Jump to content

wolvesb

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by wolvesb

  1. I've read the threads about configuring spamassasin, which include having "auto_learn" on. However, there seems to be a missing piece in how to handle spamassasin training while using a webmail interface. Ie, If I get mail that is reqularly flagged as spam, can I move it to a different folder and somehow re-train spamassasin's filters to mark down those terms? I know of the command-line options on Spam Assasin to relearn, but I don't know hot without shell i'm not sure it's practical to run that? There doesn't seem to be anything in CPANEL to help with the bayesian training? Am I missing something?
  2. Thank you for this fix! I was wondering why I couldn't read emails all the sudden! What is the implication of not tweaking the download.php lines?
  3. Given the date, I guess this fell to the wayside. Just to leave a signpost here - be very careful installing Squirrelmail in userspace. From my understanding of PHP, you will be allowing anyone to access your address book, downloads, and potentially other information. I sort-of worked around this with scgi-bin, but I'm still icked about it (and if I could get the server side one "fixed", I'd use that).
  4. Are there any lightweight mechanisms to communicate between two simultaneously running PHP scripts that will work in the TCH environment? Or do I just do file or database I/O?
  5. I am trying to learn PHP, and was interested in using shared memory functionality. The documentation I can find ( http://jamesthornton.com/php/manual/ref.shmop.html ) is for 4.0.3 - is this supported on the TCH servers? is there a reason that it wouldn't be supported? Thank you.
  6. Well, I finally got things to work well enough with a mucked together script that just fixed the vars that squirrelmail needed. I still am surprised that there isn't a more generic solution. The basic idea is.. Filter out ..'s from the filename Append to a private path Fix up some subset of _GET and HTTP_GET_VARS and PHP self and ... (1) include the real file That "subset" is bothersome, since I'll probably have to fix the script again should I want to run anything different under it -- I can't find a way of including as a new request to let PHP do it automatically.
  7. Now that I have a little more time to tinker, I'd like to get my personal squirrel mail installation to be a little more secured, so that address books and attachments aren't visible to everyone else on the server. From what I read on PHP, it usually runs as "nobody", so any files that squirrelmail needs to update, they must be readable, writeable and visible to anyone. Thanks to earlier help, I know that I can run PHP as myself using the scgi-bin directory. BUT, this requires that all the files end in .CGI (not .PHP), and they all must start with a "#!/bin/php" line. This is a decent amount of copying&pasting. What I am looking for is a secure wrapper for a PHP program. Can anyone suggest anything? Warn me of any security risks? What it would do is, as a PHP .CGI file Take an URL as input which should JUST be a relative reference to a PHP file Sanitize the URL - this has to remove all ".." (anything else)? #include in the sanitized URL to bring in the PHP file This should result in squirrel mail running as my user ID, accessing files as myself, while hopefully not being a terrible security risk. Anything wrong with this idea?
  8. I have Squirrel mail insteaded the usual way at the moment. I still have this nagging feeling that having 777 permissions to my address book directory. And having the files owned by nobody, so I can't read/back them up, is odd. I had this "clever" idea: Pick a subdirectory, call it mysqmail/ Modwrite everything to a SCGI-BIN script Sanitize the URL to remove any ".." include the sanitized URL (ie, php file) from a directory that is outside public_html Would this work? I'm trying to find an example of the url sanitation, because its security and I don't like to get that wrong..
  9. Wow! Thanks. That looks like exactly like what I wanted! Is there any "convenient" way to run PHP under this? I'd llike to run my squirrelmail install as myself rather than nobody. it seems I could do that by changing all the filenames to .cgi and prepending #!/bin/php to it, but that seems like a decent amount of work.
  10. After getting over my unease at leaving my address book for the world to see, I am the proud owner of yet-another squirrel mail installation, thanks to the instructions on here. Now I just need to tweak spam assassin to do some learning (too much spam getting through). So I take the handy scripts, and try to run them through PHP -- bad idea, since PHP doesn't have the permissions (?shouldn't php run as the user, not as nobody?) From a search, I now know that I need "cron". That's all well and good, and I can get cron to run the handy scripts, but... Is there any way to test that the scripts are working (ie, that I have the path right and all?) Its unnerving to set them to run frequently and hope that everything is right, no typos anywhere. Is there some option to "run job now"? The solutions for testing cron jobs (from a search of the forum) were PhpShell - which appears to now be banned, and wouldn't work anyway since it'd run at server permissions, not user permissions. Out of curiousity, does any form of CGI run as the user and not as the webserver? Is it possible to do User-SetUID CGI-Perl?
  11. Thank you all for the kind welcome. I am unable to reach IMAP due to a restrictive firewall (that also blocks HTTPS to non443 ports). I'd like to read IMAP mail without snickering coworkers in the IT department knowing just how pathetic I am. Thus, I am trying to use squirrelmail. Now, the problem: I want to use the "multiple identities" feature of squirrel mail. This is under the Options->Personal in Squirrelmail -- when I go in from CPANEL It is not there under the /sqmail/ one. I think its a setting in config.php ( Edit_Identity?!) If I install my own squirrelmail, then I have to leave the sqmail data files open to anyone to read? Is this correct? Thanks for any advice on this..
  12. Thank you for the welcome. I have been looking at option 3 - Install my own squirrelmail - which is the only one I think I have control over, and am somewhat puzzled -- It seems that for Squirrelmail to work, that.. A) the squirrelmail folder has to be readable and writeable by all and the squirrelmail data folders have to be readable/writeable by all. So aside from trying to find some clever names for my squirrelmail folders, what are the implications of having the prefs and other information public? it feels "icky" to have my address book hanging in the open.. I suppose i'm only exposed to people on the same host?
  13. One feature that seemed highly useful to me is the "multiple identity" feature of squirrelmail. I have one catch-all address ( something@****) - but wish to respond depending on which hat i am wearing ( admin@****, support@****). Oddly, if I use: http://****:2082/3rdparty/squirrel...src/webmail.php this feature exists and works and all is well. Except for the problem that the port is blocked by firewalls (especially if I try to use https). If I use: http://****/sqmail/ its as if the feature never existed. No option to edit multiple identies, and no option in Compose to use them. Oh, but I can use this via https! so.. 1) Is there a way to access the ****:2082 tree through the standard server, with whatever obscure path prefix? 2) Is there any chance that multiple identities can be enabled for the /sqmail/ variant? or, is my best bet to install my own Squirrelmail version and hope I have enough time to follow security advisories for it? Thanks for any assistance/advice.
×
×
  • Create New...