On Friday 24 July 2009 03:53:30 am jdd (kim2) wrote:
Sandy Drobic a écrit :
Too much effort went into security maintenance of squirrelmail. That's why it was dropped in the standard distribution.
ok, I understand, problem there is none in openSUSE :-(
my goal is to be able to use my mail from my own server from anywhere in the world. no more than 3/4 users and no mass mailing.
I used squirell some years ago, it was simple (may be too simple).
Do you think It's possible to manage security himself (I already do this for PmWiki, this need reasonable/manageable update policy for squirell) - the recent breaking of the squirell home web site is a bit threatening :-(
The svn of squirrelmail 1.5 has done very well for me. Just create a self signed certificate for apache and access squirrelmail via https authenticating against a simple dbm database eliminates virtually all of the concerns. Use something like the following for your squirrelmail directory .htaccess: # FollowSymLinks required for rewrite Options +Indexes +FollowSymLinks # http-to-https ssl rewriting using mod_rewrite <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REMOTE_ADDR} !^192\.168\.6\. RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L] </IfModule> You will need to enable mod_rewrite. I have some notes about this setup at: http://www.3111skyline.com/linux/openSuSE-server.php#apache2 The script I use to generate the self-signed certificates is attached. If you set your server info as the "Pre-set" variables in the script, it will run fully automated. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com