SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Here are examples httpd.conf settings for running SquirrelMail under Apache:

 Alias /mail/ /var/squirrelmail/bin/

 <Directory /var/squirrelmail/bin/>
    Options MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
 </Directory>

This assumes you have unpackaged SquirrelMail into /var/squirrelmail/bin. In this configuration I have /var/squirrelmail/tmp set as the attachments tmp dir and /var/squirrelmail/data as the preferences directory.

Also, if your server emits the source instead of the actual pages it's likely that the PHP modules haven't been loaded. I noticed in my http*.conf files define checks for HAVE_PHP4 and removed these and restarted the webserver and everything worked perfectly. There is probably a better solution to define HAVE_PHP4 so you don't have to modify config files.

Ryan Snodgrass, 2002-03-18


You may also want to ensure that any connection to the SquirrelMail pages makes use of a secure (SSL) connection. One way is to redirect any connection to your mail directory with the following Apache configuration commands:

RewriteEngine  on
RewriteCond    %{REQUEST_URI}   ^/mail.*
RewriteCond    %{SERVER_PORT}  !^443$
RewriteRule    ^/(.*)         https://example.com/$1

Kelly Black, 2003-09-07


I had to use :

RewriteEngine  on
RewriteCond    %{REQUEST_URI}   ^/mail.*
RewriteCond    %{SERVER_PORT}  !^443$
RewriteRule . https://example.com%{REQUEST_URI}

Otherwise, it wouldn't work on my Apache setup

David, 2004-05-12


Apache can be configured in a couple different ways to make sure that people don't request files out of the data directory if you are forced to keep it in a web server readable area (see DataAndAttachmentsDirectories).

You can add [<Location>] tags in the Apache config.

    <Location /status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    </Location>

You can add [<Files> ] tags in the Apache config or to a .htaccess file.

    <Files "*">
    deny from all
    </Files>

Please read the following links for more options:

© 1999-2010 by The SquirrelMail Project Team