Squirrel Mail:

Squirrelmail is the web based MUA of choice. There are others as well such as Horde, RoundCube, etc, but I prefer Squirrelmail, because it is quite mature, reasonably secure and light weight.

There are many methods to setup Squirrelmail, like setting up in a server-wide visible directory, so all Apache Virtual Hosts can access the squirrelmail webpage through an Aliased URL, such as /webmail. No doubt this method is the easiest to provide webmail interface to all the domains hostes on your server, but remember, that this will not work with SuPHP. The reason is simple. When site A wants to run the webmail interface through http://site-A.domain/webmail, the suPHP engine will expect the squirrelmail files to have the ownership same as the ownership of the DocumentRoot directory of that particular VirtualHost. Once this is not the case, Apache will refuse to open this page / Alias / URL. There are three methods to do that, listed below, not necessarily in order of preference:

  1. Each VirtualHost hosted on this server, should setup own squirrelmail installation. This is of-course do-able by uploading the Squirrelmail package through your VirtualSite-FTP user-id and setting it up. This is ok for a small number of virtual hosts (say 3-5). However, this is very painful, rather not doable, if you have more than ten virtual domains hosted on your server.

  2. Setup Squirrelmail in a serverwide visible directory, such as /var/www/webmail. Define a subdomain / another A/CNAME record for each domain in the DNS, such as webmail.domain-A.com , webmail.domain-B.net, etc. Setup separate VirtualHosts in Apache configuration files, for these webmail sub-domains. Then point the DocumentRoot of all these (webmail) sub-domains in Apache configuration files, to the same physical location on the disk, that is: /var/www/webmail . And switch off suPHP for this directory. This is not as painful as option 1, but involves some work at DNS and Apache configuration level. Also this (centralized) URL can only be managed by the server admin. Individual site owners have no control over it’s configuration.

  3. Setup squirrelmail in a central location, same as done in option # 2 above, and only setup DNS and Apache configuration of your main website, such as http://webmail.hostingprovider.com . Skip the DNS and Apache configurations for all the virtual sites. Since this is a shared server anyway, and our setup provides facility to log in to webmail interface using your complete email address, let the users access their email through the central shared hosting webmail URL. If you are running suPHP, then this virtual host (webmail.hostingprovider.com) will always run as the same user/group. This makes it very easy to manage the entire email facility.

In the text below, I am assuming that I am not using suPHP. `

cd /downloads
wget http://internap.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.19.tar.bz2

Unpack this tarball into the central location /var/www. Unpacking will create a directory named /var/www/ squirrelmail-1.4.19 .

cd /var/www
tar xjf /downloads/squirrelmail-1.4.19.tar.bz2

# Remove the symbolic link pointing to previous version of any webmail software (if you had any):

rm -f webmail
ln -s squirrelmail-1.4.19 webmail
chown apache:apache squirrelmail-1.4.19 -R

Let’s do the configuration:

cd webmail/config

Organization Preferences

  1. Organization Name: Example website
  2. Organization Title: Example webmail service, powered by SquirrelMail $version

Server Settings


  1. Domain : example.com
  2. Invert Time : false
  3. Sendmail or SMTP : SMTP

💡 Remember, we are using Courier-IMAP in this setup. However the following IMAP settings should be ok with most of IMAP software/servers

IMAP Settings

  1. IMAP Server : localhost
  2. IMAP Port : 143
  3. Authentication type : login
  4. Secure IMAP (TLS) : false
  5. Server software : other
  6. Delimiter : detect

SMTP Settings

  1. SMTP Server : localhost
  2. SMTP Port : 25
  3. POP before SMTP : false
  4. SMTP Authentication : none
  5. Secure SMTP (TLS) : false
  6. Header encryption key :

General Options

  1. Data Directory : /var/www/webmail/data/
  2. Attachment Directory : /var/www/webmail/attach/

Make sure that these two directories exist and have proper permissions.

ls -l /var/www/webmail
drwxrwxr-x 2 apache apache 4096 May 10 04:30 data
mkdir /var/www/webmail/{attach,data} -p
chown apache:apache /var/www/webmail/{attach,data} -R
chmod 733 /var/www/webmail/attach

Create the SquirrelMail configuration file for Apache:

cat > /etc/httpd/conf.d/squirrelmail.conf << EOF
Alias /webmail /var/www/webmail

You can restart Apache service now:

service httpd restart

The change_pass plugin:

It should be noted that changing the password of the user is not the responsibility of any MUA. The user of any virtual site should actually log-on to his account through qmail-admin’s interface and change the password over there. This is what I am going to use in my future installations. As I am also going to shift away from Couruier and use DoveCot instead. Another reason is that the change_pass plugin (discussed below) requires a special service to be running on the server itself. Remember CourierPassd ? This means extra work for the server administrator in the first place.

Still, there is a plugin provided by squirrelmail community, named change_pass.

Download the change_pass plugin:

cd /var/www/webmail/plugins
wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange\_pass-2.7a-1.4.x.tar.gz
tar xzf change\_pass-2.7a-1.4.x.tar.gz

Now you can add this plugin to the list of available plugins using the ./conf.pl configuration program.

cd webmail/config

Try changing password of any of the email id . It should get changed successfully.And this is what you should get in your /var/log/messages file, once you change password from Squirrelmail web interface:

Apr 1 09:55:48 www xinetd[26780]: START: courierpassd pid=26924 from= Apr 1 09:55:48 www xinetd[26780]: EXIT: courierpassd status=0 pid=26924 duration=0(sec)

Alhumdulillah !

Extra decoding library:

SquirrelMail decoding functions are used to display and convert messages encoded in different character sets. Extra decoding library provides support of some complex Eastern and Apple x-mac character sets.

cd /downloads/qmailnew
wget http://downloads.sourceforge.net/project/squirrelmail/decode/1.2/squirrelmail-decode-1.2.tar.gz?use\_mirror=softlayer  
tar xjf squirrelmail-decode-1.2.tar.bz2

From the README.decode :

SquirrelMail Extra Decoding Library

This package contains extra decoding functions. Functions are enabled by copying .php files to SquirrelMail’s functions/decode/ directory.

Install these functions:

[root@www squirrelmail-decode-1.2]# ./install Please enter path to your SquirrelMail installation:/var/www/webmail

Extra decoding functions are installed. [root@www squirrelmail-decode-1.2]#

Showing the User-ID of the logged in user on the INBOX page:

To make squirrel mail show the logged in Username with the “Sign Out” link on the top right of the web page, do the following:

Open / edit the file “page_header.php” file in the /var/www/webmail/functions directory and find the line with the word “Sign Out” in it:-

displayInternalLink (‘src/signout.php’, _(“Sign Out”), $frame_top);

And change it to:

displayInternalLink (‘src/signout.php’, _(“Sign Out “.$username), $frame_top);

Then find the following line(s) / function definition in the same file:

function displayPageHeader($color, $mailbox, $xtra='', $session=false) {
global $hide\_sm\_attributions, $frame\_top,
$compose\_new\_win, $compose\_width, $compose\_height,
$attachemessages, $provider\_name, $provider\_uri,
$javascript\_on, $default\_use\_mdn, $mdn\_user\_support,
$startMessage, $org\_title;

and change that to:

function displayPageHeader($color, $mailbox, $xtra='', $session=false) {
global $hide\_sm\_attributions, $frame\_top,
$compose\_new\_win, $compose\_width, $compose\_height,
$attachemessages, $provider\_name, $provider\_uri,
$javascript\_on, $default\_use\_mdn, $mdn\_user\_support,
$startMessage, $org\_title, $username;

Basically you just added a $username to the global line above.

Running squirrelmail over SSL, instead of plain HTTP:

To run Squirrelmail over SSL, I have introduced a Redirect line in my Apache configuration for the mail VirtualHost.

<VirtualHost *:80>

ServerAdmin webmaster@example.com
DocumentRoot /var/www/webmail
ServerName mail.example.com
ServerAlias webmail.example.com mail.someotherhosteddomain.com
<Directory /var/www/webmail>
AllowOverride All

Redirect https://www.example.com/webmail


Here is how it works: I simply type in mail.example.com in the address bar of my browser. (notice that this is the name of this virtual host in this configuration). The Redirect directive converts this to https://www.example.com/webmail . Recall that during the squirrelmail setup we already setup an Alias /webmail for this directory. If your HTTPS is configured correctly you will see a notice of some SSL certificate and when you accept that, you will see your INBOX main page, but on HTTPS!

That is all. You now have a fully functional webmail interface for your emails. Happy emailing 🙂