headers
Richard Stallmann | 1 Sep 2006 03:28
Picon

Re: Disable Login on localhost altogether

First, Squirrelmail is not the actual mailserver. If one really needs more
security, it is possible to protect the actual mailserver by a password.
Second, I only need squirrelmail on localhost and I am protected by a
firewall. And third, I don't understand why there is no option to disable
the login in the config.php. It could be disabled by default first, but it
should be there. I spent at least 10 hours trying to defeat the login.

> On 8/28/06, Richard Stallmann <WRFan1 <at> gmail.com> wrote:
>
>> It's a pity it's not possible to disable the SQM webinterface login. I
>> don't need it, cause I only need SquirrelMail to write emails on my
>> computer. I set it as my default email programme using the rundll32.exe
>>  url.dll,FileProtocolHandler at
>> HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail.
>> Whenever I click a mailto link, I am redirected to
>> "compose.php?send_to=%1", but then the stupid login restrictions kick
>> in.
>
> The "stupid" login restriction mechanism in SM is intended to disallow
> ANYONE from logging in to your mail account and sending mail, which is
> what it looks like your changes do.  Unless you are restricting access to
> your server in other ways, this is about the most inane thing you could
> ever do.
>
>> The auto login plugins don't work properly, I've tested several. But I
>> think I found a way to disable the login restrictions. Create a file
>> called authentication.php in the src directory and put the following
>> inside:
>>
>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Brian G. Peterson | 1 Sep 2006 04:08
Gravatar

Re: Disable Login on localhost altogether

On Thursday 31 August 2006 20:28, Richard Stallmann wrote:
> First, Squirrelmail is not the actual mailserver. If one really needs
> more security, it is possible to protect the actual mailserver by a
> password. Second, I only need squirrelmail on localhost and I am
> protected by a firewall. And third, I don't understand why there is no
> option to disable the login in the config.php. It could be disabled by
> default first, but it should be there. I spent at least 10 hours trying
> to defeat the login.

Because squirrelmail is designed as a multi-user webmail system, many 
times with tens, hundreds, or over a hundred thousand webmail users in an 
installation.  Giving options to disbale security usually means that 
someone will do so, and then complain about it.  So, we don't give the 
option.  There are already auto-login plugins that do this, that work for 
many people.  When I'm working on localhost, I use a dedicated local 
email client, not squirrelmail as a webmail client, because performance 
is better.

I'm glad to have a solution that works for you.  But don't expect the 
Squirrelmail development community to support an insecure hack.

Cheers,

  - Brian

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tomas Kuliavas | 1 Sep 2006 10:24
Picon
Gravatar

Re: Disable Login on localhost altogether

> It's a pity it's not possible to disable the SQM webinterface login. I
> don't need it, cause I only need SquirrelMail to write emails on my
> computer. I set it as my default email programme using the rundll32.exe
> url.dll,FileProtocolHandler at HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail.
> Whenever I click a mailto link, I am redirected to
> "compose.php?send_to=%1", but then the stupid login restrictions kick in.
> The auto login plugins don't work properly, I've tested several. But I
> think I found a way to disable the login restrictions. Create a file
> called authentication.php in the src directory and put the following
> inside:
>
> <?php
>
> define('SM_PATH','../');
>
> require_once(SM_PATH . 'functions/global.php');
> require_once(SM_PATH . 'functions/strings.php');
>
> $login_username = ''; //set your username (small letters, no spaces!)
> $secretkey = ''; // set your password
> $squirrelmail_language = 'de_DE'; //set your native tongue
>
> $user_is_logged_in = 1;
> $just_logged_in = 1;
> $username = $login_username;
> $key = OneTimePadEncrypt($secretkey);
> $base_uri = sqm_baseuri();
>
> $auto_expire_days  = 86400*366; //set the cookie expiration date in days
> (365 = 1 year)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Daniel Watts | 1 Sep 2006 21:01

Re: script to conver preferences files to mysql

Arnaud Abélard wrote:
> Hello,
> 
> I remember reading a thread about a script to import preferences from 
> flat files to a mysql database.. Even though, I have been looking in the 
> different mailing-list archives i still can't find it.
> 
> Could anyone remind me where that script is located?
> 
> Sorry for the noise,
> 
> AA.

I've written a custom plugin that you can put in place that does 
automatic migration of users.

When they log in it checks their prefs to see if migration has 
completed. If not it ftp's to their account, downloads their .pref .cal 
and .abook files and puts them into the relevant database tables.

Works nicely as it is completely transparent with no downtime visible to 
users.

It is very much custom for our setup but if you want me to send it to 
you just let me know. However, depending on the number of users, you 
might prefer to do a one-off conversion using the above perl script.

Dan

-------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 0 comments |
headers
Steve Brown | 5 Sep 2006 13:57
Picon

Re: [SM-USERS] compatibility plugin for 1.5.1

> Keep in mind that 1.5.1 is a development version, not all plugins work
> with it.  You should try it, but I think it requires Compatibility
> v1.x, which means it won't work until I finish Compatibility plugin
> for 1.5.1.

This is an important point.  1.5.1 is *very* devel at this point and a
*lot* of plugins probably won't work or won't work as expected.
Because of the ongoing templating work many hooks have been moved,
removed or put in different places for the time being.  Most will
probably be restored later on, but no promises. ;-)

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
--
squirrelmail-devel mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-devel <at> lists.sourceforge.net
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.devel
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=7139
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Permalink | Reply | 2 comments |
headers
Tomas Kuliavas | 5 Sep 2006 14:52
Picon
Gravatar

Re: [SM-USERS] compatibility plugin for 1.5.1

>> Keep in mind that 1.5.1 is a development version, not all plugins work
>> with it.  You should try it, but I think it requires Compatibility
>> v1.x, which means it won't work until I finish Compatibility plugin
>> for 1.5.1.
>
> This is an important point.  1.5.1 is *very* devel at this point and a
> *lot* of plugins probably won't work or won't work as expected.
> Because of the ongoing templating work many hooks have been moved,
> removed or put in different places for the time being.  Most will
> probably be restored later on, but no promises. ;-)

I think Paul confused 1.5.2cvs with 1.5.1.

1.5.1 loads compatibility 2.0.4 plugin without any patches. Plugins break
in 1.5.1 only when they depend on some removed sqimap functions or
defunctional right_main.php hooks. There is a possibility that plugin
coded for compatibility 1.x breaks in SquirrelMail 1.5.1, but you can fix
it by disabling compatibility 2.0.4 includes or updating plugin. If plugin
is coded for compatibility 2.0.4 API, it should not break.

Multilogin plugin breaks in 1.5.1, because plugin was created before 1.5.1
release and plugin does not provide patches that activate plugin in 1.5.1.
Provided 1.4.x patches can be applied to 1.5.1 code, but they load
plugin's overrides too early.

1.5.1 code is stable enough, if you can accept newmail, folder caching and
delete-move-next quirks.

1.5.2cvs code is not as stable as 1.5.1 because init changes break lots of
plugins.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Paul Lesniewski | 6 Sep 2006 13:00
Favicon

Re: vlogin plugin broken? (More on the "bad login" issues)

On 7/16/06, Ralf Hildebrandt <Ralf.Hildebrandt <at> charite.de> wrote:
> * Paul Lesniewski <paul <at> squirrelmail.org>:
>
> > Ralf, if the multilogin patch for 1.5.1 is what is the only thing
> > holding you back from 1.5.1, I can try to push that to the top of my
> > list.  Just haven't had much time of late for plugin development, but
> > have a littany of things on that list that I WILL eventually get to,
> > just no timeline as of right now.
>
> I definitely is the biggest problem. Once all our users can in (we
> have 8000 users on courier and 3000 on Exchange), then we can solve
> all the other problems.

Hi Ralf (or anyone else), if you want to try the beta versions of
vlogin/multilogin that work all the way up to 1.5.2cvs now, drop a
line offlist.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
--
squirrelmail-devel mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-devel <at> lists.sourceforge.net
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.devel
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=7139
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
(Continue reading)

Permalink | Reply | 0 comments |
headers
PajaP | 6 Sep 2006 18:18
Picon

Spam Folder

Hi

This has not been replied to in users list so maybe it is more
appropriate here.

Are there any plans to ever include a spam/junk folder in the core
squirrelmail build?

I would find this to be a very welcome addition.

I currently do this myself but have to make hacks to left_main.php,
config.php, and conf.pl (so it does not undo the changes I make to
config.php every time I use it to add a plugin or make other changes)
Also so the spam/junk folder cannot be deleted, renamed etc.

I also have to add my own custom icon to the images folder so it does
not use the default folder icon.

I am also using the junkfolder plugin and have to make a few changes
to this so it works how I like.
Though I could do without this plugin if I made additional hacks to
the source (maybe also in imap_mailbox.php?).

All these changes mean it is quite a lengthy process each time I want
to upgrade my squirrelmail install.

Anyhow if it is not planned to be added I would like to request it is.

Apart from this squirrelmail is an amazing package, especially given
the price ;) Thanks for all your work.
(Continue reading)

Permalink | Reply | 36 comments |
headers
Paul Lesniewski | 6 Sep 2006 18:22
Favicon

Re: Setting $domain correctly

On 5/12/06, Tristan Woudenberg - Prism Mail Solutions <tristan <at> prism.nl> wrote:
> On Fri, May 12, 2006 00:32, Paul Lesniewski wrote:
> > Um, yeah, but what you *really* need to do is tell us what you are
> > actually trying to accomplish (and what form your IMAP usernames are
> > in).  Keep in mind that your IMAP username *must* be kept AS IS
> > because SM can't keep logging into the IMAP server for each page
> > request without that information.  The Vlogin plugin will take most
> > forms of usernames and domains that you can think of and tweak them as
> > necessary to get the user logged in in the most convenient way
> > possible, but after that, the username has to stay static.
>
> Sorry about that, this is for a DirectAdmin server and since they feature
> both normal usernames like "username" and email addresses like
> "username <at> domain.tld" as logins for the imap server I can't get anything
> out of vlogin since I sometimes have to keep the username just like
> "username". Basically I only need the domain name the user is using to
> send mails, and in 99% of the cases that's part of his login name, but for
> some the domain is only in the domain on which he's accessing
> squirrelmail.

Newest release of the vlogin plugin has a setting that allows you to
specify a list of users that should not have the domain pasted on to
their logins.  If the list is long or changes frequently, this is
probably not ideal, but that's what it is at least for now.

-paul

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brian G. Peterson | 6 Sep 2006 18:58
Gravatar

Re: Spam Folder

On Wednesday 06 September 2006 11:18, PajaP wrote:
> Hi
>
> This has not been replied to in users list so maybe it is more
> appropriate here.
>
> Are there any plans to ever include a spam/junk folder in the core
> squirrelmail build?
>
> I would find this to be a very welcome addition.
>
> I currently do this myself but have to make hacks to left_main.php,
> config.php, and conf.pl (so it does not undo the changes I make to
> config.php every time I use it to add a plugin or make other changes)
> Also so the spam/junk folder cannot be deleted, renamed etc.
>
> I also have to add my own custom icon to the images folder so it does
> not use the default folder icon.
>
> I am also using the junkfolder plugin and have to make a few changes
> to this so it works how I like.
> Though I could do without this plugin if I made additional hacks to
> the source (maybe also in imap_mailbox.php?).
>
> All these changes mean it is quite a lengthy process each time I want
> to upgrade my squirrelmail install.
>
> Anyhow if it is not planned to be added I would like to request it is.
>
> Apart from this squirrelmail is an amazing package, especially given
(Continue reading)

Permalink | Reply | 35 comments |

Gmane