Installing Squirrelmail for IMAPS on CentOS 5.1

February 25th, 2008 · 2 Comments

Over the weekend I moved e-mail service from one machine to another, and in the process, decided to limit client connections to the IMAPS protocol for security’s sake. Unfortunately, I found that this broke the default Squirrelmail configuration on CentOS 5.1. In this post I talk about what I discovered and point out the easy fix that got Squirrelmail working again.

Let’s start out by assuming you’re using the standard IMAP/POP3 server on your install of 5.1, that is, the software known as DoveCot. And let’s also assume, that for security reasons, you’ve customized its configuration such that it only accepts IMAPS connections. That is, IMAP over SSL, which means that all connections to read mail are encrypted between the client and the server thus limiting any eavesdropping as the traffic travels over your LAN, or even better, over the WAN/Internet. In this configuration, DoveCot is listening on TCP port 993 for connections and not port 143. (Most modern mail clients have no problems using IMAPS on port 993.)

In this situation, the default installation of Squirrelmail (version 1.4.8-4.0.1.el5.centos.2 as of this writing) doesn’t work and you’ll get a login error if you try to login. If you run the configuration test script, via a browser request to

http://localhost/<squirrelmail prefix>/src/configtest.php

you’ll see that it runs fine until it tries to connect to the IMAP server but then it will report a connection error on trying to access IMAP at port 143. I leave the <squirrelmail prefix> placeholder in because you might have already customized this in your /etc/httpd/conf.d/squirrelmail.conf script. It defaults to “squirrelmail”.

Your first attempt to fix this will be to run the standard, and documented, config.pl script provided by the authors of Squirrelmail. While this won’t be sufficient, you’ll want to do this anyway because it is the easiest way to correct the configuration file for Squirrelmail, which you’ll need to do at some point to get it talking IMAPS. Here are the steps:

cd /usr/share/squirrelmail/config
sudo config.pl

Once that starts, do the following:

  1. If you don’t see any values shown for any of the options, its because the config program defaults to using light yellow for the config values and this doesn’t show up well on your white terminal background. Simply select the “C” option to toggle off the color settings and switch to black text.
  2. Select option “2” (Server Settings)
  3. Select option “A” (Update IMAP Settings)
  4. Select option “4” (IMAP Server) and set it to the hostname of your IMAP server. If you’re running Squirrelmail on the same host as DoveCot, this should be “localhost”.
  5. Select option “5” (IMAP Port) and set this to “993”.
  6. Select option “7” (Secure IMAP (TLS)) and set this to “true”.  (It should be noted that Squirrelmail does not send a ‘STARTTLS’ command automatically, so you’ll need to have done step 5 to specify the dedicated SSL port.)
  7. Select “S” (Save) to save your configuration.
  8. Select “Q” (Quit) to exit the configuration tool.

Your Squirrelmail config file is now updated. But, if you try to login now, or run the configtest.php script again, you’ll find this didn’t fix the problem. Why not?

It turns out that the CentOS build of Squirrelmail has been customized so that the configuration file(s) being written to by the config.pl tool are in /etc/squirrelmail — which seems all well and good since it matches what you generally expect on a RedHat based system — the config files are in /etc. But the problem is that the PHP source that implements Squirrelmail has NOT been customized to read from that location!

The httpd conf file aliases running the PHP scripts out of /usr/share/squirrelmail and the starting index.php script assumes that it can read the configuration file via a relative file reference of “config/config.php”. Aha! Its reading the configuration file from /usr/share/squirrelmail/config/config.php which is not the one we just customized. You could copy the customized one over, but that would mean the next time you ran the config tool, you’d have to remember to re-copy this yet again and how likely is that? Let’s not try to fool ourselves. We need a different way.

The best answer I’ve come up with is to simply make a symbolic link to the /etc/squirrelmail dir, under the name config, from /usr/share/squirrelmail. But only AFTER renaming the existing config dir to something else. The rename is critical because the only location of the config.pl tool is in this directory. If you delete the directory, or overwrite it, you won’t be able to get to this script again.  That is bad.  The symbolic link fixes all the problems and enables future customizations of the Squirrelmail config to be picked up without any extra steps. Here’s the relevant commands to do this:

cd /usr/share/squirrelmail
mv config config.original
ln -s /etc/squirrelmail config

NOW you’ll find your Squirrelmail install working and connecting via IMAPS to your DoveCot server!

Tags: IT/Network

2 responses so far ↓

  • 1 Juan Carlos // Jun 20, 2008 at 11:07 am

    Mira hice todo lo que dice aqui pero tengo una duda con el ultimo paso me aparece

    en mi servidor centos 5 me aparece de esta forma cd /usr/share/squirrelmail/config entonces no se como hacerlo por que aun tengo el probema del error de IMAP 13:permiso dengado

    Te agradezco de antemano en lo que puedas colaborar

    Gracias

    Juan Carlos

  • 2 Dave // Jun 26, 2008 at 6:21 pm

    Hi Juan,

    I’m sorry but I’m having trouble understanding. I had to use a translation service which of course doesn’t do such a good job with technical terms. I can tell you’re saying you had a problem with the last step but I can’t tell exactly what the problem is. If the problem is that you can’t move the original config dir out of the way, then you probably need to just use sudo to get it done like this:

    sudo mv config config.original
    sudo ln -s /etc/squirrelmail config

    — Dave

Leave a Comment