Hi, The web interface is klunky, but the code problems relate more to DoS problems with very large quarantine sizes since it reads the entire mailbox into memory. It used to be a real problem back when machines had a few megabytes of memory, not so much when it is in the gigabytes. :) This is so little of a problem now that we never implemented monitoring quarantine sizes to automatically disable the quarantine if it got "too big". We are working on our update to the latest release, and I will be checking out the newer version of the gui. It definitely works, but folder training is much more multi-device friendly. So I would start with that and use the web gui as a fall-back.
Regards, Ken On Thu, Jul 10, 2014 at 01:48:39PM +0200, Reindl Harald wrote: > > > Am 10.07.2014 13:33, schrieb Tom Hendrikx: > > Hi Harald, > > > > The only thing that is in the screenshots is the web gui, which is > > ancient in the way it looks, the usability, and in the way it > > communicates to the backend > > well, it looks like older Barracuda Firewall UI's > that's what the users know > > > It could also have security issues but I never looked into them. > > *that* is the problem - a over years unmaintained webui is > insecure or written by god without mistakes which is unlikely :-) > > > I always used the dovecot-antispam plugin and imap folders for > > quarantine management and retraining, and I never seriously considered > > the webgui, for all of the reasons above. > > well, that's not an option if someone is using > > a) DBMail > b) most users are POP3 for good reasons which are off-topic > > however, i will buildup with blacklists/postscreen, spamassassin, clamav > and ptr-filters without any wbeinterface or user-training > > > On 09-07-14 16:27, Reindl Harald wrote: > >> thank you for that important information! > > > >> i am considering dspam the last several months based on the > >> screenshots to replace a Barracuda appliance over the long and > >> looking at releases i got the impression you describe below which > >> is in case of a public webinterface for users critical for > >> security > > > >> Am 09.07.2014 16:04, schrieb Tom Hendrikx: > >>> Hello DSPAM community, > >>> > >>> After a few years of being active in the DSPAM community, I've > >>> decided to leave the project. Unlike others who silently stopped > >>> responding to mails and other inquiries, I'm documenting my > >>> reasons in the hopes that it might be of help/interest to > >>> others. > >>> > >>> When I actively joined the DSPAM project, it was in need of some > >>> new blood that helped out on development and other tasks, after > >>> most of the original participants of the community takeover from > >>> Sensory Networks somehow silently abandoned the project for > >>> reasons unknown (to me). > >>> > >>> After being active for a few years, I think I've seen most of > >>> the problems in the DSPAM project, and tried to address a few > >>> without result. The main issues I learned are listed below. > >>> > >>> 1. No active development ------------------------ There is no one > >>> working on the DSPAM code. There are numerous bug reports and > >>> feature requests that could be addressed, and some parts in DSPAM > >>> have been ripe for refactoring or rewriting for a long time, but > >>> nobody is putting any effort into it. There is currently only > >>> one developer 'active' within the project, but you rarely see > >>> activity from this person. The most code changes in the last 2(?) > >>> years are from patches contributed through debian bugreports > >>> (thank you, debian maintainer). The fact that no one within the > >>> project is actively working on the code, creates a sort of > >>> chicken-or-egg problem: without existing activity, no major > >>> outside contributions can be expected, since no one is interested > >>> in becoming the new sole responsible developer in the project. > >>> > >>> 2. No value seen in making DSPAM more transparent > >>> ------------------------------------------------- On several > >>> occasions I've raised my voice on making DSPAM more usable to new > >>> users, for instance by making error messages more informative, or > >>> adding logging of normal operation (i.e. non-errors) so people > >>> get a better hang of the product. Changes like this don't > >>> 'improve' DSPAM filtering, but the they do make the software > >>> easier to use, and its operation more transparent to new and > >>> experienced users. Finding issues in software is easier when you > >>> actually understand what it's trying to do, which in turn could > >>> result in more active users, more useful bug reports, possible > >>> more contributed patches and in the end maybe even more > >>> developers. Right now DSPAM acts like a sort of black box for > >>> anyone not familiar with the source code, and that discourages > >>> investigation of odd behavior, which could be any of: > >>> configuration errors, bugs or missing (but expected) features. > >>> > >>> 3. No drive on changing the status quo > >>> -------------------------------------- The situation that DSPAM > >>> is in right now, a sort of dormant or zombie (not dead but far > >>> from alive) status, is not good. It doesn't attract new users, it > >>> doesn't attract new developers, actually it only only supports > >>> existing, experienced users. Nobody in the community, both in the > >>> project maintainers as in the users community, seems to be > >>> interested in changing that. Based on my observations, that seems > >>> that people seem to think that DSPAM is either feature-complete > >>> and bug-free, or they just lack the > >>> motivation/energy/time/whatever to contribute anything. > >>> > >>> Because I care about DSPAM, in the years I've active within the > >>> project all of these issues have bothered me multiple times. > >>> I've tried to address stuff that I could address, or tried to > >>> raise awareness for other things. I didn't get much done though. > >>> - From this I can only conclude that DSPAM is a sort of dead > >>> project. Just like I wouldn't like to get myself (or my company, > >>> for instance) depending on a piece of software in this state, I > >>> think that nobody should get the impression that DSPAM is > >>> supported by an active community, when that support actually > >>> never goes beyond answering easy questions on the users mailing > >>> list. > >>> > >>> Therefore I'm resigning as DSPAM release manager, and will > >>> remove myself as project admin from the sourceforge project. I > >>> hope others will take up responsibility for the work I leave > >>> behind (and unattended tasks listed above, or any tasks I didn't > >>> point out), so maybe DPAM will become an active project in the > >>> future. > >>> > >>> Kind regards, Tom Hendrikx > >>> > >>> > >>> PS: I tried to address some of the issues listed above (logging > >>> of regular operation, transparent code (including documentation), > >>> easier ways of contribution) outside of the DSPAM code base > >>> itself, which finally resulted in dspam-milter[1]. I'll continue > >>> to develop and support that software, probably until I'll stop > >>> using DSPAM myself. If I would ever abandon the project, proper > >>> notice (just like this one) will be given. > >>> > >>> [1] https://github.com/whyscream/dspam-milter > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > _______________________________________________ > Dspam-user mailing list > Dspam-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspam-user ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
