Email Level Plugin

Hello,

Thanks for the report. I've swapped split with preg_spit and regex with preg_match.

Version updated to 1.0 (essentially no changes other than that)

Admin Level -> Plugin Manager -> select the plugin, enter password, click "Update".

Users will also need to reinstall it (User Level) to have the new version overwrite the existing one.

John
 
Will the new version also work with PHP5.x earlier than 5.3? How about with 4.x?

Sorry, but I'm not an expert on php versions.

Thanks.

Jeff
 
Hi,

I was just pointed here after having trouble installing a roundcube vacation plugin and I am just wondering a few things before I look into installing this plugin.

Our users are never given access to their email settings and they do not have access to the directadmin control panel at their user level. They are only allowed to login to their webmail via a link.

Is it possible to disable the password change feature?

Does the vacation message setup screen show in the webmail program or do they access this in the control panel only?

Thank You
 
Is it possible to disable the password change feature?

What the reason for it? Roundcube can already change email password aswell.. so.. why disable that?

Does the vacation message setup screen show in the webmail program or do they access this in the control panel only?

Never used this plugin, but im about sure that is just via control panel.

Regards
 
We have that feature disabled in roundcube because we don't allow our users to change their password in their email because they are only allowed to change passwords through our website which automatically updates their email password. If they did it in email it would not update the website password and their passwords would not be synced.

Thank you
 
I see your point, maybe, with a bit of edit you can also change the plugin... or.. if you website is "synced" with DA, why dont you use API scripts to set/change/whatever vacation messages?

Regards
 
Hi,

It doesn't seem to work with php 5.4, in the user interface setting page it can't add the domain name into the path and just shows "http://www." in front of the text box. Any help would be appreciated!

Anthony.
 
I really like this, but I was wondering if there is a way to FORCE a user to use https. I have a user with a requirement to meet hipaa requirements. I understand that one of those requirements is the use of encrypted email. If I force HTTPS won't that meet that requirement? The user forgets to use https and logs in to http.
 
I'm not sure what you really like in this thread; it's meandered a bit since it was first opened.

What exactly do you mean about encrypted email?

https is a website protocol. Do you https for a webmail solution? That will most certainly not encrypt email between servers, but only between the webmail server and the local desktop/laptop.

Please be more specific.

Jeff
 
I like the plugin, cool. What I would like is to force HTTPS on the website and have encrypted email as well. While I can use SSL with my IMAP, POP3, and SMTP, I don't really know how the webmail (squirrelmail/roundcube/UBIblahblah) works.

I've been told HIPAA approves SSL for email, I have a user who wants the same but on the website.
 
You can force all flavors of webmail to use secure connections by using .htaccess redirects. Note that you'll need to install a Secure Certificate for your hostname to respond on port port 443. Installing a Certificate to work with DirectAdmin on port 2222 doesn't automatically encrypt traffic on port 443. You can use the same Certificate but you'll need to install it in Apache as well.

If you don't know how to do it, you can get a Certificate installed by me starting at us$45 with installation; email me for more information.

You'll then need to tell all your clients to to get their email using your servername instead of, for example, mail.example.com, to avoid errors.

And while this will encrypt email travelling over the last hop, between your server and your client, it will NOT encrypt email travelling over the Internet, between servers. There's no email protocol for that which I know of; someone correct me if I'm wrong. That generally requires plugins to local mail programs, to encrypt mail as it gets sent, and to decrypt it as it's received.

And unless you can find something available from the publishers of one of the webmail clients you may not even be able to encrypt/decrypt email from within any webmail client; it may be available but I'm not familiar with it.

As far as SSL with IMAP, POP3, and SMTP is concerned, the setting you're thinking of and probably using do NOT encrypt the email itself, only the login handshake. There may very well be a way to protect the transfer of email, but I'm not familiar with it; hopefully someone else is.

As far as HIPAA requirements are concerned, I'd stay far away from offering it myself, the penalties for failure are very expensive. Probably you're better off pointing your clients toward a vendor of HIPAA compliant solutions and avoiding the regulatory headaches.

Security vs ease of use represents a tradeoff you might not want to get involved in unless you're going to specialize in it and climb the learning curve.

Jeff
 
I really like this, but I was wondering if there is a way to FORCE a user to use https. I have a user with a requirement to meet hipaa requirements. I understand that one of those requirements is the use of encrypted email. If I force HTTPS won't that meet that requirement? The user forgets to use https and logs in to http.

You might want to use mod_rewrite to rewrite HTTP to HTTPS.
 
You can force all flavors of webmail to use secure connections by using .htaccess redirects.

Where would I put these redirects. I didn't see anything in public_html for roundcube, squirrelmail, etc.. I'm probably being an idiot, but a little more direction would be awesome. I found some stuff in /var/www/html, but if I put an .htaccess file there, would it work? Do I need any specific permissions? Would the redirect be the same as for those in public_html?


EDIT: I simply added the line: redirect /webmail https://www.example.com/webmail in the DA Custom HTTPD Configurations, and it works like a charm
 
Last edited:
And I've done it in the past in .htaccess at the /var/www/html/webmail level.

Jeff
 
There appears to be a bug in the login process.

If the user IP changes (such as with mobile broadband), they get logged out as $_SESSION['ip'] no longer matches $_SERVER['REMOTE_ADDR'].

However, because $_SESSION['ip'] is not reset/cleared, the user will not be able to log in until they restart their browser or clear session cookies. Unfortunately, there is no error message to the user so they wouldn't be able to tell what happened.

I fixed this by adding a line to clear $_SESSION['ip'] in showLogin()
 
Back
Top