You might want to use mod_rewrite to rewrite HTTP to HTTPS.I really like this, but I was wondering if there is a way to FORCE a user to use https. I have a user with a requirement to meet hipaa requirements. I understand that one of those requirements is the use of encrypted email. If I force HTTPS won't that meet that requirement? The user forgets to use https and logs in to http.
Where would I put these redirects. I didn't see anything in public_html for roundcube, squirrelmail, etc.. I'm probably being an idiot, but a little more direction would be awesome. I found some stuff in /var/www/html, but if I put an .htaccess file there, would it work? Do I need any specific permissions? Would the redirect be the same as for those in public_html?You can force all flavors of webmail to use secure connections by using .htaccess redirects.