Prevent Squirrelmail from showing its version (2)

Another shot at this, the one before used the setting for displaying a custom logo, sort of branding with a link, etc, etc.
This one, uses no logo at all, but the provided blank png file, so it will present a clean login interface, and, more importantly, no disclosure of the Squirrelmail version.

$org_name        = " ";
$org_logo        = SM_PATH . 'images/blank.png';
$org_logo_width  = '1';
$org_logo_height = '1';
$org_title       = " ";
$signout_page    = '';
$frame_top       = '_top';

$provider_uri    = ' ';

$provider_name   = ' ';

Prevent Squirrelmail from showing its version

This might be a security through obscurity tip, but, nevertheless it is security, or at least, it is a bit of discretion :)

I love Squirrelmail, but even if you enable the CAPTCHA login,by default, Squirrelmail shows which version it is running and on which platform it is installed, without even login to the system, simply by typing anything as username/ password.

This paths apply for the Squirrelmail on a RHEL 5/ CentOS 5 plain vanilla installation, but the procedure is the same for any other.

To disable this information, you have to edit three php files:

/etc/squirrelmail/config.php
/usr/share/squirrelmail/src/login.php
/usr/share/squirrelmail/functions/display_messages.php

Make a copy of the files, just in case:

sudo /etc/squirrelmail/config.php \
/etc/squirrelmail/config.php.ORIG
sudo cp /usr/share/squirrelmail/src/login.php \
/usr/share/squirrelmail/src/login.php.ORIG
sudo cp /usr/share/squirrelmail/functions/display_messages.php \
/usr/share/squirrelmail/functions/display_messages.php.ORIG

Then, edit the files, as root, with your favorite text editor,

File "display_messages.php":
The file "display_messages.php" has to go from this:

 '<small>'. sprintf (_("SquirrelMail version %s"), $version) . '<br />'.
 _("By the SquirrelMail Project Team") . "<br /></small>\n" ).

to this:

 '<small>' . sprintf (_(" "), $version) . '<br />'.
 _(" ") . "<br /></small>\n" ).

File "login.php":
The file "login.php" has to be edited from this:

'<small>' . sprintf (_("SquirrelMail version %s"), $version) . '<br />' ."\n".
'  ' . _("By the SquirrelMail Project Team") . '<br />' . "\n" ) .

To this:

// <small>' . sprintf (_("SquirrelMail version %s"), $version) . '<br />' ."\n".
  <small>' . sprintf (_(""), $version) . '<br />' ."\n".
//    '  ' . _("By the SquirrelMail Project Team") . '<br /></small>' . "\n" ) .
  '  ' . _("") . '<br /></small>' . "\n" ) .

File "config.php":
Edit from this:

$org_name      = "SquirrelMail";
$org_logo      = SM_PATH . 'images/sm_logo.png';
$org_logo_width  = '308';
$org_logo_height = '111';
$org_title     = "SquirrelMail $version";
$signout_page  = '';
$frame_top     = '_top';
$provider_uri     = 'http://www.squirrelmail.org/';
$provider_name     = 'SquirrelMail';

To this: (or something similar)

$org_name      = "Webmail Your Corporation";
$org_logo      = SM_PATH . 'images/your_corporation_logo.jpg';
$org_logo_width  = '125';
$org_logo_height = '100';
$org_title     = "Your Corporation";
$signout_page  = '';
$frame_top     = '_top';
$provider_uri     = 'http://www.yourcorp.com';
$provider_name     = 'Your Corp';

To edit the file "config.php", you can also use the builtin "conf.pl" too.

SquirrelMail: Protect your nuts with a Captcha

Setting up a catpcha enabled login on any recent SquirrelMail is as easy as 1,2,3. On this case, I'll setup the reCAPTCHA implementation, which is totally web based, and it also serves a very good cause
First, get the plugin CAPTCHA, download it to your 'plugins' directory.
Untar it:

tar zxf captcha-x.x-x.x.x.tar.gz


cd' onto the new directory, copy/ rename the sample configuration file:

cp config.sample.php config.php

Open with your favorite text editor the config.php file, and scroll all the way till the end of the file, and add the captcha you'll want to use:

$captcha_backend = 'recaptcha';


Then, do a similar thing for the recaptcha configuration file, cd' to the directory 'plugins/captcha/backends/recaptcha/', and copy/ rename the configuration file:

cp recaptcha_config.sample.php recaptcha_config.php


If you already have a reCAPTCHA account, then edit the recaptcha_config.php file with the Public & Private key; if you don't have one, go to the Sign up page, it's free, and in less than 2 minutes, you'll have you key pair ready to go.

Once the keys are in place, and the file is edited and saved, cd' to the 'config' directory on your SquirrelMail setup, and run './conf.pl', type 8 to go to the Plugins section, and add the Captcha one, save, and you are done, you'll have a Captcha enabled login page on SquirrelMail.

One last thing you might want to experiment are the 'themes' of the recaptcha, edit the 'recaptcha_config.php' file on the 'plugins/captcha/backends/recaptcha/' directory, on my case, I like the one called "white".