To secure squirrelmail, edit the following file and edit it to look like below.
Alias /webmail /usr/share/squirrelmail
Options Indexes MultiViews
Deny from all
Allow from all
NB: Remember now the only way to access mail is by https://……../webmail not http://……/webmail otherwise you get a nice page saying Forbidden!