Skip to main content

CacoCloud, Mail reader, RSS, password and bookmark manager

I’ve presented earlier some interesting projects that aim to gain back the control of your data while being very focus on privacy. It’s the case of Yunohost and Cozycloud, that works like your own cloud as a standalone distribution or to install on your current server, with 1 click installation of several application like, mails, calendar, torrent client, RSS reader, etc…(and growing) to let you install only what you need, or some projects like Owncloud, that is more an all-in-one application with contact, file, music, calendar,…

All these great pieces of work allow you to manage a large set of your need by centralizing those on your own server.

And I’ve actually discovered recently a similar project, called CacoCloud.

CacoCloud Mail Reader

CacoCloud is a simple, fast and secure RSS and mail reader + password and bookmark manager. Based on PHP and AngularJS, CacoCloud uses SQLite to store the information in a encrypted way. Thanks to its small footprint, CacoCloud will even run smoothly on your Raspberry Pi.

CacoCloud RSS feed reader

Interested to play with it, here is how to install CacoCloud.



I assume you have a running Web server with Apache and PHP. If it is not the case, please check this tutorial.

1) Install sqlite and php dependencies

In root (Or with sudo), run:

2) Download and extract their latest archive into a dedicated folder in /var/www

3) Change the owner of the cacocloud folder to your web server user to make sure no permisssion error will occur (Like blank page, etc…)

4) Make sure the proper apache modules are enabled

Still in root:

5) Create a dedicated virtualhost to point your subdomain to directly the cacocloud public folder, with SSL certificate.

What you will need:

– Create a A redirection in your DNS server/registrar with something like cc.domain.tld to your IP

– Have SSL certificate ready. If not you can read this tutorial. (Optional but strongly recommended)

– Create your virtualhost as following:

In /etc/apache2/sites-enabled/, create a file called cacocloud (In root):

and paste the following content:

Adapt the content (Servername, webmaster email, SSL certificate and directory if different).

When done, save the file (CTRL+X then Yes) and reload apache: (In root)

6) Launch the web installer and make sure you have all the dependencies required.

Simply go to http://youIP/cacocloud/public/install and check if everything is in green.

Then proceed to the database and user creation.

And you should be good to go!!

A very simple video has been done to explain how to install CacoCloud on a DigitalOcean VM in less than 2 minutes.

Reduce SPAM and improve security – Amavis + SpamAssassin + ClamAV + Procmail + PostScreen>90% of mail traffic are actually SPAM….and you will quickly need to implement Spam protection either from global blacklist, or learning algorithm or even check SMTP protocol respect.

The most popular way to block SPAM on your mail server is probably SpamAssassin. It’s a free and Open Source spam filter written in Perl. It will perform a wide range of tests on headers and body text to determine how likely spam will be your mail. You could after make SpamAssassin learn from its mistake (Ham) or endorse its correct decision (SPAM). It’s a powerful too and very flexible. The downside will be its resources footprint as it will scan all our mail to assign a score to them and basically >90% of them will be SPAM.

Others solution exists, more resources efficient, but with others downside tho. It’s the case of using RBL (Real-time Blackhole). It’s a database of known spammy IPs, from Spamhaus for example. You can select the spammy IPs list to block (Some are larger than others). However the downside is you might block legitimate IPs as only 1 domain might actually spam and all the rest on same IP could be legitimate. Or worse, in some cases, Spamhaus and co blocked a full range of IP…

But there is also others way to do it, like with Postscreen. As most of the Spam are sent by Zombies computers and have only a very limited amount of time to deliver their spammy mails before being backlisted, they tend to make compromises in their SMTP protocol implementation, for example, they may speak before their turn or they may ignore responses from SMTP servers and continue sending mail even when the server tells them no to do so, etc… In that case, Postscreen is here to see if they respect the SMTP protocol and if they do, will allow the mail to be delivered.

I think this process is quite efficient and could save a lot of resources as SpamAssassin will not have to scan all the mails, but only the one having passed the first tests from Postscreen. However if rejected, the client will need to resend the mail (Usually spammers don’t) and in this case you can have a long grace period (Several minutes to several hours depending on the client…). For this reason I do not use it but if you are having a heavy load due to spam and spamassassin don’t work enough or use all your resources, it’s a good turnaround. aspect to cover is having an AntiVirus. For linux? you will say? Well first of all, Linux is not perfect (Although it managed much better the authorization and system access than Windows) but you could suffer from some virus. But most important, you may not be the only user that will read mails coming from your server. Either you could offer access to family, friends, … or read your mails on different system including Windows or simply forward a mail to others people. That’s why I think having a proper AntiVirus for your mails is important.

But here again, having an AntiVirus that will scan all your mails to look for viruses will use a significant amount of resources  (30-50mb Ram probably?) and here is where again Postscreen could help, to avoid scanning Spam mails too.

Actually, to make this configuration works, you will also need an additional package, Amavis to buckle the loop:

Postscreen will remove at the earliest stage a significant part of Spam (The one not respecting SMTP protocol implementation) and let them go to Postfix. Amavis will then do the bridge between Postfix and SpamAssassin + ClamAV to check the Spam and Virus and finally Procmail to dispatch all these into the local mailbox. (Note that Sieve in Dovecot could do it too)

So let’s see how to install and configure all this.

PS: I don’t use Postscreen and if you want no delays in your mail, shouldn’t use.


and we will also add some compression tools to be able to scan the archives for viruses too.
Postscreen is part of Postfix and does not require additional package.


  • ClamAV:

Per default, ClamAV will automatically update its database every hour. If you want to update it now, you can run:

Then, to avoid ownership issues during scans from ClamAV and Amavis, we need to add ClamAV and Amavis users to each others’ groups:

  • Amavis:

You will need to make Amavis and Postfix communicate.

In /etc/postfix/, below the line:


to looks like that:

And at the end of the file add:

then in /etc/postfix/, add:

Now you need to configure Amavis directly. In /etc/amavis/conf.d/15-content_filter_mode, make sure the 2 variables

are uncommented. You’re now good to go to SpamAssassin

  • SpamAssassin:

I suggest to create a dedicated user to run spamassassin to better control the process and have dedicated logs.

In root (su) type:

Its configuration file is located in /etc/default/spamassassin. You will need to modify few things to enable SpamAssassin:

and change the following to 1

You will also need to modify the OPTION line to become:

and add a new line with:

Now you need to configure Postfix to use SpamAssassin

At the line:

add below (new line):

then at the end of the file, add:

Finally restart all the services you have touched to.

If any issue happen during the restart, it should tell you what to do. If no issue, you should now be protected from Spam and Viruses.

You can try if it works by sending a fake spam to your mail box. Simply send you an email with the content:

or try with a inoffensive virus from The European Expert Group For IT-Security.

  • Procmail:

You may want to make sure they are store in your Junk box to separate them from your regular inbox. Here is where Procmail enter. (Although Sieve in Dovecot could do the same)

First, you will need to tell postfix to use procmail.

add the following line:

then, we need to config the rules.

From the Dovecot wiki, it states that Procmail seems to have some intermittent delivery problems if you use the system-wide configuration with Maildir style mailboxes. (/etc/procmailrc) and thus should use $HOME/.procmailrc instead.

Hence, to avoid having to configure that at every new email/user we will use the skel system to ensure our .procmailrc is copied to every new user.

In root, create the /etc/skel/.procmailrc file

and copy this simple configuration:

This will route the SPAM in the .Junk folder. (You should be able to subscribe to this folder using your favourite email client like Thunderbird,…)

When you will create a new user, the user will have this .procmailrc in its home and should be able to have it email running directly.

As explained in the first part of this tutorial, to create a new user: (In root)

A long tutorial but you should now have access to a secure mail system.

A New CAPTCHA Approach

If you want to use Postscreen to have an additional layer of Spam protection, you can follow below tutorial:

  • Postscreen:

In your /etc/postfix/, add a section for Postscreen as following:

Few explanation:


When a client connect to Postscreen, it will start to communicate by sending a first banner “Please wait to be seated” and 6 seconds later, the remaining information on the SMTP identity. According to SMTP protocol, the client needs to wait to receive the entire banner. Spam bots will probably not wait (as they are configured to send as many mails as possible) and Postscreen will not accept its mail.


Initially, before the ESMTP (Extended SMTP), the protocol was half-duplex, mining the server and client needed to send 1 command at a time and wait for the answer of the other. Enabling this option will indicate to the client that he needs to send 1 command at the time as Postscreen “does not” support ESMTP. Here again, most probably Spam bots will not respect that and send the entire set of commands directly.


This test is a simple filter that block the commands CONNECT, GET and POST, used by spam bots when they use proxies. This filter is actually already implemented in Postfix (Since version 2.2) but having at the upstream should help reduce the load on the smtp daemon.


This test is still very simple but a lot of Spam bots don’t respect it….in the SMTP protocol implementation, each line should finish by <CR><LF> for “Carriage Return & Line Feed”. But a lot of zombies only use the <LF> at the end of their line.

Obviously many more options exists and you should read the official documentation to learn more.

Then you need to modify the /etc/postfix/ to enable Postscreen and allow him to route the validated mails to smtpd.(In root)

and replace the line


and then restart postfix

However you will receive mails with a delay from few minutes (5mn from Hotmail and 20mn from Gmail based on my previous test) to few hours depending on the client side….that’s why I don’t use Postscreen in fact.

Mail Server – Postfix + Dovecot with TLS/SSL awaited howto, Postfix is probably the most popular mail server and is usually coupled with Dovecot or Courier and in some cases, with Anti SPAM and Anti Virus. (We will see that in another article)

My previous tutorial on how to setup a mail server was based on Courier-imap, but as Dovecot became more and more popular, I had to give it a try !

Both mail systems are good but they have their own plus and minus from my experience and reading:

Courier Dovecot
+ Extremely reliable

+ Trashmail box automatically expunged

+ Powerful maildrop

+ Low memory footprint

+ Good IMAP performance through indexing

+ Highly configurable

– Larger memory footpring – Trashmail box not automatically expunged

These are obviously only my observations and I know they actually found some turnaround to their minuses.

As I’m a big IMAP user and usually never delete my mail, indexing is a big plus for me and I wanted to give it a shot, this is why I’ve migrated to Dovecot.

The tutorial below will be for a Postfix + Dovecot for IMAP with SSL security. The user management will be based on users created on the system. (No SQL database or text file as it will be for few users only)


Debian comes with the default MTA (Mail Transfer Agent) called Exim which will not be useful anymore as we will replace it with Postfix.

then you will need to select a type of configuration, just choose “Internet Site”


and you will need to type your System mail name. I suggest you to create a dedicated sub domain and to use it here, in my case it will be

Doing so allow you to be ready adding server mails or changing more easily.


We will assume, you want to create an email account for your regular Debian or Ubuntu user. We will see later in this guide how to create new users.


You can generate your own self-signed certificate by running the following command:

(In Root)

This will create a pairs of key and certificates based on RSA encryption 2048 bit.

You will need to enter some info such as:

You will use these 2 key in Postfix conf and Dovecot conf.


The main configuration file of Postfix is located as /etc/postfix/ I suggest you to remove all its content and to replace by this one:

Obviously replace by your own domain name and same thing for TLS certificate and key you have just created.

Then, you need to modify the master file to do the bridge with Dovecot and allow sending mails.

and replace the #submission part by this one:


You may want to set some aliases, meaning if we send an email to root@yourdomain or webmaster@yourdomain, to make sure mails will drop into your account. If you want to make some changes, you can modify the file /etc/aliases.

Basically it says, mailer-daemon will be redirected to postmaster user (You may not have a real user called postmaster), never mind, it also says postmaster will be redirected to root and root to “MYSUER!!”. Just make sure this user suits your needs.

As it suits my need, I didn’t change anything there. But if you make any changes, don’t forget to update the configuration with the command:


Now you need to configure Dovecot through the file /etc/dovecot/dovecot.conf. Here again I suggest you to remove everything and use mine. (The original file contains a lot of links to sub conf file located in /etc/dovecot/conf.d

and replace with:

You will need to change ssl certificate location. (Last part of the file)

And finally, restart Postfix and Dovecot to update all your changes

Users Management:

In the case you want to create a new email box for a dedicated user, you can simply create a new user on your system and mails will work immediately.

In root, type:

The /sbin/nologin option will prevent the user from logging in to your server via ssh.

And that’s all at this stage.

You should now have a working email setting that you could try with Thunderbird for example. Thunderbird should recognize the server setting and you will be using STARTTLS for both IMAP and SMTP.

The next tutorial will cover how to add SPAM protection and Virus Scanning (Although Linux is well protected against viruses, you may still want to add an antivirus scan for your Windows users or when you will be accessing your mails from a Windows system.)

EDIT: The next tutorial is ready:

Reduce SPAM and improve security – Amavis + SpamAssassin + ClamAV + Procmail + PostScreen


Host your own server – Where do we start?

So you wish to install your own server to run may be a website or your own mail, or a specific application or service (Subsonic? Minecraft?…)

You will obviously have few requirement to match based on your needs.



You could have a dedicated server using OVH or any other provider, but I’ll assume your here to use your own hardware and host it at home.

In fact, a server does not need to be very powerful, so you could reuse an old laptop or computer if you want. For example a Rapsberry Pi (Based on Arm with 256Mo Ram) is enough to host quite a few services. But don’t except high reactivity tho.

My first dedicated server@HOME was a custom ITX (Small size) config based on:

Case: Thermaltake Element Q

Motherboard: Intel DG41MJ (ITX socket 775)

Processor: Intel E5300 2.5Ghz


250GB 2.5 7200tr/m Hard Drive

Paid 250e 4 years back

And I had a very good experience with it and I was hosting few websites with modest trafic (few hundreds per day) and dozen of services such as Subsonic, Ajaxplorer, FTP, Mails, …. No need to be much faster in fact.

Although my config now is way too powerfull for my needs (But it was my own gift xD)

I’m now having a i7 2600 with 16GB Ram + OCZ Vertex 3 SSD 64gb + 2x2To Storage (For duplication). I actually really enjoy using SSD in my machines now (Fast load time, very good performance with MySQL databases or heavy I/O tasks)


Obviously the faster your Internet connection is, the better but I would say there is no specific minimum, it will just limit your type of services and traffic.

If you could have at least 128kb/s (16ko/s) upload speed with your ADSL, that would be a good start. Download will not matter much usually, as upload is always the bottleneck in ADSL. (If you are having cables, ADSL2, VDSL2, or even FTTx, lucky you. In that case you will probably be very comfortable with upload)The server described earlier was on an ADSL2 connection at 16M/1M.

Now I’m having FTTB with 100M/40M (So much faster…indeed)

Another important aspect of your network will be your router, to route correctly the needed traffic to your server. You will need to open several ports to let enter the traffic.

Operating System:

GNU/Linux is THE Operating System for servers. Widely used, very stable and with good performance, it is a good choice to run your server on.

In the GNU/Linux family, it exists a lot of “flavor”, Ubuntu being the most popular and very easy to handle. Ubuntu has a dedicated server version called Ubuntu Server and will run quite well. But although I’ve started with Ubuntu Server, I’m quickly moved to Debian and could only strongly recommend you to give it a try.

Ubuntu being based on Debian, you will not feel much the difference as a server version. However I felt Debian to be much more stable and reactive than Ubuntu. However Debian got 3 majors branches (Stable, Testing and Unstable) with different version of application. Stable being based on very robust and tested set of application, while Testing has more up to date and Unstable being cutting edge version, with possible bugs for these 2 versions.

You want to play safe? I suggest you to use Debian Stable and if an application is not up to date enough, to install a more updated version from backport repositories.