Email Connections - Settings

I am using a script that serves as my home office online . . .
I have everything working correctly and all of my tests are showing proper configuration now, as follows:

I am using a cutsom php5 install.

The only problem I seem to be having is the mail setup. Which is why I am posting. In the setup of the software, there are settings for mail that I dont understand. Can someone please tell me what to use in the fields for dreamhost? (This creates the config.php file)

Then in the software, I have the following email account setup information to plug in:

Please help . . . I really need this up and running. I would really like to use IMAP, so if people are using thunderbird or outlook, they can still use the remote email from anywhere.

So bad at this I’m going CRAZY, with worry.

Bump . . . Sorry about bumping this, but I am really needing to resolve.

So bad at this I’m going CRAZY, with worry.

It is likely that no one has answered you because they are not using Group-Office :wink: . From their website, I see that the software is available in a commercial and a community edition; which version are you using? Since no one has answered, I’ll try to help.

From a quick look at the documentation on the site, and having been around DreamHost for quite a while, I’m willing to take a shot at answering some of your questions

[color=#CC0000]Disclaimer[/color]: I have not installed this software on Dreamhost, and should you choose to rely on any of my answers, you do so oat your own risk. While it is likely that the worst that could happen as a result of attempting to configure this software with the information I provide is that it won’t work, it is possible that this software could crash your computer, kill your dog, rape your cat, and cause you all kinds of grief - if it does anything “bad” at all, I won’t be responsible. My advice is worth exactly what you have paid for it! :wink: .

That said:

Those settings look generally ok with one major exception. Please, for your own sake and for the safety of others sharing your server, DO NOT run this (or, for that matter, ANY PHP software with Register_Globals enabled. Since you have a custom PHP install, it should be trivial for you to remedy this; Group-Office should run fine with Register_Globals "off. If it doesn’t, please don’t run it on a Dreamhost shared server.

Here is what I recommend trying for these settings:

[quote]Group-Office has the ability to send and receive e-mail. Please configure your SMTP server.
Leave this blank use the php mail() function but then you won’t be able use CC and BCC headers![/quote]
This is fairly standard for many PHP applications that send mail. What the instructions appear to be trying to tell you (the English is pretty bad!) is that you can configure the system several different ways, depending upon what you set the “Mailer” to be.

You did not indicate whether you have complied your custom PHP with IMAP extension or not, but note that you will need to do so to use IMAP (recommended by the Group-Office docs). In light of that, I’ll only address the simplest setup here.

If you set the mailer choice to be PHP(Mail) Function, you DO NOT need to configure the following SMTP settings (SMTP server, SMTP port, SMTP username, and SMTP password). By using this choice, you won’t be able use CC and BCC headers in mail handled by the system). To use this set-up, which is the simplest, just choose the PHP(Mail) Function for the “Mailer” choice. Note that you need to set a maximum size for attachments (it must be less than the value specified for what “Current PHP configuration allows” shows. Once these things are done, you are done configuring this section.

I can’t answer all these for you (I don’t know if you have IMAP available in your PHP5 installation), but you likely will be able to get it to work as follows:

Name: The Name you want to display for the email user
E-mail: Your email address (assuming something@yourdomain.tld - your DreamHost account where you are running this software)
Type: (choices are IMAP / POP3) - POP3 should work, though that and IMAP depend upon your PHP compilation)
(Select Box) SSL - unless you have an dedicated IP and a certificate installed on DH do not check this
(Select Box) Don’t validate certificate - only relevant if the SSL box is selected

Port: 110 (for POP3)
Root mailbox: this is likely your default Dreamhost email user account you plan to use for this system -

Username: that root email account’s user name
Password: and it’s password

Signature: Optional signature to be appended to email messages
(Select Box)Automatically check this account for new mail. - that is just a matter of preference.

A couple of thoughts here:

Depending upon how many users you plan to support on this system, IMAP could be problematic in terms of inbox size and disk storage accumulation for email. Frankly, for this type of a system I would recommend POP3, but YMMV. By jusdicious and managed use of the “Leave mail on server” settings in Thunderbird and MS*FT products, people can still effectively use the remote email from anywhere - they just have to plan a little differently. :wink:

You might also want to take a careful read through the documentation at the provider’s website - there are 8weveral* configuration issues that should be checked (Here, for example).

I don’t know if any of this of useful at all, but I wanted to try to give what help I could. IF you are using the “Professional” version of the software, support should be available from the vendor. I also think you are likely to get valuable help from the vendor’s community forum. DH is a “large” host, it is likely that someone in those forums has 'already done it here" or, if not, has done it on other shared hosts and, being familiar with Group-Office, can be of better help than I. :wink:

Good Luck!


Thanks for this info . . . I did not know and I had it “ON” as per the softwares instructions . . . It is now off for the sake of all who are on the server. I am curious though, Dreamhost as recently added the ability to set globals to “On” . . . does that not mean that is is now safe? Just curious!

I am trying your suggestions now, Thanks for all of the help.

So bad at this I’m going CRAZY, with worry.

You are welcome, and I hope that some of what I suggested turns out to be helpful! :slight_smile:

Dreamhost’s default installations of PHP4 (both PHP-CGI and mod_php) were set up with register_globals enabled. This did create a degree of risk, but apparently was deemed necessary to facilitate much of the older PHP software that required it.

As PHP matured, and with the release of PHP5 (which ships with register_globals “off” by default), DH implemented PHP5 with register_globals disabled (which is safer than with it enabled). Modern “quality” PHP software does not require register_globals to be enabled, and with the upcoming PHP6, it will not even be an option.

DreamHost has always given users a lot of freedom to compile and use PHP as you see fit (this is not “new”), but with that comes the responsibility to know what is involved and be able to identify and mitigate risks - at times, that is very hard to do with software that you did not write (and maybe more so for code you did write, depending upon your expertise and knowledge of security related programming issues.) Just because you are “allowed” to do something does not mean it is a good idea. How “safe” anything is depends a lot upon the expertise of the person using it; you can buy a monster motorcycle, but that doesn’t mean it is safe for you to tear around the streets on it unless/until you know how to handle it safely! :wink:

The risks associated with the use of register globals enabled varies, to a degree, with the quality of the code used and the care with which the programmer(s) coded defensively. There is a lot of discussion of the risks inherent in PHP in general, and register_globals in particular, on the web…and at times the discussion almost takes on the nature of a "Holy War ™. As noted in the PHP documentation regarding security and Register Globals, “keep in mind that the directive itself isn’t insecure but rather it’s the misuse of it.” The problem is that is is often hard to discern if it is being misused. :wink:

A consensus seems to be forming that register_globals “on” is a “Bad Thing™”; PHP itself is abandoning it, and most modern software does not require it (some even builds in checks to detect it, and warns you if register_globals is enabled - like Group-Office!).

There is a good article in the DH WIki about register globals and the risk they present to web applications.

Now that I’ve rambled on with the “long version”, here’s the “short version”:

Register_globals enabled is a needlessly unsafe condition and should almost always be avoided on a shared host.


**Edited to add a link to the discussion of security regarding register globals.