« Previous | Next»

Squirrelmail and lighttpd -- An Installation Guide --

Posted by coldtobi | 9 Jan, 2010, 21:57

sm_logo.jpgToday I installed the squirrel on my Thecus. The horde used before -- even if powerful -- was just to slow to make fun. As friends told me that the squirrel is slick and quick -- as its name suggests. (After installation, I can confirm this)

The squirrel -- is a web interface for accessing your mail, written in PHP. It does -- by default -- needs not to have any database. It can access your mail both by IMAP and by POP3.

As my setup is not the regular "Apache" based one, it might make sense to show how it has to be configured with lighttpd as web server.

Lets start.

More...(Assumptions: You have debian installed, and lighttpd is running as web server. It is set up to run PHP scripts. This is not covered here. Well I think, at least I once described installing debian on the Thecus... Please use the search button...)

BTW, I use dovecot as IMAP provider. This one really pretty in terms of configuration and speed. Also its configuration is not explained here.

_ASIP_

After the message from the advertiser, now lets really start:



1. Install the packages squirrelmail

aptitude install squirrelmail

Yes, this is why I love debian that much. One line pulls in everything you need for a program. Nevertheless, there are some optional plugins, which are not installed by default but available via debian packaging system.



2. Configure squirrelmail

The Tool

(Note: In this guide, I will not show every configuration option, just the most important ones. I guess you want to walk through every option by yourself.)

The busy squirrel team supplied a tool for configuration:

squirrelmail-configure

When invoked, it will show you this menu:

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color off
S   Save data
Q   Quit

Command >>

The program is self-explanatory. Just enter the number before the menu and follow the on screen instructions.



Presetting your IMAP Server

Using the tool your squirrel will be ready in no-time.

First, you should apply some settings according your mail server setup. This would be Command "D":

SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
    bincimap    = Binc IMAP server
    courier     = Courier IMAP server
    cyrus       = Cyrus IMAP server
    dovecot     = Dovecot Secure IMAP server
    exchange    = Microsoft Exchange IMAP server
    hmailserver = hMailServer
    macosx      = Mac OS X Mailserver
    mercury32   = Mercury/32
    uw          = University of Washington's IMAP server

    quit        = Do not change anything
Command >>

In my case, I entered "dovecot". The tool confirms what it changed.



"2.   Server Settings"

One important menu is to check "Server Settings". I wrote "check" because the defaults given are usually fine. 

You should confirm if /etc/mailname is correct, containing the right mail domain. (Usually, on a right-setup linux, it will. If not, I suggest you spend a while with the debians installation guide to get it right)

Usually – when your box is setup right – you can use the SMTP (localhost:25) to send out mails. Again, be referenced to some debian documentaion)

Here are the setting I use:

Server Settings

General
-------
1.  Domain                 : trim(implode('', file('/etc/'.(file_exists('/etc/mailname')?'mail':'host').'name')))
2.  Invert Time            : false
3.  Sendmail or SMTP       : SMTP

A.  Update IMAP Settings   : localhost:143 (dovecot)
B.  Update SMTP Settings   : localhost:25
 

 
  Global Address Book

Squirrelmail also allows you to have a global address book, optionally writable by all your users. To use this feature, first you have to enable it via the options in "6.  Address Books".:

Address Books
1.  Change LDAP Servers
2.  Use Javascript Address Book Search          : false
3.  Global file address book                    : /var/lib/squirrelmail/globladrbook/adr.csv
4.  Allow writing into global file address book : true
5.  Allow listing of global file address book   : true
6.  Allowed address book line length            : 2048

R   Return to Main Menu
C   Turn color off
S   Save data

If you have an LDAP, you can use it here. For me LDAP is to way to much (and also read-only), I go with the "global file address book".

To do this, select "3" and enter the file-name including path for the file where the addresses should be stored. 

Now you have to create the path and the file by yourself, adjusting the permissions: (adapt to the paths you're using)

mkdir -p  /var/lib/squirrelmail/
touch /var/lib/squirrelmail/adr.csv
chown root:www-data /var/lib/squirrelmail/
chown www-data:www-data /var/lib/squirrelmail/adr.csv
chmod 0770 /var/lib/squirrelmail/ /var/lib/squirrelmail/adr.csv

Plugins

Squirrelmail has a lots of plugins. Some of them are shipped already with the base version.  Once installed, stop by the configuration option "8" and select everything you like.

Saving & Testing 

If you are done configuring, don't forget to save. After you quit, squirrelmail tells you that you should test your configuration:  

Exiting conf.pl.
You might want to test your configuration by browsing to
http://your-squirrelmail-location/src/configtest.php
Happy SquirrelMailing!

But we are not yet ready: The lighttpd is not set up to serve for the squirrel. 

3. Configure lighttpd

Lighttpd does not yet know that it also should help you reading your mail. This is next.



Open /etc/lighttpd/lighttpd.conf. Maybe around line175, add the (red) section shown below: This will tell the web server to which “directory” it should map the squirrel. (My setup maps the reader to the "http://example.com/squirrel".)
#### handle Debian Policy Manual, Section 11.5. urls
## by default allow them only from localhost
## (This must come last due to #445459)
## Note: =~ "127.0.0.1" works with ipv6 enabled, whereas == "127.0.0.1" doesn't
$HTTP["remoteip"] =~ "127.0.0.1" {
        alias.url += (
                "/doc/" => "/usr/share/doc/",
                "/images/" => "/usr/share/images/"
        )
        $HTTP["url"] =~ "^/doc/|^/images/" {
                dir-listing.activate = "enable"
        }
}

# For squirrelmail
alias.url += ("/squirrel/" => "/usr/share/squirrelmail/" )

Check that out! 

Done? Reload lighty's configuration (invoke-rc.d lighttpd reload) and open up  a browser to check your configuration..  Remember, it told us to load http://your-squirrelmail-location/src/configtest.php.

Maybe it finds some non-perfect PHP setting,  some tweaks, etc. The page is very verbatim, so fixing them should be not a problem. (I had to switch off two fetures in /etc/php5/cgi/php.ini)



But eventually, you will see 

Congratulations, your SquirrelMail setup looks fine to me!

and can start using your squirrel.

 

Follow Up: Fixing htaccess for lighttpd 

Unfortunatly, lighttpd does not support .htaccess files. Squirrelmail does not depend on the support of these files, but protects source code files from being served by the web server. Even if squirrelsmail's developer are comortable with this (see quote), I'd prefer not to serve these files. 

Only a small subset of the SquirrelMail source code needs to be directly accessible to users' browsers. The rest of the source code is used internally by SquirrelMail. Leaving the entire source tree open to outside access is not a problem or vulnerability, but some attackers have been known to snoop for old versions of SquirrelMail by trying to inspect things such as the ChangeLog file. If you want to employ the maximum level of protection against snoops and would-be attackers, you can make use of the .htaccess files that come with the SquirrelMail source code by adding "AllowOverride AuthConfig" to the Directory settings for SquirrelMail in your Apache configuration file (if using the Apache web server), or you can use the Directory settings suggested in the Apache configuration section below.

[Quoted from here]

In an follow up article, I will describe how you simulate the .htaccess with lighttpd's mod_access -- at least the "Deny from All" rule. 

So lets close for today with a word from the advertiser 

_ASIP_

 

Update: 

The follow up is now online.

Linux / Debian, Tips and Tricks, Thecus N2100 | Comments (0) | Trackbacks (0)

Related Articles:

0 Comments | "Squirrelmail and lighttpd -- An Installation Guide --" »

Add comment

Add comment
 

 This is the ReCaptcha Plugin for Lifetype

Due to German legislation, all comments are moderated. If you get NO error message, your comment is accepted by the system and will be released at the earliest opportunity. Sorry for the inconvenience this might cause.

Inappropiate comments might be edited or not accepted.