emailengine-app 2.65.0 → 2.67.0

package/.github/workflows/deploy.yml

@@ -16,7 +16,7 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@v4
+              uses: actions/checkout@v6
 
             - name: Use Node.js 24
               uses: actions/setup-node@v4
@@ -63,27 +63,27 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@v4
+              uses: actions/checkout@v6
 
             - name: Set up QEMU
-              uses: docker/setup-qemu-action@v3
+              uses: docker/setup-qemu-action@v4
               with:
                   platforms: 'arm64,arm'
 
             - name: Set up Docker Buildx
               id: buildx
-              uses: docker/setup-buildx-action@v3
+              uses: docker/setup-buildx-action@v4
               with:
                   platforms: linux/amd64,linux/arm64/v8
 
             - name: Login to Docker Hub
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   username: ${{ secrets.DOCKERHUB_USERNAME }}
                   password: ${{ secrets.DOCKERHUB_TOKEN }}
 
             - name: Login to GHCR
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   registry: ghcr.io
                   username: ${{ github.repository_owner }}
@@ -91,7 +91,7 @@ jobs:
 
             - name: Docker meta
               id: meta
-              uses: docker/metadata-action@v5
+              uses: docker/metadata-action@v6
               with:
                   images: |
                       ${{ github.repository }}
@@ -100,7 +100,7 @@ jobs:
                       type=raw,value=latest,enable=true
 
             - name: Build and push
-              uses: docker/build-push-action@v6
+              uses: docker/build-push-action@v7
               with:
                   context: .
                   platforms: ${{ steps.buildx.outputs.platforms }}

package/.github/workflows/release.yaml

@@ -27,14 +27,14 @@ jobs:
                   release-type: node
 
             # The logic below handles the npm publication:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v6
               # these if statements ensure that a publication only occurs when
               # a new release is created:
               if: ${{ steps.release.outputs.release_created }}
 
             - uses: actions/setup-node@v4
               with:
-                  node-version: 20
+                  node-version: 24
                   registry-url: "https://registry.npmjs.org"
               if: ${{ steps.release.outputs.release_created }}
 
@@ -50,7 +50,7 @@ jobs:
             contents: read
             id-token: write
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v6
             - uses: actions/setup-node@v4
               with:
                   node-version: 24
@@ -66,34 +66,34 @@ jobs:
         steps:
             - run: echo version v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}.${{needs.release_please.outputs.patch}}
 
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v6
 
             - name: Set up QEMU
-              uses: docker/setup-qemu-action@v3
+              uses: docker/setup-qemu-action@v4
               with:
                   platforms: "arm64,arm"
 
             - name: Set up Docker Buildx
               id: buildx
-              uses: docker/setup-buildx-action@v3
+              uses: docker/setup-buildx-action@v4
               with:
                   platforms: linux/amd64,linux/arm64/v8
 
             - name: Login to DockerHub
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   username: ${{ secrets.DOCKERHUB_USERNAME }}
                   password: ${{ secrets.DOCKERHUB_TOKEN }}
 
             - name: Login to GHCR
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   registry: ghcr.io
                   username: ${{ github.repository_owner }}
                   password: ${{ secrets.GITHUB_TOKEN }}
 
             - name: Build and push
-              uses: docker/build-push-action@v6
+              uses: docker/build-push-action@v7
               with:
                   context: .
                   platforms: ${{ steps.buildx.outputs.platforms }}

package/.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
         runs-on: ubuntu-24.04
         # Service containers to run with `container-job`
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v6
 
             - name: Use Node.js 24
               uses: actions/setup-node@v4
@@ -49,7 +49,7 @@ jobs:
                 ports:
                     - 6379:6379
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v6
             - name: Use Node.js ${{ matrix.node }}
               uses: actions/setup-node@v4
               with:

package/CHANGELOG.md

@@ -1,5 +1,58 @@
 # Changelog
 
+## [2.67.0](https://github.com/postalsys/emailengine/compare/v2.66.0...v2.67.0) (2026-03-31)
+
+
+### Features
+
+* handle MS Graph 'missed' lifecycle event for Outlook notification recovery ([d55f48c](https://github.com/postalsys/emailengine/commit/d55f48c9a183f9e0108801563b1085c176dbeb06))
+* show human-readable missing scopes on OAuth scope error page ([4ee2365](https://github.com/postalsys/emailengine/commit/4ee2365449e3cbece6f4a83d540ae63c18464535))
+
+
+### Bug Fixes
+
+* add IMAP fetch retry timeout and harden passkey registration ([3a1b61b](https://github.com/postalsys/emailengine/commit/3a1b61b00e916c308cae5e7493a2207164d9d45f))
+* close command client proactively after subconnection setup ([02d3687](https://github.com/postalsys/emailengine/commit/02d36874d8533beabe5ad0fba978851b3791cbb5))
+* correct translation errors and remove EmailEngine branding from OAuth scope error ([9284ddd](https://github.com/postalsys/emailengine/commit/9284ddd1e28e40fd24abeea7296636b21c4b3878))
+* use STATUS instead of NOOP as keepalive for 163.com IMAP ([3b3516f](https://github.com/postalsys/emailengine/commit/3b3516feb14e64bab5ac586378237f2160cdf010))
+
+## [2.66.0](https://github.com/postalsys/emailengine/compare/v2.65.0...v2.66.0) (2026-03-29)
+
+
+### Features
+
+* add audit logging for admin authentication events ([0ea15d4](https://github.com/postalsys/emailengine/commit/0ea15d444ed589cd872b11190d07f7751f5cf54b))
+* add passkey (WebAuthn) authentication for admin login ([a39b362](https://github.com/postalsys/emailengine/commit/a39b362152597bcc864307cd7c46cdc78a3808e6))
+* always use persistent sessions and support remember-me for passkey login ([6a6fc74](https://github.com/postalsys/emailengine/commit/6a6fc74748f92372e135e88478a9fa0f83cf690f))
+* show curl example for service account OAuth2 apps ([4ab5eda](https://github.com/postalsys/emailengine/commit/4ab5edabf64373e8b2dd4bb0ea658847d40ba904))
+
+
+### Bug Fixes
+
+* broken Handlebars script tag, Okta session fall-through, login rate limiting, and passkey schema validation ([01e5721](https://github.com/postalsys/emailengine/commit/01e5721ee02ad66ce9c30b58c406988b1cfd1ae3))
+* clear passkey credentials on CLI password reset and document remember-me behavior ([35f7f00](https://github.com/postalsys/emailengine/commit/35f7f00970b7e7f3a514d2ea0d97fce5320f6e1b))
+* do not prefill login username field ([59835a8](https://github.com/postalsys/emailengine/commit/59835a84f3e2a01c6461f29ecb80763dc4a42fe2))
+* harden passkey auth, IMAP sync error handling, and login form UX ([c16b983](https://github.com/postalsys/emailengine/commit/c16b98312f35d87fd8b21974a7eb7eca6459cc3b))
+* harden passkey authentication with validation, rate limits, and audit logging ([75dd289](https://github.com/postalsys/emailengine/commit/75dd289940e7345fa56246c90ff6bc8d01694e6c))
+* login page divider logic, select() log level, and missing trailing newlines ([97ff93e](https://github.com/postalsys/emailengine/commit/97ff93e2cc6c865a0f597a42a124e0abb140e34a))
+* normalize copy across login and security pages ([60e132a](https://github.com/postalsys/emailengine/commit/60e132a9e4e8f96fc621b4b454f95896fb4d48c1))
+* normalize sign-in/sign-out copy to sentence case ([1ccfb16](https://github.com/postalsys/emailengine/commit/1ccfb167a674d887af0ac2db8df3ff434f23e5bb))
+* per-IP passkey rate limiting and credential ownership check ([2455cbe](https://github.com/postalsys/emailengine/commit/2455cbe9d6af5d6eff8ae81ecc335b6820bfc904))
+* prevent message event loss during IMAP sync under heavy load ([ceb139b](https://github.com/postalsys/emailengine/commit/ceb139b825eaf7fc06bf1c88b9bcc89824abbcdb))
+* prevent open redirects via next parameter and require password for passkey registration ([0e7f52a](https://github.com/postalsys/emailengine/commit/0e7f52ada9687234682027ecb93e81515fcb9dbb))
+* prevent unhandled promise rejections during mailbox sync ([e6174de](https://github.com/postalsys/emailengine/commit/e6174defbf1c94f54ac7cbcb45eaa9e5c547926e))
+* reject OAuth2 grants with missing Google granular consent scopes ([3f277d1](https://github.com/postalsys/emailengine/commit/3f277d1428e4a861752eb18b5d74279afefd1efa))
+* remove password hash from error logs and update passkey description copy ([d28dd16](https://github.com/postalsys/emailengine/commit/d28dd16e61fc84d0800546c4f33d4535f52e2a22))
+* remove unnecessary min-height from login form ([f16940d](https://github.com/postalsys/emailengine/commit/f16940d9957df114ce0ff4240107a82619a58705))
+* resolve OAuth2 provider for delegated Outlook accounts ([f35c816](https://github.com/postalsys/emailengine/commit/f35c816e3149eeaa568d86c06fa6783c649c54c5))
+* update client-side Handlebars to 4.7.9 and harden passkey input validation ([882891c](https://github.com/postalsys/emailengine/commit/882891c36ed3704d96ccf227e682e152f5395036))
+* upgrade handlebars to 4.7.9 to resolve prototype pollution vulnerability ([452f5f5](https://github.com/postalsys/emailengine/commit/452f5f54f4007e4b765e18861ce01cde312cc83c))
+
+
+### Performance Improvements
+
+* optimize mailbox listing for accounts with many folders ([a39e5f7](https://github.com/postalsys/emailengine/commit/a39e5f7b02156fc73ab44d1ca4f6e977e4290312))
+
 ## [2.65.0](https://github.com/postalsys/emailengine/compare/v2.64.0...v2.65.0) (2026-03-23)
 
 

package/bin/emailengine.js

@@ -373,6 +373,9 @@ function run() {
                     await settings.set('totpEnabled', false);
                     await settings.set('totpSeed', false);
 
+                    let passkeys = require('../lib/passkeys');
+                    await passkeys.deleteAllCredentials(authData.user);
+
                     return { password, passwordHash };
                 };
 

package/data/google-crawlers.json

@@ -1,5 +1,5 @@
 {
-    "creationTime": "2026-03-20T15:46:03.000000",
+    "creationTime": "2026-03-30T14:45:52.000000",
     "prefixes": [
         {
             "ipv6Prefix": "2001:4860:4801:2008::/64"
@@ -397,6 +397,9 @@
         {
             "ipv6Prefix": "2001:4860:4801:20b5::/64"
         },
+        {
+            "ipv6Prefix": "2001:4860:4801:20b6::/64"
+        },
         {
             "ipv4Prefix": "108.177.2.0/27"
         },
@@ -433,6 +436,9 @@
         {
             "ipv4Prefix": "192.178.16.192/27"
         },
+        {
+            "ipv4Prefix": "192.178.16.224/27"
+        },
         {
             "ipv4Prefix": "192.178.16.32/27"
         },

package/lib/account.js

@@ -262,26 +262,6 @@ class Account {
         return list;
     }
 
-    async getMailboxInfo(path) {
-        let redisKey = BigInt('0x' + crypto.createHash(MAILBOX_HASH).update(normalizePath(path)).digest('hex')).toString(36);
-
-        let data = await this.redis.hgetall(`${REDIS_PREFIX}iam:${this.account}:h:${redisKey}`);
-        if (!data || !Object.keys(data).length) {
-            return {};
-        }
-
-        let encodedMailboxData = await this.redis.hgetBuffer(this.getMailboxListKey(), path);
-        if (!encodedMailboxData) {
-            return {};
-        }
-
-        return {
-            path: data.path || path,
-            messages: data.messages && !isNaN(data.messages) ? Number(data.messages) : false,
-            uidNext: data.uidNext && !isNaN(data.uidNext) ? Number(data.uidNext) : false
-        };
-    }
-
     getAccountKey() {
         return `${REDIS_PREFIX}iad:${this.account}`;
     }
@@ -1177,26 +1157,52 @@ class Account {
         let mailboxes = [];
         let storedListing = await this.redis.hgetallBuffer(this.getMailboxListKey());
 
-        for (let path of Object.keys(storedListing || {})) {
+        let mailboxListingMap;
+        if (mailboxListing) {
+            mailboxListingMap = new Map();
+            for (let entry of mailboxListing) {
+                if (entry.status) {
+                    delete entry.status.path;
+                }
+                mailboxListingMap.set(entry.path, entry);
+            }
+        }
+
+        let paths = Object.keys(storedListing || {});
+
+        // Batch into a single round-trip to avoid per-mailbox latency with many folders
+        let pipeline = this.redis.pipeline();
+        for (let path of paths) {
+            let redisKey = BigInt('0x' + crypto.createHash(MAILBOX_HASH).update(normalizePath(path)).digest('hex')).toString(36);
+            pipeline.hgetall(`${REDIS_PREFIX}iam:${this.account}:h:${redisKey}`);
+        }
+        let pipelineResults = await pipeline.exec();
+
+        for (let i = 0; i < paths.length; i++) {
+            let path = paths[i];
             try {
                 let decoded = msgpack.decode(storedListing[path]);
 
                 if (decoded.path && decoded.delimiter && decoded.path.indexOf(decoded.delimiter) >= 0) {
-                    decoded.parentPath = decoded.path.substr(0, decoded.path.lastIndexOf(decoded.delimiter));
+                    decoded.parentPath = decoded.path.substring(0, decoded.path.lastIndexOf(decoded.delimiter));
                 }
 
-                let listedMailboxInfo;
-                if (mailboxListing) {
-                    listedMailboxInfo = mailboxListing.find(entry => entry.path === path);
-                    if (listedMailboxInfo && listedMailboxInfo.status) {
-                        delete listedMailboxInfo.status.path;
-                    }
+                let listedMailboxInfo = mailboxListingMap ? mailboxListingMap.get(path) : undefined;
+
+                let mailboxInfo = {};
+                let [pipelineErr, data] = pipelineResults[i] || [];
+                if (!pipelineErr && data && Object.keys(data).length) {
+                    mailboxInfo = {
+                        path: data.path || path,
+                        messages: data.messages && !isNaN(data.messages) ? Number(data.messages) : false,
+                        uidNext: data.uidNext && !isNaN(data.uidNext) ? Number(data.uidNext) : false
+                    };
                 }
 
                 mailboxes.push(
                     Object.assign(
                         decoded,
-                        await this.getMailboxInfo(path),
+                        mailboxInfo,
                         listedMailboxInfo && listedMailboxInfo.status
                             ? {
                                   status: listedMailboxInfo.status

package/lib/consts.js

@@ -154,6 +154,9 @@ module.exports = {
 
     TOTP_WINDOW_SIZE: 6,
 
+    WEBAUTHN_CHALLENGE_TTL: 300, // 5 minutes
+    MAX_PASSKEYS_PER_USER: 20,
+
     // How many times to retry an email sending before it is considered as failing
     DEFAULT_DELIVERY_ATTEMPTS: 10,
 
@@ -190,6 +193,8 @@ module.exports = {
     FETCH_RETRY_INTERVAL: 1000,
     FETCH_RETRY_EXPONENTIAL: 2,
     FETCH_RETRY_MAX: 60 * 1000,
+    FETCH_RETRY_MAX_TIME: 24 * 60 * 60 * 1000, // 1 day maximum retry duration
+    FETCH_RETRY_MIN_ATTEMPTS: 20, // minimum attempts before time limit applies
     DEFAULT_FETCH_BATCH_SIZE: 1000,
 
     // MS Graph webhook subscription settings

package/lib/email-client/gmail-client.js

@@ -27,7 +27,7 @@ const {
 
 const settings = require('../settings');
 
-const { GMAIL_API_BASE, LIST_BATCH_SIZE, request: gmailApiRequest } = require('./gmail/gmail-api');
+const { GMAIL_API_BASE, LIST_BATCH_SIZE, request: gmailApiRequest, executeBatchRequests } = require('./gmail/gmail-api');
 
 const MAX_GMAIL_BATCH_SIZE = 50;
 
@@ -253,6 +253,8 @@ class GmailClient extends BaseClient {
         this.renewWatchTimer = null;
 
         this.cachedLabels = null;
+        this.cachedDetailedLabels = null;
+        this.cachedDetailedLabelsTime = null;
     }
 
     /**
@@ -485,6 +487,8 @@ class GmailClient extends BaseClient {
         // Clean up cached data
         this.cachedLabels = null;
         this.cachedLabelsTime = null;
+        this.cachedDetailedLabels = null;
+        this.cachedDetailedLabelsTime = null;
         this.pendingHistoryId = null;
 
         if (['init', 'connecting', 'syncing', 'connected'].includes(this.state)) {
@@ -508,6 +512,8 @@ class GmailClient extends BaseClient {
         // Clean up cached data
         this.cachedLabels = null;
         this.cachedLabelsTime = null;
+        this.cachedDetailedLabels = null;
+        this.cachedDetailedLabelsTime = null;
         this.pendingHistoryId = null;
 
         if (['init', 'connecting', 'syncing', 'connected'].includes(this.state)) {
@@ -538,34 +544,21 @@ class GmailClient extends BaseClient {
 
         let resultLabels;
         if (options && options.statusQuery?.unseen) {
-            // Fetch detailed label info including message counts
-            let promises = [];
-            resultLabels = [];
-
-            let resolvePromises = async () => {
-                if (!promises.length) {
-                    return;
-                }
-                let resultList = await Promise.allSettled(promises);
-                for (let entry of resultList) {
-                    if (entry.status === 'rejected') {
-                        throw entry.reason;
-                    }
-                    if (entry.value) {
-                        resultLabels.push(entry.value);
-                    }
-                }
-                promises = [];
-            };
+            // Short-lived cache avoids N per-label API calls on repeated requests within 60s
+            let now = Date.now();
+            if (this.cachedDetailedLabels && now <= this.cachedDetailedLabelsTime + 60 * 1000) {
+                resultLabels = this.cachedDetailedLabels;
+            } else {
+                resultLabels = await executeBatchRequests(
+                    this,
+                    labels,
+                    label => this.request(`${GMAIL_API_BASE}/gmail/v1/users/me/labels/${label.id}`),
+                    MAX_GMAIL_BATCH_SIZE
+                );
 
-            // Batch API requests for efficiency
-            for (let label of labels) {
-                promises.push(this.request(`${GMAIL_API_BASE}/gmail/v1/users/me/labels/${label.id}`));
-                if (promises.length > LIST_BATCH_SIZE) {
-                    await resolvePromises();
-                }
+                this.cachedDetailedLabels = resultLabels;
+                this.cachedDetailedLabelsTime = now;
             }
-            await resolvePromises();
         } else {
             resultLabels = labels;
         }
@@ -1732,6 +1725,7 @@ class GmailClient extends BaseClient {
 
             // clear cache
             this.cachedLabels = null;
+            this.cachedDetailedLabels = null;
         } catch (err) {
             switch (err?.oauthRequest?.response?.error?.code) {
                 case 409:
@@ -1814,6 +1808,7 @@ class GmailClient extends BaseClient {
 
             // clear cache
             this.cachedLabels = null;
+            this.cachedDetailedLabels = null;
         } catch (err) {
             switch (err?.oauthRequest?.response?.error?.code) {
                 case 409:
@@ -1863,6 +1858,7 @@ class GmailClient extends BaseClient {
 
             // clear cache
             this.cachedLabels = null;
+            this.cachedDetailedLabels = null;
         } catch (err) {
             switch (err?.oauthRequest?.response?.error?.code) {
                 case 409:

package/lib/email-client/imap/mailbox.js

@@ -30,7 +30,8 @@ const {
     REDIS_PREFIX,
     MAX_INLINE_ATTACHMENT_SIZE,
     MAX_ALLOWED_DOWNLOAD_SIZE,
-    MAILBOX_HASH
+    MAILBOX_HASH,
+    TRANSIENT_NETWORK_CODES
 } = require('../../consts');
 
 const {
@@ -403,11 +404,13 @@ class Mailbox {
         this.logger.debug({ msg: 'Deleted mailbox', path: this.listingEntry.path });
 
         if (!opts.skipNotify) {
-            this.connection.notify(this, MAILBOX_DELETED_NOTIFY, {
-                path: this.listingEntry.path,
-                name: this.listingEntry.name,
-                specialUse: this.listingEntry.specialUse || false
-            });
+            this.connection
+                .notify(this, MAILBOX_DELETED_NOTIFY, {
+                    path: this.listingEntry.path,
+                    name: this.listingEntry.name,
+                    specialUse: this.listingEntry.specialUse || false
+                })
+                .catch(err => this.logger.error({ msg: 'Failed to send mailbox deleted notification', err }));
         }
     }
 
@@ -1982,20 +1985,24 @@ class Mailbox {
             messageFetchOptions.fetchHeaders = Array.from(fetchHeaders);
         }
 
-        // Process queued notifications
+        // Peek-then-remove: read entries without removing so that connection errors
+        // leave unprocessed entries in Redis for retry on reconnect.
         let queuedEntry;
         let hadUpdates = false;
-        while ((queuedEntry = await this.connection.redis.zpopmin(this.getNotificationsKey(), 1)) && queuedEntry.length) {
+        let notificationsKey = this.getNotificationsKey();
+        while ((queuedEntry = await this.connection.redis.zrange(notificationsKey, 0, 0, 'WITHSCORES')) && queuedEntry.length) {
             hadUpdates = true;
 
-            let [messageData, uid] = queuedEntry;
+            let [rawMember, uid] = queuedEntry;
             uid = Number(uid);
+            let messageData;
             try {
-                messageData = JSON.parse(messageData);
+                messageData = JSON.parse(rawMember);
                 if (typeof messageData.internalDate === 'string') {
                     messageData.internalDate = new Date(messageData.internalDate);
                 }
             } catch (err) {
+                await this.connection.redis.zrem(notificationsKey, rawMember);
                 continue;
             }
 
@@ -2003,11 +2010,25 @@ class Mailbox {
             let canSync = documentStoreEnabled && (!this.connection.syncFrom || messageData.internalDate >= this.connection.syncFrom);
 
             if (this.connection.notifyFrom && messageData.internalDate < this.connection.notifyFrom && !canSync) {
-                // skip too old messages
+                await this.connection.redis.zrem(notificationsKey, rawMember);
                 continue;
             }
 
-            await this.processNew(messageData, messageFetchOptions, canSync, storedStatus);
+            try {
+                await this.processNew(messageData, messageFetchOptions, canSync, storedStatus);
+                await this.connection.redis.zrem(notificationsKey, rawMember);
+            } catch (err) {
+                if (
+                    err.code === 'NoConnection' ||
+                    err.code === 'IMAPConnectionClosing' ||
+                    err.code === 'EConnectionClosed' ||
+                    TRANSIENT_NETWORK_CODES.has(err.code)
+                ) {
+                    throw err;
+                }
+                await this.connection.redis.zrem(notificationsKey, rawMember);
+                this.logger.error({ msg: 'Failed to process new message', uid, id: messageData.id, err });
+            }
         }
 
         if (hadUpdates) {
@@ -2119,19 +2140,25 @@ class Mailbox {
                 // fully synced, so not new anymore
                 this.listingEntry.isNew = false;
                 this.logger.debug({ msg: 'New mailbox', path: this.listingEntry.path });
-                this.connection.notify(this, MAILBOX_NEW_NOTIFY, {
-                    path: this.listingEntry.path,
-                    name: this.listingEntry.name,
-                    specialUse: this.listingEntry.specialUse || false,
-                    uidValidity: mailboxStatus.uidValidity.toString()
-                });
+                this.connection
+                    .notify(this, MAILBOX_NEW_NOTIFY, {
+                        path: this.listingEntry.path,
+                        name: this.listingEntry.name,
+                        specialUse: this.listingEntry.specialUse || false,
+                        uidValidity: mailboxStatus.uidValidity.toString()
+                    })
+                    .catch(err => this.logger.error({ msg: 'Failed to send new mailbox notification', err }));
             }
 
             // Resolve sync promise or start IDLE
             if (this.synced) {
                 this.synced();
             } else {
-                await this.select();
+                try {
+                    await this.select();
+                } catch (err) {
+                    this.logger.warn({ msg: 'Failed to select after sync', err });
+                }
             }
         }
     }