Why not just use https (port 443) connections? Just look through the apache documentation to have it work for SSL and disable access to squirremail via http (port 80). Then there won't be clear text passwords. This should be independant of Squirrelmail. SSL is enabled here on a Redhat 7.2 apache standard instalation. It seems to work flawlessly (just asks about an unrecognized certifacte, but nothing more).
Yves .:[Travis]:. wrote: >I consider IMAP insecure, however, I run Squirrel mail on the same >machine I have the mail server on and while I am running IMAP I simply >firewall it's services so that no one may access it external to the server >and allow Squirrel mail to access IMAP internal (no further >configuration). This allows you to run IMAP and Squirrel mail so that >IMAP isn't going to get exploited... You are left with the plain text >username/password vulnerable combo - yes but this is a general norm >considering other mail protocols. > > Yea, SSL for it would be great. I heard about tests with Squirrel >mail and SSL but nothing concrete - this is probably one of the main >problems with it's security. > > Just my $0.02 centavos. > >Travis > >=-=[Travis Ogden]-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >ICQ UIN: #30220771 "Courage is not defined by those who >AIM ID: Gen2600 fought and did not fall, but by those >Email: who fought, fell, and rose again." > [EMAIL PROTECTED] >Website: > http://www.FreeBSDFoo.com/~traviso >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >
