About 8 years ago, I was singularly managing my company's email. When I was hired, they had been using an awful php based mail system. My first major upgrade was to start using Roundcube. This was a very, very early version and one of the first open source mail projects to offer 'ajax' functionality.
When Gmail for business became available, we migrated to that, but for a while Roundcube was the best web interface for email there was to be found.
Sadly I haven't kept up with the project over the years, but my early memories still serve me well and I hope that the project has gotten much better over the years.
> ...and I hope that the project has gotten much better over the years.
It has! They have made some significant improvements. There recently was a huge effort to separate the RC core code -- all of the stuff that talks to imap -- from the rest of the interface, so now people can easily build RC clones.
Also, relatively recently, they reworked their skinning system and got a new design professionally made ("Larry", now the default). You can get Roundcube skins for people who like Outlook, or want better mobile support, etc.
And if you've got managesieve installed, you can make your email do tricks that Gmail can't.
AFAIK (correct me if I'm missing something!), Gmail allows you to filter messages on From, To, Subject, "Has the words", "Doesn't have", "Has attachment", and Size. Roundcube, via managesieve, can filter on anything in an email message -- any header, any other attribute of an email message you can think of should be doable.
Gmail also gives you a useful but limited set of actions for matching messages: archival, applying labels, starring, marking as read, forwarding, deleting. managesieve gives you a lot more options, and possibly one of the nicer ones is the ability to auto-reply to specific messages with a specific other message. My managesieve prefs currently has, "Move message to", "Copy message to", "Redirect message to", "Send message copy to", "Discard with message", "Reply with messsage", "Delete", "Set flags", "Add flags", "Remove flags", "Send notification", etc.
Filters was for me the killer feature that moved me from Gmail to Roundcube years ago.
A basic filtering mechanism should be provided in addition to managesieve. The most common use would be to filter spam. It seems like roundcube is too sieve-oriented.
You're right. Most users aren't interested in advanced filtering. I've gotten around this by installing a default Junk filter for everyone, which seems to be a good enough solution.
But a simpler, easier-to-use filter system would be nice.
I love Roundcube, use it everyday. The only thing I wish it had was some type of mobile interface. Didn't see anything in the plugins. There are really no good web mail solutions with a mobile interface. I'd prefer to leave this account off my phone if at all possible.
Good news. I've been using it since fairly early on, and it's a very impressive bit of work, especially considering the pressure to give up hosting mail.
Congrats to them. I remember the days of running IlohaMail on a VPS for my family's mail and was very impressed when Roundcube came out.
I eventually decided that hosting my own email wasn't for me, but would certainly encourage any company or organization with a bit of sysadmin resources to take a close look.
My ISP recently switched to roundcube for their webmail. Looks pretty slick, though I'm not really convinced it's as good as it should be. It's slow to fetch my email, and searching for specific emails doesn't work very well.
Yeah, there can be a couple causes for this. Sometimes it's the skin being used. Some Roundcube skins are quite a bit faster than the default; you might check with your ISP to see if they support additional Roundcube skins. (They are very easy to install, and users can select an RC skin from their settings panel.)
> ...and searching for specific emails doesn't work very well.
There should be a tiny dropdown arrow next to the magnifying glass icon in the search box. (This is not great UI.) Click that, and you should get a menu like the following:
Subject, From, To, Cc, Bcc, Body, Entire Message.
Make sure Entire Message is selected. It's not by default. RC will remember your setting for each folder. This will make your searches slow on folders with lots of messages, but it improves the search results quite a lot.
If I could find a way to filter spam as well as gmail does I would love to back to self-hosting my email. I just can't imagine a time when we'll get anything close to what gmail can do without their huge resources.
Yeah, Gmail has probably the best spam filtering of any mail service in the world.
But! You can do pretty well at it, too, if you feel like putting in the effort. I host email for some clients, and most of my sysadmin time these days is spent dealing with spam in some fashion or another.
1. Greylisting. Greylisting is fantastic, and the package you're looking for here is sqlgrey. It's easy to use and admin and it has sensible defaults. You can pretty much just drop it in and immediately get an 80% reduction in spam.
2. Use the right MTA stack: currently I think that's Postfix and Dovecot. Postfix and Dovecot go together like ice cream and apple pie. Postfix is far easier to admin and configure than Sendmail, and Dovecot has good support for managesieve, which'll be important in a moment.
3. Install SpamAssassin and AMaViS. Getting it working correctly with Postfix in a multi-domain environment, so that each user can have their own SA settings, is a little bit tricky, but totally worth it. AMaViS by default wants to manage SA's settings. Don't let it.
4. Install the managesieve, password, and sauserprefs plugins. Now you can change your email password, your filters, and your SpamAssassin preferences right from the webmail interface.
5. Configure SpamAssassin to label messages "[SPAM]" (it also sets the X-Spam-Flag header) on junk messages, and then set up a default filter in managesieve to redirect those things to Junk folder. Bam, no missing emails, no cluttered inbox. Use imap on your favorite devices.
6. A couple of extras, like Fail2Ban, will help too. You can modify Fail2Ban to watch your mail.log for frequent attempts at nonexistent user accounts and then iptables those spammers.
As with most things, you can spend as much additional time as you'd like fine tuning this, writing some custom software, and so on. But, the above will get you about 98% of the way to Gmail's level of spam filtering in about a day's worth of work.
I have always self-hosted my mail. When spam started to become an issue I began looking around for a solution. I happened upon the newly minted spamassassin project, made it work to my liking, sent in a few patches and never looked back. Now, many years later, I still run SA in combination with Exim and Dovecot, filing unrecognised spam into a 'SPAM-it' folder from where it is picked up every night to train the bayes filter. Everything which is 'definitely' spam is refused at the gate, everything which is most certainly spam is filed in a spam folder which is out of sight and mostly out of mind, everything which is probably spam is automatically dumped in the aforementioned 'SPAM-it' folder (with autolearning disabled to avoid erroneous positive feedback). There is a 'HAM-it' folder to tell the filter about mail I care about as well as a 'FORGET-it' folder to untrain the filter on given messages. I use sieve to file messages in their designated folders.
No other filtering is applied, no greylisting, no country blocks (I need to be able to communicate with people all over the world), no fail2ban, no nothin'. By keeping the filtering concentrated in one spot I avoid the trap of turning the mail system into a Rube Goldberg machine loaded with unintended consequences.
On average, one or two spammy messages make it through the portcullis per day. I simply dump them in the 'SPAM-it' folder and forget about them. False positives are exceedingly rare, fortunately. On the whole I consider my mail setup to be functional and above all manageable.
Everything needed to implement this is available in Debian. There is a handy Sieve editor available as a plugin to the Roundcube web mail client for those who like to click pretty boxes instead of writing filter scripts.
* don't accept mail for non-existing recipient adresses
* don't accept mail where the sender domain is one of my domains, except when whitelisted manually
* don't accept mail from hosts on the NiXSpam list[1] (unlike some others, NixSpam has pretty reasonable policies with automatic delisting after 12 hours)
These three rules together work pretty well, I get only a handful false negatives every day, and virtually no false positives, even though I publish my real mail address on many places in the web, and even used it in usenet, back in the days.
Please do not use NiXSpam or encourage others to use it.
If I remember correctly they are pretty trigger happy with honeypot email addresses that are pretty easy to find on the internet.
All your competition needs to do is register to your service using the honeypot email addresses and your legitimate email server/domain will be blacklisted on hosts that check NIXSpam.
Between Squirrelmail, Horde, and Roundcube, I always liked Roundcube the most. It was more polished than the others, at least, and was far easier to support end-users with. Glad to see the project is still alive :D
Gandi does, and you do not need to buy webspace from them. Just registering a domain there will get you 5 free mailboxes and 1000 forwarding addresses.
Depends on needs, as there are some pretty sane people who don't want to be IT support for all their friends hosting small projects, and don't want to have to install and manage alternative control panels for them. Bugs, issues, quirks and all, cPanel and hosts that offer it may be fine for folks with limited needs or relatively clean/secure apps.
But sure, for the most savvy of devs and ops people, cPanel hosts may not be the right setup.
shrug I've never had any particular issues with it, but admittedly it's all I've ever used since it's what most shared hosting providers have. And before anyone suggests it, I don't have the money/desire/need to move off of shared hosting for anything I do.
I don't get the hate. I use gmail and roundcube (on a cPanel host) on a daily basis. cPanel hosting is really easy to use and maintain. With a good hosting company, what's the issue?
cPanel has the security reputation of pre-3.0 Wordpress. It's a real-world, actual problem; in a shared hosting environment, cPanel adds a lot of risk for your customers.
cPanel is popular, and it solves a lot of problems for a lot of people. Because it's so common, people who don't otherwise know their way around web hosting can feel right at home when using cPanel. I don't have some kind of irrational, hipster-esque or elitist hatred for it; I simply think that I can't in good conscience install it and knowingly put my hosting customers at risk.
There's nothing to get, the hate is completely irrational. Those who belittle shared hosting, or the idea of cPanel have their head so far up their own tech-infused ass that they don't understand most people, hell even most techies don't want to manage their own web or email server.
It's a user interface instead of a semantic interface—you're stuck with clicking around to maintain your site and your hands are tied with your ability to actually change something about it.
Examples of a semantic interface, or changes that a "normal" person would make to their hosting that cPanel doesn't allow would be good to illustrate your point.
I cannot stress enough how difficult it is to build out a complete, working, featureful, not-buggy webmail client. There are tons of edge cases.
Roundcube has been around significantly longer than Mailpile. For a lot of people, stability is more attractive than great hair.
I'm not pooping on your preference for Mailpile though, which has a much sexier interface than RC's default skin, and I hope the Mailpile guys do well and are around for 10 years. But, saying, "ew, LAMP" is pretty shallow.
I don't have any personal anecdotes, sorry. The couple of very minor things I've worked on haven't been email-specific.
edit: Actually, there was one that bit me a couple of years ago. SpamAssassin by default will convert an original message into an attachment and append the attachment to the spam report if it determines the message is junk. This is reasonable, but you want a convenient way to undo this for your users.
SpamAssassin is supposed to mark these attachments with a specific MIME type:
But on some configurations, for reasons I no longer recall, it doesn't. The attachment gets marked as text/plain instead.
So if you're writing code to unpack a SpamAssassin report, you can't rely on the MIME type being there. You have to fall back to doing some guesswork instead -- and if the original message also contained attachments, it can get kinda hairy.
Both GMail and FastMail have had this vulnerability in the past. GMail had it when script was hidden inside SVGs. FastMail had it when script was embedded in attachment filenames. I'm sure lots of other webmail systems had/have these issues too.
Hm, if you would be running a saas business and after 8 years you only have come so far, you'd be dead. roundcube was great back in the days but there are quite a few alternatives now.
The biggest feature at launch was the idea of "unlimited" storage (I think at the time it was 1GB) This was a huge departure from the existing Yahoo!/Hotmail models which had much more restrictive limits on storage.
That and the idea of one inbox and no folders. The concept of letting your mail flow into one box and not "filing" it was also a big change from the existing mindset.
About 8 years ago, I was singularly managing my company's email. When I was hired, they had been using an awful php based mail system. My first major upgrade was to start using Roundcube. This was a very, very early version and one of the first open source mail projects to offer 'ajax' functionality.
When Gmail for business became available, we migrated to that, but for a while Roundcube was the best web interface for email there was to be found.
Sadly I haven't kept up with the project over the years, but my early memories still serve me well and I hope that the project has gotten much better over the years.