From 0bb35ae2631cbc99c8470fc5531c509070399939 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Thu, 9 Jan 2020 07:06:08 +0100 Subject: [PATCH] chroot squirrelmail --- README.md | 4 +++- var/www/common.php | 4 ++-- var/www/setup.php | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a20b170..4ea745a 100644 --- a/README.md +++ b/README.md @@ -133,7 +133,7 @@ quit For web based mail management grab the latest squirrelmail and install it in `/var/www/html/squirrelmail`: ``` -cd /var/www/html/ && svn checkout https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail && cd squirrelmail && ./configure && mkdir /var/local/squirrelmail /var/local/squirrelmail/data /var/local/squirrelmail/attach && chown www-data:www-data /var/local/squirrelmail /var/local/squirrelmail/data /var/local/squirrelmail/attach +cd /var/www/html/ && svn checkout https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail && cd squirrelmail && ./configure && mkdir -p /var/www/data/squirrelmail/data /var/www/data/squirrelmail/attach && chown www-data:www-data -R /var/www/data ``` Once it is downloaded, it will ask you for configuration. Things to change are: @@ -141,6 +141,8 @@ Once it is downloaded, it will ask you for configuration. Things to change are: D. > select dovecot 2. Server Settings > 1. Domain > Set your own .onion domain here 2. Server Settings > B. Update SMTP settings > 7. SMTP Authentication -> y -> plain -> n User are authenticated using their username + password +4. General Options > 1. Data Directory > /data/squirrelmail/data/ +4. General Options > 2. Attachment Directory > /data/squirrelmail/attach/ 4. General Options > 9. Allow editing of identity > n Users should not be able to fake email addresses > y They should be able to change display name > y They should be able to set a reply to mail > y additional headers are not required 10. Language settings > 4. Enable aggressive decoding 11. Tweaks > 2. Ask user info on first login > n (commonly confuses users) diff --git a/var/www/common.php b/var/www/common.php index a996a7d..c68d24b 100644 --- a/var/www/common.php +++ b/var/www/common.php @@ -81,8 +81,8 @@ server { location /squirrelmail { location ~ \.php$ { include snippets/fastcgi-php.conf; - fastcgi_param DOCUMENT_ROOT $document_root; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT /html; + fastcgi_param SCRIPT_FILENAME /html$fastcgi_script_name; fastcgi_pass unix:/var/run/php/7.4-squirrelmail; } } diff --git a/var/www/setup.php b/var/www/setup.php index 4e0903c..2e50966 100644 --- a/var/www/setup.php +++ b/var/www/setup.php @@ -237,13 +237,14 @@ group = www-data listen = /run/php/$version-squirrelmail listen.owner = www-data listen.group = www-data +chroot = /var/www pm = dynamic pm.max_children = 25 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 php_admin_value[mysqli.allow_persistent] = On -php_admin_value[open_basedir] = /var/local/squirrelmail:/var/www/html/squirrelmail:/tmp +php_admin_value[open_basedir] = /data/squirrelmail:/html/squirrelmail:/tmp env[HOME]=/ [adminer] user = www-data