Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
[ http://squirrelmail.org/sflogo.html ]
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
[ http://squirrelmail.org/sflogo.html ]
Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"
ANNOUNCE: SquirrelMail 1.4.22 Released
Jul 12, 2011 by Paul Lesniewski
NEWS: SquirrelMail makes another Hollywood appearance
Nov 17, 2010 by Paul Lesniewski
NEWS: Is SquirrelMail "Notable?"
Jul 23, 2010 by Paul Lesniewski
ANNOUNCE: SquirrelMail 1.4.21 Released
Jul 23, 2010 by Paul Lesniewski
NEWS: imapproxy project adopted by SquirrelMail
May 05, 2010 by Paul Lesniewski
NEWS: G/PGP Plugin Revived
Mar 21, 2010 by Paul Lesniewski
Jul 12, 2011 by Paul Lesniewski
The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.22. This release contains a large number of performance enhancements, stability fixes and a few bug/security fixes.
The most important thing to note when upgrading to version 1.4.22 is that due to a fix made that standardizes the folder list display, administrators who had their configuration file set to work around this issue in the past will need to update their configuration. This will commonly affect those using Courier IMAP, but could affect others as well.
If you have $default_sub_of_inbox set to FALSE in your main configuration (or, using the configuration tool, see "3. Folder Defaults" ===> "12. Default Sub. of INBOX"), and you find after upgrade that your special folders (e.g., Trash, Drafts, Sent) are no longer listed at the top of your folder list, please change that value to TRUE.
Also, if you find that this upgrade prevents users from logging in with an error such as "ERROR: Could not complete request. Query: CREATE "Trash" Reason Given: Invalid mailbox name.", you will need to correct the user preference values for the problem folders. You can do so with commands such as the following for file-based preferences (adjust the data directory location as needed):
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/draft_folder=Drafts/draft_folder=INBOX.Drafts/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/sent_folder=Sent/sent_folder=INBOX.Sent/g' {} \;
Or, for database-based preferences:
   UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash';
   UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts';
   UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent';
MAKE SURE to back up your user preferences before doing any of the above!
This release also addresses several security issues, including some harsh but hard to exploit XSS bugs, a general clickjacking vulnerability, and a small problem with message sanitizing.
If only for the clickjacking protection, we recommend that users of previous versions of SquirrelMail upgrade at their earliest convenience.
For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).
The most important thing to note when upgrading to version 1.4.22 is that due to a fix made that standardizes the folder list display, administrators who had their configuration file set to work around this issue in the past will need to update their configuration. This will commonly affect those using Courier IMAP, but could affect others as well.
If you have $default_sub_of_inbox set to FALSE in your main configuration (or, using the configuration tool, see "3. Folder Defaults" ===> "12. Default Sub. of INBOX"), and you find after upgrade that your special folders (e.g., Trash, Drafts, Sent) are no longer listed at the top of your folder list, please change that value to TRUE.
Also, if you find that this upgrade prevents users from logging in with an error such as "ERROR: Could not complete request. Query: CREATE "Trash" Reason Given: Invalid mailbox name.", you will need to correct the user preference values for the problem folders. You can do so with commands such as the following for file-based preferences (adjust the data directory location as needed):
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/draft_folder=Drafts/draft_folder=INBOX.Drafts/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/sent_folder=Sent/sent_folder=INBOX.Sent/g' {} \;
Or, for database-based preferences:
   UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash';
   UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts';
   UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent';
MAKE SURE to back up your user preferences before doing any of the above!
This release also addresses several security issues, including some harsh but hard to exploit XSS bugs, a general clickjacking vulnerability, and a small problem with message sanitizing.
If only for the clickjacking protection, we recommend that users of previous versions of SquirrelMail upgrade at their earliest convenience.
For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).
NEWS: SquirrelMail makes another Hollywood appearance
Nov 17, 2010 by Paul Lesniewski
SquirrelMail once again hits the big screen, this time making two cameos in "The Social Network". SquirrelMail was spotted in use by Mark Zuckerberg's and Sean Parker's characters. So far, no one has contacted us regarding our cut of the box office. ;-)
NEWS: Is SquirrelMail "Notable?"
Jul 23, 2010 by Paul Lesniewski
It seems that one Wikipedia user thinks that SquirrelMail is not considered "notable" enough to retain its own Wikipedia page. Do you agree? Disagree? Voice your opinion.
UPDATE: As of November 2010, SquirrelMail's notability seems to have been commonly agreed upon and the notability warning has been removed. Thanks to everyone who contributed to the discussion and especially those who took it upon themselves to improve the article itself!
UPDATE: As of November 2010, SquirrelMail's notability seems to have been commonly agreed upon and the notability warning has been removed. Thanks to everyone who contributed to the discussion and especially those who took it upon themselves to improve the article itself!
ANNOUNCE: SquirrelMail 1.4.21 Released
Jul 23, 2010 by Paul Lesniewski
The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.21. This is primarily a maintenance release which addresses a smattering of small issues and adds some fine-tuning of recent changes. It also closes two relatively low-risk security issues.
Before this release, for environments with highly active users, the number of security tokens could have bloated user session (and preference) files to an unacceptable size, hurting overall responsiveness. This release scales back the default validity period of security tokens from 30 days to two days, which should fix this problem in most cases. The administrator is always free to change this value by specifying $max_token_age_days in config/config_local.php.
There are also fixes for minor issues related to header folding, faster and more resilient display of encoded subjects, quoting of encoded addresses upon reply, provision of a subject when using forward-as-attachment, and a few other tidbits.
This release also includes fixes for two low-risk vulnerabilities. The first, CVE-2010-1637, allows authenticated users to use the Mail Fetch plugin as a network/port/DNS scanner. The second, CVE-2010-2813, poses a denial-of-service risk when passwords containing 8-bit characters are used to log in. While we characterize these issues as fairly low risk, it is nevertheless recommended that users of previous versions of SquirrelMail upgrade at their earliest convenience.
For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).
Before this release, for environments with highly active users, the number of security tokens could have bloated user session (and preference) files to an unacceptable size, hurting overall responsiveness. This release scales back the default validity period of security tokens from 30 days to two days, which should fix this problem in most cases. The administrator is always free to change this value by specifying $max_token_age_days in config/config_local.php.
There are also fixes for minor issues related to header folding, faster and more resilient display of encoded subjects, quoting of encoded addresses upon reply, provision of a subject when using forward-as-attachment, and a few other tidbits.
This release also includes fixes for two low-risk vulnerabilities. The first, CVE-2010-1637, allows authenticated users to use the Mail Fetch plugin as a network/port/DNS scanner. The second, CVE-2010-2813, poses a denial-of-service risk when passwords containing 8-bit characters are used to log in. While we characterize these issues as fairly low risk, it is nevertheless recommended that users of previous versions of SquirrelMail upgrade at their earliest convenience.
For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).
NEWS: imapproxy project adopted by SquirrelMail
May 05, 2010 by Paul Lesniewski
Many SquirrelMail administrators will be familiar with imapproxy, the wonderful and very stable IMAP proxy software developed by Dave McMurtrie. Those who are not should look into it, as it provides a significant performance boost to stateless webmail applications (see http://imapproxy.org). Dave has decided that it is time to retire from his role with the software and has asked us to take it on. We are excited to accept his offer and look forward to keeping the project relevant and stable. We are already hosting imapproxy.org and in the future we'll be merging that into this website as well as adding Dave's code to our SVN repository, etc. Thanks again, Dave! We wish you well in your next endeavors!
NEWS: G/PGP Plugin Revived
Mar 21, 2010 by Paul Lesniewski
The G/PGP Encryption Plugin plugin is a crucial add-on for many SquirrelMail installations, so we were sorry to see it fall into disrepair in the recent past. However, we've now revived it and a new, working version is in testing. If you'd like to help test, ask on the squirrelmail-plugins mailing list or ask Paul directly.
Plugin Updates
Create Your Own Plugin
Autocomplete
v3.0 on Feb 3, 2012
S/MIME Verification
v1.0 on Jan 1, 2012
Password Forget
v2.3 on Dec 15, 2011
Compose Extras
v0.9 on Nov 20, 2011
Folder Synchronization
v1.0 on Sep 13, 2011
CAPTCHA
v1.2.3 on Jul 9, 2011
Squirrel Logger
v2.3.1 on Jul 6, 2011
Restrict Senders
v1.5.1 on Jul 4, 2011
Empty Trash
v2.0 on Apr 16, 2011
Random Login Image
v1.0 on Apr 2, 2011
Undelete
v2.0 on Mar 11, 2011
Move All Messages
v1.0 on Mar 10, 2011
Create Your Own Plugin
Autocomplete
v3.0 on Feb 3, 2012
S/MIME Verification
v1.0 on Jan 1, 2012
Password Forget
v2.3 on Dec 15, 2011
Compose Extras
v0.9 on Nov 20, 2011
Folder Synchronization
v1.0 on Sep 13, 2011
CAPTCHA
v1.2.3 on Jul 9, 2011
Squirrel Logger
v2.3.1 on Jul 6, 2011
Restrict Senders
v1.5.1 on Jul 4, 2011
Empty Trash
v2.0 on Apr 16, 2011
Random Login Image
v1.0 on Apr 2, 2011
Undelete
v2.0 on Mar 11, 2011
Move All Messages
v1.0 on Mar 10, 2011
You are viewing a mobilized version of this site...
View original page here
