IMAP servers

SYNOPSIS

       interimap [OPTION ...]  [COMMAND] [MAILBOX ...]

DESCRIPTION

       interimap   performs   stateful  synchronization  between  two  IMAP4rev1  servers.   Such
       synchronization is made possible by the QRESYNC IMAP extension;  for  convenience  reasons
       servers  must  also  support  the  LIST-EXTENDED, LIST-STATUS (or NOTIFY) and UIDPLUS IMAP
       extensions.  See also the supported extensions section below.

       Stateful synchronization is only possible  for  mailboxes  supporting  persistent  message
       Unique  Identifiers  (UID)  and  persistent  storage  of  mod-sequences (MODSEQ); any non-
       compliant mailbox will cause interimap to abort.  Furthermore, because UIDs are  allocated
       not by the client but by the server, interimap needs to keep track of associations between
       local and remote UIDs for each mailbox.  The synchronization state of a  mailbox  consists
       of  its  UIDNEXT  and  HIGHESTMODSEQ  values  on each server; it is then assumed that each
       message with UID smaller than UIDNEXT have been replicated to the other server,  and  that
       the  metadata  (such as flags) of each message with MODSEQ at most HIGHESTMODSEQ have been
       synchronized.  Conceptually, the synchronization algorithm is derived from RFC  4549  with
       the RFC 7162 (sec. 6) amendments, and works as follows:

       1. SELECT (on both servers) a mailbox the current UIDNEXT or HIGHESTMODSEQ values of which
          differ from the values found in the database (for  either  server).   Use  the  QRESYNC
          SELECT  parameter  from  RFC  7162 to list changes (vanished messages and flag updates)
          since HIGHESTMODSEQ to messages with UID smaller than UIDNEXT.

       2. Propagate these changes onto the other server: get  the  corresponding  UIDs  from  the
          database, then:

           a. issue  a  UID  STORE command, followed by UID EXPUNGE, to remove messages that have
              not already been deleted on both servers; and

           b. issue some UID STORE commands to propagate flag updates (send a single command  for
              each flag list in order the reduce the number of round trips).

           (Conflicts  may  occur  if  the metadata of a message has been updated on both servers
           with different flag lists; in that case, interimap issues a warning  and  updates  the
           message  on  each  server with the union of both flag lists.)  Repeat this step if the
           server sent some updates in the meantime.  Otherwise, update the  HIGHESTMODSEQ  value
           in the database.

       3. Process  new messages (if the current UIDNEXT value of the mailbox differs from the one
          found in the database) by issuing a UID FETCH command; process  each  received  message
          on-the-fly  by  issuing  an  APPEND  command  with the message’s RFC822 body, FLAGS and
          INTERNALDATE.  Repeat this step if the server received new messages  in  the  meantime.
          Otherwise,  update  the UIDNEXT value in the database.  Go back to step 2 if the server
          sent some metadata (such as flag) updates in the meantime.

       4. Go back to step 1 to proceed with the next unsynchronized mailbox.

COMMANDS

       By default, interimap synchronizes each mailbox listed by the LIST ""  "*"  IMAP  command;
       the  list-mailbox, list-select-opts and ignore-mailbox options from the configuration file
       can be used to shrink that list and save bandwidth.  However if some  extra  argument  are
       provided  on  the command line, interimap ignores these options and synchronizes the given
       MAILBOXes instead.  Note that each MAILBOX is taken “as is”; in  particular,  it  must  be
       UTF-7  encoded,  unquoted,  and  the list wildcards `*' and `%' are passed verbatim to the
       IMAP server.  If the local and remote hierarchy delimiter differ, then within the  MAILBOX
       names  the  local  delimiter  should  be  used (it is transparently substituted for remote
       commands and responses).

       If the synchronization was interrupted during a previous  run  while  some  messages  were
       being  replicated  (but  before  the  UIDNEXT  or HIGHESTMODSEQ values have been updated),
       interimap performs a “full synchronization” on theses messages: downloading the whole  UID
       and  flag lists on each servers allows interimap to detect messages that have been removed
       or for which their flags have changed in the meantime.   Finally,  after  propagating  the
       offline  changes for these messages, interimap resumes the synchronization for the rest of
       the mailbox.

       Specifying one of the commands below makes interimap perform  an  action  other  than  the
       default QRESYNC-based synchronization.

       --repair [MAILBOX ...]
              List  the  database  anomalies  and  try  to repair them.  (Consider only the given
              MAILBOXes if non-optional arguments are provided.)  This is done  by  performing  a
              so-called  “full  synchronization”,  namely:  1/ download all UIDs along with their
              flag list both from the local and remote servers; 2/ ensure that each entry in  the
              database  corresponds to an existing UID; and 3/ ensure that both flag lists match.
              Any message found on a server but not in the database is replicated  on  the  other
              server  (which in the worst case, might yield a message duplicate).  Flag conflicts
              are solved by updating each message to the union of both lists.

       --delete MAILBOX [MAILBOX ...]
              Delete the given MAILBOXes  on  each  target  (by  default  each  server  plus  the
              database,  unless --target specifies otherwise) where it exists.  Note that per the
              IMAP4rev1 standard deletion is not recursive.   Thus  MAILBOX’s  children  are  not
              deleted.

       --rename SOURCE DEST
              Rename  the  mailbox SOURCE to DEST on each target (by default each server plus the
              database, unless --target specifies otherwise) where it exists.   interimap  aborts
              if  DEST  already  exists  on  either target.  Note that per the IMAP4rev1 standard
              renaming is recursive.  Thus SOURCE’s children are moved to become DEST’s  children
              instead.

OPTIONS

       --config=FILE
              Specify   an   alternate   configuration   file.    Relative   paths   start   from
              $XDG_CONFIG_HOME/interimap,   or   ~/.config/interimap   if   the   XDG_CONFIG_HOME
              environment variable is unset.

       --target={local,remote,database}
              Limit  the  scope  of  a  --delete or --rename command to the given target.  Can be
              repeated to act on multiple targets.  By default all three targets are considered.

       --watch[=seconds]
              Don’t  exit  after  a  successful  synchronization.   Instead,  keep  synchronizing
              forever.  Sleep for the given number of seconds (by default 1 minute if --notify is
              unset, and 15 minutes if --notify is set) between  two  synchronizations.   Setting
              this options enables SO_KEEPALIVE on the socket for types other than tunnel.

       --notify
              Whether  to  use  the IMAP NOTIFY extension to instruct the server to automatically
              send updates to the client.  (Both local and remote servers must support  RFC  5465
              for  this  to work.)  This greatly reduces IMAP traffic since interimap can rely on
              server notifications instead of manually polling for updates.   If  the  connection
              remains  idle  for  15  minutes (configurable with --watch), then interimap sends a
              NOOP command to avoid being logged out for inactivity.

       -q, --quiet
              Try to be quiet.

       --debug
              Turn on debug mode.  Debug  messages,  which  includes  all  IMAP  traffic  besides
              literals,  are  written  to the given logfile.  The LOGIN and AUTHENTICATE commands
              are however redacted (in order  to  avoid  disclosing  authentication  credentials)
              unless the --debug flag is set multiple times.

       -h, --help
              Output a brief help and exit.

       --version
              Show the version number and exit.

CONFIGURATION FILE

       Unless  told  otherwise  by  the  --config=FILE  command-line  option, interimap reads its
       configuration from $XDG_CONFIG_HOME/interimap/config (or ~/.config/interimap/config if the
       XDG_CONFIG_HOME  environment  variable  is  unset)  as  an  INI  file.   The syntax of the
       configuration file is a series of OPTION=VALUE lines organized under some [SECTION]; lines
       starting  with  a  `#' or `;' character are ignored as comments.  The [local] and [remote]
       sections define the two IMAP servers to synchronize.  Valid options are:

       database
              SQLite version 3 database file to use to keep track of associations  between  local
              and  remote  UIDs,  as  well  as the UIDVALIDITY, UIDNEXT and HIGHESTMODSEQ of each
              known mailbox on both servers.  Relative paths start from $XDG_DATA_HOME/interimap,
              or  ~/.local/share/interimap  if  the  XDG_DATA_HOME environment variable is unset.
              This option is only available in the default  section.   (Default:  HOST.db,  where
              HOST is taken from the [remote] or [local] sections, in that order.)

       list-reference
              An  optional  “reference  name” to use for the initial LIST command, indicating the
              context in which the MAILBOXes are interpreted.  For instance, by specifying  list-
              reference=perso/  in the [local] section, MAILBOX names are interpreted relative to
              perso/ on the local server; in other words the remote mailbox hierarchy  is  mapped
              to  the perso/ sub-hierarchy on the local server.  This is useful for synchronizing
              multiple remote servers against different namespaces belonging to  the  same  local
              IMAP server (using a different interimap instance for each local namespace ↔ remote
              synchronization).

              (Note that if the reference name is not a level of mailbox  hierarchy  and/or  does
              not  end  with  the hierarchy delimiter, by RFC 3501 its interpretation by the IMAP
              server is implementation-dependent.)

       list-mailbox
              A space separated list of mailbox patterns to use when  issuing  the  initial  LIST
              command  (overridden  by  the  MAILBOXes  given  as command-line arguments).  Names
              containing special characters such as spaces or brackets need  to  be  enclosed  in
              double quotes.  Within double quotes C-style backslash escape sequences can be used
              (`\t' for an horizontal tab, `\n' for a new line, `\\' for a backslash,  etc.),  as
              well  as hexadecimal escape sequences `\xHH'.  Furthermore, non-ASCII names must be
              UTF-7 encoded.  Two wildcards are  available,  and  passed  verbatim  to  the  IMAP
              server:  a  `*'  character  matches  zero or more characters, while a `%' character
              matches zero or more characters up to the  hierarchy  delimiter.   Hard-coding  the
              hierarchy  delimiter  in  this  setting  is  not  advised  because the server might
              silently change it at some point.  A null character should be  used  instead.   For
              instance,  if  list-mailbox  is  set  "foo\x00bar"  then,  assuming  the  hierarchy
              delimiter is `/', only the mailbox named foo/bar is considered for synchronization.

              This option is only available in the default section.   (The  default  pattern,  *,
              matches all visible mailboxes on the server.)

       list-select-opts
              An  optional  space  separated  list  of  selectors  for  the initial LIST command.
              (Requires a server supporting the LIST-EXTENDED IMAP extension.)  Useful values are
              SUBSCRIBED  (to  list  only  subscribed  mailboxes),  REMOTE  (to  also list remote
              mailboxes on a server supporting mailbox referrals), and  RECURSIVEMATCH  (to  list
              parent  mailboxes  with  children matching one of the above list-mailbox patterns).
              This option is only available in the default section.

       ignore-mailbox
              An optional Perl  Compatible  Regular  Expressions  (PCRE)  covering  mailboxes  to
              exclude:  any  (UTF-7  encoded  and  unquoted)  mailbox  listed in the initial LIST
              responses is ignored  if  it  matches  the  given  expression  after  trimming  the
              reference  names  and substituting the hierarchy delimiter with the null character.
              For instance, specifying ^virtual(?:\x00|$) excludes the mailbox named “virtual” as
              well  as  its descendants.  Note that the MAILBOXes given as command-line arguments
              bypass the check and are always considered for  synchronization.   This  option  is
              only available in the default section.

       logfile
              A  file  name  to  use  to log debug and informational messages.  (By default these
              messages are written to the error output.)  This option is only  available  in  the
              default section.

       log-prefix
              A  printf(3)-like format string to use as prefix for each log message.  Interpreted
              sequences  are  %n  and  %m,  expanding  respectively   to   the   component   name
              (local/remote)  and  to  the  name  of  the  mailbox  relevant  for  the log entry.
              Conditions on a specifier %X can be  obtained  with  %?X?then?  or  %?X?then&else?,
              which  expands  to  then  if the %X specifier expands to a non-empty string, and to
              else (or the empty string if there is no else condition) if it doesn’t.  Literal  %
              characters  need  to  be  escaped  as  %%,  while  &, ? and \ characters need to be
              \-escaped.  (Default: %?n?%?m?%n(%m)&%n?: ?.)

       type   One of imap, imaps or tunnel.  type=imap and type=imaps are respectively  used  for
              IMAP  and  IMAP  over  SSL/TLS connections over an INET socket.  type=tunnel causes
              interimap to  create  an  unnamed  pair  of  connected  sockets  for  inter-process
              communication  with  a  command  instead  of  opening  a network socket.  Note that
              specifying type=tunnel in the [remote] section makes the  default  database  to  be
              localhost.db.  (Default: imaps.)

       host   Server  hostname  or  IP  address,  for  type=imap  and  type=imaps.  The value can
              optionally be enclosed in square brackets to force  its  interpretation  as  an  IP
              literal (hence skip name resolution).  (Default: localhost.)

       port   Server port.  (Default: 143 for type=imap, 993 for type=imaps.)

       proxy  Optional  SOCKS  proxy to use for TCP connections to the IMAP server (type=imap and
              type=imaps only),  formatted  as  PROTOCOL://[USER:PASSWORD@]PROXYHOST[:PROXYPORT].
              If  PROXYPORT  is  omitted,  it is assumed at port 1080.  Only SOCKSv5 is supported
              (with optional username/password authentication),  in  two  flavors:  socks5://  to
              resolve hostname locally, and socks5h:// to let the proxy resolve hostname.

       command
              Command  to use for type=tunnel.  Must speak the IMAP4rev1 protocol on its standard
              output, and understand it on its standard input.  The value is passed  to  `/bin/sh
              -c`  if  it contains shell metacharacters; otherwise it is split into words and the
              resulting list is passed to execvp(3).

       STARTTLS
              Whether to use the STARTTLS directive to upgrade to a secure  connection.   Setting
              this  to  YES for a server not advertising the STARTTLS capability causes interimap
              to immediately abort the connection.  (Ignored for types other than imap.  Default:
              YES.)

       auth   Space-separated  list  of  preferred authentication mechanisms.  interimap uses the
              first mechanism in that list that is also advertised (prefixed with AUTH=)  in  the
              server’s capability list.  Supported authentication mechanisms are PLAIN and LOGIN.
              (Default: PLAIN LOGIN.)

       username, password
              Username and  password  to  authenticate  with.   Can  be  required  for  non  pre-
              authenticated connections, depending on the chosen authentication mechanism.

       compress
              Whether  to  use the IMAP COMPRESS extension for servers advertising it.  (Default:
              NO for the [local] section, YES for the [remote] section.)

       null-stderr
              Whether to redirect command’s standard error to /dev/null  for  type=tunnel.   This
              option is ignored when the --debug flag is set.  (Default: NO.)

       SSL_protocols
              Space-separated  list of SSL/TLS protocol versions to explicitly enable (or disable
              if prefixed with an exclamation mark !).  Potentially known  protocols  are  SSLv2,
              SSLv3, TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3, depending on the OpenSSL version used.
              Enabling a protocol is a short-hand for disabling all other protocols.

              DEPRECATED: Use SSL_protocol_min and/or SSL_protocol_max instead.

       SSL_protocol_min, SSL_protocol_max
              Set minimum resp.  maximum SSL/TLS protocol version  to  use  for  the  connection.
              Potentially  recognized  values  are  SSLv3,  TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3,
              depending on the OpenSSL version used.

       SSL_cipherlist, SSL_ciphersuites
              Sets the  TLSv1.2  and  below  cipher  list  resp.   TLSv1.3  cipher  suites.   The
              combination  of  these  lists  is  sent  to the server, which then determines which
              cipher to use (normally the first supported one from the list sent by the  client).
              The  default  suites  depend  on  the  OpenSSL  version  and its configuration, see
              ciphers(1ssl) for more information.

       SSL_fingerprint
              Space-separated list  of  acceptable  fingerprints  for  the  server  certificate’s
              Subject  Public  Key  Info,  in the form [ALGO$]DIGEST_HEX where ALGO is the digest
              algorithm (by default sha256).  Attempting to connect  to  a  server  with  a  non-
              matching  certificate  SPKI  fingerprint  causes  interimap to abort the connection
              during the SSL/TLS handshake.  The following command can be  used  to  compute  the
              SHA-256 digest of a certificate’s Subject Public Key Info:

                     $ openssl x509 -in /path/to/server/certificate.pem -pubkey \
                         | openssl pkey -pubin -outform DER \
                         | openssl dgst -sha256

              Specifying  multiple  digest  values can be useful in key rollover scenarios and/or
              when the server supports certificates of different types (for instance a  dual-cert
              RSA/ECDSA  setup).   In  that  case  the  connection  is  aborted  when none of the
              specified digests matches.

       SSL_verify
              Whether to 1/ verify the  server  certificate  chain;  and  2/  match  its  Subject
              Alternative  Name  (SAN)  or  Subject CommonName (CN) against the value of the host
              option.  (Default: YES.)

              Note  that  using  SSL_fingerprint  to  specify  the  fingerprint  of  the   server
              certificate  provides  an  independent  server  authentication  measure  as it pins
              directly its key material and ignore its chain of trust.

       SSL_CAfile
              File containing trusted certificates to use during server certificate  verification
              when SSL_verify=YES.

              Trusted CA certificates are loaded from the default system locations unless one (or
              both) of SSL_CAfile or SSL_CApath is set.

       SSL_CApath
              Directory to use for server certificate  verification  when  SSL_verify=YES.   This
              directory must be in “hash format”, see verify(1ssl) for more information.

              Trusted CA certificates are loaded from the default system locations unless one (or
              both) of SSL_CAfile or SSL_CApath is set.

       SSL_hostname
              Name to use for the TLS SNI (Server Name Indication) extension.  The default  value
              is  taken  from the host option when it is a hostname, and to the empty string when
              it is an IP literal.  Setting SSL_hostname to the empty string explicitly  disables
              SNI.

SUPPORTED EXTENSIONS

       interimap  takes advantage of servers supporting the following extensions to the IMAP4rev1
       protocol (those marked as “recommended” give the most significant performance gain):

       • LITERAL+ (RFC 2088, recommended);

       • MULTIAPPEND (RFC 3502, recommended);

       • COMPRESS=DEFLATE (RFC 4978, recommended);

       • NOTIFY (RFC 5465);

       • SASL-IR (RFC 4959); and

       • UNSELECT (RFC 3691).

KNOWN BUGS AND LIMITATIONS

       • Using interimap on two identical servers with a  non-existent  or  empty  database  will
         duplicate  each  message  due to the absence of local ↔ remote UID association.  (Should
         they arise, an external tool such as doveadm-deduplicate(1) can be  used  to  weed  them
         out.)   Hence  one  needs  to manually empty the mail store on one end when migrating to
         interimap from another synchronization solution.

       • interimap is single threaded and doesn’t use IMAP command  pipelining.   Synchronization
         could be boosted up by sending independent commands (such as the initial LIST and STATUS
         commands) to both servers in parallel, and for a given server,  by  sending  independent
         commands (such as flag updates) in a pipeline.

       • Because  the  IMAP  protocol doesn’t have a specific response code for when a message is
         moved to another mailbox (either using the MOVE command from RFC 6851,  or  via  COPY  +
         STORE + EXPUNGE), moving a message causes interimap to believe that it was deleted while
         another one (which is replicated again) was added to the other mailbox in the meantime.

       • Because the IMAP protocol doesn’t provide a way  for  clients  to  determine  whether  a
         disappeared  mailbox  was  deleted  or  renamed,  interimap  aborts when a known mailbox
         disappeared from one server but not the other.  The --delete (resp.   --rename)  command
         should  be used instead to delete (resp.  rename) the mailbox on both servers as well as
         within interimap’s internal database.

       • PLAIN and LOGIN are the only authentication mechanisms currently supported.

       • interimap will probably not work with non  RFC-compliant  servers.   In  particular,  no
         work-around  is  currently  implemented  beside  the tunables in the configuration file.
         Moreover, few IMAP servers have been tested so far.

STANDARDS

       • M.  Leech, M.  Ganis, Y.  Lee, R.  Kuris, D.   Koblas  and  L.   Jones,  SOCKS  Protocol
         Version 5, RFC 1928, March 1996.

       • M.  Leech, Username/Password Authentication for SOCKS V5, RFC 1929, March 1996.

       • J.  Myers, IMAP4 non-synchronizing literals, RFC 2088, January 1997.

       • D.  Goldsmith and M.  Davis, A Mail-Safe Transformation Format of Unicode, RFC 2152, May
         1997.

       • C.  Newman, Using TLS with IMAP, POP3 and ACAP, RFC 2595, June 1999.

       • M.  Crispin, Internet Message Access Protocol - Version 4rev1, RFC 3501, March 2003.

       • M.  Crispin, Internet Message Access Protocol (IMAP) - MULTIAPPEND Extension, RFC  3502,
         March 2003.

       • A.   Melnikov,  Internet  Message  Access  Protocol  (IMAP)  UNSELECT command, RFC 3691,
         February 2004.

       • M.  Crispin, Internet Message Access Protocol (IMAP)  -  UIDPLUS  extension,  RFC  4315,
         December 2005.

       • A.   Melnikov, Synchronization Operations for Disconnected IMAP4 Clients, RFC 4549, June
         2006.

       • A.  Gulbrandsen, The IMAP COMPRESS Extension, RFC 4978, August 2007.

       • R.  Siemborski and  A.   Gulbrandsen,  IMAP  Extension  for  Simple  Authentication  and
         Security Layer (SASL) Initial Client Response, RFC 4959, September 2007.

       • A.  Gulbrandsen and A.  Melnikov, The IMAP ENABLE Extension, RFC 5161, March 2008.

       • B.   Leiba  and  A.  Melnikov, Internet Message Access Protocol version 4 - LIST Command
         Extensions, RFC 5258, June 2008.

       • A.  Gulbrandsen, C.  King and  A.   Melnikov,  The  IMAP  NOTIFY  Extension,  RFC  5465,
         February 2009.

       • A.   Melnikov  and  T.   Sirainen,  IMAP4  Extension for Returning STATUS Information in
         Extended LIST, RFC 5819, March 2010.

       • A.  Gulbrandsen and N.  Freed, Internet Message Access Protocol (IMAP) - MOVE Extension,
         RFC 6851, January 2013.

       • A.   Melnikov  and  D.   Cridland, IMAP Extensions: Quick Flag Changes Resynchronization
         (CONDSTORE) and Quick Mailbox Resynchronization (QRESYNC), RFC 7162, May 2014.

BUGS AND FEEDBACK

       Bugs or feature requests for interimap should be  filed  with  the  Debian  project’s  bug
       tracker at <https://www.debian.org/Bugs/>.

SEE ALSO

       A  getting started guide is available locally at <file:///usr/share/doc/interimap/getting-
       started.md.gz>, and online at <https://guilhem.org/interimap/getting-started.html>.

AUTHORS

       Guilhem Moulin (mailto:guilhem@fripost.org).

                                            July 2015                                interimap(1)