This may not be the perfect solution but it is probably the simplest reality for most people as the tools are easily available to everyone. Here I will use two setups. One for a connection from a window$ client and one a connection from a ..nix variant.
Tools needed:
Window$:
The excellent and free putty program ( http://www.chiark.greenend.org.uk/~sgtatham/putty/ )
..nix:
ssh ( this is part of most ..nix distributions )
to see if it is installed, at the command prompt ssh -V
if not openssh should get you up to speed
move the qmailctl.cgi program into its own folder on the server
e.g.
cd <mycgi-bin directory>
mkdir mailctl
mv qmailctl.cgi mailctl
Setup the folder where you just placed qmailctl.cgi to be password protected and only accessed locally.
As an example for apache: edit the apache.conf (httpd.conf) file to allow AuthConfig for the cgi-bin directory tree
<Directory "/path/to/cgi-bin/directory"> AllowOverride AuthConfig Allow from 127.0.0.1 Options None Order allow,deny </Directory>Create a htaccess file for the new directory
cd <mycgi-bin directory/mailctl> touch .htaccess chmod 640 .htaccessedit .htaccess to be
AuthName "qmailctl" AuthType Basic
Now create the password database
htpasswd -bc /path/to/password/file username passwordNow this is done you will have a password protected qmailctl program only accessible from the loopback address ( 127.0.0.1 ). We will be using port 1025 on the local computer, substitute any port you wish. One thing though qmailctl.conf will have to be setup to allow a connection from whatever port you use. i.e. the port line in qmailctl.conf should be changed to read: port=1025 if using port 1025 locally. Also the ip line in qmailctl.conf will have to be set accordingly, i.e. at least having 127.0.0.1 as an originating address, or you will receive an access denied message from the server and a report sent to the mail address setup to get administrative alerts from qmailctl.cgi.
In ..nix at the command prompt login to the server that qmailctl.cgi runs on via ssh using a tunnel. We use the -L switch for this
ssh [email protected] -L 1025:127.0.0.1:80
we are logging onto our server and asking ssh to create a tunnel on the local machine on port 1025. Now if we use a web browser on the local machine and tell the browser to use port 1025 the request will be encrypted across the link then unencrypted and sent to port 80 on the remote server... neat.
user:~$ mozilla http://localhost:1025/cgi-bin/mailctl/qmailctl.cgi
This request should get us to the password prompt to logon to use qmailctl.cgi on the remote server.
For window$ start putty and use these settings:
replacing www.myserver.comnet with the name/IP of your server.
Use your browser of choice to login
C:\> mozilla http://localhost:1025/cgi-bin/mailctl/qmailctl.cgi
questions /comments to:
