1 Installation 2 3 * Upgrading from an earlier version 4 * Overview 5 * Spell checking 6 * PAM authentication 7 * Password changes 8 * Runtime configuration 9 * Account initialization hook 10 * Adjusting session timeouts 11 * Adjusting maximum message size 12 * Random seed 13 * Domain-based templates 14 * Name-based templates 15 * Shared folders 16 * LDAP address books 17 * Mail Filtering 18 * Calendaring 19 * Encryption 20 * FAQ: Problems with downloading attachments with Internet Explorer 21 versions 4 and 5 22 23Upgrading from an earlier version 24 25 Follow the general installation instructions, below, in order to upgrade 26 an existing installation. You just need to make sure that the options to 27 the configure script are the same as for the previous version. You may 28 specify additional options as well, that are new to this release. 29 30 Upgrading from versions prior to 6.0.0 31 32 SqWebMail 6.0.0 update is coordinated with the Courier-IMAP update to 33 Courier-IMAP version 5.0, which added native IMAP UTF8 (Unicode) support 34 and switched to using Unicode for folder names. An update to SqWebMail 6 35 requires a concurrent upgrade to Courier-IMAP 5, and a one-time conversion 36 of all existing mail folders. See the maildirmake(1) manual page for more 37 information. 38 39 Upgrading from versions prior to 5.7.3 40 41 Building SqWebMail now requires the Courier Unicode Library to be 42 installed first. 43 44 Upgrading from versions prior to 5.4 45 46 Building SqWebMail now requires the The GNU IDN library. 47 48 Upgrading from versions prior to 5.1 49 50 SqWebMail now requires the PCRE library to compile. Additionally, if using 51 maildrop, maildrop must be upgraded to version 2.0. 52 53 Version 2.0 of maildrop now uses the PCRE for pattern matching (PCRE is 54 still required to compile SqWebMail even if maildrop is not used), and 55 it's possible that some arkane existing pattern is no longer valid under 56 maildrop 2.0. What will happen is that the first time SqWebMail's mail 57 filtering screen is opened, the non-compatible filtering rules will be 58 quietly deleted. This is a necessary even, and must be done, and the 59 updated filtering rules must be saved, in order to enable mail delivery to 60 this account. 61 62 Upgrating from versions prior to 5.0 63 64 There are two major changes in version 5.0. Starting with 5.0, the 65 authentication library that used to be a part of SqWebMail's source has 66 been spun off into a standalone authentication library. 67 68 You must download and install the Courier authentication library from 69 http://www.courier-mta.org/download.php#authlib before upgrading. Review 70 the documentation in the courier-authlib package for more information. 71 72 The second major change is that the default installation directories for 73 SqWebMail have been changed. SqWebMail's default installation is now more 74 closely aligned with standard installation directories used by many other 75 packages based on the GNU toolchain. 76 77 Earlier versions of SqWebMail preferred to be installed in 78 /usr/local/share/sqwebmail, with various bits and pieces scattered 79 elsewhere. 80 81 Now, SqWebMail's installation layout follows the standards much closer. 82 SqWebMail now implements the usual configuration directives: --prefix, 83 --exec-prefix, --bindir, --datadir, and all the rest. There's only one 84 non-standard default: unless the --prefix option is specified, SqWebMail 85 will be install in /usr/lib/sqwebmail. That's the default installation 86 tree. 87 88 Use the following procedure to upgrade the current installation of 89 SqWebMail: 90 91 If you're using a package manager, such as RPM or APT, build a new 92 package, and let the package manager figure out what to do. Only one 93 manual step may be required, which the package manager probably won't be 94 able to handle on its own: there might be some left-over custom 95 configuration files in /usr/local/share/sqwebmail. Review the old 96 configuration files, and re-apply any custom changes to the new version's 97 configuration file (which will be in /usr/lib/sqwebmail/etc, or wherever 98 your --sysconfdir option places them). DO NOT just copy the configuration 99 file verbatim. Manually re-apply changes, one at a time. 100 101 Otherwise: install the authentication library first. Make sure it is 102 working. Use the authtest program to verify that the authentication 103 library is seeing the existing mail accounts. 104 105 Download the new version of SqWebMail, and extract the source code into a 106 new directory. Follow the regular installation instructions up until the 107 "make install" command. 108 109 Don't run the "make install" command. Switch to the directory with the old 110 SqWebMail's source code, and run "make uninstall" to remove the old 111 version of SqWebMail. Go back to the new source code, then run "make 112 install", then "make install-configure". 113 114 After upgrading, check SqWebMail's older installation directory (usually 115 /usr/local/share/sqwebmail). It'll probably still have some left-over 116 configuration files. Start the new version of SqWebMail, verify that it's 117 working, then nuke /usr/local/share/sqwebmail in order to avoid any future 118 confusion. 119 120 Upgrading from versions prior to 4.1 121 122 In 4.1, the sqwebmaild, authdaemond and pcpd processes all run in the 123 foreground; they are daemonized by running them under the control of a 124 'courierlogger' process, which also captures their stderr output and sends 125 it to syslog. The script sqwebmaild.rc takes care of this for you. After 126 upgrading to 4.1 you will need to modify your system startup script to run 127 sqwebmaild.rc start and not to run sqwebmaild start or authdaemond start. 128 See below for more information. 129 130 Additional authentication debugging capabilities have been added. See 131 authlib/README.authdebug.html for more information. 132 133 A new configuration file, /usr/local/share/sqwebmail/sqwebmaild has been 134 added. Make sure you run make install-configure to create the initial 135 version of this file. 136 137 Upgrading from versions prior to 3.0 138 139 THIS IS A MAJOR UPGRADE 140 141 All mail passwords must be reset when upgrading from versions prior to 142 3.0. Prior to 3.0 SqWebMail maintained a separate password file for 143 webmail logins. It was automatically initialized with the system password, 144 but then maintained separately. "System password" here refers to whatever 145 password authentication was installed: traditional /etc/passwd file, or 146 MySQL, LDAP, or several other methods. 147 148 The separate webmail password file was needed because SqWebmail lacked a 149 convenient way to update the system password. Starting in 3.0, additional 150 code and scripts were added that update the "real" password, and 151 SqWebMail's separate password files are removed. Here is a suggested 152 migration plan: 153 154 Note: if you were using the authvchkpw module then you're pretty much off 155 the hook. All except very old versions of SqWebMail had a special 156 authvchkpw module that kept SqWebMail's and vpopmail's passwords in sync. 157 Although you're mostly off the hook, you should still follow these 158 instructions in order to insure a smooth transition. 159 160 * Add the following options to the configure script: 161 --prefix=/usr/local/share/sqwebmail3 162 --with-cachedir=/var/cache/sqwebmail3 --enable-imageurl=/webmail3 163 --enable-imagedir=/var/www/htdocs/webmail3 164 --enable-cgibindir=/var/www/cgi-bin/sqwebmail3 165 166 The effect of these options is to install SqWebMail3 into different 167 directories than the previous version of sqwebmail (you may need to 168 use a different --enable-imagedir option that reflects your web 169 document root). The default configuration installs SqWebMail in 170 /usr/local/share/sqwebmail (using /var/cache/sqwebmail as the login 171 cache, and /webmail for images). By carefully picking the options, 172 SqWebMail 3.0 can coexist with an earlier version. Earlier versions of 173 SqWebMail also installed a couple of files in /usr/local/libexec, 174 SqWebMail 3.0 no longer does that. 175 176 * Specify the same options to the configure script that were specified 177 for the existing SqWebMail install. 178 * After compiling, run the following command as a non-root user: make 179 install DESTDIR=/tmp/sqwebmail3 (as always, use gmake instead of make 180 on xBSD, this command is implemented by GNU make only). 181 * This essentially installs all files in /tmp/sqwebmail3, which is like 182 a virtual chroot jail: /usr/local/share/sqwebmail becomes 183 /tmp/sqwebmail3/usr/local/share/sqwebmail, etc... Examine the contents 184 of the /tmp/sqwebmail3 tree. This will allow you to confirm that the 185 real make install is not going to scribble over any part of the 186 existing installation. Examine all files and directories underneath 187 /tmp/sqwebmail3 and verify that they are different from the existing 188 install. 189 * Run make install for real. Reenter all configuration data into version 190 3's configuration files, to match the existing sqwebmail's 191 configuration. Don't forget to set up version 3's cleanup cron job. 192 For a short period of time there will be two copies of each. Some 193 careful attention will be needed to keep everything in order. 194 * If you are using the authuserdb authentication module, run the 195 makeuserdb script from sqwebmail 3.0 to rebuild the userdb database. 196 * Create a test mail account (if none already exist). Log into the mail 197 account using the previous version of SqWebMail's (which should still 198 be installed) password, password A. 199 * Run the new sqwebmaild.rc start script (and install version 3's cron 200 job). Reset the test mail account's password to password B. Load the 201 URL for version 3's sqwebmail binary in a browser. The URL will 202 probably be http://domain/cgi-bin/sqwebmail3/sqwebmail. Log into the 203 test mail account with password B. Go into the preferences and change 204 password B to password C. Log out and log in using password C. Now, go 205 back to the existing version of SqWebMail (probably 206 http://domain/cgi-bin/sqwebmail), and observe that you will still use 207 password A with the existing version of SqWebMail, which maintains a 208 separate password file. 209 * Convince yourself that everything Is Working Right[tm]. 210 * Make arrangements to reset all mail account passwords. That's mostly 211 an administrative function. 212 * Go into the cgi-bin directory. Rename the existing sqwebmail binary to 213 sqwebmail.old, then move the new sqwebmail binary from the sqwebmail3 214 subdirectory. 215 * After everything has been running smoothly for a couple of weeks, blow 216 away the old version of SqWebMail. Decommission its authdaemond 217 process, and delete its cron job. You'll have to make yourself a 218 mental note to always use the extra options to the configure script in 219 order to be able to upgrade future versions of SqWebMail into the same 220 non-default installation location. That's not the end of the world, 221 and if you feel comfortable knowing what you're doing, you can always 222 rerun configure, and reinstall version 3 into the default installation 223 location. This is up to you. 224 225 NOTE: the default configuration settings have been changed to always build 226 the authdaemon module, and build all real authentication modules inside 227 authdaemond. This is true even with the authvchkpw module. authdaemond is 228 needed to support the new password authentication framework. 229 230 Upgrading from versions prior to 1.1 231 232 Prior to SqWebMail 1.1, each version installed a default set of 233 configuration files. If some custom changes were made to an existing 234 configuration, after installation those changes had to be reapplied. 235 236 Beginning with version 1.1 this process is mostly automated. Starting with 237 version 1.1, the configuration files contain additional metadata that 238 allow them to be upgraded automatically. For this to work both the old and 239 the new configuration files must contain this metadata. 240 241 Therefore, when upgrading to version 1.1, proceed as follows. Back up the 242 existing configuration, then follow the procedures below to install this 243 version. Because the existing configuration files carry no auto-update 244 metadata, the installation script will rename each configuration file 245 "filename" to "filename.bak", and write a default "filename" in its place. 246 Afterward, edit "filename" and manully reenter all custom changes. Do NOT 247 simply copy the previous configuration file and overwrite the new version, 248 because the autoupdate metadata will be lost. 249 250 Note: not all configuration files can be upgraded automatically. Only 251 those configuration files that carry multiple settings ( authdaemonrc, 252 authldaprc, authmysqlrc, and ldapaddressbook) can be automatically 253 upgraded. 254 255Overview 256 257 The requirements to install SqWebMail are: 258 259 * A C++ compiler. SqWebMail is written in C but there are some auxiliary 260 programs that are written in C++. gcc is recommended. 261 * The PCRE library. 262 * GNU make. This is the default make on Linux. xBSD and other systems 263 usually install GNU make as "gmake". Replace all references to "make" 264 in this document to "gmake". 265 * The GNU IDN library (http://www.gnu.org/software/libidn/). 266 * A web server. Apache will do nicely, but so will any web server that 267 fully implements the Common Gateway Interface. SqWebMail is a straight 268 CGI app, and does not need any other support from the web server. 269 However, the web server must implement the full CGI interface, since 270 SqWebMail makes the use of pretty much every CGI variable in 271 existence. 272 * Courier Unicode Library. Before installing SqWebMail, download and 273 install http://www.courier-mta.org/unicode/. 274 * The Courier authentication library. Before installing Courier-IMAP, 275 download and install http://www.courier-mta.org/authlib/. 276 277 The typical sequence of commands to compile and install SqWebMail is as 278 follows: 279 280 281 ./configure [options - see below] 282 make configure-check 283 make 284 make check 285 make install-strip # Do a make install if this doesn't work 286 make install-configure # Install configuration files. 287 288 # Create post-install cron jobs, and modify system startup script 289 290 # Tweak your web server for MSIE 291 292 GNU make is required to compile and install SqWebMail. On xBSD systems GNU 293 make is installed as the "gmake" command. Anywhere this documentation 294 mentions the make command, substitute gmake for make. If you do not have 295 gmake on your system, install it before installing SqWwebMail. 296 297 The options to the configure program are as follows: 298 299 * --with-libcharset - use the GNU libcharset library, if installed. Some 300 systems do not implement the nl_langinfo(CODESET) system call, which 301 determines the character set used by system messages. If SqWebMail 302 cannot determine the system character set then some items may not be 303 displayed in the correct character set. One example would be the 304 message date times, which use the system strftime() function. Some 305 systems nl_langingo(CODESET) may be available, but may not return the 306 preferred or the correct MIME character set name. Both problems may be 307 fixed by installing the GNU libcharset library, and using the option 308 to compile the support for it. 309 * --with-cachedir=dir, --with-cacheowner=userid - SqWebMail uses a cache 310 of currently active logins. SqWebMail runs for each and every HTTP 311 request, and after starting, it needs to locate the account's maildir. 312 Because hitting the authentication module can be expensive (think 313 MySQL/PostgreSQL/LDAP query for every HTTP request!) SqWebMail caches 314 the login information, in order to avoid having your authentication 315 server brought down to its knees. By default, the directory 316 /var/cache/sqwebmail or /var/run/sqwebmail will be used, owned by the 317 bin user. These options can be used to specify a different location 318 for the sqwebmail login cache directory. 319 You MUST add a periodic cron job to run the cleancache.pl script in 320 order to delete stale cache records from the cache directory. make 321 install will display the message containing the text of the cron job. 322 * --without-gzip - do not use gzip compression. By default, some pages 323 will be compressed with gzip before being sent by sqwebmail (to 324 browsers that support gzip compression). Note that this may result in 325 additional load on your server, so --without-gzip can be used to turn 326 it off, if necessary. The gzip program must be in your default path at 327 the time you run configure in order for gzip compression to be enabled 328 (the absolute pathname is computed and used at runtime). 329 * --with-db=db - Either the GDBM or the DB library is required by 330 SqWebMail. The configuration script will check for either one's 331 availability. If both are found, GDBM is selected. Use this option to 332 select the DB library instead (if you only have the DB library 333 installed, this option is not required). 334 335 * --enable-https - have SqWebMail generate https:// URLs for all 336 accesses, instead of http://. 337 * --enable-https=login - generate a single https:// URL for the login 338 function only. The idea is to use SSL just to send the login and the 339 password. In order for this option to work the URL for both http:// 340 and https:// path to SqWebMail must be identical! 341 * --enable-https=auto - this is now the default option. SqWebMail will 342 detect whether the client connects via SSL, or not, and generate 343 either http:// or https:// URLs, appropriately. 344 * --enable-hardtimeout=seconds - hard session timeout interval, in 345 seconds. After the interval expires, the user is automatically logged 346 out. 347 * --enable-softtimeout=seconds - soft session timeout interval, in 348 seconds. If no account accesses come within the indicated time period, 349 the user is automatically logged out. 350 * --enable-autopurge=days - messages in the Trash folder are 351 automatically deleted after this time interval. 352 * --enable-maxpurge=days - allow users to specify "days" as the maximum 353 interval for preserving messages in the trash. 354 * --with-defaultlang=en - reserved for future use. Selects which set of 355 HTML template files SqWebMail uses by default. Currently only English 356 HTML templates are supplied. 357 * --enable-cgibindir=directory - where to install the sqwebmail CGI 358 stub. This should be your /cgi-bin directory. The configure script 359 will look for a cgi-bin directory in some popular locations; this 360 option can be used to tell configure where to look. 361 * --enable-imagedir=directory - where to install the icons and graphic 362 images. This should be somewhere in your web server's document 363 hierarchy. The configure script searches for your web server's 364 document directory in the usual places, this option can be used to 365 tell configure where to look. 366 * --enable-imageurl=URL - the URL to the directory containing images and 367 icons. 368 * --enable-mimetypes=filelist - a colon-separated list of your 369 mime.types files. When an attachment is uploaded, the corresponding 370 MIME type is derived by searching for the file's extension in the 371 mime.types file. A mime.types file normally comes with Pine or Apache. 372 If this option is not specified, configure looks in some places where 373 mime.types is usually found. If a mime.types file is found in any 374 directory, it is added to the list. This is a list of multiple files 375 separated by a colon. If the MIME type is not found in the first file, 376 SqWebMail will look in the next file. 377 * --enable-mimecharset=charset - default charset= tag to stick into the 378 Content-Type: header. the default is utf-8. 379 * --enable-lang=lang - reserved for future. Default language of web 380 pages to serve. 381 * --enable-bannerprog=program - full path to a banner program. sqwebmail 382 replaces the character sequence [#B#] in HTML template files with the 383 output generated by this program. The first argument to the program 384 will be the name of the HTML file. The banner program can use that to 385 customize banner output. 386 387 It is also possible for a site to stick multiple @B tags in the same 388 HTML page. To distinguish each instance follow the @B tag with up to 389 30 letters or digits, surrounded by braces. For example: [#B#]{TOP} 390 and [#B#]{BOTTOM}. "TOP", or "BOTTOM" (or anything else) will be the 391 second argument to the banner program. 392 393 * --with-maxargsize =n - set maximum size of an HTTP post SqWebMail will 394 accept. This is, essentially, the maximum length of a text message 395 (excluding any attachments) that SqWebMail will accept. This setting 396 can also be adjusted at runtime. See Adjusting maximum message size, 397 below. 398 * --with-maxformargsize=n - like the above, but applies to an HTTP 399 multipart/formdata post. This is approximately the largest attachment 400 that can be uploaded SqWebMail. This setting can also be adjusted at 401 runtime. See Adjusting maximum message size, below. 402 * --with-maxmsgsize=n - maximum size of messages (including attachments. 403 Defaults to 2097152 (two megabytes). Note that attachments are 404 base64-encoded, which adds 25% overhead, so the maximum size of all 405 attachments is really about 1.5 megabytes. This setting can also be 406 adjusted at runtime. See Adjusting maximum message size, below. 407 * --with-ispell=pathname - if configure finds ispell in the default 408 path, or if you specify the full name to ispell using this option, 409 users will be able to spell check their documents. 410 * --without-ispell - disable spell checking. 411 * --disable-autorenamesent - do not rename the Sent folder every month. 412 This option can also be controlled by the SQWEBMAIL_AUTORENAMESENT 413 environment variable (which can be set in Apache's httpd.conf, for 414 example). This setting gives the initial configuration, that can be 415 individually adjusted in the Preferences screen. 416 * --with-calendarpurge=N - if calendaring is enabled, purge expired 417 calendar events after N days (default: 30). 418 * --with-trashquota - include deleted messages, and the Trash folder, in 419 the estimated quota usage for maildirs. Quotas are optional, see the 420 file maildir/README.maildirquota.html for more information. The 421 default configuration does not count messages marked as deleted (but 422 not yet expunged) and the contents of the Trash folder (which are 423 automatically purged by the server) against the quota usage. 424 * --with-syslog=DEST - select syslog destination, giving one of the 425 facility codes from syslog.h such as "LOCAL7". Defaults to "MAIL". 426 427 After running configure, run make configure-check to verify the 428 directories where the CGI and the image files will be installed. make 429 configure-check prints the directories that the configuration script 430 thinks your web server is installed. Rerun configure and use 431 --enable-cgibindir and --enable-imagedir if SqWebMail guessed wrong. 432 433 Run make to compile SqWebMail, and make install-stripto install the files. 434 As mentioned before, use make install if make install-strip doesn't work. 435 436 WARNING: set your umask to 022 before running make install or make 437 install-strip. 438 439 Before running make install-strip, verify the contents of the sendit.sh 440 script, and make sure that your mail transfer agent is corrently invoked. 441 442 Modify your system startup script 443 444 The following command starts sqwebmail. This command should be added to 445 the system startup script so that sqwebmail automatically starts during 446 the system boot. 447 448 /usr/lib/sqwebmail/libexec/sqwebmaild.rc start 449 450 "sqwebmaild.rc stop" may also be used to shut down the webmail service. 451 452 SELinux 453 454 The following extension may be necessary to make SqWebMail work when 455 SELinux kernel extensions are turned on: 456 457 allow httpd_sys_script_t var_t:sock_file write; 458 allow httpd_sys_script_t unconfined_t:unix_stream_socket connectto; 459 460 Install the cleancache.pl cron job 461 462 After installing, add a cron job that runs the cleancache.pl script at 463 regular intervals (once an hour is fine). cleancache.pl is installed in 464 /usr/lib/sqwebmail/share/sqwebmail. make install will print additional 465 information on installing the cleancache.pl script. 466 467 Install configuration files 468 469 Run make install-configure to initialize certain configuration files. Some 470 SqWebMail's configuration files carry multiple configuration settings, 471 such as authdaemonrc, ldapaddressbook, and others (see elsewhere in 472 INSTALL for additional information regarding these configuration 473 settings). 474 475 For each such configuration file, make install installs filename.dist. 476 make install-configure takes each filename.dist and creates filename. If 477 the previous filename existed, and it contained autoupdate information 478 (SqWebMail 1.1 or later), the existing configuration settings will be 479 preserved, wherever possible. Older configuration files, that are not 480 auto-updatable, will be renamed to filename.bak. 481 482 During an autoupdate make install-configure will report on the disposition 483 of each configuration setting. A configuration setting will be preserved 484 as long as it is still valid in the new version of SqWebMail. Obsolete 485 configuration settings are automatically removed. If a configuration 486 setting may not be valid, it is not preserved, but will revert to its 487 default setting from filename.dist. It is recommended that the output of 488 make install-configure be saved (make install-configure >upgrade.log), so 489 that its report can be examined to identify any configuration settings 490 that are flagged for manual action 491 492 Post-install configuration 493 494 The default configuration script installs the authdaemond process that 495 handles authentication, and it is started by sqwebmaild.rc start 496 497 sqwebmaild.rc stop should also be executed at system shutdown, but is not 498 strictly necessary. 499 500 Tweak the web server for MSIE 501 502 The MSIE browser has a number of bugs in its HTTP/1.1 implementation, at 503 least as of MSIE 4.x and 5.x. You must configure your web server to use 504 HTTP/1.0 when talking to any MSIE browser (at least until MSIE gets 505 fixed). The problem has to do with downloading attachments. Apparently, 506 MSIE forgets how MIME works, when it uses HTTP/1.1. For the Apache server, 507 insert the following directive in httpd.conf: 508 509 BrowserMatch "MSIE" nokeepalive downgrade-1.0 force-response-1.0 510 511 Recent versions of Apache already have a similar directive for a specific 512 version of MSIE, MSIE 4.0b2. Just replace it with a browsermatch for any 513 MSIE version. 514 515 Load the login screen 516 517 Specify the URL to the sqwebmail binary to display the login page. Try to 518 log in to a test account. Review the rest of this configuration file in 519 order to enable optional features that you want to use. 520 521Spell checking 522 523 SqWebMail can use either the ispell or the aspell package for spell 524 checking messages. Install ispell or aspell before installing SqWebMail. 525 526 NOTE: SqWebMail assumes that the spell checking dictionary is called 527 "english". Some systems use a different name for the default spell 528 checking dictionary. To change the name of the spell checking dictionary 529 used by SqWebMail, put the name of the dictionary into the file 530 /usr/lib/sqwebmail/share/sqwebmail/html/en-us/ISPELLDICT. 531 532PAM authentication 533 534 SqWebMail uses the "webmail" service with the Courier authentication 535 library. When the optional groupware calendaring mode is enabled, 536 SqWebMail also uses the "calendar" service. You will have to take 537 additional, site-specific, steps in order to configure your PAM library 538 for the "webmail" and "calendar" PAM services. The specific details 539 regarding your PAM configuration differs from system to system, and you 540 should consult your own documentation. 541 542 See the Courier authentication library documentation for more PAM-related 543 information. 544 545 HINT: try to look at how other PAM services are set up, and duplicate 546 their configuration for the webmail and calendar services. A good example 547 to follow would be the ppp service, if it exists. 548 549Password changes 550 551 After installing SqWebMail be sure to test that the login password can be 552 changed through SqWebMail. Be sure to change the password a couple of 553 times, logging out and back in each time. 554 555 If you do not want to use the password change function you can also remove 556 the sqwebpasswd program. This is a helper program, installed with the 557 set-groupid bit set, that relays the password change request to the 558 authentication daemon, through the filesystem socket that is not globally 559 accessible. The password change request consists of the account name, the 560 old password, and the new password. The password change request is 561 validated by the authentication daemon, and the old password must match 562 the existing password on the account, before the password change goes 563 through. This set-groupid helper program is safe to use. 564 565Runtime configuration 566 567 There are some options which can be used to change sqwebmail's behaviour 568 on individual accounts, or globally, using the "Account Options" feature 569 in the Courier Authentication library. The individual account's setting 570 takes precedence over the DEFAULTOPTIONS settings in the authdaemonrc 571 configuration, so for example if you want to disable webmail access for 572 most accounts but enable it for a select few, you can set 573 DEFAULTOPTIONS="disablewebmail=1" in the authdaemonrc configuration file, 574 and add the option disablewebmail=0 to individual accounts. See the 575 section "Account options" in README_authlib.html in the courier-authlib 576 package for more information on setting the following account options: 577 578 disablewebmail - if set to a non-zero value, this account will not be 579 permitted to login to webmail (e.g. because the user is only allowed to 580 use POP3 or IMAP) 581 582 wbnochangingfrom - if set to a non-zero value, SqWebMail will not allow 583 the From: header to be changed, it will always have its default value. 584 585 wbnochangepass - if set to a non-zero value, SqWebMail will not allow 586 passwords to be changed. See "Password changes", above, for more 587 information. 588 589 wbusexsender - if set to a non-zero value, SqWebMail will attach an 590 X-Sender: header to all outgoing messages. This can be used in the event 591 you would like to be able to modify the From: header, yet also be able to 592 track sent mail to the original account. Although your mail server should 593 records the id of the sending user in the headers of outgoing messages, 594 this is not possible when you have many virtual accounts that share the 595 same system userid. 596 597 wbnoimages - if set to a non-zero value then no images or icons will be 598 used. The generated interface will be a text-only interface. 599 600 wbnodsn - set to a non-zero value then the option to request delivery 601 confirmation receipts will not be shown. Delivery confirmation receipts 602 require the local mail server to support RFC 1894 delivery status 603 notifications, and some mail servers do not implement DSNs. NOTE: Qmail 604 does not implement DSNs, so this option must be set when installing 605 sqwebmail on a Qmail box. 606 607 In addition, there's some global configuration that can be done after 608 installation. The following presumes that SqWebMail's configuration files 609 are installed in /usr/lib/sqwebmail (the default). 610 611 /usr/lib/sqwebmail/etc/hostname - when SqWebMail is installed with a basic 612 configuration for a single domain, SqWebMail sets the domain in the return 613 address for outgoing messages to the defined system hostname. If this file 614 exists it will be used instead of the defined system hostname. 615 616 /usr/lib/sqwebmail/etc/autoresponsesquota - the systemwide quota on 617 autoreplies, if autoreplies and mail filtering are enabled. This file 618 contains one line: "Cnnn" or "Snnn" (or both strings, on the same line). 619 Cnnn: allow up to #nnn autoreplies to be created. Snnn: allow up to #nnn 620 bytes as the total size of all autoreplies, combined. If both Cnnn and 621 Snnn are specified, both quotas apply. If this file does not exist, there 622 is no limit on autoreplies. This quota setting applies systemwide. To 623 override the quota setting for a particular Maildir, create the 624 autoresponsesquota file in that Maildir (which takes precedence). 625 626 /usr/lib/sqwebmail/share/sqwebmail/sendit.sh is a shell script that's 627 called to actually mail a message. It can be customized to do something 628 like rewriting some of the headers, or adding the client's IP address to 629 the headers (sqwebmail does not do that by default). 630 631 /usr/lib/sqwebmail/etc/logindomainlist - if this file exists, it can be 632 used in a vast number of ways to fine tune the user login experience. See 633 README.logindomainlist.html for more information. 634 635 /usr/lib/sqwebmail/share/sqwebmail/html/LANG/footer - if this file exists, 636 its contents will be appended to the end of every sent message. LANG is 637 the language code here, there can be a separate footer per installed 638 language. The footer file carries the following requirements: 639 640 * The footer file must be coded in UTF-8. 641 642 * The footer file must follow the format=flowed; delsp=yes format, as 643 specified by RFC 3676. Capsule summary: 644 645 * Paragraphs are delimited by blank lines. 646 647 * Paragraphs that consist of more than one line must have a 648 trailing space ending each line except the last line in the 649 paragraph. 650 651 * That trailing space is in addition to a space that delimits 652 individual words in most Western languages. Therefore, a line 653 that ends on a word without punctuation and continues with the 654 next word at the beginning of the next line must end with two 655 spaces: the usual space that separates individual words, and a 656 second space that indicates that the paragraph continues on the 657 next line. 658 659 * Restated: a line that ends with a space is logically joined with 660 the next line, after the trailing space is logically removed. 661 662 * Lines that begin with a space character or the ">" character must 663 have an additional space character prepended to them. This 664 leading space character is logically removed from the contents of 665 the line. 666 667 * Signature content gets formatted as part of the message together with 668 the rest of the content. Sender-selected option to format the message 669 as either a plain text message, or using wiki-style HTML markup 670 applies to the footer file too. The footer file's contents should be 671 constructed taking into account the possibility that wiki-style HTML 672 markup may get optionally applied to the footer content. 673 674 /usr/lib/sqwebmail/share/sqwebmail/html/LANG/TIMEZONELIST - a list of 675 alternative timezones. By default all dates and times are shown in the 676 server's default timezone, and the dropdown list on the login screen can 677 be used to select an alternative timezone. SqWebMail comes with a default 678 alternative timezone list that lists only a small number of timezones. 679 Additional timezones can be entered into this file to be shown on the 680 login screen. 681 682Account Initialization Hook 683 684 If there is a file or a symbolic link in the maildir called "loginexec", 685 and if it is executable, then the executable file will be invoked after a 686 succesful login. If the program terminates with an exit code of 0, the 687 "loginexec" file (or a symbolic link) will be removed. 688 689Adjusting session timeouts 690 691 A login session is automatically logged out after certain period of 692 inactivity. The timeout period defaults to 20 minutes, and is set by the 693 --enable-softtimeout option to the configure script. It is also possible 694 to adjust this value by setting the SQWEBMAIL_TIMEOUTSOFT environment 695 variable. For example, with Apache, by adding the following to httpd.conf: 696 697 SetEnv SQWEBMAIL_TIMEOUTSOFT 3600 698 699 There is also a hard timeout, which logs out a session no matter what. The 700 default of two hours is changed with the --enable-hardtimeout option to 701 the configure script, and the SQWEBMAIL_TIMEOUTHARD environment variable. 702 703 WARNING: 704 705 The hard timeout interval is used to calculate the maintenance of the 706 login cache (if that option is selected). This factor is used in the 707 cleancache.pl cleanup script, and changes to this value must be 708 coordinated appropriately. It is not possible to use different hard 709 timeout values with the same login cache (in different virtual domains, as 710 described in the next session). Leisurely tinkering with this environment 711 variable is STRONGLY DISCOURAGED, it's very easy to screw up the whole 712 system. You've been warned. 713 714 If you adjust the hard timeout, you must simultaneously delete your 715 current login cache directory, and adjust $timeouthard in the installed 716 cleancache.pl script. 717 718Adjusting maximum message size 719 720 The --with-maxargsize, --with-maxformargsize, and --with-maxmsgsize 721 options to the configure script set the parameters that control the 722 maximum size of messages and attachments. These parameters can also be set 723 through the following environment variables. 724 725 NOTE: The configure script parameters define the minimum settngs. The 726 following environment variables may be used to set larger limits only. 727 728 NOTE: These settings limit only the maximum size of messages sent by 729 SqWebMail. The limit on the incoming message size is set by your mail 730 server. 731 732 SQWEBMAIL_MAXARGSIZE 733 Approximate maximum size, in bytes, of the message, excluding any 734 attachments (overrides the --with-maxargsize parameter to the 735 configure script). This is the maximum message that can be typed 736 into SqWebMail. 737 738 NOTE: SqWebMail has an inactivity timeout. While composing a new 739 message use the "Preview" button frequently to save the unfinished 740 message and keep the session from timing out. 741 742 SQWEBMAIL_MAXATTSIZE 743 Approximate maximum size, of each allowed attachment. (overrides 744 the --with-maxargsize parameter to the configure script). 745 746 NOTE: Attaching binary files to E-mail messages incurs an overhead 747 of approximately 33%. E-mail is really not the optimum medium for 748 exchanging files. Setting SQWEBMAIL_MAXATTSIZE to 4000000 will 749 effectively allow attaching files of up to 3000000 bytes in 750 length, approximately. 751 752 SQWEBMAIL_MAXMSGSIZE 753 Approximate maximum size, of a message, including the text portion 754 and all attachments (overrides the --with-maxmsgsize parameter to 755 the configure script). There can be any number of attachments, 756 each one up to SQWEBMAIL_MAXATTSIZE bytes long, but the sum total 757 of the entire message cannot exceed SQWEBMAIL_MAXMSGSIZE. 758 759 These variables must be set in the environment that runs the SqWebMail CGI 760 program. With Apache, these variables can be set in the httpd.conf file by 761 the SetEnv command. httpd.conf example: 762 763 SetEnv SQWEBMAIL_MAXATTSIZE 1000000 764 SetEnv SQWEBMAIL_MAXMSGSIZE 4000000 765 766 NOTE: These settings are global, and apply to all mailboxes. However, 767 advanced Apache configuration can be used to use different environment 768 variable settings with different virtual hosts. 769 770 NOTE: On 32-bit platforms, the maximum limits may not exceed 2 771 gigabytes. A 64-bit platform is required to have SqWebMail capable of 772 handling attachments and messages larger than 2 gigabytes. 773 774Random seed 775 776 A random seed is required for preventing certain kinds of external attacks 777 against the SqWebMail server. The random seed must be a constant value, 778 only varying between different instances of SqWebMail. By default the 779 random seed is derived from the inode number of one of the supporting 780 script files. The script file ordinarily remains constant, thus the random 781 seed does not change, but different SqWebMail installs will end up with a 782 different seed. 783 784 When a pool of SqWebMail servers is combined for load-balancing, all 785 servers must use the same random seed. This is done by defining the 786 SQWEBMAIL_RANDSEED environment variable. This can be set in the httpd.conf 787 as well: 788 789 SetEnv SQWEBMAIL_RANDSEED 82738AZ 790 791 SQWEBMAIL_RANDSEED should contain up to ten letters or numbers. 792 793Domain-based templates 794 795 The default set of templates for the dynamically generated HTML is 796 installed in /usr/lib/sqwebmail/share/sqwebmail/html. When the same server 797 is used to provide webmail access for multiple domains it is possible to 798 specify a different set of HTML templates for each domain. 799 800 This functionality is not directly implemented in SqWebMail, simply 801 because there is no standard way to specify this. Instead, this is 802 something that will need some minor work set up. 803 804 Domain-based templates are implemented by making the web server set the 805 environment variables SQWEBMAIL_TEMPLATEDIR prior to running the sqwebmail 806 binary. The contents of this environment variable override the default 807 location of /usr/lib/sqwebmail/share/sqwebmail/html. By having the web 808 server initialize this variable based on the domain name it is possible to 809 present different templates, based on the domain name used. 810 811 To do this, make copies of the HTML template directory, 812 /usr/lib/sqwebmail/share/sqwebmail/html. Then, configure the web server to 813 initialize SQWEBMAIL_TEMPLATEDIR appropriately. For example, with Apache: 814 815 <VirtualHost a.b.c.d> 816 ServerName webmail.example.com 817 [...] 818 SetEnv SQWEBMAIL_TEMPLATEDIR /usr/lib/sqwebmail/share/sqwebmail/webmail.example.com 819 [...] 820 </VirtualHost> 821 822 The possibilities are endless. 823 824Name-based templates 825 826 In versions of sqwebmail greater than sqwebmail-3.5.3.20030629 it is 827 possible to display two or more templates from the same CGI binary WITHOUT 828 setting up multiple domain names. 829 830 For example, with Name-based templates an sqwebmail administrator can set 831 up sqwebmail to display a template in the 832 /usr/lib/sqwebmail/share/sqwebmail/html directory when sqwebmail is called 833 from the URL: http://www.foo.com/cgi-bin/sqwebmail 834 835 And display a different template in the 836 /usr/lib/sqwebmail/share/sqwebmail/alternate-html directory when sqwebmail 837 is called from the URL: http://www.foo.com/cgi-bin/sqwebmail-alt-template 838 839 This is made possible by a little web server magic (explained below in the 840 section entitled "Apache Name-based template configuration example") and 841 the setting of TWO sqwebmail environment variables: 842 843 SQWEBMAIL_TEMPLATEDIR SQWEBMAIL_IMAGEURL 844 845 You should recognize the SQWEBMAIL_TEMPLATEDIR environment variable from 846 the section above on Domain-based templates. If you haven't read that 847 section yet, please do so now. 848 849 The SQWEBMAIL_IMAGEURL environment variable is new in versions of 850 sqwebmail greater than sqwebmail-3.5.3.20030629. It allows us to set, at 851 run time, the image URL, or the root URL, in which to look for our 852 template's images. This image URL is then automatically inserted into the 853 current template anytime a conditional image tag or an IMAGEURL tag is 854 encountered. 855 856 This is an example of a conditional image tag: 857 858 [#@image.gif, ... @text@#] 859 860 The conditional image tag is replaced at template processing time with an 861 HTML <img src="..."> tag if (hence the word "conditional") sqwebmail is 862 set up to display images. 863 864 This is an example of an IMAGEURL tag: 865 866 [#IMAGEURL#] 867 868 The IMAGEURL tag is replaced at template processing time with the contents 869 of the SQWEBMAIL_IMAGEURL environment variable, if set, and otherwise with 870 the value of the --with-imageurl configure option, which defaults to 871 "/webmail". 872 873 Apache Name-based template configuration example 874 875 Let's take a look at a simple Apache Name-based sqwebmail template 876 configuration example: 877 878 879 # Sqwebmail Alternate Template URL 880 ScriptAlias /cgi-bin/sqwebmail-alt-template "/usr/local/apache/cgi-bin/sqwebmail" 881 882 <Location /cgi-bin/sqwebmail-alt-template> 883 Setenv SQWEBMAIL_TEMPLATEDIR "/usr/lib/sqwebmail/share/sqwebmail/alternate-template" 884 Setenv SQWEBMAIL_IMAGEURL "/alternate-webmail" 885 [...] 886 </Location> 887 888 889 The above should allow your users to run sqwebmail with the template in 890 /usr/lib/sqwebmail/share/sqwebmail/alternate-template and an image URL of 891 /alternate-webmail, simply by calling sqwebmail from the following URL: 892 893 http://www.yourdomain.com/cgi-bin/sqwebmail-alt-template 894 895 The original sqwebmail templates would then still be available from this 896 URL: 897 898 http://www.yourdomain.com/cgi-bin/sqwebmail 899 900 Using Apache's <Location> directive we can utilize a virtually unlimited 901 number of templates without setting up a single virtual domain. 902 903Shared folders 904 905 SqWebMail supports shared folders. The SqWebMail distribution includes an 906 enhanced maildirmake command that created shared folders. 907 908 The maildirmake command will be installed in 909 /usr/lib/sqwebmail/libexec/sqwebmail by default, and the manual page will 910 be installed in /usr/lib/sqwebmail/man by default. 911 912 See the manual page for more information on how to set up shared folders. 913 914LDAP address books 915 916 SqWebMail can import E-mail addresses from public LDAP address books into 917 an individual address book. A default systemwide list of accessible LDAP 918 address books is defined for everyone, and individuals can configure 919 additional LDAP address books for themselves. 920 921 The OpenLDAP development toolkit must be installed before building 922 SqWebMail, in order for LDAP search code to compile. 923 924 The file /usr/lib/sqwebmail/etc/ldapaddressbook should contain a default 925 systemwide list of accessible address book. A default file will be 926 installed, listing some common Internet address books. Each line in this 927 file contains the following information: 928 929 name<tab>host<tab>port<tab>suffix<tab>binddn<tab>bindpw 930 931 <tab> is a single ASCII TAB character. name is the unique name for this 932 LDAP server. host and port specify the connection parameters. suffix 933 specifies the root LDAP entry whose subtree gets searched. The binddn and 934 bindpw fields are not presently used (they were used in earlier version of 935 SqWebMail, before the LDAP search interface was rewritten and simplified). 936 937Mail Filtering 938 939 Mail filtering is an optional feature. Mail filtering allows installation 940 of rules that either automatically deliver incoming messages to specific 941 folders, forward it, or reject it, based on the contents of the message's 942 header or body. A simple autoreply function is also available. Mail 943 filtering requires that the maildrop mail filter must be installed as the 944 local mail delivery agent. Mail filtering requires maildrop version 2.0, 945 or higher. SqWebMail will generate a filtering recipe for maildrop to use 946 when delivering mail. Maildrop's mail filtering language is very powerful, 947 and SqWebMail can reasonably use only a fraction of the mail filtering 948 language, but enough functionality is supported for the majority if mail 949 filtering needs. 950 951 For information on installing and activating mail filtering, see the file 952 libs/maildir/README.maildirfilter.html. 953 954 Autoreplies 955 956 The mail filtering option can also be used to set up autoreplies. 957 Autoreplies are prepared in advance on a separate screen. By default there 958 is no limit on the number of the size of created autoreplies, therefore it 959 is recommended that a quota be set up on the autoreplies (see "Runtime 960 Configuration"). 961 962 Autoreplies can include any valid MIME content (MIME content other than 963 plain text can be uploaded). The following special procedure needs to be 964 used to prepare multipart autoreply content, such as text and html 965 alternatives of the same message: 966 967 Assign a filename extension to the message/rfc822 MIME content. For 968 example, edit your mime.types file, find the message/rfc822 MIME type 969 (append one if it's not in mime.types), and make sure that it has at least 970 one filename extension, such as "msg". 971 972 Prepare the multipart MIME autoreply. The most convenient way is to 973 prepare a normal E-mail message using a conventional E-mail client. Save 974 the RFC822-formatted message in a file with a ".msg" extension, and upload 975 it on the autoreply screen. 976 977 SqWebMail handles uploaded message/rfc822 content by removing all headers 978 except the MIME headers, leaving the MIME content type header, and the 979 actual MIME content. 980 981Calendaring 982 983 This release of SqWebMail contains a beta implementation of basic 984 calendaring, that can be optionally enabled. For more information, see the 985 file pcp/README.html. SqWebMail's calendaring implementation is designed 986 to be used on a private mail server. It is not suitable for use on public 987 webmail servers. See the README file for additional information. 988 989Encryption 990 991 SqWebMail can be set up to encrypt and decrypt mail using GnuPG. For more 992 information on setting up and using encryption, read the file 993 gpglib/README.html in the source distribution. 994 995FAQ: Problems with downloading attachments with Internet Explorer versions 4 and 9965 997 998 Certain versions of Microsoft Internet Explorer have a bug in HTTP/1.1 999 protocol implementation that results in MSIE reporting random weird errors 1000 when downloading attachments. 1001 1002 Here's how to tweak Apache to work around this particular bug. Add the 1003 following directive to Apache's httpd.conf forces the HTTP/1.0 protocol 1004 response for Internet Explorer clients: 1005 1006 BrowserMatch "MSIE [45]" nokeepalive downgrade-1.0 force-response-1.0 1007