The software was fragile, slow, and broke often. Maybe it's better now (a few years later). But at the time it was negatively impacting productivity.
I've moved to Sogo. Zero problems after install.
File sync is Resilio. Bittorrent sync was unusable, the new re-branded (and fixed) Resilio works fine.
Just my $0.02
How's Sogo with regards to maintainability and upgradability?
And here's the money quote: "The effort has been quite successful. Of the tens of thousands server owners who were informed, over 5% had upgraded already in the first ten days." In other words 95% were left vulnerable and they were responsible for it. Does not inspire trust.
It's really, really, nice.
IMO, there are limitless other things I'd rather be doing than these!
The problem is that you need a lot more volume to be able to use the feedback loop mechanisms ( https://blog.returnpath.com/what-is-a-feedback-loop/ ) efficiently.
Sure, it all works, but it's still the old piece of shit SMTP wild wild west, because when it stops working, you can do nothing. (But usually going to the saloon, having a rough night and waiting will solve things.)
Observe how few of the major sites are DNSSEC-signed. In reality the only purpose signing has is allowing your site to vanish from view of the few DNS resolvers dumb enough to do DNSSEC validation.
I figured that it would be, but trying to set it up was the single most frustrating thing I've ever experienced running a Linux box, and I never did get anything properly working after many days of trying. The principles seemed straightforward enough and there was plenty of software available, but what I really wanted was to self-host the mail store and IMAP server but send/receive via ISPs or other services who are better at administering a full-time SMTP setup than I am, and somehow I just never could find the magic incantations in the settings files to make that go. :-(
For inbound, you'd presumably want the server using fetchmail or getmail to then push them into your local mailboxes. Should be plenty of documentation on those projects.
Given that fundamentally neither email protocols nor mail store structure on a typical Linux box are particularly complicated, and that all of the software I was using was well established and reputable, it was an exceptionally frustrating experience. Someone with more skill than me would surely have installed the relevant half dozen or so packages from the distro, edited a few configuration files to set up the remote mail server details and identify the local processes to each other, and had everything working within a few minutes. Unfortunately, without that knowledge the sheer number of options and possibilities was overwhelming and I never got that far. What I really needed was a one-page HOWTO for the most simple use case and a setting for each package that said "don't try to do anything clever or unusual", but what I had at the time was literally hundreds of screens' worth of detailed parameters and config file options, each written according to the conventions and assumptions of their own package.
I am running the official docker image with an apache2 frontend (http/https) and it pretty much works flawlessly.
Just checked the GH issue and it is still open: https://github.com/owncloud/client/issues/4327 and https://github.com/nextcloud/server/issues/5145
I created https://www.etesync.com for that purpose exactly, it does end-to-end encrypted sync for Android and desktop for your contacts and calendar.
One thing that I miss though is a nice web interface for calendar and contacts. Especially if I want to do some sort of cleanup of data. Is this functionality planned? Or is there some open source web calendaring software that you would recommend?
I've also been looking for such a solution for years, and except for the short-lived Flock by the Open Whisper Systems people, I couldn't find anything. That's why I finally decided to create it almost a year ago.
Edit: you just edited your reply while I was writing mine, to answer your additional question:
For a variety of reasons, the browser is not a safe environment for such an application, at least not currently. There is however a CalDAV/CardDAV gateway (beta) that you can host locally and essentially use any application that supports those to quickly edit your data, or alternatively, if you are a programmer, there's an open source (like everything from EteSync) python API (both low-level and high-level) that you can use to manipulate the data.
1. This assumes https can be trusted, that is, MITM is not a possibility. This is a fair assumption for many people, but not for people whore are scared of state actors, which is common for journalists in and citizens of some countries. - This can be mitigated to an extent with certificate pinning, but I don't think all software support it (correctly?) and it's another thing to get wrong.
2. This assumes your server is trusted. It is not. If it's hosted in a remote location (e.g. VPS or even metal in a server farm), it can't be trusted. If it's at your home, based on how much of a target you are, it can't be trusted. Even if your server is physically secure, this assumes it won't be hacked, and you should never assume a public facing server won't be.
Of course this all depends on your threat models, and this may not apply to you, but https to your own server is definitely not the same, and given that adding end-to-end is almost "free" for most users, it's a good idea to error on the side of safety and just do it.
Re: 2. If your server is untrusted (because it's a remote virtual server) or hacked, e2e will not protect you.
2. How so? EteSync for example has a git like integrity verification (just with HMAC instead of hash), so it's easy to check consistency across clients, and the server can't forge anything. The worst the server/MITM can do is stop syncing a specific client which would be easy to detect. A rogue server can't even omit specific changes, only stop sync. So I don't agree with your assertion.
I would love a whitelist-only inbox. I'm sick of spam, marketing mail, etc. I'd like one public email address that catches all the garbage. Then, I'd like a private email address that accepts emails from my contacts, and bounces the rest.
You're doomed. Because at least one of your correspondents is going to upload their contacts to some service, and that service is now aware of you.
1. Fake the origin to actual destination of choice
2. Your server bounces the original message wrapped by the SMTP error report.
3. Actual destination receives error report containing spam content from YOUR server
A proper solution would be to REJECT the message before it is accepted. However, Dovecot Pigenhole doesn't support that (yet).
And it's using standards (Carddav, Calddav) so you can be somewhat secure in the knowledge that other programs can implement the protocol (or should). :)
EDIT: I guess I should have read the post, but eitherway I'm going to keep this comment up as a review of the software.
Every day at 6am my server runs a cron job. If there are appointments I get an email and an SMS. The server also makes a unique noise over the house PA system (I live alone) but that is mostly because I can.
SyncML was pretty rock solid and interoperable when you could find support for it, but the damn thing was such a nightmare to implement that the only open source implementations were buried inside groupware solutions.
I think something like this would be really useful. I've seen services that provide this via a 3rd party hosted service but I don't trust someone at some random company not to read my messages.
... do you know how SMS works? Specifically that it is sent in plaintext for anyone who cares to listen anywhere along the path?
Maybe try Signal. It has a desktop app.
Yes. Does making a bad situation worse help anyone?
I'd use Signal/RedPhone if even 5% of my contact knew what that was.
For example, with Verizon:
Doesn't address the self hosting part but this is an easy way to send SMS from a desktop/laptop.
I'm fine with that.
> The advantage of doing it via the carrier is that the phone is taken out of the loop and you're directly sending to the carrier via the internet.
The disadvantage of doing that is you than need to stay with that carrier. I'd rather be able to change if my carrier starts doing things that are shifty without needing to change the way I interact with my phone.
It mostly works so far, but I'm definitely looking for a simpler, easier to implement solution. I looked at Radicale before, but I forget why I passed it over. I'll have to look into this.
This is what Google Mail + Calendar are using, including features like RSVP, etc.
It's all there, just passing iCal objects around.
The subject of "who the hell isn't tech savvy enough and doesn't have an account already" is quickly answered with: I'm an uncle, my niece knows her way around the computer and knows the calendar, but has no idea why'd she need an e-mail account, and wouldn't bother to even try at this point.
I've used garden variety email hosting auto-magically setup on VPS's from such luminaries as GoDaddy without problems for many years. I have never worried about how to setup an email server, just get a cheap VPS, setup email addresses and you are good to go. Given this experience I have to admit to not understanding why Zimbra is so fat.
Except that the moment you "share them across devices", at least one large company will silently grab your contacts anyway. And several others will try to, too, with one excuse or another.
So though you have a point, I don't think it goes against the post.
I want to have multiple devices able to access my important data.
I have no interest in sharing that data with Google, Apple, Facebook, LinkedIn, or $SMALL_TIME_APP_DEVELOPER and will actively avoid any system that requires me to do so.
It's essentially file share for database records, and I remain surprised that something like this isn't in wide use already.
Docs haven't been updated in years, but here's a description of the thing back when I was focused on the client rather than the sync engine -
Whatever you're using to sync contacts, without syncing them to this contact app, it seems (to me) as useful as keeping a textfile full of phone numbers in Dropbox. You won't have any useful prompts telling you that it's Dave phoning you, John texting you, or Alice's number to phone/text.
This is, admittedly, neatly worked around by keeping your permission requests under control, but... stuff like this, from before the granular permission system on Android was available, are annoying.
But that wasn't the article's concern at all, as you pointed out in another comment.
I'm looking into a similar solution, and found roundcube.net features to be exactly what I need
while doable. cost is still far more common shared hosting or accepting a mail on google.
His concern is not that they companies would grab a copy, his concern is that he used to rely on them for syncing. He no longer has to rely on them. Google can shut down calendar and contacts and he would still be fine.
This ultra-politically correct mentality is what makes it hard to battle people like Trump.
Be civil. Don't say things you wouldn't say in a face-to-face conversation. Avoid gratuitous negativity.
When disagreeing, please reply to the argument instead of calling names. E.g. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
Please don't insinuate that someone hasn't read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that."
It's not called "left-coast/euro sensitive", it's called manners.
However, I will put what lorenzhs said a bit more bluntly.
Please don't go out of your way to be a dick - there is no need for it, and it benefits nobody.
Another advantage is that you're just different. So if someone (or some State) attacks a commonly-used service, this will be protected simply by being different.