1. share everyone's mailboxes to an admin user who does the backup via IMAP.
2. create an app-password for each user which can be used to backup that user. This can be done as an admin user on your account.
Neither of them require knowing the user's password - an admin can override into each account unless it's specifically locked down to deny that. It does require a separate app password per account, we don't have a way to create a single password which can view each user's account without them explicitly sharing the folders, but I'm not sure how you reasonably do anything else without it being a backdoor behind all the privacy settings on each account.
Ah, interesting! Yes, I'd be fine with either of those. Right now I'm just backing up via rsync of the maildir tree, so it's not like these are any worse. I just didn't want to a) know my user's passwords, and b) have to have them give it to me any time they changed it.
Thanks for the tip. Maybe my Christmas present to myself will be to murder my mailserver!
Sorry - busy at IETF this week, didn't get to reply before. I would recommend the per-user app passwords over sharing all the folders to an admin account - because that way you see the \Seen flags as the user when backing up.
1. share everyone's mailboxes to an admin user who does the backup via IMAP.
2. create an app-password for each user which can be used to backup that user. This can be done as an admin user on your account.
Neither of them require knowing the user's password - an admin can override into each account unless it's specifically locked down to deny that. It does require a separate app password per account, we don't have a way to create a single password which can view each user's account without them explicitly sharing the folders, but I'm not sure how you reasonably do anything else without it being a backdoor behind all the privacy settings on each account.