Linux E-mail: Providing Webmail Access (Part 2)

Exclusive offer: get 50% off this eBook here
Linux Email

Linux Email — Save 50%

Set up, maintain, and secure a small office email server

$26.99    $13.50
by Alistair McDonald | January 2010 | Linux Servers

In this article series by Alistair McDonald, author of Linux Email, you will learn about the following:

  • The benefits and disadvantages of a webmail access solution
  • The SquirrelMail webmail package
  • Setting up and configuring SquirrelMail
  • What SquirrelMail plugins are and what they can do
  • How to make SquirrelMail more secure

Read Linux E-mail: Providing Webmail Access (Part 1) here.

Installing SquirrelMail

SquirrelMail may be installed either though a package or directly from source. While no source code compilation takes place in either method, upgrades are made easier using the packages.

Many of the various Linux and Unix distributions include the SquirrelMail package. Install the appropriate package from your distribution to use the binary method. On many Linux distributions, this may be an RPM file that begins with squirrelmail….

However, an updated version of SquirrelMail may not be included or available for your specific distribution.

The following are the advantages of using the version of SquirrelMail provided with a Linux distribution:

  • It will be very simple to install SquirrelMail.
  • It will require much less configuration as it will be configured to use the standard locations chosen by your Linux distributer.
  • Updates will be very easy to apply, and migration issues may be dealt with by the package management system.

The following are the disadvantages of using the version of SquirrelMail provided with a Linux distribution:

  • It may not be the latest version. For example, a more recent version that may fix a security vulnerability may have been released, but Linux distributors may not have created a new package yet.
  • Sometimes Linux distributions alter packages by applying patches. These patches may affect the operation of the package, and may make getting support or help more difficult.

Source installation

If you do not install SquirrelMail through your distribution, you will need to obtain the appropriate tarball. To do so, visit the SquirrelMail website at http://www.squirrelmail.org , and click download it here. At the time of writing, this link is http://www.squirrelmail.org/download.php

There are two versions available for download, a stable version and a development version. Unless you have specific reasons for choosing otherwise, it is generally best to choose the stable version. Download and save this file to an intermediate location.

$ cd /tmp
$ wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.19.tar.gz

Next, unpack the tarball (.tar.gz) file. You may use the following command:

$ tar xfz squirrelmail-1.4.19.tar.gz

Move the folder just created to your web root folder. This is the directory from which Apache serves pages. In this case, we will assume that /var/www/html is your web root. We will also rename the clumsy squirrelmail-1.4.3a folder to a more simple mail folder. You will need to have superuser root privileges in order to do this on most systems.

# mv squirrelmail-1.4.19 /var/www/html/mail
# cd /var/www/html/mail

Here we have used the name mail, so the URL that users will use will be http://www.sitename.com/mail. You can choose another name, such as webmail,and use that directory name instead of mail in the commands that you enter.

It is also useful and secure to create a data directory for SquirrelMail that is outside the main web root, so that this folder will be inaccessible from the Web.

# mv /var/www/html/mail/data /var/www/sqmdata

It is important to make this newly created folder writable by the web server. To be able to do this, you must know the user and group that your web server runs under. This may be nobody and nobody, apache and apache, or something else. You will want to verify this; it will be listed in your httpd.conf file as the User and Group entries.

# chown -R nobody:nobody /var/www/sqmdata

Finally, we will create a directory to store attachments. This directory is special in that, although the web server should have write access to write the attachments, it should not have read access. We create this directory and assign the correct permissions with the following commands:

# mkdir /var/www/sqmdata/attachments
# chgrp -R nobody /var/www/sqmdata/attachments
# chmod 730 /var/www/sqmdata/attachments

SquirrelMail has now been properly installed. All of the folders have been set up with correct permissions that will secure intermediate files from prying eyes.

If a user aborts a message that contains an uploaded attachment,the attachment file on the web server will not be removed. It is a goodpractice to create a cron job on the server that erases excess files fromthe attachment directory. For example, create a file called remove_orphaned_attachments and place it in the /etc/cron.dailydirectory. Edit the file to have these lines:#!/bin/sh#!/bin/shrm `find /var/www/sqmdata/attachments -atime +2 | grep -v"."| grep -v _`This will run daily and search the SquirrelMail attachments directory forfiles which are orphaned, and delete them.

Linux Email Set up, maintain, and secure a small office email server
Published: November 2009
eBook Price: $26.99
Book Price: $44.99
See more
Select your format and quantity:

Configuring SquirrelMail

SquirrelMail is configured through the config.php file. To aid the configuration, a conf.pl Perl script has also been provided. These files are located within the config/ directory in the base installation directory.

# cd /var/www/html/mail/config
# ./conf.pl

Once you have run this command, you should see the following menu:

Linux E-mail: Providing Webmail Access (Part 2)

To select an item from the menu, enter the appropriate letter or number, followed by the Enter key. As SquirrelMail has been developed, it has been noticed that IMAPservers don't always behave in the same way. To get the most out of your setup, you should tell SquirrelMail which IMAP server you are using. To load a default configuration for your IMAP server, enter the D option and type the name of the IMAP server that you have installed. This article covers the Courier IMAP server, so you should choose that. Press Enter again, and you will return to the main menu.

We will be moving through the various subsections of the menu and configuring the appropriate options.

Type 1 and then press Enter to select the Organization Preferences. You will get a list of items you can change. You may wish to edit the Organization Name, Organization Logo, and Organization Title fields. Once you have modifi ed these to your satisfaction, enter R to return to the main menu.

After this, type 2 to visit the Server Settings. This allows you to set the IMAP server settings. It is important that you update the Domain field to the proper value.

In our case, the Update IMAP Settings and Update SMTP Settings values should be correct. If you would like to use an IMAP or SMTP server that is located on a different machine, you may wish to update these values.

Press R followed by the Enter key to return to the main menu.

Next, type 4 to visit the General Options. You will need to modify two options in this section.

  • Data Directory to be /var/www/sqmdata.
  • Attachment Directory to be /var/www/sqmdata/attachments.
  • Type in R followed by the Enter key to return to the main menu. Enter S followed by the Enter key twice to save the settings to the configuration file. Finally, enter Q followed by the Enter key to exit the configuration application.

We have finished configuring the SquirrelMail settings needed for basic operation. You may return to this script at any time to update any settings you have set. There are many other options to set, including those regarding themes and plugins.

SquirrelMail plugins

Plugins are pieces of software that extend or add functionality to a software package. SquirrelMail was designed from the ground up to be very extensible, and includes a powerful plugin system. Currently, there are over 200 different plugins available on the SquirrelMail website. They may be obtained at http://www.squirrelmail.org/ plugins.php.

The functionality they provide includes administration tools, visual additions, user interface tweaks, security enhancements, and even weather forecasts. In the following section, we will first go over how to install and configure a plugin. After that, we'll go over some useful plugins, what they do, how to install them, and more.

Installing plugins

These SquirrelMail additions were designed to be simple to set up and configure. In fact, the majority of them follow exactly the same installation procedure. However, a few require custom setup instructions. For all plugins, the installation process is as follows:

  1. Download and unpack the plugin.
  2. Perform custom installation if needed.
  3. Enable the plugin in conf.pl.

Example plugin installation

In this section, we will go over the installation of the Compatibility plugin. This plugin is required in order to install plugins created for older versions of SquirrelMail. No matter how bare-bones your installation, the Compatibility plugin will most likely be part of your setup.

Downloading and unpacking the plugin

All available plugins for SquirrelMail are listed on the SquirrelMail website at http://www.squirrelmail.org/ plugins.php.

Certain plugins may require a specific version of SquirrelMail. Verify that you havethis version installed. Once you have located a plugin, download it to the plugins/directory within the SquirrelMail root folder.You may locate the Compatibility plugin by clicking on the Miscellaneous categoryin the plugins page on the SquirrelMail plugins web page. This page has a list ofplugins in the Miscellaneous category. Locate Compatibility and click on Detailsand downloads, and then download the latest version.

 

Linux E-mail: Providing Webmail Access

Download tarball to your SquirrelMail plugin directory.

# cd /var/www/mail/plugins
# wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.
squirrelmail.org%2Fplugins%2Fcompatibility-2.0.14-1.0.tar.gz

Once you have downloaded the plugin to the plugins directory, unpack it using the following command:

# tar zxvf compatibility-2.0.14-1.0.tar.gz

If a plugin of the same name has already been installed, its  files may be overwritten. Verify that you either do not have a plugin of the same name, or save the files before you unpack the tarball.

Performing custom installation

The current version of the Compatibility plugin does not require any additional configuration. However, you should always check the documentation for a plugin, as certain other plugins may require custom installation. Once you have unpacked the plugin package, the installation instructions will be listed in the INSTALL file within the newly created plugin directory. It is advisable to check the installation instructions before enabling the plugin in the configuration manager, as some plugins may require custom configuration.

Enabling the plugin in conf.pl

Within the main menu of the configuration editor, option number 8 is used to configure and enable plugins. Start conf.pl and select option 8.

# cd /var/www/mail/plugins
# cd ../config
# ./conf.pl
SquirrelMail Configuration : Read: config_default.php (1.4.0)
---------------------------------------------------------
Main Menu --
[...]
7. Message of the Day (MOTD)
8. Plugins
9. Database
[...]
Command >>

You should get the following display when you select this option for the first time:

Linux E-mail: Providing Webmail Access

All the plugins that have been installed and enabled are listed under the Installed Plugins list. All the plugins that have been installed but not enabled are listed under the Available Plugins list.

Once you have unpacked a plugin within the plugins/ directory, it will show up under Available Plugins. As you can see in the previous figure, there are a number of installed plugins, but none of them are enabled. As a malfunctioning or wrongly configured plugin can cause SquirrelMail to stop functioning properly, it is advisableto enable plugins one by one, and verify that SquirrelMail works after each one. To enable the Compatibility plugin, locate it in the list Available Plugins (in this case, number 4) and press the Enter key. The Compatibility plugin is now installed. Plugins can be disabled by locating them in the Installed Plugins list and entering their number and pressing Enter.

Useful plugins

We'll now see some useful SquirrelMail plugins that you may consider installing.

The information has been compiled to provide a helpful reference while deciding whether to install a plugin. Each plugin contains four specific categories:

  • C ategory: The category in which the plugin is listed on the SquirrelMail site
  • Authors: Authors who wrote the plugin, in chronological order
  • Description: A short description of the plugin's functionality
  • Requirement: A list of prerequisites for the plugin's successful installation
Linux Email Set up, maintain, and secure a small office email server
Published: November 2009
eBook Price: $26.99
Book Price: $44.99
See more
Select your format and quantity:

Plugin name

Category

Author(s)

Description

Requirement

Compatibility plugin

Miscellaneous

Paul Lesneiwski

This plugin allows any other plugin access to the functions and special variables needed to make it backward (and forward) compatible with most versions of SM in wide use. This eliminates the need for duplication of certain functions throughout many plugins. It also provides functionality that helps in checking whether the plugins have been installed and set up correctly.

Nothing

Secure login

Logging in

Graham Norbury, Paul Lesneiwski

This plugin automatically enables a secure HTTPS/SSL-encrypted connection for the SquirrelMail login page if it hasn't already been requested by the referring hyperlink or bookmark. Optionally, the secure connection can be turned off again after successful login.

SquirrelMail version 1.2.8 or above, HTTPS/SSL-capable web server with encryption already working on your SquirrelMail installation.

HTTP authentication

Logging in

Tyler Akins, Paul Lesniewski

If you keep SquirrelMail behind a password-protected directory on your web server and if PHP has access to the username and password used by the web server, this plugin will bypass the login screen and use that username/password pair.

SquirrelMail >= 1.4.0

Password forget

Logging in

Tyler Akins, Paul Lesneiwski

This plugin provides a workaround for the potential vulnerability of browsers, automatically storing usernames and passwords entered into web pages.

SquirrelMail >= 1.0.1

HTML mail

Compose

Paul Lesneiwski

This plugin allows users with IE 5.5 (and up) and newer Mozilla (Gecko-based browsers such as Firefox) browsers to compose and send their e-mail in HTML format.

SquirrelMail >= 1.4.0

Quick save

Compose

Ray Black III, Paul Lesneiwski

This plugin automatically saves messages as they are being composed, in order to prevent accidental loss of message content due to having browsed away from the compose screen or more serious problems such as browser or computer crashes.

SquirrelMail >= 1.2.9, the Compatibility plugin, JavaScript-capable browser

Check quota usage (v)

Visual additions

Kerem Erkan

This plugin will check and display users' mail quota status.

SquirrelMail 1.4.0+; Compatibility plugin, version 2.0.7+, UNIX, IMAP or cPanel quotas installed and configured

Sent confirmation

Miscellaneous

Paul Lesneiwski

Displays a confirmation message after a message is successfully sent, as well as other features.

SquirrelMail >= 1.2.0, the Compatibility plugin

Timeout user

Miscellaneous

Ray Black III, Paul Lesneiwski

Automatically logs out a user if they are idle for a specified amount of time.

The Compatibility plugin

E-mail footer

Miscellaneous

Ray Black III, Paul Lesneiwski

This plugin automatically appends a custom footer onto the end of messages sent using SquirrelMail.

SquirrelMail >= 1.4.2

Change password

Change password

Tyler Akins, Seth E. Randall

Allows a user to change their password using PAM or Courier authentication modules.

SquirrelMail >= 1.4.0

Address book import-export

Address book

Lewis Bergman, Dustin Anders, Christian Sauer, Tomas Kuliavas

Allows the importing of address books from a CSV (comma separated values) file.

SquirrelMail >= 1.4.4

Plugin updates (v0.7)

Administrator's Relief

Jimmy Conner

Checks for updates to your currently running plugins.

SquirrelMail >= 1.4.2

Many other plugins exist that handle vacation messages, calendars, shared calendars, notes, to-do lists, exchange server integration, bookmarks, weather information, and much more. Check the Plugins section in the SquirrelMail website for all of the available plugins.

Securing SquirrelMail

The SquirrelMail package, in and of itself, is fairly secure. It is well written and does not require JavaScript to function. However, there are a few precautions that may be taken to allow SquirrelMail to run as a secured mail handling solution.

  • Have an SSL connection: By using an SSL connection, you may be certain that all communications will be encrypted, and so usernames, passwords, and confidential data cannot be intercepted during transmission. This may be accomplished through the installation of the Secure Login plugin. Obviously a web server configured for secure SSL access will also be required; certificates will most likely need to be generated or acquired.
  • Time out inactive users: Users may leave themselves logged in and neglect to log out once they are finished. To fight this, inactive users should be logged out after a certain amount of time. The Timeout User plug-in accomplishes this .
  • Fight "Remembered Passwords": Many modern-day browsers offer to remember a user's password. Although a convenience, this may be a large security vulnerability, especially if the user is located at a public terminal. To fight this, install the Password Forget plugin. This plugin will change the names in the username and password input fields, to make it more difficult for a browser to suggest them to future users.
  • Do not install security-compromising plugins: Plugins such as Quick Save, HTML Mail, and View As HTML may compromise security.

Summary

Now that you've finished this article, you should have a working SquirrelMail installation as well as a greater understanding of the benefits and disadvantages of a webmail solution. You should be familiar with the benefits and drawbacks of a webmail solution. The benefits include remote access, a single central point to be maintained, and simpler testing; while disadvantages include potential performance problems and the security risk of allowing remote access from potentially compromised computers.

You are now aware of the main features of SquirrelMail, including its flexibility and the availability of plugins, along with what the prerequisites for installing SquirrelMail are, and how to identify if they are already installed.

You also have learned how to configure SquirrelMail, including locating, installing, and configuring plugins. You have been walked through the installation of a key plugin; the Compatibility plugin. Several other useful plugins have also been introduced. Finally, you have learned about some ways to improve the security of SquirrelMail, including web server confi guration and some appropriate plugins.

About the Author :


Alistair McDonald

Alistair McDonald is a freelance IT consultant based in the UK. He has worked in IT for over 15 years and specializes in C++ and Perl development and IT infrastructure management. He is a strong advocate of open source, and has strong cross-platform skills. He prefers vim over vi, emacs over Xemacs or vim, and bash over ksh or csh.

He is very much a family man and spends as much time as possible with his family enjoying life.

Books From Packt

ModSecurity 2.5
ModSecurity 2.5

FreePBX 2.5 Powerful Telephony Solutions
FreePBX 2.5 Powerful Telephony Solutions

Asterisk 1.4 – the Professional’s Guide
Asterisk 1.4 – the Professional’s Guide

trixbox CE 2.6
trixbox CE 2.6

Cacti 0.8 Network Monitoring
Cacti 0.8 Network Monitoring

Tomcat 6 Developer's Guide
Tomcat 6 Developer's Guide

Apache Maven 2 Effective Implementation
Apache Maven 2 Effective Implementation

Drools JBoss Rules 5.0 Developer's Guide
Drools JBoss Rules 5.0 Developer's Guide

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software