|
|
|
|
|
|
by mjl-
469 days ago
|
|
|
From a security perspective, it is better to have separate & isolated processes (but written in modern languages that provide safety). Mox is currently a single process handling all connections, including deliveries over smtp, imap connections, and webmail and other http requests, which isn't great. User connections should probably be in a separate process. I'm not too afraid of the mox process being taken over (by a bug being abused, I don't think that's easy/common in software written in Go), but of course it will be a good line of defense against that. Resource limit enforcement of separate processes would perhaps be even nicer to get. I haven't gotten around to really designing privilege separation, but I'm forseeing some complications around handling http requests (of the webmail, pass each request on to the user process? Have to figure out how to do that with the http library), and message database access (the database files can only be open by a single process, need to do quite some back and forth to the user process in various places). For performance, I imagine it only helps to have an integrated server. Performance isn't really top of mind, I don't think mail servers are commonly highly loaded, at least not for the smallish scale servers. Btw, mox does not require a lot of resource (eg RAM) to run. |
|
|
Btw, I don't think it's better to have separate _components_ as in separate software packages. Integrating this functionality into one software package prevents all kinds of complexity that would otherwise arise in the integration points. Integrated software also allows for new/user-friendlier functionality.