Webmail mit Roundcube unter CentOS 7.x

Benötigt man statt einer Groupwarelösung wie Horde nur einen Webmailer, bietet sich der Webmailer Roundcube an. Dieser Webmailer ist zum einen einfach und schnell installiert und zeichnet sich durch seine Robustheit aus.

Für die Installation des Webmailers benötigen wir noch ein paar PHP-Pakete, die wir Dank der Intergration des epel-Repositories mit Hilfe von yum einfach installieren können. Im Detail sind das folgende Pakete:

• php-pspell
• aspell-de
• php-mcrypt
• GraphicsMagick

 # yum install php-pspell aspell-de php-mcrypt GraphicsMagick -y

Für die deutsche Rechtschreibkorrektur gibt es im EPEL-Repository für CentOS 7.x (noch)¹⁾ kein RPM. Abhilfe schafft hier das Repository mailserver.guru. Haben wir das mailserver.guru Repository eingebunden wir das Paket aspell-de automatisch bei der Installation mit dem obigen Aufruf installiert.

Alternativ kann man natürlich acu das Paket manuell installieren. Hierzu laden wir das Paket aspell-de-20030222-1.el7.centos.x86_64.rpm auf unseren Rechner.

 # cd /usr/local/src/packages/

 # wget http://repo.mailserver.guru/7/x86_64/aspell-de-20030222-1.el7.centos.x86_64.rpm

Anschließend installieren wir dieses RPM mit Hilfe von yum.

 # yum localinstall --nogpgcheck aspell-de-20030222-1.el7.centos.x86_64.rpm

Wie immer kann man sich mit Hilfe des Aufrufes rpm -qil <Paketname> anzeigen lassen, was jedes einzelne Paket mit in das System gebracht hat.

Die Installation von Roundcube selbst ist kein Hexenwerk, braucht man doch nur das entsprechende RPM-Paket mit Hilfe von yum installieren.

 # yum install roundcubemail -y

Im RPM finden wir eine ausführliche Dokumentation zur Konfiguration von roundcubemail # cat /usr/share/doc/roundcubemail-1.0.2/INSTALL

INTRODUCTION
============
 
This file describes the basic steps to install Roundcube Webmail on your
web server. For additional information, please also consult the project's
wiki page at http://trac.roundcube.net/wiki
 
 
REQUIREMENTS
============
 
* The Apache, Lighttpd, Cherokee or Hiawatha web server
* .htaccess support allowing overrides for DirectoryIndex
* PHP Version 5.2.1 or greater including
   - PCRE, DOM, JSON, XML, Session, Sockets (required)
   - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
     Note: MySQL database driver requires PHP 5.3.7 or newer.
   - Libiconv (required)
   - Multibyte String (mbstring)
   - Mcrypt (supporting Triple DES)
   - Fileinfo (optional)
   - Zip (recommended)
* PEAR packages distributed with Roundcube or external:
   - Mail_Mime 1.8.1 or newer
   - Mail_mimeDecode 1.5.5 or newer
   - Net_SMTP (latest from https://github.com/pear/Net_SMTP/)
   - Net_IDNA2 0.1.1 or newer
   - Auth_SASL 1.0.6 or newer
   - Net_Sieve 1.3.2 or newer (for managesieve plugin)
   - Crypt_GPG 1.2.0 or newer (for enigma plugin)
* php.ini options (see .htaccess file):
   - error_reporting E_ALL & ~E_NOTICE (or lower)
   - memory_limit > 16MB (increase as suitable to support large attachments)
   - file_uploads enabled (for attachment upload features)
   - session.auto_start disabled
   - zend.ze1_compatibility_mode disabled
   - suhosin.session.encrypt disabled
   - mbstring.func_overload disabled
   - magic_quotes_runtime disabled
   - magic_quotes_sybase disabled
   - register_globals disabled (PHP < 5.4)
* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
  or SQLite support in PHP
* One of the above databases with permission to create tables
* An SMTP server (recommended) or PHP configured for mail delivery
 
 
INSTALLATION
============
 
1. Decompress and put this folder somewhere inside your document root
2. Make sure that the following directories (and the files within)
   are writable by the webserver
   - /temp
   - /logs
3. Create a new database and a database user for Roundcube (see DATABASE SETUP)
4. Point your browser to http://url-to-roundcube/installer/
5. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
6. After creating and testing the configuration, remove the installer directory
7. Check Known Issues section of this file
8. Done!
 
 
CONFIGURATION HINTS
===================
 
Roundcube writes internal errors to the 'errors' log file located in the logs
directory which can be configured in config/config.inc.php. If you want ordinary
PHP errors to be logged there as well, enable the 'php_value error_log' line
in the .htaccess file and set the path to the log file accordingly.
 
By default the session_path settings of PHP are not modified by Roundcube.
However if you want to limit the session cookies to the directory where
Roundcube resides you can uncomment and configure the according line
in the .htaccess file.
 
 
DATABASE SETUP
==============
 
Note: Database for Roundcube must use UTF-8 character set.
 
* MySQL
-------
Setting up the mysql database can be done by creating an empty database,
importing the table layout and granting the proper permissions to the
roundcube user. Here is an example of that procedure:
 
# mysql
> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
    IDENTIFIED BY 'password';
> quit
 
# mysql roundcubemail < SQL/mysql.initial.sql
 
Note 1: 'password' is the master password for the roundcube user. It is strongly
recommended you replace this with a more secure password. Please keep in
mind: You need to specify this password later in 'config/db.inc.php'.
 
 
* SQLite
--------
Versions of sqlite database engine older than 3 aren't supported.
Database file and structure is created automatically by Roundcube.
Make sure your configuration points to some file location and that the
webserver can write to the file and the directory containing the file.
 
 
* PostgreSQL
------------
To use Roundcube with PostgreSQL support you have to follow these
simple steps, which have to be done as the postgres system user (or
which ever is the database superuser):
 
$ createuser -P roundcube
$ createdb -O roundcube -E UNICODE roundcubemail
$ psql -U roundcube -f SQL/postgres.initial.sql roundcubemail
 
Note: in some system configurations you might need to add '-U postgres' to
createuser and createdb commands.
 
 
* Microsoft SQL Server
----------------------
Language/locale of the database must be set to us_english (1033). More info
on this at http://trac.roundcube.net/ticket/1488918.
 
 
Database cleaning
-----------------
To keep your database slick and clean we recommend to periodically execute
bin/cleandb.sh which finally removes all records that are marked as deleted.
Best solution is to install a cronjob running this script daily.
 
 
MANUAL CONFIGURATION
====================
 
First of all, copy the sample configuration file config/config.inc.php.sample
to config/config.inc.php and make the necessary adjustments according to your
environment and your needs. More configuration options can be copied from the
config/defaults.inc.php file into your local config.inc.php file as needed.
Read the comments above the individual configuration options to find out what
they do or read http://trac.roundcube.net/wiki/Howto_Install for even more
guidance.
 
You can also modify the default .htaccess file. This is necessary to
increase the allowed size of file attachments, for example:
        php_value       upload_max_filesize     2M
 
 
UPGRADING
=========
 
If you already have a previous version of Roundcube installed,
please refer to the instructions in UPGRADING guide.
 
 
OPTIMISING
==========
 
There are two forms of optimisation here, compression and caching, both aimed
at increasing an end user's experience using Roundcube Webmail. Compression
allows the static web pages to be delivered with less bandwidth. The index.php
of Roundcube Webmail already enables compression on its output. The settings
below allow compression to occur for all static files. Caching sets HTTP 
response headers that enable a user's web client to understand what is static
and how to cache it.
 
The caching directives used are:
 * Etags - sets at tag so the client can request is the page has changed
 * Cache-control - defines the age of the page and that the page is 'public'
   This enables clients to cache javascript files that don't have private 
   information between sessions even if using HTTPS. It also allows proxies
   to share the same cached page between users.
 * Expires - provides another hint to increase the lifetime of static pages.
 
For more information refer to RFC 2616.
 
Side effects:
-------------
These directives are designed for production use. If you are using this in
a development environment you may get horribly confused if your webclient
is caching stuff that you changed on the server. Disabling the expires 
parts below should save you some grief.
 
If you are changing the skins, it is recommended that you copy content to 
a different directory apart from 'default'.
 
Apache:
-------
To enable these features in apache the following modules need to be enabled:
 * mod_deflate
 * mod_expires
 * mod_headers
 
The optimisation is already included in the .htaccess file in the top 
directory of your installation.
 
If you are using Apache version 2.2.9 and later, in the .htaccess file
change the 'append' word to 'merge' for a more correct response. Keeping
as 'append' shouldn't cause any problems though changing to merge will 
eliminate the possibility of duplicate 'public' headers in Cache-control.
 
Lighttpd:
---------
With Lightty the addition of Expire: tags by mod_expire is incompatible with
the addition of "Cache-control: public". Using Cache-control 'public' is 
used below as it is assumed to give a better caching result.
 
Enable modules in server.modules:
    "mod_setenv"
    "mod_compress"
 
Mod_compress is a server side cache of compressed files to improve its performance.
 
$HTTP["host"] == "www.example.com" {
 
    static-file.etags = "enable"
    # http://redmine.lighttpd.net/projects/lighttpd/wiki/Etag.use-mtimeDetails
    etag.use-mtime = "enable"
 
    # http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModSetEnv
    $HTTP["url"] =~ "^/roundcubemail/(plugins|skins|program)" {
        setenv.add-response-header  = ( "Cache-Control" => "public, max-age=2592000")
    }
 
    # http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCompress
    # set compress.cache-dir to somewhere outside the docroot.
    compress.cache-dir   = var.statedir + "/cache/compress"
 
    compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml", "image/gif", "image/png")
}
 
 
KNOWN ISSUES
============
 
Installations with uw-imap server should set imap_disabled_caps = array('ESEARCH')
in main configuration file. ESEARCH implementation in this server is broken (#1489184).

Da wir einen eigenen vHOST für den WEB-Mailer anbieten wollen und keine Unterverzeichniss-Konfiguration, kommentieren wir den Inhalt der Apache-Konfigurationsdatei /etc/httpd/conf.d/roundcubemail.conf aus.

 # vim /etc/httpd/conf.d/roundcubemail.conf

/etc/httpd/conf.d/roundcubemail.conf

##
## Round Cube Webmail is a browser-based multilingual IMAP client
##
#
#Alias /roundcubemail /usr/share/roundcubemail
#
## Define who can access the Webmail
## You can enlarge permissions once configured
#
#<Directory /usr/share/roundcubemail/>
#    <IfModule mod_authz_core.c>
#        # Apache 2.4
#        Require local
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#        # Apache 2.2
#        Order Deny,Allow
#        Deny from all
#        Allow from 127.0.0.1
#        Allow from ::1
#    </IfModule>
#</Directory>
#
## Define who can access the installer
## keep this secured once configured
#
#<Directory /usr/share/roundcubemail/installer/>
#    <IfModule mod_authz_core.c>
#        # Apache 2.4
#        Require local
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#        # Apache 2.2
#        Order Deny,Allow
#        Deny from all
#        Allow from 127.0.0.1
#        Allow from ::1
#    </IfModule>
#</Directory>
#
## Those directories should not be viewed by Web clients.
#<Directory /usr/share/roundcubemail/bin/>
#    Order Allow,Deny
#    Deny from all
#</Directory>
#<Directory /usr/share/roundcubemail/plugins/enigma/home/>
#    Order Allow,Deny
#    Deny from all
#</Directory>

Für unsere Webmailer richten wir uns nun einen geeigneten vHost ein. Im Konfigurationsverzeichnis unseres Apache-Webservers legen wir uns eine neue vHOST-Konfigurationsdatei an.

 # vim /etc/httpd/conf.d/vhost_443_roundcubemail.conf

/etc/httpd/conf.d/vhost_443_roundcubemail.conf

#
# roundcubemail.sec-mail.guru
#
<VirtualHost *:80>
        ServerAdmin webmaster@nausch.org
        ServerName roundcubemail.sec-mail.guru
        ServerPath /
 
        <Location />
                Options -Indexes +FollowSymLinks
                Require all granted
        </Location>
 
        RewriteEngine on
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 
        DirectoryIndex index.php
 
        ErrorLog logs/roundcubemail_error.log
        CustomLog logs/roundcubemail_access.log combined
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin webmaster@nausch.org
        ServerName roundcubemail.sec-mail.guru
        ServerPath /
        DocumentRoot "/usr/share/roundcubemail"
 
        # Django
        # Required, because there is a host with same ServerName and
        # ServerAlias LISTENING ON PORT 80, - and if these lines are
        # not present, and .htaccess-Files or LDAP-Access is enabled
        # for one or more Directory the host on PORT 443 and PORT 80
        # will ASK for .htaccess ord LDAP-Access, so please remember
        # ----------------------------------------------------------
        # -- DO NOT DELETE THE FOLLOWING LINES, STARTING WITH SSL --
        # --         WHEN USING .htaccess or LDAP-Access!         --
        # ----------------------------------------------------------
        SSLEngine on
        SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite EECDH+AES256:DHE+AES256:EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
        SSLHonorCipherOrder on
        SSLCertificateFile /etc/pki/tls/private/CAcert-class3-wildcard.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        SSLCertificateChainFile /etc/pki/tls/private/CAcert_chain.crt
 
        # Define who can access the Webmail
        # You can enlarge permissions once configured
        <Directory /usr/share/roundcubemail/>
                <IfModule mod_authz_core.c>
                # before configuration
                Require local
                # after configuration
                # Require all granted
                </IfModule>
        </Directory>
 
        # Define who can access the installer
        # keep this secured once configured
        <Directory /usr/share/roundcubemail/installer/>
                <IfModule mod_authz_core.c>
                # while configuration
                Require host nausch.org
                # after configuration
                # Require local
                </IfModule>
        </Directory>
 
        # Those directories should not be viewed by Web clients.
        <Directory /usr/share/roundcubemail/bin/>
                Require all denied
        </Directory>
        <Directory /usr/share/roundcubemail/plugins/enigma/home/>
                Require all denied
        </Directory>
 
        DirectoryIndex index.php
        ErrorLog logs/postfixadmin_error.log
        CustomLog logs/postfixadmin_access.log combined
</VirtualHost>

...
 
        # Define who can access the Webmail
        # You can enlarge permissions once configured
 
        <Directory /usr/share/roundcubemail/>
                <IfModule mod_authz_core.c>
                # before configuration
                # Require local
                # after configuration
                Require all granted
                </IfModule>
        </Directory>
 
 
        # Define who can access the installer
        # keep this secured once configured
        <Directory /usr/share/roundcubemail/installer/>
                <IfModule mod_authz_core.c>
                # while configuration
                # Require host 10.0.0
                # after configuration
                Require local
                </IfModule>
        </Directory>
 
...

Bevor unseren Webserver starten, damit der neue vHost auch bedient werden kann, überprüfen wir die Konfiguration noch auf syntaktische Fehler.

 # apachectl -t

Ist alles O.K. dann steht einem Reload des Apache httpd nichts mehr im Wege.

 # systemctl reload httpd.service

Wollen wir den Reload kontrollieren, fragen wir den Status des Webservers ab.

 # systemctl status httpd.service

httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
   Active: active (running) since Tue 2014-09-09 18:26:47 CEST; 3h 48min ago
  Process: 20019 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 20368 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 20024 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─20024 /usr/sbin/httpd -DFOREGROUND
           ├─20372 /usr/sbin/httpd -DFOREGROUND
           ├─20373 /usr/sbin/httpd -DFOREGROUND
           ├─20374 /usr/sbin/httpd -DFOREGROUND
           ├─20375 /usr/sbin/httpd -DFOREGROUND
           └─20376 /usr/sbin/httpd -DFOREGROUND

Sep 09 22:15:07 vml000097.dmz.nausch.org systemd[1]: Reloading The Apache HTTP Server.
Sep 09 22:15:07 vml000097.dmz.nausch.org systemd[1]: Reloaded The Apache HTTP Server.

Ein Großteil der Benutzer-Konfigurationsdaten werden in einer mySQL-Datenbankgespeichert und vorgehalten.

Diese mySQL-Datenbank und der zugehörige Datenbankuser werden wird nun im ersten Schritt anlegen.

Wir melden uns also als berechtigter Datenbankuser an der mySQL-Datenbank an.

  # mysql -h mysql.dmz.nausch.org -u root -p

Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 188332
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Dort legen wir als aller erst einmal eine Datenbank mit dem Namen roundcubemail an.

 mysql> create database roundcubemail;

 Query OK, 1 row affected (0.04 sec)

Anschließend legen wir uns einen Datenbankuser an, denen wir entsprechende Rechte an der, gerade angelegten Datenbank horde einräumen. Als Namen nehme wir einfach hode_admin_user.

 mysql> CREATE USER 'roundcube_user'@'10.0.0.97' IDENTIFIED BY 'n491o5rbgsDK67DeM9sCHfzd';

 Query OK, 0 rows affected (0.00 sec)

und

 mysql> CREATE USER 'roundcube_user'@'vml000097.dmz.nausch.org' IDENTIFIED BY 'n491o5rbgsDKMS67DeM9sCHfzd';

 Query OK, 0 rows affected (0.00 sec)

Dem gerade angelegten Datenbankuser für Roundcube gewähren wir nun die nötigen Rechte, damit dieser vom Webserver aus, Tabellen anlegen, befüllen und verändern darf.

 mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube_user'@'10.0.0.97' IDENTIFIED BY 'n491o5rbgsDKMS67DeM9sCHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;

 Query OK, 0 rows affected (0.00 sec)

und

 mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube_user'@'vml000097.dmz.nausch.org' IDENTIFIED BY 'n491o5rbgsDKMS67DeM9sCHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;

 Query OK, 0 rows affected (0.00 sec) 

Zum Ende unserer mySQL-Userkonfiguration weisen wir unserem Nutzer die Berechtigungen zu.

 mysql> FLUSH PRIVILEGES;

 Query OK, 0 rows affected (0.00 sec)

Als nächstes überprüfen wir, ob der zuvor angelegt User/Zugang auch funktioniert.

 # mysql -D roundcubemail -h mysql.dmz.nausch.org -u roundcube_user -p

Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 188556
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [roundcubemail]>
<code>
<code>MySQL [roundcubemail]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| roundcubemail      |
+--------------------+
2 rows in set (0.00 sec)

MySQL [roundcubemail]>

Da der Test positiv ausgefallen ist, können wie uns wieder von unserem Datenbankserver abmelden.

MySQL [roundcubemail]> quit

Bye

Die von Roundcube benötigten Datebank-Tabellen, erstellen wir mit folgendem Aufruf.

 # mysql -D roundcubemail -h mysql.dmz.nausch.org -u roundcube_user -p < /usr/share/roundcubemail/SQL/mysql.initial.sql 

 Enter password: 

Damit der Installer später nicht beklagt, dass keine date.timezone gesetzt ist, kontrollieren wir noch kurz die Einstellungen in der Datei /etc/php.ini.

 # vim /etc/php.ini

...
 
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
; Django : 2014-09-09
; default: ;date.timezone =
date.timezone = "Europe/Berlin"
 
; http://php.net/date.default-latitude
;date.default_latitude = 31.7667
 
; http://php.net/date.default-longitude
;date.default_longitude = 35.2333
 
; http://php.net/date.sunrise-zenith
;date.sunrise_zenith = 90.583333
 
; http://php.net/date.sunset-zenith
;date.sunset_zenith = 90.583333
 
...

Haben wir eine Änderung vorgenommen, veranlassen wir zur Aktivierung der Option einen Reload des http-Daemon.

 # systemctl reload httpd.service

Die Konfiguration von Roundcube erfolgt über die zentrale Konfigurationsdatei config.inc.php im Verzeichnis /etc/roundcubemail/.

Die einfachste Variante diese Konfigurationsdatei zu erstellen ist über die WEB-GUI. Alternativ kann man natürlich auch die Datei direkt per Hand installieren. Werfen wir zu erst einmal einen Blick auf die Konfiguration mit Hilfe der WEB-GUI; hierzu rufen wir die /installer-URL auf.

 $ firefox https://roundcubemail.sec-mail/installer/

Auf der ersten Seite Check environment wird geprüft, ob die notwendigen Voraussetzungen gegeben sind. Wird ein Punkt beanstandet, kann man entsprechend eingreifen und den Fehler beheben. Passt alles, klickt man auf die Schaltfläche [ NEXT ] und man gelangt zum Schritt 2: Create config.

Hat man alle Angaben für die Konfiguration unseres WEB-Mailers eingetragen, klicken wir auf die Schaltfläche [ CREATE CONFIG ] um die Konfigurationsdatei online zu erstellen.

Hier haben wir zwei Möglichkeiten. Entweder wir kopieren den Text direkt aus dem Anzeigefenster und fügen den kopierten Text dann in die Datei /etc/roundcubemail/config.inc.php oder wir klicken auf die Schaltfläche [ Download ] und kopieren die Datei dann mit Hilfe von scp auf den Webserver.

 # less /etc/roundcubemail/config.inc.php 

/etc/roundcubemail/config.inc.php

<?php                                                                                                                                                                            
 
/* Local configuration for Roundcube Webmail */
 
// ----------------------------------
// SQL DATABASE
// ----------------------------------
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
$config['db_dsnw'] = 'mysql://roundcube_user:n491o5rbgsDK67DeM9sCHfzd@mysql.dmz.nausch.org/roundcubemail';
 
// ----------------------------------
// IMAP
// ----------------------------------
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
//          required to match old user data records with the new host.
$config['default_host'] = 'tls://imap.nausch.org';
 
// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'smtp.dmz.nausch.org';
 
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = 'https://dokuwiki.nausch.org/doku.php/centos:mail_c7:start';
 
// automatically create a new Roundcube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
$config['auto_create_user'] = true;
 
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = 'x5-Lx+B!1i?EElMdyPUE4t_6';
 
// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = array( );
 
// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$config['language'] = 'de_DE';
 
// store spam messages in this mailbox
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$config['junk_mbox'] = '';
 
// display these folders separately in the mailbox list.
// these folders will also be displayed with localized names
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$config['default_folders'] = array('INBOX', 'Drafts', 'Sent', '', 'Trash');
 
// Set the spell checking engine. Possible values:
// - 'googie'  - the default
// - 'pspell'  - requires the PHP Pspell module and aspell installed
// - 'enchant' - requires the PHP Enchant module
// - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
// Since Google shut down their public spell checking service, you need to 
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
$config['spellcheck_engine'] = 'pspell';
 
// prefer displaying HTML messages
$config['prefer_html'] = false;
 
// Encoding of long/non-ascii attachment names:
// 0 - Full RFC 2231 compatible
// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
// 2 - Full 2047 compatible
$config['mime_param_folding'] = 0;

Anschließend passen wir noch die Dateirechte der konfigurationsdatei an.

 # chmod 640 /etc/roundcubemail/config.inc.php

 # chown root.apache /etc/roundcubemail/config.inc.php

Nun können wir auf der WEB-GUI die Schaltfläche [ CONTINUE ] anklicken um zum dritten Schritt Test config zu gelangen.

Sind alle Tests bestanden, können wir den installer deaktivieren und die Anwendung für den abschließenden Test „Anmeldung als User an unserem neunen Webmailer.

 # vim /etc/httpd/conf.d/vhost_443_roundcubemail.conf

...
 
        # Define who can access the Webmail
        # You can enlarge permissions once configured
 
        <Directory /usr/share/roundcubemail/>
                <IfModule mod_authz_core.c>
                # before configuration
                # Require local
                # after configuration
                Require all granted
                </IfModule>
        </Directory>
 
 
        # Define who can access the installer
        # keep this secured once configured
        <Directory /usr/share/roundcubemail/installer/>
                <IfModule mod_authz_core.c>
                # while configuration
                # Require host 10.0.0
                # after configuration
                Require local
                </IfModule>
        </Directory>
 
...

 # systemctl reload httpd.service

Ob die Sperrung des installer passt, kontrollieren wir einfach durch einen erneuten Aufruf der betreffenden URL.

 $ firefox https://roundcubemail.sec-mail/installer/

Test eins ist schon mal bestanden, wir rufen also als nächstes die URL unseres Webmailers auf.

 $ firefox https://roundcubemail.sec-mail

Wir erreichen die Anmeldemaske und nun steht nur noch der Test an, ob wir uns auch anmelden können.

Mit Hilfe von Plugins kann Roundcube um verschiedene Funktionen und Fähigkeiten erweitert werden. Bei der Installation des RPM wurden bereits alle Plugins in das Verzeichnis /usr/share/roundcubemail/plugins/ kopiert. Einen Überblick verschaffen wir uns mit einem Blick in das betreffende Verzeichnis.

 # /usr/share/roundcubemail/plugins/

/usr/share/roundcubemail/plugins/
├── acl
├── additional_message_headers
├── archive
├── attachment_reminder
├── autologon
├── database_attachments
├── debug_logger
├── emoticons
├── enigma
├── example_addressbook
├── filesystem_attachments
├── help
├── hide_blockquote
├── http_authentication
├── identity_select
├── jqueryui
├── managesieve
├── markasjunk
├── newmail_notifier
├── new_user_dialog
├── new_user_identity
├── password
├── redundant_attachments
├── show_additional_headers
├── squirrelmail_usercopy
├── subscriptions_option
├── userinfo
├── vcard_attachments
├── virtuser_file
├── virtuser_query
└── zipdownload

In unserem konfigurationsbeispiel beschränken wir uns dabei auf die drei wichtigsten Plugins, nämlich Password und Managesieve und ACL.

Damit unsere User später Ihr Passwort eigenständig ändern können, konfigurieren wir nun das zugehörige Plugin password. Als erstes kopieren wir die Vorgabedatei, die im RPM-Paket enthalten ist.

 # cp -a /usr/share/roundcubemail/plugins/password/config.inc.php.dist /usr/share/roundcubemail/plugins/password/config.inc.php

Anschließend bearbeiten wir diese Datei und tragen dort die Datenbankanbindung zur MySQL sowie das benötigte SQL-Statement ein. In dem nachfolgenden Beispiel sind die nötigen Änderungen mit Django und Datum gekennzeichnet.

 # vim /usr/share/roundcubemail/plugins/password/config.inc.php

/usr/share/roundcubemail/plugins/password/config.inc.php