Roundcube webmail

• Info: http://roundcube.net
• Version: 1.6.1

Roundcube is a full featured webmail with a nice interface.

Changelog

• Apr 9, 2023
  RC upgraded to v. 1.6.1
• Sep 28, 2022
  RC upgraded to v. 1.6.0
  -new $config['imap_host'] variable
  -all my SMTP config options were stripped from my configuration file and I had to restore them
• Gen 3, 2021
  disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.

Read the release note at https://github.com/roundcube/roundcubemail/blob/master/CHANGELOG.md for more info.

Upgrading

The upgrade process is quite straightforward; you simply have to untar the package in a temporary directory, move the old folder to be upgraded and run the upgrade shell script. I suppose that roundcube has to be installed in the /var/www folder.

RC_NEW=1.6.1
RC_OLD=1.6.0

cd /var/www
# remove old installation dir if still present
rm -r rc-temp

wget https://github.com/roundcube/roundcubemail/releases/download/${RC_NEW}/roundcubemail-${RC_NEW}-complete.tar.gz
tar xzf roundcubemail-${RC_NEW}-complete.tar.gz
# move new version folder to a temporary folder. We'll run the update from there
mv roundcubemail-${RC_NEW} rc-temp
# remove the symbolic link. We'll restore it later
rm roundcube
# move old version's folder to the new dir. We are going to overwrite it during the upgrade process..
cp -rp roundcubemail-${RC_OLD} roundcubemail-${RC_NEW}
# restore the symolic link
ln -s roundcubemail-${RC_NEW} roundcube
# Ready to start the upgrade..
./rc-temp/bin/installto.sh roundcube/

Follow the instructions. Be aware that this process requires that the php and rsync commands are in your PATH.

At the end you can erase the temporary folder and also the old installation folder:

rm -r rc-temp roundcubemail-${RC_OLD}

Now upgrade your installed plugins

sudo -u apache php composer.phar update --no-dev

Troubleshooting

The installation of the various plugins are now centralized in the https://plugins.roundcube.net/ repository, and the update process is managed via composer, which has to be updated itself when migrating from v. 1.3.x. Infact I received this warning as soon as I starded the plugins update process:

# sudo -u apache php composer.phar update --no-dev
Warning: This development build of composer is over 30 days old. It is recommended to update it by running "composer.phar self-update" to get the latest version

Unfortunately my installed composer turned out to be not compatible with php-7.2, so I had to upgrade it manually downloading and replacing the composer.phar file. Since composer has to be runned by apache, I had also to let apache overwrite this file for future self-upgrades (in my case it was owned by root:apache):

chmod g+w composer.phar

During my update attempts from command line, I realized that also the /srv folder must be writable by apache, because it has to create an inner "httpd" folder, so I granted full priviledges to apache in /srv

chown -R apache /srv/

To avoid errors remember to give apache write priviledges in the plugins and vendor folders and also to the composer.lock and composer.phar files:

chown -R apache vendor plugins composer.lock composer.phar

crypt_gpg caused me problems because of broken links that I solved in this way:

cd vendor/bin
rm crypt-gpg-pinentry
ln -s ../pear/crypt_gpg/scripts/crypt-gpg-pinentry crypt-gpg-pinentry

Another new requirement is that php needs ldap support in order to manage the updates via composer, so I had to enable ldap compiling php with this:

--with-ldap

Requirements

Before starting look at the basic requirements here.

I will show how install it in a Linux/Apache/MySQL/PHP + qmail environment.

php configuration

Here is a minimal php configuration which matches all the Rouncube's requirements above in my Slackware environment:

./configure \
        --with-libdir=lib64 \
        --with-mysqli=/usr/bin/mysql_config \
        --with-pdo-mysql=/usr \
        --disable-mysqlnd \
        --with-mcrypt \
        --enable-gd \
        --enable-mbstring \
        --with-zip \
        --with-zlib \
        --with-bz2 \
        --enable-sockets \
        --with-openssl \
        --enable-intl \
        --with-ldap

Optional extensions

An additional recommended extension is now intl, which is bundled in PHP-5.3, and on my Slackware requires ICU headers and libraries. Infact during the configuration you can have this error:

checking for icu-config... no
checking for location of ICU headers and libraries... not found
configure: error: Unable to detect ICU prefix or no failed. Please verify ICU install prefix and make sure icu-config works.

Installing ICU

• Download from: http://site.icu-project.org/download
• Version: 4.8.1 (download C source code for unix)

ICU should be available as a packet in your Linux distribution. Slackware 14.2 now includes it.

If not, configure, compile and install as usual:

cd /usr/local/src
wget http://download.icu-project.org/files/icu4c/4.8.1/icu4c-4_8_1-src.tgz
tar xzvf icu4c-4_8_1-src.tgz
cd icu
chown -R root.root .
cd source
./configure
make
make install

Enabling intl with php>=5.4

• Info: http://ca2.php.net/manual/en/intl.setup.php

First of all install ICU, then configure php with --enable-intl

Installing Roundcube

Download the tarball from http://roundcube.net/download, untar and set the folders' priviledges:

cd /var/www
tar xzf roundcubemail-x.x.x.tar.gz
ln -s roundcubemail-x.x.x roundcube
cd roundcube
chown -R root.apache .
chmod -R o-rx .
chmod g+w logs temp

Create the mysql user and database; grant that user limited priviledges. If MySQL and Apache live in the same host, use localhost as <apache-IP> in the following example:

> mysql -u root -p

CREATE USER 'roundcube'@'<apache-IP>' IDENTIFIED BY '***';
GRANT USAGE ON * . * TO 'roundcube'@'<apache-IP>' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE DATABASE IF NOT EXISTS `roundcube` /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
GRANT ALL PRIVILEGES ON `roundcube` . * TO 'roundcube'@'<apache-IP>';

Setup an apache virtual host like this

LOGDIR=/var/log/apache
DOMAIN=yourdomain.tld

<VirtualHost *:80> 
       ServerName webmail.${DOMAIN}
       RedirectMatch permanent ^/$ https://webmail.${DOMAIN}
</VirtualHost> 

<VirtualHost *:443> 
       Include <certs stuff>

       DocumentRoot /var/www/roundcube/ 
       ServerName webmail.${DOMAIN}

       CustomLog ${LOGDIR}/roundcube.f2b_SSL.log combined 
       ErrorLog  ${LOGDIR}/roundcube_error_SSL.log 

       <Directory /var/www/roundcube/> 
               Require all granted 
               AllowOverride All 
       </Directory> 

#       <Directory /var/www/roundcube-enigma-home/> 
#               Require all granted 
#       </Directory> 

       <IfModule mod_autoindex.c> 
               Options -Indexes 
       </ifModule> 
</VirtualHost>

Now point your browser to https://webmail.yourdomain.tld/installer/ and follow the instructions. I leave the setup options but the mysql interface (select mysqli if available in your http server). Don't forget to copy the database parameters and set the IMAP address IP. Set username_domain to your default_domain and it will be sufficient to log typing just the username.

Copy the file defaults.inc.php to config.inc.php inside the config folder. Now set the file privileges:

cd config
chown root.apache *
chmod o-r *

If all the tests are ok remove the installer folder as recommended and disable the installer:

$config['enable_installer'] = false;

I suggest to enable these options; of course you have to adjust them to your local configuration, expecially the paths to programs and files:

// ---------------------------------- 
// IMAP 
// ---------------------------------- 
// The IMAP host (and optionally port number) chosen to perform the log-in. 
// Leave blank to show a textbox at login, give a list of hosts 
// to display a pulldown menu or set one host as string. 
// Enter hostname with prefix ssl:// to use Implicit TLS, or use 
// prefix tls:// to use STARTTLS. 
// If port number is omitted it will be set to 993 (for ssl://) or 143 otherwise. 
// Supported replacement variables: 
// %n - hostname ($_SERVER['SERVER_NAME']) 
// %t - hostname without the first part 
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) 
// %s - domain name after the '@' from e-mail address provided at login screen 
// For example %n = mail.domain.tld, %t = domain.tld 
// WARNING: After hostname change update of mail_host column in users table is 
//          required to match old user data records with the new host. 
$config['imap_host'] = 'localhost:143';

// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = 'My Organization Name - Webmail';

// Log successful/failed logins to /userlogins or to syslog (important to activate fail2ban later)
$config['log_logins'] = true;
// Automatically add this domain to user names for login
$config['username_domain'] = 'yourdomain.net';
// default setting if preview pane is enabled
$config['preview_pane'] = true;
// declaring the auth type speeds up the imap connection with 0.5 version!!
$config['imap_auth_type'] = NULL;

// SMTP 
// SMTP server host (for sending mails). 
// Enter hostname with prefix tls:// to use STARTTLS, or use 
// prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS) 
// Supported replacement variables: 
// %h - user's IMAP hostname 
// %n - hostname ($_SERVER['SERVER_NAME']) 
// %t - hostname without the first part 
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) 
// %z - IMAP domain (IMAP hostname without the first part) 
// For example %n = mail.domain.tld, %t = domain.tld 
$config['smtp_host'] = 'tls://domain.tld'; 
$config['smtp_auth_type'] = 'LOGIN';

// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = true;
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = '123456789123456789123456';
// Absolute path to a local mime.types mapping table file.
// This is used to derive mime-types from the filename extension or vice versa.
// Such a file is usually part of the apache webserver. If you don't find a file named mime.types on your system,
// download it from http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
$config['mime_types'] = '/absolute/path/to/apache/conf/mime.types';
// path to imagemagick identify binary
$config['im_identify_path'] = '/usr/local/bin/identify';
// path to imagemagick convert binary
$config['im_convert_path'] = '/usr/local/bin/convert';
// use this format for date display (date or strftime format)
$config['date_format'] = 'd-m-Y';
// automatically create the above listed default folders on first login
$config['create_default_folders'] = true;
// If true all folders will be checked for recent messages
$config['check_all_folders'] = true;

// the new 'elastic' theme is the default in 1.4.1 version
$config['skin'] = 'elastic';

Be aware that we are forcing RoundCube to do the SMTP authentication even if it's not needed for security reasons. This is because the rcptcheck feature (i.e. limiting the auth-user max message per day) requires to identify the sender by the auth-user.

If the limit feature is not important for you, you can disable the authentication leaving blank values for $config['smtp_user'] and $config['smtp_pass'] and setting the port as 25.

Finding a mobile app

In spite of its Mobile Responsive Design, Roundcube is not suitable for mobile phones as it doesn't provide a valid app which at least notifies new mail incomings.

Among the Mobile Apps, I recently found FairEmail and liked it because it is secure, full featured, mature, open source, with no ads. One thing that impressed me is the "Conversation threading" feature, i.e. the capability to show threads merging both Inbox and Sent messages belonging to the same conversation, a feature that you don't expect to have in a free product.

Of course, when using a mobile app, it's not possible to manage the mailbox preferences.