Discussion:
[SM-USERS] Secure Remove Image not displayed for unsafe images
Sharon Stahl
2017-03-03 18:48:40 UTC
Permalink
Hello,
I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
brought down and untarred from the squirrelmail site.
Installed Plugins
1. squirrel_logger - 2.3.1
2. abook_import_export - 1.1
3. calendar
4. message_details
5. squirrelspell
6. delete_move_next - 3.1.0
7. newmail
8. translate - 1.3
9. add_address - 1.0.3
10. quicksave - 2.4.5
11. multilogin - 2.4.2
12. auto_cc - 2.0
13. addgraphics - 2.3
14. advanced_settings - 1.2.1s- 1.2.1smm
15. get_uuencode - 3.2
16. view_as_html - 3.8
17. html_mail - 2.3
18. preview_pane - 1.2
19. select_range - 3.7.1
20. tnef_decoder - 1.0
21. autorespond - 0.5.1

We use the following rpm versions for postfix and dovecot (CentOS 7) ;
postfix-2.10.1-6.el7.x86_64
dovecot-2.2.10-7.el7.x86_64

My problem:
In both firefox and chrome, when viewing html mail only a blank window
is shown where the unsafe image was removed. I never see the
"removed image for security reasons". This is the same for all users.
There are no errors displayed in my logs; httpd, squirrelmail, nor php.

If someone can help me with this, it would be great. We have been running
squirrelmail for some time now and I am bringing up a new server. I have
installed everything by hand and compared this with the old server. When
I inspect the image, it appears that the call is to "blank.png" instead of
to "sec_remove_eng.png" as in my other older installation.

Aloha, Sharon Stahl


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-***@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Paul Lesniewski
2017-03-10 17:36:45 UTC
Permalink
Post by Sharon Stahl
Hello,
I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
brought down and untarred from the squirrelmail site.
Installed Plugins
1. squirrel_logger - 2.3.1
2. abook_import_export - 1.1
3. calendar
4. message_details
5. squirrelspell
6. delete_move_next - 3.1.0
7. newmail
8. translate - 1.3
9. add_address - 1.0.3
10. quicksave - 2.4.5
11. multilogin - 2.4.2
12. auto_cc - 2.0
13. addgraphics - 2.3
14. advanced_settings - 1.2.1s- 1.2.1smm
15. get_uuencode - 3.2
16. view_as_html - 3.8
17. html_mail - 2.3
18. preview_pane - 1.2
19. select_range - 3.7.1
20. tnef_decoder - 1.0
21. autorespond - 0.5.1
We use the following rpm versions for postfix and dovecot (CentOS 7) ;
postfix-2.10.1-6.el7.x86_64
dovecot-2.2.10-7.el7.x86_64
It isn't a "problem"
Post by Sharon Stahl
In both firefox and chrome, when viewing html mail only a blank window
is shown where the unsafe image was removed. I never see the
"removed image for security reasons". This is the same for all users.
There are no errors displayed in my logs; httpd, squirrelmail, nor php.
Because it's not an error
Post by Sharon Stahl
If someone can help me with this, it would be great. We have been running
squirrelmail for some time now and I am bringing up a new server. I have
installed everything by hand and compared this with the old server. When
I inspect the image, it appears that the call is to "blank.png" instead of
to "sec_remove_eng.png" as in my other older installation.
If you prefer the more messy look and the loud security warning, change
$use_transparent_security_image in the configuration file or use conf.pl
and look for option 20 under the "General Settings"
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-***@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforg
Sharon Stahl
2017-03-16 01:03:55 UTC
Permalink
Post by Sharon Stahl
Hello,
I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
brought down and untarred from the squirrelmail site.
Installed Plugins
1. squirrel_logger - 2.3.1
2. abook_import_export - 1.1
3. calendar
4. message_details
5. squirrelspell
6. delete_move_next - 3.1.0
7. newmail
8. translate - 1.3
9. add_address - 1.0.3
10. quicksave - 2.4.5
11. multilogin - 2.4.2
12. auto_cc - 2.0
13. addgraphics - 2.3
14. advanced_settings - 1.2.1s- 1.2.1smm
15. get_uuencode - 3.2
16. view_as_html - 3.8
17. html_mail - 2.3
18. preview_pane - 1.2
19. select_range - 3.7.1
20. tnef_decoder - 1.0
21. autorespond - 0.5.1
We use the following rpm versions for postfix and dovecot (CentOS 7) ;
postfix-2.10.1-6.el7.x86_64
dovecot-2.2.10-7.el7.x86_64
I hope you can help me with this issue. When users view their email
with
squirrelmail using the Preview Pane option, the following bar is displayed
Message List
<https://webmail.soest.hawaii.edu/webmail/src/right_main.php?sort=6&startMessage=1&mailbox=INBOX> |
Unread
<https://webmail.soest.hawaii.edu/webmail/src/right_main.php?unread_passed_id=1399087&sort=6&startMessage=1&mailbox=INBOX> |
Unread
<https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1> |
Delete
<https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1%27;%20document.location=%27../plugins/preview_pane/empty_frame.php%27;%20return%20false;%7D>
Previous
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399088&mailbox=INBOX&sort=6&startMessage=1&show_more=0> |
Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399086&mailbox=INBOX&sort=6&startMessage=1&show_more=0>
Forward
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward> |
Forward as Attachment
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward_as_attachment> |
Reply
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply> |
Reply All
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply_all>



...but when they do NOT use the Preview Pane option, they only see this bar
Delete & Prev
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw> |
Unread & Prev
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
Unread & Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
Delete & Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw>

and get NO option to reply to message.

I have notified the users to make sure that they use 'Preview Pane'
for now
so they will get the Reply, etc options.

Any help would be greatly appreciated.

Aloha, Sharon Stahl

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-***@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Sharon Stahl
2017-03-16 20:36:06 UTC
Permalink
Hello,
Please disregard this message. I have determined the problem is with
a plugin
and I will pursue this through the proper channel if I cannot work it
out myself.
Sorry for the bother but thank you for being out there.

Aloha, Sharon Stahl
Post by Sharon Stahl
Post by Sharon Stahl
Hello,
I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
brought down and untarred from the squirrelmail site.
Installed Plugins
1. squirrel_logger - 2.3.1
2. abook_import_export - 1.1
3. calendar
4. message_details
5. squirrelspell
6. delete_move_next - 3.1.0
7. newmail
8. translate - 1.3
9. add_address - 1.0.3
10. quicksave - 2.4.5
11. multilogin - 2.4.2
12. auto_cc - 2.0
13. addgraphics - 2.3
14. advanced_settings - 1.2.1s- 1.2.1smm
15. get_uuencode - 3.2
16. view_as_html - 3.8
17. html_mail - 2.3
18. preview_pane - 1.2
19. select_range - 3.7.1
20. tnef_decoder - 1.0
21. autorespond - 0.5.1
We use the following rpm versions for postfix and dovecot (CentOS 7) ;
postfix-2.10.1-6.el7.x86_64
dovecot-2.2.10-7.el7.x86_64
I hope you can help me with this issue. When users view their
email with
squirrelmail using the Preview Pane option, the following bar is displayed
Message List
<https://webmail.soest.hawaii.edu/webmail/src/right_main.php?sort=6&startMessage=1&mailbox=INBOX> |
Unread
<https://webmail.soest.hawaii.edu/webmail/src/right_main.php?unread_passed_id=1399087&sort=6&startMessage=1&mailbox=INBOX> |
Unread
<https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1> |
Delete
<https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1%27;%20document.location=%27../plugins/preview_pane/empty_frame.php%27;%20return%20false;%7D>
Previous
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399088&mailbox=INBOX&sort=6&startMessage=1&show_more=0> |
Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399086&mailbox=INBOX&sort=6&startMessage=1&show_more=0>
Forward
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward> |
Forward as Attachment
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward_as_attachment> |
Reply
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply> |
Reply All
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply_all>
...but when they do NOT use the Preview Pane option, they only see this bar
Delete & Prev
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw> |
Unread & Prev
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
Unread & Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
Delete & Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw>
and get NO option to reply to message.
I have notified the users to make sure that they use 'Preview Pane'
for now
so they will get the Reply, etc options.
Any help would be greatly appreciated.
Aloha, Sharon Stahl
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-***@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Loading...