Securing WebMail (if only just a little bit)

November 19, 2006

By default, the squirrelmail conf only allows plaintext, but you don’t have to enable that just because of your webmail users. To fix it, just do:

sudo /etc/squirrelmail/config/config.pl

And set Server Settings > Update IMAP Settings > Authentication type > cram-md5. There are a bunch of other useful settings there that should be checked as well. This must be mentioned in the docs as well.