previous  next

Setting up Squirrelmail on a Debian server


March 10, 2009

At times it may seem like overkill to have your own webmail set-up. But if you are uncomfortable with others peering at your mail and then thrusting ads in front of your face, this is the way to go.

Of course, one can always argue, if you have nothing to hide, why are you bothered about others reading your mail? To that I would answer, I like my privacy.

Setting up Squirrelmail is not difficult - you have standards-compliant world-class software for every single step. Most of what I have written below is taken from this guide.

I used Postfix, a mail transfer agent written by well-known free software hacker Wietse Venema. It is not the default on Debian but can be easily installed.

Other software used: Dovecot is a pop3 and imap server; SquirrelMail is a webmail package and SASL is used for secure authentication

On Debian, you can install software pretty easily:

apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules

Answer the installation questions for postfix and remember that you can always add more options manually. The main configuration file for postfix is /etc/postfix/main.cf and all you have to do after adding options is to restart the service:

postfix reload

Next install dovecot:

apt-get install dovecot-imapd dovecot-pop3d dovecot-common

Edit the dovecot configuration file:

#  specify protocols = imap imaps pop3 pop3s
protocols = pop3 imap

#  uncomment this and change to no.

disable_plaintext_auth = no

pop3_uidl_format = %08Xu%08Xv


Now, create a user to test the pop3 mail with outlook:

# adduser user_name

Restart Dovecot using the following command:

# /etc/init.d/dovecot restart

Test mail from the command line as under (bold lines are mine, the rest are responses from the server):

sam@zizyphus:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 zizyphus.gnubies.com ESMTP Exim 4.69 Thu, 11 Dec 2008 23:12:45 +1100
HELO zizyphus.gnubies.com

250 zizyphus.gnubies.com Hello sam at localhost [127.0.0.1]
MAIL From:xxx@gnubies.com

250 OK
RCPT To:xxx@gnubies.com

250 Accepted
DATA

354 Enter message, ending with "." on a line by itself
Hello there. This is a test message
.

250 OK id=1LAkQT-0000sj-8v
QUIT

221 zizyphus.gnubies.com closing connection
Connection closed by foreign host

Configure SASL authentication with TLS

SASL Configuration + TLS (Simple authentication security layer with transport layer security) is used mainly to authenticate users before sending email to an external server, thus restricting access. If you allow everyone to relay, then you would be a prime candidate for spam senders.

SMTP authentication is set using postfix and dovecot.
Edit the postfix configuration file /etc/postfix/main.cf and enter the few lines to enable authentication of users

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = yourdomain.com

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous


Postfix runs in a chroot jail so it can't communicate with saslauthd.

# rm -r /var/run/saslauthd/
# mkdir -p /var/spool/postfix/var/run/saslauthd
# ln -s /var/spool/postfix/var/run/saslauthd /var/run
# chgrp sasl /var/spool/postfix/var/run/saslauthd
# adduser postfix sasl

On the Dovecot side one has to specify the dovecot authentication daemon socket:

Edit /etc/dovecot/dovecot.conf
Look for the line that starts with auth default, before that insert the lines below:

auth default {

mechanisms = plain login

passdb pam {

}

userdb passwd {

}

socket listen {

client {

path = /var/spool/postfix/private/auth

mode = 0660

user = postfix

group = postfix

}

}

}


Restart components of the mail server:

# /etc/init.d/saslauthd restart
# /etc/init.d/postfix restart

# /etc/init.d/dovecot restart

Installing SquirrelMail

First install apache2 with php support

# apt-get install apache2
# apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi
# apt-get install squirrelmail

The SquirrelMail configuration file is located in /etc/squirrelmail/.

#  /usr/sbin/squirrelmail-configure

Edit the apache configuration file /etc/apache2/apache2.conf and insert the following line

Include /etc/squirrelmail/apache.conf

Restart the webserver using the following command

# /etc/init.d/apache2 restart

Access your webmail using the following link

https://yourdomain or server ip/squirrelmail

Secure connection for Squirrelmail

You need to generate a certificate and a key:

mod-ssl-makecert

Add the following to the apache.conf file for SquirrelMail:

vim /etc/squirrelmail/apache.conf

Add the following:

#<VirtualHost ex.ter.nal.ip:443#>
#<IfModule mod_ssl.c#>

DocumentRoot /usr/share/squirrelmail
ServerName #<your_fqdn#>
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
#</IfModule#>
#</VirtualHost#>

You need to add the following in the apache ports.conf file:

Listen: ex.ter.nal.ip:80
Listen: ex.ter.nal.ip: 443


Restart apache:

#  /etc/init.d/apache2 restart

Then test and see if apache is listening on port 443:

netstat -na | less

Or you can use this command:

openssl s_connect -client # <your_server_ip:443# >

You can log into your Squirrelmail by going to https://your.fqdn/squirrelmail

Contact me (remove the nospam before emailing).

previous next