diff --git a/home-manager-modules/mails/default.nix b/home-manager-modules/mails/default.nix
index 6485f71..6a9359f 100644
--- a/home-manager-modules/mails/default.nix
+++ b/home-manager-modules/mails/default.nix
@@ -32,7 +32,6 @@ with lib;
     };
 
     programs.mbsync.enable = true;
-    programs.mbsync.package = pkgs.stable.isync;
     programs.msmtp.enable = true;
     accounts.email = {
       accounts.ens = {
diff --git a/lib/mkmachine.nix b/lib/mkmachine.nix
index 6a7ca4b..b108566 100644
--- a/lib/mkmachine.nix
+++ b/lib/mkmachine.nix
@@ -56,6 +56,7 @@ import "${nixpkgs}/nixos/lib/eval-config.nix" {
           codeberg-pages-custom = prev.pkgs.callPackage ../packages/codeberg-pages-custom { };
           readeck = prev.pkgs.callPackage ../packages/readeck { };
           uptime-kuma-beta = prev.pkgs.callPackage ../packages/uptime-kuma-beta { };
+          isync = prev.pkgs.callPackage ../packages/isync { };
         })
 
         (
diff --git a/packages/isync/0001-Increase-imap_vprintf-buffer-size.patch b/packages/isync/0001-Increase-imap_vprintf-buffer-size.patch
new file mode 100644
index 0000000..8fefb2d
--- /dev/null
+++ b/packages/isync/0001-Increase-imap_vprintf-buffer-size.patch
@@ -0,0 +1,34 @@
+From e8a3a20aed135272a9ec0103f4055411c075f043 Mon Sep 17 00:00:00 2001
+From: Michal Sojka <michal.sojka@cvut.cz>
+Date: Mon, 7 Nov 2022 00:07:22 +0100
+Subject: [PATCH] Increase imap_vprintf buffer size
+
+This fixes "Fatal: buffer too small. Please report a bug." error. See
+https://sourceforge.net/p/isync/mailman/isync-devel/thread/87fsevvebj.fsf%40steelpick.2x.cz/#msg37731590
+for related discussion.
+
+When using mbsync with XOAUTH2 authentication (needed for Office365
+mailboxes), the access token used for the LOGIN command may not fit
+into the currently used buffer of 1000 characters. In my case, I need
+the buffer to be at least 2000 characters long. To make this more
+future-proof, I increase the buffer size to 4000 characters.
+---
+ src/drv_imap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/drv_imap.c b/src/drv_imap.c
+index c5a7aed..7847192 100644
+--- a/src/drv_imap.c
++++ b/src/drv_imap.c
+@@ -528,7 +528,7 @@ imap_vprintf( const char *fmt, va_list ap )
+ 	uint totlen = 0;
+ 	const char *segs[MAX_SEGS];
+ 	uint segls[MAX_SEGS];
+-	char buf[1000];
++	char buf[4000];
+ 
+ 	d = buf;
+ 	ed = d + sizeof(buf);
+-- 
+2.38.1
+
diff --git a/packages/isync/default.nix b/packages/isync/default.nix
new file mode 100644
index 0000000..efb63dc
--- /dev/null
+++ b/packages/isync/default.nix
@@ -0,0 +1,74 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+  pkg-config,
+  perl,
+  openssl,
+  db,
+  cyrus_sasl,
+  zlib,
+  # Disabled by default as XOAUTH2 is an "OBSOLETE" SASL mechanism and this relies
+  # on a package that isn't really maintained anymore:
+  withCyrusSaslXoauth2 ? false,
+  cyrus-sasl-xoauth2,
+  makeWrapper,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "isync";
+  version = "1.4.4";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/isync/${pname}-${version}.tar.gz";
+    sha256 = "1zq0wwvmqsl9y71546dr0aygzn9gjjfiw19hlcq87s929y4p6ckw";
+  };
+
+  patches = [
+    # Fixes "Fatal: buffer too small" error
+    ./0001-Increase-imap_vprintf-buffer-size.patch
+    # Fix #202595: SSL error "Socket error: ... unexpected eof while reading"
+    # Source: https://sourceforge.net/p/isync/isync/ci/b6c36624f04cd388873785c0631df3f2f9ac4bf0/
+    ./work-around-unexpected-EOF-error-messages-at-end-of-SSL-connections.patch
+  ];
+
+  nativeBuildInputs = [
+    pkg-config
+    perl
+  ] ++ lib.optionals withCyrusSaslXoauth2 [ makeWrapper ];
+  buildInputs = [
+    openssl
+    db
+    cyrus_sasl
+    zlib
+  ];
+
+  postInstall = lib.optionalString withCyrusSaslXoauth2 ''
+    wrapProgram "$out/bin/mbsync" \
+        --prefix SASL_PATH : "${
+          lib.makeSearchPath "lib/sasl2" [
+            cyrus-sasl-xoauth2
+            cyrus_sasl.out
+          ]
+        }"
+  '';
+
+  meta = with lib; {
+    homepage = "http://isync.sourceforge.net/";
+    # https://sourceforge.net/projects/isync/
+    changelog = "https://sourceforge.net/p/isync/isync/ci/v${version}/tree/NEWS";
+    description = "Free IMAP and MailDir mailbox synchronizer";
+    longDescription = ''
+      mbsync (formerly isync) is a command line application which synchronizes
+      mailboxes. Currently Maildir and IMAP4 mailboxes are supported. New
+      messages, message deletions and flag changes can be propagated both ways.
+    '';
+    license = licenses.gpl2Plus;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [
+      primeos
+      lheckemann
+    ];
+    mainProgram = "mbsync";
+  };
+}
diff --git a/packages/isync/work-around-unexpected-EOF-error-messages-at-end-of-SSL-connections.patch b/packages/isync/work-around-unexpected-EOF-error-messages-at-end-of-SSL-connections.patch
new file mode 100644
index 0000000..9177085
--- /dev/null
+++ b/packages/isync/work-around-unexpected-EOF-error-messages-at-end-of-SSL-connections.patch
@@ -0,0 +1,76 @@
+From b6c36624f04cd388873785c0631df3f2f9ac4bf0 Mon Sep 17 00:00:00 2001
+From: Oswald Buddenhagen <ossi@users.sf.net>
+Date: Mon, 6 Jun 2022 11:55:37 +0200
+Subject: [PATCH] work around "unexpected EOF" error messages at end of SSL
+ connections
+
+gmail apparently doesn't send a close notification (SSL_shutdown())
+before closing the TCP socket.
+---
+ src/drv_imap.c | 7 +++++--
+ src/socket.c   | 9 +++++++++
+ src/socket.h   | 1 +
+ 3 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/src/drv_imap.c b/src/drv_imap.c
+index fb8d165..6286045 100644
+--- a/src/drv_imap.c
++++ b/src/drv_imap.c
+@@ -1620,6 +1620,7 @@ imap_socket_read( void *aux )
+ 					error( "IMAP error: unexpected BYE response: %s\n", cmd );
+ 					/* We just wait for the server to close the connection now. */
+ 					ctx->expectEOF = 1;
++					socket_expect_eof( &ctx->conn );
+ 				} else {
+ 					/* We still need to wait for the LOGOUT's tagged OK. */
+ 				}
+@@ -1882,10 +1883,12 @@ static void
+ imap_cleanup_p2( imap_store_t *ctx,
+                  imap_cmd_t *cmd ATTR_UNUSED, int response )
+ {
+-	if (response == RESP_NO)
++	if (response == RESP_NO) {
+ 		imap_cancel_store( &ctx->gen );
+-	else if (response == RESP_OK)
++	} else if (response == RESP_OK) {
+ 		ctx->expectEOF = 1;
++		socket_expect_eof( &ctx->conn );
++	}
+ }
+ 
+ /******************* imap_open_store *******************/
+diff --git a/src/socket.c b/src/socket.c
+index ac3c847..892cece 100644
+--- a/src/socket.c
++++ b/src/socket.c
+@@ -810,6 +810,15 @@ socket_expect_activity( conn_t *conn, int expect )
+ 		conf_wakeup( &conn->fd_timeout, expect ? conn->conf->timeout : -1 );
+ }
+ 
++void
++socket_expect_eof( conn_t *sock )
++{
++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF  // implies HAVE_LIBSSL
++	if (sock->ssl)
++		SSL_set_options( sock->ssl, SSL_OP_IGNORE_UNEXPECTED_EOF );
++#endif
++}
++
+ int
+ socket_read( conn_t *conn, char *buf, uint len )
+ {
+diff --git a/src/socket.h b/src/socket.h
+index 5b1edd0..af679aa 100644
+--- a/src/socket.h
++++ b/src/socket.h
+@@ -142,6 +142,7 @@ void socket_start_tls(conn_t *conn, void (*cb)( int ok, void *aux ) );
+ void socket_start_deflate( conn_t *conn );
+ void socket_close( conn_t *sock );
+ void socket_expect_activity( conn_t *sock, int expect );
++void socket_expect_eof( conn_t *sock );
+ int socket_read( conn_t *sock, char *buf, uint len ); /* never waits */
+ char *socket_read_line( conn_t *sock ); /* don't free return value; never waits */
+ typedef enum { KeepOwn = 0, GiveOwn } ownership_t;
+-- 
+2.38.0
+