Usman Malik wrote: >2. Let there be three components for a (modern) email server: >- Ideally it should also have Elasticsearch/solr, so all searches can be >handed over to search engine (at nginx level). This would be a must have >for web based emails.
The trouble with search solutions is that you need to restrict which results are returned. Standard search engine addons don't easily support that, they usually assume that anything that has been indexed can be returned as hits. >3c. Aox to store email's attachments in /var/www/aox_storage and store the >path in its database. It can also store md5/other calculations as needed >for duplicate logic. The file it self is not associated to an email >address, rather it gets stored in a file table, whose primary key is stored >(as ref) to the email address. Hence the same file can be shared b/w many >users (I think aox already does that). That method is fine, and possibly ok, it does open a possible can of worms where someone forces a hash-collision with another document though. Collisions don't matter much in most cases, but we're talking about email and legal documents here, it might not be robust enough. >*Serving attachments via nginx* >So email attachments ared stored and served via nginx but we also want it >to be secure. Attachments must not be opened by any one else (unless it is >a shared/duplicate attachment). This can also be done in many ways: The extra precautions are superfluous. If someone can guess the hash, then you already have a problem at a different level. It will not improve matters if you add a secondary hash that is only valid for a limited amount of time. >aox_storage doesn't have to be a physical hard drive, it can be an external >mount. Or there could be hooks for storing it on s3/other s3 like services. >However if using s3, the link of s3 should never be shared/shown to the >user. Why not? Having the link is equivalent to having the content, so if you hand over the content to the enduser, you might as well hand over the link instead. There is nothing they can do more with the link, which cannot already be done with the content itself. -- Stephen.
