1. Snapmail
The private cloud gateway for email sharing
Charlie Huynh
chuynh@enseirb-matmeca.fr
Mathias Lacaud
mlacaud@enseirb-matmeca.fr
Thomas Marchal
thmarchal@enseirb-matmeca.fr
Pierre-Alexis Nardin
pinardin@enseirb-matmeca.fr
Maxime Peterlin
mpeterlin@enseirb-matmeca.fr
Mylène Tahar
mtahar@enseirb-matmeca.fr
Gabriel Vermeulen
gavermeulen@enseirb-matmeca.fr
Amina Waddiz
awaddiz@enseirb-matmeca.fr
Abstract. This project deals with the creation of a virtualized SMTP server which allows users to send mails with large
attachments. The attachment is separated from the mail, saved on a private cloud, and replaced by a link. With this
link, the receiver is able to see the content and download it if he wants. The cloud named Media@Home, was developed
largely by other students during S9 projects. Thanks to this platform, the contents can be adapted, allowing the receiver
to read them easily on any hardware and watch the videos in streaming. The main purpose of this project is to link
Snapmail with Media@Home as a complete add-on, thus both the sender and the receiver can see the attachments in
their Media@Home account, share it and modify it according to their permissions.
1 Context
Nowadays, with computers and network performances growing fast, it has been necessary to think of new ways for data
storing. Some companies are already offering cloud services such as Google Drive, Dropbox or Mega, but the problem is
that they are keeping people’s data on their servers and allow themselves every right on it.
1 of 13
2. 1.1 Snapmail, an add-on to a bigger application
1.1.1 Media@Home social network
The Snapmail project has been built as an add-on to a bigger application which is Media@Home. Media@Home is a so-
cial network allowing people to share media with each other, mainly videos or images. A Media@Home user can search
for people to add them to a specific friend-circle such as "relatives", "friends" or "colleagues". What distinguish Me-
dia@Home from traditional social networks like Facebook or Youtube is that it provides its users to get their own server
at home: the Media@Home box. With this box, everyone can keep an eye on their data, delete them whenever they want
and share it only with people they trust.
Figure 1: Media@Home, a decentralised social network
As shown in Figure 1, Media@Home still needs a central server to store information about the user account, and their
bounds of friendship with the others. Each user owns their Media@Home box where their files are stored. Their friends,
who belong to the right circle, can view their media directly on the owner’s box. Especially, Media@Home video player
provides an adaptive streaming method, to adapt video quality according to the Internet speed.
For Snapmail interest, Media@Home has been improved to do the same feature for images. Images are processed in four
different sizes to be seen correctly in every hardware (mobile, tablet or computer).
2 of 13
3. 1.1.2 Snapmail interaction with M@H
Snapmail has been constructed as a gateway to link emails with Media@Home, to create an automatic upload of attached
files to the user’s account, and therefore to their box. There are two different ways to link a mailbox to snapmail: the user
can either use a regular mailbox and configure Snapmail manually, or choose to link automatically a Gmail or Microsoft
account with OAuth.
In the first case, the users must enter by themselves their SMTP parameters, by giving their mail address, password, host
address and port of the gateway. In the second case, the users have nothing to do but authorize the app to benefit from
Gmail or Yahoo to process their emails.
The snapmail gateway is very convenient for the users to whom the service is offered, as they do not have to manage the
file upload and sending the link to the recipient.
1.2 Traditional mail attachment to be outmoded
1.2.1 Attachment size and privacy
Traditional emails attachments are limited in terms of size. Indeed, most of the email providers requires the attachment
to be smaller than approximately 20Mb. This limit prevents users from sending for instance normal-sized videos or
photograph albums, which is very restrictive.
The Snapmail project is solving this issue by providing an enjoyable compromise between the initial mail attachment and
the new cloud storage. When sending an email via snapmail, the attachment size is not restricted at all, it only depends
on the user’s box capacity.
Moreover, with Snapmail using Media@Home’s boxes, the privacy of the content is preserved: the owner is the only one
responsible of it.
3 of 13
4. 1.2.2 Cloud technologies: a must-have
Nowadays, cloud solutions are the most considered because they provide a lot of advantages. They are very flexible,
as people can access their data anywhere at any time, and allow collaboration between many users. The data are also
prevented from being lost, as the files are no longer stored on a device but on a server like Media@Home box.
2 Snapmail: the mail add-on for Media@Home
2.1 The SMTP Server
The configuration of the SMTP (Simple Mail Transfer Protocol) gateway uses the Subethasmtp API. The first task of the
group was to find an API which was written in Java programming language preferably (as the whole Media@Home project
was written in Java in the first place), without security flaw and with recent developments.
Unlike other MTA (Mail Transfer Agent) API such as Postfix or Sendmail, Subethasmtp is an easy to understand Java
library, without many security flaw, with a low memory consumption and with a vibrant community of developers behind
this project.
Subethasmtp is used to receive mails from a sender, treat and parse them into body parts in order to create a new mail. If
there are attachments enclosed in the mail a process function is called to store the content on Media@Home and replace
it by a link in the new mail. In the particular case of inline pictures, they are not replaced with a link due to the meaning
they are carrying in the mail. Only then, the gateway will forward the new mail to the receiver’s smtp server which will
deliver the mail to recipients. In terms of programming, different abstract Java interfaces had to be implemented in order
to create the process functions for the smtp gateway. The connection to the smtp gateway is possible only if the user has
an account on the existing Media@Home platform. If he wants to send attachments, they will be automatically uploaded
on his content page on Media@Home and will be replaced in the mail by a link that directs receivers to the content on the
sender’s box. With such process, senders store their content on their boxes therefore avoiding the manipulation and the
storage of it on global internet servers. Thus, the mail server: Snapmail, keeps the notion of privacy that Media@Home
4 of 13
5. initiate.
2.2 The link between Media@Home and Snapmail
Media@Home has a REST API that allows to get, create, modify and delete data such as users, contents and their details.
Based on this architecture, new functionalities have been implemented in this API to deal with the needs of Snapmail and
for new features for Media@Home itself. Therefor a new way to upload any type of content was added with the possibility
to share the content directly in Media@Home. Moreover, everything necessary to set and get the data that Snapmail needs
to send emails was developed. Finally, to allow the user to use Google, yahoo or Microsoft mail services to send emails,
an automatism was created to link their Media@Home account with those services.
Snapmail needs some specific data to be stored in the database of Media@Home. To send an email, it needs to know
witch SMTP server to use with a username and a password. However, it only needs a token from a mail service provider
if the user has linked his account with the service. This way, no password is stored in the database which means more
security for the users.
Snapmail needs to be developed as an add-on because Media@Home can be used without it. To do so, the code has been
separated between Snapmail and Media@Home: if a feature can exist without Snapmail, then it belongs to Media@Home,
if not it belongs to Snapmail. A new way to store any data with a generic key-values implementation has been developed
not only for Snapmail but for any future Media@Home add-on.
2.3 Security
2.3.1 SSL/TLS
The communication canal between the sender and the SMTP gateway is secured with SSL and TLS communications (SSL
and TLS are cryptographic protocols designed to provide communications security over a computer network). This new
canal ensures the secrecy and integrity of the content of mails sent. Both clients and the server are exchanging requests
to agree on: a cipher algorithm, certificates, secret session key and the version of the standard used (TLSv1, SSLv3...)[1].
5 of 13
6. These requests are possible only if the sender had prior specify on his MUA (Mail User Agent) that he needs a StartTLS
connection. This will therefore upgrade a plain text connection to an encrypted connection without using a separate port
for encrypted communication. On the contrary, if the content of the mail is not important, he can send it without using
the StartTLS connection and thus using the simple plain text connection. In this last configuration, the mail will not be
encrypted and the integrity cannot be ensured.
2.3.2 Security during API calls
With the aim of sending requests and contents between the SMTP server and the Media@Home server, the basic access
authentication is used. This method allows to authenticate the user asking for the Media@Home API, if this user wants to
post a content or get information. The use is simple: both the username and the user’s password are encoded in base64
and added to the headers of the requests [2]. As these information are not encrypted, the basic access authentication is
not secured enough against hackers. However, Snapmail is designed to be on the same server as Media@Home. Thus the
requests can’t be seen easily, and this authentication is adequate to prevent average user identity theft.
Regarding the request to get the attachments, no authentication is needed because the contents are supposed to be
accessible by a user who does not have a Media@Home account. The basic security is provided by the length of the
random code which identify the content.
2.3.3 Link with famous mail services
Mail account passwords are the most important information to secure, to assure consumer’s confidence. Snapmail needs
them to forward the mail to the normal SMTP server, which sends it straight up to the receiver using the common path.
One approach is to use the most famous email service APIs to authenticate the email addresses, and send messages in
their names without passwords in Snapmail side. These API can be called using the Oauth2 protocol [3].
If the users want to link their Media@Home account with their other email service account, they are redirected to the
email service login page. By login and giving consent to Snapmail to forward emails in their name, the login servers
6 of 13
7. return and authorization code used to get a time limited access token to call the API.
Figure 2: Example of the Oauth2 protocol for a Google API call [4]
However, the purpose is to link the account during the registration and to keep this link. Instead of using an access token,
a special refresh token, given at the same time, is saved. This refresh token allows to request a new access token without
starting all over again.
To use Snapmail, users can link their Media@Home account to their Gmail or Microsoft account. The link to their yahoo
account has not been developed because the Yahoo Mail API is deprecated since the beginning of 2015.
2.3.4 ClamAV : an antivirus scan
Before storing the enclosed contents of mails into Media@Home, they will be analyze with an antivirus software in order
to ensure that infected files will not be stored on boxes. This antivirus software help us to avoid security flaw. ClamAv,
an open-source software able to detect many types of malicious software including viruses, was chosen to analyze the
content of mails. In the SMTP gateway ClamAv is used as a daemon and for each attachment and embedded picture, a
connection will be created between the server and the ClamAv service. Each content will be analyzed and if a content
is infected the file will not be uploaded on Media@Home. Instead, a mail will be sent back to the sender and informed
him of the infected content. Hence, in Snapmail, the ClamAv software is used as a server-side email virus scanner. In
7 of 13
8. the particular case of multiple attachments and if one of those is infected, only the safe attachments will be uploaded on
Media@Home and so only the links to not infected files will be in the mail.
2.4 Virtualization with Docker
Media@Home and Snapmail, in order to be fully functional, require multiple services and programs to be installed on
the machine they are executed on. For instance, ffmpeg is used to process videos and images, ClamAV to run antivirus
scans on the attached files sent with Snapmail, etc. It means that every machine, where Media@Home and Snapmail will
be running on, needs to have those dependencies installed beforehand. This monotonous task was, in the early stages
of development, performed by a bash script. The problem is that it only works with a specific operating system (which
is, for this project, Ubuntu 14.04) because, even though all Linux distributions are essentially the same, there are a lot
of differences that makes the portability of a script rather difficult such as commands or packages names. Not only the
programs installed matter, but also their version. Some features might not be available depending on the versions used,
which could end up crashing Media@Home or Snapmail.
The idea is to easily provide the client (or even other members of the team) with stable and bug free versions of Me-
dia@Home and Snapmail. Hence the need to not only deliver the project, but also the execution environment it was run
and tested on, which is why it was decided to use Docker.
Docker, which is still in the early stages of development, is an easy-to-use platform for developers and sysadmins to de-
velop, ship, and run applications. To export the application and its execution environment, a Docker image has to be
created from a Dockerfile. This Docker image, that will contain the application, is based on what is called a base Docker
image. Those base images could, for example, contain an Ubuntu operating system and it has only the necessary files to
reproduce the same environment as a standalone Ubuntu operating system. The Dockerfile specifies which base Docker
image will be used and contains a list of commands that will set up the execution environment wanted.
8 of 13
9. Figure 3: Example of a Dockerfile
Once the Dockerfile has been written, the Docker image is built from it and will be used to run Docker containers. A
container uses a Docker image as a template and it is possible to run multiple containers based on a single image.
One of the main advantages Docker brings is how lightweight those containers are and how few resources it requires.
Running a container takes as much resources as a simple isolated process executed on the host operating system. An-
other possible solution would have been to use virtual machine and, in comparison, it requires much more resources,
because not only the application and its dependencies are required, but also an entire guest operating system that will
run on top of the host operating system.
The project uses six containers :
• Media@Home - Box: based on a Linux docker image with Java 8 installed and contains the central server application
of Media@Home.
• Media@Home - Central: based on a Ubuntu docker image with Java 8 installed and contains the box application of
Media@Home.
9 of 13
10. Figure 4: Docker
Figure 5: Virtual Machines
• Snapmail: based on a Ubuntu docker image with Java 8 installed and contains the Snapmail application.
• Worker: based on a Ubuntu docker image with various tools to process videos and images installed.
• DB: based on a Linux docker image with a MongoDB database installed.
• ClamAV: based on a Linux docker image with Java 8 and the antivirus ClamAV installed.
All these containers are automatically linked together and can be easily executed with a tool called docker-compose.
Docker really helped throughout the development to set up and test Media@Home and Snapmail. It will most certainly
show useful when these applications will be deployed at a larger scale.
3 Organisation and Management
3.1 Methodology
To be organised, it was decided to work with an Agile methodology. The Agile method has been proved to be efficient in
computer programming projects and it is a work method that encourages collaboration between students. Moreover, the
project involved small cycles and a fast integration in order to solve issues which could have occurred following a previous
integration. Thus, the Agile method fulfils all requirements for this project.
10 of 13
11. Figure 6: Main stages in Agile method
In order to understand and give the priority to the needs of the users, the Agile methodology involves the clients during
the whole development phase of the project. As their needs could change over time, a meeting was set every fortnight.
Therefore, this project was planned according to fortnights. In this project, the clients were the supervisors.
A user story is a definition of a client requirement containing enough information so it can be integrated to the project. It
can be summarised as follows:
As a (role), I want (something) so that (benefit).
Naturally, the clients were involved in the development of these user stories during the meetings. Then, the tasks were
were established from these user stories.
There were enough tasks to be assigned for each person. However, two or three persons were allowed to work on the same
task according to the individual preferences.
The meetings were also the opportunity to show the progress of the project to the clients. They were divided in two steps
including the demonstration of the last user story and the client feedback. Demonstrations had to be visual and show
explicitly the new features to the client as a non-technical customer. The following discussion was an opportunity to
collect client reactions and define the next iteration.
3.2 Tools
To manage the source code and task assignments, GitHub and ZenHub services were respectively used.
GitHub is a web-based Git repository which offers distributed revision control and source code management. It not
11 of 13
12. only allows to store and share privately the source code with all team members but also to access several collaboration
features such as wikis, task management, and bug tracking. That way, it is possible for all the members of the group to
stay informed, as well as the supervisors and to develop the different parts independently.
Moreover it was possible to make GitHub fit the agile project management using a web add-on named ZenHub. It runs
natively in GitHub interface and permits to manage projects with a simple board. A task lived six steps in the board before
being closed (New Issues, Backlog, To Do, In Progress, To Test in pre-production, Done) that correspond to the agile
methodology and can be feedbacked by peers at every step. That way, it is easier to keep control on the advancement of
a task and to improve features during the process.
3.3 Issues
Many technical problems were faced and it was necessary to deal with all of them before every demonstration. The biggest
issue was the memory limitations for huge attachments, as SnapMail project was meant to provide a service that enables
the user to send important size files, it was a priority to have a method that fixes this problem especially for videos. At
first the maximum size was around 200MB, then this limit was successfully set to more than 2GB. Another problem was
the integration of the Snapmail project to the private Cloud Media@Home. It was necessary to adapt Snapmail code
to Media@Home’s one within each stage of the project. Moreover, while linking the service to some companies using
OAuth2, some technical problems occurred. The link between the snapmail user account and Google/Microsoft was
based on the adaptation of OAuth2 protocols of each company, which needed to be studied, implemented and tested.
Conclusion
The project consists in a new service to enhance the private social media Media@Home, a platform where members can
share contents, which offers tools to help members to manage their private, social and business files such as private
documents, photo and video albums. Nevertheless users needed a new tool to supervise their mailbox and share their
contents in full privacy. The new Snapmail add-on provides this new feature.
12 of 13