Roundcube
Roundcube is a full-featured, PHP web-based mail client.
Installation
Install the roundcubemail package. Further you will need a database (e.g. MariaDB) and a web server with PHP-support.
Configuration
MariaDB
Here is an example on how you could setup a database for Roundcube with MariaDB called roundcubemail
for the user roundcube
identified by the password password
:
$ mysql -u root -p
CREATE DATABASE `roundcubemail` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; CREATE USER `roundcube`@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON `roundcubemail`.* TO `roundcube`@`localhost`; \q
For any database you use, you will need to initialize the roundcubemail database tables. Here is an example of how to do this with MariaDB:
$ mysql -u root -p roundcubemail < /usr/share/webapps/roundcubemail/SQL/mysql.initial.sql
SQLite
A SQLite DB will be created automatically by Roundcube. Ensure the file specified in the configuration is located in a basedir location. Consider adding /var/lib/roundcubemail
to your basedir definition. This implies creating the directory and chowning it to http
.
Other Databases
Roundcubemail has installation scripts for mssql, Oracle, and PostgreSQL.
Roundcube
Copy the example configuration file and adjust it to your configuration:
# cd /etc/webapps/roundcubemail/config # cp config.inc.php.sample config.inc.php # chown http:http config.inc.php
Set your mail server settings, and set enable_installer
to enable the setup wizard:
/etc/webapps/roundcubemail/config/config.inc.php
$config['db_dsnw'] = 'mysql://roundcube:****@localhost/roundcubemail'; $config['imap_host'] = 'ssl://localhost:993'; $config['smtp_host'] = 'ssl://localhost:465'; $config['des_key'] = 'some_awesome_long_semi_random_string'; $config['enable_installer'] = true;
For roundcube to be able to detect mime-types from filename extensions you need to point it to a mime.types file. Apache usually comes with one.
# cp /etc/httpd/conf/mime.types /etc/webapps/roundcubemail/config/mime.types # chown http:http /etc/webapps/roundcubemail/config/mime.types
/etc/webapps/roundcubemail/config/config.inc.php
$config['mime_types'] = RCUBE_INSTALL_PATH . 'config/mime.types';
If you are not using Apache, check the information available in /etc/webapps/roundcubemail/config/defaults.inc.php
.
PHP
Make sure to adjust following variables to these minimal values in your PHP configuration:
/etc/php/php.ini
date.timezone = "UTC"
and uncomment
extension=iconv
If you have configured open_basedir
in php.ini
, make sure it includes /etc/webapps
and /usr/share/webapps
, so PHP can open the required Roundcube files. If open_basedir
is disabled/commented out (the default setting), you do not have to do anything.
Webserver (Apache)
Copy the configuration file for Apache to its configuration directory:
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/roundcube.conf
And include it at the bottom of
/etc/httpd/conf/httpd.conf
Include conf/extra/roundcube.conf
Restart Apache (httpd.service
).
php_admin_value open_basedir
line, otherwise you will not be able to access the page.Webserver (Nginx)
Add a location block for RoundCube
/etc/nginx/nginx.conf
location /webmail { alias /usr/share/webapps/roundcubemail; access_log /var/log/nginx/roundcube_access.log; error_log /var/log/nginx/roundcube_error.log; # Favicon location ~ ^/webmail/favicon.ico$ { root /usr/share/webapps/roundcubemail/skins/classic/images; log_not_found off; access_log off; expires max; } # Robots file location ~ ^/webmail/robots.txt { allow all; log_not_found off; access_log off; } # Deny Protected directories location ~ ^/webmail/(config|temp|logs)/ { deny all; } location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; } location ~ ^/webmail/(bin|SQL)/ { deny all; } # Hide .md files location ~ ^/webmail/(.+\.md)$ { deny all; } # Hide all dot files location ~ ^/webmail/\. { deny all; access_log off; log_not_found off; } # Roundcube fastcgi config location ~ /webmail(/.*\.php)$ { include fastcgi.conf; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_split_path_info ^/webmail/(.+\.php)(/.*)$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PHP_VALUE open_basedir="/tmp/:/var/cache/roundcubemail:/usr/share/webapps/roundcubemail:/etc/webapps/roundcubemail:/usr/share/pear/:/var/log/roundcubemail"; } }
In a more recent version of Roundcube, manually setting fastcgi_split_path_info
and fastcgi_param PATH_INFO
caused Roundcube to malfunction. $request_filename
also did not work. The solution was this configuration:
location ~ /webmail/?$ { include fastcgi.conf; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/webapps/roundcubemail/index.php; fastcgi_param PHP_VALUE open_basedir="/tmp/:/var/cache/roundcubemail:/var/lib/roundcubemail:/usr/share/webapps/roundcubemail:/etc/webapps/roundcubemail:/usr/share/pear/:/var/log/roundcubemail:/var/lib/roundcubemail"; }
Using the different configuration will require an additional location block to access the installer:
installer
location block after installation, as it should only be used once. It is also safer to delete the /usr/share/webapps/roundcubemail/installer/
directory after installation as it will only be used for the installation step. It may be sufficient to remove $config['enable_installer'] = true;
from config.inc.php
as mentioned in the Install Roundcube section.location ~ /webmail/installer/?.*$ { include fastcgi.conf; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/webapps/roundcubemail/installer/index.php; fastcgi_param PHP_VALUE open_basedir="/tmp/:/var/cache/roundcubemail:/var/lib/roundcubemail:/usr/share/webapps/roundcubemail:/etc/webapps/roundcubemail:/usr/share/pear/:/var/log/roundcubemail:/var/lib/roundcubemail"; }
Finally restart the nginx.service
unit.
/dev/null
to the open_basedir
list.Install Roundcube
Finally you can visit the Roundcube installation wizard in your browser: http://localhost/roundcube/installer or http://localhost/webmail/installer/ if the alternate nginx config was used.
$config['enable_installer'] = true;
from config.inc.php
.Because the ~/roundcube/config
directory contains sensitive information about your server, it is also a good idea to disallow access to this directory by adding these lines, too.
/etc/httpd/conf/extra/roundcube.conf
<Directory /usr/share/webapps/roundcubemail/config> Options -FollowSymLinks AllowOverride None Require all denied </Directory>
Tips and tricks
Setting Roundcube up for use with an IMAP/SMTP server that only allows TLS authentication
It is quite common for modern IMAP/SMTP servers to only allow secured (encrypted) connection, say using STARTTLS. If you are setting Roundcube up for TLS connection, the web-based installer will not help you. You will need to edit the /etc/webapps/roundcubemail/config/config.inc.php
by hand, adding the following lines:
$config['imap_host'] = 'tls://mail.my_domain.org'; // For STARTTLS IMAP $config['imap_conn_options'] = [ 'ssl' => [ 'cafile' => '/etc/ssl/certs/Your_CA_certificate.pem', // For Letsencrypt use the following line if ISRG_Root_X1 is indeed the corresponding root certificate: //'cafile' => '/etc/ssl/certs/ISRG_Root_X1.pem', // Needed for example if you're using `localhost` as imap_host but your imap server presents another host name: //'peer_name' => 'mail.my_domain.org', ], ]; // For STARTTLS SMTP $config['smtp_conn_options'] = [ 'ssl' => [ 'cafile' => '/etc/ssl/certs/Your_CA_certificate.pem', // For Letsencrypt use the following line if ISRG_Root_X1 is indeed the corresponding root certificate: //'cafile' => '/etc/ssl/certs/ISRG_Root_X1.pem', // Needed for example if you're using `localhost` as imap_host but your imap server presents another host name: //'peer_name' => 'mail.my_domain.org', ], ];
where mail.my_domain.org
is the CN
host name in your SSL certificate (i.e. the hostname of your IMAP server), and /etc/ssl/certs/Your_CA_certificate.pem
is the path to your SSL certificate.
A complete list of PHP SSL configuration options can be found here. For example you might need to adjust the ciphers
element to correspond to the ciphers allowed by your IMAP server.
PDF and OpenDocument file preview
The following Roundcube extensions enable you to preview PDF or OpenDocument file attachements.
Install the roundcubemail-plugins-kolabAUR package and adjust following configuration file to enable the extensions.
/etc/webapps/roundcubemail/config/config.inc.php
$config['plugins'] = [ 'pdfviewer', 'odfviewer' ];
If you encounter any file permission issues, than try this command:
chown -R http:http /usr/share/webapps/roundcubemail/plugins/odfviewer/files
Calendar Support
Install the roundcubemail-plugins-kolabAUR package.
Update the roundcube database
# mysql -u root -p roundcubemail < /usr/share/webapps/roundcubemail/plugins/calendar/drivers/database/SQL/mysql.initial.sql
Configure the calendar service
The default configuration should suffice for most applications, however we still need to move it into place.
# cp /usr/share/webapps/roundcubemail/plugins/calendar/config.inc.php.dist /usr/share/webapps/roundcubemail/plugins/calendar/config.inc.php
Sabre\VObject\Property\Text Not Found
If you get this error, it means that either Sabre was not included with the plugin or it is out of date
# cd /usr/share/webapps/roundcubemail ; composer update ; composer require sabre/dav ~3.1.3
Enable the Plugin
/etc/webapps/roundcubemail/config/config.inc.php
$config['plugins'] = [ 'calendar' ];
Synchronize address book with CardDav contacts
It is useful to use the Roundcube address book to have auto-completion features for address fields etc. If you have your contacts stored somewhere else and the remote application offers a CardDav server for synchronization, then you can use the roundcubemail-plugin-carddavAUR extension to access your remote address book in Roundcube. To enable it, adjust following lines in your configuration file:
/etc/webapps/roundcubemail/config/config.inc.php
$config['plugins'] = [ 'carddav' ];
Further usage instructions can be found here.
Using Mark as Junk plugin to train SpamAssassin
The markasjunk
plugin adds "mark as spam" or "mark as not spam" button to the message menu. This following setup uses such facility to easily train the SpamAssassin filter with sa-learn
Create a copy of /usr/share/webapps/roundcubemail/plugins/markasjunk/config.inc.php.dist
as config.inc.php
in the same directory and modify it to your needs. Now, make sure to have the following:
/usr/share/webapps/roundcubemail/plugins/markasjunk/config.inc.php
$config['markasjunk_learning_driver'] = 'cmd_learn'; $config['markasjunk_spam_cmd'] = '/usr/bin/vendor_perl/sa-learn --spam --username=%u %f'; $config['markasjunk_ham_cmd'] = '/usr/bin/vendor_perl/sa-learn --ham --username=%u %f';
Enable the plugin:
/etc/webapps/roundcubemail/config/config.inc.php
$config['plugins'] = [ 'markasjunk' ];
Troubleshooting
SMTP Error: Authentication failure
You may first try to disable(comment) the following settings in config.inc.php as shown:
//$config['smtp_user'] = '%u'; //$config['smtp_pass'] = '%p';
Recipient address rejected
You may get one of these errors, depending if you use TLS or STARTTLS:
530 5.7.0 Must issue a STARTTLS command first 554 5.7.1 <>: Recipient address rejected: Access denied
If that happens try adding the following lines to config.inc.php:
$config['smtp_user'] = '%u'; $config['smtp_pass'] = '%p';
Running php8 and php7 on the same server with apache
If you run php7 and php8 on your server you have to run roundcube with php7-fpm. For this install the php7-fpm[broken link: package not found] package.
After this you have to enable the mysql extensions:
/etc/php7/php.ini
extension=mysqli extension=pdo_mysql
Now start/enable php-fpm7.service
You have to edit your Roundcube configuration:
/etc/httpd/conf/extra/roundcube.conf
<Directory "/usr/share/webapps/roundcubemail"> AllowOverride All Options FollowSymlinks Require all granted php_admin_value open_basedir "/tmp/:/var/cache/roundcubemail:/usr/share/webapps/roundcubemail:/etc/webapps/roundcubemail:/usr/share/pear/:/var/log/roundcubemail" <FilesMatch \.php$> SetHandler "proxy:unix:/var/run/php-fpm7/php-fpm.sock|fcgi://localhost/" </FilesMatch> </Directory>
Then restart httpd.service
.