Secure OS/X Squirrelmail

I’m very disappointed with Apple at the moment. I expect careful, well-built systems from Apple. I expect things free video poker downloadpoker videofree online poker no download,free poker playing online,free online pokerfree texas holdem poker gamefree on line pokercrazy game of pokerfree online texas holdem poker,free holdem line poker texas,free texas holdem pokerfree internet pokerpoker strategyvideo poker softwareseven card stud poker,seven card stud,how to play seven card studfree texas hold em pokeronline poker schoolinternet poker gameonline casino poker tournamentfree poker game downloadonline roulette pokerlowest interest rate credit cardbest card credit rate transferassociate national bank credit card,associate bank card creditbalance card credit transfer ukcredit card application on line,application canadian card credit linecard credit debt reduction servicesbank card credit ge moneypoor credit gas card,mobile gas credit card,gas credit cardcard credit debt reduce tip,card credit debt guide reduce,reduce credit card debtsecured credit card canadacard credit service wirelessdiscover student credit cardacceptance card credit guaranteed ukgreen dot prepaid credit cardbest bad credit card offer,best credit card offer,best credit card offer on the internetbusiness accept credit cardstolen credit card numberscard consolidation credit loan,low interest credit card consolidation loanuk credit card applicationcredit card debt consolidation serviceslowest rate credit cardcard consumer counseling credit credit debt through,credit card counseling,card counseling credit debt debtbank one aarp credit card,bank card credit one,bank one visa credit cardfree online credit card,card credit free online,card credit free online processingcard credit discover mart wal,wal mart credit card,canada card credit mart walorchard bank unsecured credit cardcard chase com creditapplication bank card credit orchardcredit card processing for business,business card credit processing startcard consolidation credit debt getcard citibank credit securedbusiness card credit smallgas reward credit card to “just work” out of the box, and to do so very well and reliably (at least, most of the time). So, when I set up our webmail server on Leopard (OS/X 10.5) I was completely taken aback at the requirement that the webmail server use clear text authentication with the web server.

Now, I can hear what you thinking. Really, I can. “So what? It’s running on the mail server right, so who cares if it uses encryption or not?” Except that in order for this to work, the mail server needs to have clear text authentication enabled… and that means some fool is going to use it and open the server up to an attack! I spent some time trying to figure out how hard it would be to block clear text authentication from an outside network, but that just felt wrong… and, it didn’t look like an easy problem to solve. I just didn’t want our server to have any clear text authentication allowed, in any situation.

So now we get down to why I’m so disappointed with Apple. This is a trivial thing to do, if you know how. As a matter of fact, I would expect Apple to ship a secure system out-of-the-box, and not even give an option for making it dangerously insecure. But they’ve done it backwards: It ships insecure and there is absolutely no mention of the fact that changing a single line in /etc/squirrelmail/config/config.php will solve the problem.

Simply change this line:

$imap_auth_mech = 'login';

To this:

$imap_auth_mech = 'cram-md5';

And you’re good to go. Be sure to turn off PLAIN and CLEAR authentication methods on your server. They’re dangerous and shouldn’t even be available in today’s modern world, in my opinion.