Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Enable encrypted SquirrelMail on Server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Enable encrypted SquirrelMail on Server
Authored by: jelockwood on Jul 01, '05 01:12:58PM

I am not sure I am seeing much use for this tip.

As far as I can see it merely encrypts the password sent from Squirrelmail to the IMAP server. However I would expect in most cases (certainly in my own case) both Squirrelmail and my IMAP server are on the same server and therefore this traffic does not go across the Internet. In any case, the user still has to type their password in to a web-browser and have THAT sent across the Internet to Squirrelmail, and with this tip THAT aspect is still completely unencrypted.

As aamann said, really the only way to fully secure this is to use SSL encryption for the entire Squirrelmail system.

This tip might be of use for those people who's IMAP server insists on an encrypted password but they should still be aware of these other issues.



[ Reply to This | # ]
10.4: Enable encrypted SquirrelMail on Server
Authored by: stingerman on Jul 01, '05 05:17:05PM

Use the VPN service and only allow access via the private network.



[ Reply to This | # ]
10.4: Enable encrypted SquirrelMail on Server
Authored by: aaulich on Jul 02, '05 04:21:24AM

Hello,

exactly, telling squirrelmail to use CRAM-MD5 is not of much use as the password you enter in the login screen is sent in cleartext through the net.

Use SSL with your website instead. You can also set up a redirect from http://example.com/webmail to https://example.com/webmail to make sure you don't use an insecure connection by accident. Or you just disable webmail for the http:// version of your site.

What ever you choose to do, SSL is the key to secure webmail access

Cheers, Andre

[ Reply to This | # ]
10.4: Enable encrypted SquirrelMail on Server
Authored by: overrider on Jul 03, '05 09:08:08PM

hey. well the only use of this hint is for those who wonder : why cant i get squirrelmail to work without having to use PLAIN passwords? no more than that.



[ Reply to This | # ]
10.4: Enable encrypted SquirrelMail on Server
Authored by: welch on Jan 24, '06 07:54:06PM

I was one of the humble souls who spent a bit of time wondering "why cant i get squirrelmail to work?" without knowing it was the PLAIN passwords, so this hint was much welcomed by me. It fixed my problem. (For some reason I am unable to enable PLAIN authentication for IMAP service on my 10.4.4 Server machine. The Server Admin app spins and spins, and eventually reverts back to the Kerberos and CRAM-MD5 that it was originally set to, "forgetting" that I had checked PLAIN....)



[ Reply to This | # ]