Webmail mit Roundcube
Benötigt man statt einer Groupwarelösung wie Horde nur einen Webmailer, bietet sich der Webmailer Roundcube an. Dieser Webmailer ist zum einen einfach und schnell installiert und zeichnet sich durch seine Robustheit aus.
Installation
Voraussetzungen und Abhängigkeiten
Für die Installation des Webmailers benötien wir noch ein paar PHP-Pakete, die wir Dank der Intergration des epel-Repositories mit Hilfe von yum einfach installieren können. Im Detail sind das folgende Pakete:
- php-pspell
- php-mcrypt
- GraphicsMagick
# yum install php-pspell php-mcrypt GraphicsMagick -y
Für die deutsche Rechtschreibkorrektur gibt es unter CentOS 6 kein RPM. Wir können jedoch das passende Paket aus dem Fedora-Zweig verwenden. Das Paket aspell-de holen wir daher auf unseren Rechner.
# cd /usr/local/src/packages/
# wget ttp://ftp.tu-chemnitz.de/pub/linux/fedora/linux/releases/18/Everything/x86_64/os/Packages/a/aspell-de-20030222-9.fc18.x86_64.rpm
Anschließend installieren wir dieses RPM.
# yum install --nogpgcheck localinstall /usr/local/src/packages/aspell-de-20030222-9.fc18.x86_64.rpm
Wie immer kann man sich mit Hilfe des Aufrufes rpm -qil <Paketname> anzeigen lassen, was jedes einzelne Paket mit in das System gebracht hat.
Installation roundcube
Die Installation von Roundcube selbst ist kein Hexenwerk, braucht man doch nur das entsprechende RPM-Paket mit Hilfe von yum installieren.
# yum install roundcubemail -y
Konfiguration
Apache vHost
vHost Definition
Für unsere Webmailer richten wir uns nun einen geeigneten vHost ein. Im Konfigurationsverzeichnis unseres Apache-Webservers legen wir uns eine neue vHOST-Konfigurationsdatei an.
# vim /etc/httpd/conf.d/vHost_roundcube.conf
- /etc/httpd/conf.d/vHost_roundcube.conf
# # roundcube webmailer # <VirtualHost *:80> ServerAdmin webmaster@nausch.org ServerName webmail.nausch.org ServerPath / <Location /> Options -Indexes FollowSymLinks Order allow,deny Allow from all </Location> RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} DirectoryIndex index.php ErrorLog logs/webmail_error.log CustomLog logs/webmail_access.log combined </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@nausch.org ServerName webmail.nausch.org ServerPath / DocumentRoot "/usr/share/roundcubemail" # Django # Required, because there is a host with same ServerName and # ServerAlias LISTENING ON PORT 80, - and if these lines are # not present, and .htaccess-Files or LDAP-Access is enabled # for one or more Directory the host on PORT 443 and PORT 80 # will ASK for .htaccess ord LDAP-Access, so please remember # ---------------------------------------------------------- # -- DO NOT DELETE THE FOLLOWING LINES, STARTING WITH SSL -- # -- WHEN USING .htaccess or LDAP-Access! -- # ---------------------------------------------------------- SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/pki/tls/private/CAcert-class3-wildcard.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key SSLCertificateChainFile /etc/pki/tls/private/CAcert_chain.crt <Directory "/usr/share/roundcubemail"> Options FollowSymLinks Order allow,deny Allow from all </Directory> DirectoryIndex index.php ErrorLog logs/webmail_error.log CustomLog logs/webmail_access.log combined </VirtualHost>
Wichtig:
Solange wir unseren vHost noch nicht in der Produktionsumgebung steht und fertig konfiguriert wurde, beschränken wir den Zugriff auf den vHost noch. Hierzu tragen wir in der Directive Directory folgendes ein:
... # Access-stuff (Zugriff nur vom Admin-Host aus!) Order deny,allow Deny from all Allow from <Administrations-Host-IP> ...
Nach erfolgter Konfiguration, geben wir dann den Zugriff für alle frei.
... # Access-stuff (Zugriff von überall erlauben.) Order allom,deny Allow from all ...
Konfiguration aktivieren
Bevor unseren Webserver starten, damit der neue vHost auch bedient werden kann, überprüfen wir die Konfiguration noch auf syntaktische Fehler.
# service httpd configtest
Syntax OK
Abschließend starten wir den Webserver einmal durch.
# service httpd restart
Stopping httpd: [ OK ] Starting httpd: [ OK ]
mySQL Datenbank
Ein Großteil der Benutzer-Konfigurationsdaten werden in einer mySQL-Datenbank gespeichert und vorgehalten.
Datenbank anlegen
Diese mySQL-Datenbank und der zugehörige Datenbankuser werden wird nun im ersten Schritt anlegen.
Wir melden uns also als berechtigter Datenbankuser an der mySQL-Datenbank an.
# mysql -h localhost -u root -p
Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1942 Server version: 5.1.67 Source distribution Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
Dort legen wir als aller erst einmal eine Datenbank mit dem Namen roundcubemail an.
mysql> create database roundcubemail;
Query OK, 1 row affected (0.03 sec)
Datenbankuser anlegen
Datenuserbank anlegen
Anschließend legen wir uns einen Datenbankuser an, denen wir entsprechende Rechte an der, gerade angelegten Datenbank horde einräumen. Als Namen nehme wir einfach hode_admin_user.
mysql> CREATE USER 'roundcube_user'@'10.0.0.90' IDENTIFIED BY 'rbgsDK39DeM2b2btx9sCHfzd';
Query OK, 0 rows affected (0.00 sec)
und
mysql> CREATE USER 'roundcube_user'@'vml000090.dmz.nausch.org' IDENTIFIED BY 'rbgsDKMS39DeM2b2btx9sCHfzd';
Query OK, 0 rows affected (0.00 sec)
Nutzerberechtigungen setzen
Dem gerade angelebtem Datenbankuser für Roundcube gewähren wir nun die nötigen Rechte, damit dieser vom Webserver aus, Tabellen anlegen, befüllen und verändern darf.
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube_user'@'10.0.0.90' IDENTIFIED BY 'rbgsDKMS39DeM2b2btx9sCHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
Query OK, 0 rows affected (0.00 sec)
und
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube_user'@'vml000090.dmz.nausch.org' IDENTIFIED BY 'rbgsDKMS39DeM2b2btx9sCHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
Query OK, 0 rows affected (0.00 sec)
Nutzerberechtigungen zuweisen
Zum Ende unserer mySQL-Userkonfiguration weisen wir unserem Nutzer die Berechtigungen zu.
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Zugriff testen
Als nächstes überprüfen wir, ob der zuvor angelegt User/Zugang auch funktioniert.
# mysql -D roundcubemail -h mysql.dmz.nausch.org -u roundcube_user -p
Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 28823 Server version: 5.1.69 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show tables; +-------------------------+ | Tables_in_roundcubemail | +-------------------------+ | cache | | cache_index | | cache_messages | | cache_thread | | contactgroupmembers | | contactgroups | | contacts | | dictionary | | identities | | searches | | session | | users | +-------------------------+ 12 rows in set (0.00 sec) mysql>
Da der Test positiv ausgefallen ist, können wie uns wieder von unserem Datenbankserver abmelden.
mysql> quit
Bye
Datenbanktabellen anlegen
Die von Roundcube benötigten Datebanktabellen, erstellen wir mit folgendem Aufruf.
# mysql -D roundcubemail -h mysql.dmz.nausch.org -u roundcube_user -p < /usr/share/doc/roundcubemail-0.8.6/SQL/mysql.initial.sql
Datenbank-Anbindung
Damit roundcube später auf unsere Datenbank auch zugreifen kann, definieren wir nun die Datenbankanbindung von roundcube an unseren MySQL-Datenbank-Server.
Im Verzeichnis /etc/roundcubemail/ finden wir die entsprechende Konfigurationsdatei db.inc.php. Diese bearbeiten wir mit dem Editor unserer Wahl, z.B. vim.
# vim /etc/roundcubemail/db.inc.php
- /etc/roundcubemail/db.inc.php
<?php /* +-----------------------------------------------------------------------+ | Configuration file for database access | | | | This file is part of the Roundcube Webmail client | | Copyright (C) 2005-2009, The Roundcube Dev Team | | Licensed under the GNU GPL | | | +-----------------------------------------------------------------------+ */ $rcmail_config = array(); // PEAR database DSN for read/write operations // format is db_provider://user:password@host/database // For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php // Django : 2012-10-12 // default: $rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail'; $rcmail_config['db_dsnw'] = 'mysql://roundcube_user:rbgsDKMS39DeM2b2btx9sCHfzd@mysql.dmz.nausch.org/roundcubemail'; // postgres example: 'pgsql://roundcube:pass@localhost/roundcubemail'; // Warning: for SQLite use absolute path in DSN: // PEAR database DSN for read only operations (if empty write database will be used) // useful for database replication $rcmail_config['db_dsnr'] = ''; // maximum length of a query in bytes $rcmail_config['db_max_length'] = 512000; // 500K // use persistent db-connections // beware this will not "always" work as expected // see: http://www.php.net/manual/en/features.persistent-connections.php $rcmail_config['db_persistent'] = FALSE; // you can define specific table names used to store webmail data $rcmail_config['db_table_users'] = 'users'; $rcmail_config['db_table_identities'] = 'identities'; $rcmail_config['db_table_contacts'] = 'contacts'; $rcmail_config['db_table_contactgroups'] = 'contactgroups'; $rcmail_config['db_table_contactgroupmembers'] = 'contactgroupmembers'; $rcmail_config['db_table_session'] = 'session'; $rcmail_config['db_table_cache'] = 'cache'; $rcmail_config['db_table_cache_index'] = 'cache_index'; $rcmail_config['db_table_cache_thread'] = 'cache_thread'; $rcmail_config['db_table_cache_messages'] = 'cache_messages'; // you can define specific sequence names used in PostgreSQL $rcmail_config['db_sequence_users'] = 'user_ids'; $rcmail_config['db_sequence_identities'] = 'identity_ids'; $rcmail_config['db_sequence_contacts'] = 'contact_ids'; $rcmail_config['db_sequence_contactgroups'] = 'contactgroups_ids'; $rcmail_config['db_sequence_cache'] = 'cache_ids'; $rcmail_config['db_sequence_searches'] = 'search_ids'; // end db config file
Roundcube Konfiguration
Die Konfiguration von Roundcube erfolgt über die zentrale Konfigurationsdatei main.inc.php im Verzeichnis /etc/roundcubemail/.
Die Parameter sind gut dokumentiert, so dass es im allgemeinen kein großes Problem darstellen sollte, die Benutzerindividuellen Einstellungen vorzunehmen. Im folgenden Beispiel sind die Änderungen mit Django und Datum versehen.
# vim /etc/roundcubemail/main.inc.php
- /etc/roundcubemail/main.inc.php
<?php /* +-----------------------------------------------------------------------+ | Main configuration file | | | | This file is part of the Roundcube Webmail client | | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | +-----------------------------------------------------------------------+ */ $rcmail_config = array(); // ---------------------------------- // LOGGING/DEBUGGING // ---------------------------------- // system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace $rcmail_config['debug_level'] = 1; // log driver: 'syslog' or 'file'. $rcmail_config['log_driver'] = 'file'; // date format for log entries // (read http://php.net/manual/en/function.date.php for all format characters) $rcmail_config['log_date_format'] = 'd-M-Y H:i:s O'; // Syslog ident string to use, if using the 'syslog' log driver. $rcmail_config['syslog_id'] = 'roundcube'; // Syslog facility to use, if using the 'syslog' log driver. // For possible values see installer or http://php.net/manual/en/function.openlog.php $rcmail_config['syslog_facility'] = LOG_USER; // Log sent messages to <log_dir>/sendmail or to syslog $rcmail_config['smtp_log'] = true; // Log successful logins to <log_dir>/userlogins or to syslog // Django : 2012-10-12 // default: $rcmail_config['log_logins'] = false; $rcmail_config['log_logins'] = true; // Log session authentication errors to <log_dir>/session or to syslog $rcmail_config['log_session'] = false; // Log SQL queries to <log_dir>/sql or to syslog $rcmail_config['sql_debug'] = false; // Log IMAP conversation to <log_dir>/imap or to syslog $rcmail_config['imap_debug'] = false; // Log LDAP conversation to <log_dir>/ldap or to syslog $rcmail_config['ldap_debug'] = false; // Log SMTP conversation to <log_dir>/smtp or to syslog $rcmail_config['smtp_debug'] = false; // ---------------------------------- // IMAP // ---------------------------------- // the mail host chosen to perform the log-in // leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // Supported replacement variables: // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %d = domain.tld // Django : 2012-10-12 // default: $rcmail_config['default_host'] = ''; $rcmail_config['default_host'] = 'imap.dmz.nausch.org'; // TCP port used for IMAP connections $rcmail_config['default_port'] = 143; // IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use // best server supported one) $rcmail_config['imap_auth_type'] = null; // If you know your imap's folder delimiter, you can specify it here. // Otherwise it will be determined automatically $rcmail_config['imap_delimiter'] = null; // If IMAP server doesn't support NAMESPACE extension, but you're // using shared folders or personal root folder is non-empty, you'll need to // set these options. All can be strings or arrays of strings. // Folders need to be ended with directory separator, e.g. "INBOX." // (special directory "~" is an exception to this rule) // These can be used also to overwrite server's namespaces $rcmail_config['imap_ns_personal'] = null; $rcmail_config['imap_ns_other'] = null; $rcmail_config['imap_ns_shared'] = null; // By default IMAP capabilities are readed after connection to IMAP server // In some cases, e.g. when using IMAP proxy, there's a need to refresh the list // after login. Set to True if you've got this case. $rcmail_config['imap_force_caps'] = false; // By default list of subscribed folders is determined using LIST-EXTENDED // extension if available. Some servers (dovecot 1.x) returns wrong results // for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 // Enable this option to force LSUB command usage instead. $rcmail_config['imap_force_lsub'] = false; // IMAP connection timeout, in seconds. Default: 0 (no limit) $rcmail_config['imap_timeout'] = 0; // Optional IMAP authentication identifier to be used as authorization proxy $rcmail_config['imap_auth_cid'] = null; // Optional IMAP authentication password to be used for imap_auth_cid $rcmail_config['imap_auth_pw'] = null; // Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. $rcmail_config['imap_cache'] = null; // Enables messages cache. Only 'db' cache is supported. $rcmail_config['messages_cache'] = false; // ---------------------------------- // SMTP // ---------------------------------- // SMTP server host (for sending mails). // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // If left blank, the PHP mail() function is used // Supported replacement variables: // %h - user's IMAP hostname // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // %z - IMAP domain (IMAP hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld // Django : 2012-10-12 // default: $rcmail_config['smtp_server'] = ''; $rcmail_config['smtp_server'] = 'smtp.dmz.nausch.org'; // SMTP port (default is 25; 465 for SSL) $rcmail_config['smtp_port'] = 25; // SMTP username (if required) if you use %u as the username Roundcube // will use the current username for login $rcmail_config['smtp_user'] = ''; // SMTP password (if required) if you use %p as the password Roundcube // will use the current user's password for login $rcmail_config['smtp_pass'] = ''; // SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use // best server supported one) $rcmail_config['smtp_auth_type'] = ''; // Optional SMTP authentication identifier to be used as authorization proxy $rcmail_config['smtp_auth_cid'] = null; // Optional SMTP authentication password to be used for smtp_auth_cid $rcmail_config['smtp_auth_pw'] = null; // SMTP HELO host // Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages // Leave this blank and you will get the server variable 'server_name' or // localhost if that isn't defined. // Django : 2012-10-12 // default: $rcmail_config['smtp_helo_host'] = ''; $rcmail_config['smtp_helo_host'] = 'vml000090.dmz.nausch.org'; // SMTP connection timeout, in seconds. Default: 0 (no limit) $rcmail_config['smtp_timeout'] = 0; // ---------------------------------- // SYSTEM // ---------------------------------- // THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. // ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! $rcmail_config['enable_installer'] = false; // use this folder to store log files (must be writeable for apache user) // This is used by the 'file' log driver. $rcmail_config['log_dir'] = '/var/log/roundcubemail/'; // use this folder to store temp files (must be writeable for apache user) $rcmail_config['temp_dir'] = '${_tmppath}'; // lifetime of message cache // possible units: s, m, h, d, w $rcmail_config['message_cache_lifetime'] = '10d'; // enforce connections over https // with this option enabled, all non-secure connections will be redirected. // set the port for the ssl connection as value of this option if it differs from the default 443 // Django : 2012-10-12 // default: $rcmail_config['force_https'] = false; $rcmail_config['force_https'] = true; // tell PHP that it should work as under secure connection // even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) // e.g. when you're running Roundcube behind a https proxy // Django : 2012-10-12 // default: $rcmail_config['use_https'] = false; $rcmail_config['use_https'] = true; // Allow browser-autocompletion on login form. // 0 - disabled, 1 - username and host only, 2 - username, host, password $rcmail_config['login_autocomplete'] = 0; // If users authentication is not case sensitive this must be enabled. // You can also use it to force conversion of logins to lower case. // After enabling it all user records need to be updated, e.g. with query: // UPDATE users SET username = LOWER(username); $rcmail_config['login_lc'] = false; // automatically create a new Roundcube user when log-in the first time. // a new user will be created once the IMAP login succeeds. // set to false if only registered users can use this service $rcmail_config['auto_create_user'] = true; // replace Roundcube logo with this image // specify an URL relative to the document root of this Roundcube installation $rcmail_config['skin_logo'] = null; // Includes should be interpreted as PHP files $rcmail_config['skin_include_php'] = false; // Session lifetime in minutes // must be greater than 'keep_alive'/60 $rcmail_config['session_lifetime'] = 10; // session domain: .example.org $rcmail_config['session_domain'] = ''; // session name. Default: 'roundcube_sessid' $rcmail_config['session_name'] = null; // Backend to use for session storage. Can either be 'db' (default) or 'memcache' // If set to memcache, a list of servers need to be specified in 'memcache_hosts' // Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed $rcmail_config['session_storage'] = 'db'; // Use these hosts for accessing memcached // Define any number of hosts in the form hostname:port $rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211' ); // check client IP in session athorization // Django : 2012-10-12 // default: $rcmail_config['ip_check'] = false; $rcmail_config['ip_check'] = true; // check referer of incoming requests $rcmail_config['referer_check'] = false; // X-Frame-Options HTTP header value sent to prevent from Clickjacking. // Possible values: sameorigin|deny. Set to false in order to disable sending them $rcmail_config['x_frame_options'] = 'sameorigin'; // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. // Django : 2012-10-12 // default: $rcmail_config['des_key'] = 's1GdgDLxZRtnzOwICF97k9xy'; $rcmail_config['des_key'] = 's1GdgDLxZRtnzOwICF97k9xy'; //$rcmail_config['des_key'] = 'Np+l%tj2XI9Jzk6I!IVbY%xw'; // Automatically add this domain to user names for login // Only for IMAP servers that require full e-mail addresses for login // Specify an array with 'host' => 'domain' values to support multiple hosts // Supported replacement variables: // %h - user's IMAP hostname // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // %z - IMAP domain (IMAP hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld $rcmail_config['username_domain'] = ''; // This domain will be used to form e-mail addresses of new users // Specify an array with 'host' => 'domain' values to support multiple hosts // Supported replacement variables: // %h - user's IMAP hostname // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // %z - IMAP domain (IMAP hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld $rcmail_config['mail_domain'] = ''; // Password charset. // Use it if your authentication backend doesn't support UTF-8. // Defaults to ISO-8859-1 for backward compatibility $rcmail_config['password_charset'] = 'ISO-8859-1'; // How many seconds must pass between emails sent by a user $rcmail_config['sendmail_delay'] = 0; // Maximum number of recipients per message. Default: 0 (no limit) $rcmail_config['max_recipients'] = 0; // Maximum allowednumber of members of an address group. Default: 0 (no limit) // If 'max_recipients' is set this value should be less or equal $rcmail_config['max_group_members'] = 0; // add this user-agent to message headers when sending $rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; // use this name to compose page titles // Django : 2012-10-12 // default: $rcmail_config['product_name'] = 'Roundcube Webmail'; $rcmail_config['product_name'] = 'nausch.org (Webmailer)'; // try to load host-specific configuration // see http://trac.roundcube.net/wiki/Howto_Config for more details $rcmail_config['include_host_config'] = false; // path to a text file which will be added to each sent message // paths are relative to the Roundcube root folder $rcmail_config['generic_message_footer'] = ''; // path to a text file which will be added to each sent HTML message // paths are relative to the Roundcube root folder $rcmail_config['generic_message_footer_html'] = ''; // add a received header to outgoing mails containing the creators IP and hostname $rcmail_config['http_received_header'] = false; // Whether or not to encrypt the IP address and the host name // these could, in some circles, be considered as sensitive information; // however, for the administrator, these could be invaluable help // when tracking down issues. $rcmail_config['http_received_header_encrypt'] = false; // This string is used as a delimiter for message headers when sending // a message via mail() function. Leave empty for auto-detection $rcmail_config['mail_header_delimiter'] = NULL; // number of chars allowed for line when wrapping text. // text wrapping is done when composing/sending messages $rcmail_config['line_length'] = 72; // send plaintext messages as format=flowed $rcmail_config['send_format_flowed'] = true; // don't allow these settings to be overriden by the user $rcmail_config['dont_override'] = array(); // Set identities access level: // 0 - many identities with possibility to edit all params // 1 - many identities with possibility to edit all params but not email address // 2 - one identity with possibility to edit all params // 3 - one identity with possibility to edit all params but not email address // Django : 2012-10-12 // default: $rcmail_config['identities_level'] = 0; //$rcmail_config['identities_level'] = 3; // Django : 2013-05-17 // old : $rcmail_config['identities_level'] = 3; $rcmail_config['identities_level'] = 0; // Mimetypes supported by the browser. // attachments of these types will open in a preview window // either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' // Django : 2012-10-12 // default: $rcmail_config['client_mimetypes'] = null; # null == default $rcmail_config['client_mimetypes'] = 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png'; // mime magic database $rcmail_config['mime_magic'] = '/usr/share/misc/magic'; // path to imagemagick identify binary // Django : 2012-10-12 // default: $rcmail_config['im_identify_path'] = null; $rcmail_config['im_identify_path'] = '/usr/bin/gm'; // path to imagemagick convert binary // Django : 2012-10-12 // default: $rcmail_config['im_convert_path'] = null; $rcmail_config['im_convert_path'] = '/usr/bin/gm'; // maximum size of uploaded contact photos in pixel $rcmail_config['contact_photo_size'] = 160; // Enable DNS checking for e-mail address validation // Django : 2012-10-12 // default: $rcmail_config['email_dns_check'] = false; $rcmail_config['email_dns_check'] = true; // ---------------------------------- // PLUGINS // ---------------------------------- // List of active plugins (in plugins/ directory) // Django : 2012-10-12 // default: $rcmail_config['plugins'] = array(); $rcmail_config['plugins'] = array('archive','managesieve','new_user_dialog','password','vcard_attachments'); // ---------------------------------- // USER INTERFACE // ---------------------------------- // default messages sort column. Use empty value for default server's sorting, // or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' $rcmail_config['message_sort_col'] = ''; // default messages sort order $rcmail_config['message_sort_order'] = 'DESC'; // These cols are shown in the message list. Available cols are: // subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' $rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); // the default locale setting (leave empty for auto-detection) // RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR // Django : 2012-10-12 // default: $rcmail_config['language'] = null; $rcmail_config['language'] = 'de_DE'; // use this format for date display (date or strftime format) // Django : 2012-10-12 // default: $rcmail_config['date_format'] = 'Y-m-d'; $rcmail_config['date_format'] = 'd.m.Y'; // give this choice of date formats to the user to select from $rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); // use this format for time display (date or strftime format) $rcmail_config['time_format'] = 'H:i'; // give this choice of time formats to the user to select from $rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); // use this format for short date display (derived from date_format and time_format) $rcmail_config['date_short'] = 'D H:i'; // use this format for detailed date/time formatting (derived from date_format and time_format) $rcmail_config['date_long'] = 'd.m.Y H:i'; // store draft message is this mailbox // leave blank if draft messages should not be stored // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) $rcmail_config['drafts_mbox'] = 'Drafts'; // store spam messages in this mailbox // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) $rcmail_config['junk_mbox'] = 'Junk'; // store sent message is this mailbox // leave blank if sent messages should not be stored // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) $rcmail_config['sent_mbox'] = 'Sent'; // move messages to this folder when deleting them // leave blank if they should be deleted directly // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) $rcmail_config['trash_mbox'] = 'Trash'; // display these folders separately in the mailbox list. // these folders will also be displayed with localized names // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) $rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash'); // automatically create the above listed default folders on first login $rcmail_config['create_default_folders'] = false; // protect the default folders from renames, deletes, and subscription changes $rcmail_config['protect_default_folders'] = true; // if in your system 0 quota means no limit set this option to true $rcmail_config['quota_zero_as_unlimited'] = false; // Make use of the built-in spell checker. It is based on GoogieSpell. // Since Google only accepts connections over https your PHP installatation // requires to be compiled with Open SSL support $rcmail_config['enable_spellcheck'] = true; // Enables spellchecker exceptions dictionary. // Setting it to 'shared' will make the dictionary shared by all users. $rcmail_config['spellcheck_dictionary'] = false; // Set the spell checking engine. 'googie' is the default. 'pspell' is also available, // but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. // Django : 2012-10-12 // default: $rcmail_config['spellcheck_engine'] = 'googie'; $rcmail_config['spellcheck_engine'] = 'pspell'; // For a locally installed Nox Spell Server, please specify the URI to call it. // Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 // Leave empty to use the Google spell checking service, what means // that the message content will be sent to Google in order to check spelling $rcmail_config['spellcheck_uri'] = ''; // These languages can be selected for spell checking. // Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); // Leave empty for default set of available language. // Django : 2012-10-12 // default: $rcmail_config['spellcheck_languages'] = NULL; $rcmail_config['spellcheck_languages'] = array('en'=>'English', 'de'=>'Deutsch'); // Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) $rcmail_config['spellcheck_ignore_caps'] = false; // Makes that words with numbers will be ignored (e.g. g00gle) $rcmail_config['spellcheck_ignore_nums'] = false; // Makes that words with symbols will be ignored (e.g. g@@gle) $rcmail_config['spellcheck_ignore_syms'] = false; // Use this char/string to separate recipients when composing a new message $rcmail_config['recipients_separator'] = ','; // don't let users set pagesize to more than this value if set $rcmail_config['max_pagesize'] = 200; // Minimal value of user's 'keep_alive' setting (in seconds) // Must be less than 'session_lifetime' $rcmail_config['min_keep_alive'] = 60; // Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. // By default refresh time is set to 1 second. You can set this value to true // or any integer value indicating number of seconds. $rcmail_config['upload_progress'] = false; // Specifies for how many seconds the Undo button will be available // after object delete action. Currently used with supporting address book sources. // Setting it to 0, disables the feature. $rcmail_config['undo_timeout'] = 0; // ---------------------------------- // ADDRESSBOOK SETTINGS // ---------------------------------- // This indicates which type of address book to use. Possible choises: // 'sql' (default) and 'ldap'. // If set to 'ldap' then it will look at using the first writable LDAP // address book as the primary address book and it will not display the // SQL address book in the 'Address Book' view. $rcmail_config['address_book_type'] = 'sql'; // In order to enable public ldap search, configure an array like the Verisign // example further below. if you would like to test, simply uncomment the example. // Array key must contain only safe characters, ie. a-zA-Z0-9_ $rcmail_config['ldap_public'] = array(); // If you are going to use LDAP for individual address books, you will need to // set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. // // The recommended directory structure for LDAP is to store all the address book entries // under the users main entry, e.g.: // // o=root // ou=people // uid=user@domain // mail=contact@contactdomain // // So the base_dn would be uid=%fu,ou=people,o=root // The bind_dn would be the same as based_dn or some super user login. /* * example config for Verisign directory * $rcmail_config['ldap_public']['Verisign'] = array( 'name' => 'Verisign.com', // Replacement variables supported in host names: // %h - user's IMAP hostname // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // %z - IMAP domain (IMAP hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld 'hosts' => array('directory.verisign.com'), 'port' => 389, 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. // %fu - The full username provided, assumes the username is an email // address, uses the username_domain value if not an email address. // %u - The username prior to the '@'. // %d - The domain name after the '@'. // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // %dn - DN found by ldap search when search_filter/search_base_dn are used 'base_dn' => '', 'bind_dn' => '', 'bind_pass' => '', // It's possible to bind for an individual address book // The login name is used to search for the DN to bind with 'search_base_dn' => '', 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' // DN and password to bind as before searching for bind DN, if anonymous search is not allowed 'search_bind_dn' => '', 'search_bind_pw' => '', // Default for %dn variable if search doesn't return DN value 'search_dn_default' => '', // Optional authentication identifier to be used as SASL authorization proxy // bind_dn need to be empty 'auth_cid' => '', // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 'auth_method' => '', // Indicates if the addressbook shall be hidden from the list. // With this option enabled you can still search/view contacts. 'hidden' => false, // Indicates if the addressbook shall not list contacts but only allows searching. 'searchonly' => false, // Indicates if we can write to the LDAP directory or not. // If writable is true then these fields need to be populated: // LDAP_Object_Classes, required_fields, LDAP_rdn 'writable' => false, // To create a new contact these are the object classes to specify // (or any other classes you wish to use). 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), // The RDN field that is used for new entries, this field needs // to be one of the search_fields, the base of base_dn is appended // to the RDN to insert into the LDAP directory. 'LDAP_rdn' => 'mail', // The required fields needed to build a new contact as required by // the object classes (can include additional fields not required by the object classes). 'required_fields' => array('cn', 'sn', 'mail'), 'search_fields' => array('mail', 'cn'), // fields to search in // mapping of contact fields to directory attributes // for every attribute one can specify the number of values (limit) allowed. // default is 1, a wildcard * means unlimited 'fieldmap' => array( // Roundcube => LDAP:limit 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail:*', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'sort' => 'cn', // The field to sort the listing by. 'scope' => 'sub', // search mode: sub|base|list 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act 'fuzzy_search' => true, // server allows wildcard search 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups // definition for contact groups (uncomment if no groups are supported) // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) // if the groups base_dn is empty, the contact base_dn is used for the groups as well // -> in this case, assure that groups and contacts are separated due to the concernig filters! 'groups' => array( 'base_dn' => '', 'scope' => 'sub', // search mode: sub|base|list 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember 'name_attr' => 'cn', // attribute to be used as group name ), ); */ // An ordered array of the ids of the addressbooks that should be searched // when populating address autocomplete fields server-side. ex: array('sql','Verisign'); $rcmail_config['autocomplete_addressbooks'] = array('sql'); // The minimum number of characters required to be typed in an autocomplete field // before address books will be searched. Most useful for LDAP directories that // may need to do lengthy results building given overly-broad searches $rcmail_config['autocomplete_min_length'] = 1; // Number of parallel autocomplete requests. // If there's more than one address book, n parallel (async) requests will be created, // where each request will search in one address book. By default (0), all address // books are searched in one request. $rcmail_config['autocomplete_threads'] = 0; // Max. numer of entries in autocomplete popup. Default: 15. $rcmail_config['autocomplete_max'] = 15; // show address fields in this order // available placeholders: {street}, {locality}, {zipcode}, {country}, {region} $rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{country} {region}'; // Matching mode for addressbook search (including autocompletion) // 0 - partial (*abc*), default // 1 - strict (abc) // 2 - prefix (abc*) // Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode $rcmail_config['addressbook_search_mode'] = 0; // ---------------------------------- // USER PREFERENCES // ---------------------------------- // Use this charset as fallback for message decoding $rcmail_config['default_charset'] = 'ISO-8859-1'; // skin name: folder from skins/ // Django : 2013-05-17 // default: $rcmail_config['skin'] = 'default'; $rcmail_config['skin'] = 'classic'; // show up to X items in list view $rcmail_config['pagesize'] = 40; // sort contacts by this col (preferably either one of name, firstname, surname) $rcmail_config['addressbook_sort_col'] = 'surname'; // the way how contact names are displayed in the list // 0: display name // 1: (prefix) firstname middlename surname (suffix) // 2: (prefix) surname firstname middlename (suffix) // 3: (prefix) surname, firstname middlename (suffix) $rcmail_config['addressbook_name_listing'] = 0; // use this timezone to display date/time $rcmail_config['timezone'] = 'auto'; // is daylight saving On? Default: (bool)date('I'); // Django : 2012-10-12 // default: $rcmail_config['dst_active'] = null; $rcmail_config['dst_active'] = (bool)date('I'); // prefer displaying HTML messages $rcmail_config['prefer_html'] = true; // display remote inline images // 0 - Never, always ask // 1 - Ask if sender is not in address book // 2 - Always show inline images $rcmail_config['show_images'] = 0; // compose html formatted messages by default // 0 - never, 1 - always, 2 - on reply to HTML message only $rcmail_config['htmleditor'] = 0; // show pretty dates as standard $rcmail_config['prettydate'] = true; // save compose message every 300 seconds (5min) // Django : 2012-10-12 // default: $rcmail_config['draft_autosave'] = 300; $rcmail_config['draft_autosave'] = 60; // default setting if preview pane is enabled // Django : 2012-10-12 // default: $rcmail_config['preview_pane'] = false; $rcmail_config['preview_pane'] = true; // Mark as read when viewed in preview pane (delay in seconds) // Set to -1 if messages in preview pane should not be marked as read $rcmail_config['preview_pane_mark_read'] = 0; // Clear Trash on logout $rcmail_config['logout_purge'] = false; // Compact INBOX on logout // Django : 2012-10-12 // default: $rcmail_config['logout_expunge'] = false; $rcmail_config['logout_expunge'] = true; // Display attached images below the message body $rcmail_config['inline_images'] = true; // Encoding of long/non-ascii attachment names: // 0 - Full RFC 2231 compatible // 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) // 2 - Full 2047 compatible $rcmail_config['mime_param_folding'] = 1; // Set true if deleted messages should not be displayed // This will make the application run slower $rcmail_config['skip_deleted'] = false; // Set true to Mark deleted messages as read as well as deleted // False means that a message's read status is not affected by marking it as deleted $rcmail_config['read_when_deleted'] = true; // Set to true to never delete messages immediately // Use 'Purge' to remove messages marked as deleted $rcmail_config['flag_for_deletion'] = false; // Default interval for keep-alive/check-recent requests (in seconds) // Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' $rcmail_config['keep_alive'] = 60; // If true all folders will be checked for recent messages // Django : 2012-10-12 // default: $rcmail_config['check_all_folders'] = false; $rcmail_config['check_all_folders'] = true; // If true, after message delete/move, the next message will be displayed $rcmail_config['display_next'] = false; // 0 - Do not expand threads // 1 - Expand all threads automatically // 2 - Expand only threads with unread messages $rcmail_config['autoexpand_threads'] = 0; // When replying place cursor above original message (top posting) $rcmail_config['top_posting'] = false; // When replying strip original signature from message $rcmail_config['strip_existing_sig'] = true; // Show signature: // 0 - Never // 1 - Always // 2 - New messages only // 3 - Forwards and Replies only $rcmail_config['show_sig'] = 1; // When replying or forwarding place sender's signature above existing message $rcmail_config['sig_above'] = false; // Use MIME encoding (quoted-printable) for 8bit characters in message body $rcmail_config['force_7bit'] = false; // Defaults of the search field configuration. // The array can contain a per-folder list of header fields which should be considered when searching // The entry with key '*' stands for all folders which do not have a specific list set. // Please note that folder names should to be in sync with $rcmail_config['default_imap_folders'] $rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); // Defaults of the addressbook search field configuration. $rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); // 'Delete always' // This setting reflects if mail should be always deleted // when moving to Trash fails. This is necessary in some setups // when user is over quota and Trash is included in the quota. $rcmail_config['delete_always'] = false; // Behavior if a received message requests a message delivery notification (read receipt) // 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) // 3 = send automatically if sender is in addressbook, otherwise ask the user // 4 = send automatically if sender is in addressbook, otherwise ignore $rcmail_config['mdn_requests'] = 0; // Return receipt checkbox default state $rcmail_config['mdn_default'] = 0; // Delivery Status Notification checkbox default state $rcmail_config['dsn_default'] = 0; // Place replies in the folder of the message being replied to $rcmail_config['reply_same_folder'] = false; // Sets default mode of Forward feature to "forward as attachment" $rcmail_config['forward_attachment'] = false; // Defines address book (internal index) to which new contacts will be added // By default it is the first writeable addressbook. // Note: Use '0' for built-in address book. $rcmail_config['default_addressbook'] = null; // Enables spell checking before sending a message. // Django : 2012-10-12 // default: $rcmail_config['spellcheck_before_send'] = false; $rcmail_config['spellcheck_before_send'] = false; // Skip alternative email addresses in autocompletion (show one address per contact) $rcmail_config['autocomplete_single'] = false; // end of config file
Plugins
Mit Hilfe von Plugins kann Roundgroup um verschiedene Funktionen und Fähigkeiten erweitert werden. In unserem konfigurationsbeispiel beschränken wir uns dabei auf die zwei wichtigsten Plugins, nämlich Password und Managesieve.
Password
Damit unsere User später Ihr Passwort eigenständig ändern können, konfigurieren wir nun das zugehörige Plugin password. Als erstes kopieren wir die Vorgabedatei, die im RPM-Paket enthalten ist.
# cp /usr/share/roundcubemail/plugins/password/config.inc.php.dist /usr/share/roundcubemail/plugins/password/config.inc.php
Anschließend bearbeiten wir diese Datei und tragen dort die Datenbankanbindung zur MySQL sowie das benötigte SQL-Statement ein. Auch hier sind in dem nachfolgenden Beispiel die Änderungen mit Django gekennzeichnet.
# vim /usr/share/roundcubemail/plugins/password/config.inc.php
- /usr/share/roundcubemail/plugins/password/config.inc.php
<?php // Password Plugin options // ----------------------- // A driver to use for password change. Default: "sql". // See README file for list of supported driver names. $rcmail_config['password_driver'] = 'sql'; // Determine whether current password is required to change password. // Default: false. $rcmail_config['password_confirm_current'] = true; // Require the new password to be a certain length. // set to blank to allow passwords of any length $rcmail_config['password_minimum_length'] = 0; // Require the new password to contain a letter and punctuation character // Change to false to remove this check. $rcmail_config['password_require_nonalpha'] = false; // Enables logging of password changes into logs/password $rcmail_config['password_log'] = false; // SQL Driver options // ------------------ // PEAR database DSN for performing the query. By default // Roundcube DB settings are used. // Django : 2012-10-18 // default: $rcmail_config['password_db_dsn'] = ''; $rcmail_config['password_db_dsn'] = 'mysql://postfixadmin_user:E7Lnlg0MRG7l1bD74eZ81sUO@mysql.dmz.nausch.org/postfix'; // The SQL query used to change the password. // The query can contain the following macros that will be expanded as follows: // %p is replaced with the plaintext new password // %c is replaced with the crypt version of the new password, MD5 if available // otherwise DES. // %D is replaced with the dovecotpw-crypted version of the new password // %o is replaced with the password before the change // %n is replaced with the hashed version of the new password // %q is replaced with the hashed password before the change // %h is replaced with the imap host (from the session info) // %u is replaced with the username (from the session info) // %l is replaced with the local part of the username // (in case the username is an email address) // %d is replaced with the domain part of the username // (in case the username is an email address) // Escaping of macros is handled by this module. // Default: "SELECT update_passwd(%c, %u)" // Django : 2012-10-18 // default: $rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)'; $rcmail_config['password_query'] = 'UPDATE mailbox SET password = %D, modified=NOW() WHERE username = %u LIMIT 1'; // By default domains in variables are using unicode. // Enable this option to use punycoded names $rcmail_config['password_idn_ascii'] = false; // Path for dovecotpw (if not in $PATH) // Django : 2012-10-18 // default: unset $rcmail_config['password_dovecotpw'] = '/usr/bin/doveadm pw'; // Dovecot method (dovecotpw -s 'method') // Django : 2012-10-18 // default: $rcmail_config['password_dovecotpw_method'] = 'CRAM-MD5'; $rcmail_config['password_dovecotpw_method'] = 'MD5-CRYPT'; // Enables use of password with crypt method prefix in %D, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/ $rcmail_config['password_dovecotpw_with_method'] = false; // Using a password hash for %n and %q variables. // Determine which hashing algorithm should be used to generate // the hashed new and current password for using them within the // SQL query. Requires PHP's 'hash' extension. $rcmail_config['password_hash_algorithm'] = 'sha1'; // You can also decide whether the hash should be provided // as hex string or in base64 encoded format. $rcmail_config['password_hash_base64'] = false; // Poppassd Driver options // ----------------------- // The host which changes the password $rcmail_config['password_pop_host'] = 'localhost'; // TCP port used for poppassd connections $rcmail_config['password_pop_port'] = 106; // SASL Driver options // ------------------- // Additional arguments for the saslpasswd2 call $rcmail_config['password_saslpasswd_args'] = ''; // LDAP and LDAP_SIMPLE Driver options // ----------------------------------- // LDAP server name to connect to. // You can provide one or several hosts in an array in which case the hosts are tried from left to right. // Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com'); // Default: 'localhost' $rcmail_config['password_ldap_host'] = 'localhost'; // LDAP server port to connect to // Default: '389' $rcmail_config['password_ldap_port'] = '389'; // TLS is started after connecting // Using TLS for password modification is recommanded. // Default: false $rcmail_config['password_ldap_starttls'] = false; // LDAP version // Default: '3' $rcmail_config['password_ldap_version'] = '3'; // LDAP base name (root directory) // Exemple: 'dc=exemple,dc=com' $rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com'; // LDAP connection method // There is two connection method for changing a user's LDAP password. // 'user': use user credential (recommanded, require password_confirm_current=true) // 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW) // Default: 'user' $rcmail_config['password_ldap_method'] = 'user'; // LDAP Admin DN // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminDN'] = null; // LDAP Admin Password // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminPW'] = null; // LDAP user DN mask // The user's DN is mandatory and as we only have his login, // we need to re-create his DN using a mask // '%login' will be replaced by the current roundcube user's login // '%name' will be replaced by the current roundcube user's name part // '%domain' will be replaced by the current roundcube user's domain part // '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // Exemple: 'uid=%login,ou=people,dc=exemple,dc=com' $rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com'; // LDAP search DN // The DN roundcube should bind with to find out user's DN // based on his login. Note that you should comment out the default // password_ldap_userDN_mask setting for this to take effect. // Use this if you cannot specify a general template for user DN with // password_ldap_userDN_mask. You need to perform a search based on // users login to find his DN instead. A common reason might be that // your users are placed under different ou's like engineering or // sales which cannot be derived from their login only. $rcmail_config['password_ldap_searchDN'] = 'cn=roundcube,ou=services,dc=example,dc=com'; // LDAP search password // If password_ldap_searchDN is set, the password to use for // binding to search for user's DN. Note that you should comment out the default // password_ldap_userDN_mask setting for this to take effect. // Warning: Be sure to set approperiate permissions on this file so this password // is only accesible to roundcube and don't forget to restrict roundcube's access to // your directory as much as possible using ACLs. Should this password be compromised // you want to minimize the damage. $rcmail_config['password_ldap_searchPW'] = 'secret'; // LDAP search base // If password_ldap_searchDN is set, the base to search in using the filter below. // Note that you should comment out the default password_ldap_userDN_mask setting // for this to take effect. $rcmail_config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com'; // LDAP search filter // If password_ldap_searchDN is set, the filter to use when // searching for user's DN. Note that you should comment out the default // password_ldap_userDN_mask setting for this to take effect. // '%login' will be replaced by the current roundcube user's login // '%name' will be replaced by the current roundcube user's name part // '%domain' will be replaced by the current roundcube user's domain part // '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // Example: '(uid=%login)' // Example: '(&(objectClass=posixAccount)(uid=%login))' $rcmail_config['password_ldap_search_filter'] = '(uid=%login)'; // LDAP password hash type // Standard LDAP encryption type which must be one of: crypt, // ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. // Please note that most encodage types require external libraries // to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info. // Default: 'crypt' $rcmail_config['password_ldap_encodage'] = 'crypt'; // LDAP password attribute // Name of the ldap's attribute used for storing user password // Default: 'userPassword' $rcmail_config['password_ldap_pwattr'] = 'userPassword'; // LDAP password force replace // Force LDAP replace in cases where ACL allows only replace not read // See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace // Default: true $rcmail_config['password_ldap_force_replace'] = true; // LDAP Password Last Change Date // Some places use an attribute to store the date of the last password change // The date is meassured in "days since epoch" (an integer value) // Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange) $rcmail_config['password_ldap_lchattr'] = ''; // LDAP Samba password attribute, e.g. sambaNTPassword // Name of the LDAP's Samba attribute used for storing user password $rcmail_config['password_ldap_samba_pwattr'] = ''; // LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet // Some places use an attribute to store the date of the last password change // The date is meassured in "seconds since epoch" (an integer value) // Whenever the password is changed, the attribute will be updated if set $rcmail_config['password_ldap_samba_lchattr'] = ''; // DirectAdmin Driver options // -------------------------- // The host which changes the password // Use 'ssl://host' instead of 'tcp://host' when running DirectAdmin over SSL. // The host can contain the following macros that will be expanded as follows: // %h is replaced with the imap host (from the session info) // %d is replaced with the domain part of the username (if the username is an email) $rcmail_config['password_directadmin_host'] = 'tcp://localhost'; // TCP port used for DirectAdmin connections $rcmail_config['password_directadmin_port'] = 2222; // vpopmaild Driver options // ----------------------- // The host which changes the password $rcmail_config['password_vpopmaild_host'] = 'localhost'; // TCP port used for vpopmaild connections $rcmail_config['password_vpopmaild_port'] = 89; // cPanel Driver options // -------------------------- // The cPanel Host name $rcmail_config['password_cpanel_host'] = 'host.domain.com'; // The cPanel admin username $rcmail_config['password_cpanel_username'] = 'username'; // The cPanel admin password $rcmail_config['password_cpanel_password'] = 'password'; // The cPanel port to use $rcmail_config['password_cpanel_port'] = 2082; // Using ssl for cPanel connections? $rcmail_config['password_cpanel_ssl'] = true; // The cPanel theme in use $rcmail_config['password_cpanel_theme'] = 'x'; // XIMSS (Communigate server) Driver options // ----------------------------------------- // Host name of the Communigate server $rcmail_config['password_ximss_host'] = 'mail.example.com'; // XIMSS port on Communigate server $rcmail_config['password_ximss_port'] = 11024; // chpasswd Driver options // --------------------- // Command to use $rcmail_config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null'; // XMail Driver options // --------------------- $rcmail_config['xmail_host'] = 'localhost'; $rcmail_config['xmail_user'] = 'YourXmailControlUser'; $rcmail_config['xmail_pass'] = 'YourXmailControlPass'; $rcmail_config['xmail_port'] = 6017; // hMail Driver options // ----------------------- // Remote hMailServer configuration // true: HMailserver is on a remote box (php.ini: com.allow_dcom = true) // false: Hmailserver is on same box as PHP $rcmail_config['hmailserver_remote_dcom'] = false; // Windows credentials $rcmail_config['hmailserver_server'] = array( 'Server' => 'localhost', // hostname or ip address 'Username' => 'administrator', // windows username 'Password' => 'password' // windows user password ); // Virtualmin Driver options // ------------------------- // Username format: // 0: username@domain // 1: username%domain // 2: username.domain // 3: domain.username // 4: username-domain // 5: domain-username // 6: username_domain // 7: domain_username $rcmail_config['password_virtualmin_format'] = 0;
Managesieve
Damit unsere Mailkunden ihre sieve-Regeln direkt aus Roundcube heraus komfortabel ändern können, aktivieren wir das zugehörige Plugin managesieve
Als erstes kopieren wir die Vorgabedatei, die im RPM-Paket enthalten ist.
# cp /usr/share/roundcubemail/plugins/managesieve/config.inc.php.dist /usr/share/roundcubemail/plugins/managesieve/config.inc.php
Anschließend bearbeiten wir diese Datei und tragen dort die benötigten sieve-Konfigurationsdetail ein. Auch hier sind in dem nachfolgenden Beispiel die Änderungen mit Django gekennzeichnet.
# vim /usr/share/roundcubemail/plugins/managesieve/config.inc.php
- /usr/share/roundcubemail/plugins/managesieve/config.inc.php
<?php // managesieve server port // Django : 2012-10-12 // default: $rcmail_config['managesieve_port'] = 2000; $rcmail_config['managesieve_port'] = 4190; // managesieve server address, default is localhost. // Replacement variables supported in host name: // %h - user's IMAP hostname // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld // Django : 2012-10-12 //default: $rcmail_config['managesieve_host'] = 'localhost'; $rcmail_config['managesieve_host'] = 'imap.dmz.nausch.org'; // authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL // or none. Optional, defaults to best method supported by server. $rcmail_config['managesieve_auth_type'] = null; // Optional managesieve authentication identifier to be used as authorization proxy. // Authenticate as a different user but act on behalf of the logged in user. // Works with PLAIN and DIGEST-MD5 auth. $rcmail_config['managesieve_auth_cid'] = null; // Optional managesieve authentication password to be used for imap_auth_cid $rcmail_config['managesieve_auth_pw'] = null; // use or not TLS for managesieve server connection // it's because I've problems with TLS and dovecot's managesieve plugin // and it's not needed on localhost $rcmail_config['managesieve_usetls'] = false; // default contents of filters script (eg. default spam filter) $rcmail_config['managesieve_default'] = '/etc/dovecot/sieve/global'; // The name of the script which will be used when there's no user script $rcmail_config['managesieve_script_name'] = 'managesieve'; // Sieve RFC says that we should use UTF-8 endcoding for mailbox names, // but some implementations does not covert UTF-8 to modified UTF-7. // Defaults to UTF7-IMAP $rcmail_config['managesieve_mbox_encoding'] = 'UTF-8'; // I need this because my dovecot (with listescape plugin) uses // ':' delimiter, but creates folders with dot delimiter $rcmail_config['managesieve_replace_delimiter'] = ''; // disabled sieve extensions (body, copy, date, editheader, encoded-character, // envelope, environment, ereject, fileinto, ihave, imap4flags, index, // mailbox, mboxmetadata, regex, reject, relational, servermetadata, // spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc. // Note: not all extensions are implemented $rcmail_config['managesieve_disabled_extensions'] = array(); // Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve $rcmail_config['managesieve_debug'] = false; // Enables features described in http://wiki.kolab.org/KEP:14 $rcmail_config['managesieve_kolab_master'] = false; // Script name extension used for scripts including. Dovecot uses '.sieve', // Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled. $rcmail_config['managesieve_filename_extension'] = '.sieve'; // List of reserved script names (without extension). // Scripts listed here will be not presented to the user. $rcmail_config['managesieve_filename_exceptions'] = array(); ?>