Implemented security token system. (Secunia Advisory SA34627)
[squirrelmail.git] / doc / INSTALL
d68a3926 1Installing SquirrelMail
3b3d853f 4Table of Contents:
46f33521 5 0. (QUICK!) Quick install guide
238d4cfc 6 1. (PHP) Configure your webserver to work with PHP
3b3d853f 7 2. (IMAP) Setting up IMAP (not covered)
8 3. (INSTALL) Obtaining and installing SquirrelMail
9 4. (RUN) Running SquirrelMail
10 5. (CHARSETS) Russian Charsets
46f33521 11 6. (LOCALES) Translations of SquirrelMail
c650b678 12 7. (PLUGINS) Installation of included plugins
3b3d853f 13
17cec454 17
46f33521 18Each of these steps is covered in detail below.
17cec454 19
238d4cfc 20- Install webserver and PHP (at least 4.1.0).
46f33521 21- Install IMAP server (see docs of that server).
22- Unpack the SquirrelMail package in a web-accessible location.
23- Select a data-dir and attachment dir, outside the webtree (e.g. in /var).
24 The data-dir (for user prefs) should be owned by the user the webserver
512d4b31 25 runs as (e.g. www-data). The attachment dir (for uploading files as
46f33521 26 attachments) should be file mode 0730 and in the same group as the
27 webserver.
28- Run config/ from the command line. Use the D option to load
29 predefined options for specific IMAP servers, and edit at least the
30 Server Settings and General Options (datadir).
a3bb5005 31- Browse to
46f33521 32 to test your configuration for common errors.
a3bb5005 33- Browse to to log in.
2a32fc83 34
1067414d 35
17cec454 38
46f33521 39 If your webserver does not already have PHP you must configure it
40 to work with PHP. You need at least PHP v4.1.0. SquirrelMail uses
238d4cfc 41 the standard suffix .php for all PHP files.
598294a7 42
a3bb5005 43 You can find PHP at See the documentation that
46f33521 44 comes with PHP for instructions how to set it up.
17cec454 45
512d4b31 46 The PHP IMAP extension is NOT necessary at all (but won't harm)!
46f33521 47 Below is a list of optional PHP extensions:
17cec454 48
0dc92cda 49 --with-ldap
50 Required for LDAP addressbooks
bee552c7 51
0dc92cda 52 --with-pear and --with-mysql
bee552c7 53 For MySQL storage of preferences or addressbooks. You will need PHP
1131d10f 54 compiled with --with-pgsql option, if you want to use PostgreSQL instead
bee552c7 55 of MySQL. You will need PHP with appropriate database extension, if you
1131d10f 56 want to use any other database.
0dc92cda 57
58 --with-openssl
59 Required for encrypted IMAP or SMTP connections (TLS)
61 --with-mcrypt
62 Can be used by SquirrelSpell plugin for encryption of personal
63 dictionaries
65 --with-iconv or --with-recode
66 Can be used by Eastern charset decoding functions
68 --enable-mbstring
bee552c7 69 Required for Japanese translation. Optional for translations that
0dc92cda 70 use non-ISO-8859-1 charset
17cec454 71
962a6686 72 It is highly advised to NOT turn on register_globals, as this can lead
73 to security holes. If you must use register_globals for some applications,
74 turn it on locally for only those directories, or turn it off for the
75 SquirrelMail folder.
46f33521 76 If you want your users to attach files to their mails, make sure
77 File Uploads in php.ini is set to On.
17cec454 78
17cec454 79
46f33521 83 This depends a lot on the server your choose. See the documentation
84 that comes with your server.
598294a7 85
46f33521 86 If you're concerned about people accessing it directly, you can
87 limit access to only the IP of the webserver.
17cec454 89
ef1932a4 93 SquirrelMail is constantly being improved. Therefore you should always
a3bb5005 94 get the newest version around. Look at
ef1932a4 95 to see what it is. If you want to be bleeding edge you might want to
8fea605c 96 consider using the latest SVN version (with the latest and most
46f33521 97 fashionable bugs).
17cec454 98
99a. Download SquirrelMail
101 Get SquirrelMail from the address above if you do not have it or are
102 uncertain if you have the newest version. Untar (again tar xvfz
103 filename.tgz) SquirrelMail in a directory that is readable for your
104 webserver.
106b. Setting up directories
108 SquirrelMail uses two directories to store user configuration and
109 attachments that are about to be sent. You might want to have these
110 directories outside of your web tree.
112 The data directory is used for storing user preferences, like
368ab966 113 signature, name and theme. You need to create this directory yourself.
114 Recommended location is under /var, for example:
115 /var/local/squirrelmail/data
116 This directory must be writable by the webserver. If your webserver is
117 running as the user "nobody" and group "nobody" you can fix this by
118 running:
65b14f90 119
e71e5745 120 $ chown -R nobody:nobody /var/local/squirrelmail/data
4bc627ae 121
122 Keep in mind that with different installations, the web server could
598294a7 123 typically run as userid/groupid of nobody/nobody, nobody/nogroup,
124 apache/apache or www-data/www-data. The best way to find out is to read
ff65039a 125 the web server's configuration file.
4bc627ae 126
17cec454 127 There also needs to be a directory where attachments are stored
128 before they are sent. Since personal mail is stored in this
129 directory you might want to be a bit careful about how you set it
130 up. It should be owned by another user than the webserver is running
e71e5745 131 as (root might be a good choice) and the webserver should have directory
132 write and execute permissions, but should not have read
17cec454 133 permissions. You could do this by running these commands (still
e71e5745 134 granted that the webserver is running as nobody/nobody):
17cec454 135
e71e5745 136 $ cd /var/local/squirrelmail/
137 $ mkdir attach
138 $ chgrp -R nobody attach
139 $ chmod 730 attach
17cec454 140
e71e5745 141 If you trust all the users at your system not to read mail they are
368ab966 142 not supposed to read, you can simply use /tmp as you attachments
143 directory.
598294a7 144
145 If a user is aborting a mail but has uploaded some attachments to it
146 the files will be lying around in this directory forever if you do not
390372b4 147 remove them. To fix this, it is recommended to create a cron job that
148 deletes everything in the attachment directory. Something similar
4bc627ae 149 to the following will be good enough:
390372b4 150
1e532e26 151 $ cd /var/local/squirrelmail/attach && rm -f *
598294a7 152
4bc627ae 153 However, this will delete attachments that are currently in use by people
154 sending email when the cron job runs. You can either (1) make sure that
155 the cron job runs at an obscure hour and hope that nobody gets upset, or
156 (2) you can run a modified version of the commands above. Check out the
157 man pages for other commands such as 'find' or 'tmpreaper'.
598294a7 158
4bc627ae 159 One sample script you could set up that would erase all attachments, but
160 wouldn't erase preferences, address books, or the like (just in case your
598294a7 161 attachment directory is the same as your data directory) might look like
4bc627ae 162 this:
598294a7 163
1e532e26 164 $ find /var/local/squirrelmail/attach -type f -atime +2 -exec rm {} \;
598294a7 165
4bc627ae 166 Remember to be careful with whatever method you do use, and to test out
167 the command before it potentially wipes out everyone's preferences.
17cec454 168
169c. Setting up SquirrelMail
86bb50f8 171 There are three ways to configure SquirrelMail. In the config/ directory,
be8e07f8 172 there is a perl script called that will aid you in the
390372b4 173 configuration process. This is the recommended way of handling
be8e07f8 174 the config.
86bb50f8 176 There's also a plugin called 'administrator' for the webinterface but you'll
177 have to be able to at least log in to SquirrelMail first.
390372b4 179 You can also copy the config/config_default.php file to config/config.php
be8e07f8 180 and edit that manually.
65b14f90 181
cbd6543c 182 After you've created a configuration, you can use your webbrowser to
13721b47 183 browse to http://your-squirrelmail-location/src/configtest.php.
e71e5745 184 This will perform some basic checks on your configuration to make sure
cbd6543c 185 everything works like it should.
65b14f90 190
429f8906 191 Point your browser at the URL at which SquirrelMail is installed. A
598294a7 192 possible example of this is:
a3bb5005 193
598294a7 194
3d8fe250 195 It should be pretty straight forward to use. Some more documentation
429f8906 196 might show up one day or another.
8c086db6 197
202 For information on how to make SquirrelMail work with Russian
77180a75 203 Apache, see the russian_apache.txt in the doc/ subdirectory.
2481e3c1 204
46f33521 205
2481e3c1 2066. TRANSLATIONS
598294a7 209 In order to use translated versions of SquirrelMail, you need
2481e3c1 210 to download and install locale packages that contain translations
598294a7 211 that you want to use with SquirrelMail.
2481e3c1 213 Locale packages can be downloaded from SquirrelMail SourceForge
214 project page.
598294a7 215
bee552c7 216
598294a7 217
512d4b31 218 Each translation contains an install script that copies the required files
219 into their appropriate locations. If you can't run that script, you can
86bb50f8 220 extract the contents of a translation package into your SquirrelMail
512d4b31 221 directory.
598294a7 222
512d4b31 223 NOTE No.1: *-src.tar.gz, *-src.tar.bz2 and * archives do not contain
86bb50f8 224 compiled translation files. You will need to run the "compilelocales" script
2481e3c1 225 in order to get all gettext binary translations.
598294a7 226
2481e3c1 227 NOTE No.2: You might need to restart your webserver before using translations.
228 If you can't do that, install your translations _before_ you use SquirrelMail.
c650b678 229
bee552c7 230
c650b678 2317. PLUGINS
bee552c7 234 The SquirrelMail package includes some standard plugins. These plugins can be
512d4b31 235 enabled in the SquirrelMail configuration script.
c650b678 236
237 Included plugins can use additional configuration files:
238 * change_password
239 configuration file is required. Without it plugin defaults to invalid
240 backend. See plugins/change_password/README
241 * filters, fortune, mail_fetch, newmail, translate
242 configuration files are optional. See README files in plugin directories.
243 * squirrelspell
244 configuration is stored in plugins/squirrelspell/sqspell_config.php
e71e5745 245 The default configuration might not work at your server.
c650b678 246 * administrator
bee552c7 247 plugin must be setup correctly in order to detect administrative user.
c650b678 248 See plugins/administrator/INSTALL