You should have a .htaccess in your data dir which keeps prying eyes out.... If you dont, simply make one.... I would not bother with the squirrelmail that comes with SuSE.... Here is what I did ( I run SuSE 9.1 Pro) rm Postfix rm Squirrelmail Go To: http://www.shupp.org/toaster/ And follow those directions.... In no time you will have a fully functional and Secure Email Server / Service In SuSE you'll need to create the /etc/rc.d/init.d dir Jim Butler www.monroetech.net On Wed, 2004-12-08 at 12:02, Cleo wrote:

hi,

the default installation of Squirrelmail in SuSE 9.1 (others versions ?) is not safe.

path installation ---------------- /srv/www/htdocs/squirrelmail/ /srv/www/htdocs/squirrelmail/config/ /srv/www/htdocs/squirrelmail/data/ /srv/www/htdocs/squirrelmail/plugins/ ...

The data directory is under the squirrelmail directory and accessible from a navigator

for example, if you have un login test, you can view the test.pref in http://www.example.com/squirrelmail/data/test.pref also the address book ( test.abook )

in the README.SuSE or INSTALL files, no information to secure the installation.

Solution ( for example ) -------- data directory must be in /var/lib/squirrelmail/data and in config.php

$data_dir = /var/lib/squirrelmail/data/';

the directory permissions

drwxrwx--- 2 root apache /var/lib/squirrelmail/data

Secure others directories ( place config.php and config_local.php file in /etc/squirrelmail for example and create links ) ?

Others solutions ?

Cleo.

Op woensdag 8 december 2004 18:02, schreef Cleo:

hi,

the default installation of Squirrelmail in SuSE 9.1 (others versions ?) is not safe.

How do you know ???? Please send proper info and data about things you tell. Richard