Welcome to the mailbox.org user forum!
 

open source mailbox.org

7265611 shared this question 5 months ago
Need Answer

Hey, i'm a mailbox user for quite a while now and i saw this question got asked once before but im very interested in understanding it better!


Posteo, Tutanota, ProtonMail all open sourced some of they code. I guess they provide how their server side is encrypted and the web interface aswell. If i understand correctly, please corret me if im wrong.


I trust you guys a lot and i pay several mailbox accounts for some of my family members!


Id really like to know if you plan on open sourcing some of the things i have mentioned above?


id love to know!

Comments (12)

photo
1

Hey, thanks for your trust in us.

Mailbox.org largely relies on Open Exchange Software

While the back-end in considered open source, the front end is under Creative Commons license.

We also use Dovecot, Postfix, Apache, NginX and many more, all considered open source.

Our colleagues also contribute to the community via Github. Please see here: https://github.com/HeinleinSupport

Did this answer your question?

Cheers,

photo
1

Hey, it kind of does, but what you wrote: i knew that before!


The problem is this: your competitors try to gain users trust by open sourcing a lot of their stuff (tutanota, posteo, protonmail)!


Im very much a open source person but im not too much into programming so i dont even understand but i got attacked on reddit because i said you guys were open source and trusted.


I think we all like "dont trust, verify" and i pretty much would welcome if you would lean more towards open sourcing everything possible and also possibly advertise it since its an important part of privacy loving people.


I understand you work with linux and open source a lot and you are experts on that but what essential difference in terms of open source do i get when i buy your service or tutanota.


what is it that they open sourced that you havent? and will you?

photo
2

Protonmail and Tutanota both have open source clients (apps) for browsers, Android, and iOS. The code that runs on their server is still closed and proprietary.


Mailbox.org states that much of what they use on their servers is open source (listed above). The website you can check your mail with and part of the backend has the source code available to review under the Creative Commons Share Alike, Non Commercial. The source code is available but it is not considered Free as you aren't allowed to use it for commercial purposes.


In my opinion, none of these products are completely open source from head to toe. I may be incorrect on some of what I stated so anyone feel free to correct it.

photo
1

i want to stay with mailbox.org but i want to understand better what is actually open sourced with them and what is not.


also id love to know what is considered good practice too open source and what is considered not so smart to open source..


maybe someone from heinlein can elaborate

photo
1

any chance for more information on this?

photo
2

Please bear with us until the end of next week, as we are still busy with the aftermath of the relaunch and the upgrade to Open Xchange 7.10.

Then you'll get a profound reply.

photo
1

looking forward!

photo
1

still waiting for a reply here :(

photo
1

Yes, it's christmas time, many people are ill (so was I) and everybody is in a hurry to finish all open projects before christmas holidays. Sorry, I'll come back to this thread in some days, as soon as possible.

But this is just "general interest" and is not Prio-1 and has not fixed deadlines somewhere.

photo
1

thanks for the reply! i understand, but im really curious.


looking forward to your reply

photo
photo
1

Sorry for my very late reply, but maybe this answer will be a bit longer and need some more time to explain. And, sorry, I'm not a native English speaker.


First of off: "Open Source" of Code is just a part of "being Open". For me, also "Open Knowledge" is much more important, because knowledge is the basis of everything, even "open source code". It's not just that snippet of monitoring code -- it's the knowledge about the behavior of systems and WHY and HOW to monitor and analyse them (which end's up in some lines of code).


I'm in mailserver business since ~1992 and i did trained thousand of people/postmaster, gave hundreds of talks, made hundreds of blogpost explaining everything and wrote six or seven books about linux system administration in general and three books about e-mail servers and e-mail security, inlcuding all the knowledge, tipps&tricks, code snippets and experience about e-mail systems. And, last but not least, we're running our own linux academy in Berlin and we're organizing linux and postmaster conferences for ~ 15 years. So: Everybody can have it.


All of my knowledge and experience is "open" and we never, never made a secret out of if. If somebody wants to know something about mail, spam and mail-security -- I'll explain it and help him. Even if he's my competitor (and, yes, I'm working for hundreds of other ISPs you'll mostly know).


So: Sharing everything, knowledge, experiences and also code, is our DNA, it's our mission and what makes us (me) happy. We're not only having a github account, giving away some pieces of code and to some marketing with it. We're totally transparent and if you need help on your systems, we do provide hands-on, including sharing existing codes, snippets, monitoring scripts and all that stuff. And we did that also for some of our closest competitiors. Our vision is to provide secure communication for everybody -- and not only to run our own company and earn some money.


Also with mailbox.org we spent a lot of work in improving code. Personally, I'm an experienced system administrator, but not a developer. So personally I can't provide "real code" and my company is a admin company, not a developer company. Sometimes we're writing the code, but mostly we're organizing that a good developer's doing it or we're sponsoring the original developer to do it. But: Most of it we're doing silently and we just push it upstream (so it automatically becomes available for everybody) instead of doing a github fork (with our name on it).


For example: Push Notifications with iOS devices in Dovecot never really worked well and we spent a lot of time doing it and it's totally available for everybody to use it. We did a lot of improvements in Open Xchange, many, many feature requests and improvements in Dovecot IMAP, Postfix and so on. We organized/paid/triggered the code for PGP support on Android and in K9Mail and much more.


For many of those features and patches would have been good reasons to keep them secret and closed to have some key features just for our own business -- but we prefer sharing it with everybody and organize, that this features become part of the main releases. To be honest: We once did it in one case and kept a patch for ~2 years before giving it upstream. But this was a special situation.


So, If I may be honest: I think we go much, much further then everybody else here.


But: Sorry, you will not see very much of that and I can not simply provide a link to show what we're doing. We do have a small github account, mostly for playing around and doing some small stuff. But that's not really the big picture.

photo
1

Wow this sounds awesome! Didn't knew that you helped the open source community. There keeps getting more and more benefits of mailbox.org.


I will suggest you to takea look at OpenContacts. It is a open source contacts app for android which hides your contacts for other apps to get privacy and security.

The developer is testingsupport for mailbox.org. You could help the developer or add the app to mailbox.org's suggested app list when it is implemented.


Link to the gitlab issue:

https://gitlab.com/sultanahamer/OpenContacts/issues/28


The main issues at the moment are to keep the password and email secure and to enable push syncing.

photo