Notes on Roundcube installation
1 Roundcube overview
Roundcube is a web application serving webmail. It uses a mysql/mariadb database called roundcubemail Our implementation has roundcube/webmail running on vm1 on apache, with SMTP/25 outgoing mail going to vm2 and reading incoming mail from vm3 that has dovecot as the mail LDA. (local delivery agent).
2 mariadb database "roundcubemail"
Access the database on vm1 as follows: mysql -u root -p
- show databases
- use roundcubemail
- show tables
- SELECT user, password FROM user
MariaDB [roundcubemail]> show COLUMNS FROM users
-> ;
+----------------------+------------------+------+-----+---------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------------------+------------------+------+-----+---------------------+----------------+
| user_id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| username | varchar(128) | NO | MUL | NULL | |
| mail_host | varchar(128) | NO | | NULL | |
| created | datetime | NO | | 1000-01-01 00:00:00 | |
| last_login | datetime | YES | | NULL | |
| failed_login | datetime | YES | | NULL | |
| failed_login_counter | int(10) unsigned | YES | | NULL | |
| language | varchar(5) | YES | | NULL | |
| preferences | longtext | YES | | NULL | |
+----------------------+------------------+------+-----+---------------------+----------------+
9 rows in set (0.006 sec)
MariaDB [roundcubemail]> SELECT user_id, username, mail_host, last_login FROM users
-> ;
+---------+----------+----------------+---------------------+
| user_id | username | mail_host | last_login |
+---------+----------+----------------+---------------------+
| 1 | zintis | vm3.zintis.ops | 2020-03-21 02:09:54 |
+---------+----------+----------------+---------------------+
1 row in set (0.001 sec)
MariaDB [roundcubemail]>
3 Roundcube installation
A wiki on how to do the installation is available on github.com ,
3.1 Make sure your semanage is set
roundcube service needs to write to /var/www/html/webmail/temp and /var/www/html/webmail/logs directories. SELinux may prevent that unless you explicitly allow them.
- First check if already set:
semanage fcontext --list | grep webmailWhich gave me this output:root@vm1/var/www/html/webmail[1023]$ semanage fcontext --list | grep webmail /usr/lib/courier/sqwebmail/cleancache\.pl regular file system_u:object_r:courier_sqwebmail_exec_t:s0 /var/www/html/webmail/logs(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/www/html/webmail/temp(/.*)? all files system_u:object_r:httpd_log_t:s0 root@vm1/var/www/html/webmail[1024]$
- Set if needed
The above output shows that I have it set already, but if I did not then the below example shows how to set it.
semanage fcontext -a -t httpd_log_t '/var/www/html/webmail/temp(/.*)?' semanage fcontext -a -t httpd_log_t '/var/www/html/webmail/logs(/.*)?' restorecon -v -R /var/www/html/webmail
3.2 What if my vm does not have SEManage?
Use yum to install it. dnf install policycoreutils-python
And if that fails, run: dnf provides /usr/sbin/semanage
- You will see it as
policycoreutils-pyton-utils-2.9.3.eI8_1.1.noarch
dnf provides /usr/sbin/semanage dnf install policycoreutils-python-utils-2.9-3.el8_1.1.noarch
3.3 setsebool
You need to use setsebool to tell selinux to allow the webserver to open
connections to the MTAs:
setsebool -P httpd_can_network_connect 1
Read off setsebool settings with:
getsebool -a | grep http
3.4 Now you are ready to install roundube/webmail:
read the file: /var/www/html/webmail/INSTALL
4 Setting up users on roundcubemail:
I tried this in my mariadb database:
MariaDB [roundcubemail]> GRANT ALL ON roundcubemail.* TO
'roundcubemail'@'localhost'
IDENTIFIED BY 'apalskubs';
Query OK, 0 rows affected (0.009 sec)
But as you can see it looks like it did NOT modify any rows. ? So who do I setup the correct id or ids with correct passwords?
5 Log files:
The location of log files is configurable in config/defaults.inc.php under the line: $config['debuglevel'] = 1; i.e /var/www/html/webmail/config
6 Free-form notes/log
On vm1, talk of DATABASE setup:
- copied /var/www/html/webmail/config/config.inc.php.sample to config.inc.php
(same directory)
edits to this file are:
- changing pass to actual password for roundcube
6.1 Creating the MySQL database:
The github.com instructions have:
mysql -u root -p
CREATE DATABASE roundcubemail CHARACTER SET utf8 COLLATE utf8generalci; GRANT ALL PRIVILEGES ON roundcubemail.* TO username@localhost IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'xxxxxxx';
The INSTALL file instructions are:
- MySQL
Setting up the mysql database can be done by creating an empty database, importing the table layout and granting the proper permissions to the roundcube user. Here is an example of that procedure:
> CREATE DATABASE roundcubemail *!40101 CHARACTER SET utf8 COLLATE utf8generalci *; > GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'apalskubs'; > quit
Note 1: 'password' is the master password for the roundcube user. It is strongly recommended you replace this with a more secure password. Please keep in mind: You need to specify this password later in 'config/db.inc.php'.
Summarizing:
6.1.1 Database is "roundcubemail"
6.1.2 user is "roundcube"
6.1.3 password is set correctly
6.2 My roundcube user and password
On vm1 create a new and dedicated username and password, not root or apache.
This will be a MySQL username and password. I will choose zintrc
for zintis roundcube and apalskubs, so: useradd roundcube followed by
passwd roundcube apalskubs
6.3 Initialize the roundcube tables with the pre-configured table that comes
with every version of roundcube
root@vm1/var/www/html/webmail[989]$
mysql roundcubemail < SQL/mysql.initial.sql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
root@vm1/var/www/html/webmail[990]$
mysql -u roundecube -p roundcubemail < SQL/mysql.initial.sql
Enter password: xxxxx
ERROR 1045 (28000): Access denied for user 'roundecube'@'localhost' (using password: YES)
root@vm1/var/www/html/webmail[991]$
mysql -u root -p roundcubemail < SQL/mysql.initial.sql
Enter password:
root@vm1/var/www/html/webmail[992]$
Or, do I have to redo the above, with user roundcube and her password which means I have to define user and password in MySQL first.
Answer:well, I did login as roundcube and found that the mysql.initial.sql database and tables were already created, so I left them as is.
6.3.1 Error when I try it twice. (I think default user is root as I used root's password here:
root@vm1/var/www/html/webmail[1012]$ mysql roundcubemail < SQL/mysql.initial.sql -p Enter password: ERROR 1050 (42S01) at line 8: Table 'session' already exists
7 Mariadb and other s/w supporting Roundcube
Welcome to the MariaDB monitor. Server version: 10.4.12-MariaDB MariaDB Server
7.1 use roundcubemail
MariaDB [(none)]> use roundcubemail Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A
Database changed MariaDB [roundcubemail]> show tables
7.2 status
MariaDB [roundcubemail]> status
mysql Ver 15.1 Distrib 10.4.12-MariaDB, for Linux (x8664) using readline 5.1
Connection id: 20 Current database: roundcubemail Current user: roundcube@localhost SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.4.12-MariaDB MariaDB Server Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: latin1 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8 UNIX socket: /var/lib/mysql/mysql.sock Uptime: 3 hours 23 min 25 sec
Threads: 7 Questions: 101 Slow queries: 0 Opens: 34 Flush tables: 1 Open tables: 28 Queries per second avg: 0.008
MariaDB [roundcubemail]>
8 php setup for roundcubemail (review in class)
Following the instructions from
I checked for all files named .htaccess
find . -name .htaccess -print
./var/www/html/webmail/temp/.htaccess
./var/www/html/webmail/publichtml/.htaccess
./var/www/html/webmail/config/.htaccess
./var/www/html/webmail/logs/.htaccess
./var/www/html/webmail/.htaccess
zintis@vm1/[1006]$
Ended up not changing any files named .htaccess (so far)
8.1 edit /etc/php.ini
According to the settings in (give link)
8.2 add php-xml and php-mbstring
dnf install php-xml php-mbstring (in sequence one at a time)
8.3 Added many more php modules:
dnf module enable php:remi-7.4 -y dnf install php-ldap php-imagick php-common php-gd php-imap php-json dnf instLL php-curl php-zip php-xml php-mbstring php-bz2 php-intl php-gmp
8.4 installer was disabled
At this point, browsing to http://192.168.128.76/webmail/installer/ gave me an error (rather than a blank screen) as follows:
The installer is disabled! To enable it again, set $config['enable_installer'] = true; in RCUBE_CONFIG_DIR/config.inc.php For me that was: vm1/var/www/html/webmail/config/config.inc.php
For me RCUBECONFIGDIR was /var/www/html/webmail/config But config.inc.php did not have the enableinstaller. Grepping in the whole directory found this:
root@vm1/var/www/html/webmail/config[1019]$ grep installer . defaults.inc.php:// For possible values see installer or http://php.net/manual/en/function.openlog.php defaults.inc.php:\(config['enable_installer'] = false; root@vm1/var/www/html/webmail/config[1020]\)
So, that was what I changed, defaults.inc.php
8.5 Make sure you have not renamed the installer directory
As good practice after installing, you should set enableinstaller to false as well as rename the installer directory to something safe, like: /var/www/html/webmail/installer-safe
However, the next time you come back to edit roundcube, and want to use the installer web page, you had better rename it back to "installer" otherwise you will be hit with a 404 error, not found.
8.6 Success.
9 Web installer
Looking at this output, gives you status of what needsto be fixed before installation is complete.\
10 roundcube@localhost db access
My web installer gave me an error on page 2 Check DB config
DSN (write): NOT OK(SQLSTATE[HY000] [1045] Access denied for user 'roundcube'@'localhost' (using password: YES))
Make sure that the configured database exists and that the user has write privileges DSN: mysql://roundcube:pass@localhost/roundcubemail
To fix this, vi /var/www/html/webmail/config/config.inc.php and change pass to the actual password for roundcube.
$config['dbdsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';
11 New error subsequently fixed:
After installing two additional php packages, php-intl and php-pear,
sudo dnf install -y php-intl php-pear
I got an error when opening the webmail/installer web page as follows: Wrong 'session.autostart' option value and it wasn't possible to set it to required value (Off). Check your PHP configuration (including phpadminflag).
I had to edit php.ini to change the autostart to off (was on).
11.1 Also fixed /etc/php.ini for timezone
date.timezone = America/Toronto
12 Focusing on /var/www/html/webmail/config/config.inc.php
The following lines were added or changed by me:
$config['dbdsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail'; to $config['dbdsnw'] = 'mysql://roundcube:apalskubs@localhost/roundcubemail';
$config['defaulthost'] = 'localhost'; to $config['defaulthost'] = 'localhost';
$config['smtpuser'] = '%u'; to $config['smtpuser'] = 'roundcube'; # have to add roundcube as a user for mail.
$config['smtpuser'] = '%p'; to $config['smtpuser'] = 'apalskubs'; # have to add roundcube as a user for mail.
$config['smtpport'] = 587; to $config['smtpport'] = 25;
/ SMTP password (if required) if you use %p as the password Roundcube / will use the current user's password for login
$config['smtppass'] = '%p'; to
/ provide an URL where a user can get support for this Roundcube installation / PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['supporturl'] = ''; to
/ this key is used to encrypt the users imap password which is stored / in the session record (and the client cookie if remember password is enabled). / please provide a string of exactly 24 chars. / YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS $config['deskey'] = 'rcmail-!24ByteDESkey*Str'; to
From INSTALL ? file ?
Note 1: 'password' is the master password for the roundcube user. It is strongly recommended you replace this with a more secure password. Please keep in mind: You need to specify this password later in 'config/db.inc.php'. No such file exists. The closest I got was config/config.inc.php
You only need to run certbot if you intend to run an internet certificate. In our lab we used self-signed local certificates. So don't bother with certbot.
on your smtp mail MTA (vm2) and MTA/MDA (dovecot on vm3)
certbot –apache –agree-tos –redirect –hsts –staple-ocsp –email zintis@zintis.ops -d zintis.ops
=================================
error on trying to install certbot on vm1
Complete!
Creating virtual environment…
Installing Python packages…
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.
AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf: SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
The apache plugin is not working; there may be problems with your existing configuration. The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:\nSSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty\n",) root@vm1/etc/httpd[1056]$
13 roundcube pre-encryption:
The setup files (see below) as well as the installer used port 25 for outgoing (smtp) to vm2. and port 143 for imap to vm3
outgoing smtp(25) did NOT have authentication setup, so in the installer webpage, just leave the password field blank. You should get an OK when testing smtp.
For the imap test, you must use your email user and password (to vm3).
14 roundcube config files
Used in roundcube setup are the following files, all under the config dir in
the roundcube root directory, which for me was /var/www/html/webmail/config
config.inc.php
defaults.inc.php
config.inc.php-from-installer-web # which I only used as an example, but