hi, the default installation of Squirrelmail in SuSE 9.1 (others versions ?) is not safe. path installation ---------------- /srv/www/htdocs/squirrelmail/ /srv/www/htdocs/squirrelmail/config/ /srv/www/htdocs/squirrelmail/data/ /srv/www/htdocs/squirrelmail/plugins/ ... The data directory is under the squirrelmail directory and accessible from a navigator for example, if you have un login test, you can view the test.pref in http://www.example.com/squirrelmail/data/test.pref also the address book ( test.abook ) in the README.SuSE or INSTALL files, no information to secure the installation. Solution ( for example ) -------- data directory must be in /var/lib/squirrelmail/data and in config.php $data_dir = /var/lib/squirrelmail/data/'; the directory permissions drwxrwx--- 2 root apache /var/lib/squirrelmail/data Secure others directories ( place config.php and config_local.php file in /etc/squirrelmail for example and create links ) ? Others solutions ? Cleo.