this post was submitted on 09 Jun 2024
15 points (89.5% liked)

Selfhosted

40645 readers
346 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
15
submitted 6 months ago* (last edited 6 months ago) by Zak to c/selfhosted
 

I've been self-hosting email with Maddy for a bit, but haven't shared any of the addresses widely yet in part because I haven't set up a spam filter. I'm pleased with Maddy; there's much less to learn to get a server up and running with sane default behavior than with the email software of old.

Ideally, I'd like to go beyond just spam filtering and have something with arbitrary categories like newsletters and password resets. I would prefer that it learn categories when I move messages to IMAP folders from a mail client. Maddy can feed messages into arbitrary programs and pick a destination folder based on their output.

Web searches turn up a ton of classification programs, most of which seem to be more interested in playing accuracy golf with well-known corpora than expanding functionality beyond simple spam filtering.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 6 months ago (1 children)

Yes but in this case it's something that parses stuff received from internet, not a calculator or a sudoku app. There's a tiny chance that a specially crafted email could be exploited. It's very unlikely that it would be explicitly targeted as it's a niche app that now gets less than a download a day, but still IMHO it's dangerous.

On the fdroid community I once recommended to everyone a 100% offline app that generated generic images for contacts without pictures and because it was abandoned in 2018 I was downvoted by many who would say "what if an attacker with some top tier social engineering skill persuaded you to use a specially crafted exploited image as a contact picture on your phone, then when you used this app to parse existing picture, the 6 years old image library would be exploited and your phone hacked??" - something that has the same probability of "what if the same day you found on the ground a winning lottery ticket a meteorite hits the ground, bounces back all the stairs and hits you while waiting the subway pushing you on an incoming train?"

[–] Zak 2 points 6 months ago

That's a valid point, though it looks like Popfile's installation instructions call for manually installing libraries, presumably current ones. I think it processes only text, not PDFs or images, which are traditional sources of vulnerabilities. I'm fairly certain it doesn't attempt to execute Javascript. It is, itself written in Perl, which is memory-safe.

It's worth considering security because there's so much malware out there trying to spread indiscriminately, but Popfile is less vulnerable than an Android app (which bundles its dependencies) or anything written in C (which is subject to all kinds of memory management bugs).