Is there a roadmap?

Sure why not, I’ve been meaning to make a board. It’s empty but I’ve been needing to get my thoughts onto something like this so I’ll fill it in as I go.
(Link dead, I got bored, I’ll put it elsewhere)

Got some decent stuff done tonight :slight_smile:

U actually have, damn. The end is nigh.


Is that not the best domain ever? lol

I could get, but that’s $30 more per year than a .pw domain lol

I had no idea cPanel actually locked you out of the client area during updates, until I noticed it on eagle last night. I hope cPanel didn’t give you too much trouble with that update.

1 Like

Yeah me either, that was nuts. Over 2h downtime of the panel and webmail to update to cPanel 70. Oh god… it’s gonna take a week on Ghost…

(It did a database conversion of some kind for every single email account on the server, roundcube I think)

You have a plan though eventually to get rid of cPanel?

That was always my intention, but it’s more recently changed. The cPanel API is so wildly capable that I’d be foolish not to make use of it. I can utilize it to build what looks to anyone to be something 100% made in-house while still outsourcing the bulk of the security to them, and without altering things in unintended ways that break later.

What is the liklihood of 2FA for webmail and app specific passwords (like the Fastmail implementation).

2FA and the lack of contact/caldav sync to the webmail is holding me back from moving my personal email over to mxroute.

It is horrifying that in this day and age that cPanel have not implemented this.

Honestly I’m not considering it a priority. Webmail consists of 0% identified compromised logins since I started MXroute, it’s always direct authentication to the IMAP or SMTP service.

App specific passwords for IMAP/SMTP won’t help because you’d have to simultaneously implement a way to know which one was used for each login or any compromise is still a password compromise that has you resetting all passwords, but even if you do then it’s still a password compromise that has you resetting a password.

Until email protocols support 2FA it’s all just security theater. Companies like Google get to be the exception by being so big that nearly every email client supports their non-standard login method. The little guy like me is stuck on this in that there’s no way to implement it that doesn’t remove needed functionality or provide only the appearance of extra security.

What’s the solution?

A log that shows IPs logged in or an ability to lock down log ins to specific IPs?


For now I think the solution is to focus on improving product from a UX perspective. It’s key, at least for me, that I not overly concern myself with things I can’t reasonably change right now. Doing so leaves me discouraged rather than motivated.

Perhaps along the way more and better options present themselves, that’s usually how it works for me. Focus on the low hanging fruit, suddenly that thing that seemed out of reach a year ago makes perfect sense because of some minor change that offset the variables.

Fair enough.

Do you use LUKS like Fastmail?

Currently no encryption on email data store.

CPanel issue?

With GDPR coming in cPanel should get their act sorted :sunny:

Well I’ve changed my language as I’ve grown, but originally I openly stated things like “This isn’t going to replace lavabit.” The intention was to provide a simple service for devs and sysadmins who wanted to spend their time doing more interesting things, and found the pricing models of email hosting to be unusual, restrictive, and excessive. I had no idea it would blow up as much as it has, and I’m continually working to improve it, but it’s still a small business that was created during downtime from work and funded out of pocket. There’s no development team or anything like that, as many as 25 tickets coming in on a daily basis while I still have a full time job :slight_smile:

So more like… there’s only so much of me to go around :stuck_out_tongue:

Sounds like a problem for someone else, they’re based in Houston :stuck_out_tongue: