On Mon, Jan 15, 2007 at 10:12:28AM +0700, sang...@gmail.com wrote:

I think the best suggestion I can offer is to find a mailing list specific to your "secure" Linux variant, and ask the question there. On this list you will find expertise on sqwebmail, but probably not on unusual operating systems.

A default sqwebmail install on standard Linux just works, so I imagine that your "secure" Linux has in some way changed or broken the standard Unix security model. For example, if the setuid bit on the CGI is being ignored, then perhaps you need to find out what you need to do to make it be honoured again.

This is a good example of how supposedly "secure" systems can in practice be less secure than a standard one. It needs a much higher degree of systems knowledge to administer such a system safely.

Anyway, if I had to debug this myself, without knowing how this system differs from a standard Linux install, I'd:

1. Put everything back how it was, or reinstall from scratch.

2. Do a proper diagnosis of the problem. I'd run the sqwebmail CGI from the command line under 'strace'; or install a little shell script wrapper in the cgi-bin directory like

#!/bin/sh exec strace /path/to/sqwebmail.orig "$@" 2>/tmp/strace.out

Then login via the web to replicate the error, then look at the strace output, to check what socket it's trying to open and what permissions error you get. Then you look at the permissions on the socket and its enclosing directory (using ls -ld). If you can't explain why the request was refused, then you ask the question on a list specific to your modified Linux variant.

Regards,

Brian.

P.S. You still didn't specify what version of sqwebmail you're installing. This sort of information is a pre-requisite to getting useful help on mailing lists. http://www.catb.org/~esr/faqs/smart-questions.html#intro