Screenshot of the SquirrelMail message view
|Original author(s)||Nathan and Luke Ehresman|
|Developer(s)||The SquirrelMail Project Team|
|Initial release||14 December 1999|
|Stable release||1.4.22 (12 July 2011[±])|
|Preview release||1.5.2 / 17 August 2012|
|Written in||PHP, C|
|Operating system||Linux, OS X, Windows, etc.|
|Available in||More than 50 languages|
|License||GNU General Public License v2|
The webmail portion of the project was started by Nathan and Luke Ehresman in 1999 and is written in PHP. SquirrelMail can be employed in conjunction with a LAMP "stack", and any other operating systems that support PHP are supported as well. The web server needs access to the IMAP server hosting the email and to an SMTP server to be able to send mails.
SquirrelMail webmail outputs valid HTML 4.0 for its presentation, making it compatible with a majority of current web browsers. SquirrelMail webmail uses a plugin architecture to accommodate additional features around the core application, and over 200 plugins are available on the SquirrelMail website
The SquirrelMail IMAP proxy server product was created in 2002 by Dave McMurtrie while at the University of Pittsburgh (where it was named "up-imapproxy", although it has become more commonly known as "imapproxy") and adopted by the SquirrelMail team in 2010. It is written in C and is primarily made to provide stateful connections for stateless webmail client software to an IMAP server, thus avoiding new IMAP logins for every client action and in some cases significantly improving webmail performance.
The webmail product is currently available in over 50 languages. SquirrelMail webmail is included in the repositories of many major GNU/Linux distributions and is independently downloaded by tens of thousands of people every month.
SquirrelMail IMAP Proxy compiles on most flavors of Unix, and can generally be used on the same platforms as the webmail product can be with the exception of Microsoft Windows, unless used in a Cygwin or similar environment.
New releases of the stable SquirrelMail product are made as needed to address any bugs or security issues which may be discovered. Development of new features and enhancements is concentrated on the development product, which, in time, will itself become the stable product. The SquirrelMail 1.5 Roadmap outlines some of the features slated for the next developmental release, including:
The SquirrelMail webmail client itself is a complete webmail system, but extra features are available in the form of plugins. A plugin allows non-standard features to be added to SquirrelMail, often without the need to modify the source code. There are over 200 third-party plugins available for download from the SquirrelMail website, and SquirrelMail ships with several "standard" or "core" plugins, allowing an administrator to add:
Examples of functionalities added by various third-party plugins include:
SquirrelMail webmail has been translated into over 50 languages including Arabic, Chinese, French, German, and Spanish.
HEC Montréal deployed SquirrelMail as part of a comprehensive webmail solution, to support thousands of users.
There are several mailing lists available. Several of the developers are available for live chat on IRC. A bug tracking system is available for reporting bugs or submitting patches. For administrators or companies official and third party commercial support is available.
On 27 May 2008 the SquirrelMail Team announced that, while the latest released version of their software was 1.4.13, a spammer was sending unsolicited email messages to various recipients about a 1.4.14-rc1 release candidate version which didn't really exist. The messages (usually titled "Internet Users Email Upgrade (IUEU)") urged recipients to upgrade immediately (because of supposed security issues) and contained a web link for users to do so. However, that web link pointed to a page where the spammer was collecting email addresses and passwords. Beside the fact that end users are not responsible for upgrading such software, that the "upgrade" page was merely a mock SquirrelMail login page made it clear that this was a Phishing attack. The "upgrade" page has been hosted on various compromised systems across the Internet and the attack has continued at least through July 2009 (sample).
As a result, the SquirrelMail team skipped version 1.4.14 and its next release after 1.4.13 was 1.4.15.
This versioning tactic was of limited effectiveness, as later phish runs referenced 1.4.15 instead of 1.4.14.