Roundcube plugins

September 5, 2017 Roberto Puzzanghera0 comments

My enabled plugins are (at the moment):

  • password, which is already included in the plugins folder
  • managesieve, which writes sieve scripts to filter the incoming mails (reject, move to a specific folders etc.). Note that to use this you must have Dovecot managesieve enabled.
  • SpamAssassin-User-Prefs-SQL, which writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.
  • markasjunk2. You can add the sender's email address to the blacklist, or run a command such as sa_learn. Requires sauprefs.
  • rcguard. This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high.
  • Context Menu. Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.
  • autologon. Autologin from external Site e.g. (CMS, Portal ...)
  • logout_redirect. Modified version to only redirect to the homepage (depending on the domain part of the default identity)
  • newmail_notifier. can notify new mail focusing browser window and changing favicon, playing a sound and  displaying desktop notification (using webkitNotifications feature).
  • carddav. CardDav client. You can sync your addressbook against a CardDav server like owncloud or SoGO.
  • enigma adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format

To enable a plugin you have to include it in $config['plugins'] inside main.inc.php in such a way

$config['plugins'] = array(
        'password',
        'managesieve',
        'sauserprefs',
        'markasjunk2',
        'rcguard',
        'contextmenu',
        'newmail_notifier',
        'carddav',
        'enigma'
 );

Password

You can use either vpopmaild or sql driver (thanks to John D. Trolinger).

Choosing the vpopmaild driver

# cd plugins/password
# cp -p config.inc.php.dist config.inc.php
# nano config.inc.php

$config['password_driver'] = 'vpopmaild';

// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;

// Require the new password to be a certain length.
// set to blank to allow passwords of any length
$config['password_minimum_length'] = 8;

// Require the new password to contain a letter and punctuation character
// Change to false to remove this check.
$config['password_require_nonalpha'] = true;

// vpopmaild Driver options
// -----------------------
// The host which changes the password
$config['password_vpopmaild_host'] = 'your-IP';

// TCP port used for vpopmaild connections
$config['password_vpopmaild_port'] = 89;

Choosing the sql driver

// We have MYSQL for our VPOPMAIL DATABASE so we use the sql driver
$config['password_driver'] = 'sql';

// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
// We have a VPOPMAIL DB  and the database and table name is vpopmail
$config['password_db_dsn'] =
'mysql://vpopmail:YOURPASSWORDGOESHERE@[mysql-IP]/vpopmail';

// The username and domainname are different columns JDT
$config['password_query'] = 'UPDATE vpopmail set
pw_passwd=ENCRYPT(%p,concat("$1$",right(md5(rand()),8 ),"$")),
  pw_clear_passwd=%p where pw_name=%l and pw_domain=%d';

// VPOPMAIL uses salted hash so md5 JDT
$config['password_crypt_hash'] = 'md5';

Roudcube password plugin

Managesieve

Writes sieve scripts to filter the incoming mails (reject, move to a specific folders etc.). Note that to use this you must have Dovecot managesieve enabled.

cd /usr/local/www/htdocs/roundcube/plugins
cd managesieve
cp -p config.inc.php.dist config.inc.php

Modify in such a way the config file (remember that the port of the dovecot-managesive service is now 4190 (2000 is obsolete)

$config['managesieve_port'] = 4190;
$config['managesieve_host'] = 'your-mail-server-IP';

And this is what you are going to see in the dovecot log simply setting a redirect filter

Oct 22 00:03:13 lda(test@yourdomain.net): Info: sieve: msgid=<c3445037f979a8cb793df1f858b7a4f9@somedomain.com>: forwarded to <someone@somewhere.net>

Remember that, in order to the sieve rules to take place, you have to setup the .qmail file at least for that user or the entire domain as explained earlier in the sieve note about Dovecot, otherwise the LDA will be vpopmail instead of Dovecot and the sieve rules will be ignored.

Roundcube's sieve plugin

quickrules

Adds a button to the message list to allow the quick creation of rules in the SieveRules plugin. Infomration from selected emails is used to prefile the new rule form.

  • Version: 2.0
  • Requires: sieverules plugin

This package is abandoned and no longer maintained. No replacement package was suggested.

The plugin version from github doesn't work with 0.9.2. I managed to install the new skin inside the old 0.6 version of the plugin and now it works fine. You can download my modified version from here.

cd /path/to/roundcube/plugins
wget /files/qmail/tar/RC-plugins/quickrules.tar.gz
tar xzf quickrules.tar.gz
chown -R root.apache quickrules
chmod -R o-rx quickrules

SpamAssassin-User-Prefs-SQL

Writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.

Untar and set the priviledges:

cd /usr/local/www/htdocs/roundcube/plugins
GIT_SSL_NO_VERIFY=true git clone https://github.com/JohnDoh/Roundcube-Plugin-SpamAssassin-User-Prefs-SQL.git sauserprefs
chown -R root.apache sauserprefs
chmod -R o-rx sauserprefs

Configure the mysql connection:

> cp -p config.inc.php.dist config.inc.php
> nano config.inc.php
$config['sauserprefs_db_dsnw'] = 'mysqli://spamassassin:[PASSWORD]@[mysql-IP]/spamassassin';

If 'msqli' extension is not available in your php, then choose the old 'mysql' in the line above.

Enter the plugin interface and set a record in the black list and/or the white list:

Roundcube's sauserprefs plugin

Spamassassin userprefs' funcionality will be explained later. It's now the case to check just the creation/modification of the record inside the table userprefs of spamassassin DB.

Mark-as-junk2

Adds the sender's email address to the blacklist, or run a command such as sa_learn.

With this nice plugin the end user can add the sender's email address to the blacklist, or run a command such as sa_learn. Simply click on the button "Mark as Junk" to create a new "Black_list from" record in the database and move the message in the Junk folder marked eventually as read. Click on the button "Mark as Ham" to create a recod "White_list from" in the database and restore the messages in the Inbox.

Untar and set the priviledges:

cd /usr/local/www/htdocs/roundcube/plugins
GIT_SSL_NO_VERIFY=true git clone https://github.com/JohnDoh/Roundcube-Plugin-Mark-as-Junk-2.git markasjunk2
cd markasjunk2
chown -R root.apache .
chmod -R o-rx .

To use the plugin with the driver sa_blacklist:

> mv config.inc.php.dist config.inc.php
$config['markasjunk2_learning_driver'] = 'sa_blacklist';

To setup other drivers take a look at the README.

rcguard

This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high. This provides protection against automated attacks.

cd /usr/local/www/htdocs/roundcube/plugins
GIT_SSL_NO_VERIFY=true git clone https://github.com/dennylin93/rcguard.git rcguard
cd rcguard
chown -R root.apache .
chmod -R o-rx .
mv config.inc.php.dist config.inc.php

You have to obtain a key from http://recaptcha.net/whyrecaptcha.html. Put the key in your config file:

> nano config.inc.php

// Public key for reCAPTCHA
$config['recaptcha_publickey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

// Private key for reCAPTCHA
$config['recaptcha_privatekey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

Create the mysql table where to store the logs of all failed attempts. IPs are released after a certain amount of time.

> /usr/local/mysql/bin/mysql -u root -p
mysql> use roundcube;

CREATE TABLE `rcguard` (
  `ip` VARCHAR(40) NOT NULL,
  `first` DATETIME NOT NULL,
  `last` DATETIME NOT NULL,
  `hits` INT(10) NOT NULL,
  PRIMARY KEY (`ip`),
  INDEX `last_index` (`last`),
  INDEX `hits_index` (`hits`)
) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;

quit;

That's it. The captha will be active after 5 failures. You can set this number in the config file.

Context Menu

Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.

Download:

cd /usr/local/www/htdocs/roundcube/plugins
GIT_SSL_NO_VERIFY=true git clone https://github.com/JohnDoh/Roundcube-Plugin-Context-Menu.git contextmenu
chown -R root.apache contextmenu
chmod -R o-rx contextmenu

No further configuration is needed.

autologon

Performs an auto login from an external page

You have to modify the default Thomas Bruederli's sample plugin like this (eventually change to $_GET):

<?php

/**
 * Sample plugin to try out some hooks.
 * This performs an automatic login if accessed from localhost
 *
 * @license GNU GPLv3+
 * @author Thomas Bruederli
 */
class autologon extends rcube_plugin
{ 
  public $task = 'login';

  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    // change action to login
    if (empty($_SESSION['user_id']) && !empty($_POST['_autologin']) && $this->is_localhost())
      $args['action'] = 'login';

    return $args;
  }

  function authenticate($args)
  {
    if (!empty($_POST['_autologin']) && $this->is_localhost()) {
      $args['user'] = $_POST['_user'];
      $args['pass'] = $_POST['_pass'];
      $args['host'] = '[localhost | mail-server-IP]';
      $args['cookiecheck'] = false;
      $args['valid'] = true;
    }

    return $args;
  }

  function is_localhost()
  {
    return true;
//    return $_SERVER['REMOTE_ADDR'] == '::1' || $_SERVER['REMOTE_ADDR'] == '127.0.0.1';
  }

}

 

Use a form like this one in your CMS page:

<form name="form" action="http://your.webmail.url/" method="post">
<input type="hidden" name="_action" value="login" />
<input type="hidden" name="_task" value="login" />
<input type="hidden" name="_autologin" value="1" />

<table>
<tr>
    <td>Utente</td>
    <td><input name="_user" id="rcmloginuser" autocomplete="off" value="" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="_pass" id="rcmloginpwd" autocomplete="off" type="password" /></td>
</tr>
<tr>
    <td colspan="2"><input type="submit" value="Login" /></td>
</tr>
</table>

</form>

logout_redirect

In case you have installed the autologon plugin this one could be useful to redirect users to the home page of your site upon logout.

cd /usr/local/www/htdocs/roundcube/plugins
wget http://notes.sagredo.eu/files/qmail/tar/RC-plugins/logout_redirect_rc0.5_v1.2-MN.tar.gz
tar xzf logout_redirect_rc0.5_v1.2-MN.tar.gz
cd logout_redirect
chown -R root.apache logout_redirect
chmod -R o-rx logout_redirect

The plugin logout_redirect must be the last in the list of plugins in the main.inc.php otherwise the subsequent plugins will no longer run.

Configure like this editing the config.inc.php inside the plugin's config folder:

$ config['logout_redirect_url'] = 'http://www.yoursite.net';

newmail_notifier

Supports three methods of notification:

  1. Basic - focus browser window and change favicon
  2. Sound - play wav file
  3. Desktop - display desktop notification (using webkitNotifications feature, supported by Chrome and Firefox with 'HTML5 Notifications' plugin)

This plugin is included in your Roundcube installation. You can enable it simply renaming the config file...

cd plugins/newmail_notifier
cp config.inc.php.dist config.inc.php

...and choosing the notification method you like:

// Enables basic notification
$config['newmail_notifier_basic'] = true;

// Enables sound notification
$config['newmail_notifier_sound'] = true;

// Enables desktop notification
$config['newmail_notifier_desktop'] = false;

CardDav

This is a plugin to access CardDAV servers like ownCloud or SoGO.

cd /usr/local/www/htdocs/roundcube/plugins
GIT_SSL_NO_VERIFY=true git clone https://github.com/blind-coder/rcmcarddav carddav
cd carddav 
chown root:root .

Then you have to install the dependencies using composer:

curl -sS https://getcomposer.org/installer | php
php composer.phar install

First of all you have to setup the database tables using the suitable file saved in the dbmigrations/0000-dbinit/ subfolder.

Then you can configure you addressbook. If you use an ownCloud server, this is how to do it:

If you have an Android phone you may want to take a look to the CardDAV application here.

Troubleshoting

If you get a curl error like this when downloading the dependencies

All settings correct for using Composer

PHP Warning:  failed loading cafile stream: `/etc/ssl/certs/cacert.pem' in - on line 762
PHP Warning:  file_get_contents(): Failed to enable crypto in - on line 762
PHP Warning:  file_get_contents(https://getcomposer.org/versions): failed to open stream: operation failed in - on line 762
PHP Warning:  Invalid argument supplied for foreach() in - on line 508
None of the 0 stable version(s) of Composer matches your PHP version (5.6.21 / ID: 50621)

then you have to install a cert bundle:

cd /etc/ssl/certs
wget --no-check-certificate http://curl.haxx.se/ca/cacert.pem

and tell php where to find it editing your php.ini

openssl.cafile=/etc/ssl/certs/cacert.pem

Enigma

  • more info here
  • requires: gpg (gnupg and libgpg-error on Slackware systems)

Update: the enigma plugin included in 1.3.1 version seems to be not compatible with the old version of Crypt_GPG

This plugin adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.  The plugin uses gpg binary on the server and stores all keys (including private keys of the users) on the server. Encryption/decryption is done server-side. So, this plugin is for users that trust the server.

Create a config file

cd /path/to/roundcube/plugins/enigma
cp -p config.inc.php.dist config.inc.php

The keys are stored by the server in the enigma/home dir. Let's move that dir to a folder that is not accessible from the web and assign to apache write permissions

mkdir -p /path/to/roundcube-enigma-home
chown -R root:apache /path/to/roundcube-enigma-home
chmod -R g+w /path/to/roundcube-enigma-home

Now modify your apache configuration to grant proper permissions to apache in the newly created dir:

Require all granted

Don't forget to restart your web server, for example:

apachectl restart

Now modify the enigma config file to point to the new home dir:

$config['enigma_pgp_homedir'] = '/path/to/roundcube-enigma-home';

The enigma plugin requires that the Crypt_GPG library is installed exactly in your /path/to/roundcube/plugins/enigma/lib/Crypt_GPG dir. Considering that roundcube resets the default include_path php variable (which is set by php.ini to /path/to/php/lib), if you choose to install it using pear you will get a "Server error". So let's manually download and install the package in the proper folder 

cd /path/to/roundcube/plugins/enigma/lib
wget http://download.pear.php.net/package/Crypt_GPG-1.6.2.tgz
tar xzf Crypt_GPG-1.6.2.tgz
ln -s Crypt_GPG-1.6.2/Crypt
chown -R root:apache Crypt*

The set up of the certificates is easy. Refer to this blog page for more info.

Add a comment