l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Nov 27 16:34

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
SquirrelMail (was Re: [vox] Mean to Linux... Mean to OpenSource... :-/)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SquirrelMail (was Re: [vox] Mean to Linux... Mean to OpenSource... :-/)



Matthew Johnson said:
> On Wed, 2002-11-27 at 14:55, Peter Jay Salzman wrote:
>> not that i use squirrel mail (i'm not even sure i know what it is.
>> it's a mail client?), but i'm curious.  if you have the time, can you
>> post what happened?
>>
>> pete
>
> Go here:
>
> http://www.psychohorse.com/squirrelmail to see it, well to see its login
> page :). I have a self signed SSL cert, so just ignore that. You're not
> going to see much though, but its a really quite nifty webmail program
> that is easy to use and has a lot of features.
>
> http://www.squirrelmail.org is the main page.
>
> Matt

As another user pointed out, that version has holes.

As another point, I also use squirrelmail. I also use SSL to hid my sm in
another layer of security. One thing that is different: I used
web-authentication within apache to disallow public access.

Reasons for moving to use mutt on command line over pine (it handles gpg
better IMO).

Reason for using SquirrelMail:
I work on a campus and am a student. I visit labs. I frequently am not
able to always lug my own computer around everywhere so I can ssh from a
trusted machine to my server located in in SoCal. For this, I was at a
loss. No mail for me. DREK and DREAD!

So, I looked into SM. It allowed me to use my web server, and hide my
connection behind SSL. It used php (which made me feel less than
comfortable with it), but I could add an extra layer of web authentication
to the user before they even get to the SM login. Since basic auth passd
over SSL, I did not need to worry so much about play-back attacks or
base64 decoding of the user/pass info. (I would still need to worry about
keyboard wedes and key-sequance grabbers from untrusted machines.)

Also, SM permitted me to use a separate password file! This is something
that is often disliked by people who want password syncing, but I wanted
the reverse! I wanted a password that was just for SM that was not the
same as my shell password.

This leaves me in a good state. I can use SM to check and reply to mail
from public machines.

If someone should steal both password with a key-sequence grabber, then
they only have access to SM , my saved mail, and access to send mail from
me. These are all risks that are worth it for me - so long as my ssh/shell
password/kephrases are not used/entered from untrusted machines.

SM is very nice. I am just not testing out the many plugins that it
offers. Calendar system! for planning events! very very cool stuff
built-into it.
(LDAP searches, Spamcop plugin (have not tried yet) filters (have not
tried) spell checker (have not tried yet.

-ME


-ME



_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.