I have my own email server, running in a VM under Xen. I want to setup another Xen VM with a web mail system, to let my users access their mail from a web browser.
I want to use Debian Stable, which right now is Debian 5.0 Lenny, for the VM. I also want all my software to be free, open source software.
What is the best webmail system? It seems that the most popular one is Squirrelmail. Should I just use that? Are there any other webmail systems out there that might be better/more secure?
My plan is to configure the webmail to use secure IMAP (over SSH, on port 993) to talk to the mail server. This is so that, if someone manages to crack the webmail server, they will have less of an easy time to attack the mail server. But I guess the main worry would be if an attacker just modifies the webmail system to collect passwords, so perhaps this is pointless and I should just have the webmail talk to the mail server over plain IMAP. (Hmmm, mental note: must post a question about intrusion detection.)
Any other advice on setting up a webmail system would be gratefully accepted.