I just put the finishing touches on my ansible playbook for my 'Goodbye Google' server (Mail via dovecot/postfix w/ dkim, dspam, greylist, sieve, Radicale for CardDAV, CalDAV, Prosody for xmpp). Works fine so far.
What I'm lacking right now is a decent webmail client. Roundcube isn't exactly my type of thing, mailpile might be interesting. This seems ambitious and interesting in general, but seems to come with too much strings attached (puppet? No, ansible. Comes with postfix? I already have that). So .. it is more than I'd need.
I do like the idea of ready-made, easy mail server setups though (obviously, given the first paragraph). Perhaps a project like this could integrate well into owncloud or arkos though?
> starting with our clean protocol implementations (SMTP, POP, IMAP) and does not require external projects.
I'm curious of the reasoning behind your decision to reimplement SMTP instead of just using Postfix, for example. I run mail servers for an ISP (and myself) and take advantage of a lot of the "advanced" functionality that Postfix has acquired in the last 15 years.
The initial goal of the project was to have a total control on the TCB (Trusted Computing Base) of a webmail for high security environments, in order to be able to pass certifications such as Common Criteria (EAL).
Our protocol implementations use a specific DSL, that generates Opa code which is strongly statically typed with high-level types such as variants/rows. Although we currently lack many features or optimizations, the approach is clean and much easier to certify.
Yes, we are thinking about the following business model for PEPS, which was built for an important account but of which we own the IP.
1. Open source under the AGPL license, so that anyone can host its own instance easily and hopefully we can build a community around the product.
2. Sell support (together with a non-AGPL license for corporations).
OR
1. Open source under the MIT license the current product.
2. Sell a complete packaged solution with add-ons for corporate users.
To be fair, if you use our code under the WTFPL (and don't, because it's like three versions and two test suites out of date, at this point!) we don't require that you open-source any other part of your stack.
How exactly would it be viral in this case? I ask because it's damned confusing. Since this would be an email server, wouldn't it be a drop-in component in most folks' infrastructure? If I understand it correctly, it would just require me to make the source code of the email server/client itself available to my users...not any of my other unrelated infrastructure apps, correct?
This is the problem with the GPL/AGPL- what exactly must be open sourced under what conditions has been debated many times, and different people/groups have come to very different conclusions.
The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work.
Please point out what exactly the different conclusions are to that text.
I am not an expert on the various points of the debate- I only know it exists. You can Duck Duck Go for "gpl derivative work definition" and find some references to this debate. Perhaps someone else has a specific answer for your question, sorry.
The AGPL is exactly the same as the GPL, except that if there is a button to click to download the source code of the program, you are not allowed to remove that button.
If the Program as you received it is intended to interact with users through a computer network and if, in the version you received, any user interacting with the Program was given the opportunity to request transmission to that user of the Program's complete source code, you must not remove that facility from your modified version of the Program or work based on the Program, and must offer an equivalent opportunity for all users interacting with your Program through a computer network to request immediate transmission by HTTP of the complete source code of your modified version or other derivative work."
That last part--"derivative work"--is somewhat the rub.
If that part of the informal FAQ worries you that it might be interpreted in some strange way, just look at the actually license and read it.
Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version
The definition of Corresponding Source code is listed earlier in this HN thread.
have you setup Exchange protocol support (for pushmail on iOS devices)? Gmail disabled Exchange protocol support for newer devices, that would be my main motivation to move away from Gmail.
Turns out we _do have_ an implementation of ActiveSync in Opa!
That said, as we need to make a living, and if we go the MIT way (see comments below), there are high chances that the Exchange support will be a paid extension.
That looks awesome, thanks. You(?) went a lot further than me (and further than I want to go, admittedly).
Still, for people looking for a more complete package that looks like a much better alternative.
Not for me, because I'm trying to get away with a much smaller machine and less dependencies (i.e. I'm still really unsure if I want a webserver. I decided to go for clucene instead of solr because of the dependencies etc. etc.).
I will follow that repository though and think about recommending that to friends/coworkers though, depending on their needs/expectations.
Why would an email client need an RDBMS backend in the first place other than the fact that, like WordPress, the devs did not value KIS? Squirrelmail does fine without a db, as do all of the command line clients.
I've similar setup on my server (except http://baikal-server.com/ for CardDAV/CalDAV and http://www.ejabberd.im/ for XMPP) and I was wondering if there is a simpler solution to email server for one person than postfix/dovecot/spam handling. I understand complexity of that subject but feels like there could be something that fits "personal server" scenario.
for a personal server, maybe try http://www.citadel.org/. One app that runs email, xmpp, calendar, contacts and notes, written in C++. I've installed just on one machine. The interface is awful, but the rest seems to work pretty well.
Care to make that playbook publicly available? I would also be interested to try out hosting my own email, but am somehow afraid of setting it up wrong.
Careful though: This isn't deployed outside of test machines yet. I'm still working on the proper backup/restore scenarios, consider a couple improvements etc. - the readme outlines what I would like to do next.
Plus: While I self-host my mails for a while (without an automated setup of sorts, the one off snowflake sort of thing, so quite different from this here), I don't claim to be an expert here. Check what I did, take it as a template, don't use it without a basic understanding.
If there are some postfix/dovecot gurus out here and would like to point out obvious flaws in my setup - go ahead!
I'm pretty sure I followed one of those previously.
I wouldn't do that again, though (hence my stumbling around with ansible). If the machine goes down/you want to recreate it or duplicate it for a friend's setup (without dd-ing everything and trying to figure out what to change later) you're back to square one. It's probably month or years after you read the guide that created your system, you don't have the link handy anymore, forgot all you learned about gotchas in the doc that were slightly different for your deployment.
These guides aren't bad per se. My current system is a heavily customized result of various "Here's how I do mails" guides as well and it works like a charm, for quite some time. But I could never reproduce it again, which caused my reluctance to jump from GMail as my primary account to the self-hosted one - even if that one works for me, for years.
IF all my critical data (password reset mails, banking information etc. etc.) end up on a host I'm responsible for, I want to be able to replace that thing ASAP if something goes wrong.
Currently (unfinished, see my link above), but:
time ansible-playbook -K -i hosts site.yml
real 6m29.708s
user 0m9.623s
sys 0m3.243s
(Most of the time is spent in downloading packages/installing them: Got a faster network? This will be faster as well)
That's from a bare bone installation (nothing on there but ssh, my unprivileged user with sudo privileges) to a running mail (smtp/imap), calender/contacts & xmpp server.
I don't claim that MY project is the way to go, quite frankly I'd be very uncomfortable to push others to use it. But I do believe that infrastructure that is this essential should be easy to recreate/reproduce, even for laymen/single persons.
Do you have a blog post of everything you've installed and getting them all to work well together? I've been interested in creating my own "Goodbye Google" server, but never get started:(
That said: The point of these automated recipes is that you can run them _without_ reading a blog and copy/pasting things in a shell. I do plan to write about my experience. After I set up a blog. cough
I've to disagree about the state of the ansible documentation, I guess. As far as I understand the website was restructured not too long ago and a lot of stuff is .. broken. I fell back to using the Google Site Search thingy to find anything, because ansible's documentation lacks any kind of index/reference (except for the modules page, which is nice). There's a good deal of magic involved, and passages in the documentation even state stuff like 'there are a couple of these magic variables, but not too much' (Note: No list is provided).
In general I hate the state of the documentation. It's barely usable.
I do like the simplicity of the format (.yml) and the architecture (no agent required, only dependency is python and I think even that can be bootstrapped via python).
My playbook (see above) certainly feels like a shell script packaged in .yml format, but .. I stumbled over and over again when I tried using ansible's modules (examples: No way to create postgresql roles without a password, no way to load data into postgresql => Two things I've to do via shell: or command: in my project).
Bottom line: I'm happy with the state I have, but I'm far from happy with ansible as a technology and probably wouldn't use it as it is for the next deployment project.
I welcome this as I welcome Mailpile and other efforts like it; I look for another mail solution every few years. Not with the idea of replacing gmail (might/might not do), but to see if anyone did anything useful yet. So far, no. All solutions, even considering the changes to gmail everyone seems to hate (I don't), are nothing compared.
Every time some new frontend/backend comes up, I say the same (and have done on HN before); i'm not a typical user; I had email since '95, I have been a heavy user since then and I took my mail with me since. In 2005 I was looking, like I had been then as well, for a better mail solution and stumbled upon gmail. I wrote an export script for the mail system I was using at the time and imported 10 years of mail into gmail.
I now have over a million mails in my mailbox (i'm not sure what is the total); I have over 50 mail addresses coming to my inbox, I receive 1000s (sometimes 10.000s) of spam messages per day which Google filters well. I guess this is due to the fact I have had/have businesses on those 50 mails since 1995. All clients I tried so far just simply hang when I try them, including outlook (exchange or imap), thunderbird and some free and commercial web versions (yahoo and outlook web/live simply don't work; I cannot even read my mail through the amount of spam and the clients are horrible for productivity imho. Slow as well).
I also need a solid spam solution; spamassassin simply doesn't cut it; not only does it run high processor on my server, it doesn't actually filter stuff like google does. Google almost never goes wrong for me; actually; I have had very few mistakes / missing mails. While with spamassassin, I'll be carefully inspecting 5k mails / day while still getting spam in my inbox.
I think my mailbox is a bit weird now, but it'll be quite normal as it'll be normal for people to have a mailbox since birth and taking it with them till they die. If you run a few businesses along the way, getting to 1 million messages is not hard; spam will find you as well. Media messages are getting common; I make a point of using dropbox/sftp for attachments, but not everyone does that, so I do get videos, huge blah megapixel cameras of birthdays of family etc. This is normal and will only grow; the current mail solutions don't handle it well. If you want to deliver a competitor to gmail, you need to make this work imho and it needs to be a test case.
Like I put in the tail of my post; I don't think i'm an outlier anymore soon. The 50 email addresses; sure, but the amount of mail, maybe for now, but not for long. And certainly not (already!) in size; there are plenty of people who get/send all their video/images/large docs via email.
Edit: also, the Google team was really good to me and my (free! well I pay more for storage obviously, but it's not a google apps one) mailbox; on several occasions they contacted me when my mailbox was not functioning and helped fix the issues with it. Compared to a few years ago, the gmail backend, for me has gotten a lot better; search used to just stall; now it's always fast and accurate. And when I deleted a significant amount of mails, my mailbox would be unreachable for at least 1 day (giving a Oops error code 14 or something like that); no it just works.
Edit2: I rather would like the spam AI from Google as a webservice for all clients to use, or an open source alternative. Spamassassin is a nice initiative, but it never worked for anyone I know. A lot of my colleagues just ended up routing their company mail through gmail to get a better spam filter.
You are an outlier and will always be an outlier. I've had email since I got my first modem in 1985. I've had hundreds of email addresses between BBSes, online services and the Internet. I've happily deleted all the mail and given up the addresses for all but a handful.
What might change at some point is A&E launching a Digital Hoarder reality show wherein people with such a storage proclivity can get the help they need.
Maybe you are right. I don't think so though; people are lazy and if the default status is that you can keep everything you have anyway (considering the allotted yearly storage growth and the plummeting prices of storage in general) you won't bother deleting anything.
You seem to come from the same time as I do ; I had my first modem around '85 and was very active on BBSes. I ran my BBSes, for most of the 80s, of 720 kb disks, so I do know what storage limitation was. It's just not there anymore. Gmail now easily handles all of this and so should some other solutions imho, especially the ones wanting to compete with gmail. Google said; 'never delete another mail' and i'm sure people got used to that by now for all cloud services.
The mail address and email hoarding came when I started making serious companies. And it's not like they bother me or whatever. Maybe I will throw everything away some time, but for now; I dodged an almost million euro gov fine a few years ago by having a complete mail conversations + attachments with my employees between 2002 and 2004. I would be in a whole load of crap if I wouldn't have those anymore.
I think you're absolutely right. We've actually been thought by Gmail not to remove messages but instead archive them and that's a good philosophy.
I've been on Gmail since 2005 and have about 100,000 messages at 20 GB. There's messages coming in from 25 different addresses at 300/day with 100 being spam.
I don't feel like I'm an email power user though, I imagine people in sales do about 100x more than this.
It's definitely a requirement to be able to do this and I feel even if we would be outliers, in a couple of years we won't be anymore.
And at least Google seems to think so; they worked with me to get my mail fast and working well. They asked me to turn stuff on and off, reroute addresses for a while and such until my mail (as it is now) was fast and solid. I think they do expect a lot of people to be like me in the future.
You said the following two things which are mutually exclusive:
I wrote an export script for the mail system I was using at the time and imported 10 years of mail into gmail.
I don't think so though; people are lazy and if the default status is that you can keep everything you have anyway
The default status is that stuff goes away. I believe you're arguing that "this time it's different" but I see no evidence for that. In fact, there is a post almost every day on HN about Gmail users looking for an alternative. I myself can't wait to get off Gmail. When I do that I'll happily explicitly delete my Gmail account and all the email in it. Because I am lazy and it's easier to do that than it is to write a script to transfer it to what I use next.
You seem to come from the same time as I do ; I had my first modem around '85 and was very active on BBSes.
I got my first modem in 1985, got a phone line as my Christmas present from my parents in 1986 and started my own BBS. Started a consulting company in 1993. Started a small ISP in 1996, sold it in 1998 and started working for corporate America.
In the U.S., I find from a legal perspective that the less documentation you have the better. That's why every large U.S. company has an email retention policy that is very short. Anyone looking to sue you needs proof and often that proof comes from your own records as part of discovery since they don't have any proof. If as part of a standard process you delete everything you're not legally required to retain then you can't be forced into helping their case.
> I wrote an export script for the mail system I was using at the time and imported 10 years of mail into gmail.
> I don't think so though; people are lazy and if the default status is that you can keep everything you have anyway
My, old person who grew up in the 80s, case versus people I know and talk to who are <= 20 y/o now.
> In the U.S., I find from a legal perspective that the less documentation you have the better. etc
This particular thing was a large project, paid for by a gov grant (not sure if that's the correct word, but I think it means the same) early and ran from 2001-2009; the grant was for millions. A few years ago, suddenly they came to check on the project; see if all paperwork is in order, hours written etc. Now during one of the office moves, someone misplaced the actual paperwork we prepared for this including CDs with source code, revision history etc (Now only if there was some kind of storage on internet to store this on...). We would have to pay that money back + fines if we cannot actually prove we did the work and who did it. In your case, we would've had to pay the money/fines, because outside my mail, there was no way to prove anything. And these gov checkups come years and years after the fact.
Granted; this was a stupid mistake of someone who thought the boxes were full of outdated crap, maybe even an external mover, however, I don't see the downside with keeping everything in this case. Especially if you have a company. In the US you have all kinds of legal issues; I understand that, we don't have that really, so worrying that someone will check your mail, even in courtcases, is not very likely.
My hunch is that Google's spam detection is not necessarily better than open-source solutions. It's just that they may have a larger corpus of data to train the system on.
If I host my own email server, my spam filter will only have my inputs to determine what is spam.
This leads me to an idea. There probably can be a service to build a dynamic corpus of spam samples. If I mark a message as spam, my email server can send a sample to the service, and periodically, my email server will download "top 100" samples to feed its filter.
This isn't necessarily a good idea. The type of SPAM you receive is different than the type of SPAM I receive. Moreover, it is very possible that I do (not) consider some messages as SPAM whereas you do (not). It is true that it takes some time to train the filter, but after that initial period you will get better results if you only train it with your own SPAM.
I've been hosting my own email on a small personal server for some ~7 years now. All my email addresses redirect here (I have 9 frequently used addresses, and a bunch of website-specific ones). I'm using spamassassin (plus amavisd-new) as a proxy content filter. These are my filter's numbers for the last three days:
Spammy mails are delivered to a special "Spam" folder (just like in GMail). All those were indeed SPAM messages. I've received no spam messages outside of those. The high number of CLEAN mails is because I'm subscribed to a few mailing lists and I receive notifications/tracking info/alerts from a number of services.
TL;DR: SpamAssassin is hard to setup and train correctly (just like the rest of a server's mail-stack). However, once you get over this part, the results can be as good as gmail's.
> I've received no spam messages outside of those.
How protective are you of your email address? My email is posted all over the internet, but I haven't seen spam in gmail for at least 6 months--probably longer.
I have a huge spam problem with gmail. Someone sold my email + first name. Googles spam filters are simply powerless if you include a first name in the email. I've reported these as spam (several a day) for months at this point.
> Googles spam filters are simply powerless if you include a first name in the email
I think you're going to have to look elsewhere for a cause. Someone (probably several someones) sold out my email and first and full name. Gmail has no problem correctly categorizing all sorts of spam addressed to me by name.
I may have an explanation for that. Gmail is very good at detecting waves of spam mails while the wave is being sent out. Basically, a (bunch of) hacked server(s) start sending SPAM mails. After some messages google realizes that these servers have been hijacked and starts rejecting mails from them.
If your address happens to be among the first of the spammer's list, you will be hit by these emails. Otherwise when they send to your address google has already stopped accepting mails from that (those) ip(s) and you don't receive anything.
It looks like enjo's address comes way before than yours...
Whatever the cause is, it's still Google's fault/problem.
I too have a big gmail spam problem (related to my email address being very short and guessable), and mark as spam on average about 10-20 emails a day.
Err... because Google's spam filter is letting the message in? Seriously, it is a spam message, delivered to Google, and Google put it in the inbox instead of the spam filter. I don't know how much more clear cut it could be.
I have a special "don't care" mail account whose mails are delivered to its own folder (included in the shown stats). I do get a spam message in that folder very occasionally (as in once per month), but it's really far off from becoming annoying.
... and on top of all that is the simple fact that gmail is backed by a very robust infrastructure and supported by company that's very unlikely to go out of business anytime soon. [You can make jokes about Google reader etc, but gmail is far too important to Google's public image to make that a reasonable concern.]
Together with the very decent UI, great spam handling, and free space, this makes gmail a pretty good choice for a lot of people.
Even with a good free version of the software, duplicating the entire package is a huge task ...
> On the other hand, no product (open source or not) should optimize for the outliers (not to be confused with edge cases).
I think (hope!) there's room for niche products. I would never try to make an email client "for everyone". All the ones I've tried are crap (because they're "for everyone").
If you'd said: define your market and optimize for that - then I'd agree. But to not aim for a niche if you're doing a small project sounds just crazy (and wrong).
Search is my biggest issue too. I switched out of gmail to my self-hosted server using roundcube and searching through IMAP is excruciatingly slow compared to gmail, even after I moved the mailboxes to an SSD.
I am not sure whether this is a limitation on the IMAP protocol, but I suspect a proper replacement to gmail might involve coding a new mailbox backend and protocol.
I may be wrong, but I believe IMAP, the protocol, just defines how IMAP clients/servers should issue and respond to search commands, but doesn't deal with mail indexing and things like that.
Cyrus IMAP, which I use, provides Squatter, which substantially speeds up search, but the IMAP client is still the interface. Performance I get is around a sec for a simple query, a few sec for a more complex one against a folder with 20K messages.
Last I checked, Roundcube had very limited search capabilities. Thunderbird is much better, but I'd prefer a terminal based search. Something like SQL. Does anyone know of a tool like that?
Add to that the speed. Roundcube looks pretty good, even Horde's could make a cut GUI-wise (judging by screenshots from the latest versions), but they both lag in the speed department, comparing to GMail or Fastmail.
For me, nothing; the huge thing about Gmail is it works flawlessly from my Android phone. No IMAP solution came close. These days I read most of my mail on the phone.
Once I was in a long check-in line at the airport. Silly me, I figured I wouldn't check in at home because I had to check bags. At the airport I got on my phone, pulled up the confirmation email, checked in, and went to the bag drop line. With the clumsiness of IMAP and dealing with it on phones I would never have managed to do this if I was hosting my own mail, and even if I had managed to do it, the cost would have been the hours and the hassle of maintaining mail.
It was at that moment that I realized I would never host my own mail again. Just not worth it.
The insufficiency of the alternative spam solution is what I was afraid of. =/ It's easy to forget how awesome Gmail's spam filter is when you get spam in your inbox so rarely that you almost forget it exists at all.
I keep saying that Google could make a mint if they licensed an API for it. They probably just don't want to bother and would prefer that they keep its talents exclusive to Gmail. Also, I suppose that the people who'd want to utilize it would be leery of running their mail through Google's servers.
I've been using mutt for 16 years and self hosting email. It's currently hosted on bigv.io. Spam is handled by spamd (ships with OpenBSD) and SMTP by OpenSMTPd. Local delivery is via procmail.
I have 40,000 messages archived with attachments etc.
Granted it's not pretty but it's fast, efficient, can read html mail fine and is pretty immune to spam.
Weird, I have exactly the opposite experience with spam -- my self hosted setup does better than gmail. Wrote this a while back, but still holds true: https://news.ycombinator.com/item?id=5441542
I don't have nearly the volume of email you do though. My inbox has 20K, probably another 70K in other folders. Thunderbird is fine for me, except I'd like a more powerful and faster search. Gmail search is not good enough, though much better than other webmail clients I've tried.
It's still pretty good, but I have been getting a lot more false positives in gmail lately than I used to. Even a security code from hotmail got redirected to spam, which I thought would be common enough (and important enough) that Google would have learned about it already.
I used mutt on the server as email client before switching to gmail. Simply because no desktop client would cope. So at least till 2005 it was fine with mutt; I had to ssh (that was fine), spam issues (nothing to do with mutt, but still) and worse; I was running a business; attachments were a big issue. I had to save them and scp them over. Later I just created a mailbox binaries@... to which I forwarded the mails with attachments I wanted to see, which I then retrieved with a pop3 desktop mail client. It's just not very practical when running (a) business(es).
I would imagine there are better solutions for the attachments now; in 2005 you couldn't really find that much to solve it as I remember.
I just mounted my ~/mail/attachments locally using SSHFS. Saving them with Mutt made them automatically "appear" on my machine. You could also install a few viewers on the server and then use X11 forwarding, which works fine if you have a decent connection.
> I wonder when filesystems became good enough for maildir to work with your volume of emails.
'99-2001 I designed and deployed a webmail service where we handled ~2 million user accounts using Maildir's on a single SAN device formatted with ReiserFS (the fridge sized device in question was not much faster or higher capacity than my current laptop.... Actually the whole infrastructure was probably not much higher capacity than my laptop). Many of us working on it had individual folders with tens of thousands of messages.
"Pure" Maildir without the client doing additional indexing will quickly get very IO intensive, but storing hundreds of millions of small files in a single filesystem was a solved problem by then and with some simple indexing or caching its trivial to handle that volume.
We handled the indexing needed to reduce the IO load imposed by the clients by writing a custom POP server and delivery agent that maintained some more metadata - partially in the filename of the messages (read/unread status etc.) - saving us a stat() call per message on scanning the folders. Partially by maintaining cache files with even more details, saving us re-scanning the message headers (accessed by the web frontend via a couple of custom/non-standard POP commands - much easier than contemplating dealing with the horrors of IMAP; for actual non-web client access we put proxies in front of our "special" POP server).
Thanks for the report. Do you think maildir is the way to go for storing email (plus additional indices), or do you think a more custom format (eg in some relation database or something completely different) is better?
I prefer Maildir but mostly because it is trivial to manipulate because it is so simple. Our design back then was based on the assumption that we could blow away all the cache files at any time, and it could all be trivially rebuilt from just the raw messages.
I still have a soft spot for flat files when possible for that reason.
Also for our usage we saw a relational DB as a scalability hassle, as we needed to be prepared to scale this to many backends, and dealing with an RDBS when each set of objects was specific to a user was not very appealing. Today the challenge in that is much smaller due to faster hardware, and there are far more options in terms of database solutions.
But at the same time there's just not that much to gain.
Collaboration or integration with Mailpile [1] might be a useful direction to consider. They are doing interesting work on the backend, but as far as I am aware, there isn't much frontend present yet.
I really like it - good work, keep it up. It's a good thing that you guys (you, Mailpile, Roundcube) develop alternatives to gmail.
However, for me to switch (like most here, I am a heavy email user), I need a few things:
- PGP encryption
- Contacts
- Calendar
Have you thought about expanding the developer base? Maybe via Kickstarter/Indiegogo? The alpha already looks good, I'm sure a lot of us would like to contribute to the development.
How effective would it be to self host your mail regarding spam?
In gmail I guess that once a few peeps click "Report Spam" on a mail that passed filters, similar mails are also flagged as spam in other accounts. I've always found gmail extremely effective at this, and I practically never flag mail as spam myself.
Sure, there are automated spam filters to configure, but overall wouldn't going alone make things much less efficient on that topic?
It's less effective for sure, but depending on your situation it might be good enough. On email systems I maintain the only filtering I set up is AV with Clamav. One reason for this is my huge dislike for solutions that statistical filtering provides -- you end up having to check the spam folder or whatever anyway. I just don't see the point. The only solution I think is a real proper solution is for spam never to hit any user mailbox in the first place, but that will probably never happen. So just I limit spam filtering to checking strict SMTP compliance for the messages (message format) and Spam Haus filtering as the last measure. I can't imagine any legitimate email ever tripping format/protocol checks, and I was amazed how much spam just those checks eliminated. Spam Haus cuts on that a little more. Sure there is still spam hitting the inboxes, but I think it's manageable (haven't had complaints), say around 30 messages/day for a busy address (for example, the main address [relatively widely published and always unprotected] of an international organization). YMMV of course.
EDIT: Greylisting would probably cut down on this further drastically, but I'm just too lazy to implement because no one complained yet about too much spam. :)
I couldn't imagine not filtering my mail. I hate seeing spam too much. To a point where minimizing it is an obsession. I spent a considerable amount of time on this about 10 years ago, but very little since [1].
Anyway, just did a quick search through mail.log and in the past 24 hours, I got 4017 SPAMS that were rejected at SMTP time by Postfix [2], about 40 SPAMs got through those, but caught by SpamAssasin [3]. 0 spam delivered to inbox. 0 false positives. 126 legitimate mails.
I'd looked into greylisting some years ago, but never implemented because I didn't like the idea of delivery delays.
So I'm in complete agreement with you regarding how effective SMTP level checks + rbl are, but I disagree regarding statistical filtering -- Bayes was key for me to getting 100%. I had put off adding this layer for years, because I didn't fully understand or trust it, but now I'm a believer. Also, once trained, it just works. I rarely look at my spam folder. Retraining is easy, I just drag a rare false positive/negative to HamCaught/SpamMissed folders then nightly training script auto learns.
[1] I was an email admin at a local gov agency, then tried to get into email hosting biz, so it wasn't just personal obsession.
[2] Using things like standard helo/client/sender/recipient restrictions, with very few custom rules, and rbl check using spamhaus.
[3] SA + razor/pyzor/bayes, again with very few custom rules.
We use Postini at work and it is terrible. Normal Gmail filters are much better. I hear Google is replacing Postini with something they developed themselves.
I look forward to the day when it will be easy to set up and configure a mail server at home. By all accounts, it is currently a very painful process that is prone to error and interrupted service.
Doing it at home probably isn't a practical option unless you somehow get an IP that isn't blacklisted, but doing it on a VDS isn't that bad.
I host my email on a VDS. I would kind of like to be able to host other people's too, but I've always been freaked out by having the ability to read my friends' emails.
er. this is probably a dumb idea. works for 1 person only i guess. you can use google's smtp after signing up for google apps. http://emailrelay.sourceforge.net/ is 1 of the ways to relay(actually more forward than relay i guess) via smtp.gmail.com. now you're not blacklisted? even if you're running your server at home on dynamic ip? now u just need to be able to update enom or dyn whats your ip as it changes?
Happy to see more alternatives to Gmail. I am still using Gmail with the old HTML interface, as the new one is cluttered with all kinds of stuff I do not need.
Stay with KISS, when it comes to functionality and interface, with optional integration of PGP.
I wanted to quit using google services for long, but it is only now that I get active in that regard (e.g. duckduckgo as search engine). As such, I am searching an alternative for the
1. web based storage of emails
2. a good web interface.
As for 1., I stil have not found anything really interesting that comes for free.
As for 2., I was once using Mutt and found it quite efficient, and am now thinking to try out sup. However, there is still this feeling that there could be a better client when it comes to usability and ease of installation. Using Mutt on Windows can be really annoying.
Very cool. Looks like a really good web interface that would be a pleasure to use.
On a personal note, am I the only one that generally prefers a mail client? The ability to combine all my emails (work, gmail, @mydomain, etc) into one unified inbox is why I prefer it.
I do as well. That also opens up other possibilities like the ability to just drag and drop an email between IMAP accounts. The other day I was getting smtp errors from Google, so I sent a work email from a personal account, then dragged it to work sent items, because I won't remember to search for it in personal.
I think we'll see a lot more of this type of software in the near future.
It's easier and cheaper than ever to automate the setup of servers. Imagine being able to click a few buttons, in something like the webmin of yore, and suddenly having a private mail server/file sync node/document editor application, set up at the VPS provider of your choice.
This type of thing will encourage open standards, as the private servers will need to communicate with each other. It also ties in nicely with concerns about the implications of everything being hosted and controlled by major providers.
There are probably business opportunities at many points in this model.
The Distributed Everything blog post encouraged me to leave most of Google' services due to their closed ecosystem and the violation of privacy. I managed to leave everything (GTalk/Hangouts, Agenda, Contacts, Google+, etc.) except Gmail because of how great and useful filters and labels are. In my opinion, these two points are the reason why Gmail cannot be easily replaced. I thus would encourage working on these futures.
Also, I don't want to sound like a troll, but I wish it was build in a more popular language, such as Java (it's not my favorite) to encourage contributions.
Good luck!
Quite a minor point of feedback, and not altogether fair, but attempting to obscure your email (~) gives me a bit of a lack of confidence in the spam filters you're using. I have my gmail up in plaintext on my homepage, and don't experience too many problems.
If nothing else, putting your email in plaintext could help you debug your spam prevention?
Kudos! I think the hardest part will come in trying to maintain and scale this from an interoperability perspective. I used to work at an ISP where 80%+ of the work on the mail product was getting our IPs un-blacklisted and other ISPs from not blocking our traffic anymore, as well as pruning out the bad/bot users.
The biggest pain I've experienced with similar web interfaces was mobile. For the desktop there are a few that are decent, but on mobile they generally suck. So do the native email clients for Android and iOS.
Do you plan to stick with a desktop version? Will you always design 'destop first'?
Would be nice to see people get together and finalise a viable alternative. Keep up the good work!
Meanwhile, here is another potential solution. https://assemblymade.com/amail
This is pretty neat. Not sure if these are features available in the pro version but two things I think it's missing are (or that I didn't see in the demo):
- multiple identities, so that when sending email you can pick the from email address + signature
- setting filters for any header. This is useful for filtering mail based on the spam level header so that they go straight to the spam folder.
I installed it on a hosting account and it works well. But I still fighting to get a tiny VPS running to host my email. I plan to co-run Afterlogic and alpine via SSH. Alpine allows for multiple identities - you can put whatever you want in the FROM field if you enable this in the configuration settings.
Great Job. Ignore all the other projects that are out there please (If they are not BSD, they are useless for me). This is what I was waiting for. I would recommend developing both mobile / desktop together.
Horde seems to be full of bugs regarding security. Several of my friends run it on their servers and had the server compromized. Looking at web server logs, the backdoor was always some part of Horde/Imp web interface.
They have all moved away from it since, so I can't tell if all of those have been fixed recently, but the whole architecture of it is not something I would trust.
I actually use squirrel mail but its interface is still stuck in 1999. Roundcube is pretty good but I didn't like it very much the last time I installed it.
I appreciate the hard work. Nevertheless, IMHO it would be better if open source projects will bring original ideas to the market, instead of copying an existing product.
I'd argue that post-PRISM, there's a big opportunity to re-create self-hosted options for services known to be open books to the government. It might not be creative, but it does provides users a familiar alternative to storing their data in the cloud.
Nice client - but looks so 90s. No offense meant, but i have the mail client open all day. I need a fast, responsive client with a good search engine and spam detection. And a good look.
Not sure if squirrelmail could do it.
What is the benefit of a web client if you keep it open the entire day? I find standalone clients, like Sylpheed, much easier to use and you're not constrained by what you can run in browser.
What I'm lacking right now is a decent webmail client. Roundcube isn't exactly my type of thing, mailpile might be interesting. This seems ambitious and interesting in general, but seems to come with too much strings attached (puppet? No, ansible. Comes with postfix? I already have that). So .. it is more than I'd need.
I do like the idea of ready-made, easy mail server setups though (obviously, given the first paragraph). Perhaps a project like this could integrate well into owncloud or arkos though?