What I'm lacking right now is a decent webmail client. Roundcube isn't exactly my type of thing, mailpile might be interesting. This seems ambitious and interesting in general, but seems to come with too much strings attached (puppet? No, ansible. Comes with postfix? I already have that). So .. it is more than I'd need.
I do like the idea of ready-made, easy mail server setups though (obviously, given the first paragraph). Perhaps a project like this could integrate well into owncloud or arkos though?
Do you think we should work on an open source solution for
The project is a very clean webmail server, starting with our clean protocol implementations (SMTP, POP, IMAP) and does not require external projects.
Try with hn/hn...
Update: Please don't change the password for this hn account. As an admin, I can reset it, but have better things to do today ;)
I'm curious of the reasoning behind your decision to reimplement SMTP instead of just using Postfix, for example. I run mail servers for an ISP (and myself) and take advantage of a lot of the "advanced" functionality that Postfix has acquired in the last 15 years.
Our protocol implementations use a specific DSL, that generates Opa code which is strongly statically typed with high-level types such as variants/rows. Although we currently lack many features or optimizations, the approach is clean and much easier to certify.
Yes, we are thinking about the following business model for PEPS, which was built for an important account but of which we own the IP.
1. Open source under the AGPL license, so that anyone can host its own instance easily and hopefully we can build a community around the product.
2. Sell support (together with a non-AGPL license for corporations).
1. Open source under the MIT license the current product.
2. Sell a complete packaged solution with add-ons for corporate users.
Any feedback between the two?
See, I can also use offensive language to describe a license. Doesn't that make for a nice conversation here on HN?
Please point out what exactly the different conclusions are to that text.
If the Program as you received it is intended to interact with users through a computer network and if, in the version you received, any user interacting with the Program was given the opportunity to request transmission to that user of the Program's complete source code, you must not remove that facility from your modified version of the Program or work based on the Program, and must offer an equivalent opportunity for all users interacting with your Program through a computer network to request immediate transmission by HTTP of the complete source code of your modified version or other derivative work."
That last part--"derivative work"--is somewhat the rub.
Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version
The definition of Corresponding Source code is listed earlier in this HN thread.
That said, as we need to make a living, and if we go the MIT way (see comments below), there are high chances that the Exchange support will be a paid extension.
Still, for people looking for a more complete package that looks like a much better alternative.
Not for me, because I'm trying to get away with a much smaller machine and less dependencies (i.e. I'm still really unsure if I want a webserver. I decided to go for clucene instead of solr because of the dependencies etc. etc.).
I will follow that repository though and think about recommending that to friends/coworkers though, depending on their needs/expectations.
Plus: While I self-host my mails for a while (without an automated setup of sorts, the one off snowflake sort of thing, so quite different from this here), I don't claim to be an expert here. Check what I did, take it as a template, don't use it without a basic understanding.
If there are some postfix/dovecot gurus out here and would like to point out obvious flaws in my setup - go ahead!
I wouldn't do that again, though (hence my stumbling around with ansible). If the machine goes down/you want to recreate it or duplicate it for a friend's setup (without dd-ing everything and trying to figure out what to change later) you're back to square one. It's probably month or years after you read the guide that created your system, you don't have the link handy anymore, forgot all you learned about gotchas in the doc that were slightly different for your deployment.
These guides aren't bad per se. My current system is a heavily customized result of various "Here's how I do mails" guides as well and it works like a charm, for quite some time. But I could never reproduce it again, which caused my reluctance to jump from GMail as my primary account to the self-hosted one - even if that one works for me, for years.
IF all my critical data (password reset mails, banking information etc. etc.) end up on a host I'm responsible for, I want to be able to replace that thing ASAP if something goes wrong.
Currently (unfinished, see my link above), but:
time ansible-playbook -K -i hosts site.yml
That's from a bare bone installation (nothing on there but ssh, my unprivileged user with sudo privileges) to a running mail (smtp/imap), calender/contacts & xmpp server.
I don't claim that MY project is the way to go, quite frankly I'd be very uncomfortable to push others to use it. But I do believe that infrastructure that is this essential should be easy to recreate/reproduce, even for laymen/single persons.
There's also kolab.org which is completely free software (uses Roundcube for web interface since 3.1).
Also see: https://community.zarafa.com/
Achiles heel now for DIY solutions is the web mail. Roundcube, the best candidate, is not really stellar (almost unusable on 1366x768 screens).
 - http://manurevah.com/blah/en/p/mailboy
That said: The point of these automated recipes is that you can run them _without_ reading a blog and copy/pasting things in a shell. I do plan to write about my experience. After I set up a blog. cough
I've been looking to get into it but just haven't made a move on it yet...
I'm actually not sure it's better than the shell scripts it replaced so I may end up switching back.
In general I hate the state of the documentation. It's barely usable.
I do like the simplicity of the format (.yml) and the architecture (no agent required, only dependency is python and I think even that can be bootstrapped via python).
My playbook (see above) certainly feels like a shell script packaged in .yml format, but .. I stumbled over and over again when I tried using ansible's modules (examples: No way to create postgresql roles without a password, no way to load data into postgresql => Two things I've to do via shell: or command: in my project).
Bottom line: I'm happy with the state I have, but I'm far from happy with ansible as a technology and probably wouldn't use it as it is for the next deployment project.
- jinja2 templating for config files
- roles & tags
- many error-cases already thought of and coded around.
Every time some new frontend/backend comes up, I say the same (and have done on HN before); i'm not a typical user; I had email since '95, I have been a heavy user since then and I took my mail with me since. In 2005 I was looking, like I had been then as well, for a better mail solution and stumbled upon gmail. I wrote an export script for the mail system I was using at the time and imported 10 years of mail into gmail.
I now have over a million mails in my mailbox (i'm not sure what is the total); I have over 50 mail addresses coming to my inbox, I receive 1000s (sometimes 10.000s) of spam messages per day which Google filters well. I guess this is due to the fact I have had/have businesses on those 50 mails since 1995. All clients I tried so far just simply hang when I try them, including outlook (exchange or imap), thunderbird and some free and commercial web versions (yahoo and outlook web/live simply don't work; I cannot even read my mail through the amount of spam and the clients are horrible for productivity imho. Slow as well).
I also need a solid spam solution; spamassassin simply doesn't cut it; not only does it run high processor on my server, it doesn't actually filter stuff like google does. Google almost never goes wrong for me; actually; I have had very few mistakes / missing mails. While with spamassassin, I'll be carefully inspecting 5k mails / day while still getting spam in my inbox.
I think my mailbox is a bit weird now, but it'll be quite normal as it'll be normal for people to have a mailbox since birth and taking it with them till they die. If you run a few businesses along the way, getting to 1 million messages is not hard; spam will find you as well. Media messages are getting common; I make a point of using dropbox/sftp for attachments, but not everyone does that, so I do get videos, huge blah megapixel cameras of birthdays of family etc. This is normal and will only grow; the current mail solutions don't handle it well. If you want to deliver a competitor to gmail, you need to make this work imho and it needs to be a test case.
* spam detection
* mail header hacks
I don't think that can be approximated in "a few months".
> 50 mail addresses coming to my inbox
On the other hand, no product (open source or not) should optimize for the outliers (not to be confused with edge cases).
Edit: also, the Google team was really good to me and my (free! well I pay more for storage obviously, but it's not a google apps one) mailbox; on several occasions they contacted me when my mailbox was not functioning and helped fix the issues with it. Compared to a few years ago, the gmail backend, for me has gotten a lot better; search used to just stall; now it's always fast and accurate. And when I deleted a significant amount of mails, my mailbox would be unreachable for at least 1 day (giving a Oops error code 14 or something like that); no it just works.
Edit2: I rather would like the spam AI from Google as a webservice for all clients to use, or an open source alternative. Spamassassin is a nice initiative, but it never worked for anyone I know. A lot of my colleagues just ended up routing their company mail through gmail to get a better spam filter.
What might change at some point is A&E launching a Digital Hoarder reality show wherein people with such a storage proclivity can get the help they need.
Maybe you are right. I don't think so though; people are lazy and if the default status is that you can keep everything you have anyway (considering the allotted yearly storage growth and the plummeting prices of storage in general) you won't bother deleting anything.
You seem to come from the same time as I do ; I had my first modem around '85 and was very active on BBSes. I ran my BBSes, for most of the 80s, of 720 kb disks, so I do know what storage limitation was. It's just not there anymore. Gmail now easily handles all of this and so should some other solutions imho, especially the ones wanting to compete with gmail. Google said; 'never delete another mail' and i'm sure people got used to that by now for all cloud services.
The mail address and email hoarding came when I started making serious companies. And it's not like they bother me or whatever. Maybe I will throw everything away some time, but for now; I dodged an almost million euro gov fine a few years ago by having a complete mail conversations + attachments with my employees between 2002 and 2004. I would be in a whole load of crap if I wouldn't have those anymore.
I've been on Gmail since 2005 and have about 100,000 messages at 20 GB. There's messages coming in from 25 different addresses at 300/day with 100 being spam.
I don't feel like I'm an email power user though, I imagine people in sales do about 100x more than this.
It's definitely a requirement to be able to do this and I feel even if we would be outliers, in a couple of years we won't be anymore.
I wrote an export script for the mail system I was using at the time and imported 10 years of mail into gmail.
I don't think so though; people are lazy and if the default status is that you can keep everything you have anyway
The default status is that stuff goes away. I believe you're arguing that "this time it's different" but I see no evidence for that. In fact, there is a post almost every day on HN about Gmail users looking for an alternative. I myself can't wait to get off Gmail. When I do that I'll happily explicitly delete my Gmail account and all the email in it. Because I am lazy and it's easier to do that than it is to write a script to transfer it to what I use next.
You seem to come from the same time as I do ; I had my first modem around '85 and was very active on BBSes.
I got my first modem in 1985, got a phone line as my Christmas present from my parents in 1986 and started my own BBS. Started a consulting company in 1993. Started a small ISP in 1996, sold it in 1998 and started working for corporate America.
In the U.S., I find from a legal perspective that the less documentation you have the better. That's why every large U.S. company has an email retention policy that is very short. Anyone looking to sue you needs proof and often that proof comes from your own records as part of discovery since they don't have any proof. If as part of a standard process you delete everything you're not legally required to retain then you can't be forced into helping their case.
My, old person who grew up in the 80s, case versus people I know and talk to who are <= 20 y/o now.
> In the U.S., I find from a legal perspective that the less documentation you have the better. etc
This particular thing was a large project, paid for by a gov grant (not sure if that's the correct word, but I think it means the same) early and ran from 2001-2009; the grant was for millions. A few years ago, suddenly they came to check on the project; see if all paperwork is in order, hours written etc. Now during one of the office moves, someone misplaced the actual paperwork we prepared for this including CDs with source code, revision history etc (Now only if there was some kind of storage on internet to store this on...). We would have to pay that money back + fines if we cannot actually prove we did the work and who did it. In your case, we would've had to pay the money/fines, because outside my mail, there was no way to prove anything. And these gov checkups come years and years after the fact.
Granted; this was a stupid mistake of someone who thought the boxes were full of outdated crap, maybe even an external mover, however, I don't see the downside with keeping everything in this case. Especially if you have a company. In the US you have all kinds of legal issues; I understand that, we don't have that really, so worrying that someone will check your mail, even in courtcases, is not very likely.
If I host my own email server, my spam filter will only have my inputs to determine what is spam.
This leads me to an idea. There probably can be a service to build a dynamic corpus of spam samples. If I mark a message as spam, my email server can send a sample to the service, and periodically, my email server will download "top 100" samples to feed its filter.
I've been hosting my own email on a small personal server for some ~7 years now. All my email addresses redirect here (I have 9 frequently used addresses, and a bunch of website-specific ones). I'm using spamassassin (plus amavisd-new) as a proxy content filter. These are my filter's numbers for the last three days:
TL;DR: SpamAssassin is hard to setup and train correctly (just like the rest of a server's mail-stack). However, once you get over this part, the results can be as good as gmail's.
How protective are you of your email address? My email is posted all over the internet, but I haven't seen spam in gmail for at least 6 months--probably longer.
Hell, it gets marked as important.
I think you're going to have to look elsewhere for a cause. Someone (probably several someones) sold out my email and first and full name. Gmail has no problem correctly categorizing all sorts of spam addressed to me by name.
If your address happens to be among the first of the spammer's list, you will be hit by these emails. Otherwise when they send to your address google has already stopped accepting mails from that (those) ip(s) and you don't receive anything.
It looks like enjo's address comes way before than yours...
I too have a big gmail spam problem (related to my email address being very short and guessable), and mark as spam on average about 10-20 emails a day.
Why is it that no matter what the cause is, you feel that Google is to blame?
Together with the very decent UI, great spam handling, and free space, this makes gmail a pretty good choice for a lot of people.
Even with a good free version of the software, duplicating the entire package is a huge task ...
I think (hope!) there's room for niche products. I would never try to make an email client "for everyone". All the ones I've tried are crap (because they're "for everyone").
If you'd said: define your market and optimize for that - then I'd agree. But to not aim for a niche if you're doing a small project sounds just crazy (and wrong).
Right. But if you're writing a gmail clone, just don't get sidetracked by the token comment about email archives from 1985.
I am not sure whether this is a limitation on the IMAP protocol, but I suspect a proper replacement to gmail might involve coding a new mailbox backend and protocol.
Cyrus IMAP, which I use, provides Squatter, which substantially speeds up search, but the IMAP client is still the interface. Performance I get is around a sec for a simple query, a few sec for a more complex one against a folder with 20K messages.
Last I checked, Roundcube had very limited search capabilities. Thunderbird is much better, but I'd prefer a terminal based search. Something like SQL. Does anyone know of a tool like that?
Once I was in a long check-in line at the airport. Silly me, I figured I wouldn't check in at home because I had to check bags. At the airport I got on my phone, pulled up the confirmation email, checked in, and went to the bag drop line. With the clumsiness of IMAP and dealing with it on phones I would never have managed to do this if I was hosting my own mail, and even if I had managed to do it, the cost would have been the hours and the hassle of maintaining mail.
It was at that moment that I realized I would never host my own mail again. Just not worth it.
I keep saying that Google could make a mint if they licensed an API for it. They probably just don't want to bother and would prefer that they keep its talents exclusive to Gmail. Also, I suppose that the people who'd want to utilize it would be leery of running their mail through Google's servers.
I have 40,000 messages archived with attachments etc.
Granted it's not pretty but it's fast, efficient, can read html mail fine and is pretty immune to spam.
The best thing is I haven't changed it for years.
image/*; yourviewer %s
I handle HTML mail, PDFs, word documents, everything with complete ease.
I don't have nearly the volume of email you do though. My inbox has 20K, probably another 70K in other folders. Thunderbird is fine for me, except I'd like a more powerful and faster search. Gmail search is not good enough, though much better than other webmail clients I've tried.
It's still pretty good, but I have been getting a lot more false positives in gmail lately than I used to. Even a security code from hotmail got redirected to spam, which I thought would be common enough (and important enough) that Google would have learned about it already.
I would imagine there are better solutions for the attachments now; in 2005 you couldn't really find that much to solve it as I remember.
I just mounted my ~/mail/attachments locally using SSHFS. Saving them with Mutt made them automatically "appear" on my machine. You could also install a few viewers on the server and then use X11 forwarding, which works fine if you have a decent connection.
I wonder when filesystems became good enough for maildir to work with your volume of emails.
'99-2001 I designed and deployed a webmail service where we handled ~2 million user accounts using Maildir's on a single SAN device formatted with ReiserFS (the fridge sized device in question was not much faster or higher capacity than my current laptop.... Actually the whole infrastructure was probably not much higher capacity than my laptop). Many of us working on it had individual folders with tens of thousands of messages.
"Pure" Maildir without the client doing additional indexing will quickly get very IO intensive, but storing hundreds of millions of small files in a single filesystem was a solved problem by then and with some simple indexing or caching its trivial to handle that volume.
We handled the indexing needed to reduce the IO load imposed by the clients by writing a custom POP server and delivery agent that maintained some more metadata - partially in the filename of the messages (read/unread status etc.) - saving us a stat() call per message on scanning the folders. Partially by maintaining cache files with even more details, saving us re-scanning the message headers (accessed by the web frontend via a couple of custom/non-standard POP commands - much easier than contemplating dealing with the horrors of IMAP; for actual non-web client access we put proxies in front of our "special" POP server).
I still have a soft spot for flat files when possible for that reason.
Also for our usage we saw a relational DB as a scalability hassle, as we needed to be prepared to scale this to many backends, and dealing with an RDBS when each set of objects was specific to a user was not very appealing. Today the challenge in that is much smaller due to faster hardware, and there are far more options in terms of database solutions.
But at the same time there's just not that much to gain.
However, for me to switch (like most here, I am a heavy email user), I need a few things:
- PGP encryption
Have you thought about expanding the developer base? Maybe via Kickstarter/Indiegogo? The alpha already looks good, I'm sure a lot of us would like to contribute to the development.
In gmail I guess that once a few peeps click "Report Spam" on a mail that passed filters, similar mails are also flagged as spam in other accounts. I've always found gmail extremely effective at this, and I practically never flag mail as spam myself.
Sure, there are automated spam filters to configure, but overall wouldn't going alone make things much less efficient on that topic?
EDIT: Greylisting would probably cut down on this further drastically, but I'm just too lazy to implement because no one complained yet about too much spam. :)
Anyway, just did a quick search through mail.log and in the past 24 hours, I got 4017 SPAMS that were rejected at SMTP time by Postfix , about 40 SPAMs got through those, but caught by SpamAssasin . 0 spam delivered to inbox. 0 false positives. 126 legitimate mails.
I'd looked into greylisting some years ago, but never implemented because I didn't like the idea of delivery delays.
So I'm in complete agreement with you regarding how effective SMTP level checks + rbl are, but I disagree regarding statistical filtering -- Bayes was key for me to getting 100%. I had put off adding this layer for years, because I didn't fully understand or trust it, but now I'm a believer. Also, once trained, it just works. I rarely look at my spam folder. Retraining is easy, I just drag a rare false positive/negative to HamCaught/SpamMissed folders then nightly training script auto learns.
 I was an email admin at a local gov agency, then tried to get into email hosting biz, so it wasn't just personal obsession.
 Using things like standard helo/client/sender/recipient restrictions, with very few custom rules, and rbl check using spamhaus.
 SA + razor/pyzor/bayes, again with very few custom rules.
Doing good software is one thing, doing it with a good touch of humor is what makes it stick. +1.
I look forward to the day when it will be easy to set up and configure a mail server at home. By all accounts, it is currently a very painful process that is prone to error and interrupted service.
I host my email on a VDS. I would kind of like to be able to host other people's too, but I've always been freaked out by having the ability to read my friends' emails.
1. web based storage of emails
2. a good web interface.
As for 1., I stil have not found anything really interesting that comes for free.
As for 2., I was once using Mutt and found it quite efficient, and am now thinking to try out sup. However, there is still this feeling that there could be a better client when it comes to usability and ease of installation. Using Mutt on Windows can be really annoying.
On a personal note, am I the only one that generally prefers a mail client? The ability to combine all my emails (work, gmail, @mydomain, etc) into one unified inbox is why I prefer it.
It's easier and cheaper than ever to automate the setup of servers. Imagine being able to click a few buttons, in something like the webmin of yore, and suddenly having a private mail server/file sync node/document editor application, set up at the VPS provider of your choice.
This type of thing will encourage open standards, as the private servers will need to communicate with each other. It also ties in nicely with concerns about the implications of everything being hosted and controlled by major providers.
There are probably business opportunities at many points in this model.
Also, I don't want to sound like a troll, but I wish it was build in a more popular language, such as Java (it's not my favorite) to encourage contributions.
However, I like your project and it would be nice to have an alternative if I decide one day that I value my privacy more.
- Email server that I can run for my domain.
- Search a large number of messages on the server
- Spam detection on the server
- Automatic labelling / categorisation on the server for incoming mail
- Address book
- Saving of drafts on the server so I can edit and send on several devices
- A webmail interface
Is this intended to be a GMail replacement or another webmail interface?
This is just my MVP.
If nothing else, putting your email in plaintext could help you debug your spam prevention?
Do you plan to stick with a desktop version? Will you always design 'destop first'?
I like it compared to other scripts like SquirrelMail or Horde.
Really nice web interface though.
I installed it on a hosting account and it works well. But I still fighting to get a tiny VPS running to host my email. I plan to co-run Afterlogic and alpine via SSH. Alpine allows for multiple identities - you can put whatever you want in the FROM field if you enable this in the configuration settings.
Would be cool to have in all the "home server" platforms (Freedom Box, ArkOS, ...) too!
I myself prefer webmail.afterlogic.com
It has a free light version.
They have all moved away from it since, so I can't tell if all of those have been fixed recently, but the whole architecture of it is not something I would trust.
However I am afraid without the opportunity to put a man year work into it, it will be hard to tick all the boxes.
I really hope you succeed, though.
(Disclaimer I am a backer of Mailpile)
Would love a gmail alternative for hosting email on various domains. Look at fastmail - but it's not quite what I want yet.
> Mailpile has a built-in web server and will eventually include a proper web-based interface for searching, reading and composing e-mail.
I'll have to check it out and work out what it actually is/does sometime.
Post? You optimist you. If anything we're smack in the middle of it.
The Dovecot devs shouldn't have made Dovecot when we already had UW IMAP. Postfix is redundant, we've had Sendmail for decades.
They all should really have done something original instead.