Re: SquirrelMail (was Re: [vox] Mean to Linux... Mean to OpenSource... :
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SquirrelMail (was Re: [vox] Mean to Linux... Mean to OpenSource... :-/)
> Matthew Johnson said:
>> On Wed, 2002-11-27 at 14:55, Peter Jay Salzman wrote:
>>> not that i use squirrel mail (i'm not even sure i know what it is.
>>> it's a mail client?), but i'm curious. if you have the time, can you
>>> post what happened?
>> Go here:
>> http://www.psychohorse.com/squirrelmail to see it, well to see its
>> login page :). I have a self signed SSL cert, so just ignore that.
>> You're not going to see much though, but its a really quite nifty
>> webmail program that is easy to use and has a lot of features.
>> http://www.squirrelmail.org is the main page.
> As another user pointed out, that version has holes.
> As another point, I also use squirrelmail. I also use SSL to hid my sm
> in another layer of security. One thing that is different: I used
> web-authentication within apache to disallow public access.
> Reasons for moving to use mutt on command line over pine (it handles gpg
> better IMO).
> Reason for using SquirrelMail:
> I work on a campus and am a student. I visit labs. I frequently am not
> able to always lug my own computer around everywhere so I can ssh from a
> trusted machine to my server located in in SoCal. For this, I was at a
> loss. No mail for me. DREK and DREAD!
> So, I looked into SM. It allowed me to use my web server, and hide my
> connection behind SSL. It used php (which made me feel less than
> comfortable with it), but I could add an extra layer of web
> authentication to the user before they even get to the SM login. Since
> basic auth passd over SSL, I did not need to worry so much about
> play-back attacks or base64 decoding of the user/pass info. (I would
> still need to worry about keyboard wedes and key-sequance grabbers from
> untrusted machines.)
> Also, SM permitted me to use a separate password file! This is something
> that is often disliked by people who want password syncing, but I wanted
> the reverse! I wanted a password that was just for SM that was not the
> same as my shell password.
> This leaves me in a good state. I can use SM to check and reply to mail
> from public machines.
> If someone should steal both password with a key-sequence grabber, then
> they only have access to SM , my saved mail, and access to send mail
> from me. These are all risks that are worth it for me - so long as my
> ssh/shell password/kephrases are not used/entered from untrusted
> SM is very nice. I am just not testing out the many plugins that it
> offers. Calendar system! for planning events! very very cool stuff
> built-into it.
> (LDAP searches, Spamcop plugin (have not tried yet) filters (have not
> tried) spell checker (have not tried yet.
Sorry to reply to self, but:
SM is something best suited for "real web servers" that are "available to
By "real web servers", in this case, I mean server with a static address
*or* a DDNS entry that is updated as the IP of the server changes.
SM works with php through a web server. If you dont have a web server
running, then SM is not much use on your server.
SM requires some sort of MTA/delivery system.
SM can use ldap to get mail.
If you set up your own mail server and have your own web server and your
own imap server, you can add SM into the mix too.
(For the most part, this is not a mail client that you "run" in the
conventional sence like mutt or pine or netscape mail. This is a service.)
vox mailing list