This program can pull, and send, email and labels (and changes to labels) from your GMail account and store them locally in a maildir with the labels synchronized with a notmuch database. The changes to tags in the notmuch database may be pushed back remotely to your GMail account.
Lieer will not and can not:
- Add or delete messages on your remote account (except syncing the
trash
orspam
label to messages, and those messages will eventually be deleted) - Modify messages other than their labels
While Lieer has been used to successfully synchronize millions of messages and tags by now, it comes with NO WARRANTIES.
- Python 3
- Notmuch 0.30+ for
notmuch2
Python bindings google_api_python_client
(sometimesgoogle-api-python-client
)google_auth_oauthlib
tqdm
(optional - for progress bar)
After cloning the repository Lieer can be installed through pip by using the command pip install .
This assumes your root mail folder is in ~/.mail
and that this folder is already set up with notmuch.
-
Make a directory for the lieer storage and state files (local repository).
$ cd ~/.mail $ mkdir account.gmail $ cd account.gmail/
All commands should be run from the local mail repository unless otherwise specified.
-
Ignore the
.json
files in notmuch. Any tags listed innew.tags
will be added to newly pulled messages. Process tags on new messages directly after running gmi, or runnotmuch new
to trigger thepost-new
hook for initial tagging. Thenew.tags
are not ignored by default if you do not remove them, but you can prevent custom tags from being pushed to the remote by using e.g.gmi set --ignore-tags-local new
. In your notmuch config file (usually~/.notmuch-config
):[new] tags=new ignore=/.*[.](json|lock|bak)$/
-
Initialize the mail storage:
$ gmi init your.email@gmail.com
gmi init
will now open your browser and request limited access to your e-mail.The access token is stored in
.credentials.gmailieer.json
in the local mail repository. If you wish, you can specify your own api key that should be used. -
You're now set up, and you can do the initial pull.
Use
gmi -h
orgmi command -h
to get more usage information.
will pull down all remote changes since last time, overwriting any local tag changes of the affected messages.
$ gmi pull
the first time you do this, or if a full synchronization is needed it will take longer. You can try to use the --resume
option if you get stuck on getting the metadata and have to abort (this will cause local changes made in the interim to be ignored in the next push).
will push up all changes since last push, conflicting changes will be ignored
unless -f
is specified. these will be overwritten with the remote changes at
the next pull
.
$ gmi push
$ cd ~/.mail/account.gmail
$ gmi sync
This effectively does a push
followed by a pull
. Any conflicts detected
with the remote in push
will not be pushed. After the next pull
has been
run the conflicts should be resolved, overwriting the local changes with the
remote changes. You can force the local changes to overwrite the remote changes
by using push -f
.
Note: If changes are being made on the remote, on a message that is currently being synced with
lieer
, the changes may be overwritten or merged in weird ways.
See below for more caveats.
Lieer may be used as a simple stand-in for the sendmail
MTA. A typical configuration for a MUA send command might be:
gmi send -t -C ~/.mail/account.gmail
For example, you can enable git send-email with git config sendemail.sendmailcmd "gmi send -t -C $HOME/.mail/account.gmail"
.
Like the real sendmail program, the raw message is read from stdin
.
Most sendmail implementations allow passing additional recipients in additional
arguments. However, the GMail API only supports the -t
(--read-recipients
) mode of
sendmail, without additional recipients.
We try to support valid combinations from MUAs that make use of recipients passed as arguments. Additional recipients are ignored, but validated. The following combinations are OK:
-
When
-t
is passed, we need to check for the CLI-passed recipients to be equal or a subset of the ones passed in the headers. -
When
-t
is not passed, all header-passed recipients need to be provided in the CLI as well.
This avoids silently not sending mail to some recipients (pretending we did), or sending mail to recipients we didn't want to send to again.
One of the implication of -t
is you have to keep Bcc:
header in your
message when passing it to sendmail
. It is not enough to just put the
additional recipient on the command line. For mutt
, this means setting
write_bcc
option.
Lieer will try to associate the sent message with the existing thread if it has
an In-Reply-To
header. According to the Gmail
API
the Subject:
header must also match, but this does not seem to be necessary
(at least not where just Re:
has been prepended).
If the email address in the
From:
header does not match exactly the one of your account, it seems like GMail resets the from to your account address only.
Note that the following flags are ignored for sendmail
compatibility:
-f
(ignored, set envelopeFrom:
yourself)-o
(ignored)-i
(always implied, not bothered by single.
's)
There are instructions for using this in your email client (for example Emacs) in the wiki.
Lieer can be configured using gmi set
. Use without any options to get a list of the current settings as well as the current history ID and notmuch revision.
Account
is the GMail account the repository is synced with. Configured during setup with gmi init
.
historyId
is the latest synced GMail revision. Anything since this ID will be fetched on the next gmi pull
(partial).
lastmod
is the latest synced Notmuch database revision. Anything changed after this revision will be pushed on gmi push
.
Timeout
is the timeout in seconds used for the HTTP connection to GMail. 0
means the forever or system error/timeout, whichever occurs first.
File extension
is an optional argument to include the specified extension in local file names (e.g., mbox
) which can be useful for indexing them with third-party programs.
Important: If you change this setting after synchronizing, the best case scenario is that all files will appear to not have being pulled down and will be re-downloaded (and duplicated with a different extension in the maildir). There might also be changes to tags. You should in theory be able to change it by renaming all files, but since this will update the lastmod you will get a check on all files.
Drop non existing labels
can be used to silently ignore errors where GMail gives us a label identifier which is not associated with a label. See Caveats.
Replace slash with dot
is used to replace the sub-label separator (/
) with a dot (.
). I think this is easier to work with. Important: See note below on changing this setting after initial sync.
Ignore tags (local)
can be used to specify a list of tags which should not be synced from local to remote (e.g. new
). In addition to the user-configured tags these tags are ignored: 'attachment', 'encrypted', 'signed', 'passed', 'replied', 'muted', 'mute', 'todo', 'Trash', 'voicemail'
. Some are special tags in notmuch and some are unsupported by GMail. See Caveats below for more explanations. Note: This setting expects translated tags.
Important: See note below on changing this setting after initial sync.
Ignore tags (remote)
can be used to specify a list of tags (labels) which should not be synced from remote (GMail) to local. By default the CATEGORY_*
type labels which are mapped to the Personal/Promotions/etc tabs in the GMail interface are ignored. You can specify that no label should ignored by doing: gmi set --ignore-tags-remote ""
. Note: This setting expects untranslated tags.
Important: See note below on changing this setting after initial sync.
Local Trash Tag (local)
can be used to set the local tag to which the remote GMail 'TRASH' label is translated.
Important: See note below on changing this setting after initial sync.
Translation List Overlay
can be used to add or change entries in the translation mapping between local and remote tags. Argument is a comment-separated list with an even number of items. This is interpreted as a list of pairs of (remote, local), where each pair is added to the tag translation overwriting any existing translation for that tag if any. For example,
--translation-list-overlay CATEGORY_FORUMS,my_forum_tag
will translate Google's CATEGORY_FORUMS tag to my_forum_tag.')
Important: See note below on changing this setting after initial sync.
If you change the ignored tags after the initial sync this will not update already synced messages. This means that if a change is made locally on an already synced message the previously ignored remote labels may be deleted. Conversely, if a change occurs remotely on a message which previously which has local tags that were ignored before, these ignored tags may be deleted.
The best way to deal with this is to do a full push or pull after having changed one of the settings. Do not change both --ignore-tags-locally
and --ignore-tags-remote
at the same time.
Before changing either setting make sure you are fully synchronized. After changing e.g. --ignore-tags-remote
do first a dry-run and then a real run of full gmi pull -f --dry-run
. This will fetch the full tag list for all messages and overwrite the local tags of all your messages with the remote labels.
When changing the opposite setting: --ignore-tags-local
, do a full push (dry-run first): gmi push -f --dry-run
.
The same goes for the options --replace-slash-with-dot
and --local-trash-tag
. I prefer to do gmi pull -f --dry-run
after changing this option. This will overwrite the local tags with the remote labels.
We translate some of the GMail labels to other tags. The default map of labels to tags are:
'INBOX' : 'inbox',
'SPAM' : 'spam',
'TRASH' : 'trash',
'UNREAD' : 'unread',
'STARRED' : 'flagged',
'IMPORTANT' : 'important',
'SENT' : 'sent',
'DRAFT' : 'draft',
'CHAT' : 'chat',
'CATEGORY_PERSONAL' : 'personal',
'CATEGORY_SOCIAL' : 'social',
'CATEGORY_PROMOTIONS' : 'promotions',
'CATEGORY_UPDATES' : 'updates',
'CATEGORY_FORUMS' : 'forums',
The 'trash' local tag can be replaced using the --local-trash-tag
option.
Lieer ships with a set of OAuth 2 credentials that is shared openly, this shares API quota, but cannot be used to access data unless access is gained to your private access_token
or refresh_token
.
The minor risk of using these public OAuth 2 credentials is that a malicious application running on your computer could pretend to be the lieer application, and gain access to your Gmail account. Since that already involves a malicious application running on your computer, it could likely just read the existing .credentials.gmailieer.json
file directly, making this attack not particularly interesting.
In any case, you can generate your own OAuth 2 credentials instead. This requires you have a Google account and access to Google Cloud Platform.
- Create a project on GCP, or go to an existing one.
- Enable access to the Gmail API for that GCP project
- Configure the OAuth consent screen, which involves naming your application (e.g. "Lieer Gmail Access") and setting other app-related metadata, most of which will be shown when you visit the OAuth 2 consent screen to give Lieer access to your Gmail account.
- The important piece is to make sure to configure the
https://mail.google.com/
scope for your application, otherwise Lieer won't be able to access the Gmail API on your behalf. - You don't need to verify your application, you'll just get a scary warning about unverified applications when you go through the OAuth 2 flow, which you can safely ignore.
- The important piece is to make sure to configure the
- Create the OAuth 2 credentials by selecting 'Create Credentials' > 'OAuth client ID'.
- For
Application type
, selectDesktop app
- For
Name
, name itLieer
orgmi client
or something you'll recognize
- For
- Download the credentials by clicking the little download icon next to your newly created OAuth 2 client ID
- This will download the
client_secret.json
file you need for Lieer.
- This will download the
Store the client_secret.json
file somewhere safe and specify it to gmi auth -c
. You can do this on a repository that is already initialized, possibly using -f
to force reauthorizing with the new client secrets.
Lieer downloads e-mail and labels to your local computer. No data is sent elsewhere.
Lieers use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements
-
The GMail API does not let you sync
muted
messages. Until this Google bug is fixed, themute
andmuted
tags are not synchronized with the remote. -
The
todo
andvoicemail
labels seem to be reserved and will be ignored. -
The
draft
andsent
labels are read only: They are synced from GMail to local notmuch tags, but not back (if you change them via notmuch). -
Only one of the tags
inbox
,spam
, andtrash
may be added to an email. For the time being,trash
will be preferred overspam
, andspam
overinbox
. -
Trash
(capitalT
) is reserved and not allowed, usetrash
(lowercase, see above) to bin messages remotely. -
archive
orarxiv
are reserved and not allowed; see issue/109 and issue/171. To archive e-mails remove theinbox
tag. -
Sometimes GMail provides a label identifier on a message for a label that does not exist. If you encounter this issue you can get around it by using
gmi set --drop-non-existing-labels
and re-try to pull. The labels will now be ignored, and if this message is ever synced back up the unmapped label ID will be removed. You can list labels withgmi pull -t
. -
Sometimes GMail indicates that there are more changes when doing a partial pull, but an empty set is returned. The default is to fail, but you can ignore empty history by setting:
gmi set --ignore-empty-history
. -
You cannot add any new files (files starting with
.
will be ignored) to the lieer repository. Lieer uses the directory content an index of local files. Lieer does not push new messages to your account (note that if you send messages with GMail, GMail automatically adds the message to your mailbox). -
Make sure that you use the same domain for you GMail account as you initially created your account with: usually
@gmail.com
, but sometimes@googlemail.com
. Otherwise you might get aDelegation denied
error.
Github actions are configured to check for python code formatted by black.