SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Here are examples httpd.conf settings for running SquirrelMail under Apache:\n

 Alias /mail/ /var/squirrelmail/bin/

 <Directory /var/squirrelmail/bin/>
    Options MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
 </Directory>

This assumes you have unpackaged SquirrelMail into /var/squirrelmail/bin. In this configuration I have /var/squirrelmail/tmp set as the attachments tmp dir and /var/squirrelmail/data as the preferences directory.

Also, if your server emits the source instead of the actual pages it's likely that the PHP modules haven't been loaded. I noticed in my http*.conf files define checks for HAVE_PHP4 and removed these and restarted the webserver and everything worked perfectly. There is probably a better solution to define HAVE_PHP4 so you don't have to modify config files.

Ryan Snodgrass, 2002-03-18


You may also want to ensure that any connection to the SquirrelMail pages makes use of a secure (SSL) connection. One way is to redirect any connection to your mail directory with the following Apache configuration commands:\n

RewriteEngine  on
RewriteCond    %{REQUEST_URI}   ^/mail.*
RewriteCond    %{SERVER_PORT}  !^443$
RewriteRule    ^/(.*)         https://example.com/$1

Kelly Black, 2003-09-07


I had to use :\n

RewriteEngine  on
RewriteCond    %{REQUEST_URI}   ^/mail.*
RewriteCond    %{SERVER_PORT}  !^443$
RewriteRule . https://example.com%{REQUEST_URI}

Otherwise, it wouldn't work on my Apache setup

David, 2004-05-12


Apache can be configured in a couple different ways to make sure that people don't request files out of the data directory if you are forced to keep it in a web server readable area (see DataAndAttachmentsDirectories).

You can add [<Location>] tags in the Apache config.\n

    <Location /status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    </Location>

You can add [<Files> ] tags in the Apache config or to a .htaccess file.\n

    <Files "*">
    deny from all
    </Files>

Please read the following links for more options:

© 1999-2016 by The SquirrelMail Project Team