secure webmail

This is a discussion on secure webmail within the Apache Web Server forums, part of the Web Server and Related Forums category; Hi I have my webmail working with SUSE10, postfix, cyrus and squirrlemail. My issue is how can I make it ...


Go Back   Usenet Forums > Web Server and Related Forums > Apache Web Server

Reload this Page secure webmail

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-27-2006
miguel-lopes
 
Posts: n/a
Default secure webmail
Hi

I have my webmail working with SUSE10, postfix, cyrus and squirrlemail.

My issue is how can I make it secure??

In other words instead of typing http://www.xxxx.com/webmail make it
https://www.xxxx.com/webmail that way the password are encrypted and what
the viewer is seeing also.

Thanks any help is apreciated!!
  #2 (permalink)  
Old 11-27-2006
David T. Ashley
 
Posts: n/a
Default Re: secure webmail
"miguel-lopes" <milopes@hotmail.com> wrote in message
news:IPudnXoCJ7nWZffYnZ2dnUVZ8tydnZ2d@novis.pt...
> Hi
>
> I have my webmail working with SUSE10, postfix, cyrus and squirrlemail.
>
> My issue is how can I make it secure??
>
> In other words instead of typing http://www.xxxx.com/webmail make it
> https://www.xxxx.com/webmail that way the password are encrypted and what
> the viewer is seeing also.
>
> Thanks any help is apreciated!!

To generate the certificate itself:

http://tldp.org/HOWTO/SSL-RedHat-HOWTO-3.html

http://www.rpatrick.com/tech/makecert/

Then you need to change the Apache config file to listen on Port 443 and use
the key/certificate.

http://tldp.org/HOWTO/SSL-RedHat-HOWTO-4.html#configure

You can also pay for a certificate that is traceable to a certification
authority ... but that is a separate question. Except for the nag given by
most or all browsers, a self-signed is fine.
  #3 (permalink)  
Old 11-28-2006
shimmyshack
 
Posts: n/a
Default Re: secure webmail
don't forget though email is inherently insecure, sending stuff in
plain text, all you are doing here is securing the data from your web
server to your user and back.
To make a truly secure system, you should use SSL, but then unless your
mail server is on the same machine as the web server consider using
Secure SMTP to the server. (like gmail)
Then you have the problem of the SMTP server's network, and all
networks after that including the pop network for the recipient, as
well as his/her network once the mail has been downloaded from the pop
server.
Anything that important should be sent using certificate encrypted
mail. That requires the recipient has a public cert. PHP has funcitons
that can use a persons public cert to encrypt the mail.
I am assuming here that all you want is "cant eavesdrop on the GET/POST
to the web server" in which case yeah SSL.
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:47 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0