SquirrelMail Secure Login

It contains a couple of suggestions as well as a reference to a plugin.
Click to expand...
Thanks Jim. I did find references to a plugin earlier, but not where or how. I'm not sure if this is the same reference or not, but I will check it out as soon as their site is back up.

Thanks!
 
I think he means setup the index.php or login.php page (I forget which one) to automatically forward to https. It was one of the recommended solutions from the wiki.
 
I have secure login working and can force an https login on SquirrelMail. This is a report of how I did it as well as a request for comment. The environment is DirectAdmin, FreeBSD 6.0, and SquirrelMail(actually NutsMail, which is a skinned version of SquirrelMail).

1. SSH to /var/www/html/webmail
2. Copy off index.php to index.php.ori (original)
3. Edit index.php
4. Comment out the line that reads:
header('Location: src/login.php');
5. Enter a new one below it that reads:
header('Location: https://<server's main IP address>/webmail/src/login.php');
6. Save file
7. Copy index.php to index.php.new so that you can copy it back if index.php is overwritten during an update.

That's it!
 
IT_Architect said:
I have secure login working and can force an https login on SquirrelMail. This is a report of how I did it as well as a request for comment. The environment is DirectAdmin, FreeBSD 6.0, and SquirrelMail(actually NutsMail, which is a skinned version of SquirrelMail).

1. SSH to /var/www/html/webmail
Click to expand...


Are you talking about squirrelmail or the other? If you are talking about Squirrelmail which i assume you are based on 5) below, then this is not the correct directory to enter

2. Copy off index.php to index.php.ori (original)
3. Edit index.php
4. Comment out the line that reads:
header('Location: src/login.php');
5. Enter a new one below it that reads:
header('Location: https://<server's main IP address>/webmail/src/login.php');
Click to expand...

Im afraid this does not work. https://serversip/webmail/src/login.php is the wrong URL for Squirrelmail. Even if it was. This solution does not work if you click on WEBMAIL from the control panel
 
Are you talking about squirrelmail or the other?
Click to expand...
It's actually NutsMail!, which is skinned SquirrelMail. In fact the files themselves say SquirrelMail Project inside.

I just checked the paths. They are exactly as stated. After you go there, look at the bottom of the index.php file and you will see the redirect. Notice how I commented the original out, and replaced it.

//header('Location: src/login.php');
header('Location: https://<IP or domain name>/webmail/src/login.php');

Even if it was. This solution does not work if you click on WEBMAIL from the control panel
Click to expand...
It works fine, and has since March 2006. If you want, I'll PM you a link to the server and you can try it yourself.

Like I said in my post, this is for FreeBSD 6.0. What are you using?
 
IT_Architect said:
It's actually NutsMail!, which is skinned SquirrelMail. In fact the files themselves say SquirrelMail Project inside.

I just checked the paths. They are exactly as stated. After you go there, look at the bottom of the index.php file and you will see the redirect. Notice how I commented the original out, and replaced it.

//header('Location: src/login.php');
header('Location: https://<IP or domain name>/webmail/src/login.php');

It works fine, and has since March 2006. If you want, I'll PM you a link to the server and you can try it yourself.

Like I said in my post, this is for FreeBSD 6.0. What are you using?
Click to expand...

Im running Freebsd 6.1 but i dont see a problem between the two version.

Let me ask you. you said its working? Have you tried IE? You must be using Firefox or Opera.
 
pucky said:
Im running Freebsd 6.1 but i dont see a problem between the two version.
Click to expand...
I've upgraded to 6.1 also since I posted this.

Let me ask you. you said its working? Have you tried IE? You must be using Firefox or Opera.
Click to expand...
It works fine in all browsers.
 
Nope, doesnt work for me, page not found. Same issue. Same with Ubei even with this change.
 
IT_Architect said:
This has been a long time since this was set up, but when you click on your webmail link, or type http://MyDomain.com/webmail in a browser, what happens?
Click to expand...

Ah i think we are talking about two different things here. Im talking about clicking on the WEBMAIL icon in the control panel when the box is running SSL. Not when you load squirrelmail from an external link. That works fine.

see http://www.directadmin.com/forum/sh...20&highlight=secure squirrelmail&pagenumber=1
 
Last edited:
I guess I don't know what to say. When I log into the control panel I login in secure. When I click on the webmail link, it behaves the same as from the browser since the link is to https://<MyIP>/webmail, and it simply opens in a new browser window.
 
Another option for securing webmail access

I've set up roundcube to be my default webmail client, but this should work for any of them.

I just edited the .htaccess file at
/var/www/html/roundcubemail-0.1.1/.htaccess

and appended the following:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I haven't seen any issues with this approach.
 
You must log in or register to reply here.
Back
Top