snappymail/README.md
S-A-L13 876ed221c3
Update Fork (#2)
* Cleanup OpenPgpImportPopupView code

* update polish translation

* small fix

* Added Import S/MIME certificate popup
And much better handling of the sign and encrypt options

* bugfix: store in Passphrases

* Resolve #1448

* pre-verify S/MIME opaque signed messages so we have a body to view

* Fix timestampToString() for future dates

* Move php8.php to /app/libraries/polyfill/

* Improved Settings handling to prevent bugs in outer code

* Changed AbstractProvider::IsActive() to be abstract

* Example for #1449

* bugfix: previous IsActive() commit

* OpenSSL required due to S/MIME

* Use get_debug_type() instead of gettype()

* update polish translation

* Make all Enumerations classes abstract

* Added search functionality in Admin -> Config
And removed the unused ['capa']['quota']

* Cleanup Quota handling

* OPEN_PGP should be OPENPGP as it is one word

* Improve Capa handling

* Resolve #1451

* Bugfix TypeError: b64Encode(...).match(...) is null

* Small StorageType change

* Bugfix: mailvelope editor failed

* Bugfix: undefined getMailvelopePrivateKeyFor()

* Bugfix: MIME parser RegExp didn't escape `boundary` which caused issues

* Return detailed info on PgpImportKey

* Show GnuPG verify error

* Sort PGP keys by email and id

* Sort S/MIME certificates on emailAddress else validTo

* S/MIME import from signature use `BEGIN PKCS7`

* Optionally use existing private key to generate S/MIME certificate

* Chaned some error_log() to MailSo Logger()

* Force reload of S/MIME certificates list on import

* Make better use of SnappyMail\SensitiveString

* Fix view PGP key button

* Mask all POST data that has a key which contains `pass`

* v2.35.1

* Resolve #1455

* Improved GnuPG error handling

* Update pt/pt-PT translation

* update Polish translation

* Drop support for gnupg pecl extension as it fails with "no passphrase" issues

* Resolve #1456

* Resolve #1458

* v2.35.2

* fix changelog

* Resolve #1461

* Update pt/pt-PT translation

* compact-composer plugin v1.0.0

* Resolve #1462

* Fix decrypt error message

* `new Error()` to `Error()`

* Resolve #1463

* Show url for #1466

* Simplify SignMe/Remember me code

* Simplify language Notifications

* Bugfix: SetPassword expects \SnappyMail\SensitiveString

* https://github.com/the-djmaze/snappymail/issues/1450#issuecomment-1972147950

* improve: fire the 'squire2-toolbar' event after more props are added

* improve: add dark theme support and use 'button' element as menu trigger for consistent styling

* fix: use compact template in non-destructive way (do not replace the PopupsCompose template if a different wysiwyg is used)

* Update admin.json

* Update user.json

* CSS rainloopErrorTip location

* Improved error handling on PGP and S/MIME decrypt

* KnockoutJS remove unused `beforeRemove`

* KnockoutJS drop unused `as`

* KnockoutJS simplify renderMode because only 1 option is used

* KnoutJS cleanup templating.js a bit

* KnockoutJS drop unused `bindingRewriteValidators`

* KnockoutJS drop the twoWayBindings code

* KnockoutJS simplify virtualElements binding check

* KnockoutJS simplify applyBindingsToNodeInternal

* KnockoutJS use Array.isArray

* KnockoutJS drop alias `textinput` for `textInput`

* KnockoutJS scramble `createChildContext`

* KnockoutJS scramble `controlsDescendantBindings`

* KnockoutJS scramble `exportDependencies`

* KnockoutJS drop unused `throttleEvaluation`

* KnockoutJS drop unused `valueAllowUnset`

* KnockoutJS drop unused `templateNodes`

* KnockoutJS drop unused `optionsCaption`

* KnockoutJS drop unused `dontLimitMoves`

* KnockoutJS drop unused `uniqueName`

* KnockoutJS drop IE leftovers

* KnockoutJS drop unused `preprocess`

* KnockoutJS drop unused "disposeWhenNodeIsRemoved" and "disposeWhen"

* KnockoutJS don't scramble exportDependencies. controlsDescendantBindings, createChildContext

* KnockoutJS drop unused `$parentContext` and `$parents`

* KnockoutJS drop unused `$rawData`

* Knockoutjs built latest

* KnockoutJS drop unused template options `nodes`, `if`, `ifnot`

* KnockoutJS use more Array.isArray

* KnockoutJS cleanup code a bit

* KnockoutJS primitiveTypes can just be checked with Object()

* KnockoutJS rebuilt

* Verify S/MIME signed automatically and log Exception

* Automatically verify PGP and S/MIME signed messages

* `new Error` to `Error`

* By default throw AccountNotAllowed as confused in #1478

* GPG use pinentries for decrypt, sign and export

* Better GPG error handling

* GPG show error on view/export

* OpenPGP fix handling of importing keys

* Make "verify signatures automatically" optional, as it requires more IMAP fetching

* S/MIME don't post identity key and certificate, just fetch from server

* Show error to old browsers, instead of crashing

* Automatically verify S/MIME decrypted signed message

---------

Co-authored-by: the-djmaze <>
Co-authored-by: tinola <tinola@poczta.onet.pl>
Co-authored-by: Maarten <3752035+the-djmaze@users.noreply.github.com>
Co-authored-by: lmperfis <joint.striker@gmail.com>
Co-authored-by: Sergey Mosin <sergey@srgdev.com>
Co-authored-by: hguilbert <51283484+hguilbert@users.noreply.github.com>
2024-03-04 17:00:27 +01:00

8.9 KiB


SnappyMail


github-actions docker-image-size

Simple, modern, lightweight & fast web-based email client.

The drastically upgraded & secured fork of RainLoop Webmail Community edition.

We thank the RainLoop Team for making a great PHP 5 product that was good in the past.

Up to date system requirements, snappy performance, simple installation and upgrade, no database required - all these make SnappyMail a good choice.


For more information about the product, check snappymail.eu.

Information about installing the product, check the wiki page.

And don't forget to read the whole Wiki.

License

SnappyMail is released under GNU AFFERO GENERAL PUBLIC LICENSE Version 3 (AGPL). http://www.gnu.org/licenses/agpl-3.0.html

Copyright (c) 2020 - 2024 SnappyMail Copyright (c) 2013 - 2022 RainLoop

Modifications

This fork of RainLoop has the following changes:

  • Privacy/GDPR friendly (no: Social, Gravatar, Facebook, Google, Twitter, DropBox, X-Mailer)
  • Admin uses password_hash/password_verify
  • Auth failed attempts written to syslog
  • Added Fail2ban instructions
  • ES2018
  • PHP 7.4+ required
  • PHP mbstring extension required
  • PHP replaced pclZip with PharData and ZipArchive
  • Dark mode
  • Added option to remove background/font colors from messages for real "dark mode"
  • Removed BackwardCapability (class \RainLoop\Account)
  • Removed ChangePassword (re-implemented as plugin)
  • Removed POP3 support
  • Removed background video support
  • Removed Sentry (Application Monitoring and Error Tracking Software)
  • Removed Spyc yaml
  • Removed OwnCloud
  • Replaced gulp-uglify with gulp-terser
  • CRLF => LF line endings
  • Embed boot.js and boot.css into index.html
  • Removal of old JavaScript code (things are native these days)
  • Added modified Squire HTML editor as replacement for CKEditor
  • Updated Sabre/VObject
  • Split Admin specific JavaScript code from User code
  • Split Sieve specific JavaScript code from User code
  • JSON reviver
  • Better memory garbage collection management
  • Added serviceworker for Notifications
  • Added advanced Sieve scripts editor
  • Slimmed down language files
  • Replaced webpack with rollup
  • No user-agent detection (use device width)
  • Added support to load plugins as .phar
  • Replaced old Sabre library
  • AddressBook Contacts support MySQL/MariaDB utf8mb4
  • Added Fetch Metadata Request Headers checks
  • Reduced excessive DOM size
  • Support Kolab groupware
  • Support many more IMAP RFC's
  • Support Sodium and OpenSSL for encryption
  • Much better PGP support

Supported browsers

This fork uses downsized/simplified versions of scripts and has no support for Internet Explorer nor Edge Legacy. Supported are:

  • Chrome 80+
  • Edge 80+
  • Firefox 78+
  • Opera 67+
  • Safari 13.1+

Removal of old JavaScript

The result is faster and smaller download code (good for mobile networks).

  • Added dev/prototype.js for some additional features
  • Modified Jua.js to be without jQuery
  • Replaced Autolinker with simple https/email detection
  • Replaced momentToNode with proper HTML5 <time>
  • Replaced resize listeners with ResizeObserver
  • Replaced bootstrap.js with native drop-in replacement
  • Replaced dev/Common/ClientStorageDriver/* with Web Storage Objects polyfill
  • Replaced *Ajax with *Fetch classes because we use the Fetch API, not jQuery.ajax
  • Replaced knockoutjs 3.4 with a modified 3.5.1
  • Replaced knockout-sortable with native HTML5 drag&drop
  • Replaced simplestatemanager with CSS @media
  • Replaced inputosaurus with own code
  • Replaced keymaster with own shortcuts handler
  • Replaced OpenPGP.js v2 with OpenPGP.js v5
  • Removed ifvisible.js
  • Removed pikaday
  • Removed underscore
  • Removed polyfills
  • Removed Modernizr
  • Removed nanoscroll
  • Removed lightgallery
  • Removed jQuery
  • Removed jquery-ui
  • Removed jquery-scrollstop
  • Removed jquery-mousewheel
  • Removed matchmedia-polyfill
  • Removed momentjs (use Intl)
  • Removed opentip (use CSS)
  • Removed non-community (aka Prem/Premium/License) code
  • Removed ProgressJS

RainLoop 1.17 vs SnappyMail

js/* RainLoop Snappy
admin.js 2.170.153 82.445
app.js 4.207.787 429.565
boot.js 868.735 4.142
libs.js 658.812 192.786
sieve.js 0 84.707
polyfills.js 334.608 0
serviceworker.js 0 285
TOTAL 8.240.095 793.930
js/min/* RainLoop Snappy RL gzip SM gzip RL brotli SM brotli
admin.min.js 256.831 40.573 73.606 13.585 60.877 12.188
app.min.js 515.367 195.013 139.456 66.135 110.485 56.623
boot.min.js 84.659 2.084 26.998 1.202 23.643 1.003
libs.min.js 584.772 92.746 180.901 34.452 155.182 30.890
sieve.min.js 0 41.164 0 10.365 0 9.359
polyfills.min.js 32.837 0 11.406 0 10.175 0
TOTAL user 1.217.635 289.843 358.761 101.789 299.485 88.516
TOTAL user+sieve 1.217.635 331.007 358.761 112.154 299.485 97.875
TOTAL admin 959.099 135.403 292.911 49.239 249.877 44.081

For a user it is around 69% smaller and faster than traditional RainLoop.

CSS changes

  • Solve jQuery removed "features" with native css code
  • Themes work in mobile mode
  • Bugfix invalid/conflicting css rules
  • Use flexbox
  • Use border-box
  • Split app.css to have separate admin.css
  • Remove oldschool 'float'
  • Remove unused css
  • Removed html.no-css
  • Removed dev/Styles/Cmd.less
  • Removed dev/Styles/Scroll.less
  • Removed Internet Explorer from normalize.css
  • Removed node_modules/opentip/css/opentip.css
  • Removed node_modules/pikaday/css/pikaday.css
  • Removed unused vendors/bootstrap/less/*
  • Removed vendors/jquery-nanoscroller/nanoscroller.css
  • Removed vendors/jquery-letterfx/jquery-letterfx.min.css
  • Removed vendors/Progress.js/minified/progressjs.min.css
  • Removed gulp-autoprefixer
css/* RainLoop Snappy RL gzip SM gzip SM brotli
app.css 340.331 84.472 46.946 17.622 15.112
app.min.css 274.947 67.857 39.647 15.537 13.549
boot.css 1.326 664 545
boot.min.css 1.071 590 474
admin.css 30.576 7.013 6.096
admin.min.css 24.692 6.336 5.579

PGP

RainLoop uses the old OpenPGP.js v2 SnappyMail v2.12 uses OpenPGP.js v5, GnuPG and Mailvelope. SnappyMail is able to use and generate ECDSA and EDDSA keys, where RainLoop does not.

Since SnappyMail tries to achieve the best mobile experience, it forked OpenPGP.js to strip it down.

OpenPGP RainLoop Snappy RL gzip SM gzip RL brotli SM brotli
openpgp.min.js 330.742 540.792 102.388 167.971 84.241 138.010
openpgp.worker 1.499 824 695

Squire vs CKEditor

The Squire implementation is not 100% compatible yet, but it shows the massive overhead of CKEditor.

Still TODO:

  • support for tables (really needed?!?)
normal min gzip min gzip
squire 122.321 41.906 31.867 14.330
ckeditor ? 520.035 ? 155.916

CKEditor including the 7 asset requests (css,language,plugins,icons) is 633.46 KB / 180.47 KB (gzip).