Michele's wiki/blog

In fact, there is not much to do. We need to point some sensible URL to the main SquirrelMail directory, which is /usr/share/squirrelmail in the default RedHat 9.0 distribution. We do this with the Alias directive in httpd.conf.

Then create a directory ./attachments in /usr/share/squirrelmail, and chmod it to apache:apache (xr for everybody else); inside ./attachments, create .htaccess with the single line deny from all. Also chmod /var/lib/squirrelmail/prefs to root:apache. Run the script /usr/share/squirrelmail/config/conf.pl, and change the Organization, the IMAP server, and the location of the attachment directory.

Finally, SquirrelMail will run happily under https (at least if SSL is enabled in apache, as it is in the standard RedHat 9.0 distribution). An easy way to force secure connections is to close port 80 on the web server, and open port 443. Otherwise, a plugin might be available on the SquirrelMail website to force at least secure logins.