Question

Https on Squirrelmail Apache2 Postfix Ubuntu

Asked by: SW111

Hello Experts,

We have finally installed a mail server according to this tutorial: http://workaround.org/articles/ispmail-etch/ which was followed almost to the dot.

However, we now need the users to access squirrelmail via https instead of http. And so we're trying to follow the post by Amesina here:
http://fedoraforum.org/forum/showthread.php?t=93267

However, we immediately run into a problem on the second step:
Our system does not have /etc/httpd/conf.d/ssl.conf
we have: /etc/apache2/conf.d/
but in that folder, there is only squirrelmail.conf. (which the post tells us to remove) and no ssl.conf.

My question is:
1. Is this "ssl.conf" something that I just create or
2. Something that must be installed using modules? (a2en thing?) If so,
3. What module should I install?
4. And How?

I am using Ubuntu 8.04, with postfix + squirrelmail + apache2
Not quite sure what version they are. It should be a recent version though.

Thank You


This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-11-04 at 23:45:25ID24873657
Tags

https squirrelmail apache2 postfix ubuntu

Topics

Apache Web Server

,

Email Servers

,

Secure Socket Layer (SSL) & HTTPS

Participating Experts
1
Points
500
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Configure apache2 to run with cgi
    I have install Ubuntu and apache2 at home for the first time, and I'm getting crazy to configure the apache2 to run in the port 9999 (or other bigger them 1024). I have commented everything at ports.conf and I'm trying to set the httpd.conf as AddHandler cgi-script .cgi ...
  2. Apache2 service problem with linux HA
    Im running heartbeat-2 on two ubuntu servers when I get ready to start the heartbeat service I receive the error INFO: Resource is stopped Im using apache2 as the service that I want heartbeat to manage below is my line in haresouces that I have included. Server01 192.168...
  3. apache2 perl ubuntu (8)Exec format error: exec of
    Running apache2 and perl on ubuntu 9.04 I am getting the Apache error (8)Exec format error: exec of
  4. Migrating Apache2 WIndows to Apache2 on Linux
    Hi I am in the process of moving a website I had hosted on Windows running PHP on Apache2 to an uBuntu Linux system with PHP/Apache2. The httpd.conf file I had on Windows has lots of 301 redirects that I need transferred to the new Linux system. Is there any difference in t...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: routinetPosted on 2009-11-07 at 14:35:35ID: 25768397

I have not worked with Ubuntu 8.04 in awhile, so I'm not sure what files you have.  Still, the resolution here is strictly within the Apache configuration.  Your SM site must have a definition in order for Apache to serve it.  Chances are, it is in the squirrelmail.conf file you mentioned earlier.  Provided you already have an SSL certificate, it should be a simple matter to alter this file to provide an SSL host instead of a normal HTTP host.  

Post the contents of that file here.  Remember to strip out any proprietary or confidential information.

 

by: SW111Posted on 2009-11-11 at 20:07:53ID: 25801429

Hi Routinet,

Sorry for the late reply. I got cought up in multiple emergencies that needs to be taken care of.

Can you tell me if I mistakenly included any confidential info? I've looked at it ans so far I can tell it looked ok. Anyhow, here is the content of /etc/apache2/conf.d/squirrelmail.conf :


Alias /squirrelmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
  Options Indexes FollowSymLinks
  <IfModule mod_php4.c>
    php_flag register_globals off
  </IfModule>
  <IfModule mod_php5.c>
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>

  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>

# users will prefer a simple URL like http://webmail.example.com
#<VirtualHost 1.2.3.4>
#  DocumentRoot /usr/share/squirrelmail
#  ServerName webmail.example.com
#</VirtualHost>

# redirect to https when available (thanks omen@descolada.dartmouth.edu)
#
#  Note: There are multiple ways to do this, and which one is suitable for
#  your site's configuration depends. Consult the apache documentation if
#  you're unsure, as this example might not work everywhere.
#
#<IfModule mod_rewrite.c>
#  <IfModule mod_ssl.c>
#    <Location /squirrelmail>
#      RewriteEngine on
#      RewriteCond %{HTTPS} !^on$ [NC]
#      RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
#    </Location>
#  </IfModule>
#</IfModule>

 

by: routinetPosted on 2009-11-11 at 23:46:58ID: 25802214

Well, that all looks good, but you're missing a couple of details.

The <Directory> container sets up some restrictions for the squirrelmail installation.  That's fine.  

The second part, the <VirtualHost> container, is the first thing you need to address.  Are you serving squirrelmail as a URL available from a parent site (www.mydomain.com/squirrelmail), or will it be its own independent site (such as webmail.mydomain.com)?  In the first case, you will need to make sure that the parent site is configured to serve SSL content.  In the latter case, you will need to uncomment the <VirtualHost> declaration, and add SSL directives to it.

The third part should probably be uncommented as well, if you want to enforce mandatory SSL with your squirrelmail installation.

 

by: SW111Posted on 2009-11-12 at 01:07:30ID: 25802575

Hello.

My setup uses a parent site www.mydomain.com/squirrelmail. However, this machine is the parent site (i.e, from the router, I direct port 80 to this machine.

So what should I do to achieve your recommendation:
" In the first case, you will need to make sure that the parent site is configured to serve SSL content."
Am I configured to serve ssl content already? I dont have /etc/httpd/conf.d/ssl.conf, but I'm pretty sure I've setup ssl. (according to http://workaround.org/articles/ispmail-etch/  anyways, unlessI misunderstood something).

On the third part:
"The third part should probably be uncommented as well, if you want to enforce mandatory SSL"
Yes, please. mandatory sounds good. (i.e redirecting http to https, correct?) How do I do this? just uncomment? No need to find /etc/httpd/conf.d/ssl.conf ? (All the guides has this file, so I'm somewhat worried why I don't have it).

 

by: routinetPosted on 2009-11-12 at 22:30:07ID: 25811835

>>> Am I configured to serve ssl content already?

You'll have to find the section of your conf files that defines that site.  You don't *need* ssl.conf, but it is usually present to keep all the SSL-related directives in one place.  That way, you don't have to search through dozens of unrelated conf files look for that one line of code.  It sounds like you are not terribly familiar with your server's configuration - I recommend you change that.  Start with the main conf file (usually httpd.conf or apache.conf), and learn what it is doing.  When you hit an Include directive, visit that file (or files) to see what they do as well.  One of them is going to define the site (probably in a <VirtualHost> container), and you'll need to make sure it is set up to use SSL.

>>> Yes, please. mandatory sounds good. (i.e redirecting http to https, correct?) How do I do this? just uncomment?

Removing the comment markers would be necessary, yes, but I also recommend putting the <Location> container inside the configuration specific to the site.  If you leave it in the global context, you are enforcing that on all your sites.  If you ever wanted to check the configuration of a site (as I directed you to do in the previous paragraph), you do not want to have to look everywhere for global-context directives.

 

by: SW111Posted on 2009-11-13 at 00:38:58ID: 31650384

Thanks Routinet.

You're right about my level of understanding. I kept telling myself that I need an IT personnel.

Anyhow, I think I need to do a bit of learning  before I can fully understand your answer and so ask better questions. Your answers has provided enough for me to know what information to look for though. Thanks.

 

by: SW111Posted on 2009-11-18 at 07:34:48ID: 25850762

HI Routinet,
I don't know if you can still get this message. I finally got the time to implement the above changes (deleting the comment marks on the third part: Ifmodule mod_rewrite, etc) but it doesnt seem to work. I'm still accessing via http and not redirected to https?

 

by: routinetPosted on 2009-11-18 at 20:34:52ID: 25857540

You'll need to post all of the relevant conf files.  What you have posted to date is just the squirrelmail configuration, and does not indicate how it interacts with the rest.

 

by: SW111Posted on 2009-11-18 at 20:59:15ID: 25857646

Routinet, what is the other relevant conf file?

 

by: routinetPosted on 2009-11-18 at 23:02:00ID: 25858109

I don't know.  You'll need to examine your configuration to find out.  The main conf file will be httpd.conf or apache.conf, most likely, and it is just as likely that you have several includes.  I highly recommend you go through them, and follow along with this link:

http://httpd.apache.org/docs/2.2/mod/directives.html

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...