Closed sknight80 closed 3 years ago
AndrewSav
commented
4 years ago Sounds like a lot of work ;) Whatever you do it must be adequately secured, will probably require different set of credentials from the zillion of credentials we already have with our setup.
Don't get me wrong, I do not mind if someone implements it, but for me personally ssh-ing to the mailsserver is not a great strain.
sknight80
commented
4 years ago Nothing special just a little nodejs application that directly parsing the postfix log and can generate stats or searching in the log.
Long term it could be our main control for our system...
This is just an idea that it came to my mind 😂🙂
pollux
commented
3 years ago The idea in general isn't too bad but i have something against nodejs. You depend on too much dependencies, and every dependency could have a security vulnerability. We already have a php server running for postfixadmin, why don't we use it for this too?
sknight80
commented
3 years ago Sure! We could use PHP. It was just an idea. :)
AndrewSav
commented
3 years ago @pollux what php server? I will chose nodejs over php any day ;)
There has been incidents with nodejs, this is true, but in response the vulnerability scanner was added to most build processes that warns you about any problem. nodejs is more modern with php and was built with performance in mind, in fact many other frameworks (e.g. asp.net) copied nodejs model as an afterthought. In my view nodejs is a better and more supportable choice.
AndrewSav
commented
3 years ago Having said that, I think for our project the choice of underlying technology will most like be what makes most sense (read what they are most comfortable using) to the actual implementer. I feel it's more beneficial to get something done, then to try and dictate some arbitrary restrictions. So @pollux if you would like to implement it in php, go for it ;) just check with @sknight80 that they have not already started on that, so that we do not the same work twice.
pollux
commented
3 years ago There has been incidents with nodejs, this is true
What i find mostly annoying when working with nodejs is the number of packages you have to install - even just for a simple, small project. Every single on of it could have a security vulnerability. Well known, bigger projects all depend on multiple other packages which also could have a security vulnerability. And it happens quite often compared to - for example - PHP.
And sometimes it takes time until the vulnerability is closed and any projects which depends on it gets updated, up the chain.
Don't get me wrong, i don't want to argue too much about the technology to choose .. but the possibility to break something or have to excessively test the application due to a fix for such a vulnerability is exceedingly high with nodejs.
but in response the vulnerability scanner was added to most build processes that warns you about any problem
That's right, but you cannot prevent a vulnerability nor the detection of one after your build was successful.
The "best" solution probably would be to use a native program, but then we have to talk about the effort we want to put in. With NodeJS and PHP you are quite fast in development, but both have downsides.
So @pollux if you would like to implement it in php, go for it
I just googled for existing solutions to this topic yesterday. There are solutions out there which could be used or adapted to be used in mailserver2.
what php server?
I thought there is one running for postfixadmin ?! If so, using PHP will probably save us some resources of the host the mailserver is running on, because we don't have to run another program in our docker containers. This is something we should keep in mind as we extend the mailserver with new features (as i find it very convenient that i don't need much resources to run this whole mailserver docker setup).
AndrewSav
commented
3 years ago @pollux postfixadmin is a separate container first, and it probably was not designed to run other apps alongside of it second, so I do not think it's practical.
Interested to hear re: existing solutions, it's always to reuse something existing than to spend effort building it from scratch.
SaraSmiseth
commented
3 years ago @pollux postfixadmin is a separate container first, and it probably was not designed to run other apps alongside of it second, so I do not think it's practical.
Yes postfixadmin should stay separate. I don't like the idea of mixing it with something unrelated if we don't have to.
sknight80
commented
3 years ago The log viewer would live in a separate container, so if someone wants to use it, start the container. For me, we can either use PHP or NodeJS. I prefer node recently more because I am working more with this recently, and I saw lots of helper methods worldwide. So we could put something very minimal together relatively fast.
AndrewSav
commented
3 years ago @sknight80 Do you think this is something you are going to work on in the foreseeable future? If not, we could probably close this for now, and re-open if we need to track this when the time comes.
AndrewSav
commented
3 years ago Closing for now, as it does not look like anyone has time to contribute here.
Classification
Please delete options that are not relevant.
Reproducibility
Please delete options that are not relevant.
Docker information
N/A
Description
I was thinking if we want to update our setup with some kind of front-end solution for parsing postfix, docker, dovecot, etc logs. So users don't need to log into the server and collect information. What do you think about this team?