You should have a .htaccess in your data dir which keeps prying eyes out.... If you dont, simply make one.... I would not bother with the squirrelmail that comes with SuSE.... Here is what I did ( I run SuSE 9.1 Pro) rm Postfix rm Squirrelmail Go To: http://www.shupp.org/toaster/ And follow those directions.... In no time you will have a fully functional and Secure Email Server / Service In SuSE you'll need to create the /etc/rc.d/init.d dir Jim Butler www.monroetech.net On Wed, 2004-12-08 at 12:02, Cleo wrote:
hi,
the default installation of Squirrelmail in SuSE 9.1 (others versions ?) is not safe.
path installation ---------------- /srv/www/htdocs/squirrelmail/ /srv/www/htdocs/squirrelmail/config/ /srv/www/htdocs/squirrelmail/data/ /srv/www/htdocs/squirrelmail/plugins/ ...
The data directory is under the squirrelmail directory and accessible from a navigator
for example, if you have un login test, you can view the test.pref in http://www.example.com/squirrelmail/data/test.pref also the address book ( test.abook )
in the README.SuSE or INSTALL files, no information to secure the installation.
Solution ( for example ) -------- data directory must be in /var/lib/squirrelmail/data and in config.php
$data_dir = /var/lib/squirrelmail/data/';
the directory permissions
drwxrwx--- 2 root apache /var/lib/squirrelmail/data
Secure others directories ( place config.php and config_local.php file in /etc/squirrelmail for example and create links ) ?
Others solutions ?
Cleo.