The content of this document may be incorrect or outdated.
Print this article Edit this article
Webmail By-Hand Install
Install on the host webmail01.ecn.purdue.edu. Based on document https://wiki.debian.org/Horde.
Create blank server
Create a blank BASIC_SERVER Ubuntu 18.04 LTS host named webmail01.ecn.purdue.edu.
Install packages
As root, on the Ubuntu 18.04 LTS host webmail01.ecn.purdue.edu install the packages php-horde-webmail and mysql-server.
# apt install php-horde-webmail
# apt install mysql-server
Install database account
Initialize the MySQL database to allow Horde to connect and store data.
# mysql mysql
mysql> CREATE DATABASE horde;
mysql> GRANT ALL PRIVILEGES ON horde.* TO 'horde' IDENTIFIED BY 'secret';
Initialize Horde
Initialize Horde, configuring it to use MySQL. This is an interactive script. Some answers are set to the default by hitting Return.
# /usr/bin/webmail-install
mysql
horde
secret
<Return>
<Return>
horde
<Return>
false
<Return>
<Return>
<Return>
Initialize Horde admin account
Initialize Horde admin account.
# mysql horde
mysql> source /usr/share/php/data/horde/scripts/sql/script.initial_horde_user.sql
Install certificate
Make sure the host has a certificate file available.
(Run on Harbor, as root.)
# cd /local/a/certs
# ./send-key webmail01
# ssh webmail01 bash <output/webmail01.sh
# rm output/webmail01.sh
Update certificate
Edit the file /etc/apache2/sites-available/default-ssl.conf, and replace the SSLCertificate directives with ones that point to the Webmail certificate.
# SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
ServerName webmail.ecn.purdue.edu
SSLCertificateFile /etc/ssl/certs/webmail.ecn.purdue.edu.crt
SSLCertificateKeyFile /etc/ssl/private/webmail.ecn.purdue.edu.key
SSLCACertificateFile /etc/ssl/certs/incommon-intermediate.crt
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Add redirect
Create the file /var/www/html/.htaccess to redirect default requests to Horde.
Redirect "https://webmail.ecn.purdue.edu/horde/"
Allow redirect
Create the file /etc/apache2/sites-enabled/redirect.conf to allow the redirection file to work.
<Directory /var/www/html>
AllowOverride FileInfo
</Directory>
Configure apache
Configure Apache to use SSL, and restart server.
# a2enmod ssl
# a2ensite default-ssl
# systemctl reload apache2
Initialize servers
Make the Horde directory /etc/horde/imp/backends.d/. Create the Horde configuration file /etc/horde/imp/backends.d/20-ecn.php to select which ECN mail servers to allow.
<?php
$serversproc_servlist = array(
'atom',
'bridge',
'danpatch',
'dynamo',
'eagle',
'fairway',
'friction',
'gilbreth',
'green',
'helios',
'materials',
'min',
'pasture',
'pier',
'project',
'roger',
'rvl4',
'shay',
'stargate',
'synergy',
'torsion',
'weldon'
);
foreach ($serversproc_servlist as $serversproc_server) {
$servers[$serversproc_server] = array(
'name' => $serversproc_server,
'hostspec' => $serversproc_server . '.ecn.purdue.edu',
'protocol' => 'imap',
'secure' => 'tls',
'port' => 143,
'maildomain' => 'ecn.purdue.edu',
'capability_ignore' => array('ESEARCH')
);
}
Use servers
Make the Horde directory /etc/horde/imp/conf.d. Create the Horde configuration file /etc/horde/imp/conf.d/20-ecn.php to use the server list.
<?php
$conf['server']['server_list'] = 'shown';
Require group membership
Save a copy of the file /etc/horde/imp/hooks.php to hooks.php.save. Then add to the bottom of the file the following code just before the final } (so it's part of the class)..
public function postauthenticate($userId, $credentials)
{
// See if the account is in UNIX group ecnwmail or ecnstaff
$ret = false;
$ingroups = array('ecnwmail', 'ecnstaff', 'ecntest');
$handle = fopen('/etc/group', 'r');
if ($handle) {
while ($fields = fgetcsv($handle, 0, ':')) {
if (in_array($fields[0], $ingroups)) {
$members = str_getcsv($fields[3], ',');
if (in_array($userId, $members)) {
$ret = true;
break;
}
}
}
fclose($handle);
}
// Allow or deny login
Horde::log(sprintf("User '%s' result '%s'", $userId, $ret), 'WARN');
return $ret;
}
Large attachments
Update the php.ini configuration to allow for large attachments.
*** /etc/php/7.2/apache2/php.ini.orig 2021-12-16 09:46:02.161184158 -0500
--- /etc/php/7.2/apache2/php.ini 2021-12-16 09:44:21.328424227 -0500
***************
*** 398,404 ****
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
! memory_limit = 1024M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
--- 398,405 ----
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
! ;memory_limit = 128M
! memory_limit = 300M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
***************
*** 666,672 ****
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
! post_max_size = 8M
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
--- 667,674 ----
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
! ;post_max_size = 8M
! post_max_size = 300M
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
***************
*** 819,825 ****
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
! upload_max_filesize = 2M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
--- 821,828 ----
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
! ;upload_max_filesize = 2M
! upload_max_filesize = 300M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
Security patch
Apply this patch to mitigate a security vulnerability:
root@webmail01:/etc/horde/horde# diff mime_drivers.php.save mime_drivers.php
415a416
> 'disable' => true,
Last Modified:
Oct 18, 2023 2:31 pm GMT-4
Created:
Sep 27, 2021 1:44 pm GMT-4
by
admin
JumpURL: