Secure Remove Image not displayed for unsafe images

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Secure Remove Image not displayed for unsafe images

Sharon Stahl

Hello,
I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
      brought down and untarred from the squirrelmail site.
  Installed Plugins
     1. squirrel_logger - 2.3.1
     2. abook_import_export - 1.1
     3. calendar
     4. message_details
     5. squirrelspell
     6. delete_move_next - 3.1.0
     7. newmail
     8. translate - 1.3
     9. add_address - 1.0.3
     10. quicksave - 2.4.5
     11. multilogin - 2.4.2
     12. auto_cc - 2.0
     13. addgraphics - 2.3
     14. advanced_settings - 1.2.1s- 1.2.1smm
     15. get_uuencode - 3.2
     16. view_as_html - 3.8
     17. html_mail - 2.3
     18. preview_pane - 1.2
     19. select_range - 3.7.1
     20. tnef_decoder - 1.0
     21. autorespond - 0.5.1

We use the following rpm versions for postfix and dovecot (CentOS 7) ;
postfix-2.10.1-6.el7.x86_64
dovecot-2.2.10-7.el7.x86_64

My problem:
     In both firefox and chrome, when viewing html mail only a blank window
is shown where the unsafe image was removed.    I never see the
"removed image for security reasons".  This is the same for all users.
     There are no errors displayed in my logs; httpd, squirrelmail, nor php.

If someone can help me with this, it would be great.  We have been running
squirrelmail for some time now and I am bringing up a new server.  I have
installed everything by hand and compared this with the old server. When
I inspect the image, it appears that the call is to "blank.png" instead of
to "sec_remove_eng.png" as in my other older installation.

Aloha, Sharon Stahl


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Secure Remove Image not displayed for unsafe images

Paul Lesniewski


On 2017年03月03日 10:48, Sharon Stahl wrote:

>
> Hello,
> I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
> My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
>       brought down and untarred from the squirrelmail site.
>   Installed Plugins
>      1. squirrel_logger - 2.3.1
>      2. abook_import_export - 1.1
>      3. calendar
>      4. message_details
>      5. squirrelspell
>      6. delete_move_next - 3.1.0
>      7. newmail
>      8. translate - 1.3
>      9. add_address - 1.0.3
>      10. quicksave - 2.4.5
>      11. multilogin - 2.4.2
>      12. auto_cc - 2.0
>      13. addgraphics - 2.3
>      14. advanced_settings - 1.2.1s- 1.2.1smm
>      15. get_uuencode - 3.2
>      16. view_as_html - 3.8
>      17. html_mail - 2.3
>      18. preview_pane - 1.2
>      19. select_range - 3.7.1
>      20. tnef_decoder - 1.0
>      21. autorespond - 0.5.1
>
> We use the following rpm versions for postfix and dovecot (CentOS 7) ;
> postfix-2.10.1-6.el7.x86_64
> dovecot-2.2.10-7.el7.x86_64
>
> My problem:

It isn't a "problem"

>      In both firefox and chrome, when viewing html mail only a blank window
> is shown where the unsafe image was removed.    I never see the
> "removed image for security reasons".  This is the same for all users.
>      There are no errors displayed in my logs; httpd, squirrelmail, nor php.

Because it's not an error

> If someone can help me with this, it would be great.  We have been running
> squirrelmail for some time now and I am bringing up a new server.  I have
> installed everything by hand and compared this with the old server. When
> I inspect the image, it appears that the call is to "blank.png" instead of
> to "sec_remove_eng.png" as in my other older installation.

If you prefer the more messy look and the loud security warning, change
$use_transparent_security_image in the configuration file or use conf.pl
and look for option 20 under the "General Settings"

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Reply/Reply To/Forward do appear unless using preview pane

Sharon Stahl
In reply to this post by Sharon Stahl

> Hello,
> I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
> My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
>      brought down and untarred from the squirrelmail site.
>  Installed Plugins
>     1. squirrel_logger - 2.3.1
>     2. abook_import_export - 1.1
>     3. calendar
>     4. message_details
>     5. squirrelspell
>     6. delete_move_next - 3.1.0
>     7. newmail
>     8. translate - 1.3
>     9. add_address - 1.0.3
>     10. quicksave - 2.4.5
>     11. multilogin - 2.4.2
>     12. auto_cc - 2.0
>     13. addgraphics - 2.3
>     14. advanced_settings - 1.2.1s- 1.2.1smm
>     15. get_uuencode - 3.2
>     16. view_as_html - 3.8
>     17. html_mail - 2.3
>     18. preview_pane - 1.2
>     19. select_range - 3.7.1
>     20. tnef_decoder - 1.0
>     21. autorespond - 0.5.1
>
> We use the following rpm versions for postfix and dovecot (CentOS 7) ;
> postfix-2.10.1-6.el7.x86_64
> dovecot-2.2.10-7.el7.x86_64

    I hope you can help me with this issue.  When users view their email
with
squirrelmail using the  Preview Pane option, the following bar is displayed
Message List
<https://webmail.soest.hawaii.edu/webmail/src/right_main.php?sort=6&startMessage=1&mailbox=INBOX> |
Unread
<https://webmail.soest.hawaii.edu/webmail/src/right_main.php?unread_passed_id=1399087&sort=6&startMessage=1&mailbox=INBOX> |
Unread
<https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1> |
Delete
<https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1%27;%20document.location=%27../plugins/preview_pane/empty_frame.php%27;%20return%20false;%7D>
        Previous
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399088&mailbox=INBOX&sort=6&startMessage=1&show_more=0> |
Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399086&mailbox=INBOX&sort=6&startMessage=1&show_more=0>
        Forward
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward> |
Forward as Attachment
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward_as_attachment> |
Reply
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply> |
Reply All
<https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply_all>



...but when they do NOT use the Preview Pane option, they only see this bar
Delete & Prev
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw> |
Unread & Prev
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
Unread & Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
Delete & Next
<https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw>

       and get NO option to reply to message.

   I have notified the users to make sure that they use 'Preview Pane'
for now
so they will get the Reply, etc options.

Any help would be greatly appreciated.

Aloha, Sharon Stahl

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Reply/Reply To/Forward do appear unless using preview pane

Sharon Stahl
Hello,
   Please disregard this message.  I have determined the problem is with
a plugin
and  I will pursue this through the proper channel if I cannot work it
out myself.
Sorry for the bother but thank you for being out there.

Aloha, Sharon Stahl


On 03/15/2017 03:03 PM, Sharon Stahl wrote:

>
>> Hello,
>> I am using Apache 2.4 with PHP7.0 on a linux CentOS 7 system
>> My squirrelmail version is the 1.4.23, squirrelmail-20170203_0201-SVN
>>      brought down and untarred from the squirrelmail site.
>>  Installed Plugins
>>     1. squirrel_logger - 2.3.1
>>     2. abook_import_export - 1.1
>>     3. calendar
>>     4. message_details
>>     5. squirrelspell
>>     6. delete_move_next - 3.1.0
>>     7. newmail
>>     8. translate - 1.3
>>     9. add_address - 1.0.3
>>     10. quicksave - 2.4.5
>>     11. multilogin - 2.4.2
>>     12. auto_cc - 2.0
>>     13. addgraphics - 2.3
>>     14. advanced_settings - 1.2.1s- 1.2.1smm
>>     15. get_uuencode - 3.2
>>     16. view_as_html - 3.8
>>     17. html_mail - 2.3
>>     18. preview_pane - 1.2
>>     19. select_range - 3.7.1
>>     20. tnef_decoder - 1.0
>>     21. autorespond - 0.5.1
>>
>> We use the following rpm versions for postfix and dovecot (CentOS 7) ;
>> postfix-2.10.1-6.el7.x86_64
>> dovecot-2.2.10-7.el7.x86_64
>
>    I hope you can help me with this issue.  When users view their
> email with
> squirrelmail using the  Preview Pane option, the following bar is
> displayed
> Message List
> <https://webmail.soest.hawaii.edu/webmail/src/right_main.php?sort=6&startMessage=1&mailbox=INBOX> |
> Unread
> <https://webmail.soest.hawaii.edu/webmail/src/right_main.php?unread_passed_id=1399087&sort=6&startMessage=1&mailbox=INBOX> |
> Unread
> <https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1> |
> Delete
> <https://webmail.soest.hawaii.edu/webmail/src/delete_message.php?mailbox=INBOX&message=1399087&smtoken=bmZin7ZU71aw&sort=6&startMessage=1%27;%20document.location=%27../plugins/preview_pane/empty_frame.php%27;%20return%20false;%7D>
> Previous
> <https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399088&mailbox=INBOX&sort=6&startMessage=1&show_more=0> |
> Next
> <https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399086&mailbox=INBOX&sort=6&startMessage=1&show_more=0>
> Forward
> <https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward> |
> Forward as Attachment
> <https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=forward_as_attachment> |
> Reply
> <https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply> |
> Reply All
> <https://webmail.soest.hawaii.edu/webmail/src/compose.php?passed_id=1399087&mailbox=INBOX&startMessage=1&passed_ent_id=0&smaction=reply_all>
>
>
>
> ...but when they do NOT use the Preview Pane option, they only see
> this bar
> Delete & Prev
> <https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw> |
> Unread & Prev
> <https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399084&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
> Unread & Next
> <https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&unread_id=1399083&smtoken=bmZin7ZU71aw> |
> Delete & Next
> <https://webmail.soest.hawaii.edu/webmail/src/read_body.php?passed_id=1399082&mailbox=INBOX&sort=6&startMessage=1&show_more=0&delete_id=1399083&smtoken=bmZin7ZU71aw>
>
>       and get NO option to reply to message.
>
>   I have notified the users to make sure that they use 'Preview Pane'
> for now
> so they will get the Reply, etc options.
>
> Any help would be greatly appreciated.
>
> Aloha, Sharon Stahl
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Loading...