[StalwartLabs]

> What's the backup story like? Can the whole state be restored from the mail storage (I assume not)? Do you support "master users" (as in dovecot) so that I can do a continuous backup with dovecot sync?

At the moment backing up the raw messages can be done by copying the blobs directory. However backing up the metadata (which is stored on RocksDB) is not yet supported but will be added on the next release. RocksDB has support for checkpoints and backups so adding the backup functionality is pretty straight-forward. In Stalwart JMAP there is a single master user which is the administrator. Continuous backup will be implemented as a housekeeper task which can be run on a schedule or manually triggered by the administrator.

> Is it possible to use any OIDC server on the IMAP proxy?

The IMAP proxy supports the OAUTHBEARER authentication scheme but using third-party OIDC server is not supported at the moment. However, once the SMTP server is out I plan to add support for other SASL mechanisms on the IMAP proxy (since some of the work will be shared with the SMTP Auth module).

> Do you support password authentication for legacy applications (preferably application and device specific passwords)?

Yes, the IMAP proxy supports both the LOGIN and AUTH=PLAIN mechanisms.

> Also, is it possible to export the mails and the state, so if this project does not work out, there is a way out?

E-mails can already be exported by copying the blobs directory (only the raw messages are stored under that directory). To export the metadata and folder structure any IMAP backup tool or service could be used.

[ibotty]

Thank you for your answers.

> The IMAP proxy supports the OAUTHBEARER authentication scheme but using third-party OIDC server is not supported at the moment. However, once the SMTP server is out I plan to add support for other SASL mechanisms on the IMAP proxy (since some of the work will be shared with the SMTP Auth module).

It would be great to allow another OIDC server (to have single sign on and MFA) without having to run another SASL server.

> Yes, the IMAP proxy supports both the LOGIN and AUTH=PLAIN mechanisms.

How are application-device-specific passwords handled? Is there some documentation?

[StalwartLabs]

> How are application-device-specific passwords handled? Is there some documentation?

Not sure what do you mean with application device specific passwords? Currently Stalwart JMAP only allows registered accounts to login using a password which is stored encrypted with Argon2. Authentication can be done using the OAuth or Basic mechanisms. There are no additional passwords specific to a particular device. Not sure if this answers your question though.