Elfodellanotte
Verified User
with php5.3x is not working anymore ...
Email Level Plugin
- Thread starter DirectAdmin Support
- Start date
- Joined
- Feb 27, 2003
- Messages
- 8,500
Hello,
Thanks for the report. I've swapped split with preg_spit and regex with preg_match.
Version updated to 1.0 (essentially no changes other than that)
Admin Level -> Plugin Manager -> select the plugin, enter password, click "Update".
Users will also need to reinstall it (User Level) to have the new version overwrite the existing one.
John
Thanks for the report. I've swapped split with preg_spit and regex with preg_match.
Version updated to 1.0 (essentially no changes other than that)
Admin Level -> Plugin Manager -> select the plugin, enter password, click "Update".
Users will also need to reinstall it (User Level) to have the new version overwrite the existing one.
John
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Will the new version also work with PHP5.x earlier than 5.3? How about with 4.x?
Sorry, but I'm not an expert on php versions.
Thanks.
Jeff
Sorry, but I'm not an expert on php versions.
Thanks.
Jeff
Hi,
I was just pointed here after having trouble installing a roundcube vacation plugin and I am just wondering a few things before I look into installing this plugin.
Our users are never given access to their email settings and they do not have access to the directadmin control panel at their user level. They are only allowed to login to their webmail via a link.
Is it possible to disable the password change feature?
Does the vacation message setup screen show in the webmail program or do they access this in the control panel only?
Thank You
I was just pointed here after having trouble installing a roundcube vacation plugin and I am just wondering a few things before I look into installing this plugin.
Our users are never given access to their email settings and they do not have access to the directadmin control panel at their user level. They are only allowed to login to their webmail via a link.
Is it possible to disable the password change feature?
Does the vacation message setup screen show in the webmail program or do they access this in the control panel only?
Thank You
SeLLeRoNe
Super Moderator
Is it possible to disable the password change feature?
What the reason for it? Roundcube can already change email password aswell.. so.. why disable that?
Does the vacation message setup screen show in the webmail program or do they access this in the control panel only?
Never used this plugin, but im about sure that is just via control panel.
Regards
What the reason for it? Roundcube can already change email password aswell.. so.. why disable that?
Does the vacation message setup screen show in the webmail program or do they access this in the control panel only?
Never used this plugin, but im about sure that is just via control panel.
Regards
We have that feature disabled in roundcube because we don't allow our users to change their password in their email because they are only allowed to change passwords through our website which automatically updates their email password. If they did it in email it would not update the website password and their passwords would not be synced.
Thank you
Thank you
SeLLeRoNe
Super Moderator
I see your point, maybe, with a bit of edit you can also change the plugin... or.. if you website is "synced" with DA, why dont you use API scripts to set/change/whatever vacation messages?
Regards
Regards
- Joined
- Feb 27, 2003
- Messages
- 8,500
Hello,
That's related to this:
http://help.directadmin.com/item.php?id=438
You can simply enable the short_open_tag option in your php.ini.
I've also fixed all php scripts in this plugin, and released it as 1.1.
John
That's related to this:
http://help.directadmin.com/item.php?id=438
You can simply enable the short_open_tag option in your php.ini.
I've also fixed all php scripts in this plugin, and released it as 1.1.
John
donkeyKICK
Verified User
- Joined
- Jul 24, 2007
- Messages
- 393
I really like this, but I was wondering if there is a way to FORCE a user to use https. I have a user with a requirement to meet hipaa requirements. I understand that one of those requirements is the use of encrypted email. If I force HTTPS won't that meet that requirement? The user forgets to use https and logs in to http.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I'm not sure what you really like in this thread; it's meandered a bit since it was first opened.
What exactly do you mean about encrypted email?
https is a website protocol. Do you https for a webmail solution? That will most certainly not encrypt email between servers, but only between the webmail server and the local desktop/laptop.
Please be more specific.
Jeff
What exactly do you mean about encrypted email?
https is a website protocol. Do you https for a webmail solution? That will most certainly not encrypt email between servers, but only between the webmail server and the local desktop/laptop.
Please be more specific.
Jeff
donkeyKICK
Verified User
- Joined
- Jul 24, 2007
- Messages
- 393
I like the plugin, cool. What I would like is to force HTTPS on the website and have encrypted email as well. While I can use SSL with my IMAP, POP3, and SMTP, I don't really know how the webmail (squirrelmail/roundcube/UBIblahblah) works.
I've been told HIPAA approves SSL for email, I have a user who wants the same but on the website.
I've been told HIPAA approves SSL for email, I have a user who wants the same but on the website.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
You can force all flavors of webmail to use secure connections by using .htaccess redirects. Note that you'll need to install a Secure Certificate for your hostname to respond on port port 443. Installing a Certificate to work with DirectAdmin on port 2222 doesn't automatically encrypt traffic on port 443. You can use the same Certificate but you'll need to install it in Apache as well.
If you don't know how to do it, you can get a Certificate installed by me starting at us$45 with installation; email me for more information.
You'll then need to tell all your clients to to get their email using your servername instead of, for example, mail.example.com, to avoid errors.
And while this will encrypt email travelling over the last hop, between your server and your client, it will NOT encrypt email travelling over the Internet, between servers. There's no email protocol for that which I know of; someone correct me if I'm wrong. That generally requires plugins to local mail programs, to encrypt mail as it gets sent, and to decrypt it as it's received.
And unless you can find something available from the publishers of one of the webmail clients you may not even be able to encrypt/decrypt email from within any webmail client; it may be available but I'm not familiar with it.
As far as SSL with IMAP, POP3, and SMTP is concerned, the setting you're thinking of and probably using do NOT encrypt the email itself, only the login handshake. There may very well be a way to protect the transfer of email, but I'm not familiar with it; hopefully someone else is.
As far as HIPAA requirements are concerned, I'd stay far away from offering it myself, the penalties for failure are very expensive. Probably you're better off pointing your clients toward a vendor of HIPAA compliant solutions and avoiding the regulatory headaches.
Security vs ease of use represents a tradeoff you might not want to get involved in unless you're going to specialize in it and climb the learning curve.
Jeff
If you don't know how to do it, you can get a Certificate installed by me starting at us$45 with installation; email me for more information.
You'll then need to tell all your clients to to get their email using your servername instead of, for example, mail.example.com, to avoid errors.
And while this will encrypt email travelling over the last hop, between your server and your client, it will NOT encrypt email travelling over the Internet, between servers. There's no email protocol for that which I know of; someone correct me if I'm wrong. That generally requires plugins to local mail programs, to encrypt mail as it gets sent, and to decrypt it as it's received.
And unless you can find something available from the publishers of one of the webmail clients you may not even be able to encrypt/decrypt email from within any webmail client; it may be available but I'm not familiar with it.
As far as SSL with IMAP, POP3, and SMTP is concerned, the setting you're thinking of and probably using do NOT encrypt the email itself, only the login handshake. There may very well be a way to protect the transfer of email, but I'm not familiar with it; hopefully someone else is.
As far as HIPAA requirements are concerned, I'd stay far away from offering it myself, the penalties for failure are very expensive. Probably you're better off pointing your clients toward a vendor of HIPAA compliant solutions and avoiding the regulatory headaches.
Security vs ease of use represents a tradeoff you might not want to get involved in unless you're going to specialize in it and climb the learning curve.
Jeff
zEitEr
Super Moderator
You might want to use mod_rewrite to rewrite HTTP to HTTPS.
donkeyKICK
Verified User
- Joined
- Jul 24, 2007
- Messages
- 393
Where would I put these redirects. I didn't see anything in public_html for roundcube, squirrelmail, etc.. I'm probably being an idiot, but a little more direction would be awesome. I found some stuff in /var/www/html, but if I put an .htaccess file there, would it work? Do I need any specific permissions? Would the redirect be the same as for those in public_html?
EDIT: I simply added the line: redirect /webmail https://www.example.com/webmail in the DA Custom HTTPD Configurations, and it works like a charm
Last edited:
nobaloney
NoBaloney Internet Svcs - In Memoriam †
And I've done it in the past in .htaccess at the /var/www/html/webmail level.
Jeff
Jeff
donkeyKICK
Verified User
- Joined
- Jul 24, 2007
- Messages
- 393
Not sure how you would do that, can you elaborate a little?
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I don't remember the exact code I used, but I did just now use Google to find this discussion with several examples:
http://aruljohn.com/info/htaccess/
Jeff
http://aruljohn.com/info/htaccess/
Jeff
There appears to be a bug in the login process.
If the user IP changes (such as with mobile broadband), they get logged out as $_SESSION['ip'] no longer matches $_SERVER['REMOTE_ADDR'].
However, because $_SESSION['ip'] is not reset/cleared, the user will not be able to log in until they restart their browser or clear session cookies. Unfortunately, there is no error message to the user so they wouldn't be able to tell what happened.
I fixed this by adding a line to clear $_SESSION['ip'] in showLogin()
If the user IP changes (such as with mobile broadband), they get logged out as $_SESSION['ip'] no longer matches $_SERVER['REMOTE_ADDR'].
However, because $_SESSION['ip'] is not reset/cleared, the user will not be able to log in until they restart their browser or clear session cookies. Unfortunately, there is no error message to the user so they wouldn't be able to tell what happened.
I fixed this by adding a line to clear $_SESSION['ip'] in showLogin()
- Joined
- Feb 27, 2003
- Messages
- 8,500
Thanks, updated to 1.2.
Did it slightly differently, but should have the same effect.
John
Did it slightly differently, but should have the same effect.
John