Mail-in-a-Box Mailing List


#1

I think it would be cool if we could have a Mail-in-a-Box mailing list, where we could email people announcements related to Mail-in-a-Box. For example, when there’s an update, or vulnerabilities are revealed about packages to warn users to update their system.

I had recently posted that there was a Dovecot security vulnerability, but I think it would be cool if people were notified. I imagine there are a huge chunk of people who don’t use the forums.

Maybe implement a system that pulls JSON-encoded messages from Github and displays them on the control panel to improve privacy? If not JSON-encoded messages, maybe MAILDIR-format messages?


Digitally Signing Mail with Thunderbird
#2

Doesn’t the " Status Checks Change Notice" email inform you if packages need updating and how your system is handling cert renewals etc?


#3

Agree 100%. I’m already following the forum here, I don’t need a repeat of the information here in my mailbox.


#4

A mailing list is more than just that though. Other than packages needing updates, sometimes a developer might want to send a notice out like “Hey there are special instructions for this next update” or something like that. I get that maybe you already follow the forum here, but there are admins out there that might not be and hence cannot see the information provided here. If anything, maybe a link to the forum from the admin UI to allow admins to quickly find the forum, if they need help.


#5

Also, the info could be a temporary pop-up or notification (that does not accumulate, the notification would be a one-blurp, not a “history”) for the latest notification in the admin panel, so you aren’t bogged down with potential bullcrap.

There can also be opt-in/opt-out features for it. If you don’t like the emails, you can just shut it off.

@paradoxbound, @blinkingline. Yes, and that is exactly what I am getting at. If you download Mail-in-a-Box and it magically works, you don’t need to talk to us on the forums.

Now thinking about it, it would probably be best if announcements were uploaded to a Git repository, then periodic web requests made to the git repository, any new announcements would be pulled. Then the script running on the local box would take the email on the Git repository and locally send it to the admin as an email. Then there would be an opt-out link at the bottom of all the emails, which would lead to the user’s own webserver which would simply tell the script “hey, stop taking announcements and emailing them to me”.
We should also include a “privacy notice”, explaining to them that the emails are coming from their own mail server, and that we don’t know what their email address is. If I wanted privacy, but felt like I was auto-subscribed to something, I would be very upset. So to conform to the mental ergonomics (i.e. market this), we explain that their email address is not exposed to mail-in-a-box.

We should also set a policy that an email can only be sent only once every 24 hours, that the user’s script would enforce, so if the system gets hacked, there would only be one spam email sent out, provided someone reports the spam within 24 hours. To encourage people to report spam, we could include a link or email address to report spam.

To reduce server load, we could also have the script check at random intervals. If we have everyone check the server at midnight UTC, the server would be (could get) overloaded. We could have it check randomly, between 15 minutes and 30 minutes.

We can also digitally sign all the emails. But then that brings into question–which certificate authority? We gonna try paying for a “valid” CA, or are we going to try to manage our own?


Development Questions