Installing SquirrelMail

#1

I’m attempting a custom install of SquirrelMail and I have a few questions. I have a subdomain but according to the “Installing your own SquirrelMail” (http://wiki.dreamhost.com/Installing_your_own_SquirrelMail) wiki article you can set the domain to your main domain (instead of sub.domain.com, just domain.com). I’m trying this but it doesn’t seem to be working. I think my setting are correct but when I try to log in I get a message

“Error opening …/data/default_pref
Could not create initial preference file!
/var/local/squirrelmail/data/ should be writable by user user
Please contact your system administrator and report this error.”

I’m trying to use the account that I’ve already setup and been using for a while. Do I have to create a brand new account or do I have to use the subdomain? Anybody know what I’m doing wrong?

#2

First of all make sure $data_dir and $attachment_dir are set properly. They should be full paths with a trailing slash to directories that are not web accessible. E.G. “/home/username/squirrelmail/data/” and “/home/username/squirrelmail/attachments/”

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7

#3

So should I create new directories in my SquirrleMail directory (there is already a data directory) or should I just point it to Maildir. Also, when you say it shouldn’t be web accessible do you mean it needs to be in a certain location or that I need to set the permissions (I’m guessing both)? What would be the correct permissions (755)?

#4

So I set $data_dir to the data folder in my sub.domain.com (the data folder that is in the SquirrelMail install) and created an attach folder that I set $attachment_dir to. I set the directories to 755. Is that all right or is there other permissions that would be more appropriate? My SquirrelMail install seems to be working now. I’m getting email from my domain.com.

I do have another problems now… I tried to send email and I get a message

“Message not sent. Server replied:
0 Can’t open SMTP stream.”

Anybody have any ideas? Never mind… I figured out that you have to turn off Secure SMTP (TLS).

Here are my SquirrelMail server settings (minus the personal info):

  1. Domain : domain.com
  2. Invert Time : false
  3. Sendmail or SMTP : SMTP

IMAP Settings

  1. IMAP Server : mail.domain.com
  2. IMAP Port : 993
  3. Authentication type : login
  4. Secure IMAP (TLS) : true
  5. Server software : other
  6. Delimiter : detect

SMTP Settings

  1. SMTP Server : mail.domain.com
  2. SMTP Port : 587
  3. POP before SMTP : false
  4. SMTP Authentication : login (with IMAP username and password)
  5. Secure SMTP (TLS) : true

By the way… I am going to update the “Installing SquirrelMail” wiki page. It’s a little vague on the details.

#5

Yes, it needs to be in another location! Remember when setting up the hosting you are asked for the Web Directory. Usually this is /home/username/hostname where hostname is the domain or subdomain. Anything inside this directory is “web accessible” by default unless you take other measures - some of which are not guaranteed to always be in effect (like permissions and .htaccess files). This goes for symlinks and using the Remap Sub-dir option too.

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7

#6

Can you recommend where I can put the data and attach folder and what permissions to apply. Should I just create a directory outside my subdomain directories?

I’ve been updating the SquirrelMail install page http://wiki.dreamhost.com/Installing_your_own_SquirrelMail. I’m a novice so I’m not sure if everything I’ve documented is correct. (It’s working for me now so it can’t be all wrong.) Please take a look at it and fix anything that needs fixing.

#7

I’ve already said where - /home/username/squirrelmail/data and /home/username/squirrelmail/attachments

As for permissions - given that you are running PHP-CGI - I suggest 600 (user: read/write)

The web site is run by what is called the web server. The web server is software that takes a request involving a url-path. The url-path is the part of a URL after the hostname and port, but not including the query string.

So far example in “http://example.com/path?query” then “/path” is the url-path.

The web server will attempt to match /path to special rules, and if it does not match special rules, then to a file or directory on the file system.

The web server software is given a “document root” directory at which it starts looking for files and directories. For example if the document root is /home/username/example.com/ then the URL http://example.com/path/filename will match the file /home/username/example.com/path/filename

  • The document root does not have to be named after the hostname; it could be public_html or www as is the convention with other web hosts or server software, or anything you want

  • DreamHost Web Panel calls the document root the “Web Directory”

  • Special rules include things like Alias, mod_rewrite, and other web server directives that depend on the value of the url-path.

  • Remap Sub-dir is the DreamHost name for Alias, which allows you to point certain types of url-paths to file system directories not relative to the document root.

  • Symlinks are filesystem pointers that can be used to point to files or directories that are also not relative to the document root.

Having said that, naturally you do not want sensitive data to be accessible from a document root or a directory or file that is subject to Alias and symlinks. That is because by default there is nothing to prevent the sensitive data from being downloadable by anyone. You have to specifically setup something else to protect the data. It’s easier to stick it somewhere safe instead.

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7

#8

Got it. The 600 permissions did not work. I ended up getting an error when I tried to log in. I went with 730 (this is recommended in the configuration setup). It seems to work fine. I’m a little shaky on the permissions but as I understand it 730 means the owner has full access, the group can write and execute and others are locked out. Would this work fine?

#9

Yeah, my mistake - shouldn’t use 6xx on a directory. The zero on the end is the most important, it prevents other users from accessing the directory or file.

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7