l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Nov 27 16:34

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
SquirrelMail (was Re: [vox] Mean to Linux... Mean to OpenSource... :-/)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SquirrelMail (was Re: [vox] Mean to Linux... Mean to OpenSource... :-/)

Matthew Johnson said:
> On Wed, 2002-11-27 at 14:55, Peter Jay Salzman wrote:
>> not that i use squirrel mail (i'm not even sure i know what it is.
>> it's a mail client?), but i'm curious.  if you have the time, can you
>> post what happened?
>> pete
> Go here:
> http://www.psychohorse.com/squirrelmail to see it, well to see its login
> page :). I have a self signed SSL cert, so just ignore that. You're not
> going to see much though, but its a really quite nifty webmail program
> that is easy to use and has a lot of features.
> http://www.squirrelmail.org is the main page.
> Matt

As another user pointed out, that version has holes.

As another point, I also use squirrelmail. I also use SSL to hid my sm in
another layer of security. One thing that is different: I used
web-authentication within apache to disallow public access.

Reasons for moving to use mutt on command line over pine (it handles gpg
better IMO).

Reason for using SquirrelMail:
I work on a campus and am a student. I visit labs. I frequently am not
able to always lug my own computer around everywhere so I can ssh from a
trusted machine to my server located in in SoCal. For this, I was at a
loss. No mail for me. DREK and DREAD!

So, I looked into SM. It allowed me to use my web server, and hide my
connection behind SSL. It used php (which made me feel less than
comfortable with it), but I could add an extra layer of web authentication
to the user before they even get to the SM login. Since basic auth passd
over SSL, I did not need to worry so much about play-back attacks or
base64 decoding of the user/pass info. (I would still need to worry about
keyboard wedes and key-sequance grabbers from untrusted machines.)

Also, SM permitted me to use a separate password file! This is something
that is often disliked by people who want password syncing, but I wanted
the reverse! I wanted a password that was just for SM that was not the
same as my shell password.

This leaves me in a good state. I can use SM to check and reply to mail
from public machines.

If someone should steal both password with a key-sequence grabber, then
they only have access to SM , my saved mail, and access to send mail from
me. These are all risks that are worth it for me - so long as my ssh/shell
password/kephrases are not used/entered from untrusted machines.

SM is very nice. I am just not testing out the many plugins that it
offers. Calendar system! for planning events! very very cool stuff
built-into it.
(LDAP searches, Spamcop plugin (have not tried yet) filters (have not
tried) spell checker (have not tried yet.



vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.