From 915077175894a07d0d10a66bb2455e5abe82ad9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Kov=C3=A1cs?= Date: Tue, 3 Nov 2020 18:41:03 +0100 Subject: [PATCH 1/7] Add dovecot missing ssl files as common error See https://github.com/mailcow/mailcow-dockerized/issues/2672 --- docs/debug-common_problems.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/debug-common_problems.md b/docs/debug-common_problems.md index dbc5ace30..fca48842e 100644 --- a/docs/debug-common_problems.md +++ b/docs/debug-common_problems.md @@ -72,7 +72,22 @@ dism /online /Enable-Feature /FeatureName:TelnetClient Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container. +## Dovecot keeps restarting (see [#2672](https://github.com/mailcow/mailcow-dockerized/issues/2672)) +Check that you have the following files in `data/assets/ssl`: + + +``` +-r--r--r-- 1 root root 3554 Nov 3 17:07 cert.pem +-rw-r--r-- 1 root root 769 Nov 3 18:24 dhparams.pem +-r-------- 1 root root 1704 Nov 3 17:07 key.pem +``` + +If `dhparams.pem` is missing, you can generate it with + +```bash +openssl dhparam -out data/assets/ssl/dhparams.pem 4096 +``` [^1]: [netcat](https://linux.die.net/man/1/nc), [nmap](https://linux.die.net/man/1/nmap), [openssl](https://wiki.openssl.org/index.php/Manual:S_client(1)), [telnet](https://linux.die.net/man/1/telnet), etc. From 0af6046cb7fd52bee4e229b955ff94bd389c402f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Kov=C3=A1cs?= Date: Mon, 9 Nov 2020 15:55:17 +0100 Subject: [PATCH 2/7] remove ambiguity --- docs/debug-common_problems.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/debug-common_problems.md b/docs/debug-common_problems.md index fca48842e..2c2ba1245 100644 --- a/docs/debug-common_problems.md +++ b/docs/debug-common_problems.md @@ -74,13 +74,12 @@ Docker containers use the Docker hosts inotify limits. Setting them on your Dock ## Dovecot keeps restarting (see [#2672](https://github.com/mailcow/mailcow-dockerized/issues/2672)) -Check that you have the following files in `data/assets/ssl`: - +Check that you have at least the following files in `data/assets/ssl`: ``` --r--r--r-- 1 root root 3554 Nov 3 17:07 cert.pem --rw-r--r-- 1 root root 769 Nov 3 18:24 dhparams.pem --r-------- 1 root root 1704 Nov 3 17:07 key.pem +cert.pem +dhparams.pem +key.pem ``` If `dhparams.pem` is missing, you can generate it with From 430b09144d46f5b07defe39f355496f04f6c1ee2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Kov=C3=A1cs?= Date: Tue, 10 Nov 2020 11:40:00 +0100 Subject: [PATCH 3/7] Roundcube admin login --- docs/third_party-roundcube.md | 59 +++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/docs/third_party-roundcube.md b/docs/third_party-roundcube.md index dd2a99b18..d079db753 100644 --- a/docs/third_party-roundcube.md +++ b/docs/third_party-roundcube.md @@ -152,3 +152,62 @@ $MAILCOW_APPS = array( ); ... ```` + +### Let admins log into Roundcube without password + +First, install plugin [dovecot_impersonate](https://github.com/corbosman/dovecot_impersonate/) and add Roundcube as an app (see above). + +Edit `mailcow.conf` and add the following: + +``` +# Allow admins to log into Roundcube as email user (without any password) +# Roundcube with plugin dovecot_impersonate must be installed first + +ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y +``` + +Edit `docker-compose.override.yml` and crate/extend the section for `php-fpm-mailcow`: + +```yml +version: '2.1' +services: + postfix-mailcow: + environment: + - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} +``` + + +Edit `data/web/js/site/mailbox.js` and the following code after [`if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }`](https://github.com/mailcow/mailcow-dockerized/pull/3849/commits/1c873a83b5e6b1714512b2dc79ff81b26af3ef79#diff-aac7eb6ff52acc8698ff9bcc71c313cbc5bbbe501c3eb1b8bc658ef97fb9d4c1) + +```php +if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) { + item.action += ''; +} +``` + +Edit `data/web/mailbox.php` and add this code to the bottom of the [javascript section](https://github.com/mailcow/mailcow-dockerized/pull/3849/commits/1c873a83b5e6b1714512b2dc79ff81b26af3ef79#diff-312fb7af69e284eca2fd573cdf2e4c3d04b6cd93fc5eb0e4dcdc6c199afd0aba): + +```php + +``` + +Copy the contents of the following files from this [Snippet](https://gitlab.com/-/snippets/2038244): + +* `data/web/inc/lib/RoundcubeAutoLogin.php` +* `data/web/rc-auth.php` + +Finally, restart mailcow + +``` +docker-compose down +docker-compose up -d +``` From 6a3cb95c68564fc0a89e962e229a815607729add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Kov=C3=A1cs?= Date: Tue, 10 Nov 2020 11:46:02 +0100 Subject: [PATCH 4/7] fix container name --- docs/third_party-roundcube.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/third_party-roundcube.md b/docs/third_party-roundcube.md index d079db753..e97996890 100644 --- a/docs/third_party-roundcube.md +++ b/docs/third_party-roundcube.md @@ -171,7 +171,7 @@ Edit `docker-compose.override.yml` and crate/extend the section for `php-fpm-mai ```yml version: '2.1' services: - postfix-mailcow: + php-fpm-mailcow: environment: - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} ``` From 845357bbbad8d7fe1afb64248fe90913c05ffcfe Mon Sep 17 00:00:00 2001 From: balping Date: Fri, 21 Jan 2022 18:23:20 +0100 Subject: [PATCH 5/7] update roundcube admin login docs --- docs/third_party-roundcube.md | 83 +++++++++++++++++++++++++---------- 1 file changed, 61 insertions(+), 22 deletions(-) diff --git a/docs/third_party-roundcube.md b/docs/third_party-roundcube.md index e97996890..46d1874b4 100644 --- a/docs/third_party-roundcube.md +++ b/docs/third_party-roundcube.md @@ -1,18 +1,32 @@ -Download Roundcube 1.4.x to the web htdocs directory and extract it (here `rc/`): +## Installing Roundcube + +Download Roundcube 1.5.x to the web htdocs directory and extract it (here `rc/`): ``` # Check for a newer release! cd data/web -wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.4.9/roundcubemail-1.4.9-complete.tar.gz | tar xfvz - +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - + # Change folder name -mv roundcubemail-1.4.9 rc +mv roundcubemail-1.5.2 rc + # Change permissions chown -R root: rc/ + +# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 +sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" rc/program/include/rcmail.php +``` + +If you need spell check features, create a file `data/hooks/phpfpm/aspell.sh` with the following content, then `chmod +x data/hooks/phpfpm/aspell.sh`. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. +``` +#!/bin/bash +apk update +apk add aspell-en # or any other language ``` Create a file `data/web/rc/config/config.inc.php` with the following content. - -**Change the `des_key` parameter to a random value.** It is used to temporarily store your IMAP password. The "db_prefix" is optional but recommended. - + - **Change the `des_key` parameter to a random value.** It is used to temporarily store your IMAP password. + - The `db_prefix` is optional but recommended. + - If you didn't install spell check in the above step, remove `spellcheck_engine` parameter and replace it with `$config['enable_spellcheck'] = false;`. ``` array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) @@ -102,10 +117,10 @@ $config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = % ### Integrate CardDAV addressbooks in Roundcube -Download the latest release of [RCMCardDAV](https://github.com/blind-coder/rcmcarddav/) to the Roundcube plugin directory and extract it (here `rc/plugins`): +Download the latest release of [RCMCardDAV](https://github.com/mstilkerich/rcmcarddav) to the Roundcube plugin directory and extract it (here `rc/plugins`): ``` cd data/web/rc/plugins -wget -O - https://github.com/blind-coder/rcmcarddav/releases/download/v3.0.3/carddav-3.0.3.tar.bz2 | tar xfvj - +wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.1.2/carddav-v4.1.2.tar.gz | tar xfvz - chown -R root: carddav/ ``` @@ -153,6 +168,33 @@ $MAILCOW_APPS = array( ... ```` +## Upgrading Roundcube + +Upgrading Roundcube is rather simple, go to the [Github releases](https://github.com/roundcube/roundcubemail/releases) page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed. + + +``` +# Enter a bash session of the mailcow PHP container +docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash + +# Install required upgrade dependency, then upgrade Roundcube to wanted release +apk add rsync +cd /tmp +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - +cd roundcubemail-1.5.2 +bin/installto.sh /web/rc + +# Type 'Y' and press enter to upgrade your install of Roundcube + +# Remove leftover files +cd /tmp +rm -rf roundcube* + +# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 +sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php +``` + + ### Let admins log into Roundcube without password First, install plugin [dovecot_impersonate](https://github.com/corbosman/dovecot_impersonate/) and add Roundcube as an app (see above). @@ -177,27 +219,24 @@ services: ``` -Edit `data/web/js/site/mailbox.js` and the following code after [`if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }`](https://github.com/mailcow/mailcow-dockerized/pull/3849/commits/1c873a83b5e6b1714512b2dc79ff81b26af3ef79#diff-aac7eb6ff52acc8698ff9bcc71c313cbc5bbbe501c3eb1b8bc658ef97fb9d4c1) +Edit `data/web/js/site/mailbox.js` and the following code after [`if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }`](https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/js/site/mailbox.js#L485-L487) -```php +```js if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) { - item.action += ''; + item.action += ''; } ``` -Edit `data/web/mailbox.php` and add this code to the bottom of the [javascript section](https://github.com/mailcow/mailcow-dockerized/pull/3849/commits/1c873a83b5e6b1714512b2dc79ff81b26af3ef79#diff-312fb7af69e284eca2fd573cdf2e4c3d04b6cd93fc5eb0e4dcdc6c199afd0aba): +Edit `data/web/mailbox.php` and add this line to array [`$template_data`](https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/mailbox.php#L33-L43): ```php - + 'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false', +``` + +Edit `data/web/templates/mailbox.twig` and add this code to the bottom of the [javascript section](https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/templates/mailbox.twig#L49-L57): + +```js + var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }}; ``` Copy the contents of the following files from this [Snippet](https://gitlab.com/-/snippets/2038244): From 26fd0d302a4b97e8edd8579badef62da2c8ad59a Mon Sep 17 00:00:00 2001 From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com> Date: Fri, 21 Jan 2022 20:44:23 +0100 Subject: [PATCH 6/7] Change heading size To better separate the subitems --- docs/third_party-roundcube.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/third_party-roundcube.md b/docs/third_party-roundcube.md index 5cd47f087..cbea45aca 100644 --- a/docs/third_party-roundcube.md +++ b/docs/third_party-roundcube.md @@ -67,7 +67,7 @@ Initialize the database and leave the installer. **Delete the directory `data/web/rc/installer` after a successful installation!** -### Configure ManageSieve filtering +## Configure ManageSieve filtering Open `data/web/rc/plugins/managesieve/config.inc.php` and change the following parameters (or add them at the bottom of that file): ``` @@ -83,7 +83,7 @@ $config['managesieve_conn_options'] = array( $config['managesieve_vacation'] = 1; ``` -### Enable change password function in Roundcube +## Enable change password function in Roundcube Open `data/web/rc/config/config.inc.php` and enable the password plugin: @@ -115,7 +115,7 @@ $config['password_algorithm_prefix'] = '{SSHA256}'; $config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u"; ``` -### Integrate CardDAV addressbooks in Roundcube +## Integrate CardDAV addressbooks in Roundcube Download the latest release of [RCMCardDAV](https://github.com/mstilkerich/rcmcarddav) to the Roundcube plugin directory and extract it (here `rc/plugins`): ``` @@ -194,7 +194,7 @@ rm -rf roundcube* sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php ``` -### Let admins log into Roundcube without password +## Let admins log into Roundcube without password First, install plugin [dovecot_impersonate](https://github.com/corbosman/dovecot_impersonate/) and add Roundcube as an app (see above). From e885dbd66cafc4a472b3957b0ce336ad54c1b736 Mon Sep 17 00:00:00 2001 From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com> Date: Fri, 21 Jan 2022 20:47:43 +0100 Subject: [PATCH 7/7] Changed rcmcarddav link --- docs/third_party-roundcube.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/third_party-roundcube.md b/docs/third_party-roundcube.md index cbea45aca..80a7c7dad 100644 --- a/docs/third_party-roundcube.md +++ b/docs/third_party-roundcube.md @@ -120,7 +120,7 @@ $config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = % Download the latest release of [RCMCardDAV](https://github.com/mstilkerich/rcmcarddav) to the Roundcube plugin directory and extract it (here `rc/plugins`): ``` cd data/web/rc/plugins -wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.1.2/carddav-v4.1.2.tar.gz | tar xfvz - +wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.3.0/carddav-v4.3.0.tar.gz | tar xfvz - chown -R root: carddav/ ```