[neomutt-users] gmail+imap+oauth

Kusoneko kusoneko at kusoneko.moe
Sun Dec 20 07:14:52 CET 2020

On December 20, 2020 5:17:55 AM UTC, Sven Guckes <neomutt-lists at guckes.net> wrote:
>just wondering..
>is it really necessary to go through all those hoops
>to get to the gmail account with (neo)mutt these days?
>disabling "secure apps", downloading a python script,
>integrating this into the setup, requesting
>additional credentials, generating a token.. wtf?
>it might all be so very much secure, but it  sure is not
>so easy to teach somebody to using (neo)mutt with gmail. :-(
>just what has become of the "host+user+pass" setup?
>or is there some workaround like forwarding all mails
>to the gmail account to yet another mail address?
>(or like "keep a copy, send on a copy"?)
>Preliminary OAUTH support for IMAP, POP, and SMTP is provided via
>external scripts.
>At least for Gmail, you can use the oauth2.py script from Google's
>You'll need to get your own oauth client credentials for Gmail here:
>Then, you'd use oauth2.py with --generate_oauth2_token
>to get a refresh token, and configure NeoMutt with:
>  set imap_authenticators="oauthbearer"
>set imap_oauth_refresh_command="/path/to/oauth2.py --quiet
>      --client_id=[client_id] --client_secret=[client_secret]\
>      --refresh_token=[refresh_token]"
>Substitute pop or smtp for imap in the above example to configure for

I personally don't use Neomutt's imap setup at all, I use a Maildir synced by mbsync (isync) every 5 mins with a cronjob that runs mbsync -Va every 5 mins. I use gpg encrypted text files that contain the application-specific password for oauth-protected accounts. An example for gmail accounts from my .mbsyncrc file:

IMAPAccount usernamegmail
Host imap.gmail.com
User username at gmail.com
PassCmd "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.neomutt/.pass-usernamegmail.gpg"
CertificateFile /etc/ssl/certs/ca-certificates.crt

IMAPStore usernamegmail-remote
Account usernamegmail

MaildirStore usernamegmail-local
Subfolders Verbatim
Path ~/Mail/usernamegmail/
Inbox ~/Mail/usernamegmail/Inbox

And then in the .neomuttrc file the following lines:

set folder = ~/Mail
mailboxes =usernamegmail
mailboxes =usernamegmail/Inbox =usernamegmail/[Gmail]
mailboxes "=usernamegmail/[Gmail]/All Mail" "=usernamegmail/[Gmail]/Sent Mail" =usernamegmail/[Gmail]/Drafts =usernamegmail/[Gmail]/Spam =usernamegmail/[Gmail]/Bin =usernamegmail/[Gmail]/Important =usernamegmail/[Gmail]/Starred

And then Neomutt can read the Maildir in realtime every time it's synced by the cronjob. The first few days syncing can be hell because Google ratelimits the amount of mail you can retrieve daily. I also have to manually run "mbsync -Va" once every time I reboot to enter my gpg passphrase otherwise it will fail silently.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 850 bytes
Desc: not available
URL: <https://mailman.neomutt.org/pipermail/neomutt-users-neomutt.org/attachments/20201220/df28355c/attachment.sig>

More information about the neomutt-users mailing list