Webmail mit Roundcube unter CentOS 7.x

Bild: Roundcube LogoBenötigt man statt einer Groupwarelösung wie Horde nur einen Webmailer, bietet sich der Webmailer Roundcube an. Dieser Webmailer ist zum einen einfach und schnell installiert und zeichnet sich durch seine Robustheit aus.

Voraussetzungen und Abhängigkeiten

Für die Installation des Webmailers benötigen wir noch ein paar PHP-Pakete, die wir Dank der Intergration des epel-Repositories mit Hilfe von yum einfach installieren können. Im Detail sind das folgende Pakete:

  • php-pspell
  • aspell-de
  • php-mcrypt
  • GraphicsMagick
 # yum install php-pspell aspell-de php-mcrypt GraphicsMagick -y

Für die deutsche Rechtschreibkorrektur gibt es im EPEL-Repository für CentOS 7.x (noch)1) kein RPM. Abhilfe schafft hier das Repository mailserver.guru. Haben wir das mailserver.guru Repository eingebunden wir das Paket aspell-de automatisch bei der Installation mit dem obigen Aufruf installiert.

Alternativ kann man natürlich acu das Paket manuell installieren. Hierzu laden wir das Paket aspell-de-20030222-1.el7.centos.x86_64.rpm auf unseren Rechner.

 # cd /usr/local/src/packages/
 # wget http://repo.mailserver.guru/7/x86_64/aspell-de-20030222-1.el7.centos.x86_64.rpm

Anschließend installieren wir dieses RPM mit Hilfe von yum.

 # yum localinstall --nogpgcheck aspell-de-20030222-1.el7.centos.x86_64.rpm

Wie immer kann man sich mit Hilfe des Aufrufes rpm -qil <Paketname> anzeigen lassen, was jedes einzelne Paket mit in das System gebracht hat.

Installation roundcube

Die Installation von Roundcube selbst ist kein Hexenwerk, braucht man doch nur das entsprechende RPM-Paket mit Hilfe von yum installieren.

 # yum install roundcubemail -y

Installations-/Konfigurationsdokumentation

Im RPM finden wir eine ausführliche Dokumentation zur Konfiguration von roundcubemail # cat /usr/share/doc/roundcubemail-1.0.2/INSTALL

INTRODUCTION
============
 
This file describes the basic steps to install Roundcube Webmail on your
web server. For additional information, please also consult the project's
wiki page at http://trac.roundcube.net/wiki
 
 
REQUIREMENTS
============
 
* The Apache, Lighttpd, Cherokee or Hiawatha web server
* .htaccess support allowing overrides for DirectoryIndex
* PHP Version 5.2.1 or greater including
   - PCRE, DOM, JSON, XML, Session, Sockets (required)
   - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
     Note: MySQL database driver requires PHP 5.3.7 or newer.
   - Libiconv (required)
   - Multibyte String (mbstring)
   - Mcrypt (supporting Triple DES)
   - Fileinfo (optional)
   - Zip (recommended)
* PEAR packages distributed with Roundcube or external:
   - Mail_Mime 1.8.1 or newer
   - Mail_mimeDecode 1.5.5 or newer
   - Net_SMTP (latest from https://github.com/pear/Net_SMTP/)
   - Net_IDNA2 0.1.1 or newer
   - Auth_SASL 1.0.6 or newer
   - Net_Sieve 1.3.2 or newer (for managesieve plugin)
   - Crypt_GPG 1.2.0 or newer (for enigma plugin)
* php.ini options (see .htaccess file):
   - error_reporting E_ALL & ~E_NOTICE (or lower)
   - memory_limit > 16MB (increase as suitable to support large attachments)
   - file_uploads enabled (for attachment upload features)
   - session.auto_start disabled
   - zend.ze1_compatibility_mode disabled
   - suhosin.session.encrypt disabled
   - mbstring.func_overload disabled
   - magic_quotes_runtime disabled
   - magic_quotes_sybase disabled
   - register_globals disabled (PHP < 5.4)
* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
  or SQLite support in PHP
* One of the above databases with permission to create tables
* An SMTP server (recommended) or PHP configured for mail delivery
 
 
INSTALLATION
============
 
1. Decompress and put this folder somewhere inside your document root
2. Make sure that the following directories (and the files within)
   are writable by the webserver
   - /temp
   - /logs
3. Create a new database and a database user for Roundcube (see DATABASE SETUP)
4. Point your browser to http://url-to-roundcube/installer/
5. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
6. After creating and testing the configuration, remove the installer directory
7. Check Known Issues section of this file
8. Done!
 
 
CONFIGURATION HINTS
===================
 
Roundcube writes internal errors to the 'errors' log file located in the logs
directory which can be configured in config/config.inc.php. If you want ordinary
PHP errors to be logged there as well, enable the 'php_value error_log' line
in the .htaccess file and set the path to the log file accordingly.
 
By default the session_path settings of PHP are not modified by Roundcube.
However if you want to limit the session cookies to the directory where
Roundcube resides you can uncomment and configure the according line
in the .htaccess file.
 
 
DATABASE SETUP
==============
 
Note: Database for Roundcube must use UTF-8 character set.
 
* MySQL
-------
Setting up the mysql database can be done by creating an empty database,
importing the table layout and granting the proper permissions to the
roundcube user. Here is an example of that procedure:
 
# mysql
> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
    IDENTIFIED BY 'password';
> quit
 
# mysql roundcubemail < SQL/mysql.initial.sql
 
Note 1: 'password' is the master password for the roundcube user. It is strongly
recommended you replace this with a more secure password. Please keep in
mind: You need to specify this password later in 'config/db.inc.php'.
 
 
* SQLite
--------
Versions of sqlite database engine older than 3 aren't supported.
Database file and structure is created automatically by Roundcube.
Make sure your configuration points to some file location and that the
webserver can write to the file and the directory containing the file.
 
 
* PostgreSQL
------------
To use Roundcube with PostgreSQL support you have to follow these
simple steps, which have to be done as the postgres system user (or
which ever is the database superuser):
 
$ createuser -P roundcube
$ createdb -O roundcube -E UNICODE roundcubemail
$ psql -U roundcube -f SQL/postgres.initial.sql roundcubemail
 
Note: in some system configurations you might need to add '-U postgres' to
createuser and createdb commands.
 
 
* Microsoft SQL Server
----------------------
Language/locale of the database must be set to us_english (1033). More info
on this at http://trac.roundcube.net/ticket/1488918.
 
 
Database cleaning
-----------------
To keep your database slick and clean we recommend to periodically execute
bin/cleandb.sh which finally removes all records that are marked as deleted.
Best solution is to install a cronjob running this script daily.
 
 
MANUAL CONFIGURATION
====================
 
First of all, copy the sample configuration file config/config.inc.php.sample
to config/config.inc.php and make the necessary adjustments according to your
environment and your needs. More configuration options can be copied from the
config/defaults.inc.php file into your local config.inc.php file as needed.
Read the comments above the individual configuration options to find out what
they do or read http://trac.roundcube.net/wiki/Howto_Install for even more
guidance.
 
You can also modify the default .htaccess file. This is necessary to
increase the allowed size of file attachments, for example:
        php_value       upload_max_filesize     2M
 
 
UPGRADING
=========
 
If you already have a previous version of Roundcube installed,
please refer to the instructions in UPGRADING guide.
 
 
OPTIMISING
==========
 
There are two forms of optimisation here, compression and caching, both aimed
at increasing an end user's experience using Roundcube Webmail. Compression
allows the static web pages to be delivered with less bandwidth. The index.php
of Roundcube Webmail already enables compression on its output. The settings
below allow compression to occur for all static files. Caching sets HTTP 
response headers that enable a user's web client to understand what is static
and how to cache it.
 
The caching directives used are:
 * Etags - sets at tag so the client can request is the page has changed
 * Cache-control - defines the age of the page and that the page is 'public'
   This enables clients to cache javascript files that don't have private 
   information between sessions even if using HTTPS. It also allows proxies
   to share the same cached page between users.
 * Expires - provides another hint to increase the lifetime of static pages.
 
For more information refer to RFC 2616.
 
Side effects:
-------------
These directives are designed for production use. If you are using this in
a development environment you may get horribly confused if your webclient
is caching stuff that you changed on the server. Disabling the expires 
parts below should save you some grief.
 
If you are changing the skins, it is recommended that you copy content to 
a different directory apart from 'default'.
 
Apache:
-------
To enable these features in apache the following modules need to be enabled:
 * mod_deflate
 * mod_expires
 * mod_headers
 
The optimisation is already included in the .htaccess file in the top 
directory of your installation.
 
If you are using Apache version 2.2.9 and later, in the .htaccess file
change the 'append' word to 'merge' for a more correct response. Keeping
as 'append' shouldn't cause any problems though changing to merge will 
eliminate the possibility of duplicate 'public' headers in Cache-control.
 
Lighttpd:
---------
With Lightty the addition of Expire: tags by mod_expire is incompatible with
the addition of "Cache-control: public". Using Cache-control 'public' is 
used below as it is assumed to give a better caching result.
 
Enable modules in server.modules:
    "mod_setenv"
    "mod_compress"
 
Mod_compress is a server side cache of compressed files to improve its performance.
 
$HTTP["host"] == "www.example.com" {
 
    static-file.etags = "enable"
    # http://redmine.lighttpd.net/projects/lighttpd/wiki/Etag.use-mtimeDetails
    etag.use-mtime = "enable"
 
    # http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModSetEnv
    $HTTP["url"] =~ "^/roundcubemail/(plugins|skins|program)" {
        setenv.add-response-header  = ( "Cache-Control" => "public, max-age=2592000")
    }
 
    # http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCompress
    # set compress.cache-dir to somewhere outside the docroot.
    compress.cache-dir   = var.statedir + "/cache/compress"
 
    compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml", "image/gif", "image/png")
}
 
 
KNOWN ISSUES
============
 
Installations with uw-imap server should set imap_disabled_caps = array('ESEARCH')
in main configuration file. ESEARCH implementation in this server is broken (#1489184).

Apachekonfig aus dem RPM

Da wir einen eigenen vHOST für den WEB-Mailer anbieten wollen und keine Unterverzeichniss-Konfiguration, kommentieren wir den Inhalt der Apache-Konfigurationsdatei /etc/httpd/conf.d/roundcubemail.conf aus.

 # vim /etc/httpd/conf.d/roundcubemail.conf
/etc/httpd/conf.d/roundcubemail.conf
##
## Round Cube Webmail is a browser-based multilingual IMAP client
##
#
#Alias /roundcubemail /usr/share/roundcubemail
#
## Define who can access the Webmail
## You can enlarge permissions once configured
#
#<Directory /usr/share/roundcubemail/>
#    <IfModule mod_authz_core.c>
#        # Apache 2.4
#        Require local
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#        # Apache 2.2
#        Order Deny,Allow
#        Deny from all
#        Allow from 127.0.0.1
#        Allow from ::1
#    </IfModule>
#</Directory>
#
## Define who can access the installer
## keep this secured once configured
#
#<Directory /usr/share/roundcubemail/installer/>
#    <IfModule mod_authz_core.c>
#        # Apache 2.4
#        Require local
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#        # Apache 2.2
#        Order Deny,Allow
#        Deny from all
#        Allow from 127.0.0.1
#        Allow from ::1
#    </IfModule>
#</Directory>
#
## Those directories should not be viewed by Web clients.
#<Directory /usr/share/roundcubemail/bin/>
#    Order Allow,Deny
#    Deny from all
#</Directory>
#<Directory /usr/share/roundcubemail/plugins/enigma/home/>
#    Order Allow,Deny
#    Deny from all
#</Directory>

Apache vHost

Für unsere Webmailer richten wir uns nun einen geeigneten vHost ein. Im Konfigurationsverzeichnis unseres Apache-Webservers legen wir uns eine neue vHOST-Konfigurationsdatei an.

 # vim /etc/httpd/conf.d/vhost_443_roundcubemail.conf
/etc/httpd/conf.d/vhost_443_roundcubemail.conf
#
# roundcubemail.sec-mail.guru
#
<VirtualHost *:80>
        ServerAdmin webmaster@nausch.org
        ServerName roundcubemail.sec-mail.guru
        ServerPath /
 
        <Location />
                Options -Indexes +FollowSymLinks
                Require all granted
        </Location>
 
        RewriteEngine on
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 
        DirectoryIndex index.php
 
        ErrorLog logs/roundcubemail_error.log
        CustomLog logs/roundcubemail_access.log combined
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin webmaster@nausch.org
        ServerName roundcubemail.sec-mail.guru
        ServerPath /
        DocumentRoot "/usr/share/roundcubemail"
 
        # Django
        # Required, because there is a host with same ServerName and
        # ServerAlias LISTENING ON PORT 80, - and if these lines are
        # not present, and .htaccess-Files or LDAP-Access is enabled
        # for one or more Directory the host on PORT 443 and PORT 80
        # will ASK for .htaccess ord LDAP-Access, so please remember
        # ----------------------------------------------------------
        # -- DO NOT DELETE THE FOLLOWING LINES, STARTING WITH SSL --
        # --         WHEN USING .htaccess or LDAP-Access!         --
        # ----------------------------------------------------------
        SSLEngine on
        SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite EECDH+AES256:DHE+AES256:EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
        SSLHonorCipherOrder on
        SSLCertificateFile /etc/pki/tls/private/CAcert-class3-wildcard.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        SSLCertificateChainFile /etc/pki/tls/private/CAcert_chain.crt
 
        # Define who can access the Webmail
        # You can enlarge permissions once configured
        <Directory /usr/share/roundcubemail/>
                <IfModule mod_authz_core.c>
                # before configuration
                Require local
                # after configuration
                # Require all granted
                </IfModule>
        </Directory>
 
        # Define who can access the installer
        # keep this secured once configured
        <Directory /usr/share/roundcubemail/installer/>
                <IfModule mod_authz_core.c>
                # while configuration
                Require host nausch.org
                # after configuration
                # Require local
                </IfModule>
        </Directory>
 
        # Those directories should not be viewed by Web clients.
        <Directory /usr/share/roundcubemail/bin/>
                Require all denied
        </Directory>
        <Directory /usr/share/roundcubemail/plugins/enigma/home/>
                Require all denied
        </Directory>
 
        DirectoryIndex index.php
        ErrorLog logs/postfixadmin_error.log
        CustomLog logs/postfixadmin_access.log combined
</VirtualHost>

Wichtig:

Solange wir unseren vHost noch nicht in der Produktionsumgebung steht und fertig konfiguriert wurde, beschränken wir den Zugriff auf den vHost noch. In der obigen Apache-vHOST ist dies bereits berücksichtigt!

Erst nach erfolgter Konfiguration geben wir den vHOST für unsere Nutzer frei; hierzu tragen wir in der Directive Directory wie folgt ab:

...
 
        # Define who can access the Webmail
        # You can enlarge permissions once configured
 
        <Directory /usr/share/roundcubemail/>
                <IfModule mod_authz_core.c>
                # before configuration
                # Require local
                # after configuration
                Require all granted
                </IfModule>
        </Directory>
 
 
        # Define who can access the installer
        # keep this secured once configured
        <Directory /usr/share/roundcubemail/installer/>
                <IfModule mod_authz_core.c>
                # while configuration
                # Require host 10.0.0
                # after configuration
                Require local
                </IfModule>
        </Directory>
 
...

Bevor unseren Webserver starten, damit der neue vHost auch bedient werden kann, überprüfen wir die Konfiguration noch auf syntaktische Fehler.

 # apachectl -t

Ist alles O.K. dann steht einem Reload des Apache httpd nichts mehr im Wege.

 # systemctl reload httpd.service

Wollen wir den Reload kontrollieren, fragen wir den Status des Webservers ab.

 # systemctl status httpd.service
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
   Active: active (running) since Tue 2014-09-09 18:26:47 CEST; 3h 48min ago
  Process: 20019 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 20368 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 20024 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─20024 /usr/sbin/httpd -DFOREGROUND
           ├─20372 /usr/sbin/httpd -DFOREGROUND
           ├─20373 /usr/sbin/httpd -DFOREGROUND
           ├─20374 /usr/sbin/httpd -DFOREGROUND
           ├─20375 /usr/sbin/httpd -DFOREGROUND
           └─20376 /usr/sbin/httpd -DFOREGROUND

Sep 09 22:15:07 vml000097.dmz.nausch.org systemd[1]: Reloading The Apache HTTP Server.
Sep 09 22:15:07 vml000097.dmz.nausch.org systemd[1]: Reloaded The Apache HTTP Server.

mySQL Datenbank

Ein Großteil der Benutzer-Konfigurationsdaten werden in einer mySQL-Datenbankgespeichert und vorgehalten.

Datenbank anlegen

Diese mySQL-Datenbank und der zugehörige Datenbankuser werden wird nun im ersten Schritt anlegen.

Wir melden uns also als berechtigter Datenbankuser an der mySQL-Datenbank an.

  # mysql -h mysql.dmz.nausch.org -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 188332
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Dort legen wir als aller erst einmal eine Datenbank mit dem Namen roundcubemail an.

 mysql> create database roundcubemail;
 Query OK, 1 row affected (0.04 sec)

Datenuserbank anlegen

Anschließend legen wir uns einen Datenbankuser an, denen wir entsprechende Rechte an der, gerade angelegten Datenbank horde einräumen. Als Namen nehme wir einfach hode_admin_user.

 mysql> CREATE USER 'roundcube_user'@'10.0.0.97' IDENTIFIED BY 'n491o5rbgsDK67DeM9sCHfzd';
 Query OK, 0 rows affected (0.00 sec)

und

 mysql> CREATE USER 'roundcube_user'@'vml000097.dmz.nausch.org' IDENTIFIED BY 'n491o5rbgsDKMS67DeM9sCHfzd';
 Query OK, 0 rows affected (0.00 sec)

Nutzerberechtigungen setzen

Dem gerade angelegten Datenbankuser für Roundcube gewähren wir nun die nötigen Rechte, damit dieser vom Webserver aus, Tabellen anlegen, befüllen und verändern darf.

 mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube_user'@'10.0.0.97' IDENTIFIED BY 'n491o5rbgsDKMS67DeM9sCHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
 Query OK, 0 rows affected (0.00 sec)

und

 mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube_user'@'vml000097.dmz.nausch.org' IDENTIFIED BY 'n491o5rbgsDKMS67DeM9sCHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
 Query OK, 0 rows affected (0.00 sec) 

Nutzerberechtigungen zuweisen

Zum Ende unserer mySQL-Userkonfiguration weisen wir unserem Nutzer die Berechtigungen zu.

 mysql> FLUSH PRIVILEGES;
 Query OK, 0 rows affected (0.00 sec)

Zugriff testen

Als nächstes überprüfen wir, ob der zuvor angelegt User/Zugang auch funktioniert.

 # mysql -D roundcubemail -h mysql.dmz.nausch.org -u roundcube_user -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 188556
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [roundcubemail]>
<code>
<code>MySQL [roundcubemail]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| roundcubemail      |
+--------------------+
2 rows in set (0.00 sec)

MySQL [roundcubemail]>

Da der Test positiv ausgefallen ist, können wie uns wieder von unserem Datenbankserver abmelden.

MySQL [roundcubemail]> quit
Bye

Datenbanktabellen anlegen

Die von Roundcube benötigten Datebank-Tabellen, erstellen wir mit folgendem Aufruf.

 # mysql -D roundcubemail -h mysql.dmz.nausch.org -u roundcube_user -p < /usr/share/roundcubemail/SQL/mysql.initial.sql 
 Enter password: 

PHP Date.Timezone

Damit der Installer später nicht beklagt, dass keine date.timezone gesetzt ist, kontrollieren wir noch kurz die Einstellungen in der Datei /etc/php.ini.

 # vim /etc/php.ini
...
 
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
; Django : 2014-09-09
; default: ;date.timezone =
date.timezone = "Europe/Berlin"
 
; http://php.net/date.default-latitude
;date.default_latitude = 31.7667
 
; http://php.net/date.default-longitude
;date.default_longitude = 35.2333
 
; http://php.net/date.sunrise-zenith
;date.sunrise_zenith = 90.583333
 
; http://php.net/date.sunset-zenith
;date.sunset_zenith = 90.583333
 
...

Haben wir eine Änderung vorgenommen, veranlassen wir zur Aktivierung der Option einen Reload des http-Daemon.

 # systemctl reload httpd.service

Roundcube Konfiguration

Die Konfiguration von Roundcube erfolgt über die zentrale Konfigurationsdatei config.inc.php im Verzeichnis /etc/roundcubemail/.

Die einfachste Variante diese Konfigurationsdatei zu erstellen ist über die WEB-GUI. Alternativ kann man natürlich auch die Datei direkt per Hand installieren. Werfen wir zu erst einmal einen Blick auf die Konfiguration mit Hilfe der WEB-GUI; hierzu rufen wir die /installer-URL auf.

 $ firefox https://roundcubemail.sec-mail/installer/

Bild: Bildschirmhardcopy des Roundcube Installers (WEB-GUI) "Check environment"

Auf der ersten Seite Check environment wird geprüft, ob die notwendigen Voraussetzungen gegeben sind. Wird ein Punkt beanstandet, kann man entsprechend eingreifen und den Fehler beheben. Passt alles, klickt man auf die Schaltfläche [ NEXT ] und man gelangt zum Schritt 2: Create config.

Bild: Bildschirmhardcopy des Roundcube Installers (WEB-GUI) "Create config"

Hat man alle Angaben für die Konfiguration unseres WEB-Mailers eingetragen, klicken wir auf die Schaltfläche [ CREATE CONFIG ] um die Konfigurationsdatei online zu erstellen.

Bild: Bildschirmhardcopy des Roundcube Installers (WEB-GUI) "Create config"

Hier haben wir zwei Möglichkeiten. Entweder wir kopieren den Text direkt aus dem Anzeigefenster und fügen den kopierten Text dann in die Datei /etc/roundcubemail/config.inc.php oder wir klicken auf die Schaltfläche [ Download ] und kopieren die Datei dann mit Hilfe von scp auf den Webserver.

 # less /etc/roundcubemail/config.inc.php 
/etc/roundcubemail/config.inc.php
<?php                                                                                                                                                                            
 
/* Local configuration for Roundcube Webmail */
 
// ----------------------------------
// SQL DATABASE
// ----------------------------------
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
$config['db_dsnw'] = 'mysql://roundcube_user:n491o5rbgsDK67DeM9sCHfzd@mysql.dmz.nausch.org/roundcubemail';
 
// ----------------------------------
// IMAP
// ----------------------------------
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
//          required to match old user data records with the new host.
$config['default_host'] = 'tls://imap.nausch.org';
 
// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'smtp.dmz.nausch.org';
 
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = 'https://dokuwiki.nausch.org/doku.php/centos:mail_c7:start';
 
// automatically create a new Roundcube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
$config['auto_create_user'] = true;
 
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = 'x5-Lx+B!1i?EElMdyPUE4t_6';
 
// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = array( );
 
// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$config['language'] = 'de_DE';
 
// store spam messages in this mailbox
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$config['junk_mbox'] = '';
 
// display these folders separately in the mailbox list.
// these folders will also be displayed with localized names
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$config['default_folders'] = array('INBOX', 'Drafts', 'Sent', '', 'Trash');
 
// Set the spell checking engine. Possible values:
// - 'googie'  - the default
// - 'pspell'  - requires the PHP Pspell module and aspell installed
// - 'enchant' - requires the PHP Enchant module
// - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
// Since Google shut down their public spell checking service, you need to 
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
$config['spellcheck_engine'] = 'pspell';
 
// prefer displaying HTML messages
$config['prefer_html'] = false;
 
// Encoding of long/non-ascii attachment names:
// 0 - Full RFC 2231 compatible
// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
// 2 - Full 2047 compatible
$config['mime_param_folding'] = 0;

Anschließend passen wir noch die Dateirechte der konfigurationsdatei an.

 # chmod 640 /etc/roundcubemail/config.inc.php
 # chown root.apache /etc/roundcubemail/config.inc.php

Nun können wir auf der WEB-GUI die Schaltfläche [ CONTINUE ] anklicken um zum dritten Schritt Test config zu gelangen.

Bild: Bildschirmhardcopy des Roundcube Installers (WEB-GUI) "Test config"

Sind alle Tests bestanden, können wir den installer deaktivieren und die Anwendung für den abschließenden Test „Anmeldung als User an unserem neunen Webmailer.

Wir ändern nun die Directive Directory in der Konfigurationsdatei /etc/httpd/conf.d/vhost_443_roundcubemail.conf die entsprechenden Einträge ab.

 # vim /etc/httpd/conf.d/vhost_443_roundcubemail.conf
...
 
        # Define who can access the Webmail
        # You can enlarge permissions once configured
 
        <Directory /usr/share/roundcubemail/>
                <IfModule mod_authz_core.c>
                # before configuration
                # Require local
                # after configuration
                Require all granted
                </IfModule>
        </Directory>
 
 
        # Define who can access the installer
        # keep this secured once configured
        <Directory /usr/share/roundcubemail/installer/>
                <IfModule mod_authz_core.c>
                # while configuration
                # Require host 10.0.0
                # after configuration
                Require local
                </IfModule>
        </Directory>
 
...

Anschließend führen wir einen Reload des HTTP-Daemon durch, damit die Änderung der Zugriffsrechte aktiv wird.

 # systemctl reload httpd.service

Ob die Sperrung des installer passt, kontrollieren wir einfach durch einen erneuten Aufruf der betreffenden URL.

 $ firefox https://roundcubemail.sec-mail/installer/

Bild: Bildschirmhardcopy des gesperrten Roundcube Installers (WEB-GUI)

Test eins ist schon mal bestanden, wir rufen also als nächstes die URL unseres Webmailers auf.

 $ firefox https://roundcubemail.sec-mail

Bild: Bildschirmhardcopy der Loginmaske des Roundcube Webmailers

Wir erreichen die Anmeldemaske und nun steht nur noch der Test an, ob wir uns auch anmelden können.

Bild: Bildschirmhardcopy des Roundcube Webmailers (bei erfolgreichem Login)

Mit Hilfe von Plugins kann Roundcube um verschiedene Funktionen und Fähigkeiten erweitert werden. Bei der Installation des RPM wurden bereits alle Plugins in das Verzeichnis /usr/share/roundcubemail/plugins/ kopiert. Einen Überblick verschaffen wir uns mit einem Blick in das betreffende Verzeichnis.

 # /usr/share/roundcubemail/plugins/
/usr/share/roundcubemail/plugins/
├── acl
├── additional_message_headers
├── archive
├── attachment_reminder
├── autologon
├── database_attachments
├── debug_logger
├── emoticons
├── enigma
├── example_addressbook
├── filesystem_attachments
├── help
├── hide_blockquote
├── http_authentication
├── identity_select
├── jqueryui
├── managesieve
├── markasjunk
├── newmail_notifier
├── new_user_dialog
├── new_user_identity
├── password
├── redundant_attachments
├── show_additional_headers
├── squirrelmail_usercopy
├── subscriptions_option
├── userinfo
├── vcard_attachments
├── virtuser_file
├── virtuser_query
└── zipdownload

In unserem konfigurationsbeispiel beschränken wir uns dabei auf die drei wichtigsten Plugins, nämlich Password und Managesieve und ACL. Hierzu tragen wir die drei Plugins bei der Konfigurations-Array plugins ein.

 # vim /etc/roundcubemail/config.inc.php
...
 
// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = array('acl','managesieve','password');
 
...

Password

Damit unsere User später Ihr Passwort eigenständig ändern können, konfigurieren wir nun das zugehörige Plugin password. Als erstes kopieren wir die Vorgabedatei, die im RPM-Paket enthalten ist.

 # cp -a /usr/share/roundcubemail/plugins/password/config.inc.php.dist /usr/share/roundcubemail/plugins/password/config.inc.php

Anschließend bearbeiten wir diese Datei und tragen dort die Datenbankanbindung zur MySQL sowie das benötigte SQL-Statement ein. In dem nachfolgenden Beispiel sind die nötigen Änderungen mit Django und Datum gekennzeichnet.

 # vim /usr/share/roundcubemail/plugins/password/config.inc.php
/usr/share/roundcubemail/plugins/password/config.inc.php
<?php
 
// Password Plugin options
// -----------------------
// A driver to use for password change. Default: "sql".
// See README file for list of supported driver names.
$config['password_driver'] = 'sql';
 
// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;
 
// Require the new password to be a certain length.
// set to blank to allow passwords of any length
// Django : 2014-09-10
// default: $config['password_minimum_length'] = 0;
$config['password_minimum_length'] = 8;
 
// Require the new password to contain a letter and punctuation character
// Change to false to remove this check.
// Django : 2014-09-10
// default: $config['password_require_nonalpha'] = false;
$config['password_require_nonalpha'] = true;
 
// Enables logging of password changes into logs/password
$config['password_log'] = false;
 
// Comma-separated list of login exceptions for which password change
// will be not available (no Password tab in Settings)
$config['password_login_exceptions'] = null;
 
// Array of hosts that support password changing. Default is NULL.
// Listed hosts will feature a Password option in Settings; others will not.
// Example:
//$config['password_hosts'] = array('mail.example.com', 'mail2.example.org');
$config['password_hosts'] = null;
 
// Enables saving the new password even if it matches the old password. Useful
// for upgrading the stored passwords after the encryption scheme has changed.
$config['password_force_save'] = false;
 
 
// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
// Django : 2014-09-10
// default: $config['password_db_dsn'] = '';
$config['password_db_dsn'] = 'mysql://pfadmin_user:rbgsDK39DeM2b2btx9iMHfzd@mysql.dmz.nausch.org/postfix';
 
// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as follows:
//      %p is replaced with the plaintext new password
//      %c is replaced with the crypt version of the new password, MD5 if available
//         otherwise DES. More hash function can be enabled using the password_crypt_hash 
//         configuration parameter.
//      %D is replaced with the dovecotpw-crypted version of the new password
//      %o is replaced with the password before the change
//      %n is replaced with the hashed version of the new password
//      %q is replaced with the hashed password before the change
//      %h is replaced with the imap host (from the session info)
//      %u is replaced with the username (from the session info)
//      %l is replaced with the local part of the username
//         (in case the username is an email address)
//      %d is replaced with the domain part of the username
//         (in case the username is an email address)
// Escaping of macros is handled by this module.
// Default: "SELECT update_passwd(%c, %u)"
// Django : 2014-09-10
// default: $config['password_query'] = 'SELECT update_passwd(%c, %u)';
$config['password_query'] = 'UPDATE mailbox SET password = %p, modified=NOW() WHERE username = %u LIMIT 1';
 
// By default the crypt() function which is used to create the '%c' 
// parameter uses the md5 algorithm. To use different algorithms 
// you can choose between: des, md5, blowfish, sha256, sha512.
// Before using other hash functions than des or md5 please make sure
// your operating system supports the other hash functions.
$config['password_crypt_hash'] = 'md5';
 
// By default domains in variables are using unicode.
// Enable this option to use punycoded names
$config['password_idn_ascii'] = false;
 
// Path for dovecotpw (if not in $PATH)
// $config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw';
 
// Dovecot method (dovecotpw -s 'method')
// Django : 2014-09-10
// default: $config['password_dovecotpw_method'] = 'CRAM-MD5';
$config['password_dovecotpw_method'] = 'CRAM-MD5';
 
// Enables use of password with crypt method prefix in %D, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/
$config['password_dovecotpw_with_method'] = false;
 
// Using a password hash for %n and %q variables.
// Determine which hashing algorithm should be used to generate
// the hashed new and current password for using them within the
// SQL query. Requires PHP's 'hash' extension.
$config['password_hash_algorithm'] = 'sha1';
 
// You can also decide whether the hash should be provided
// as hex string or in base64 encoded format.
$config['password_hash_base64'] = false;
 
 
// Poppassd Driver options
// -----------------------
// The host which changes the password
$config['password_pop_host'] = 'localhost';
 
// TCP port used for poppassd connections
$config['password_pop_port'] = 106;
 
 
// SASL Driver options
// -------------------
// Additional arguments for the saslpasswd2 call
$config['password_saslpasswd_args'] = '';
 
 
// LDAP and LDAP_SIMPLE Driver options
// -----------------------------------
// LDAP server name to connect to. 
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
// Default: 'localhost'
$config['password_ldap_host'] = 'localhost';
 
// LDAP server port to connect to
// Default: '389'
$config['password_ldap_port'] = '389';
 
// TLS is started after connecting
// Using TLS for password modification is recommanded.
// Default: false
$config['password_ldap_starttls'] = false;
 
// LDAP version
// Default: '3'
$config['password_ldap_version'] = '3';
 
// LDAP base name (root directory)
// Exemple: 'dc=exemple,dc=com'
$config['password_ldap_basedn'] = 'dc=exemple,dc=com';
 
// LDAP connection method
// There is two connection method for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
// Default: 'user'
$config['password_ldap_method'] = 'user';
 
// LDAP Admin DN
// Used only in admin connection mode
// Default: null
$config['password_ldap_adminDN'] = null;
 
// LDAP Admin Password
// Used only in admin connection mode
// Default: null
$config['password_ldap_adminPW'] = null;
 
// LDAP user DN mask
// The user's DN is mandatory and as we only have his login,
// we need to re-create his DN using a mask
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
$config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';
 
// LDAP search DN
// The DN roundcube should bind with to find out user's DN
// based on his login. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// Use this if you cannot specify a general template for user DN with
// password_ldap_userDN_mask. You need to perform a search based on
// users login to find his DN instead. A common reason might be that
// your users are placed under different ou's like engineering or
// sales which cannot be derived from their login only.
$config['password_ldap_searchDN'] = 'cn=roundcube,ou=services,dc=example,dc=com';
 
// LDAP search password
// If password_ldap_searchDN is set, the password to use for
// binding to search for user's DN. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// Warning: Be sure to set approperiate permissions on this file so this password
// is only accesible to roundcube and don't forget to restrict roundcube's access to
// your directory as much as possible using ACLs. Should this password be compromised
// you want to minimize the damage.
$config['password_ldap_searchPW'] = 'secret';
 
// LDAP search base
// If password_ldap_searchDN is set, the base to search in using the filter below.
// Note that you should comment out the default password_ldap_userDN_mask setting
// for this to take effect.
$config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com';
 
// LDAP search filter
// If password_ldap_searchDN is set, the filter to use when
// searching for user's DN. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
// Example: '(uid=%login)'
// Example: '(&(objectClass=posixAccount)(uid=%login))'
$config['password_ldap_search_filter'] = '(uid=%login)';
 
// LDAP password hash type
// Standard LDAP encryption type which must be one of: crypt,
// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, ad or clear.
// Please note that most encodage types require external libraries
// to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
// Default: 'crypt'
$config['password_ldap_encodage'] = 'crypt';
 
// LDAP password attribute
// Name of the ldap's attribute used for storing user password
// Default: 'userPassword'
$config['password_ldap_pwattr'] = 'userPassword';
 
// LDAP password force replace
// Force LDAP replace in cases where ACL allows only replace not read
// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
// Default: true
$config['password_ldap_force_replace'] = true;
 
// LDAP Password Last Change Date
// Some places use an attribute to store the date of the last password change
// The date is meassured in "days since epoch" (an integer value)
// Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange)
$config['password_ldap_lchattr'] = '';
 
// LDAP Samba password attribute, e.g. sambaNTPassword
// Name of the LDAP's Samba attribute used for storing user password
$config['password_ldap_samba_pwattr'] = '';
 
// LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet
// Some places use an attribute to store the date of the last password change
// The date is meassured in "seconds since epoch" (an integer value)
// Whenever the password is changed, the attribute will be updated if set
$config['password_ldap_samba_lchattr'] = '';
 
 
// DirectAdmin Driver options
// --------------------------
// The host which changes the password
// Use 'ssl://host' instead of 'tcp://host' when running DirectAdmin over SSL.
// The host can contain the following macros that will be expanded as follows:
//     %h is replaced with the imap host (from the session info)
//     %d is replaced with the domain part of the username (if the username is an email)
$config['password_directadmin_host'] = 'tcp://localhost';
 
// TCP port used for DirectAdmin connections
$config['password_directadmin_port'] = 2222;
 
 
// vpopmaild Driver options
// -----------------------
// The host which changes the password
$config['password_vpopmaild_host'] = 'localhost';
 
// TCP port used for vpopmaild connections
$config['password_vpopmaild_port'] = 89;
 
 
// cPanel Driver options
// --------------------------
// The cPanel Host name
$config['password_cpanel_host'] = 'host.domain.com';
 
// The cPanel admin username
$config['password_cpanel_username'] = 'username';
 
// The cPanel admin password
$config['password_cpanel_password'] = 'password';
 
// The cPanel port to use
$config['password_cpanel_port'] = 2087;
 
 
// XIMSS (Communigate server) Driver options
// -----------------------------------------
// Host name of the Communigate server
$config['password_ximss_host'] = 'mail.example.com';
 
// XIMSS port on Communigate server
$config['password_ximss_port'] = 11024;
 
 
// chpasswd Driver options
// ---------------------
// Command to use
$config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null';
 
 
// XMail Driver options
// ---------------------
$config['xmail_host'] = 'localhost';
$config['xmail_user'] = 'YourXmailControlUser';
$config['xmail_pass'] = 'YourXmailControlPass';
$config['xmail_port'] = 6017;
 
 
// hMail Driver options
// -----------------------
// Remote hMailServer configuration
// true:  HMailserver is on a remote box (php.ini: com.allow_dcom = true)
// false: Hmailserver is on same box as PHP
$config['hmailserver_remote_dcom'] = false;
// Windows credentials
$config['hmailserver_server'] = array(
    'Server' => 'localhost', // hostname or ip address
    'Username' => 'administrator', // windows username
    'Password' => 'password' // windows user password
);
 
 
// Virtualmin Driver options
// -------------------------
// Username format:
// 0: username@domain
// 1: username%domain
// 2: username.domain
// 3: domain.username
// 4: username-domain
// 5: domain-username
// 6: username_domain
// 7: domain_username
$config['password_virtualmin_format'] = 0;
 
 
// pw_usermod Driver options
// --------------------------
// Use comma delimited exlist to disable password change for users
// Add the following line to visudo to tighten security:
// www  ALL=NOPASSWORD: /usr/sbin/pw
$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n';
 
 
// DBMail Driver options
// -------------------
// Additional arguments for the dbmail-users call
$config['password_dbmail_args'] = '-p sha512';
 
 
// Expect Driver options
// ---------------------
// Location of expect binary
$config['password_expect_bin'] = '/usr/bin/expect';
 
// Location of expect script (see helpers/passwd-expect)
$config['password_expect_script'] = '';
 
// Arguments for the expect script. See the helpers/passwd-expect file for details.
// This is probably a good starting default:
//   -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log
$config['password_expect_params'] = '';
 
 
// smb Driver options
// ---------------------
// Samba host (default: localhost)
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
$config['password_smb_host'] = 'localhost';
// Location of smbpasswd binary
$config['password_smb_cmd'] = '/usr/bin/smbpasswd';

Über den Menüpunkt Einstellungen / Passwort können wir nun vom Webmailer aus das Passwort ändern.

Bild: Roundcube Webmailer - Dialog zum Ändern des Passwortes

Managesieve

Damit unsere Mailkunden ihre sieve-Regeln direkt aus Roundcube heraus komfortabel ändern können, aktivieren wir das zugehörige Plugin managesieve

Auch hier kopieren wir als erstes die Vorgabedatei aus dem RPM-Paket.

 # cp /usr/share/roundcubemail/plugins/managesieve/config.inc.php.dist /usr/share/roundcubemail/plugins/managesieve/config.inc.php -a

Anschließend bearbeiten wir diese Datei und tragen dort die benötigten sieve-Konfigurationsdetail ein. Auch hier sind in dem nachfolgenden Beispiel die Änderungen mit Django und Datum gekennzeichnet.

 # vim /usr/share/roundcubemail/plugins/managesieve/config.inc.php
/usr/share/roundcubemail/plugins/managesieve/config.inc.php
<?php
 
// managesieve server port. When empty the port will be determined automatically
// using getservbyname() function, with 4190 as a fallback.
// Django : 2014-09-10
// default: $config['managesieve_port'] = null;
$config['managesieve_port'] = 4190;
 
// managesieve server address, default is localhost.
// Replacement variables supported in host name:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
// Django : 2014-09-10
// default: $config['managesieve_host'] = 'localhost';
$config['managesieve_host'] = 'imap.dmz.nausch.org';
 
// authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
// or none. Optional, defaults to best method supported by server.
$config['managesieve_auth_type'] = null;
 
// Optional managesieve authentication identifier to be used as authorization proxy.
// Authenticate as a different user but act on behalf of the logged in user.
// Works with PLAIN and DIGEST-MD5 auth.
$config['managesieve_auth_cid'] = null;
 
// Optional managesieve authentication password to be used for imap_auth_cid
$config['managesieve_auth_pw'] = null;
 
// use or not TLS for managesieve server connection
// Note: tls:// prefix in managesieve_host is also supported
// Django : 2014-09-10
// default: $config['managesieve_usetls'] = false;
$config['managesieve_usetls'] = true;
 
// default contents of filters script (eg. default spam filter)
$config['managesieve_default'] = '/etc/dovecot/sieve/global';
 
// The name of the script which will be used when there's no user script
$config['managesieve_script_name'] = 'managesieve';
 
// Sieve RFC says that we should use UTF-8 endcoding for mailbox names,
// but some implementations does not covert UTF-8 to modified UTF-7.
// Defaults to UTF7-IMAP
$config['managesieve_mbox_encoding'] = 'UTF-8';
 
// I need this because my dovecot (with listescape plugin) uses
// ':' delimiter, but creates folders with dot delimiter
$config['managesieve_replace_delimiter'] = '';
 
// disabled sieve extensions (body, copy, date, editheader, encoded-character,
// envelope, environment, ereject, fileinto, ihave, imap4flags, index,
// mailbox, mboxmetadata, regex, reject, relational, servermetadata,
// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc.
// Note: not all extensions are implemented
$config['managesieve_disabled_extensions'] = array();
 
// Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve
$config['managesieve_debug'] = false;
 
// Enables features described in http://wiki.kolab.org/KEP:14
$config['managesieve_kolab_master'] = false;
 
// Script name extension used for scripts including. Dovecot uses '.sieve',
// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled.
$config['managesieve_filename_extension'] = '.sieve';
 
// List of reserved script names (without extension).
// Scripts listed here will be not presented to the user.
$config['managesieve_filename_exceptions'] = array();
 
// List of domains limiting destination emails in redirect action
// If not empty, user will need to select domain from a list
$config['managesieve_domains'] = array();
 
// Enables separate management interface for vacation responses (out-of-office)
// 0 - no separate section (default),
// 1 - add Vacation section,
// 2 - add Vacation section, but hide Filters section
$config['managesieve_vacation'] = 0;
 
// Supported methods of notify extension. Default: 'mailto'
$config['managesieve_notify_methods'] = array('mailto');

Über den Menüpunkt Einstellungen / Filter können wir nun vom Webmailer aus das Passwort ändern.

Bild: Roundcube Webmailer - Dialog zum Verwalter der sieve-Regeln

ACL

Für die Verwaltung von Shared Foldern konfigurieren wir nun noch das ACL-Plugin. Als erstes kopieren wir die Konfigurationsdatei aus dem RPM.

 # cp /usr/share/roundcubemail/plugins/acl/config.inc.php.dist /usr/share/roundcubemail/plugins/acl/config.inc.php -a

Anschließend bearbeiten wir nun diese neue Datei.

 # vim /usr/share/roundcubemail/plugins/acl/config.inc.php
/usr/share/roundcubemail/plugins/acl/config.inc.php
<?php
 
// Default look of access rights table
// In advanced mode all access rights are displayed separately
// In simple mode access rights are grouped into four groups: read, write, delete, full 
$config['acl_advanced_mode'] = false;
 
// LDAP addressbook that would be searched for user names autocomplete.
// That should be an array refering to the $config['ldap_public'] array key
// or complete addressbook configuration array.
$config['acl_users_source'] = '';
 
// The LDAP attribute which will be used as ACL user identifier
$config['acl_users_field'] = 'mail';
 
// The LDAP search filter will be &'d with search queries
$config['acl_users_filter'] = '';
 
// Include the following 'special' access control subjects in the ACL dialog;
// Defaults to array('anyone', 'anonymous') (not when set to an empty array)
// Example: array('anyone') to exclude 'anonymous'.
// Set to an empty array to exclude all special aci subjects.
$config['acl_specials'] = array('anyone', 'anonymous');
 
?>

Über den Menüpunkt Einstellungen / Ordner / Ordnereigenschaften / Freigabe können wir nun vom Webmailer aus die Zugriffsrechte für andere auf einzelne Ordner verwalten.

Bild: Roundcube Webmailer - Dialog zum Verwalten von ACLs für Shared Folders

Links


1)
Stand: September 2014
Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
  • centos/mail_c7/roundcube_1.txt
  • Zuletzt geändert: 22.07.2019 14:43.
  • von django