On Wed, 19 Jul 2006 07:22:13 -0500, Eric Johnson wrote > Which web mail package is easiest to install and use on > OpenBSD? Are there any gaping security holes? > > Eric Johnson
Someone posted a question about a week or two ago for a chrooted web-based email system. Nick Holland (I think) wrote how if you really understood programming, you would know how extremely difficult implementing a chrooted web-based email system really is. (This is my words, Nick probably meant or said something else entirely but that's what I got out of it even if I'm mistaken.) Anyways Nick suggested Openwebmail. I tried it and I would say without a doubt it's the easiest to install. It was hard to figure it out for me but after I did, I said to myself, that was easy. Here's what you do: Get sendmail running and spamd (most of this requires only uncommenting lines in several configuration files). Now you have a spam fighting MTA. Use pkg_add openwebmail to install it. This will install all the dependencies. Read the readme.txt file on openwebmail's website. It shows how to change the rights (chmod) of a few files in /var/www/cgi-bin/openwebmail/*. These same files are owned by user 276 for some reason, you need to change the owner to the right user but I forget which (I think root). Now read man ssl to get httpd running with with https. Add httpd_flags="-u -DSSL". Now go into /var/www/conf/httpd.conf and modify it so that all http request go to https. This is in the virtual table section. Then reboot. The beauty is this: I don't need pop or imap or mysql or php or python or ruby installed. All I need is a base openbsd system and openwebmail (using pkg_add). You may want to read man starttls too so that your MTA can encrypt email to any MTA that understands and uses starttls. One other guy posted that openwebmail doesn't support maildir. Maildir is supposedly better, but with valid reasons. Even though those reasons sound good I haven't come across any reasons that say mbox should not be used or is not capable of handling a significant amount of users. Sendmail with mbox has been around handling thousands of users in universities and corporations way before qmail and postfix came about so sendmail and mbox should be more than adequate. One thing I've read that's a disadvantage to maildir is that you can run out of inodes and that's bad when it happens. Keep in mind, I'm no big times email administrator so take this with a grain of salt but this has been my experience and research so far. I'd be glad to hear from some people how I'm wrong on this. I would find it interesting.