Roundcube plugins

November 22, 2019 Roberto Puzzanghera8 comments

My enabled plugins are (at the moment):

  • password, which is already included in the plugins folder
  • managesieve, which writes sieve scripts to filter the incoming mails (reject, move to a specific folders etc.). Note that to use this you must have Dovecot managesieve enabled.
  • SpamAssassin-User-Prefs-SQL, which writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.
  • markasjunk. You can add the sender's email address to the blacklist, or run a command such as sa_learn. Requires sauprefs.
  • rcguard. This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high.
  • Context Menu. Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.
  • autologon. Autologin from external Site e.g. (CMS, Portal ...)
  • logout_redirect. Modified version to only redirect to the homepage (depending on the domain part of the default identity)
  • newmail_notifier. can notify new mail focusing browser window and changing favicon, playing a sound and  displaying desktop notification (using webkitNotifications feature).
  • carddav. CardDav client. You can sync your addressbook against a CardDav server like nextcloud or SoGO.
  • enigma adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format

To enable a plugin you have to include it in $config['plugins'] in such a way

$config['plugins'] = array(
        'password',
        'managesieve',
        'sauserprefs',
        'markasjunk',
        'rcguard',
        'contextmenu',
        'newmail_notifier',
        'carddav',
        'enigma'
 );

Managing plugins via composer

Some of the mentioned above plugins are shipped with the Roundcube package, while the others can be easily installed from https://plugins.roundcube.net/ via composer. To learn how to use composer take a look to the home page of this site, where a quick howto is provided.

In a few words, just open your composer.json file and add a line like this for each plugin that is browseable from https://plugins.roundcube.net and you would like to install:

"require" : {
 ...,
 "roundcube/rcsample": ">=0.2.0"
}

This is my composer.json section that is needed to install the plugins described below:

 "require": {
...............
 "johndoh/contextmenu": ">=3.0",
 "dsoares/rcguard": ">=1.2.1",
 "johndoh/sauserprefs": ">=1.18",
 "roundcube/carddav": ">=3.0.3"
}

Run composer as the apache user to update and install:

cd /path/to/roundcube
sudo -u apache php composer.phar update

Password

This is shipped with Roundcube, so it doesn't need to be installed. You can use either vpopmaild or sql driver (thanks to John D. Trolinger).

Choosing the vpopmaild driver

# cd plugins/password
# cp -p config.inc.php.dist config.inc.php
# nano config.inc.php

$config['password_driver'] = 'vpopmaild';

// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;

// Require the new password to be a certain length.
// set to blank to allow passwords of any length
$config['password_minimum_length'] = 8;

// Require the new password to contain a letter and punctuation character
// Change to false to remove this check.
$config['password_require_nonalpha'] = true;

// vpopmaild Driver options
// -----------------------
// The host which changes the password
$config['password_vpopmaild_host'] = 'your-IP';

// TCP port used for vpopmaild connections
$config['password_vpopmaild_port'] = 89;

Choosing the sql driver

// We have MYSQL for our VPOPMAIL DATABASE so we use the sql driver
$config['password_driver'] = 'sql';

// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
// We have a VPOPMAIL DB  and the database and table name is vpopmail
$config['password_db_dsn'] =
'mysql://vpopmail:YOURPASSWORDGOESHERE@[mysql-IP]/vpopmail';

// The username and domainname are different columns JDT
$config['password_query'] = 'UPDATE vpopmail set
pw_passwd=ENCRYPT(%p,concat("$1$",right(md5(rand()),8 ),"$")),
  pw_clear_passwd=%p where pw_name=%l and pw_domain=%d';

// VPOPMAIL uses salted hash so md5 JDT
$config['password_crypt_hash'] = 'md5';

Managesieve

Writes sieve scripts to filter the incoming mails (reject, move to a specific folders etc.). Note that to use this you must have Dovecot managesieve enabled.

cd /path/to/roundcube/plugins
cd managesieve
cp -p config.inc.php.dist config.inc.php

Modify in such a way the config file (remember that the port of the dovecot-managesive service is now 4190 (2000 is obsolete)

$config['managesieve_port'] = 4190;
$config['managesieve_host'] = 'your-mail-server-IP';

And this is what you are going to see in the dovecot log simply setting a redirect filter

Oct 22 00:03:13 lda(test@yourdomain.net): Info: sieve: msgid=<c3445037f979a8cb793df1f858b7a4f9@somedomain.com>: forwarded to <someone@somewhere.net>

Remember that, in order to the sieve rules to take place, you have to setup the .qmail file at least for that user or the entire domain as explained earlier in the sieve note about Dovecot, otherwise the LDA will be vpopmail instead of Dovecot and the sieve rules will be ignored.

quickrules

Adds a button to the message list to allow the quick creation of rules in the SieveRules plugin. Infomration from selected emails is used to prefile the new rule form.

  • Version: 2.0
  • Requires: sieverules plugin

This package is abandoned and no longer maintained. No replacement package was suggested. I leave this documentation here, to be used with 1.3 and earlier versions of Roundcube.

The plugin version from github doesn't work with 0.9.2. I managed to install the new skin inside the old 0.6 version of the plugin and now it works fine. You can download my modified version from here.

cd /path/to/roundcube/plugins
wget /files/qmail/tar/RC-plugins/quickrules.tar.gz
tar xzf quickrules.tar.gz
chown -R root.apache quickrules
chmod -R o-rx quickrules

SpamAssassin-User-Prefs-SQL

Writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.

  • Installed via composer

Configure the mysql connection:

> cp -p config.inc.php.dist config.inc.php
> nano config.inc.php
$config['sauserprefs_db_dsnw'] = 'mysqli://spamassassin:[PASSWORD]@[mysql-IP]/spamassassin';

If 'msqli' extension is not available in your php, then choose the old 'mysql' in the line above.

Enter the plugin interface and set a record in the black list and/or the white list:

Spamassassin userprefs' funcionality will be explained later. It's now the case to check just the creation/modification of the record inside the table userprefs of spamassassin DB.

Mark-as-junk

Adds the sender's email address to the blacklist, or run a command such as sa_learn.

  • Shipped with Roundcube
  • Requires spamassassin-user-prefs (sauserprefs) plugin and Spamassassin Userprefs.

With this nice plugin the end user can add the sender's email address to the blacklist, or run a command such as sa_learn. Simply click on the button "Mark as Junk" to create a new "Black_list from" record in the database and move the message in the Junk folder marked eventually as read. Click on the button "Mark as Ham" to create a recod "White_list from" in the database and restore the messages in the Inbox.

To use the plugin with the driver sa_blacklist:

> cd /usr/local/www/htdocs/roundcube/plugins
> cp config.inc.php.dist config.inc.php
$config['markasjunk_learning_driver'] = 'sa_blacklist';

To setup other drivers take a look at the README inside the plugin's folder.

rcguard

This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high. This provides protection against automated attacks.

  • Installed via composer
mv config.inc.php.dist config.inc.php

You have to obtain a key from http://www.google.com/recaptcha. Put the key in your config file:

> nano config.inc.php

// Public key for reCAPTCHA
$config['recaptcha_publickey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

// Private key for reCAPTCHA
$config['recaptcha_privatekey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

Create the mysql table where to store the logs of all failed attempts. IPs are released after a certain amount of time.

> /path/to/mysql -u root -p
mysql> use roundcube;

CREATE TABLE `rcguard` (
  `ip` VARCHAR(40) NOT NULL,
  `first` DATETIME NOT NULL,
  `last` DATETIME NOT NULL,
  `hits` INT(10) NOT NULL,
  PRIMARY KEY (`ip`),
  INDEX `last_index` (`last`),
  INDEX `hits_index` (`hits`)
) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;

quit;

That's it. The captha will be active after 5 failures. You can set this number in the config file.

Different themes and translations of recaptcha are available. Simply edit rcguard.js. For documentation, see:  https://developers.google.com/recaptcha

Context Menu

Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.

  • Installed via composer

No configuration is needed.

autologon

Performs an auto login from an external page

  • Shipped by Roundcube

You have to modify the default Thomas Bruederli's sample plugin like this (eventually change to $_GET):

<?php

/**
 * Sample plugin to try out some hooks.
 * This performs an automatic login if accessed from localhost
 *
 * @license GNU GPLv3+
 * @author Thomas Bruederli
 */
class autologon extends rcube_plugin
{ 
  public $task = 'login';

  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    // change action to login
    if (empty($_SESSION['user_id']) && !empty($_POST['_autologin']) && $this->is_localhost())
      $args['action'] = 'login';

    return $args;
  }

  function authenticate($args)
  {
    if (!empty($_POST['_autologin']) && $this->is_localhost()) {
      $args['user'] = $_POST['_user'];
      $args['pass'] = $_POST['_pass'];
      $args['host'] = '[localhost | mail-server-IP]';
      $args['cookiecheck'] = false;
      $args['valid'] = true;
    }

    return $args;
  }

  function is_localhost()
  {
    return true;
//    return $_SERVER['REMOTE_ADDR'] == '::1' || $_SERVER['REMOTE_ADDR'] == '127.0.0.1';
  }

}

 

Use a form like this one in your CMS page:

<form name="form" action="http://your.webmail.url/" method="post">
<input type="hidden" name="_action" value="login" />
<input type="hidden" name="_task" value="login" />
<input type="hidden" name="_autologin" value="1" />

<table>
<tr>
    <td>Utente</td>
    <td><input name="_user" id="rcmloginuser" autocomplete="off" value="" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="_pass" id="rcmloginpwd" autocomplete="off" type="password" /></td>
</tr>
<tr>
    <td colspan="2"><input type="submit" value="Login" /></td>
</tr>
</table>

</form>

logout_redirect

This plugin is not tested against Roundcube 1.4.1

In case you have installed the autologon plugin this one could be useful to redirect users to the home page of your site upon logout.

cd /usr/local/www/htdocs/roundcube/plugins
wget http://notes.sagredo.eu/files/qmail/tar/RC-plugins/logout_redirect_rc0.5_v1.2-MN.tar.gz
tar xzf logout_redirect_rc0.5_v1.2-MN.tar.gz
cd logout_redirect
chown -R root.apache logout_redirect
chmod -R o-rx logout_redirect

The plugin logout_redirect must be the last in the list of plugins in the main.inc.php otherwise the subsequent plugins will no longer run.

Configure like this editing the config.inc.php inside the plugin's config folder:

$ config['logout_redirect_url'] = 'http://www.yoursite.net';

newmail_notifier

Supports three methods of notification:

  1. Basic - focus browser window and change favicon
  2. Sound - play wav file
  3. Desktop - display desktop notification (using webkitNotifications feature, supported by Chrome and Firefox with 'HTML5 Notifications' plugin)
  • Shipped by Roundcube

This plugin is included in your Roundcube installation. You can enable it simply renaming the config file...

cd plugins/newmail_notifier
cp config.inc.php.dist config.inc.php

...and choosing the notification method you like:

// Enables basic notification
$config['newmail_notifier_basic'] = true;

// Enables sound notification
$config['newmail_notifier_sound'] = true;

// Enables desktop notification
$config['newmail_notifier_desktop'] = false;

CardDav

This is a plugin to access CardDAV servers like ownCloud or SoGO.

This plugin was not tested against Roundcube 1.4

Setup the database tables using the suitable file saved in the dbmigrations/0000-dbinit/ subfolder.

Then you can configure you addressbook. If you use an ownCloud server, this is how to do it:

If you have an Android phone you may want to take a look to the CardDAV application here.

Troubleshoting

If you get a curl error like this when downloading the dependencies

All settings correct for using Composer

PHP Warning:  failed loading cafile stream: `/etc/ssl/certs/cacert.pem' in - on line 762
PHP Warning:  file_get_contents(): Failed to enable crypto in - on line 762
PHP Warning:  file_get_contents(https://getcomposer.org/versions): failed to open stream: operation failed in - on line 762
PHP Warning:  Invalid argument supplied for foreach() in - on line 508
None of the 0 stable version(s) of Composer matches your PHP version (5.6.21 / ID: 50621)

then you have to install a cert bundle:

cd /etc/ssl/certs
wget --no-check-certificate http://curl.haxx.se/ca/cacert.pem

and tell php where to find it editing your php.ini

openssl.cafile=/etc/ssl/certs/cacert.pem

Enigma

  • more info here
  • requires: gpg (gnupg and libgpg-error on Slackware systems)
  • shipped by Roundcube

Update: the enigma plugin included in 1.3.1 version seems to be not compatible with the old version of Crypt_GPG

This plugin adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.  The plugin uses gpg binary on the server and stores all keys (including private keys of the users) on the server. Encryption/decryption is done server-side. So, this plugin is for users who trust the server.

Create a config file

cd /path/to/roundcube/plugins/enigma
cp -p config.inc.php.dist config.inc.php

The keys are stored by the server in the enigma/home dir. Let's move that dir to a folder that is not accessible from the web and assign to apache write permissions

mkdir -p /path/to/roundcube-enigma-home
chown -R root:apache /path/to/roundcube-enigma-home
chmod -R g+w /path/to/roundcube-enigma-home

Now modify your apache configuration to grant proper permissions to apache in the newly created dir:

Require all granted

Don't forget to restart your web server, for example:

apachectl restart

Now modify the enigma config file to point to the new home dir:

$config['enigma_pgp_homedir'] = '/path/to/roundcube-enigma-home';

The enigma plugin requires that the Crypt_GPG library is installed exactly in your /path/to/roundcube/plugins/enigma/lib/Crypt_GPG dir. Considering that roundcube resets the default include_path php variable (which is set by php.ini to /path/to/php/lib), if you choose to install it using pear you will get a "Server error". So let's manually download and install the package in the proper folder 

cd /path/to/roundcube/plugins/enigma/lib
wget http://download.pear.php.net/package/Crypt_GPG-1.6.2.tgz
tar xzf Crypt_GPG-1.6.2.tgz
ln -s Crypt_GPG-1.6.2/Crypt
chown -R root:apache Crypt*

The set up of the certificates is easy. Refer to this blog page for more info.

Comments

markasjunk skin not working

Hi all,

Plugin markasjunk is lacking of elastic skin. If i change to larry skin, it works. Hoping someone can help to fix this.

Many thanks
nic

Reply | Permalink

markasjunk skin not working

It works here. 

Sure that you're not still using the old markasjunk2 plugin?

Reply | Permalink

markasjunk skin not working

Sorry. Found out that it was a very old version of sauserprefs

Reply | Permalink

roundcube plugin for change password and set vacation message in qmailadmin cgi-module

roundcube plugin for change password and set vacation message in qmailadmin cgi-module

https://github.com/internero/roundcube-qmailadmin

Reply | Permalink

rcguard

i installed rcguard and tested it.

it woks but i see a recaptcha wher i have to fill with text how can i change that to the same recaptcha u use with i'm not a robot

thanks

Reply | Permalink

rcguard

Unfortunately this plugin is recaptcha-1.1 based (or 1.0?), while the one that you can see below the comment form is v. 2.0. Take a look to this one https://github.com/dsoares/rcguard which should be a fork of the previous one and it's based on recaptcha v. 2.0. Please let me know if it works fine

Reply | Permalink

rcguard

changed to the new version and it works fine after giving the right password and clicking the recaptcha it logs me in

if i click on the recaptcha i get a challenge could this be changed in the preferences of the google recapthcha security settings.

i mean the difficulty off the challange or no challange at all like here with your recaptcha.

thanks very much for the info

Reply | Permalink

rcguard

thank you. I've just checked myself and updated this page

Reply | Permalink