All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Crossbox Review
This has been a long time coming. Many of you know exactly how great Crossbox (https://crossbox.io) is, mostly I'd say because you're my customers and you know exactly how hard they've worked to keep our account and keep our customers happy. I must confess that I don't really know the best way to go about reviewing them, so I'm just going to share what comes to mind as best I can.
Crossbox is a managed SaaS application which is self-hosted and licensed from it's developers. It is at it's heart a webmail solution, but it really is so much more. By installing this on your cPanel, Plesk, or DirectAdmin server (they also have a standalone version) you'll enable your customers to get some great things like:
- Their own custom, beautiful webmail
- Nextcloud
- Mattermost
- Roundcube
- Rainloop
- Horde
- Squirrelmail
- Chat, a/v calls, files, notes, contacts, all that jazz
- White label branding for your customers that they can manage on their own
- The ability to publish your own mobile apps from their code (and even let your customers do the same, if you want)
- A single webmail URL for ALL of your shared hosting servers
- A single SMTP/IMAP proxy for all of your shared hosting servers
They use a complex algorithm that helps determine the proper back-end server, so your customers can be spread out across your shared hosting servers and it can even be the case that their domain exists on more than one of your servers, and it still points them to the correct one (if on server A and B, and MX resolves to B, back-end = B, for example).
But that's not even where they shine the most. The real beauty is in their support. Any hour, any day, if I'm having an emergency (usually of my own making) they are not far behind me. They've cleaned up their messes, my messes, my customer's messes, everything. As a hosting provider, these guys are the real deal, they are allies in your work.
I don't know what else to say about them, so I'd like to give anyone interested a chance to ask me about my experience in working with them. You'll get my complete honesty. Any questions?
Comments
seems like they have some kind of telemetry that monitors everything anyone using it is doing(including customers)
that's on the bottom of their frontpage
Stats never hurt anyone but if you think it's in poor taste, @CrossBox will be glad to take the feedback I'm sure.
I understand that logging of some sort may be useful.
But how useful is centralized logging of opened attachments, read emails etc. which from my understanding, include everyone using this software - including your customers.
I would study their privacy policy and include that they log some shit in yours.
My opinion on that is that this is equivalent to this:
https://www.hitwebcounter.com
And that it's not PII or even neighboring to it, therefore including it in a privacy policy would be exceptionally excessive. You're welcome to disagree of course.
Their privacy policy does not make it clear where do they collect this information - software, website? "Privacy policy" url goes to "privacy-google-play" so I assume its for their Android App?
Either way, they appear to collect shit ton of information sourced from?
This is because Google has certain requirements for the Play Store, as does Apple for the App Store. It may be necessary to say that the app collects a photo if you upload a photo to it. But this isn't saying "Users who use Crossbox with their shared hosting provider are uploading photos to the yank bank of the owner of Crossbox." The app collects the data you share, the data is stored on the server that hosts the slave behind the master that you're connecting to (both slave and master hosted by the hosting provider who licenses the software from Crossbox).
Of course, they'll also collect error reports from the app as customers send them. There's a feedback menu in the app and the self-hosted master which you can use to submit bug reports and that can include log data relevant to your session.
They could possibly word it a bit better, more like how Nextcloud does. But the difference in how it works isn't as great as I think you might be implying.
I agree that it should've been worded better.
I do not want to imply that they collect more than they should, especially with self-hosted appliances.
I'm more than happy to hear what they have to say about that(if they are willing to, of course).
Btw, Android app have realtime notification? ( email mostly )
It does
Exim is interesting choice for crosbox. For better security I'd say postfix. But you loose on configs than. Jar, what MTA is your choice in your infra?
Dear @jar, we appreciate you taking the time to share your positive experience with CrossBox. Your kind words mean a lot to us, and we're grateful to have you as an awesome customer!
@treesmokah, the statistics you see are collected anonymously by users who have analytics enabled in their settings. It's possible to disable telemetry completely so that no data is collected. Additionally, the data that is collected is not actual data but simply counters. For example, if a user opens an attachment, the attachment open counter is increased by one. The anonymous telemetry data is useful to software vendors because it helps us see which features perform well and which ones need more work, or if they're not used at all, to be removed completely.
Regarding the Android and iOS privacy policies, it's important to note that these policies are required by Google and Apple and may not mean what we all think they mean. When an app declares that it collects data, it doesn't necessarily mean that the app stores that data on its servers. For example, if the app has an input field where the user writes an email, the app automatically declares that it "collects" emails for the purpose of "app functionality," even though the emails never reach our servers. We also declare that "no data is shared with third parties", that "data is encrypted in transit," and that "you can request data to be deleted."
If you want to provide a feature where users can choose a file from their phone and attach it to an email, you must declare that you "collect" photos and videos, audio, voice or sound recordings, files, and docs. Similarly, if you want to provide a feature where users can fill in their contact card, you are already "collecting" addresses, phone numbers, and other related information. Same goes for IP addresses that we "collect" in order to provide a feature that warns a user if a log in from a previously unseen IP is detected.
At CrossBox, we're huge advocates for privacy, which is why we made our software self-hostable and installable by anyone on their own private server. It's a challenging task to make software self-hostable, as opposed to developing a SaaS where you have full control over the server infrastructure. We took things a step further by enabling users to build their own Android and iOS apps, providing complete control over the entire ecosystem, from the end-user apps to the backend that runs on your own servers. This level of control allows for even greater privacy and security.
@LTniger CrossBox has the flexibility to work with any IMAP/SMTP, without any limitations. For standalone setups where users prefer a mail server provided by CrossBox, we use Exim, which has proven to be highly reliable and configurable thus far.
Still no HA on the email server?
Haha, how is this a review. Sounds more like an ad more than anything.
Dude is literally just listing all the features. No pros & cons?
I'm guessing there is a steep influencer discount involved here.
There isn't, but thanks for being an ass about it. How would you have reviewed it differently? I obviously struggled on how to do it so if you want to be useful instead of a little shit and give some advice, I'd appreciate it ♥️
I know the gold standard is "run bench.sh and paste the result" but it just didn't seem like the right thing to do.
But to dive into motive:
I saw a negative post about them on another forum and it came to my attention that I haven't been singing their praises, and for as much help as they've given me with deploying and maintaining their software, I kind of felt like an ass for it. It's the least I can do. Imagine thinking someone can only be kind to someone else for money. That's some incredible insight into you, I'd be a little ashamed of revealing that about myself, personally.
Right now if I could just pick one at any moment, I would pick Haraka. I love how easily extended it can be. It feels more like a building block than anything.
I find exim and postfix to both be a bit confusing if I'm honest. They're both a bit too opinionated and difficult to customize without drilling down into their source and recompiling them.
I dont understand the motive, these happen when the provider doesn't have a tag, but @CrossBox does have a tag.
I feel like this isn't a shill post, but as I've tried CB, it was so good.
>
Well, having used Crossbox for a brief period (6 months) in production. I can say Crossbox isn't all rainbows and unicorns as you are putting in this advertisement.
During the time I encountered a few bugs that affected the core usage of the mailing (Filters, branding), clunky interface with their webmail interface that made replying emails difficult when using 1080p screen (Need to prove to them with an actual use case video), and most importantly even with the backend drive set to MySQL, Crossbox struggles with large inboxes. Comparing Crossbox + DA, vs other mail solution alternatives such as Mdaemon, Smartermail. Crossbox lacks the ability to properly handle large inboxes. The crossbox server that I had running for with about 3-7 active users, loads were constantly high. Whereas the same speced server running Mdaemon/Smartermail never have the problem.
Also, every time there is a bug, something not working. They require access to your box to "fix".
The only unique feature that can't be found anywhere else is the single login point for mail clusters. Other than that, Crossbox isn't worth the money.
Here's my "review"...
Oh, didn't realise @CrossBox was on here!
Random question: Is it possible to "unbundle" the email app? I got it with my mxroute subscription and I quite liked it when I played with it initially, but thought it was a bit of a shame that I couldn't also get it to fetch e-mails from my own POP3/IMAP server. I'd really quite like to de-google my phone and use this instead (currently, I'm using gmail to import via POP3), but it's limited to just a handful of defined vendors.
Might seem like a strange request, but I only bought mxroute as a backup in case my own outgoing mail server ever had deliverability issues, and for various reasons I don't especially want to make mxroute my primary mailbox.
Thanks for adding it. Now can I assume that you weren't paid by a competitor and that you're posting a real experience? I mean, you did kind of just let everyone here know that you associate writing these kinds of things with a benefit, presumably because you wouldn't do so without one so you project that onto others.
I'm kidding, but trying to prove a point with the joke. When you assume everyone always has shady motives, it says something about you, something I would probably not say about myself if I thought that way.
Moving on...
You are indeed right that it hasn't been perfect. It's also true that the bulk of the issues I've had were of my own creation. Server migrations, for example. Crossbox wants to be more involved in them but I don't have the luxury of giving them the time and space in those moments. Their own errors haven't concerned me as much because they fixed them on request, and I prefer not to think about problems I can't solve.
On an average day the amount of problems that I receive as input exceed my ability to output fixes. So when it comes to problems I can't fix, I deflect them and I don't even register them as input. It's a mitigation tactic. Crossbox has a "feedback" menu option and they've used it to take feedback on bugs and then they fix them. That's huge for me, but you can absolutely also take away from that: there are bugs, and they do sometimes need fixing. Those are indeed facts, so I've no desire or ability to contradict your review there.
Their list is impressive, but it can be a bit too much. I don't need all those features (e.g. I have my own Nextcloud install, or I don't want my organisation users knowing about these) but there's no way to disable/hide them. CrossBox seems more like a power user piece of kit, and so can be a bit complex for an average user.
(Note: this is a tiny bit of feedback on an amazing platform! And yes, I use it over at Mxtoute :-) )
Good to see local (Bosnian) company doing things like these. I am not big fan of "flashy" things but it's nice to know.
The motive was that I saw this post: https://forum.directadmin.com/threads/advanced-webmail-alternatives-for-da.65638/#post-361391
But it looks like he edited it now. It was a pretty bad "review" if you will. It made me realize that I'm over here asking for their help in these server migrations, they're going above and beyond even writing code just to help me, and I'm over here being quiet about it while people are talking bad about them. How bad of an industry ally am I? Some kind words could go a long way, I thought.
If the mods think it's a good idea to remove the review I'll respect it, pinging @raindog308. But I won't entertain any thought that this post wasn't 100% my idea. Maybe I'm bad at writing a review for software, entirely possible.
That has actually been a fairly common complaint. Granted I should put that in context, a common complaint still means less than 30 users have given it while most clients have said nothing. I say that because I feel like I have a bias in regards to "common complaint" by simply giving attention to what people tell me while forgetting that most people are telling me nothing.
I’m not sure if their standalone server does anything like that. But if you install it on top of a control panel it’s more up to the ones running that stack rather than Crossbox.
@lonea Indeed, there were some issues with large email accounts when our backend was written in Python. However, since we migrated to Golang and implemented additional optimizations, such issues have become very rare, and I can confidently say they are non-existent. High server load caused by a small number of users is not a typical experience for our average license holder, but rather an edge case that requires investigation. Our benchmark indicates that our software can handle up to 200 active users on a 2CPU, 4GB RAM server. If our staff has requested server access, it is because there was no other way to diagnose the issue. This is a standard practice, and our staff is always willing to assist and resolve any problems. While it seems that you had a negative experience, this does not necessarily reflect the experience of everyone. We have over 70 hosting companies running our software in production, with tens of thousands of daily users. I am not one to brag, but these numbers speak for themselves and would not exist if everything you mentioned were true for everyone.
However, one thing I can guarantee is our commitment to improving. While there may be bugs and issues, they are an inevitable part of developing software. We take pride in our ability to quickly address and resolve reported bugs. In fact, it's not uncommon for us to deploy a bug fix within 24 hours of it being reported. We believe in being proactive and responsive to our users' needs. After all, would you rather have a prompt resolution or have a Github issue sit unsolved for months?
Standard practice to whom?
Granting access to a third party vendor for an on-premise software is much less standard practice for the industry rather than your own company's standard practice.
There are definitely "more ways" to solve issues than require granting your team access.
For starters, you can improve your Documentation.
Your Documentation is TRASH. (This is a fair statement and a constructive criticism)
Your Documentation for troubleshooting is non-existent.
I would think most of your customers are well-versed in command lines or capable in following a few commands to troubleshoot an issue on your behalf. If your company's only way to diagnose an issue is to require immediate SSH access, that leaves a lot to desire.
There are many reasons to not allow your team access onto a server and I'm not nitpicking on this. Primary concerns are privacy for the inboxes. During the time I was using your software, I was hosting emails for a law firm. Which granting access to your team to a server opens a can of worms of liability issues.
Not to mention security...
P.S. Creating a user forum is also a good start in improving troubleshooting for admins.
We are using CrossBox across our shared & reseller services and more recently including Chat & File modules to be included with the Mail feature and we have been pretty impressed by it. Support has been well handled and pretty quick compared to other vendors we use.
Haven't see any major performance issues (we are running pretty large servers though) and our customers find it really useful, especially business customers that want to create their own "G-Suite" like service on their own hosting planform with minimal setup.
It would be good to see a roadmap for future development and more details around updates being published. @CrossBox your homepage still says version 0.7.0 but you click it and says 0.8 is released back in 2022 (2022-11-15). Hopefully more details can be added and more released updates > just shows an active system being worked on
We're likely to expand our CrossBox offering over the months/years to come, so looking forward to what comes next.
Just another 2 cents to the conversation.
We have also been using Crossbox for some time and really happy with the service.
@weasel: There are options to disable the "apps" menu, both at the server level and the branding profile level. We never "force" features or "our way" onto the users. Almost all features can be enabled/disabled/tweaked either in user settings or in the admin area.
@ralf: To log in to the app, use your MXroute account and then add an "external account" with any IMAP/SMTP server. The login process will try to automatically guess the IMAP/SMTP config (using autodiscover or autoconfig), but you can also enter the hostnames manually.
@lonea: Thank you for your feedback. We appreciate it and will work on improving the issues you raised.
@HostMedia: Thank you for your kind words. We are always here to assist you with anything you need.
@sasslik Thank you very much!