962a6686 |
1 | Securing Your SquirrelMail Setup |
2 | -------------------------------- |
3 | |
4 | We try to make SquirrelMail as secure as possible, but the security of |
5 | an install depends on a lot of factors. This file lists some tips to |
6 | further improve the security of your webmail system. |
7 | |
8 | - PHP configuration. It's very important to turn register_globals OFF. |
9 | The majority of security issues discovered in SquirrelMail in the past |
10 | could only be exploited when register_globals was set to on. If you |
11 | need register_globals for other web applications, turn it on specifically |
12 | for those apps. |
13 | |
14 | - HTTPS/SSL Logins. SquirrelMail runs fine over an https / SSL connection, |
15 | and it's not that hard to set one up. |
16 | |
17 | - Data dir / attachment dir. Make sure that you've set these up with the |
18 | right permissions (only for the webserver user) and that they're outside |
19 | of your webserver's document root. See INSTALL for details. |
20 | |
21 | - IMAPS / TLS. If your IMAP server is not on the same host as SquirrelMail, |
22 | you can configure SquirrelMail to use an encrypted connection to your |
23 | IMAP server. Note that this makes no sense if both are on the same machine. |
24 | See doc/authentication.txt for info. |
25 | |
26 | - Subscribe to the squirrelmail-announce mailinglist to be informed about new |
27 | releases which may fix security bugs. If you run SquirrelMail packaged by |
28 | your distribution, make sure to apply their security upgrades. |
29 | |
8c538084 |
30 | - If you use SELinux, SquirrelMail will not work unless you create a policy |
31 | for it. In the SELinux Policy Editor, under HTTPD Service, enable |
32 | "allow HTTPD scripts and modules to connect to the network". |
962a6686 |
33 | |
34 | These are only some tips to get you started. A truly secure system needs |
35 | careful tweaking of all components, including PHP, Apache, mailserver, |
36 | the underlying OS, which users can login, etc. Searching the web will turn |
37 | up lots of information. |
38 | |
39 | |
40 | $Id$ |