Email with Roundcube

Categories: Linux

(Back to the main article)

(Updated 2024 to Ubuntu 22.04)

Introduction

Roundcube is an open-source web-based application (ie runs within a webserver) which provides a GUI for interacting with IMAP and SMTP servers, ie for reading and composing email.

This article provides a brief introduction to installing it, particularly on webservers other than Apache and with the SQLlite database rather than MySQL. This information specifically applies to Ubuntu 22.04.1, PHP 8.1, and Roundcube 1.6.6.

Roundcube

If you have IMAP/SMTP through some provider but they don’t provide a web-interface, or you don’t like their web-interface then you can install Roundcube on any suitable server, and read/send mail through the Roundcube site.

And when you have installed your own IMAP/SMTP infrastructure, you can also install Roundcube (on same host or a different one) to provide a web-based interface to mail, as an alternative to a traditional email client app.

Roundcube is a PHP application, ie requires some webserver + the PHP runtime. It allows each user to configure their environment, so also needs a (small) database in which to store per-user settings. And it requires the address of an IMAP and SMTP server. That’s it - fairly simple.

If you are using, or willing to install, the traditional LAMP stack (Linux, Apache, MySQL, PHP) then installing Roundcube on Debian or Ubuntu is a snap - just apt install the relevant packages. There are many articles that describe how to install Roundcube in this way.

It appears that I am just destined to take the harder path - I currently use a webserver other than Apache (nginx), and don’t wish to have a database running permanently in the background just for a few dozen config-records, so installation was a little more complex. Nevertheless, a Roundcube system was up and running within a couple of hours, and it is very nice to use.

Authentication

It is of course necessary to “log in” to the Roundcube interface. However Roundcube simply passes the credentials on to the appropriate IMAP server, and if login there succeeds then that is considered sufficient. This means that there are no separate “roundcube credentials” to manage.

Using a Non-Apache Webserver

Ubuntu provides a “roundcube” package, but that has a required dependency on the Apache httpd server. Unfortunate, as Roundcube explicitly lists 4 different webservers that it supports in its INSTALL file. Therefore while the major dependencies can be installed via apt, Roundcube itself needs to be downloaded and installed manually. As Roundcube is just a set of PHP files, that is no big deal. Updates will of course not be automatically fetched, but it isn’t a particularly security-sensitive component (https is handled by the webserver, and authentication by the IMAP server).

Roundcube does state that they require support for Apache htaccess files, and the nginx server does not support these (for performance reasons) but in practice I have found that Roundcube is running fine under nginx.

Installing the Requirements

Roundcube has the following requirements

  • a php-enabled webserver
  • PHP7 or greater
  • postgresl, mysql or sqlite

I assume you have already installed a webserver, created a virtual host for mail (mail.example.com or similar) and obtained an SSL certificate for that hostname (eg via letsencrypt).

Installing the remaining requirements is simply:

  • apt install sqlite3 php php-fpm php-sqlite3 php-xml php-mbstring # mandatory
  • apt install php-zip php-intl # optional but recommended by the roundcube-installer

Setting up a “virtual host” webserver with NGINX

When using nginx, create /etc/nginx/sites-available/mail.example.com and:

  • ensure only SSL access is enabled, with the appropriate SSL certificate
  • copy the “location ~.php” from sites-available/default
  • uncomment “location ~.php” – just the “.sock” line, not the host:port one.
  • uncomment the “.htaccess” section
  • add index.php to the “index” property
  • run service nginx reload

For other webservers, do the equivalent to define a virtual host with SSL-only access and PHP.

Here is the relevant nginx file:

# mail.example.com

# definition for http
server {
    listen 80;
    listen [::]:80;
    server_name mail.example.com;

    # force redirect to https
    return 301 https://mail.example.com$request_uri;
}

# definition for https
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate /etc/letsencrypt/live/mail.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mail.example.com/privkey.pem;

    root /var/www/mail;

    index index.html index.php;

    server_name mail.example.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    # pass the PHP scripts to FastCGI server listening on local pipe
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    }
}

Installing Roundcube Manually

Download Roundcube by visiting the site, downloading the latest “complete” release to your desktop then copying it to the server. Or use curl:

VERSION=1.2.3
curl -L -o roundcube-$VERSION.tar.gz  https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz

Unpack the file, and follow the (simple) instructions in the INSTALL file. To be more explicit, these are the steps I took:

  • unpack file
  • move entire tree of files to mail-web-root (/var/www/mail in my case)
  • set appropriate file-ownership with chown -R root:root /var/www/mail (thus readable by all, but not writable by anyone)
  • make some writable locations for the app:
    • mkdir /var/roundcube
    • mkdir /var/roundcube/temp
    • mkdir /var/roundcube/logs
    • chown -R www-data /var/roundcube where www-data is the user the webserver runs as.

Roundcube should now be accessible - at least page “/installer” (see later for info on the installer).

The Database

As mentioned, Roundcube needs a database to store per-user information (not emails themselves, and no passwords). If you don’t have a database already permanently running, then SQLite is a good option - a simple single file without any daemon process.

Setting up Roundcube Configuration

The Roundcube PHP files include an “installer webapp”. This is accessible without a password, which seems a little worrying at first. However all the app does is prompt for inputs then generate a suitable configuration-file that can be copy-and-pasted onto the server. It does not write any data to the server - and in fact if you’ve followed the above installation instructions, then nothing in the Roundcube directory is writable by the webserver-user (www-data). Nevertheless, as recommended by the Roundcube INSTALL file, the entire installer directory should be deleted after it has been used to generate the needed config.

The installer app is useful, and I recommend using it. However it is also possible to just manually create the file under /var/www/mail/config (ie Roundcube config dir) by hand using the documentation on the Roundcube site and the base file in dir “config” of the unpacked tarfile.

The installer wizard is accessible at https://mail.example.com/installer, without password.

The installer has a helpful first page where it checks for its requirements and needed settings, and reports any problems. If it complains about “date.timezone not set” then:

  • vi /etc/php/8.1/fpm/php.ini
  • edit entry “date.timezone”; for options see http://php.net/manual/en/timezones.php
  • service php8.1-fpm restart

Once all prerequisites are ok:

  • choose sqlite as database, and set location to /var/roundcube/db.sqlite.
  • if your SMTP server (eg Postfix) is set up to require TLS on the submission port, then define smtp-host as “tls://name.of.host”.
  • set the “temp dir” to /var/roundcube/temp
  • set the “logs dir” to /var/roundcube/logs

Alternatively, temp and logs can be stored within the roundcube file-tree, ie under the mail-web-root, by simply running chgrp www-data temp; chmod g+w temp etc. However I find it more elegant to have the mail-web-root tree be entirely read-only, with temp and logs elsewhere.

And when the installer has generated its output, store this as config/config.ini.php in the mail-web-root - and enjoy the new Roundcube system.

Note that when using smtp over tls, the hostname must be the external name, not “localhost”, as Roundcube validates the cname of SSL certificate it receives against the hostname.

Other Notes

By default, roundcube logs to syslog such that error-messages end up in /var/log/syslog (not var/log/mail.log as might be expected).

It is probably a good idea to install fail2ban and to enable filtering for dovecot ie add dovecot to /etc/fail2ban/jail.d/local.conf.

References