PDA

View Full Version : Secure webmail



Evolent
08-08-2003, 11:31 PM
I know it's been mentioned in passing on the mail forum, but there didn't seem to be any official responses, and it was a while back, so... any chance of getting the webmail interface over SSL at some point?

Cheers,
-Benj

FZ
08-09-2003, 07:44 AM
Full SSL support will now be provided with all accounts (i.e. as of WestHost 2.0), and you can install your own Webmail program(s), so you should be able to make it secure if you wish.

WestHost - MStevenson
08-30-2003, 01:08 AM
That is correct, once your account is migrated to WestHost 2.0 you will be able to install your own personal copy of Webmail on your account (you can choose between Imp and Neomail), and you can also take advantage of the shared SSL with your account, or get your own SSL certificate (https://corp.westhost.com/sslcert/).

AUS-CITY
09-02-2003, 04:46 AM
MStevenson,

Is there a place where we can see both of the webmail programs so we can choose?

Thanks!

FZ
09-02-2003, 07:27 AM
NeoMail: http://www.neomail.org/

IMP Webmail Client: http://www.horde.org/imp/

visible soul
09-09-2003, 12:29 PM
I've never set up SSL before so go easy on me :oops: but I have a question.

I would like to make Neomail secure. I tried using

https://ssl4.westserver.net/mydomain.com/cgi-bin/plugins/neomail/neomail.pl

but got a "software error" message instead of the login screen.

(I have installed Neomail and the shared SSL)

Would someone care to instruct a newbie on how I should set this up? With everything going on at WH I don't want to submit a support ticket this week unless I absolutely have to.

Thanks.
-DKC-

friedsonjm
09-09-2003, 02:30 PM
I'd like to make mine secure too!

FZ
09-10-2003, 06:03 PM
Here is a really easy way to secure your site (or any part thereof):

1. Log in to your Site Manager (yourdomain.com/manager/)
2. Click on Site Applications, then E-Commerce.
3. Install OpenSSL. For help, see: http://manual.westhost.com/part7.html#openssl
4. Once installed properly, you can access any file on your web site securely simply by changing the normal http:// to https:// (e.g. https://yourdomain.com/cgi-bin/plugins/neomail/neomail.pl )

Take note that because in this case you have not used a proper "certificate", that it pops up with alerts informing the user of this (invalid certificate, unknown issuer, etc.). However, if you just want to secure some files for personal usage, this is not an issue. Just click Accept/Ok on the alert/message box and voila - you are securely accessing your site (and can access any file on it this way). I tried it out with NeoMail and it works perfectly.

The difference between this and the Shared SSL option is that the latter is a "proper" solution for when you actually want to use a valid shared certificate (i.e. WestHost's) - e.g. when you are accepting sensitive information from a user who would otherwise be suspicious if he/she received an "Invalid Certificate" message in the case of OpenSSL.

Updated:
One last thing though - when you install it it says this is for testing purposes only, and that is fine, but I also noticed somewhere that it (the certificate) is only valid for one month. I'm pretty sure all that will change after that period is it will say the certificate has an invalid date/is expired - the connection should still be secure.

Hope this helps you guys... Let me know how it goes.

visible soul
09-10-2003, 11:46 PM
I really appreciate your response, design64. I'll try it tomorrow.

FZ
09-11-2003, 04:20 AM
My pleasure.

visible soul
09-14-2003, 05:06 AM
Well I guess it would help if my site manager actually worked well enough to install the open SSL certificate. No dice. I have wasted many hours fighting that thing. I've started manually installing scripts at this point.

FZ
09-14-2003, 10:22 AM
Has it been giving you an error or something? Or has it just been really slow? WestHost has been a tad unreliable this whole weekend what with all their patching/fixing and rebooting of servers. Maybe you just chose the wrong time each time you tried. According to http://netstatus.westhost.com/, as I make this post everything seems to be working fine - maybe you should give it another chance?

visible soul
09-15-2003, 11:11 AM
design64-
I tried a couple of times to install it with no success. I have been unable to install phpBB2 with the Manager. I ended up downloading it from the phpBB website and installing it manually. I have been able to install a few of the other applications after repeated errors and failures. Most of the time when I try to install an application with the Manager I get the "Please Wait" window for about 30 minutes (literally!) after which I get spit back out to the login screen. Sometimes after logging in again I see that the install was successful. Most of the time it is not. No support from WH on this one.

I'm going to try to install a few things today.

FZ
09-16-2003, 03:09 PM
Any luck?

Not that it should make any difference, but maybe you should try emptying all your cache, cookies and history. What browser are you using? Are you downloading things in the background while trying to access your Site Manager? Try to close all running programs (that you aren't using) or those that are using bandwidth, etc. Maybe even your firewall, and decrease cookie restriction settings in your browser as well. Worth a shot, anyway...

visible soul
09-18-2003, 01:08 AM
design64-
With Ireeder's help I was able to install the applications that I wanted. The trick is to hit refresh after a couple of minutes if the browser hangs on the "please wait" screen. Works like a charm. Thanks again Ireeder.

Open SSL worked great for secure webmail. The only problem is it expires in a month. I really need to find some support on why it doesn't work with the shared certificate.

Thanks for all the input.

lawrence
01-19-2004, 03:04 PM
A little late, but I just had a hankering to secure Neomail with Shared SSL. Here's how I did it:
-----

1. Enable Shared SSL in the Site Manager
(Site Applications -> Tools -> Shared SSL)

2. Edit /var/neomail/neomail.conf like so...

line 137: $scripturl = 'https://ssl4.westserver.net/mydomain.com/cgi-bin/plugins/neomail/neomail.pl';

line 141: $prefsurl = 'https://ssl4.westserver.net/mydomain.com/cgi-bin/plugins/neomail/neomail-prefs.pl';

line 158: $bg_url = 'https://ssl4.westserver.net/mydomain.com/plugins/neomail/images/neomail-bg.gif';

line 161: $logo_url = 'https://ssl4.westserver.net/mydomain.com/plugins/neomail/images/neomail.gif';

line 165: $image_url = 'https://ssl4.westserver.net/mydomain.com/plugins/neomail/images/';

3. Test https://ssl4.westserver.net/mydomain.com/cgi-bin/plugins/neomail/neomail.pl

-----
FYI, I have everything installed in the default locations. Obviously use your own domain name above. If you don't understand the instructions, you should probably not attempt this.

Hope this helps.
Lawrence

PS: I have had an excellent experience with Westhost - service, technical quality, and value. Reading these forums before choosing a hosting company helped me make my decision.


I've never set up SSL before so go easy on me :oops: but I have a question.

I would like to make Neomail secure. I tried using

https://ssl4.westserver.net/mydomain.com/cgi-bin/plugins/neomail/neomail.pl

but got a "software error" message instead of the login screen.

(I have installed Neomail and the shared SSL)

Would someone care to instruct a newbie on how I should set this up? With everything going on at WH I don't want to submit a support ticket this week unless I absolutely have to.

Thanks.
-DKC-