Roundcube for macOS Server
What’s new in version 1.3.6?
- Roundcube Webmail 1.3.6
- High Sierra and Server 5.6 compatible
- Improved automatic congiguration of CardDav plugin
Compatibility
- Mac OS X Server 10.8.3 w/ Server 2.x – through -> 10.13.x High Sierra w/ Server.app 5.6.x
Why we made this installer
Mac OS X Server administrators usually wear many hats (entrepreneur, designer, etc.). We choose the Mac expecting it to have a nice GUI interface and all our basic needs to be met out of the box.
Apple used to provide webmail services in earlier versions of OS X Server (10.7 and earlier). For reasons unknown, webmail was dropped in 10.8 leaving it up to administrators to roll their own solution.
An OS X Server administrator with a Unix background could jump through all the hoops in a couple of hours – but lets face it, most OS X Server administrators would be stuck facing a day or more of tutorials, articles and frustration to get webmail working on their server.
As consultants specializing in mail services for OS X Server, we found ourselves repeating the same steps over and over with each new server installation. So we decided to apply our rule of thumb: if a repeatable process takes more than 30 minutes – document, automate and share.
What does the installer do?
Our installer for Roundcube for OS X Server installs Roundcube Webmail as a simple WebApp available to any website configured inside Server.app. When the WebApp is enabled (by default, its enabled for all sites), you can access webmail by adding /mail /webmail or /roundcube to your website URL.
Please browse our FAQs for answers to most questions.
- Why did Server 5.1 break Roundcube Webmail ?
- What is installed with Roundcube for OS X Server and how do I remove it?
- How do I enable/disable plugins?
- What does Roundcube log and how do I access the logs?
See current changelog for a complete list of fixes and additions.
Please read our FAQs as well.
The topicdesk Roundcube installer is a free download.
Thank you for updating this! 🙂
So all I can say is WOW. I recently upgraded from an OS X server running 10.6 to a new server running El Capitan. I was shocked that webmail wasn’t included. I had literally just sat down with drinks, snacks, and the next 4 hours of my life cleared to install roundcube from scratch. Then I stumbled onto your site and within 10 minutes I’m looking at my e-mail in a web browser? Outstanding. If you all are ever out in the Bay Area I owe you a beer or 6. If not I’d be happy to paypal or bitcoin a token of appreciation.
Roundcube working fine on Server 5, but not displaying any message dates. The dates are there (e.g. if you look at mail in Mail.app the messages all have dates) and messages appear be sorted by these dates (i.e. latest messages appear at top of Roundcube window) – but just not showing up. Also, if you reply or forward a message within Roundcube, the replied to message has the fomr “On , Username wrote:” – i.e. the date element is simply missing.
I guess something needs to be adjusted in Roundcube settings – any thoughts about what?
Thanks!
A few possibilities….
The left-most column has a gear which allows each user to choose which columns are visible to them.
Did you confirm the date column is selected?
The fact that the date isn’t displayed in the reply-quote “On , Username wrote:” is curious..
Each user can choose their time zone (Preferences/User Interface). The defautl is Auto, try setting the timezone vs Auto.
Have you made any changes to the roundcube config files? You will find them here:
/usr/local/topicdesk/roundcube/WebApp/config/config.inc.php
/usr/local/topicdesk/roundcube/WebApp/config/defaults.inc.php
PHP might have a config problem, watch the apache logs during roundcube login.
Hope that helps… If you are still stuck, I’d like to take a look myself (screensharing). You can reach me from the contact page.
Jeff
Hi Jeff
Yes, date column selected (that’s how I know it is blank).
Changing from Auto to UTC for timezone has no effect (as in date not displayed either way).
Made no changes to files.
Recently the only error appearing in Apache error log is this one, which is appearing daily just once:
[Wed Mar 30 06:49:47.848567 2016] [cgi:error] [pid 69008] [client 188.138.41.45:64398] AH02811: script not found or unable to stat: /Library/Server/Web/Data/CGI-Executables/system_cmd.cgi
Happy for you to have a look via screen sharing – I’ll drop you a note directly.
I had same issue. Finally solved.
Turns out that OSX Server has its own php.ini override in
/Library/Server/Web/Config/php/php.ini
which by default doesn’t specify a timezone and that then overrides the /etc php.ini to nothing
Editing that for UTC or your preferred timezone and then re-starting web server did the trick.
Thanks Alex – that worked to fix the date problem 🙂
And mine – thanks Alex
Just updated from 10.11.3 to 10.11.4 and my roundcube is gone, is that normal ?
@ Simon
That happened to me too. In installed Roundcube again and it worked just like before. All the settings were still there.
Server 5.1 doesn’t activate webapps properly for the two default sites.
The webapp may be checked/enabled on all sites, but only the customSites (not default sites) will be updated.
The quick fix is:
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/webappctl start com.topicdesk.roundcube
Some comments on the included config.inc.php:
1) Shouldn’t this:
$config[list_cols] = array(chbox, subject, status, fromto, date, size, flag, attachment);
have quotes like this:
$config[‘list_cols’] = array(‘chbox’, ‘subject’, ‘status’, ‘fromto’, ‘date’, ‘size’, ‘flag’, ‘attachment’);
2) $config[‘imap_auth_type’] = CRAM_MD5;
I think null would be better, as per defaults.inc.php, which says “or null to use best server supported one”.
3) I would argue for security by default, in other words, instead of:
$config[‘default_host’] = ‘localhost’;
$config[‘default_port’] = 143;
$config[‘smtp_server’] = ‘localhost’;
I would suggest:
$config[‘default_host’] = ‘ssl://localhost’;
$config[‘default_port’] = 993;
$config[‘smtp_server’] = ‘ssl://localhost’;
$config[‘smtp_port’] = 587;
4) Why are some lines “$config” and others “$rcmail_config”? I don’t see “rcmail_config” anywhere in defaults.inc.php.
5) What is this?:
$config[‘default_folders’] = array(‘INBOX’, ‘Drafts’, ‘Sent Messages’, ‘Junk’, ‘Deleted Messages’);
I don’t find “default_folders” anywhere in defaults.inc.php. It’s the only one not in there. Is it maybe leftover from an older roundcube?
Thanks.
Hi Sean…
Quotes aren’t necessary for this array, but its a good idea to use them anyway.
I’ll add it to the list for the next update.
I’ve had a few issues letting roundcube choose the best auth method.
CRAM-MD5 is enabled by default on every server version supported with this package.
These are localhost connections. No traffic passing across a network.
It’s common practice to accep less secure methods for localhost connections.
We like these settings to maintain compatability with older server versions which may not have SSL enabled.
This is a carrover from older ( < 1.0 ) versions of roundcube, for now – either works.
Thanks for mentioning this, we’ll update the config file in the next release.
Its not well documented.
As I understand it, these are the folders every user should have.
Its used alog with the “create_default_folders” option to setup the user’s folder structure automatically.
How can we improve the Roundcube Installer ?
We’d like to hear any suggestions: better defaults, useful plugins, etc.
Please post any suggestions here.
Jeff, thanks for your helpful reply. Not sure how to quote here, but…
Anything with “md5” in its name worries me, since md5 is long since broken, as I’m sure you know. https://en.wikipedia.org/wiki/MD5#Security I’m not sure what the strongest authentication mechanism OS X’s dovecot supports… maybe GSSAPI? http://wiki.dovecot.org/Authentication/Mechanisms So far, using null for the setting is working for me. Have you seen issues in 1.1.4 or only older?
It’s your product of course, but I still feel strongly that the setup should be more secure out-of-the-box. If you don’t want to set SSL by default, might I suggest at least keeping the comments from “defaults.inc.php” in your custom config file? That way people can know they can add the “ssl://” prefix. I naively assumed roundcube would automatically prefer SSL, but it seems not. 🙁
Sean
When roundcube and the imap/smtp server exist on the same host and use the loopback interface (127.0.0.1), there are zero packets to sniff on a wire. While it can be possible to sniff the loopback, this requires admin creds and access to the machine, if a hacker has that type of access, you have bigger problems – they can simply navigate to your mailstore and read all the mail stored in plain-text.
Same goes with SSL. Sure, you can use SSL on a the loopback… If I were a bad guy with the necessary access to your system, I wouldn’t be sniffing packets when I could simply read each message (past and present) straight from the disk.
IMO, there’s no point discussing how to secure imap/smtp traffic which never leaves the host when the focus should be on securing the server which stores that data in clear-text in postfix queues, backups, mailstore, bcc archive, etc.
I agree with your opinion when roundcube and the imap/smtp server are on different hosts.
Our installer is made for same-host installations but can be adapted as needed.
Jeff
Jeff, sorry, let me try to be more clear. Yes, I understand your point about being on the same host, and agree. I should have said explicitly: I run roundcube and imap/smtp on different hosts. Your last paragraph above is key.
Here’s a not-so-hypothetical scenario: someone installs your package. He finds your config.inc.php file. He sees “$config[‘default_host’] = ‘localhost’;” (with no surrounding comments) and naively changes it to the hostname of his mail server. Things work. He assumes things prefer SSL automagically, but they don’t. He didn’t know about defaults.inc.php, where the comments indicate an explicit “ssl://” prefix is required.
To be sure, in this scenario, the admin is at fault for not investigating thoroughly enough. But the Mac philosophy has always been one of user-friendliness and forgiveness of errors. And I’d wager most of your users are not full time UNIX greybeards. 🙂
If at least you include the defaults.inc.php comments, the error above is made much less likely.
If you additionally include “ssl://” by default, it’s less likely still. Agreed, it’s not so beneficial when using localhost, but it’s not harmful either! (Except I guess if your mail server doesn’t support SSL, but really who running their own email server doesn’t want their email private?!)
I guess my thinking is that as there’s little harm, but possibly great benefit, in including the “ssl://” by default, that it is preferable.
I see your case for including comments, I’ll include that in the next rev.
The settings will remain as-is to maintain the broadest compatability with default installations with or without SSL.
Somoene modifying the config to support other configurations is on their own 🙂
Thanks for the discussion, you had several great points we’ll use to improve the installation.
Jeff
my very deep thanks for your work and sharing
It seems to me that the provided “image_paster” plugin causes text pasting in roundcube’s HTML editor to not work at all, see here:
https://github.com/roundcube/roundcubemail/issues/5290
I think maybe the inclusion of this plugin should be reconsidered…
We’ll check this out before the next update.
Jeff
I just can’t get Roundcube to work on my Macbook Pro, no matter if I try to reinstall it. It’s as if it disappears right after I download it.
The app tries to send me to the following address, but it doesn’T work every time.
(https://127.0.0.1/roundcube).
Anybody can help with that? (I use round cube to host my email for my professional portfolio online).
Thank you in advance!
Hi Andreanne
Just sent an email to you directly…
Jeff
Very nice installer, all work fine, but when the mail (body) has unicode characters (i.e. Greek, like: Ελληνικά) the message can not be displayed and I get an message saying: “An error occurred! Could not load message from server.”…
Any ideas on what can I do to fix this?
(SquirrelMail has no problem on reading the same message,
so this is not a problem on the message/IMAP/server side)
I can’t be much help on this topic.
you may want to post in the roundcube support forums.
http://www.roundcubeforum.net
The config files are located at:
/usr/local/topicdesk/roundcube/WebApp/config
Jeff
Well, you kinda helped…
Although the forum seems broken, I found an answer that solved my problem.
Changing in rcube_imap_generic.php from $binary = true; to $binary = false; fixes the problem.
I guess it’s a unicode thing…
(If you could include it at your FAQ, it would help a lot of non-english-using people… there are a lot of us out there) 😉
Thanks for posting the solution.
Hopefully the issue is fixed in Roundcube 1.2 (released and available on roundcube.net)
If its not fixed in 1.2, we’ll add the FAQ.
FYI… We’ll have our installer upgraded to 1.2 in a few weeks
For those that want to try 1.2 asap, its easy enough to upgrade.
First step is alway to backup 🙂
Download 1.2 and unpack it
https://github.com/roundcube/roundcubemail/releases/download/1.2.0/roundcubemail-1.2.0-complete.tar.gz
In Terminal, cd into the bin directory of the new version, something like:
cd ~/Downloads/roundcubemail-1.2.0/bin
Then run the install script
sudo ./installto.sh /usr/local/topicdesk/roundcube/WebApp
Installed it and it works fine.
So it looks like its probably fixed
(assuming that the new rcube_imap_generic.php is not the one from 1.1 that I had fixed)
THNX! 🙂
Jeff, I realize this is free software that you do on your own time. That said, about 7 months ago you said, “We’ll have our installer upgraded to 1.2 in a few weeks.”
The last release of your installer for RoundCube was 1.1.4, and that was 11 months ago.
Are you dong this? If not, let us know and we’ll look for another option. No hard feelings, and thanks for the work so far.
how to enable change password plugin on here ?
Sorry – I can’t help you with the PW plugin.
I point users to OS X Server’s native page: /changepw
Server 5.2 breaks my Roundcube under OS X 10.11.6 ? Also after clean install Roundcube on a other server running 5.2 ?
Anybody know where to look. I can see the login page, i can login but after that the screen goes blank.
It looks like Server 5.2 broke mine as well, and I’m also on OS X 10.11.6. When I visit my webmail page I see the Roundcube header but in the main body area it only says “DATABASE ERROR: CONNECTION FAILED! / Unable to connect to the database! / Please contact your server-administrator.”
Anybody figured out a fix or have info on when an update will come that addresses it?
I see this blank page after logging in:
https://www.dodgechrome.com/webmail/?_task=login
So I remove the ?_task=login string and reload, and then see my mail. Also I can append this: &_mbox=INBOX to the end of the URL and then reload and see my mail. Looks like this:
https://www.dodgechrome.com/webmail/?_task=mail&_mbox=INBOX
For anyone with Server 5.2 issues….
I simply haven’t had time to update any of my own Servers to 5.2, it would be much faster if I take a look at a server having issues.
If you are OK with me taking a look via screenshare, its likely a quick fix and we’ll document the fix here.
contact me: jeff at topicdesk dot com
Jeff
Has anyone had success resolving this with the command found here:
https://topicdesk.com/faqs/why-did-server-5-1-break-roundcube-webmail/
I tryed the command form 5.1 broken webmail. It is not working. I can Conform that what Joe said is working.
Sorry, that don’t resolve the problem…
You don’t have permission to access /webmail/ on this server.
Please help.
I finally had a chance to check a machine with Server 5.2 installed.
The issue I encountered today stems from a change in the CardDAV server port.
CardDAV has defaulted to 8443 in the past, but Server 5.2 defaults to 443.
To confirm, look at the carddav plugin log
/usr/local/topicdesk/roundcube/WebApp/logs/errors
You’ll see this error
Failed to connect to localhost port 8443: Connection refused
To resolve this, we need to know if carddav is running:
sudo serveradmin status addressbook
If carddav is running, you’ll see:
addressbook:state = “RUNNING”
If carddav is RUNNING, change the carddav port to default with
sudo sed -i.bak ‘s/:8443//’ /usr/local/topicdesk/roundcube/WebApp/plugins/carddav/config.inc.php
Logout/Login to Roundcube.
Working?
If carddav is -NOT- RUNNING, the plugin should be disabled.
Edit
/usr/local/topicdesk/roundcube/WebApp/config/config.inc.php
Find this line, and remove carddav from the array
$config[‘plugins’] = array(‘image_paster’,’html5_notifier’,’chbox’,’carddav’,’managesieve’);
result
$config[‘plugins’] = array(‘image_paster’,’html5_notifier’,’chbox’,’managesieve’);
Hope that works for everyone 🙂
Sorry, that don’t resolve the problem…
You don’t have permission to access /webmail/ on this server.
Please help.
Eric – If you’d like me to take a look via screenshare, contact me
jeff -at- topicdesk -dot- com
Worked for me. I don’t have ‘carddav’ running, so I just removed the plugin. Thanks! – Joe
Has anyone tried this on OS X 10.12 Sierra?
No muss no fuss here on 10.12.1. Your mileage may vary.
I am assuming you are using 10.12 & Server 5.2? (i’ve been waiting on testing the upgrade until i saw others results 🙂
That’s right – MacOS 10.12.1 and Server 5.2.
Hi Jeff,
i have always this message..
Forbidden
You don’t have permission to access /webmail/ on this server.
Apache Server at miniserver.domaine-boinaud.com Port 80
Any solution Please ?
Eric
I was originally going to follow up on the problem raised by Eric Boinaud, in that I was receiving an error very similar to his, together with an error log entry of:
“[Sat Nov 19 23:04:35.760521 2016] [autoindex:error] [pid 82841] [client 192.168.147.21:64917] AH01276: Cannot serve directory /usr/local/topicdesk/roundcube/WebApp: No matching DirectoryIndex (index.php,index.html) found, and server-generated directory index forbidden by Options directive”.
However, part of my problem was camouflaged by having my own redirect in operation in Server 5.2 which meant that the (alias) contents of ‘/usr/local/topicdesk/roundcube/httpd.topicdeskroundcube.conf’ were bypassed. Nevertheless, I still found a problem because the main website uses a CMSms configuration that rewrites URLs to include .html for appearance’s sake, which meant that /mail was not aliased to the roundcube directory but was transformed to /mail.html, which went nowhere!! Eventually, to prevent the pre-emptive action of my PHP scripts (and .htaccess) and to ensure consistency, I amended ‘/usr/local/topicdesk/roundcube/httpd.topicdeskroundcube.conf’ to read:
Alias “/webmail/” “/usr/local/topicdesk/roundcube/WebApp/”
Alias “/Webmail/” “/usr/local/topicdesk/roundcube/WebApp/”
Alias “/WebMail/” “/usr/local/topicdesk/roundcube/WebApp/”
Alias “/mail/” “/usr/local/topicdesk/roundcube/WebApp/”
Alias “/roundcube/” “/usr/local/topicdesk/roundcube/WebApp/”
Alias “/Roundcube/” “/usr/local/topicdesk/roundcube/WebApp/”
AllowOverride All
Options -Indexes +FollowSymLinks
with trailing slashes. While the original format, Jeff, works adequately and correctly, to be absolutely specific could you do the same in the next iteration of the installation package, please?
I am no expert at things like this and if anyone can help, it will be much appreciated. I have my own company email address hence I need to have access to it on my mac and specially on my phone 24/7. The mail default for the business emails are Roundcube. I cam across this page and tried to download it, however once the Safari page opens, it says, ‘Safari was unable to connect to server’. Am I doing something wrong? Or is there a setting which needs to be adjusted? I just want it on both my devices (and my employers too) so they have access to it rather than going safari and logging in.
I am no expert at things like this and if anyone can help, it will be much appreciated. I have my own company email address hence I need to have access to it on my mac and specially on my phone 24/7. The mail default for the business emails are Roundcube. I cam across this page and tried to download it, however once the Safari page opens, it says, ‘Safari was unable to connect to server’. Am I doing something wrong? Or is there a setting which needs to be adjusted? I just want it on both my devices (and my employers too) so they have access to it rather than going safari and logging in.
Don’t know if I’m clumsy or have configured something really wrong.
I host 2 domains for 2 different users.
user1 have info@user1.com
user2 have info@user2.com
They have 2 very different password but when user2 made the mistake and typed her email-adress instead of username as login she gets the webmail of user1?
Any clues?
This is not a Roundcube issue, same error occurs even with Mail.
if
shortname1 have info@user1.com
and
shortname2 have shortname1@user2.com
and
shortname2 uses username shortname1@user2.com OS X vill display the mailbox of shortname1.
solved it by removing the %n from auth_username_format in 10-auth.conf
Feel free to delete this.
Hi Guys!
Is there a way to configure Roundcube to allow using the user’s email address for login? I see this done on other Roundcube installs, just don’t know how they’re implementing the capability. Users can use their email address to login to the MyDevices and WebCal portals, but round cube will only accept the account name on the authentication form.
remove the %n from auth_username_format in /Library/Server/Mail/Config/dovecot/conf.d/10-auth.conf and it works to login with the emai-adress.
I actually got it working via
$config[‘user_aliases’] = true;
in config.inc.php, which allows login via email addresses found in identities. Additionally, when also configuring $rcmail_config[‘mail_domain’] = ‘%d’; in a multi domain environment, you can even have first time users login at their respective <client_domain.tld>/mail with their email address. Would editing the dovecot config be better?
Thanks for your help,
— Mike
I’m looking to add a link to the tool bar, let’s say between the Address Book and Settings buttons, that opens a new window/tab to the macOS server’s webcal portal page. It works well manually, that is to say, after authenticating into roundcube, that same token lets you open a new tab, enter the webcal url, and be presented with your calendar without additional login.
I just ran the installer on a fresh OS X 10.11.6 install with Server version 5.2. The install went fine and the login page loads but when users try and login they get “Login Failed” messages. In the apache logs I see “SSL Library Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol — speaking not SSL to HTTPS port!?” and “[ssl:info] [pid 666] (70007)The timeout specified has expired: [client 10.8.0.2:54382] AH01991: SSL input filter read failed.” Is this an Apache config issue? Has anyone else seen this?
I figured it out. I changed the IMAP config to:
Added SSL to host:
$config[‘default_host’] = ‘ssl://localhost’;
Changed port from 143 to 993:
$config[‘default_port’] = 993;
Changed auth type from MD5 to PLAIN:
$config[‘imap_auth_type’] = PLAIN;
Now the login works fine.
macOS 10.12.5; server 5.3.1 – after installing is possible to login, than the page goes to blank. If I remove ?_task=login than it could be possible to see mails & to use web app.
Is there any step by step instruction how to fix the problem?
Regards.
I have almost the exact same problem.
I have OS X 10.11.6 with Server 5.1.7 and roundcube 1.2.5. Yesterday I upgraded to macOS 10.12.5 and Server 5.3.1 and I now I see the roundcube login page, but after clicking “login” it’s just a blank page. I don’t see any errors in the web server logs. Removing the “?_task=login” doesn’t make any difference in my case.
Andrew/Sean
Try removing the carddav reference from
/usr/local/topicdesk/roundcube/WebApp/config/config.inc.php
Jeff
In my case, it’s already not there. I have:
$config[‘plugins’] = array(‘html5_notifier’,’chbox’,’managesieve’);
Any other ideas?