How to back up Gmail on Debian using isync

This is an updated version of the similar post I wrote in 2008.

aptitude install isync ca-certificates

Optional: how to find out the CA

Let's find out the certificate authority imap.gmail.com uses by running the following command:

openssl s_client -connect imap.gmail.com:993 -showcerts

Take note of the certificate chain. Currently it's like this:

Certificate chain  
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com  
i:/C=US/O=Google Inc/CN=Google Internet Authority  
-----BEGIN CERTIFICATE-----  
MIIDgDCCAumgAwIBAgIKVEsbtQABAACELjANBgkqhkiG9w0BAQUFADBGMQswCQYD  
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu  
dGVybmV0IEF1dGhvcml0eTAeFw0xMzA0MTUwODQ0MDBaFw0xMzEyMzExNTU4NTBa  
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N  
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5pbWFw  
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3a/wUjZBSOgZ  
EeyRqaSaKEwS8+1y/8AK9HdplSR72PU+iBc7HyA4aXgD6XYEJVoyGsO97nMj+oeN  
2iNvKfkPvTrn2YnQfJLuxpEw9gwIHvwVqy3TNpHwt4DHnxOg5CxV8e7PaCAhAXD+  
uj0H09aVFJmfYDnU0VSSukNJX2MZSJUCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG  
CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUY9A6EExy3NNFBc2R0vrY8lpf  
OB8wHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ  
oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv  
cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY  
MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy  
bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB  
Af8EAjAAMBkGA1UdEQQSMBCCDmltYXAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUA  
A4GBAAcrDCcXCKZ2VNcJv31SSXTKs1AH0sU1lvAB0kzy3mIB/H8UHvMz1+T3Lfmy  
68bqBSM97W6MO6UiqmVvbMhwPBrktUVT/Q4cWskVf2MONrW3g0UtX47L1ocs/WZe  
XdUTkjQ3EFCzxpw4joHefndfZHsEn0VrjZR49kzR9+1Me7Rz  
-----END CERTIFICATE-----  
1 s:/C=US/O=Google Inc/CN=Google Internet Authority  
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority  
-----BEGIN CERTIFICATE-----  
MIICsDCCAhmgAwIBAgIDFXfhMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT  
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0  
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTIxMjEyMTU1ODUwWhcNMTMxMjMxMTU1ODUw  
WjBGMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZ  
R29vZ2xlIEludGVybmV0IEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw  
gYkCgYEAye23pIucV+eEPkB9hPSP0XFjU5nneXQUr0SZMyCSjXvlKAy6rWxJfoNf  
NFlOCnowzdDXxFdF7dWq1nMmzq0yE7jXDx07393cCDaob1FEm8rWIFJztyaHNWrb  
qeXUWaUr/GcZOfqTGBhs3t0lig4zFEfC7wFQeeT9adGnwKziV28CAwEAAaOBozCB  
oDAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUv8Aw  
6/VDET5nup6R+/xq2uNrEiQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E  
BAMCAQYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20v  
Y3Jscy9zZWN1cmVjYS5jcmwwDQYJKoZIhvcNAQEFBQADgYEAvprjecFG+iJsxzEF  
ZUNgujFQodUovxOWZshcnDW7fZ7mTlk3zpeVJrGPZzhaDhvuJjIfKqHweFB7gwB+  
ARlIjNvrPq86fpVg0NOTawALkSqOUMl3MynBQO+spR7EHcRbADQ/JemfTEh2Ycfl  
vZqhEFBfurZkX0eTANq98ZvVfpg=  
-----END CERTIFICATE-----  
---  
Server certificate  
subject=/C=US/ST=California/L=Mountain View/O=Google
Inc/CN=imap.gmail.com  
issuer=/C=US/O=Google Inc/CN=Google Internet Authority

Especially, note this:

i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

Thus, we need to provide /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt to mbsync.

mbsync configuration

Create mbsync.rc with the following content:

MaildirStore local  
Path \~/backups/gmail/mail

IMAPStore gmail-username  
Host imap.gmail.com  
User username@gmail.com  
UseIMAPS yes  
CertificateFile
/usr/share/ca-certificates/mozilla/Equifax\_Secure\_CA.crt

Channel backup-username  
Master ":gmail-username:[Gmail]/All Mail"  
Slave :local:username  
Sync PullNew  
Create Slave  
SyncState \*

That's it! Now run the backup:

mbsync -c mbsync.rc backup-username

And possibly browse your mails with mutt:

mutt -f ~/backups/gmail/mail/username