Menu
▾
▴
squirrelmail-devel — SquirrelMail Development Mailing List
You can subscribe to this list here.
| 1999 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(20) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2000 |
Jan
(96) |
Feb
(124) |
Mar
(196) |
Apr
(169) |
May
(63) |
Jun
(230) |
Jul
(182) |
Aug
(247) |
Sep
(143) |
Oct
(153) |
Nov
(156) |
Dec
(162) |
| 2001 |
Jan
(399) |
Feb
(206) |
Mar
(50) |
Apr
(115) |
May
(111) |
Jun
(139) |
Jul
(153) |
Aug
(149) |
Sep
(225) |
Oct
(263) |
Nov
(90) |
Dec
(344) |
| 2002 |
Jan
(475) |
Feb
(303) |
Mar
(278) |
Apr
(339) |
May
(188) |
Jun
(95) |
Jul
(145) |
Aug
(277) |
Sep
(277) |
Oct
(306) |
Nov
(190) |
Dec
(153) |
| 2003 |
Jan
(179) |
Feb
(213) |
Mar
(126) |
Apr
(201) |
May
(85) |
Jun
(207) |
Jul
(205) |
Aug
(175) |
Sep
(226) |
Oct
(176) |
Nov
(79) |
Dec
(115) |
| 2004 |
Jan
(86) |
Feb
(112) |
Mar
(129) |
Apr
(185) |
May
(153) |
Jun
(157) |
Jul
(89) |
Aug
(182) |
Sep
(98) |
Oct
(105) |
Nov
(115) |
Dec
(90) |
| 2005 |
Jan
(61) |
Feb
(154) |
Mar
(239) |
Apr
(265) |
May
(80) |
Jun
(96) |
Jul
(118) |
Aug
(129) |
Sep
(74) |
Oct
(81) |
Nov
(261) |
Dec
(121) |
| 2006 |
Jan
(137) |
Feb
(204) |
Mar
(99) |
Apr
(45) |
May
(68) |
Jun
(51) |
Jul
(109) |
Aug
(56) |
Sep
(146) |
Oct
(229) |
Nov
(93) |
Dec
(47) |
| 2007 |
Jan
(127) |
Feb
(102) |
Mar
(89) |
Apr
(60) |
May
(41) |
Jun
(56) |
Jul
(139) |
Aug
(51) |
Sep
(51) |
Oct
(52) |
Nov
(110) |
Dec
(57) |
| 2008 |
Jan
(91) |
Feb
(53) |
Mar
(80) |
Apr
(57) |
May
(69) |
Jun
(36) |
Jul
(33) |
Aug
(29) |
Sep
(15) |
Oct
(13) |
Nov
(19) |
Dec
(18) |
| 2009 |
Jan
(15) |
Feb
(10) |
Mar
(16) |
Apr
(3) |
May
(15) |
Jun
(29) |
Jul
(30) |
Aug
(24) |
Sep
(27) |
Oct
(8) |
Nov
(14) |
Dec
(34) |
| 2010 |
Jan
(31) |
Feb
(34) |
Mar
(19) |
Apr
(16) |
May
(6) |
Jun
(17) |
Jul
(2) |
Aug
|
Sep
|
Oct
(2) |
Nov
(2) |
Dec
(2) |
| 2011 |
Jan
(7) |
Feb
(4) |
Mar
|
Apr
(14) |
May
(1) |
Jun
(1) |
Jul
(6) |
Aug
(2) |
Sep
(8) |
Oct
(4) |
Nov
(3) |
Dec
(10) |
| 2012 |
Jan
(18) |
Feb
(27) |
Mar
(11) |
Apr
|
May
(2) |
Jun
|
Jul
(2) |
Aug
(21) |
Sep
(4) |
Oct
(10) |
Nov
(7) |
Dec
(2) |
| 2013 |
Jan
(1) |
Feb
(7) |
Mar
(4) |
Apr
(1) |
May
(3) |
Jun
(11) |
Jul
|
Aug
(1) |
Sep
|
Oct
(5) |
Nov
(2) |
Dec
(8) |
| 2014 |
Jan
(10) |
Feb
|
Mar
(1) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
|
| 2015 |
Jan
(2) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(2) |
| 2016 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(3) |
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(34) |
| 2017 |
Jan
(1) |
Feb
(2) |
Mar
(6) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(3) |
Jun
|
Jul
(5) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(6) |
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
(11) |
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
(3) |
Dec
|
|
From: Peter C. <pet...@cq...> - 2015-11-29 01:38:27
|
Hello! I have a frustratingly general question, and it's one more based on curiosity than need. I've been a fan of SquirrelMail for many years, and have noticed recently that you can no longer connect to your Gmail account using it. I understand there's really no practical point in doing this - just use gmail's webmail or a pop/imap client, and I think there's a pop fetch plugin for SQ too, not sure if it has the same issue though. so please forgive me for not being specific or being able to upload code in question - i was just wondering if anyone knew why Gmail hates SQ these days? why doesn't the way SQ logs into an imap server work with gmail anymore? when I set up the config file with all the correct details and go to log in, it tells me i entered an incorrect user name or password, then moments later an email arrives in my gmail inbox that reads: Someone just tried to sign in to your Google Account ****@gmail.com from an app that doesn't meet modern security standards. i've read google is renowned for not following standards, not sure if that's true, but I'm just wondering why gmail cracks a wobbly at SQ these days when I definitely remember it working a few years ago. like i said, i have no practical purpose to access my gmail with squirrelmail, but was curious about what's changed food for thought! peace and blessings |
|
From: Pander <pa...@us...> - 2015-02-28 10:06:07
|
There is a new version of davical2abook, please see https://github.com/PanderMusubi/davical2abook |
|
From: Paul L. <pa...@sq...> - 2015-01-19 20:00:53
|
> I am running 1.5.2 [SVN] on a turnkey debian (VM) using IMAP to connect to > imap-mail.outlook.com. Where the folder list should be in the left-pane, I > have this error: You might consider sharing your configuration settings on the users mailing list for using SquirrelMail with outlook.com, since some others may appreciate the help. > ERROR: IMAP server closed the connection. > Query: LIST "" {11} INBOX.Trash > Server responded:* BYE Client must wait for a continuation request response > before sending data. I wouldn't expect outlook.com to be too helpful about this, although someone with access to a "Microsoft Exchange Server 2013 IMAP4" server might be able to shed some light on this. Grabbing the network traffic while you do this would also be informative. > I didn't receive this error using 1.4.2, but need the STARTTLS > functionality for to send messages. The right-pane, where the > messages are listed, renders properly. Not too long ago, I offered to add STARTTLS to 1.4.23 if a mailing list user would help test, but I never heard back from them.... -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Mark E. <jo...@gm...> - 2015-01-01 00:37:16
|
Greetings. I am running 1.5.2 [SVN] on a turnkey debian (VM) using IMAP to connect to imap-mail.outlook.com. Where the folder list should be in the left-pane, I have this error: ERROR: IMAP server closed the connection. Query: LIST "" {11} INBOX.Trash Server responded:* BYE Client must wait for a continuation request response before sending data. I didn't receive this error using 1.4.2, but need the STARTTLS functionality for to send messages. The right-pane, where the messages are listed, renders properly. -Mark Screenshot of error: Output from configtest: SquirrelMail configtest This script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. You need to go run conf.pl in the config/ directory first before you run this script. SquirrelMail version: 1.5.2 [SVN] Config file version: 1.5.0 Config file last modified: 31 December 2014 23:47:15 Checking PHP configuration... PHP version 5.4.4-14+deb7u5 OK. (You have: 5.4.4-14+deb7u5. Minimum: 4.1.0) Running as www-data(33) / www-data(33) display_errors: (overridden with 1 for this page only) error_reporting: 22527 (overridden with 32767 for this page only) variables_order OK: GPCS. PHP extensions OK. Dynamic loading is disabled. Web server is running as user: www-data (33) Web server is running as group: www-data (33) Checking paths... Data dir OK. Attachment dir OK. Checking plugins... Plugins are not enabled in config. Themes OK. Default language OK. Base URL detected as: http://192.168.1.8:443/squirrelmail/src (location base autodetected) Checking outgoing mail service.... ( ! ) Notice: Undefined variable: client_ip in /var/www/squirrelmail/src/configtest.php on line 655 Call Stack # Time Memory Function Location 1 0.0004 381808 {main}( ) ../configtest.php:0 ( ! ) Notice: Undefined variable: client_ip in /var/www/squirrelmail/src/configtest.php on line 658 Call Stack # Time Memory Function Location 1 0.0004 381808 {main}( ) ../configtest.php:0 SMTP STARTTLS extension looks OK. SMTP server OK (220 BLU436-SMTP218.smtp.hotmail.com Microsoft ESMTP MAIL Service, Version: 8.0.9200.16384 ready at Wed, 31 Dec 2014 16:18:06 -0800) Checking IMAP service.... IMAP server ready (* OK Outlook.com IMAP4rev1 server version 17.4.0.0 ready (BLU451-IMAP76)) Capabilities: * CAPABILITY IMAP4rev1 CHILDREN ID NAMESPACE UIDPLUS UNSELECT AUTH=PLAIN AUTH=XOAUTH2 SASL-IR Checking internationalization (i18n) settings... gettext - Gettext functions are available. On some systems you must have appropriate system locales compiled. Test translations <https://192.168.1.8/squirrelmail/src/configtest.php?testlocales=1> . This test is not accurate and might work only on some systems. mbstring - Mbstring functions are available. recode - Recode functions are unavailable. iconv - Iconv functions are available. timezone - Webmail users can change their time zone settings. Current time zone is UTC. Checking database functions... not using database functionality. Checking LDAP functions... not using LDAP functionality. _____ Summary Congratulations, your SquirrelMail setup looks fine to me! |
|
From: Brad S. <br...@co...> - 2014-11-15 23:59:02
|
So what exactly is holding up a new SquirrelMail release (.e.g. 1.4.23)? Looking at the list the last post I see commenting on this indicates a release would be "soon" and then over a year has gone by. The situation is pretty ridiculous when the latest release is not compatible with the last *3* PHP releases and it has been over 3 years since the last release. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |
|
From: Philippe B. <eic...@An...> - 2014-10-20 11:08:48
|
Dear Pham Trieu, > I have installed squirrelmail, dovecot, postfix doing mailserver > system. I also installed plugins for squirrelmail: compatibility, > change_passwd. I use firefox to send/receive email ok but squirrelmail > option showing blank, Now I want to change password but not showing in > options. How do I config? I actually never got any of the existing password-changer plugins to work. Therefore, I have coded my own: http://www.bourdin.ch/Philippe/archiv/change_user_passwd.README http://www.bourdin.ch/Philippe/archiv/change_user_passwd.tar.gz I would be happy, if someone could put this on the official SM website for the available plugins. Thisone is pretty much only using very basic tools with no complicated LDAP, PAM, etc. - just uses sudo and passwd. Thanks and best regards, Philippe Bourdin. |
|
From: Pham T. <tri...@ya...> - 2014-09-29 08:12:41
|
I have installed squirrelmail, dovecot, postfix doing mailserver system. I also installed plugins for squirrelmail: compatibility, change_passwd. I use firefox to send/receive email ok but squirrelmail option showing blank, Now I want to change password but not showing in options. How do I config? Please help me! Thanks so much. About OS system: SquirrelMail 1.4.22-4.el6.noarch Compatibility-2.0.16 Change_passwd-4.0-1.2.8 Php-5.3.3 Httpd-2.2.15-31.el6 UW-IMAP dovecot-2.0.9-7.el6 SMTP server postfix-2.6.6-6.el6 OS: CentOS 6.4 64bit |
|
From: Paul L. <pa...@sq...> - 2014-04-07 05:48:01
|
I don't think this thread has anything to do with this mailing list....
On Mon, Mar 31, 2014 at 8:59 AM, stevezemlicka <st...@al...> wrote:
> I am using squirrelmail in conjunction with our Ironport simply as a
> send-mail portal for users to send encrypted messages. Most everything has
> been stripped and when users login, they are simply presented with the
> compose message page. I believe we can flag a message with an x-header to
> set an expiration for the decryption of the message within Cisco's services.
> I read something about a message expiration plugin but couldn't find that
> plugin. Has anyone had experience with anything related to setting message
> expiration on outbound messages?
"Proon" is the best message clean-up plugin on the SquirrelMail
website. There is also a plugin that will add any header you want to
outgoing messages ("Add Header" should have been easy for you to
find), but something like this should be done in your MTA and not in a
mail client.
> I would like to set a default, but potentially allow users to override that
> (maybe within a certain range and a selection from a calendar pop-up would
> be fantastic).
If it were me, I'd set this up in the MTA and use the Server Settings
plugin to allow users to configure the relevant settings.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
|
|
From: stevezemlicka <st...@al...> - 2014-03-31 15:59:58
|
I am using squirrelmail in conjunction with our Ironport simply as a send-mail portal for users to send encrypted messages. Most everything has been stripped and when users login, they are simply presented with the compose message page. I believe we can flag a message with an x-header to set an expiration for the decryption of the message within Cisco's services. I read something about a message expiration plugin but couldn't find that plugin. Has anyone had experience with anything related to setting message expiration on outbound messages? I would like to set a default, but potentially allow users to override that (maybe within a certain range and a selection from a calendar pop-up would be fantastic). Thanks in advance, Stephen Zemlicka -- View this message in context: http://squirrelmail.5843.n7.nabble.com/Set-Outgoing-Message-Expiration-tp25792.html Sent from the squirrelmail-devel mailing list archive at Nabble.com. |
|
From: Paul L. <pa...@sq...> - 2014-01-21 22:46:23
|
On Tue, Jan 21, 2014 at 12:59 AM, Emmanuel Dreyfus <ma...@ne...> wrote: > On Mon, Jan 20, 2014 at 07:47:54PM -0800, Paul Lesniewski wrote: >> I made the change on purpose, however, on second thought, it would >> probably be best to have the flexibility of letting the administrator >> apply the global options as well. I just reverted to the way you had >> originally proposed. Changes are in SVN. > > Shouldn't you revert the option name as well? $smtpSslOptions contains > non SSL stuff now. $smtpOptions seems mor coherent. > > But I am getting picky, this is not a real issue. No, no problem, I appreciate attention to detail myself. I just changed to $smtp_stream_options and $imap_stream_options Thanks -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Emmanuel D. <ma...@ne...> - 2014-01-21 09:00:04
|
On Mon, Jan 20, 2014 at 07:47:54PM -0800, Paul Lesniewski wrote: > I made the change on purpose, however, on second thought, it would > probably be best to have the flexibility of letting the administrator > apply the global options as well. I just reverted to the way you had > originally proposed. Changes are in SVN. Shouldn't you revert the option name as well? $smtpSslOptions contains non SSL stuff now. $smtpOptions seems mor coherent. But I am getting picky, this is not a real issue. -- Emmanuel Dreyfus ma...@ne... |
|
From: Paul L. <pa...@sq...> - 2014-01-21 03:48:21
|
On Mon, Jan 20, 2014 at 7:01 PM, Emmanuel Dreyfus <ma...@ne...> wrote: > Paul Lesniewski <pa...@sq...> wrote: > >> http://sourceforge.net/p/squirrelmail/code/14427 >> http://sourceforge.net/p/squirrelmail/code/14429 > > Thanks. I understand I have to use > $smtpSslOptions['cafile'] instead of $smtpOptions['ssl']['cafile'] > > That makes impossible to set up other socket options documented here: > http://fr2.php.net/manual/fr/context.socket.php > > I did not meant to use them, but I just note the change, in case you did > not make it on purpose. I made the change on purpose, however, on second thought, it would probably be best to have the flexibility of letting the administrator apply the global options as well. I just reverted to the way you had originally proposed. Changes are in SVN. Thanks again. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: <ma...@ne...> - 2014-01-21 02:57:43
|
Paul Lesniewski <pa...@sq...> wrote: > http://sourceforge.net/p/squirrelmail/code/14427 > http://sourceforge.net/p/squirrelmail/code/14429 Thanks. I understand I have to use $smtpSslOptions['cafile'] instead of $smtpOptions['ssl']['cafile'] That makes impossible to set up other socket options documented here: http://fr2.php.net/manual/fr/context.socket.php I did not meant to use them, but I just note the change, in case you did not make it on purpose. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz ma...@ne... |
|
From: Paul L. <pa...@sq...> - 2014-01-21 01:56:38
|
On Mon, Jan 20, 2014 at 1:16 AM, Emmanuel Dreyfus <ma...@ne...> wrote: > On Sun, Jan 19, 2014 at 08:17:25PM -0800, Paul Lesniewski wrote: >> > Squirrelmail has TLS support, but it lacks the ability to enforce server >> > certificate validation. This leaves no defense against MiM attacks using >> > a self-signed certificate. > (...) >> Indeed. If you care to send a diff, I'd be happy to commit it. > > Here is it: > http://ftp.espci.fr/shadow/manu/sq-stream.patch > > I tested it with this configuration: > $smtpServerAddress='smtp.example.net'; > $smtpPort = 465; > $use_smtp_tls = true; > $smtpOptions['ssl']['verify_peer'] = true; > $smtpOptions['ssl']['verify_depth'] = 3; > $smtpOptions['ssl']['cafile'] = '/etc/openssl/certs/ca.crt'; > > Using the wrong CA in $smtpOptions['ssl']['cafile'] cause the connexion > to abort, which suggests the thing works. Sendmail logs the TLS cipher > used as being ECDHE-RSA-AES256-GCM-SHA384, which is the best OpenSSL > can do. http://sourceforge.net/p/squirrelmail/code/14427 http://sourceforge.net/p/squirrelmail/code/14429 I also added same support on the IMAP side. Thanks again, -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: <ma...@ne...> - 2014-01-20 12:34:45
|
Hi You replied on the imapproxy patch, but not on the squirrelmail one. Was it committed, or is there something to improve? Emmanuel Dreyfus <ma...@ne...> wrote: > > Indeed. If you care to send a diff, I'd be happy to commit it. > > Here is it: > http://ftp.espci.fr/shadow/manu/sq-stream.patch > > I tested it with this configuration: > $smtpServerAddress='smtp.example.net'; > $smtpPort = 465; > $use_smtp_tls = true; > $smtpOptions['ssl']['verify_peer'] = true; > $smtpOptions['ssl']['verify_depth'] = 3; > $smtpOptions['ssl']['cafile'] = '/etc/openssl/certs/ca.crt'; > > Using the wrong CA in $smtpOptions['ssl']['cafile'] cause the connexion > to abort, which suggests the thing works. Sendmail logs the TLS cipher > used as being ECDHE-RSA-AES256-GCM-SHA384, which is the best OpenSSL > can do. > > There is just one small problem, with default timeout: having a > null timeout cause CA validation to always fail. In that patch, > I change a null tuimeout to abitrary value 30, but perhaps that > should be configurable. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz ma...@ne... |
|
From: Emmanuel D. <ma...@ne...> - 2014-01-20 09:16:32
|
On Sun, Jan 19, 2014 at 08:17:25PM -0800, Paul Lesniewski wrote: > > Squirrelmail has TLS support, but it lacks the ability to enforce server > > certificate validation. This leaves no defense against MiM attacks using > > a self-signed certificate. (...) > Indeed. If you care to send a diff, I'd be happy to commit it. Here is it: http://ftp.espci.fr/shadow/manu/sq-stream.patch I tested it with this configuration: $smtpServerAddress='smtp.example.net'; $smtpPort = 465; $use_smtp_tls = true; $smtpOptions['ssl']['verify_peer'] = true; $smtpOptions['ssl']['verify_depth'] = 3; $smtpOptions['ssl']['cafile'] = '/etc/openssl/certs/ca.crt'; Using the wrong CA in $smtpOptions['ssl']['cafile'] cause the connexion to abort, which suggests the thing works. Sendmail logs the TLS cipher used as being ECDHE-RSA-AES256-GCM-SHA384, which is the best OpenSSL can do. There is just one small problem, with default timeout: having a null timeout cause CA validation to always fail. In that patch, I change a null tuimeout to abitrary value 30, but perhaps that should be configurable. While I am there, I made te same work on imapproxy. That was discussed and submitted on the relevant mailig list months ago, but it was not committed so far. Here is the latest patch, in case someone can check it in: http://ftp.espci.fr/shadow/manu/imapproxy4.patch -- Emmanuel Dreyfus ma...@ne... |
|
From: Paul L. <pa...@sq...> - 2014-01-20 04:17:53
|
On Sat, Nov 23, 2013 at 9:37 PM, Emmanuel Dreyfus <ma...@ne...> wrote:
> Squirrelmail has TLS support, but it lacks the ability to enforce server
> certificate validation. This leaves no defense against MiM attacks using
> a self-signed certificate.
>
> Here is how it could be fixed, for SMTP side. Connexion is established
> in class/deliver/Deliver_SMTP.class.php:
>
> $stream =
> @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
>
> The stream_socket_client() function is an alternative to fsockopen()
> that appeared in PHP 5. It allows the caller to specify a context with
> various options:
>
> if (function_exists('stream_socket_client') {
> $remote = sprintf("ssl://%s:%d", $host, port);
> $opts = array(
> 'ssl' => array(
> 'verify_peer' => TRUE,
> 'verify_depth' => 5,
> 'cafile' => '/path/to/ca_file',
> ),
> );
> $ctx = stream_context_create($opts);
> $timeout = ini_get("default_socket_timeout");
> $stream =
> @stream_socket_client($remote, $errorNumber, $errorString,
> $timeout, STREAM_CLIENT_CONNECT, $ctx);
> } else {
> $stream =
> @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString);
> }
>
> Of course '/path/to/ca_file' needs to be configurable, I can work on
> this if the idea is accepted.
>
> Also note that I changed tls:// to ssl://. Inside the bowels of PHP,
> tls:// causes OpenSSL's TLSv1_client_method() to be used. As its name
> suggests, this metho can only negociate TLSv1.
>
> ssl:// causes SSLv23_client_method() to be used. As its named does not
> suggests, it is able to negociate the highest protocol version
> avaialble, up to TLSv1.2 if the installed OpenSSL supports it. This
> causes much stronger ciphers to be used.
>
> For now Squirrelmail's usage of tls:// can be worked around by
> specifying a ssl:// prefixed $smtpServerAddress with $use_smtp_tls =
> false, but switching the code to ssl:// would immediatly improve
> everyone setup.
Indeed. If you care to send a diff, I'd be happy to commit it.
> I did not look at the IMAP side since I use imapproxy, and therefore
> Squirrelmail is not incharge of IMAP TLS, but the idea is the same.
If you have the interest in addressing this, we'd appreciate it, but
if not, that's fine and I would be happy to take care of it.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
|
|
From: <ma...@ne...> - 2014-01-18 05:45:02
|
Hello
I got no reply to the message below. Is there really no interest in
certificate validation? Encrypting communication is of little interest
if you are not sure of who you are talking with...
Emmanuel Dreyfus <ma...@ne...> wrote:
> Squirrelmail has TLS support, but it lacks the ability to enforce server
> certificate validation. This leaves no defense against MiM attacks using
> a self-signed certificate.
>
> Here is how it could be fixed, for SMTP side. Connexion is established
> in class/deliver/Deliver_SMTP.class.php:
>
> $stream =
> @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
>
> The stream_socket_client() function is an alternative to fsockopen()
> that appeared in PHP 5. It allows the caller to specify a context with
> various options:
>
> if (function_exists('stream_socket_client') {
> $remote = sprintf("ssl://%s:%d", $host, port);
> $opts = array(
> 'ssl' => array(
> 'verify_peer' => TRUE,
> 'verify_depth' => 5,
> 'cafile' => '/path/to/ca_file',
> ),
> );
> $ctx = stream_context_create($opts);
> $timeout = ini_get("default_socket_timeout");
> $stream =
> @stream_socket_client($remote, $errorNumber, $errorString,
> $timeout, STREAM_CLIENT_CONNECT, $ctx);
> } else {
> $stream =
> @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString);
> }
>
> Of course '/path/to/ca_file' needs to be configurable, I can work on
> this if the idea is accepted.
>
> Also note that I changed tls:// to ssl://. Inside the bowels of PHP,
> tls:// causes OpenSSL's TLSv1_client_method() to be used. As its name
> suggests, this metho can only negociate TLSv1.
>
> ssl:// causes SSLv23_client_method() to be used. As its named does not
> suggests, it is able to negociate the highest protocol version
> avaialble, up to TLSv1.2 if the installed OpenSSL supports it. This
> causes much stronger ciphers to be used.
>
> For now Squirrelmail's usage of tls:// can be worked around by
> specifying a ssl:// prefixed $smtpServerAddress with $use_smtp_tls =
> false, but switching the code to ssl:// would immediatly improve
> everyone setup.
>
> I did not look at the IMAP side since I use imapproxy, and therefore
> Squirrelmail is not incharge of IMAP TLS, but the idea is the same.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
ma...@ne...
|
|
From: Paul L. <pa...@sq...> - 2014-01-03 08:35:40
|
On Thu, Dec 19, 2013 at 10:43 PM, Martin Ng <ma...@av...> wrote: > > Hi, > > I think it is due to the wrong value in my config.php: 1) Please don't top post 2) Please post in plain text only 3) Please search the mailing list archives before posting 4) See http://sourceforge.net/p/squirrelmail/bugs/2806 5) Thanks for your interest > $default_charset = 'iso-8859-1'; > > After switching to utf-8, it is OK. > > Regards, > Martin > > > On 12/17/2013 12:53 PM, Martin Ng wrote: > > Hi, > > I found that the non-unicode messages cannot be displayed correctly in the latest SquirrelMail. > The non-unicode subject line, attachment name, etc can't be displayed. > It looks like this in one of our SquirrelMail installations: > > So the user is unable to read the message or download the attachment because of anchor text is missing. > > I've identified the code that causes the missing text. > In functions/i18n.php (line 187): > > if (! $save_html) $string = htmlspecialchars ($string); > > The htmlspecialchars returns empty string since the $string variable contains non-UTF8 characters (say GB2312). > This is explained in the PHP documentation at http://php.net/htmlspecialchars: > > If the input string passed to this function and the final document share the same character set, this function is sufficient to prepare input for inclusion in most contexts of an HTML document. If, however, the input can represent characters that are not coded in the final document character set and you wish to retain those characters (as numeric or named entities), both this function and htmlentities() (which only encodes substrings that have named entity equivalents) may be insufficient. You may have to use mb_encode_numericentity() instead. > > Currently, I've commented it out as a workaround. > But I think this code should be fixed officially. I don't know why htmlspecialchars is needed there, but I think it was added on purpose. > > SquirrelMail version: 1.4.22 > Every plugin installed: built-in plugins > PHP version: 5.4.23 > Web server: 2.2.16 > IMAP server: Qmail installed via http://qmailrocks.thibs.com > SMTP server: Qmail installed via http://qmailrocks.thibs.com > OS: Debian Squeeze > How your software was installed, including the package name if applicable: squirrelmail-webmail-1.4.22.zip and squirrelmail-decode-1.2.zip > Browsers tried: Firefox 25.0.1 -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Paul L. <pa...@sq...> - 2013-12-22 00:56:23
|
Please don't top-post, thanks. > Actually, I've tested this using clean SquirrelMail with no plugins enabled. > I heard about this from someone else who had this problem so I decided to > test it for myself and sure enough, I got the same results. It doesn't > happen on any other OS or browser, just IE 10 under Windows 8 with metro. > (Well... I didn't test it on IE 11 yet.) It looks like IE refreshes the > entire frameset instead of just one of the frames. This happens regardless > of what page the right frame displays. Maybe it's an IE bug, or maybe IE is doing something funny depending on it being in compatibility mode or the likes. Maybe it wants a specific syntax to refresh the frame instead of the whole window. SquirrelMail is using a meta tag refresh and while it would be nicest if you could help diagnose what is happening, you could also use one of the new refresh mechanisms added a couple weeks ago to 1.4.23-SVN (snapshots on our downloads page). Another thing you can try very easily is changing the browser rendering mode setting in the SquirrelMail configuration. > If I have some time next week I'll try to test this a bit more and see if I > can pin-point the problem. It's probably something IE-10-specific, maybe it > handles framesets differently... I'll let you know if I find something. And > if you happen to find a solution earlier, please let me know. You can also test by creating a simple frameset where one frame has a META refresh in it. I'm leaving DOCTYPE out, but that could also have an effect: <html><head></head> <frameset cols="200, *"> <frame src="left.html" name="left" frameborder="1"> <frame src="right.html" name="right" frameborder="1"> </frameset> </html> right.html <html><head></head> <body>Hello World Right </body></html> left.html <html><head> <meta http-equiv="REFRESH" content="5;URL=left.html"> </head> <body>Hello World Left </body></html> Along with various DOCTYPEs, you can play with the syntax of the meta tag: <meta http-equiv="REFRESH" content="5"> <meta http-equiv="refresh" content="5;URL=left.html"> <meta http-equiv="refresh" content="5"> -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Paul L. <pa...@sq...> - 2013-12-20 18:48:42
|
I suggest you recommend the Address Book Grouping and Pagination plugin to the person who originally had the problem you read about. That plugin is more fully featured and does not restrict one to using a database backend for address books. On Thu, Dec 19, 2013 at 8:30 AM, Nino Novak <ni...@kf...> wrote: > Hi Tomas, > > sorry, I did not find your personal mail address (it was always > truncated after the "us" ;-) ), so I'm posting this little patch for > abook_group plugin here. > > As I'm not a dev, please bear with me if the patch does not fulfill all > quality criteria - the correction should work anyways, it just removes a > newline character + some whitespace which causes ugly button display in > some Mac browsers. > > If possible, please test it before integration because I couldn't as I > have no working instance of SM myself. I just created the patch after > reading a Mac user's complaint. > > Thanks, > Nino > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > ----- > squirrelmail-devel mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squ...@li... > List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Martin Ng <ma...@av...> - 2013-12-20 06:43:34
|
Hi, I think it is due to the wrong value in my config.php: > $default_charset = 'iso-8859-1'; After switching to utf-8, it is OK. Regards, Martin On 12/17/2013 12:53 PM, Martin Ng wrote: > Hi, > > I found that the non-unicode messages cannot be displayed correctly in > the latest SquirrelMail. > The non-unicode subject line, attachment name, etc can't be displayed. > It looks like this in one of our SquirrelMail installations: > > So the user is unable to read the message or download the attachment > because of anchor text is missing. > > I've identified the code that causes the missing text. > In functions/i18n.php (line 187): >> if (! $save_html) $string = htmlspecialchars ($string); > The htmlspecialchars returns empty string since the $string variable > contains non-UTF8 characters (say GB2312). > This is explained in the PHP documentation at > http://php.net/htmlspecialchars: >> If the input string passed to this function and the final document >> share the same character set, this function is sufficient to prepare >> input for inclusion in most contexts of an HTML document. If, >> however, the input can represent characters that are not coded in the >> final document character set and you wish to retain those characters >> (as numeric or named entities), both this function and htmlentities() >> <http://www.php.net/manual/en/function.htmlentities.php> (which only >> encodes substrings that have named entity equivalents) may be >> insufficient. You may have to use mb_encode_numericentity() >> <http://www.php.net/manual/en/function.mb-encode-numericentity.php> >> instead. > Currently, I've commented it out as a workaround. > But I think this code should be fixed officially. I don't know why > htmlspecialchars is needed there, but I think it was added on purpose. > >> * SquirrelMail version: 1.4.22 >> * Every plugin installed: built-in plugins >> * PHP version: 5.4.23 >> * Web server: 2.2.16 >> * IMAP server: Qmail installed via http://qmailrocks.thibs.com >> * SMTP server: Qmail installed via http://qmailrocks.thibs.com >> * OS: Debian Squeeze >> * How your software was installed, including the package name if >> applicable: squirrelmail-webmail-1.4.22.zip and >> squirrelmail-decode-1.2.zip >> * Browsers tried: Firefox 25.0.1 >> > > Regards, > Martin > > -- > > *Martin Ng, /MSc/ | Engineering Manager* > "we love what we do" > www.avalade.com <http://www.avalade.com> | Google+ > <https://plus.google.com/108432764531553527223> | facebook > <http://www.facebook.com/avaladegroup> *avalade group > limited | marketing management technology* > 26C, MG Tower, 133 Hoi Bun Road, Kowloon, Hong Kong > Tel: +852 8212 0181 | Fax: +852 8212 0183 > > > Disclaimer: This transmission and the information it contains, > including any attachment, is intended solely for the named > recipient(s). It is confidential and the unauthorized use, disclosure > or copying of this transmission or such information is prohibited. If > you are not the/a recipient, and are in possession of this > transmission (or any copy) without the consent of any named recipient, > please notify the originator immediately and delete the transmission > (including any attachment) and its contents. > -- *Martin Ng, /MSc/ | Engineering Manager* "we love what we do" www.avalade.com <http://www.avalade.com> | Google+ <https://plus.google.com/108432764531553527223> | facebook <http://www.facebook.com/avaladegroup> *avalade group limited | marketing management technology* 26C, MG Tower, 133 Hoi Bun Road, Kowloon, Hong Kong Tel: +852 8212 0181 | Fax: +852 8212 0183 Disclaimer: This transmission and the information it contains, including any attachment, is intended solely for the named recipient(s). It is confidential and the unauthorized use, disclosure or copying of this transmission or such information is prohibited. If you are not the/a recipient, and are in possession of this transmission (or any copy) without the consent of any named recipient, please notify the originator immediately and delete the transmission (including any attachment) and its contents. |
|
From: Nino N. <ni...@kf...> - 2013-12-19 16:29:08
|
Hi Tomas, sorry, I did not find your personal mail address (it was always truncated after the "us" ;-) ), so I'm posting this little patch for abook_group plugin here. As I'm not a dev, please bear with me if the patch does not fulfill all quality criteria - the correction should work anyways, it just removes a newline character + some whitespace which causes ugly button display in some Mac browsers. If possible, please test it before integration because I couldn't as I have no working instance of SM myself. I just created the patch after reading a Mac user's complaint. Thanks, Nino |
|
From: Martin Ng <ma...@av...> - 2013-12-17 05:18:28
|
Hi, I found that the non-unicode messages cannot be displayed correctly in the latest SquirrelMail. The non-unicode subject line, attachment name, etc can't be displayed. It looks like this in one of our SquirrelMail installations: So the user is unable to read the message or download the attachment because of anchor text is missing. I've identified the code that causes the missing text. In functions/i18n.php (line 187): > if (! $save_html) $string = htmlspecialchars ($string); The htmlspecialchars returns empty string since the $string variable contains non-UTF8 characters (say GB2312). This is explained in the PHP documentation at http://php.net/htmlspecialchars: > If the input string passed to this function and the final document > share the same character set, this function is sufficient to prepare > input for inclusion in most contexts of an HTML document. If, however, > the input can represent characters that are not coded in the final > document character set and you wish to retain those characters (as > numeric or named entities), both this function and htmlentities() > <http://www.php.net/manual/en/function.htmlentities.php> (which only > encodes substrings that have named entity equivalents) may be > insufficient. You may have to use mb_encode_numericentity() > <http://www.php.net/manual/en/function.mb-encode-numericentity.php> > instead. Currently, I've commented it out as a workaround. But I think this code should be fixed officially. I don't know why htmlspecialchars is needed there, but I think it was added on purpose. > * SquirrelMail version: 1.4.22 > * Every plugin installed: built-in plugins > * PHP version: 5.4.23 > * Web server: 2.2.16 > * IMAP server: Qmail installed via http://qmailrocks.thibs.com > * SMTP server: Qmail installed via http://qmailrocks.thibs.com > * OS: Debian Squeeze > * How your software was installed, including the package name if > applicable: squirrelmail-webmail-1.4.22.zip and > squirrelmail-decode-1.2.zip > * Browsers tried: Firefox 25.0.1 > Regards, Martin -- *Martin Ng, /MSc/ | Engineering Manager* "we love what we do" www.avalade.com <http://www.avalade.com> | Google+ <https://plus.google.com/108432764531553527223> | facebook <http://www.facebook.com/avaladegroup> *avalade group limited | marketing management technology* 26C, MG Tower, 133 Hoi Bun Road, Kowloon, Hong Kong Tel: +852 8212 0181 | Fax: +852 8212 0183 Disclaimer: This transmission and the information it contains, including any attachment, is intended solely for the named recipient(s). It is confidential and the unauthorized use, disclosure or copying of this transmission or such information is prohibited. If you are not the/a recipient, and are in possession of this transmission (or any copy) without the consent of any named recipient, please notify the originator immediately and delete the transmission (including any attachment) and its contents. |
|
From: ansgarat <ans...@gm...> - 2013-12-14 10:46:52
|
Hi Paul, Actually, I've tested this using clean SquirrelMail with no plugins enabled. I heard about this from someone else who had this problem so I decided to test it for myself and sure enough, I got the same results. It doesn't happen on any other OS or browser, just IE 10 under Windows 8 with metro. (Well... I didn't test it on IE 11 yet.) It looks like IE refreshes the entire frameset instead of just one of the frames. This happens regardless of what page the right frame displays. If I have some time next week I'll try to test this a bit more and see if I can pin-point the problem. It's probably something IE-10-specific, maybe it handles framesets differently... I'll let you know if I find something. And if you happen to find a solution earlier, please let me know. -- View this message in context: http://squirrelmail.5843.n7.nabble.com/Squirrelmail-under-IE-10-auto-refreshes-the-right-frame-along-with-the-folder-list-tp25698p25704.html Sent from the squirrelmail-devel mailing list archive at Nabble.com. |
60 messages has been excluded from this view by a project administrator.
