Once you have your e-mail system up and running, you can enhance it to make it stand out from some of the bare-bones systems out there. In this article, I'm going to set up a Web mail interface to my mail system using a very robust open source Web mail package called SquirrelMail.
In case you missed them
Check out these previous articles that explain the progression of a killer (and cheap) e-mail setup:
- "An inexpensive e-mail server setup"
- "Set up a basic e-mail server with Postfix as the MTA"
- "Extend the reach of users' e-mail with IMAP"
- "Complete the e-mail setup: User accounts, DNS, and more"
Web, database, and mail servers
Let's step back a bit and talk about where to install the various servers on the network. This e-mail system will consist of a mail server, a database server, and a Web server. All of these can run on the same physical computer, or they can be distributed across three computers. If you choose to separate the servers, you need to set up the following access settings:
- A MySQL user account that allows access from both of the other servers
- The Postfix mynetworks directive to allow message relay from the Web server
- Open route to port 3306 (MySQL) from the Web and mail servers to the database server
- Open route to port 143 (IMAP) from the Web server to the mail server
Wherever you have the database server, you should make sure that the MySQL port is blocked to all access from the Internet.
So what's the best way to do this? It depends on many factors, including your existing network architecture, whether you already have a Web server or a database server set up, how beefy your servers are, and how much traffic or how many active users you have. For the rest of the article, I'll assume that all three servers are running on a single box—but if you have them separated, simply replace localhost with the appropriate host name for the server specified by the configuration directive.
I'm going to install SquirrelMail, an excellent open source Web mail package written in PHP. I'll configure it to store user preferences in the MySQL database and to change users' mail passwords in the MySQL database. SquirrelMail itself does no user authentication—it simply collects the username and password from the user and passes them to an IMAP server for authentication. A separate SquirrelMail plug-in can be configured to change the password in the mail database.
SquirrelMail is fast becoming a leading Web mail package. It's fast, easy to install, and extremely extensible, with more than 100 plug-ins already available. It's very easy to customize, and it works from the lowliest feature-poor browsers, as long as the browser supports frames. The main limitation of SquirrelMail is that it depends on an IMAP server—but I've already configured Courier-IMAP, so that's a nonissue for this project (see "Extend the reach of users' e-mail with IMAP" for more on this configuration).
Prepare the Web server
Before installing SquirrelMail, you need to make sure your Web server is up to date. To do so, you should install the following:
- Apache 1.3.27 or higher or 2.0.43 or higher.
- PHP with MySQL support, 4.0.13 or higher (at least this version, for security reasons—SquirrelMail works with any subversion of PHP 4.0). Apache 2.0 requires at least PHP 4.3.2.
- PEAR library (installs automatically if you compile PHP from source)—required to store user preferences and address books in MySQL.
- PERL 5—to configure SquirrelMail.
SquirrelMail does not use the PHP IMAP extensions—it provides its own. Once you have these components up and running, you can install SquirrelMail.
Set up the user preference and address database
SquirrelMail is in active development right now. By default, it stores user preferences and address book entries in flat files in a data directory. I've found that it's much easier to upgrade SquirrelMail if you store the flat files in a database instead. Since I'm already using MySQL for my e-mail setup, I’ll add a new database, as shown in the SquirrelMail addresses and preferences sidebar.
Download the latest SquirrelMail package from the SquirrelMail site. Save the tarball to your Web directory—if you installed Apache from source, your Web root is probably /usr/local/apache/htdocs/. On Mandrake or Red Hat systems, it's /var/www/html. Unpack the tarball and set up a symbolic link to make it easier to get to the latest SquirrelMail:
[john@foraker html]$ tar -xzf squirrelmail-1.4.0.tar.gz
[john@foraker html]$ rm squirrelmail-1.4.0.tar.gz
[john@foraker html]$ ln -s squirrelmail-1.4.0 mail
Since SquirrelMail is in active development right now, you may want to upgrade it later. By using a symbolic link to the active version of SquirrelMail, I can later download a new version, get it working properly, and simply change the symbolic link. There are two more things you should do: make the data directory writable to the Web server, and run the configuration script. If you're using the default Apache configuration for Mandrake or Red Hat, Apache runs as user “apache.” If you installed from source, Apache is probably running as user “nobody.” For example:
[john@foraker html]$ cd mail
[john@foraker mail]$ su
[root@foraker mail]# chown apache:apache data
[root@foraker mail]# exit
[john@foraker mail]$ config/conf.pl
Configure and test SquirrelMail
SquirrelMail has many configuration options. You'll need to set up the mail server settings to point to the mail server (if it's not localhost). For the IMAP server, set the software type to Courier and the authentication type to login. Now, under the database settings, set up a DSN for both the address book and the user preference tables. The script contains fairly complete help on the format, but each one looks something like:
Finally, add the appropriate fields for the preference table:
5. Field for username : user
6. Field for prefs key : prefkey
7. Field for prefs value : prefval
Save the configuration and exit the script. You should now be able to log onto SquirrelMail using the username and password for any user you added to MySQL previously; just open a browser to http://localhost/mail/.
The problem that still remains is that all of your user accounts have the obviously nonsecure password ChangeMe. The Change MySQL Password plug-in allows your users to change their passwords from within SquirrelMail. The Change MySQL Password relies on the Compatibility plug-in. Download both the Change MySQL Password plug-in and the Compatibility plug-in to the plugins subdirectory in the SquirrelMail folder (/var/www/html/mail/plugins/). Unpack both of the tarballs and, in the Change MySQL Password directory, make a copy of config.php.sample:
[john@foraker change_mysqlpass]$ cp config.php.sample config.php
This plug-in needs to connect to the same user database as Courier-IMAP, so edit the new config.php file and set the appropriate values for:
$mysql_database = 'maildb';
$mysql_manager_id = 'mysqlusername';
$mysql_manager_pw = 'password';
$use_ssl_for_password_change = 0;
$mysql_password_change_field = 'change_password';
$mysql_password_change_yes_value = 1;
$mysql_password_change_no_value = 0;
Finally, go back to the conf.pl script and enable the Change MySQL Password plug-in.