Roundcube plugins

April 19, 2025 by Roberto Puzzanghera 74 comments

Official repository: http://plugins.roundcube.net/

Changelog

Apr 19, 2025
- sauserprefs upgraded to v. 1.20.2
Mar 23, 2025
- the password plugin's vpopmaild driver is working again, as vpopmaild has been patched on vpopmail side (v. 5.6.7 and onwards).

My enabled plugins are (at the moment):

Password, to change the user's password
qmailforward, replaces the managesieve forward in order to handle the qmail forwards via vpopmail/valias
ManageSieve, which writes sieve scripts to filter the incoming mails (reject, move to specific folders etc.). Note that in order to use it you must have Dovecot managesieve enabled.
It contains the "Out of office" feature.
SpamAssassin User Prefs SQL (sauserprefs), which writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.
MarkAsJunk. You can add the sender's email address to the blacklist, or run a command such as sa_learn. Requires sauprefs.
ContextMenu. Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.
Newmail notifier. can notify new mail focusing browser window and changing favicon, playing a sound and displaying desktop notification (using webkitNotifications feature).
Persistent login, which provides a "Keep me logged in" aka "Remember Me" functionality for Roundcube.
ZipDownload, which adds an option to download all attachments to a message in one zip file, when a message has multiple attachments.
enigma adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format
swipe, which adds left/right/down swipe actions to entries in the the message list on touch devices (tables/phones).
Attachment reminder reminds a user to attach the files

Other plugins that I have used in the past for which the old documentation might not be valid anymore

autologon. Autologin from external Site e.g. (CMS, Portal ...)
logout redirect. Modified version to only redirect to the homepage (depending on the domain part of the default identity)
rcguard. This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high.
carddav. CardDav client. You can sync your addressbook against a CardDav server like nextcloud or SoGO.

To enable a plugin you have to include it in $config['plugins'] in such a way

$config['plugins'] = array(
        'password',
        'managesieve',
        'qmailforward',
        'sauserprefs',
        'markasjunk',
        'contextmenu',
        'newmail_notifier',
        'zipdownload',
        'persistent_login',
        'enigma',
        'swipe',
        'attachment_reminder'
 );

Managing plugins via `composer`

Some of the mentioned above plugins are shipped with the Roundcube package, while the others can be easily installed from https://plugins.roundcube.net/ via composer. To learn how to use composer take a look to the home page of this site, where a quick howto is provided.

Installing `composer`

Install as follow if composer.phar is not already installed

cd /var/www/htdocs/roundcube
chown -R root:apache .
chmod g+w plugins

wget https://getcomposer.org/composer-stable.phar 
mv composer-stable.phar composer.phar 
chown apache:apache composer.phar 
chmod +x composer.phar
mkdir -p /var/www/htdocs/.composer /var/www/htdocs/.cache
chown -R apache:apache /var/www/htdocs/.composer /var/www/htdocs/.cache

Since composer has to be runned by apache, it is the case to set up write priviledges in some folder and files that the apache user has to overwrite.

mkdir -p /srv/httpd
chown -R apache:apache /srv/httpd

touch composer.lock
chown apache:apache composer.lock composer.phar

chmod -R g+w plugins vendor composer.lock

Using `composer`

In a few words, just open your composer.json file and add a line like this for each plugin that is browseable from https://plugins.roundcube.net and you would like to install:

"require" : {
 ...,
 "roundcube/rcsample": ">=0.2.0"
}

This is my composer.json file that is needed to install the plugins described below:

 "require": {
       ............... other stuff
       "sagredo-dev/qmailforward": ">=1.0.3",
       "johndoh/contextmenu": ">=3.3.1", 
       "johndoh/swipe": ">=0.5"
}

Run composer as the apache user to update and install:

cd /var/www/htdocs/roundcube
sudo -u apache php composer.phar update

qmailforward

Github v. 1.0.3
By Roberto Puzzanghera
Installed via composer: sagredo-dev/qmailforward
More info here

This plugin adds the ability for qmail users to edit their forward from within Roundcube with no need to ask their administrators for doing that via qmailadmin. It saves the forward to MySQL database in the vpopmail.valias table. Unlike the managesieve plugin, from which this plugin is inspired but which only apparently behaves in the same way, qmailforward does not use the sieve rules but saves the forwards on the database, also preserving the possibility of saving a record that enables the copy of messages on the mailbox. In this case the execution of your favorite delivery agent is launched, which can also be set from the configuration file.

Using this method instead of sieve rules allows qmail to keep the SPF policies in effect.

Copy from config.inc.dist.php into config.inc.php your modifications to the default config files. You have to enter at least your credentials to the database, which are those contained in ~vpopmail/etc/vpopmail.mysql. This is a minimal example of the config.inc.php file:

<?php 
/******************************************************************** 
* database settings 
********************************************************************/ 
//                                 mysqli://user:pwd@host/database 
$config['qmailforward_db_dsnw'] = 'mysqli://vpopmail:<password>@localhost/vpopmail';

NB: This plugin works only with vpopmail configured with --enable-valias. To use it in conjunction with the sieve rule have a look here.

Help in the translations is welcome. Grab a file from the localization folder, translate in your language and send it via mail using the contact button above.

Password

Plugin name: password

This is shipped with Roundcube, so it doesn't need to be installed. You can use either the sql or the vpopmaild driver (thanks to John D. Trolinger). The vpopmaild program has been fixed and now works again with the new SHA-512 password on vpopmail.

Users with MySQL version 8.0.3 and above should use the vpopmaild driver, as the suggested query won't work due to the fact that MySQL dropped the ENCRYPT function.

This plugin provides some driver to enforce the password strenght and I tried zxcvbn with no success. Fortunately Tony Fung explained in a comment how to patch the plugin to use cracklib as a password strenght library. If you want to use this approach read below.

vpopmaild driver

# cd plugins/password
# cp -p config.inc.php.dist config.inc.php
# nano config.inc.php

$config['password_driver'] = 'vpopmaild';

// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;

// vpopmaild Driver options
// -----------------------
// The host which changes the password
$config['password_vpopmaild_host'] = 'localhost';

// TCP port used for vpopmaild connections
$config['password_vpopmaild_port'] = 89;

sql driver

// We have MYSQL for our VPOPMAIL DATABASE so we use the sql driver
$config['password_driver'] = 'sql';

// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;

// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
// We have a VPOPMAIL DB  and the database and table name is vpopmail
$config['password_db_dsn'] = 'mysqli://vpopmail:YOURPASSWORDGOESHERE@localhost/vpopmail';

// The username and domainname are different columns JDT
$config['password_query'] = "UPDATE vpopmail SET pw_passwd=ENCRYPT(%p,CONCAT('$6$',RIGHT(SHA2(RAND(),512),8),'$')) WHERE pw_name=%l AND pw_domain=%d";

This the query to be used for those who disabled SHA-512 hash at vpopmail compile time (--disable-sha512-passwords):

$config['password_query'] = "UPDATE vpopmail SET pw_passwd=ENCRYPT(%p,CONCAT('$1$',RIGHT(MD5(RAND()),8),'$')) WHERE pw_name=%l AND pw_domain=%d";

The same for those who have clear password saved on database:

$config['password_query'] = "UPDATE vpopmail SET pw_passwd=ENCRYPT(%p,CONCAT('$1$',RIGHT(MD5(RAND()),8),'$')), pw_clear_passwd=%p WHERE pw_name=%l AND pw_domain=%d";

`Cracklib` patch

You may want to patch the plugin to gain cracklib's security benefits (thanks to Tony Fung for the patch), so that both roundcube and qmailadmin share the same password check system:

cd /var/www/htdocs/roundcube
wget https://notes.sagredo.eu/files/qmail/patches/roundcube/cracklib-roundcube_pwd_plugin.patch
patch -p1 < cracklib-roundcube_pwd_plugin.patch

Be aware that the cracklib library must be installed as already explained in the qmailadmin's page. You also have to remove exec from disable_functions in your php.ini.

Managesieve

Writes sieve scripts to filter the incoming mails (reject, move to a specific folders etc.). Note that to use this you must have Dovecot managesieve enabled.

Plugin name: managesieve
Requires: Dovecot Pigeonhole
Shipped with Roundcube

cd /var/www/htdocs/roundcube/plugins
cd managesieve
cp -p config.inc.php.dist config.inc.php

Modify in such a way the config file. Remember that the port of the dovecot-managesive service is now 4190 (2000 is obsolete).

$config['managesieve_port'] = 4190;
$config['managesieve_host'] = '<mail-server-IP>';
// Enables separate management interface for vacation responses (out-of-office) 
$config['managesieve_vacation'] = 1;

NB: <mail-server-IP> is the IP address of your mail server (localhost if qmail and sql share the same IP).

And this is what you are going to see in the dovecot log simply setting a redirect filter

Oct 22 00:03:13 lda(test@yourdomain.net): Info: sieve: msgid=<c3445037f979a8cb793df1f858b7a4f9@somedomain.com>: forwarded to <someone@somewhere.net>

Remember that, in order to the sieve rules to take place, you have to setup the .qmail file at least for that user or the entire domain as explained earlier in the sieve note about Dovecot, otherwise the LDA will be vpopmail instead of Dovecot and the sieve rules will be ignored.

After ages of RoundCube usage I finally became aware of the fact that this plugin has a separate management interface for vacation responses!

If you are using this plugin to create forwards, have a look to the qmailforward plugin which does the same without breaking the SPF. More info here.

SpamAssassin-User-Prefs-SQL

Writes the spamassassin user preferences in the DB. The user will be allowed to create a block/welcome list, to adjust the required_score and so on.

Installed via github: johndoh / roundcube-sauserprefs
Plugin name: sauserprefs

If you migrated to spamassassin v.4 you have to use the v. 1.20.1 or later which is not available on composer yet. So you have to download it from github and install by yourself:

cd /var/www/htdocs/roundcube/plugins
wget https://github.com/johndoh/roundcube-sauserprefs/archive/refs/tags/1.20.2.tar.gz
tar xzf 1.20.2.tar.gz
mv roundcube-sauserprefs-1.20.2/ sauserprefs
cd sauserprefs
mv config.inc.php.dist config.inc.php

Adjust the configuration:

$config['sauserprefs_db_dsnw'] = 'mysqli://spamassassin:<PASSWORD>@localhost/spamassassin';
$config['sauserprefs_sav4'] = true;

If 'mysqli' extension is not available in your php, then choose the old 'mysql' in the line above.

If you have just upgraded to spamassassin v.4 you'd have to take a look to the following info.

Spamassassin userprefs' feature has been explained in this page. Now we have to check just the creation/modification of the record inside the userprefs table of the spamassassin DB.

Mark-as-junk

Adds the sender's email address to the blacklist, or run a command such as sa_learn.

Shipped with Roundcube
Plugin name: markasjunk
README (detailed drivers howto)

With this nice plugin the end user can add the sender's email address to the blacklist, or run a command such as sa_learn.

Create the config file from the template

cp config.inc.php.dist config.inc.php

`sa_blacklist` driver

Requires spamassassin-user-prefs (sauserprefs) plugin and Spamassassin Userprefs

Clicking on the button "Mark as Junk" creates a new "Black_list from" record in the database and moves the message in the Junk folder eventually marking it as read. Clicking on the button "Mark as Ham" creates a record "White_list from" in the database and restores the message in the Inbox.

To use the plugin with the driver sa_blacklist:

$config['markasjunk_learning_driver'] = 'sa_blacklist';

The following cmd_learn driver should not be used anymore, as we already setup a cronjob for training our bayesian filter and reporting our spam (more info here).

`cmd_learn` driver

Thanks to Gabriel Torres for the hints concerning this setup

This driver calls an external command to process the message. You can use it to call sa_learn and spamassassin in cascade. Be aware that you have to eventually remove shell_exec from disable_functions in your php.ini so that php can execute shell commands.

Prepare the shell script with the commands to run when clicking on the "Mark as junk" button. Save as /usr/local/bin/teach_spam.sh the following code

cat > /usr/local/bin/teach_spam.sh << __EOF__
#!/bin/bash
/usr/local/bin/sa-learn --spam --username=$1 $2 >> /var/log/spamassassin/sa_learn.log 2>&1
/usr/local/bin/spamassassin --nocreate-prefs --report < $2 >> /var/log/spamassassin/spamassassin.log 2>&1
__EOF__

The first command feeds the mail to SpamAssassin, allowing it to 'learn' what signs are likely to mean spam. The latter one reports the mail as spam to Razor, Pyzor and Spamcop.

Now prepare the shell script with the commands to run when clicking on the "Mark as ham" button. Save as /usr/local/bin/revoke_spam.sh the following code

cat > /usr/local/bin/revoke_spam.sh << __EOF__
#!/bin/bash
/usr/local/bin/sa-learn --ham --username=$1 $2 >> /var/log/spamassassin/sa_learn.log 2>&1
/usr/local/bin/spamassassin --nocreate-prefs --revoke < $2 >> /var/log/spamassassin/spamassassin.log 2>&1
__EOF__

Again, the first command feeds the mail to SpamAssassin, allowing it to 'learn' which signs are likely to mean ham. The latter one revoke the report to Razor. Apparently the revocation is not possible with Pyzor and Spamcop (but I didn't look deeply in my log yet).

Provide execute priviledges to the newly created scripts

chmod +x /usr/local/bin/teach_spam.sh /usr/local/bin/revoke_spam.sh

Set these options

$config['markasjunk_learning_driver'] = 'cmd_learn';
$config['markasjunk_spam_cmd'] = '/usr/local/bin/teach_spam.sh  %u %f';
$config['markasjunk_ham_cmd']  = '/usr/local/bin/revoke_spam.sh %u %f';

Setup che logrotate for the above log files:

cat > /etc/logrotate.d/spam_reports << __EOF__
/var/log/spamassassin/spamassassin.log /var/log/spamassassin/sa_learn.log {
su root apache
rotate 5
daily
missingok
notifempty
delaycompress
create 664 root apache 
sharedscripts
}
__EOF__

You have to assign +w priviledges to apache in the log dir and to Razor's identity-* files, as Roundcube is runned by apache:

chgrp apache /var/log/spamassassin
chmod g+w /var/log/spamassassin
chgrp apache /etc/mail/spamassassin/.razor/identity-*
chmod 640 /etc/mail/spamassassin/.razor/identity-*
chmod 644 /etc/mail/spamassassin/.razor/razor-agent.log

`multi_driver` driver

Original driver for the ancient markasjunk2 plugin
multi_driver plugin patched for markasjunk (diff here)

It is possible to run multiple drivers when marking a message as spam/ham. I patched the original version by Philip Weir to work with markasjunk and run sa_blacklist followed by cmd_learn.

Install as follows:

cd /var/www/htdocs/roundcube/plugins/markasjunk/drivers
wget https://notes.sagredo.eu/files/qmail/patches/roundcube/markasjunk-multi_driver/multi_driver.txt
mv multi_driver.txt multi_driver.php

Set the correct driver in the config file:

$config['markasjunk_learning_driver'] = 'multi_driver';

Be aware that the markasjunk's multi_driver driver, when enabled, seems to prevent the display of the attached images. Why this driver is related to this problem is a mistery. Any comment on this will be welcome.

Context Menu

Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.

Installed via composer johndoh/contextmenu
Plugin name: contextmenu

No configuration is needed.

swipe

Installed via composer johndoh/swipe
Plugin name: swipe

This plugin adds left/right/down swipe actions to entries in the the message list on touch devices (tables/phones).

Unfortunately this plugins does not have a config file of its own, so we have to add the configuration to the main RC config file.

This is how I configured it for myself. Look at the README file to find the list of all actions available.

$config['swipe_actions'] = [ 
 'messagelist' => [ 
   'left'  => 'delete', 
   'right' => 'reply-all', 
   'down'  => 'checkmail' 
 ], 
 'contactlist' => [ 
   'left'  => 'compose', 
   'right' => 'compose', 
   'down'  => 'vcard_attachments' 
 ] 
];

New mail notifier

Supports three methods of notification:

Basic - focus browser window and change favicon

Sound - play wav file

Desktop - display desktop notification (using webkitNotifications feature, supported by Chrome and Firefox with 'HTML5 Notifications' plugin)

Shipped by Roundcube
Plugin name: newmail_notifier

You can enable it simply renaming the config file...

cd plugins/newmail_notifier
cp config.inc.php.dist config.inc.php

...and choosing the notification method you like:

// Enables basic notification
$config['newmail_notifier_basic'] = true;

// Enables sound notification
$config['newmail_notifier_sound'] = true;

// Enables desktop notification
$config['newmail_notifier_desktop'] = false;

Persistent login

Home page: https://github.com/mfreiholz/persistent_login
Plugin name: persistent_login

This nice plugin provides a "Keep me logged in" aka "Remember Me" functionality for Roundcube.

Unfortunately this is not available via composer. A fork of this on composer actually exists, but it's not updated and it's not working fine here. So let's install it manually

wget -O persistent_login-5.3.0.tar.gz https://github.com/mfreiholz/persistent_login/archive/refs/tags/version-5.3.0.tar.gz
tar xzf persistent_login-5.3.0.tar.gz
mv persistent_login-version-5.3.0 persistent_login
chown -R apache:apache persistent_login

The plugin works better for me with the sql driver, as the cookie driver sometimes disconnects me. So let's enable the sql driver in the config file:

cd persistent_login
mv config.inc.php.dist config.inc.php

Now turn on tokens here in your config file

$config['ifpl_use_auth_tokens'] = true;

I also renamed the php $rcmail_config variable to $config everywhere, because $rcmail_config is now obsolete in RoundCube.

Finally, if this is a fresh installation of this plugin, we have to create the MySQL table into the roundcube database. The sql code can be found in the sql/mysql.sql file:

USE roundcube;

CREATE TABLE IF NOT EXISTS `auth_tokens` (
`token` varchar(128) NOT NULL,
`expires` datetime NOT NULL,
`user_id` int(10) UNSIGNED NOT NULL,
`user_name` varchar(128) NOT NULL,
`user_pass` varchar(128) NOT NULL,
`host` varchar(255) NOT NULL,
PRIMARY KEY (`token`),
KEY `user_id_fk_auth_tokens` (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

ALTER TABLE `auth_tokens`
ADD CONSTRAINT `auth_tokens_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`user_id`) ON DELETE CASCADE;

Zip download

Shipped by RoundCube
Plugin name: zipdownload

Adds an option to download all attachments to a message in one zip file, when a message has multiple attachments. Also allows the download of a selection of messages in one zip file. Supports mbox and maildir format.

Rename the template of config file and adjust the few options as you like. I left the default options intact.

mv config.inc.php.dist config.inc.php

Enigma

More info here
Requires: gpg (gnupg and libgpg-error on Slackware systems)
Shipped by Roundcube
Plugin name: enigma

Update: the enigma plugin included in 1.3.1 version seems to be not compatible with the old version of Crypt_GPG

This plugin adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format. The plugin uses gpg binary on the server and stores all keys (including private keys of the users) on the server. Encryption/decryption is done server-side. So, this plugin is for users who trust the server.

Create a config file

cd /var/www/htdocs/roundcube/plugins/enigma
cp -p config.inc.php.dist config.inc.php

The keys are stored by the server in the enigma/home dir. Let's move that dir to a folder that is not accessible from the web and assign to apache write permissions

mkdir -p /var/www/htdocs/roundcube-enigma-home
chown -R root:apache /var/www/htdocs/roundcube-enigma-home
chmod -R g+w /var/www/htdocs/roundcube-enigma-home

Now modify your apache configuration to grant proper permissions to apache in the newly created dir:

Require all granted

Don't forget to restart your web server, for example:

apachectl restart

Now modify the enigma config file to point to the new home dir:

$config['enigma_pgp_homedir'] = '/var/www/htdocs/roundcube-enigma-home';

The enigma plugin requires that the Crypt_GPG library is installed exactly in your /var/www/roundcube/plugins/enigma/lib/Crypt_GPG dir. Considering that roundcube resets the default include_path php variable (which is set by php.ini to /path/to/php/lib), if you choose to install it using pear you will get a "Server error". So let's manually download and install the package in the proper folder

cd /var/www/htdocs/roundcube/plugins/enigma/lib
wget http://download.pear.php.net/package/Crypt_GPG-1.6.2.tgz
tar xzf Crypt_GPG-1.6.2.tgz
ln -s Crypt_GPG-1.6.2/Crypt
chown -R root:apache Crypt*

The set up of the certificates is easy. Refer to this blog page for more info.

Attachment reminder

Shipped by Roundcube
Plugin name: attachment_reminder

A nice plugin that reminds a user to attach the files. You have to enable it via Settings->Composing messages.

Other plugins

I leave here the documentation for plugins that I've used in the past or that are no longer valid for the current version of Roundcube, in case they can still be useful for someone or for myself in the future.

rcguard

This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high. This provides protection against automated attacks.

Installed via composer pbiering/roundcube-rcguard
Plugin name: rcguard

mv config.inc.php.dist config.inc.php

You have to obtain a key from http://www.google.com/recaptcha. Put the key in your config file:

> nano config.inc.php

// Public key for reCAPTCHA
$config['recaptcha_publickey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

// Private key for reCAPTCHA
$config['recaptcha_privatekey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

Create the mysql table where to store the logs of all failed attempts. IPs are released after a certain amount of time.

> mysql -u root -p
mysql> use roundcube;

CREATE TABLE `rcguard` (
  `ip` VARCHAR(40) NOT NULL,
  `first` DATETIME NOT NULL,
  `last` DATETIME NOT NULL,
  `hits` INT(10) NOT NULL,
  PRIMARY KEY (`ip`),
  INDEX `last_index` (`last`),
  INDEX `hits_index` (`hits`)
) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;

quit;

That's it. The captha will be active after 5 failures. You can set this number in the config file.

Different themes and translations of recaptcha are available. Simply edit rcguard.js. For documentation, see: https://developers.google.com/recaptcha

autologon

Performs an auto login from an external page

Shipped by Roundcube
Plugin name: autologon

You have to modify the default Thomas Bruederli's sample plugin like this (eventually change to $_GET):

<?php

/**
 * Sample plugin to try out some hooks.
 * This performs an automatic login if accessed from localhost
 *
 * @license GNU GPLv3+
 * @author Thomas Bruederli
 */
class autologon extends rcube_plugin
{ 
  public $task = 'login';

  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    // change action to login
    if (empty($_SESSION['user_id']) && !empty($_POST['_autologin']) && $this->is_localhost())
      $args['action'] = 'login';

    return $args;
  }

  function authenticate($args)
  {
    if (!empty($_POST['_autologin']) && $this->is_localhost()) {
      $args['user'] = $_POST['_user'];
      $args['pass'] = $_POST['_pass'];
      $args['host'] = '[localhost | mail-server-IP]';
      $args['cookiecheck'] = false;
      $args['valid'] = true;
    }

    return $args;
  }

  function is_localhost()
  {
    return true;
//    return $_SERVER['REMOTE_ADDR'] == '::1' || $_SERVER['REMOTE_ADDR'] == '127.0.0.1';
  }

}

Use a form like this one in your CMS page:

<form name="form" action="http://your.webmail.url/" method="post">
<input type="hidden" name="_action" value="login" />
<input type="hidden" name="_task" value="login" />
<input type="hidden" name="_autologin" value="1" />

<table>
<tr>
    <td>Utente</td>
    <td><input name="_user" id="rcmloginuser" autocomplete="off" value="" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="_pass" id="rcmloginpwd" autocomplete="off" type="password" /></td>
</tr>
<tr>
    <td colspan="2"><input type="submit" value="Login" /></td>
</tr>
</table>

</form>

Logout redirect

This plugin is not tested against Roundcube 1.4.1

In case you have installed the autologon plugin this one could be useful to redirect users to the home page of your site upon logout.

Info: http://www.std-soft.com/bfaq/52-cat-webmail/105-logout-redirect-fuer-roundcube.html (german)
Download local copy
Plugin name: logout_redirect

cd /var/www/htdocs/roundcube/plugins
wget http://notes.sagredo.eu/files/qmail/tar/RC-plugins/logout_redirect_rc0.5_v1.2-MN.tar.gz
tar xzf logout_redirect_rc0.5_v1.2-MN.tar.gz
cd logout_redirect
chown -R root.apache logout_redirect
chmod -R o-rx logout_redirect

The plugin logout_redirect must be the last in the list of plugins in the main.inc.php otherwise the subsequent plugins will no longer run.

Configure like this editing the config.inc.php inside the plugin's config folder:

$ config['logout_redirect_url'] = 'http://www.yoursite.net';

CardDav

This is a plugin to access CardDAV servers like ownCloud or SoGO.

Installed via composer roundcube/carddav
Plugin name: carddav

This plugin was not tested against Roundcube 1.4

Setup the database tables using the suitable file saved in the dbmigrations/0000-dbinit/ subfolder.

Then you can configure you addressbook. If you use an ownCloud server, this is how to do it:

If you have an Android phone you may want to take a look to the CardDAV application here.

Troubleshoting

If you get a curl error like this when downloading the dependencies

All settings correct for using Composer

PHP Warning:  failed loading cafile stream: `/etc/ssl/certs/cacert.pem' in - on line 762
PHP Warning:  file_get_contents(): Failed to enable crypto in - on line 762
PHP Warning:  file_get_contents(https://getcomposer.org/versions): failed to open stream: operation failed in - on line 762
PHP Warning:  Invalid argument supplied for foreach() in - on line 508
None of the 0 stable version(s) of Composer matches your PHP version (5.6.21 / ID: 50621)

then you have to install a cert bundle:

cd /etc/ssl/certs
wget --no-check-certificate http://curl.haxx.se/ca/cacert.pem

and tell php where to find it editing your php.ini

openssl.cafile=/etc/ssl/certs/cacert.pem

Roundcube

ClamAV

add a comment

Comments

Password Plugin Sql Query Problem

Shailendra Shukla March 22, 2025 16:24 CET

HI Roberto ,

I am facing a issue in the password plugin sql query for updating passwords.

I have vpopmail compiled with --enable-clear-passwd .

The query that I am using is as below

$config['password_query'] = "UPDATE vpopmail SET pw_passwd=ENCRYPT(%p,CONCAT('$6$',RIGHT(SHA2(RAND(),512),8),'$')), pw_clear_passwd=%p WHERE pw_name=%l AND pw_domain=%d";

Error received in error.log is

[22-Mar-2025 21:38:47 +0530]: DB Error: [1305] FUNCTION vpopmail.ENCRYPT does not exist (SQL Query: UPDATE vpopmail SET pw_passwd=ENCRYPT('xxxxxxx',CONCAT('$6$',RIGHT(SHA2(RAND(),512),8),'$')), pw_clear_passwd='xxxxxxx' WHERE pw_name='user' AND pw_domain='mydomain.tld') in /roundcubepath/program/lib/Roundcube/rcube_db.php on line 577 (POST /?_task=settings&_action=plugin.password-save)

Can you please guide what I might be doing worng .

P.S :- The password change works fine if done via cli ./vpasswd and If changed via qmailadmin.

Regards

Shailendra