Roundcube webmail

• Info: http://roundcube.net
• Version: 1.5.3
• Requires: php>=5.5

Roundcube is a full featured webmail with a nice interface.

Changelog

• Jul 7, 2022
  RC upgraded to v. 1.5.3
• Gen 3, 2021
  disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.

Migrating to the latest version

The following "migration" notes didn't work fine this time, when upgrading to v. 1.5.0 from v. 1.4.11. When running the installto.sh script I got a couple of error concerning the database schema:

ERROR: Error in DDL upgrade 2020020101: [1091] Can't DROP 'user_id_fk_cache_index'; check that column/key exists

This was very annoying. I cured it manually installing all the database foreign keys. Look at this page for more info. I also had to create the 'contactgroupmembers', but I think it would be created by the script in case of no errors.

I solved this one upgrading my mariadb from 10.0 to 10.5

ERROR: Error in DDL upgrade 2020091000: [1709] Index column size too large. The maximum column size is 767 bytes.

So, for what concerns this major update, it could be better for most of us to perform a clean installation.

I'm leaving the following "upgrade" notes for future upgrades, hoping that they may remain valid.

---

Read the release note at https://github.com/roundcube/roundcubemail/blob/master/CHANGELOG.md for more info.

NB: you have to enable the pdo support to mysql compilng your php --with-pdo-mysql

The upgrade process is quite straightforward; you simply have to untar the package in a temporary directory, move the old folder to be upgraded and run the upgrade shell script. I suppose that roundcube has to be installed in the /var/www folder.

cd /var/www
wget https://github.com/roundcube/roundcubemail/releases/download/1.5.3/roundcubemail-1.5.3-complete.tar.gz
tar xzf roundcubemail-1.5.3-complete.tar.gz
# move new version folder to a temporary folder. We'll run the update from there
mv roundcubemail-1.5.3 rc-temp
# remove the symbolic link. We'll restore it later
rm roundcube
# move old version's folder to the new dir. We are going to overwrite it during the upgrade process..
cp -rp roundcubemail-1.5.2 roundcubemail-1.5.3
# restore the symolic link
ln -s roundcubemail-1.5.3 roundcube
# Ready to start the upgrade..
./rc-temp/bin/installto.sh roundcube/

Follow the instructions. Be aware that this process requires that the php and rsync commands are in your PATH.

At the end you can erase the temporary folder and also the old installation folder:

rm -r rc-temp roundcubemail-1.5.1

Now upgrade your installed plugins

sudo -u apache php composer.phar update --no-dev

Troubleshooting

The installation of the various plugins are now centralized in the https://plugins.roundcube.net/ repository, and the update process is managed via composer, which has to be updated itself when migrating from v. 1.3.x. Infact I received this warning as soon as I starded the plugins update process:

# sudo -u apache php composer.phar update --no-dev
Warning: This development build of composer is over 30 days old. It is recommended to update it by running "composer.phar self-update" to get the latest version

Unfortunately my installed composer turned out to be not compatible with php-7.2, so I had to upgrade it manually downloading and replacing the composer.phar file. Since composer has to be runned by apache, I had also to let apache overwrite this file for future self-upgrades (in my case it was owned by root:apache):

chmod g+w composer.phar

During my update attempts from command line, I realized that also the /srv folder must be writable by apache, because it has to create an inner "httpd" folder, so I granted full priviledges to apache in /srv

chown -R apache /srv/

To avoid errors remember to give apache write priviledges in the plugins and vendor folders and also to the composer.lock and composer.phar files:

chown -R apache vendor plugins composer.lock composer.phar

crypt_gpg caused me problems because of broken links that I solved in this way:

cd vendor/bin
rm crypt-gpg-pinentry
ln -s ../pear/crypt_gpg/scripts/crypt-gpg-pinentry crypt-gpg-pinentry

Another new requirement is that php needs ldap support in order to manage the updates via composer, so I had to enable ldap compiling php with this:

--with-ldap

Requirements

The basic requirements are:

* .htaccess support allowing overrides for DirectoryIndex
* PHP Version 5.5 or greater including:
  - PCRE, DOM, JSON, Session, Sockets, OpenSSL, Mbstring, Filter, Ctype, Intl (required)
  - PHP PDO with driver for either MySQL, PostgreSQL, SQL Server, Oracle or SQLite (required)
  - Iconv, Zip, Fileinfo, Exif (recommended)
  - LDAP for LDAP addressbook support (optional)
  - GD, Imagick (optional thumbnails generation, QR-code)
* PEAR and PEAR packages distributed with Roundcube or external.
 See composer.json-dist for the list of required packages.
* php.ini options:
  - error_reporting E_ALL & ~E_NOTICE & ~E_STRICT
  - memory_limit > 16MB
  - file_uploads enabled (for uploading attachments and import files)
  - session.auto_start disabled
  - suhosin.session.encrypt disabled
  - mbstring.func_overload disabled
  - pcre.backtrack_limit >= 100000
* A MySQL, PostgreSQL, MS SQL Server (2005 or newer), Oracle database
 or SQLite v3 support in PHP - with permission to create tables
* Composer installed either locally or globally (https://getcomposer.org)

I will show how install it in a Linux/Apache/MySQL/PHP + qmail environment.

php configuration

Here is a minimal php configuration which matches all the Rouncube's requirements above in my Slackware environment:

./configure \
        --with-libdir=lib64 \
        --with-mysqli=/usr/bin/mysql_config \
        --with-pdo-mysql=/usr \
        --disable-mysqlnd \
        --with-mcrypt \
        --enable-gd \
        --enable-mbstring \
        --with-zip \
        --with-zlib \
        --with-bz2 \
        --enable-sockets \
        --with-openssl \
        --enable-intl \
        --with-ldap

Optional extensions

An additional recommended extension is now intl, which is bundled in PHP-5.3, and on my Slackware requires ICU headers and libraries. Infact during the configuration you can have this error:

checking for icu-config... no
checking for location of ICU headers and libraries... not found
configure: error: Unable to detect ICU prefix or no failed. Please verify ICU install prefix and make sure icu-config works.

Installing ICU

• Download from: http://site.icu-project.org/download
• Version: 4.8.1 (download C source code for unix)

ICU should be available as a packet in your Linux distribution. Slackware 14.2 now includes it.

If not, configure, compile and install as usual:

cd /usr/local/src
wget http://download.icu-project.org/files/icu4c/4.8.1/icu4c-4_8_1-src.tgz
tar xzvf icu4c-4_8_1-src.tgz
cd icu
chown -R root.root .
cd source
./configure
make
make install

Enabling intl with php>=5.4

• Info: http://ca2.php.net/manual/en/intl.setup.php

First of all install ICU, then configure php with --enable-intl

Installing Roundcube

Download the tarball from http://roundcube.net/download, untar and set the folders' priviledges:

cd /var/www
tar xzf roundcubemail-x.x.x.tar.gz
ln -s roundcubemail-x.x.x roundcube
cd roundcube
chown -R root.apache .
chmod -R o-rx .
chmod g+w logs temp

Create the mysql user and database; grant that user limited priviledges. If MySQL and Apache live in the same host, use localhost as <apache-IP> in the following example:

> mysql -u root -p

CREATE USER 'roundcube'@'<apache-IP>' IDENTIFIED BY '***';
GRANT USAGE ON * . * TO 'roundcube'@'<apache-IP>' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE DATABASE IF NOT EXISTS `roundcube` /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
GRANT ALL PRIVILEGES ON `roundcube` . * TO 'roundcube'@'<apache-IP>';

Setup an apache virtual host like this

LOGDIR=/var/log/apache
DOMAIN=yourdomain.tld

<VirtualHost *:80> 
       ServerName webmail.${DOMAIN}
       RedirectMatch permanent ^/$ https://webmail.${DOMAIN}
</VirtualHost> 

<VirtualHost *:443> 
       Include <certs stuff>

       DocumentRoot /var/www/roundcube/ 
       ServerName webmail.${DOMAIN}

       CustomLog ${LOGDIR}/roundcube.f2b_SSL.log combined 
       ErrorLog  ${LOGDIR}/roundcube_error_SSL.log 

       <Directory /var/www/roundcube/> 
               Require all granted 
               AllowOverride All 
       </Directory> 

#       <Directory /var/www/roundcube-enigma-home/> 
#               Require all granted 
#       </Directory> 

       <IfModule mod_autoindex.c> 
               Options -Indexes 
       </ifModule> 
</VirtualHost>

Now point your browser to https://webmail.yourdomain.tld/installer/ and follow the instructions. I leave the setup options but the mysql interface (select mysqli if available in your http server). Don't forget to copy the database parameters and set the IMAP address IP. Set username_domain to your default_domain and it will be sufficient to log typing just the username.

Copy the file defaults.inc.php to config.inc.php inside the config folder. Now set the file privileges:

cd config
chown root.apache *
chmod o-r *

If all the tests are ok remove the installer folder as recommended and disable the installer:

$config['enable_installer'] = false;

I suggest to enable these options; of course you have to adjust them to your local configuration, expecially the paths to programs and files:

// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = 'My Organization Name - Webmail';

// Log successful/failed logins to /userlogins or to syslog (important to activate fail2ban later)
$config['log_logins'] = true;
// Automatically add this domain to user names for login
$config['username_domain'] = 'yourdomain.net';
// default setting if preview pane is enabled
$config['preview_pane'] = true;
// declaring the auth type speeds up the imap connection with 0.5 version!!
$config['imap_auth_type'] = NULL;

// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (for sending mails).
// Enter hostname with prefix tls:// to use STARTTLS, or use
// prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'tls://yourdomain.tld';// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 587;
// will use the current username for login
$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';

// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = true;
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = '123456789123456789123456';
// Absolute path to a local mime.types mapping table file.
// This is used to derive mime-types from the filename extension or vice versa.
// Such a file is usually part of the apache webserver. If you don't find a file named mime.types on your system,
// download it from http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
$config['mime_types'] = '/absolute/path/to/apache/conf/mime.types';
// path to imagemagick identify binary
$config['im_identify_path'] = '/usr/local/bin/identify';
// path to imagemagick convert binary
$config['im_convert_path'] = '/usr/local/bin/convert';
// use this format for date display (date or strftime format)
$config['date_format'] = 'd-m-Y';
// automatically create the above listed default folders on first login
$config['create_default_folders'] = true;
// If true all folders will be checked for recent messages
$config['check_all_folders'] = true;

// the new 'elastic' theme is the default in 1.4.1 version
$config['skin'] = 'elastic';

Be aware that we are forcing RoundCube to do the SMTP authentication even if it's not needed for security reasons. This is because the rcptcheck feature (i.e. limiting the auth-user max message per day) requires to identify the sender by the auth-user.

If the limit feature is not important for you, you can disable the authentication leaving blank values for $config['smtp_user'] and $config['smtp_pass'] and setting the port as 25.

Finding a mobile app

In spite of its Mobile Responsive Design, Roundcube is not suitable for mobile phones as it doesn't provide a valid app which at least notifies new mail incomings.

Among the Mobile Apps, I recently found FairEmail and liked it because is secure, full featured, mature, open source, with no ads. One thing that impressed me is the "Conversation threading" feature, i.e. the capability to show threads merging both Inbox and Sent messages and belonging to the same conversation, a feature that you don't expect to have in a free product.

Of course, when using a mobile app, it's not possible to manage the mailbox preferences.