Thoughts on Mailpile

I was quite excited when Mailpile was released as a beta, and it made it onto my list of 'must have a play with'. Life being life though, I didn't get chance to give it a proper go until recently.

Sadly, it was somewhat anti-climactic and I've been left feeling more than a little underwhelmed. Mailpile shows a lot of potential, but it's definitely not ready for production yet. 

I ran my testing on a CentOS 6 VM, and in this post will summarise the good and the bad.

  

Installation should be reasonably straightforward

I unknowingly placed an obstacle in my own way by using CentOS 6 as the base OS - fulfilling one major dependency proved to be a little bit of a pain, and there's no easy way for me to know exactly whether it caused some of the issues I experienced (though I don't think it should have).

Aside from the dramas introduced by CentOS 6, installation is pretty straightforward - a number of the dependencies can be installed with pip

 

Bad: Plaintext storage of Credentials

For an MUA which evidently prides itself on transparently support PGP, I found it more than a little surprising to find my IMAP credentials stored in plaintext within a configuration file.

The credentials obviously can't be stored as salted hashes (as they're needed to authenticated with the MTA) but you'd have hoped there'd be some level of encryption deployed, if only to raise the skill level required by an attacker in the event of an accidental leak.

 

Indexing Capability

The much vaunted indexing capability of Mailpile definitely shows through, and compares incredibly well to the search capabilities of GMail - Responses are fast, and there's a logical query syntax allowing you to drill down a bit further.

It did take quite some time to import the maildir I threw at it, but in fairness it consisted of 33,000 mails and the VM was somewhat under-resourced.

 

CLI

I generally love applications which allow you to complete almost any task from the CLI - a GUI is great but sometimes it isn't an option (or the CLI is quicker). Mailpile is no different in this respect

 

Bad: Getting Locked Out of my Mail

I came up against a rather frustrating bug, when the Mailpile service was restarted, the passphrase I'd set at install had stopped working, so I could no longer access my mail.

I eventually got to the bottom of it (GnuPG 2.x instead of GnuPG 1.x) but can't help think that Mailpile should have caught the initial error (i.e. failing to correctly create the key) at configuration time rather than leaving me wondering why I was suddenly unable to access my mail.

 

Bad: Sparse Documentation

The documentation is evidently a work in progress, but there are some very important details missing. For example, when first installed, Mailpile will bind to the loopback device on port 13611 - rendering it inaccessible to anything else on your LAN.

The documentation doesn't detail where you should look to change this, and the relevant functionality provided within the CLI appears not to work.

 

Web Interface

The UI isn't a direct copy of Googlemail, but it does feel pretty familiar and is quite comfortable to use for the most part. The biggest issue I had with the UI was I kept clicking the Save button instead of the less prominent Send.

Other than that it's reasonably comfortable to use.

 

Conclusion

I'm definitely under-impressed with Mailpile - getting locked out of my mail and finding my IMAP creds stored in plaintext were both pretty big deal breakers.

That said, there's been no stable release yet, so it's only fair to expect issues and Mailpile definitely has the potential to be a great MUA, especially once things have matured a bit and the documentation effort catches up with the rest of the system.

So whilst I wouldn't entertain putting the current build into every-day use, there's enough potential that it'll definitely be worth testing again once a stable release is made.