1. SH Avatar SH
  2. Untitled project
  3. MailServer
  4. Issues

[Questions]: Open Source and other Components

Issue #29 closed
Former user created an issue

Hi,

I just spun up an instance of your "wonderfully put together" mail server in a "Docker" box! Awesome stuff. It "just works" (tm) -- which I really like.

What I don't like however is the Roundcube Webmail.

Given that poste is built on open source components; Do you have the Dockerfile published anywhere that created the Docker image? If so; may I modify it? Can Roundcube Mail be swapped out for something like Mailpile?

Also are there any plans to provide other alternative forms of user authentication? I have used Kolab Groupware before but find it "too heavy" on system resource; but the one thing I did like about it was it has a wonderfully easy to use LDAP Web Interface that made actually using and having an LDAP server easy.

I would like to see if I can integrate poste with several other componnets such as a wiki, web-based irc client, etc.

Note: This is for Home user only :)

cheers James

Comments (12)

  1. SH repo owner

    Yes there is plan to make really easy to change mailserver plumbing but there are couple changes that needs to be done first. For ex. removing RoundCube from base and create "extending" container with it. It would be rather easy to add Mailpile then.

    LDAP is another problem - i like the idea but it will not be added anywhere soon. Integrating LDAP will have serious consequences to internals and for the sake of simplicity its low priority for now

  3. Chamunks

    RainLoop seems like a good alternative as well as it contains GPG which is super convenient if you're running this with the intent of knowing that your mail is controlled 100% by yourself and isn't going to me subpoena'd without your knowledge.

    I would really like to be able to see more transparency to this container its not like hiding the docker file increases the security of the enclosed app. Since I can openly just use docker copy/cp to take any and all files out of the container or do a diff against potentially similar source containers it makes it reasonably easy to figure out. Obfuscating it just makes me be less able to trust it and boy do I ever wish for some method to install a local Email server easily.

  4. Trevor Ferre

    +1 for chamunks arkturus

    I have to agree its rather annoying that your hiding the dockerfile... i understand you have the pro version which you are trying to sell... but doesnt mean you can't expose the base... you might actually get people contributing to the base then you can throw the pro features on top of that and keep that private... just an idea

  6. Chamunks

    I would still gladly pay for this if I could see the whole process the appeal to me for running my own mail server is controlling who gets to access my email and when. I want to support the developers.

  8. SH repo owner

    @tjferre there is no reason to hide Dockerfile, but its obscurely long and sometimes build just fail because there is lot of "external moving parts". Also fresh image build is not only "docker build" command.

    @Chamunks this is not obfuscating, email server today is not uncomplicated software and our build process is the same.

  9. Chamunks

    Thank you for your reply! We could and would likely gladly contribute too. I personally enjoy working with docker.

  10. Trevor Ferre

    @analogic Thanks for the reply. Like @Chamunks I would like to help out here as well. I think this is a great project with alot of potential.

  12. Nicholas Maietta

    Because the system is build in Docker, you can see all the intermediary containers used when downloading the image. From this you can pull each image used, build and extract the files from each layer and committing them to a fresh git repo. Do this for every layer until the final version is done. Now you can go to any part of the system using git commands or other tools to see what files changed between those layers. Take a peak of what software is used under the hood and their file locations and you can further isolate what changes are required to get the exact same system up and running. While there may be a few bugs to work out, you will now have a path to build a truly open source alternative where you build from sources yourself. I may actually do this myself because most all of the software used is truly open source but the author of the compiled version isn’t releasing much info about how they built it (and they don’t have to). They do list all the software that goes into their build but they also have to make a little money here and there from offering this up as an email solution. I just wish companies were a little more transparent. How do we know this isn’t spyware or vulnerable to certain types of attack vectors? We don’t, until we start analyzing the contents of containers and the traffic generated from it. Using image layer analysis and git, we can quickly find how this is built, even if we don’t have the original commands used to build it. (I know this comes off as possibly rude, but i come from a web application security background and a huge proponent of open source. If i use people’s open source projects, i find ways to contribute back to them instead of enjoying their work for free. My company is likely going to pay for the license for this system as it “just works”. I just wanted to shed a little light on the fact that this isn’t truly closed, it’s just that sources used to compile are not open as that probably took quite a bit of work and you got to make money for your time).

  13. Log in to comment
Assignee
Type
task
Priority
minor
Status
closed
Votes
2
Watchers
6
Jira: the preferred issue tracker for Bitbucket. Join the team!