Linux E-mail: Providing Webmail Access (Part 2)

In this article series by Alistair McDonald, author of Linux Email, you will learn about the following:

• The benefits and disadvantages of a webmail access solution
• The SquirrelMail webmail package
• Setting up and configuring SquirrelMail
• What SquirrelMail plugins are and what they can do
• How to make SquirrelMail more secure

Read Linux E-mail: Providing Webmail Access (Part 1) here.

Installing SquirrelMail

SquirrelMail may be installed either though a package or directly from source. While no source code compilation takes place in either method, upgrades are made easier using the packages.

Many of the various Linux and Unix distributions include the SquirrelMail package. Install the appropriate package from your distribution to use the binary method. On many Linux distributions, this may be an RPM file that begins with squirrelmail….

However, an updated version of SquirrelMail may not be included or available for your specific distribution.

The following are the advantages of using the version of SquirrelMail provided with a Linux distribution:

• It will be very simple to install SquirrelMail.
• It will require much less configuration as it will be configured to use the standard locations chosen by your Linux distributer.
• Updates will be very easy to apply, and migration issues may be dealt with by the package management system.

The following are the disadvantages of using the version of SquirrelMail provided with a Linux distribution:

• It may not be the latest version. For example, a more recent version that may fix a security vulnerability may have been released, but Linux distributors may not have created a new package yet.
• Sometimes Linux distributions alter packages by applying patches. These patches may affect the operation of the package, and may make getting support or help more difficult.

Source installation

If you do not install SquirrelMail through your distribution, you will need to obtain the appropriate tarball. To do so, visit the SquirrelMail website at http://www.squirrelmail.org , and click download it here. At the time of writing, this link is http://www.squirrelmail.org/download.php

There are two versions available for download, a stable version and a development version. Unless you have specific reasons for choosing otherwise, it is generally best to choose the stable version. Download and save this file to an intermediate location.

$ cd /tmp
$ wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.19.tar.gz

Next, unpack the tarball (.tar.gz) file. You may use the following command:

$ tar xfz squirrelmail-1.4.19.tar.gz

Move the folder just created to your web root folder. This is the directory from which Apache serves pages. In this case, we will assume that /var/www/html is your web root. We will also rename the clumsy squirrelmail-1.4.3a folder to a more simple mail folder. You will need to have superuser root privileges in order to do this on most systems.

# mv squirrelmail-1.4.19 /var/www/html/mail
# cd /var/www/html/mail

Here we have used the name mail, so the URL that users will use will be http://www.sitename.com/mail. You can choose another name, such as webmail,and use that directory name instead of mail in the commands that you enter.

It is also useful and secure to create a data directory for SquirrelMail that is outside the main web root, so that this folder will be inaccessible from the Web.

# mv /var/www/html/mail/data /var/www/sqmdata

It is important to make this newly created folder writable by the web server. To be able to do this, you must know the user and group that your web server runs under. This may be nobody and nobody, apache and apache, or something else. You will want to verify this; it will be listed in your httpd.conf file as the User and Group entries.

# chown -R nobody:nobody /var/www/sqmdata

Finally, we will create a directory to store attachments. This directory is special in that, although the web server should have write access to write the attachments, it should not have read access. We create this directory and assign the correct permissions with the following commands:

# mkdir /var/www/sqmdata/attachments
# chgrp -R nobody /var/www/sqmdata/attachments
# chmod 730 /var/www/sqmdata/attachments

SquirrelMail has now been properly installed. All of the folders have been set up with correct permissions that will secure intermediate files from prying eyes.

If a user aborts a message that contains an uploaded attachment,the attachment file on the web server will not be removed. It is a goodpractice to create a cron job on the server that erases excess files fromthe attachment directory. For example, create a file called remove_orphaned_attachments and place it in the /etc/cron.dailydirectory. Edit the file to have these lines:#!/bin/sh#!/bin/shrm `find /var/www/sqmdata/attachments -atime +2 | grep -v"."| grep -v _`This will run daily and search the SquirrelMail attachments directory forfiles which are orphaned, and delete them.