On Wed, Jul 19, 2006 at 01:29:34PM -0700, smith wrote: > On Wed, 19 Jul 2006 07:22:13 -0500, Eric Johnson wrote > > Which web mail package is easiest to install and use on > > OpenBSD? Are there any gaping security holes? > > > > Eric Johnson > > Someone posted a question about a week or two ago for a chrooted web-based > email system. Nick Holland (I think) wrote how if you really understood > programming, you would know how extremely difficult implementing a chrooted > web-based email system really is. (This is my words, Nick probably meant or > said something else entirely but that's what I got out of it even if I'm > mistaken.) > > Anyways Nick suggested Openwebmail. I tried it and I would say without a > doubt it's the easiest to install. It was hard to figure it out for me but > after I did, I said to myself, that was easy. > > Here's what you do: > > Get sendmail running and spamd (most of this requires only uncommenting lines > in several configuration files). Now you have a spam fighting MTA. > > Use pkg_add openwebmail to install it. This will install all the > dependencies. Read the readme.txt file on openwebmail's website. It shows > how to change the rights (chmod) of a few files in > /var/www/cgi-bin/openwebmail/*. These same files are owned by user 276 for > some reason, you need to change the owner to the right user but I forget which > (I think root). Now read man ssl to get httpd running with with https. Add > httpd_flags="-u -DSSL". Now go into /var/www/conf/httpd.conf and modify it so > that all http request go to https. This is in the virtual table section. > Then reboot. > > The beauty is this: I don't need pop or imap or mysql or php or python or ruby > installed. All I need is a base openbsd system and openwebmail (using > pkg_add). > > You may want to read man starttls too so that your MTA can encrypt email to > any MTA that understands and uses starttls. > > One other guy posted that openwebmail doesn't support maildir. Maildir is > supposedly better, but with valid reasons. Even though those reasons sound > good I haven't come across any reasons that say mbox should not be used or is > not capable of handling a significant amount of users. Sendmail with mbox has > been around handling thousands of users in universities and corporations way > before qmail and postfix came about so sendmail and mbox should be more than > adequate. One thing I've read that's a disadvantage to maildir is that you > can run out of inodes and that's bad when it happens. Keep in mind, I'm no > big times email administrator so take this with a grain of salt but this has > been my experience and research so far. I'd be glad to hear from some people > how I'm wrong on this. I would find it interesting. >
jaut a comment concerning chrooted webmail. Concerning "hastymail" I found the following: http://hastymail.sourceforge.net/install.php go to paragraph #5 Thanks George