Migrating ten years of email
I recently decided to move my email hosting from Google Workspace to Amazon WorkMail. Here's why:
Google's AI assistant, Gemini, was announced in 2024 and priced at $20 per seat as an add-on. At the end of the year, they changed the pricing, enabling Gemini for all customers and bumping up the per-seat license from $12 to $14 per month. This felt shady to me, and frankly I don't want an advertising company reading my emails for any reason, so I decided to move my email hosting to Amazon WorkMail. Sure, AWS is also a global behemoth, but they are also my employer and are at least saying the right things about data privacy and AI.
Setting up WorkMail was pretty simple. I created a new organization in us-west-2, pointed it at the obscure.com domain that was already hosted on Route 53, and it took care of adding MX and DKIM records. In a few minutes, my domain was verified in WorkMail and I was able to add user accounts for myself and my wife. New messages started appearing in my Inbox immediately afterwards. The WorkMail migration docs don't provide much guidance on how to migrate stored messages, though. The guidance seems to be 1) pay a partner to do it for you, or 2) give your contact info to an online service who will then migrate a limited number of accounts for free. Meh. I did some searching and found a third option: imapsync, an open-source IMAP transfer tool that you can run yourself. The developer is actively maintaining the project and offers paid support if you need it.
The online version of the tool offers the opportunity to try out imapsync without installing it, with a limit of 3 Gb of data transfer. The web site appears to spin up a compute instance somewhere and passes the mailbox credentials to a command-line invocation of imapsync. Yes, you do need to provide passwords for your IMAP accounts, which could be a deal-breaker for some folks. I decided to risk sharing that information to see if imapsync would work for a Google-to-AWS transfer. I entered the login, password, and server values for Gmail and AWS (see table below) and checked the "Just checks credentials" box, then hit "Sync!". The logs showed an authentication failure on imap.gmail.com. I eventually found a web page that recommended using a Google app password for connecting third-party email clients to Gmail. I followed the instructions in my Google account to generate an app password, copied that into the source password field, and that fixed the auth problem.
| IMAP source Mailbox | IMAP destination Mailbox | |
|---|---|---|
| Login | paul@gmail.com | paul@obscure.com |
| Password | ******** (app password) | ******** |
| IMAP Server hostname | imap.gmail.com:993 | imap.mail.us-west-2.awsapps.com |
Your destination server hostname might be different if you created your WorkMail organization in another AWS region.
After I got auth working, I purchased the unsupported version of the service to help out Gilles, the author and maintainer. My PayPal receipt included a link to the migration web site with the mailbox size limitation removed. No time like the present, I thought, so I kicked off a migration. imapsync started creating folders in my WorkMail account and the logs showed messages flowing out of Google-land. Success! But wait! "ETA: Sunday 2 February 2025-02-02"? That's four days from now! That's a long time to leave a browser window up and running and also could be a fair bit of compute cost for the maintainer. I decided to spin up an EC2 instance and run the tool myself.
I launched a generic t2.micro instance (free tier FTW) with Amazon Linux 2023, logged in, and grabbed a release tarball from the imapsync GitHub project. I couldn't figure out how to install a few of the dependencies and was sort of put off by the dire warnings in the AWS docs about the EPEL repo where other deps come from. It seemed like I've have an easier time on Debian, what with the pre-packaged .deb file on the download page, so I threw away the AL23 machine and spun up a Debian environment. Initially, I ran into more dependency issues, but editing /etc/apt/sources.list.d/debian.sources and adding the "contrib" repo to Bookworm fixed that problem. Kicking off the command line version of the app was simple, and now I'm watching my emails fly by with a new ETA of less than 24 hours from now. Not bad for moving 144,000 messages.
Step 2 in the de-Googlification will be moving my docs and spreadsheets over to our Synology NAS and switching over to their office productivity apps. We don't use any other Workspace apps, so once email and docs are done, I'm going to shut down my account there. And it will feel great!