From c4f7e8cc79d9b13e5e60dbb87b23056a4f422296 Mon Sep 17 00:00:00 2001 From: milkmaker Date: Sat, 1 Jul 2023 19:22:59 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20@=20mailcow/?= =?UTF-8?q?mailcow-dockerized-docs@1a10dd53c8d4c24f9485126b76467ca05d892b5?= =?UTF-8?q?f=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../third_party-roundcube/index.html | 1105 ++++++++++++++--- .../third_party-roundcube/index.html | 1079 +++++++++++++--- search/search_index.json | 2 +- sitemap.xml.gz | Bin 2312 -> 2312 bytes .../third_party-roundcube/index.html | 1079 +++++++++++++--- 5 files changed, 2737 insertions(+), 528 deletions(-) diff --git a/de/third_party/roundcube/third_party-roundcube/index.html b/de/third_party/roundcube/third_party-roundcube/index.html index 76ae6219d..b023c23b3 100644 --- a/de/third_party/roundcube/third_party-roundcube/index.html +++ b/de/third_party/roundcube/third_party-roundcube/index.html @@ -2546,25 +2546,149 @@ Installation von Roundcube + +
  • - - Konfigurieren Sie die ManageSieve-Filterung + + Optionale Zusatz-Funktionalitäten
  • - - Aktivieren Sie die Funktion "Passwort ändern" in Roundcube + + Aktivieren der Funktion "Passwort ändern" in Roundcube
  • - CardDAV Adressbücher in Roundcube einbinden + CardDAV-Adressbücher in Roundcube einbinden + + + + +
    • + +
  • + + Abschluss der Installation
    • @@ -2574,13 +2698,129 @@ Aktualisierung von Roundcube + +
  • - - Administratoren ohne Passwort in Roundcube einloggen lassen + + Deinstallation von Roundcube + + +
    • + +
  • + + Migration von einer älteren mailcow-Roundcube-Installation + + + +
    • @@ -2627,25 +2867,149 @@ Installation von Roundcube + +
  • - - Konfigurieren Sie die ManageSieve-Filterung + + Optionale Zusatz-Funktionalitäten
  • - - Aktivieren Sie die Funktion "Passwort ändern" in Roundcube + + Aktivieren der Funktion "Passwort ändern" in Roundcube
  • - CardDAV Adressbücher in Roundcube einbinden + CardDAV-Adressbücher in Roundcube einbinden + + + + +
    • + +
  • + + Abschluss der Installation
    • @@ -2655,13 +3019,129 @@ Aktualisierung von Roundcube + +
  • - - Administratoren ohne Passwort in Roundcube einloggen lassen + + Deinstallation von Roundcube + + +
    • + +
  • + + Migration von einer älteren mailcow-Roundcube-Installation + + + +
    • @@ -2685,169 +3165,286 @@

    Roundcube

    Installation von Roundcube

    -

    Laden Sie Roundcube 1.6.x in das Web htdocs Verzeichnis herunter und entpacken Sie es (hier rc/): -

    # Prüfen Sie, ob eine neuere Version vorliegt!
-cd data/web
-wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
-
-# Ändern Sie den Ordnernamen
-mv roundcubemail-1.6.1 rc
-
-# Berechtigungen ändern
-chown -R root: rc/
-

    -

    Wenn Sie eine Rechtschreibprüfung benötigen, erstellen Sie eine Datei data/hooks/phpfpm/aspell.sh mit folgendem Inhalt und geben Sie dann chmod +x data/hooks/phpfpm/aspell.sh ein. Dadurch wird eine lokale Rechtschreibprüfung installiert. Beachten Sie, dass die meisten modernen Webbrowser eine eingebaute Rechtschreibprüfung haben, so dass Sie diese vielleicht nicht benötigen. +

    Sofern nicht abweichend angegeben wird für alle aufgeführten Kommandos angenommen, dass diese im mailcow +Installationsverzeichnis ausgeführt werden, d. h. dem Verzeichnis, welches mailcow.conf usw. enthält. Bitte führen Sie +die Kommandos nicht blind aus, sondern verstehen Sie was diese bewirken. Keines der Kommandos sollte einen Fehler +ausgeben; sollten Sie dennoch auf einen Fehler stoßen, beheben Sie diesen sofern notwendig bevor Sie mit den +nachfolgenden Kommandos fortfahren.

    +

    Hinweise zur Verwendung von composer

    +

    Diese Anweisungen verwenden das Programm composer zur Aktualisierung der Abhängigkeiten von Roundcube und um +Roundcube-Plugins zu installieren bzw. zu aktualisieren.

    +

    Das roundcube-plugin-installer composer Plugin hat eine Design-Schwäche, +die dazu führen kann, dass composer bei Operationen fehlschlägt, im Rahmen derer Pakete aktualisiert oder deinstalliert +werden.

    +

    Die Fehlermeldung in diesem Falle besagt, dass eine require-Anweisung in autoload_real.php fehlgeschlagen ist, weil +eine Datei nicht gefunden werden konnte. Beispiel:

    +
    In autoload_real.php line 43:
+  require(/web/rc/vendor/composer/../guzzlehttp/promises/src/functions_include.php): Failed to open stream: No such file or directory
+
    +

    Leider treten diese Fehler relativ häufig auf, sie lassen sich jedoch leicht beheben indem der Autoloader aktualisiert +wird und das fehlgeschlagene Kommando im Anschluss erneut ausgeführt wird:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer dump-autoload -o
+# Nun das fehlgeschlagene Kommando erneut ausführen
+
    +

    Vorbereitung

    +

    Zunächst laden wir mailcow.conf um Zugriff auf die mailcow-Einstellungen innerhalb der nachfolgenden Kommandos zu +erhalten.

    +
    source mailcow.conf
+
    +

    Laden Sie Roundcube 1.6.x (prüfen Sie das aktuellste Release und passen Sie die URL entsprechend an) in das web +Verzeichnis herunter und entpacken Sie es (hier rc/):

    +
    mkdir -m 755 data/web/rc
+wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar -xvz --no-same-owner -C data/web/rc --strip-components=1 -f -
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chown www-data:www-data /web/rc/logs /web/rc/temp
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chown root:www-data /web/rc/config
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chmod 750 /web/rc/logs /web/rc/temp /web/rc/config
+
    +

    Optional: Rechtschreibprüfung

    +

    Wenn Sie eine Rechtschreibprüfung benötigen, erstellen Sie eine Datei data/hooks/phpfpm/aspell.sh mit folgendem Inhalt +und geben Sie dann chmod +x data/hooks/phpfpm/aspell.sh ein. Dadurch wird eine lokale Rechtschreibprüfung installiert. +Beachten Sie, dass die meisten modernen Webbrowser eine eingebaute Rechtschreibprüfung haben, so dass Sie diese +vielleicht nicht benötigen.

    #!/bin/bash
 apk update
 apk add aspell-de # oder jede andere Sprache
-

    + +

    Installation des MIME-Typ-Verzeichnisses

    +

    Laden Sie die mime.types Datei herunter, da diese nicht im php-fpm-Container enthalten ist.

    +
    wget -O data/web/rc/config/mime.types http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
+
    +

    Anlegen der Roundcube-Datenbank

    +

    Erstellen Sie eine Datenbank für Roundcube im mailcow mysql Container. Dies erstellt einen neuen roundcube +Datenbank-Benutzer mit einem Zufallspasswort, welches in die Shell ausgegeben wird und in einer Shell-Variable für die +Verwendung durch die nachfolgenden Kommandos gespeichert wird. Beachten Sie, dass Sie die DBROUNDCUBE-Shell-Variable +manuell auf das ausgegebene Passwort setzen müssen, falls sie den Installationsprozess unterbrechen und später in einer +neuen Shell fortsetzen sollten.

    +
    DBROUNDCUBE=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+echo Das Datenbank-Password für den Benutzer roundcube lautet $DBROUNDCUBE
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE roundcubemail CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER 'roundcube'@'%' IDENTIFIED BY '${DBROUNDCUBE}';"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%';"
+
    +

    Roundcube-Konfigurationsdatei

    Erstellen Sie eine Datei data/web/rc/config/config.inc.php mit dem folgenden Inhalt. - - Ändern Sie den Parameter des_key auf einen Zufallswert. Er wird verwendet, um Ihr IMAP-Passwort vorübergehend zu speichern. - - Der db_prefix ist optional, wird aber empfohlen. - - Wenn Sie die Rechtschreibprüfung im obigen Schritt nicht installiert haben, entfernen Sie den Parameter spellcheck_engine und ersetzen ihn durch $config['enable_spellcheck'] = false;. + - Die des_key-Einstellung wird auf einen Zufallswert gesetzt. Sie wird u. a. zur Verschlüsselung vorübergehend + gespeicherter IMAP-Passwörter verwendet. + - Die Liste der Plugins kann nach Belieben angepasst werden. Die folgende Liste enthält eine Liste von + Standard-Plugins, welche ich als allgemein nützlich empfinde und die gut mit mailcow zusammenspielen: + - Das archive-Plugin fügt einen Archiv-Button hinzu, der ausgewählte E-Mails in ein konfigurierbares + Archiv-Verzeichnis verschiebt. + - Das managesieve-Plugin bietet eine benutzerfreundliche Oberfläche zur Verwaltung serverseitiger E-Mail-Filter und + Abwesenheits-Benachrichtigungen. + - Das acl-Plugin ermöglicht die Verwaltung von Zugriffskontroll-Listen auf IMAP-Verzeichnissen, mit der Möglichkeit + IMAP-Verzeichnisse mit anderen Benutzern zu teilen. + - Das markasjunk-Plugin fügt Buttons hinzu, um ausgewählte E-Mails als Spam (oder E-Mails im Junk-Verzeichnis nicht + als Spam) zu markieren und diese in das Junk-Verzeichnis (oder zurück in den Posteingang) zu verschieben. Die in + mailcow enthaltenen Sieve-Filter lösen automatisch die zugehörige Lern-Operation in rspamd aus, so dass keine + weitere Konfiguration des Plugins erforderlich ist. + - Das zipdownload-Plugin erlaubt es, mehrere E-Mail-Anhänge oder E-Mails als ZIP-Archiv herunterzuladen. + - Wenn Sie die Rechtschreibprüfung im obigen Schritt nicht installiert haben, entfernen Sie den Parameter + spellcheck_engine.

    +
    cat <<EOCONFIG >data/web/rc/config/config.inc.php
+<?php
+\$config['db_dsnw'] = 'mysql://roundcube:${DBROUNDCUBE}@mysql/roundcubemail';
+\$config['imap_host'] = 'dovecot:143';
+\$config['smtp_host'] = 'postfix:588';
+\$config['smtp_user'] = '%u';
+\$config['smtp_pass'] = '%p';
+\$config['support_url'] = '';
+\$config['product_name'] = 'Roundcube Webmail';
+\$config['cipher_method'] = 'chacha20-poly1305';
+\$config['des_key'] = '$(LC_ALL=C </dev/urandom tr -dc "A-Za-z0-9 !#$%&()*+,-./:;<=>?@[\\]^_{|}~" 2> /dev/null | head -c 32)';
+\$config['plugins'] = [
+  'archive',
+  'managesieve',
+  'acl',
+  'markasjunk',
+  'zipdownload',
+];
+\$config['spellcheck_engine'] = 'aspell';
+\$config['mime_types'] = '/web/rc/config/mime.types';
+\$config['enable_installer'] = true;
+
+\$config['managesieve_host'] = 'dovecot:4190';
+// Enables separate management interface for vacation responses (out-of-office)
+// 0 - no separate section (default); 1 - add Vacation section; 2 - add Vacation section, but hide Filters section
+\$config['managesieve_vacation'] = 1;
+EOCONFIG
+
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chown root:www-data /web/rc/config/config.inc.php
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chmod 640 /web/rc/config/config.inc.php
+
    +

    Initialisierung der Datenbank

    +

    Richten Sie Ihren Browser auf https://myserver/rc/installer. Prüfen Sie, dass die Webseite in keinem der Schritte "NOT +OK"-Testergebnisse zeigt. Einige "NOT AVAILABLE"-Testergebnisse sind bzgl. der verschiedenen Datenbank-Erweiterungen +erwartet, von denen nur MySQL benötigt wird.

    +

    Initialisieren Sie die Datenbank und verlassen Sie das Installationsprogramm. Es ist nicht notwendig, die +Konfigurationsdatei mit der heruntergeladenen Datei zu aktualisieren, sofern Sie keine Änderungen an den Einstellungen +innerhalb des Installationsprogramms durchgeführt habe, die Sie übernehmen möchten.

    +

    Webserver-Konfiguration

    +

    Das Roundcube-Verzeichnis enthält einige Inhalte, die nicht an Web-Nutzer ausgeliefert werden sollen. Wir erstellen +daher eine Konfigurations-Ergänzung für nginx, um nur die öffentlichen Teile von Roundcube im Web zu exponieren:

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location /rc/ {
+  alias /web/rc/public_html/;
+}
+EOCONFIG
+
    +

    Deaktivieren und entfernen des Installationsprogramms

    +

    Löschen Sie das Verzeichnis data/web/rc/installer nach einer erfolgreichen Installation, und setzen Sie die +enable_installer-Option in data/web/rc/config/config.inc.php auf false:

    +
    rm -r data/web/rc/installer
+sed -i -e "s/\(\$config\['enable_installer'\].* = \)true/\1false/" data/web/rc/config/config.inc.php
+
    +

    Aktualisierung der Roundcube-Abhängigkeiten

    +

    Dieser Schritt ist nicht unbedingt notwendig, aber zumindest zum Zeitpunkt der Erstellung dieser Anweisungen enthielten +die mit Roundcube ausgelieferten Abhängigkeiten Versionen mit Sicherheitslücken, daher könnte es eine gute Idee sein, +die Abhängigkeiten auf die neusten Versionen zu aktualisieren. Aus demselben Grund sollte composer update hin und wieder +ausgeführt werden.

    +
    cp -n data/web/rc/composer.json-dist data/web/rc/composer.json
+docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer update --no-dev -o
+
    +

    Sie können außerdem composer audit verwenden, um bekannte Sicherheitslücken in den installierten composer-Paketen +anzuzeigen.

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer audit
+
    +

    Ermöglichen der Klartext-Authentifizierung für den php-fpm-Container ohne die Verwendung von TLS

    +

    Wir müssen die Verwendung von Klartext-Authentifizierung über nicht verschlüsselte Verbindungen (innerhalb der +Container-Netzwerks) in Dovecot zulassen, was in der Standard-Installation von mailcow nur für den SOGo-Container +zum gleichen Zweck möglich ist. Danach starten Sie den Dovecot-Container neu, damit die Änderung wirksam wird.

    +
    cat  <<EOCONFIG >>data/conf/dovecot/extra.conf
+remote ${IPV4_NETWORK}.0/24 {
+  disable_plaintext_auth = no
+}
+remote ${IPV6_NETWORK} {
+  disable_plaintext_auth = no
+}
+EOCONFIG
+
+docker compose restart dovecot-mailcow
+
    +

    Ofelia-Job für Roundcube-Aufräumtätigkeiten

    +

    Roundcube muss regelmässig die Datenbank von nicht mehr benötigter Information befreien. Wir legen einen Ofelia-Job an, +der das Roundcube cleandb.sh-Skript regelmässig ausführt.

    +

    Um dies zu tun, fügen Sie folgendes zu docker-compose.override.yml hinzu (falls Sie bereits einige Anpassungen für den +php-fpm-Container durchgeführt haben, fügen Sie die Label dem bestehenden Abschnitt hinzu):

    +
    version: '2.1'
+services:
+  php-fpm-mailcow:
+    labels:
+      ofelia.enabled: "true"
+      ofelia.job-exec.roundcube_cleandb.schedule: "@every 168h"
+      ofelia.job-exec.roundcube_cleandb.user: "www-data"
+      ofelia.job-exec.roundcube_cleandb.command: "/bin/bash -c \"[ -f /web/rc/bin/cleandb.sh ] && /web/rc/bin/cleandb.sh\""
+
    +

    Optionale Zusatz-Funktionalitäten

    +

    Aktivieren der Funktion "Passwort ändern" in Roundcube

    +

    Das Ändern des mailcow Passworts aus der Roundcube-Benutzeroberfläche wird durch das password-Plugin ermöglicht. Wir +konfigurieren dieses zur Verwendung der mailcow-API zur Passwort-Aktualisierung, was es zunächst erfordert, die API zu +aktivieren und den API-Schlüssel zu ermitteln (Lese-/Schreib-Zugriff notwendig). Die API kann in der +mailcow-Administrationsoberfläche aktiviert werden, wo Sie auch den API-Schlüssel finden.

    +

    Öffnen Sie data/web/rc/config/config.inc.php und aktivieren Sie das Passwort-Plugin, indem Sie es dem +$config['plugins']-Array hinzufügen, zum Beispiel:

    +
    $config['plugins'] = array(
+  'archive',
+  'managesieve',
+  'acl',
+  'markasjunk',
+  'zipdownload',
+  'password',
+);
+
    +

    Konfigurieren Sie das password-Plugin (stellen Sie sicher, **API_KEY** auf Ihren mailcow Lese-/Schreib-API-Schlüssel +anzupassen):

    +
    cat <<EOCONFIG >data/web/rc/plugins/password/config.inc.php
+<?php
+\$config['password_driver'] = 'mailcow';
+\$config['password_confirm_current'] = true;
+\$config['password_mailcow_api_host'] = 'http://nginx';
+\$config['password_mailcow_api_token'] = '**API_KEY**';
+EOCONFIG
+
    +

    Hinweis: Sollten Sie die mailcow nginx-Konfiguration so angepasst haben, dass http-Anfragen auf https umgeleitet werden +(wie z. B. hier beschrieben), dann wird die direkte +Verbindung zum nginx-Container via HTTP nicht funktionieren, da nginx kein im Zertifikat enthaltener Hostname ist. In +solchen Fällen setzen Sie password_mailcow_api_host stattdessen auf die öffentliche URI:

    +
    cat <<EOCONFIG >data/web/rc/plugins/password/config.inc.php
+<?php
+\$config['password_driver'] = 'mailcow';
+\$config['password_confirm_current'] = true;
+\$config['password_mailcow_api_host'] = 'https://${MAILCOW_HOSTNAME}';
+\$config['password_mailcow_api_token'] = '**API_KEY**';
+EOCONFIG
+
    +

    CardDAV-Adressbücher in Roundcube einbinden

    +

    Installieren Sie die neuste v5-Version (die untenstehende Konfiguration ist kompatibel zu v5-Releases) mit composer. +Antworten Sie Y, wenn Sie gefragt werden, ob Sie das Plugin aktivieren möchten.

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer require --update-no-dev -o "roundcube/carddav:~5"
+
    +

    Editieren Sie die Datei data/web/rc/plugins/carddav/config.inc.php und fügen Sie folgenden Inhalt hinzu:

    +
    cat <<EOCONFIG >data/web/rc/plugins/carddav/config.inc.php
+<?php
+\$prefs['_GLOBAL']['pwstore_scheme'] = 'des_key';
+
+\$prefs['SOGo'] = [
+    'accountname'    => 'SOGo',
+    'username'       => '%u',
+    'password'       => '%p',
+    'discovery_url'  => 'http://sogo:20000/SOGo/dav/',
+    'name'           => '%N',
+    'use_categories' => true,
+    'fixed'          => ['username', 'password'],
+];
+EOCONFIG
+
    +

    RCMCardDAV legt alle Adressbücher des Benutzers beim Login in Roundcube an, einschließlich abonnierten Adressbüchern +die mit dem Benutzers von anderen Benutzern geteilt werden.

    +

    Wenn Sie das Standard-Adressbuch (gespeichert in der Roundcube-Datenbank) entfernen möchten, so dass nur +CardDAV-Adressbücher verwendet werden können, fügen Sie der Konfigurationsdatei data/web/rc/config/config.inc.php die +Option $config['address_book_type'] = ''; hinzu.

    +

    Hinweis: RCMCardDAV verwendet zusätzliche Datenbank-Tabellen. Nach der Installation (oder Aktualisierung) von RCMCardDAV +ist es notwendig, sich in Roundcube neu anzumelden (melden Sie sich vorher ab, wenn Sie bereits eingeloggt sind), da die +Erzeugung der Datenbank-Tabellen bzw. Änderungen nur bei der Anmeldung in Roundcube durchgeführt werden.

    +

    Übermittlung der Client-Netzwerkadresse an Dovecot

    +

    Normalerweise sieht der IMAP-Server Dovecot die Netzwerkadresse des php-fpm-Containers wenn Roundcube zu diesem +Verbindungen aufbaut. Durch Verwendung einer IMAP-Erweiterung und dem roundcube-dovecot_client_ip Roundcube-Plugin ist +es möglich, dass Roundcube Dovecot die Client-Netzwerkadresse übermittelt, so dass in den Log-Dateien die +Client-Netzwerkadresse erscheint. Dies führt dazu, dass Login-Versuche an Roundcube in den Dovecot-Logs genauso wie +direkte Client-Verbindungen zu Dovecot aufgezeichnet werden, und fehlgeschlagene Login-Versuche an Roundcube +analog zu fehlgeschlagenen direkten IMAP-Logins durch den netfilter-Container oder andere ggf. verfügbare Mechanismen +zur Behandlung von Bruteforce-Attacken auf den IMAP-Server aufgegriffen werden und z. B. zu einer Blockierung des +Clients führen.

    +

    Hierzu muss das Roundcube-Plugin installiert werden:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer require --update-no-dev -o "takerukoushirou/roundcube-dovecot_client_ip:~1"
+
    +

    Weiterhin müssen wir Dovecot konfigurieren, so dass der php-fpm-Container als Teil eines vertrauenswürdigen Netzwerks +betrachtet wird und somit die Client-Netzwerkadresse innerhalb einer IMAP-Sitzung überschreiben darf. Beachten Sie, dass +dies auch die Klartext-Authentifizierung für die aufgeführten Netzwerkbereiche erlaubt, so dass das explizite +Überschreiben von disable_plaintext_auth weiter oben in diesem Fall nicht notwendig ist.

    +
    cat  <<EOCONFIG >>data/conf/dovecot/extra.conf
+login_trusted_networks = ${IPV4_NETWORK}.0/24 ${IPV6_NETWORK}
+EOCONFIG
+
+docker compose restart dovecot-mailcow
+
    +

    Roundcube zur mailcow Apps-Liste hinzufügen

    +

    Optional können Sie Roundcubes Link zu der mailcow Apps Liste hinzufügen. +Um dies zu tun, öffnen oder erstellen Sie data/web/inc/vars.local.inc.php und stellen Sie sicher, dass es den +folgenden Konfigurationsblock beinhaltet:

    <?php
-error_reporting(0);
-if (!file_exists('/tmp/mime.types')) {
-file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
-}
-$config = array();
-$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
-$config['imap_host'] = 'tls://dovecot:143';
-$config['smtp_host'] = 'tls://postfix:587';
-$config['smtp_user'] = '%u';
-$config['smtp_pass'] = '%p';
-$config['support_url'] = '';
-$config['product_name'] = 'Roundcube Webmail';
-$config['des_key'] = 'yourrandomstring_changeme';
-$config['log_dir'] = '/dev/null';
-$config['temp_dir'] = '/tmp';
-$config['plugins'] = array(
-  'archive',
-  'managesieve'
-);
-$config['spellcheck_engine'] = 'aspell';
-$config['mime_types'] = '/tmp/mime.types';
-$config['imap_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-$config['enable_installer'] = true;
-$config['smtp_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-$config['db_prefix'] = 'mailcow_rc1';
-

    -

    Richten Sie Ihren Browser auf https://myserver/rc/installer und folgen Sie den Anweisungen. -Initialisiere die Datenbank und verlasse das Installationsprogramm.

    -

    Löschen Sie das Verzeichnis data/web/rc/installer nach einer erfolgreichen Installation!

    -

    Konfigurieren Sie die ManageSieve-Filterung

    -

    Öffnen Sie data/web/rc/config/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu): -

    $config['managesieve_host'] = 'tls://dovecot:4190';
-$config['managesieve_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-// Aktiviert separate Verwaltungsschnittstelle für Urlaubsantworten (außer Haus)
-// 0 - kein separater Abschnitt (Standard),
-// 1 - Abschnitt "Urlaub" hinzufügen,
-// 2 - Abschnitt "Urlaub" hinzufügen, aber Abschnitt "Filter" ausblenden
-$config['managesieve_vacation'] = 1;
-

    -

    Aktivieren Sie die Funktion "Passwort ändern" in Roundcube

    -

    Öffnen Sie data/web/rc/config/config.inc.php und aktivieren Sie das Passwort-Plugin:

    -
    [...]
-$config['plugins'] = array(
-    'archive',
-    'password',
-);
-[...]
-
    -

    Öffnen Sie data/web/rc/plugins/password/password.php, suchen Sie nach case 'ssha': und fügen Sie oben hinzu:

    -
            case 'ssha256':
-            $salt = rcube_utils::random_bytes(8);
-            $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
-            $prefix  = '{SSHA256}';
-            break;
-
    -

    Öffnen Sie data/web/rc/plugins/password/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu):

    -
    $config['password_driver'] = 'sql';
-$config['password_algorithm'] = 'ssha256';
-$config['password_algorithm_prefix'] = '{SSHA256}';
-$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
-
    -

    CardDAV Adressbücher in Roundcube einbinden

    -

    Laden Sie die neueste Version von RCMCardDAV in das Roundcube Plugin Verzeichnis und entpacken Sie es (hier rc/plugins): -

    cd data/web/rc/plugins
-wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz | tar xfvz -
-chown -R root: carddav/
-

    -

    Kopieren Sie die Datei config.inc.php.dist nach config.inc.php (hier in rc/plugins/carddav) und fügen Sie die folgende Voreinstellung an das Ende der Datei an - vergessen Sie nicht, mx.example.org durch Ihren eigenen Hostnamen zu ersetzen: -

    $prefs['SOGo'] = array(
-    'name'         =>  'SOGo',
-    'username'     =>  '%u',
-    'password'     =>  '%p',
-    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
-    'carddav_name_only' => true,
-    'use_categories' => true,
-    'active'       =>  true,
-    'readonly'     =>  false,
-    'refresh_time' => '02:00:00',
-    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
-    'hide'        =>  false,
-);
-
    -Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (dasjenige, das den Namen "Persönliches Adressbuch" trägt und nicht gelöscht werden kann). Weitere Adressbücher werden derzeit nicht automatisch erkannt, können aber manuell in den Roundcube-Einstellungen hinzugefügt werden.

    -

    Aktivieren Sie das Plugin, indem Sie carddav zu $config['plugins'] in rc/config/config.inc.php hinzufügen.

    -

    Wenn Sie die Standard-Adressbücher (die in der Roundcube-Datenbank gespeichert sind) entfernen möchten, so dass nur die CardDAV-Adressbücher zugänglich sind, fügen Sie $config['address_book_type'] = ''; in die Konfigurationsdatei data/web/rc/config/config.inc.php ein.

    -
    -

    Optional können Sie Roundcube's Link zu der mailcow Apps Liste hinzufügen. -Um dies zu tun, öffnen oder erstellen Sie data/web/inc/vars.local.inc.php und fügen Sie den folgenden Code-Block hinzu:

    -

    HINWEIS: Vergessen Sie nicht, das <?php Trennzeichen in der ersten Zeile einzufügen

    -
    ...
-$MAILCOW_APPS = array(
-  array(
-    'name' => 'SOGo',
-    'link' => '/SOGo/'
-  ),
-  array(
-    'name' => 'Roundcube',
-    'link' => '/rc/'
-   )
-);
-...
-
    -

    Aktualisierung von Roundcube

    -

    Ein Upgrade von Roundcube ist recht einfach: Gehen Sie auf die Github releases Seite für Roundcube und holen Sie sich den Link für die "complete.tar.gz" Datei für die gewünschte Version. Dann folgen Sie den untenstehenden Befehlen und ändern Sie die URL und den Namen des Roundcube-Ordners, falls nötig.

    -
    # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers
-docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
 
-# Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version
-apk add rsync
-cd /tmp
-wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
-cd roundcubemail-1.6.1
-bin/installto.sh /web/rc
-
-# Geben Sie 'Y' ein und drücken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren.
-# Geben Sie 'N' ein, wenn folgender Dialog erscheint: "Do you want me to fix your local configuration".
-
-# Sollte im Output eine Notice kommen "NOTICE: Update dependencies by running php composer.phar update --no-dev"  sollte an kurzerhand composer.phar downloaden und die updates durchführen:
-cd /web/rc
-wget https://getcomposer.org/download/2.4.2/composer.phar
-php composer.phar update --no-dev
-# Auf die Frage "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " bitte mit y antworten.
-
-# Entfernen Sie übrig gebliebene Dateien
-cd /tmp
-rm -rf roundcube*
-
-# Falls Sie von Version 1.5 auf 1.6 updaten, dann führen Sie folgende Befehle aus, um die Konfigurationsdatei anzupassen:`
-sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'tls:\/\/dovecot:143'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
-sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'tls:\/\/postfix:587'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
-sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'tls:\/\/dovecot:4190'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
+$MAILCOW_APPS = [
+    [
+        'name' => 'SOGo',
+        'link' => '/SOGo/'
+    ],
+    [
+        'name' => 'Roundcube',
+        'link' => '/rc/'
+    ]
+];
    -

    Administratoren ohne Passwort in Roundcube einloggen lassen

    +

    Administratoren ohne Passwort in Roundcube einloggen lassen

    Installieren Sie zunächst das Plugin dovecot_impersonate und fügen Sie Roundcube als App hinzu (siehe oben).

    Editieren Sie mailcow.conf und fügen Sie folgendes hinzu:

    # Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort)
@@ -2870,7 +3467,7 @@ services:
 
    Bearbeiten Sie data/web/mailbox.php und fügen Sie diese Zeile zum Array $template_data hinzu:
    
 
      'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
 
    
-
    Bearbeiten Sie data/web/templates/mailbox.twig und fügen Sie diesen Code am Ende des javascript-Abschnitts ein:
    
+
    Bearbeiten Sie data/web/templates/mailbox.twig und fügen Sie diesen Code am Ende des Javascript-Abschnitts ein:
    
 
      var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
 
    
 
    Kopieren Sie den Inhalt der folgenden Dateien aus diesem Snippet:
    
@@ -2878,6 +3475,7 @@ services:
 
  • data/web/inc/lib/RoundcubeAutoLogin.php
    • 
 
  • data/web/rc-auth.php
    • 
 
+
    Abschluss der Installation
    
 
    Starten Sie schließlich mailcow neu
    
 
    
 
    
@@ -2887,19 +3485,180 @@ docker compose up
    -
    docker-compose down    
+
    docker-compose down
 docker-compose up -d
    +

    Aktualisierung von Roundcube

    +

    Ein Upgrade von Roundcube ist recht einfach: Gehen Sie auf die +GitHub releases Seite für Roundcube und holen Sie sich den Link +für die "complete.tar.gz" Datei für die gewünschte Version. Dann folgen Sie den untenstehenden Befehlen und ändern Sie +die URL und den Namen des Roundcube-Ordners, falls nötig.

    +
    # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers
+docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
+
+# Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version
+apk add rsync
+cd /tmp
+wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
+cd roundcubemail-1.6.1
+bin/installto.sh /web/rc
+
+# Geben Sie 'Y' ein und drücken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren.
+# Geben Sie 'N' ein, wenn folgender Dialog erscheint: "Do you want me to fix your local configuration".
+
+# Sollte im Output eine Notice kommen "NOTICE: Update dependencies by running php composer.phar update --no-dev" führen
+Sie composer aus:
+cd /web/rc
+composer update --no-dev -o
+# Auf die Frage "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " bitte mit y antworten.
+
+# Entfernen Sie übrig gebliebene Dateien
+rm -rf /tmp/roundcube*
+
+# Falls Sie von Version 1.5 auf 1.6 updaten, dann führen Sie folgende Befehle aus, um die Konfigurationsdatei anzupassen:`
+sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'dovecot:143'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
+sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'postfix:588'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
+sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'dovecot:4190'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
+
    +

    Aktualisierung von composer-Plugins

    +

    Um Roundcube-Plugins und -Abhängigkeiten zu aktualisieren, die mit composer installiert wurden (z. B. +RCMCardDAV-Plugin), führen Sie einfach composer im Container aus:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer update --no-dev -o
+
    +

    Aktualisierung des MIME-Typ-Verzeichnisses

    +

    Um das MIME-Typ-Verzeichnis zu aktualisieren, laden Sie dieses erneut mit dem Kommando aus den +Installations-Anweisungen herunter.

    +

    Deinstallation von Roundcube

    +

    Für die Deinstallation wird ebenfalls angenommen, dass die Kommandos im mailcow-Installationsverzeichnis ausgeführt +werden und dass mailcow.conf in die Shell geladen wurde, siehe Abschnitt Vorbereitung oben.

    +

    Entfernen des Web-Verzeichnisses

    +

    Dies entfernt die Roundcube-Installation mit allen Plugins und Abhängigkeiten die Sie ggf. installiert haben, +einschließlich solcher, die mit composer installiert wurden.

    +

    Hinweis: Dies entfernt auch alle angepassten Konfigurationen die Sie ggf. in Roundcube durchgeführt haben. Sollten Sie +diese erhalten wollen, verschieben Sie das Verzeichnis an einen anderen Ort statt es zu entfernen.

    +
    rm -r data/web/rc
+
    +

    Entfernen der Datenbank

    +

    Hinweis: Dies löscht alle Daten, die Roundcube abgespeichert hat. Wenn Sie diese erhalten möchten, können Sie +mysqldump ausführen, bevor Sie die Datenbank löschen, oder die Datenbank einfach nicht löschen.

    +
    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'roundcube'@'%';"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE roundcubemail;"
+
    +

    Entfernen der Konfigurationsanpassungen für mailcow

    +

    Um die Dateien zu ermitteln, lesen Sie bitte die Installationsanweisungen und machen Sie die Schritte, die Sie dort +zuvor durchgeführt haben, rückgängig.

    +

    Migration von einer älteren mailcow-Roundcube-Installation

    +

    Ältere Versionen dieser Anleitung verwendeten die mailcow-Datenbank auch für Roundcube, mit einem konfigurierten Präfix +mailcow_rc1 für alle Roundcube-Tabellen.

    +

    Zur Migration wird ebenfalls angenommen, dass alle Kommandos im mailcow-Installationsverzeichnis ausgeführt werden und +mailcow.conf in die Shell geladen wurde, siehe Vorbereitung oben. Dies Kommandos der verschiedenen +Schritte bauen aufeinander auf und müssen innerhalb derselben Shell ausgeführt werden. Insbesondere setzen einige +Schritte Shell-Variablen (besonders die DBROUNDCUBE-Variable mit dem Datenbank-Passwort für den +roundcube-Datenbankbenutzer), die in späteren Schritten verwendet werden.

    +

    Anlegen eines neuen roundcube-Datenbankbenutzers und der Datenbank

    +

    Folgen Sie den Anweisungen oben um den roundcube-Datenbankbenutzer und die getrennte +Datenbank anzulegen.

    +

    Migration der Roundcube-Daten aus der mailcow-Datenbank

    +

    Bevor wir mit der Migration starten, deaktivieren wir Roundcube, um weitere Änderungen an dessen Datenbank-Tabellen zu +vermeiden.

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location ^~ /rc/ {
+  return 503;
+}
+EOCONFIG
+docker compose exec nginx-mailcow nginx -s reload
+
    +

    Nun kopieren wir die Roundcube-Daten in die neue Datenbank. Wir entfernen das Datenbank-Tabellen-Präfix in diesem +Schritt, welches Sie ggf. anpassen müssen, wenn Sie ein anderes Präfix als mailcow_rc1 verwendet haben. Es ist auch +möglich, das Präfix beizubehalten (in diesem Fall behalten Sie auch die zugehörige Roundcube-Einstellung db_prefix +bei).

    +
    RCTABLES=$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -sN mailcow -e "show tables like 'mailcow_rc1%';" | tr '\n\r' ' ')
+docker exec $(docker ps -f name=mysql-mailcow -q) /bin/bash -c "mysqldump -uroot -p${DBROOT} mailcow $RCTABLES | sed 's/mailcow_rc1//' | mysql -uroot -p${DBROOT} roundcubemail"
+
    +

    Aktualisierung der Roundcube-Konfiguration

    +

    Führen Sie folgende Kommandos aus, um die nicht mehr notwendige db_prefix Option zu entfernen. Wir aktivieren außerdem +das Logging in Roundcube, indem wir die Einstellungen log_dir und temp_dir entfernen, welche Teil der alten +Anweisungen waren.

    +
    sed -i "/\$config\['db_prefix'\].*$/d" data/web/rc/config/config.inc.php
+sed -i "/\$config\['log_dir'\].*$/d" data/web/rc/config/config.inc.php
+sed -i "/\$config\['temp_dir'\].*$/d" data/web/rc/config/config.inc.php
+
    +

    Wir müssen die nginx-Konfiguration anpassen, so dass nicht-öffentliche Verzeichnisse von Roundcube nicht exponiert +werden, insbesondere die Verzeichnisse, welche Log-Dateien und temporäre Dateien enthalten:

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location /rc/ {
+  alias /web/rc/public_html/;
+}
+EOCONFIG
+
    +

    Wir können auch die cipher_method-Einstellung auf eine sicherere Einstellung ändern, aber beachten Sie, dass mit der +alten Methode verschlüsselte Daten danach nicht mehr entschlüsselt werden können. Dies betrifft insbesondere +CardDAV-Passwörter, sofern Sie RCMCardDAV verwenden und Ihre Nutzer benutzerdefinierte Adressbücher hinzugefügt haben +(die Admin-Voreinstellungen für die SOGo-Adressbücher werden automatisch beim nächsten Login für den jeweiligen Nutzer +korrigiert). Wenn Sie die cipher_method ändern wollen, führen Sie folgendes Kommando aus:

    +
    cat <<EOCONFIG >>data/web/rc/config/config.inc.php
+\$config['cipher_method'] = 'chacha20-poly1305';
+EOCONFIG
+
    +

    Umstellung des RCMCardDAV-Plugins auf die Installation mittels composer

    +

    Dieser Schritt ist optional, aber er gleicht Ihre Installation an die aktuelle Fassung der Anweisungen an und ermöglicht +die Aktualisierung von RCMCardDAV mittels composer. Dies wird einfach dadurch erreicht, dass das carddav-Plugin aus dem +Installationsverzeichnis gelöscht und entsprechend der Anweisungen oben +installiert wird, einschließlich der Erstellung einer neuen RCMCardDAV v5-Konfiguration. Falls Sie das RCMCardDAV +angepasst haben, sollten Sie dieses sichern, bevor Sie das Plugin löschen, und Ihre Anpassungen später in die neue +Konfigurationsdatei übernehmen.

    +

    Um das carddav-Plugin zu löschen, führen Sie folgendes Kommando aus, danach befolgen Sie zur Neuinstallation die +Anweisungen oben:

    +
    rm -r data/web/rc/plugins/carddav
+
    +

    Umschalten von Roundcube auf die neue Datenbank

    +

    Zunächst passen wir die Roundcube-Konfiguration an, so dass die neue Datenbank verwendet wird. +

    sed -i "/\$config\['db_dsnw'\].*$/d" data/web/rc/config/config.inc.php
+cat <<EOCONFIG >>data/web/rc/config/config.inc.php
+\$config['db_dsnw'] = 'mysql://roundcube:${DBROUNDCUBE}@mysql/roundcubemail';
+EOCONFIG
+

    +

    Roundcube Web-Zugriff reaktivieren

    +

    Führen Sie chown und chmod auf den sensitiven Roundcube-Verzeichnissen, welche in Vorbereitung +aufgeführt sind aus, um sicherzustellen, dass der nginx-Webserver nicht auf Dateien zugreifen darf, die er nicht +ausliefern soll.

    +

    Dann reaktivieren Sie den Web-Zugriff für Roundcube, indem Sie die temporäre Roundcube-Konfigurations-Erweiterung für +nginx durch die oben beschriebene ersetzen, und laden anschließend die nginx-Konfiguration +neu:

    +
    docker compose exec nginx-mailcow nginx -s reload
+
    +

    Andere Anpassungen

    +

    Sie müssen auch die Konfiguration des Roundcube password-Plugins entsprechend dieser Anweisungen anpassen, sofern Sie +diese Funktionalität aktiviert haben, da die alten Anweisungen das Passwort direkt in der mailcow-Datenbank änderten, +wohingegen diese Fassung der Anweisungen die mailcow-API zur Passwort-Änderung verwendet.

    +

    Bezüglich weiterer Anpassungen und Neuerungen (z. B. roundcube-dovecot_client_ip Plugin) können Sie die aktuellen +Anweisungen durchgehen und Ihre Konfiguration entsprechend anpassen bzw. die genannten Installationsschritte für neue +Funktionalitäten ausführen.

    +

    Insbesondere beachten Sie folgende Abschnitte:

    + +

    Entfernen der Roundcube-Tabellen aus der mailcow-Datenbank

    +

    Nachdem Sie sichergestellt haben, dass die Migration erfolgreich durchgeführt wurde und Roundcube mit der getrennten +Datenbank funktioniert, können Sie die Roundcube-Tabellen aus der mailcow-Datenbank mit dem folgenden Kommando +entfernen:

    +
    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -sN mailcow -e "SET SESSION foreign_key_checks = 0; DROP TABLE IF EXISTS $(echo $RCTABLES | sed -e 's/ \+/,/g');"
+
    Letztes Update: - 2023-01-23 21:33:08 + 2023-07-01 21:22:02 diff --git a/en/third_party/roundcube/third_party-roundcube/index.html b/en/third_party/roundcube/third_party-roundcube/index.html index fe3c471a5..fbe51405d 100644 --- a/en/third_party/roundcube/third_party-roundcube/index.html +++ b/en/third_party/roundcube/third_party-roundcube/index.html @@ -2546,27 +2546,151 @@ Installing Roundcube - - -
  • - - Configure ManageSieve filtering + +
  • + + Optional extra functionality + + + + +
    • + +
  • + + Finish installation + +
  • @@ -2574,13 +2698,129 @@ Upgrading Roundcube + +
  • - - Let admins log into Roundcube without password + + Uninstalling roundcube + + +
    • + +
  • + + Migration from older mailcow roundcube setup + + + +
    • @@ -2627,27 +2867,151 @@ Installing Roundcube - - -
  • - - Configure ManageSieve filtering + +
  • + + Optional extra functionality + + + + +
    • + +
  • + + Finish installation + +
  • @@ -2655,13 +3019,129 @@ Upgrading Roundcube + +
  • - - Let admins log into Roundcube without password + + Uninstalling roundcube + + +
    • + +
  • + + Migration from older mailcow roundcube setup + + + +
    • @@ -2685,170 +3165,266 @@

    Roundcube

    Installing Roundcube

    -

    Download Roundcube 1.6.x to the web htdocs directory and extract it (here rc/): -

    # Check for a newer release!
-cd data/web
-wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
-
-# Change folder name
-mv roundcubemail-1.6.1 rc
-
-# Change permissions
-chown -R root: rc/
-

    -

    If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. +

    Unless otherwise stated, all of the given commands are expected to be executed in the mailcow installation directory, +i.e., the directory containing mailcow.conf etc. Please do not blindly execute the commands but understand what they +do. None of the commands is supposed to produce an error, so if you encounter an error, fix it if necessary before +continuing with the subsequent commands.

    +

    Note on composer usage

    +

    This guide uses composer to update roundcube dependencies or install / update roundcube plugins.

    +

    The roundcube-plugin-installer composer plugin has a design issue +that can lead to composer errors when packages are upgraded or uninstalled in the composer execution.

    +

    The error message will typically tell you that a require in autoload_real.php failed because a file could not be +opened. Example:

    +
    In autoload_real.php line 43:
+  require(/web/rc/vendor/composer/../guzzlehttp/promises/src/functions_include.php): Failed to open stream: No such file or directory
+
    +

    Unfortunately these occur quite frequently, but they can be worked around by updating the autoloader and re-running the +failed command:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer dump-autoload -o
+# Now execute the command that failed again
+
    +

    Preparation

    +

    First we load mailcow.conf so we have access to the mailcow configuration settings for the following commands.

    +
    source mailcow.conf
+
    +

    Download Roundcube 1.6.x (check for latest release and adapt URL) to the web directory and extract it (here rc/):

    +
    mkdir -m 755 data/web/rc
+wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar -xvz --no-same-owner -C data/web/rc --strip-components=1 -f -
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chown www-data:www-data /web/rc/logs /web/rc/temp
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chown root:www-data /web/rc/config
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chmod 750 /web/rc/logs /web/rc/temp /web/rc/config
+
    +

    Optional: Spellchecking

    +

    If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then +chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have +built in spell check, so you may not want/need this.

    #!/bin/bash
 apk update
 apk add aspell-en # or any other language
-

    +
    +

    Install mime type mappings

    +

    Download the mime.types file as it is not included in the php-fpm container.

    +
    wget -O data/web/rc/config/mime.types http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
+
    +

    Create roundcube database

    +

    Create a database for roundcube in the mailcow MySQL container. This creates a new roundcube database user +with a random password, which will be echoed to the shell and stored in a shell variable for use by later +commands. Note that when you interrupt the process and continue in a new shell, you must set the DBROUNDCUBE +shell variable manually to the password output by the following commands.

    +
    DBROUNDCUBE=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+echo Database password for user roundcube is $DBROUNDCUBE
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE roundcubemail CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER 'roundcube'@'%' IDENTIFIED BY '${DBROUNDCUBE}';"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%';"
+
    +

    Roundcube configuration

    Create a file data/web/rc/config/config.inc.php with the following content. - - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - - The db_prefix is optional but recommended. - - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. + - The des_key option is set to a random value. It is used to temporarily store your IMAP password. + - The plugins list can be adapted to your preference. I added a set of standard plugins that I consider of common + usefulness and which work well together with mailcow: + - The archive plugin adds an archive button that moves selected messages to a user-configurable archive folder. + - The managesieve plugin provides a user-friendly interface to manage server-side mail filtering and vacation / out + of office notification. + - The acl plugin allows to manage access control lists on IMAP folders, including the ability to share IMAP folders + to other users. + - The markasjunk plugin adds buttons to mark selected messages as junk (or messages in the junk folder not as junk) + and moves them to the junk folder or back to the inbox. The sieve filters included with mailcow will take care + that action triggers a learn as spam/ham action in rspamd, so no further configuration of the plugin is needed. + - The zipdownload plugin allows to download multiple message attachments or messages as a zip file. + - If you didn't install spell check in the above step, remove spellcheck_engine parameter.

    +
    cat <<EOCONFIG >data/web/rc/config/config.inc.php
+<?php
+\$config['db_dsnw'] = 'mysql://roundcube:${DBROUNDCUBE}@mysql/roundcubemail';
+\$config['imap_host'] = 'dovecot:143';
+\$config['smtp_host'] = 'postfix:588';
+\$config['smtp_user'] = '%u';
+\$config['smtp_pass'] = '%p';
+\$config['support_url'] = '';
+\$config['product_name'] = 'Roundcube Webmail';
+\$config['cipher_method'] = 'chacha20-poly1305';
+\$config['des_key'] = '$(LC_ALL=C </dev/urandom tr -dc "A-Za-z0-9 !#$%&()*+,-./:;<=>?@[\\]^_{|}~" 2> /dev/null | head -c 32)';
+\$config['plugins'] = [
+  'archive',
+  'managesieve',
+  'acl',
+  'markasjunk',
+  'zipdownload',
+];
+\$config['spellcheck_engine'] = 'aspell';
+\$config['mime_types'] = '/web/rc/config/mime.types';
+\$config['enable_installer'] = true;
+
+\$config['managesieve_host'] = 'dovecot:4190';
+// Enables separate management interface for vacation responses (out-of-office)
+// 0 - no separate section (default); 1 - add Vacation section; 2 - add Vacation section, but hide Filters section
+\$config['managesieve_vacation'] = 1;
+EOCONFIG
+
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chown root:www-data /web/rc/config/config.inc.php
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chmod 640 /web/rc/config/config.inc.php
+
    +

    Initialize database

    +

    Point your browser to https://myserver/rc/installer. Check that the website shows no "NOT OK" check results on +any of the steps, some "NOT AVAILABLE" are expected regarding different database extensions of which we only need MySQL. +Initialize the database and leave the installer. It is not necessary to update the configuration with +the downloaded one, unless you made some settings in the installer you would like to take over.

    +

    Webserver configuration

    +

    The roundcube directory includes some locations that we do not want to serve to web users. We add a configuration +extension to nginx to only expose the public directory of roundcube.

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location /rc/ {
+  alias /web/rc/public_html/;
+}
+EOCONFIG
+
    +

    Disable and remove installer

    +

    Delete the directory data/web/rc/installer after a successful installation, and set the enable_installer option +to false in data/web/rc/config/config.inc.php:

    +
    rm -r data/web/rc/installer
+sed -i -e "s/\(\$config\['enable_installer'\].* = \)true/\1false/" data/web/rc/config/config.inc.php
+
    +

    Update roundcube dependencies

    +

    This step is not strictly necessary, but at least at the time of this writing the dependencies shipped with roundcube +included versions with security vulnerabilities, so it may be a good idea to update the dependencies to the latest +versions. For the same reason, it may be a good idea to run the composer update once in a while.

    +
    cp -n data/web/rc/composer.json-dist data/web/rc/composer.json
+docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer update --no-dev -o
+
    +

    You can also use composer audit to check for any reported security issues with the installed set of composer packages:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer audit
+
    +

    Allow plaintext authentication for the php-fpm container without using TLS

    +

    We need to allow plaintext authentication in dovecot over unencrypted connection (inside the container network), which +is per default mailcow installation only possible for the SOGo container for the very same purpose. Afterwards restart +the dovecot container so the change becomes effective.

    +
    cat  <<EOCONFIG >>data/conf/dovecot/extra.conf
+remote ${IPV4_NETWORK}.0/24 {
+  disable_plaintext_auth = no
+}
+remote ${IPV6_NETWORK} {
+  disable_plaintext_auth = no
+}
+EOCONFIG
+
+docker compose restart dovecot-mailcow
+
    +

    Ofelia job for roundcube housekeeping

    +

    Roundcube needs to clean some stale information from the database every once in a while, +for which we will create an ofelia job that runs the roundcube cleandb.sh script.

    +

    To do this, add the following to docker-compose.override.yml (if you already have some +adaptations for the php-fpm container, add the labels to the existing section):

    +
    version: '2.1'
+services:
+  php-fpm-mailcow:
+    labels:
+      ofelia.enabled: "true"
+      ofelia.job-exec.roundcube_cleandb.schedule: "@every 168h"
+      ofelia.job-exec.roundcube_cleandb.user: "www-data"
+      ofelia.job-exec.roundcube_cleandb.command: "/bin/bash -c \"[ -f /web/rc/bin/cleandb.sh ] && /web/rc/bin/cleandb.sh\""
+
    +

    Optional extra functionality

    +

    Enable change password function in Roundcube

    +

    Changing the mailcow password from the roundcube UI is supported via the password plugin. We will configure it to use +the mailcow API to update the password, which requires to enable the API first and to get the API key (read/write API +access required). The API can be enabled in the mailcow admin interface, where you can also find the API key.

    +

    Open data/web/rc/config/config.inc.php and enable the password plugin by adding it to the $config['plugins'] array, +for example:

    +
    $config['plugins'] = array(
+  'archive',
+  'managesieve',
+  'acl',
+  'markasjunk',
+  'zipdownload',
+  'password',
+);
+
    +

    Configure the password plugin (be sure to adapt **API_KEY** to you mailcow read/write API key):

    +
    cat <<EOCONFIG >data/web/rc/plugins/password/config.inc.php
+<?php
+\$config['password_driver'] = 'mailcow';
+\$config['password_confirm_current'] = true;
+\$config['password_mailcow_api_host'] = 'http://nginx';
+\$config['password_mailcow_api_token'] = '**API_KEY**';
+EOCONFIG
+
    +

    Note: If you have changed the mailcow nginx configuration to redirect http requests to https +(e.g., as described here), then +directly talking to the nginx container via http will not work because nginx is not a hostname contained +in the certificate. In such cases, set password_mailcow_api_host in the above configuration to the +public URI instead:

    +
    cat <<EOCONFIG >data/web/rc/plugins/password/config.inc.php
+<?php
+\$config['password_driver'] = 'mailcow';
+\$config['password_confirm_current'] = true;
+\$config['password_mailcow_api_host'] = 'https://${MAILCOW_HOSTNAME}';
+\$config['password_mailcow_api_token'] = '**API_KEY**';
+EOCONFIG
+
    +

    Integrate CardDAV addressbooks in Roundcube

    +

    Install the latest v5 version (the config below is compatible with v5 releases) using composer. +Answer Y when asked if you want to activate the plugin.

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer require --update-no-dev -o "roundcube/carddav:~5"
+
    +

    Edit the file data/web/rc/plugins/carddav/config.inc.php and insert the following content:

    +
    cat <<EOCONFIG >data/web/rc/plugins/carddav/config.inc.php
+<?php
+\$prefs['_GLOBAL']['pwstore_scheme'] = 'des_key';
+
+\$prefs['SOGo'] = [
+    'accountname'    => 'SOGo',
+    'username'       => '%u',
+    'password'       => '%p',
+    'discovery_url'  => 'http://sogo:20000/SOGo/dav/',
+    'name'           => '%N',
+    'use_categories' => true,
+    'fixed'          => ['username', 'password'],
+];
+EOCONFIG
+
    +

    RCMCardDAV will add all addressbooks of the user on login, including subscribed addressbooks shared to the user by +other users.

    +

    If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks +are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

    +

    Note: RCMCardDAV uses additional database tables. After installing (or upgrading) RCMCardDAV, it is required to log +in roundcube (log out first if already logged in) because the database table creation / changes are performed only +during the login to roundcube.

    +

    Forward the client network address to dovecot

    +

    Normally, the IMAP server dovecot will see the network address of the php-fpm container when roundcube interacts with the IMAP +server. Using an IMAP extension and the roundcube-dovecot_client_ip roundcube plugin, it is possible for roundcube to tell +dovecot the client IP, so it will also show up in the logs as the remote IP. When doing this, login attempts will show in the +dovecot logs like any direct client connections to dovecot, and such failed logins into roundcube will be treated in the same +manner as failed direct IMAP logins, causing blocking of the client with the netfilter container or other mechanisms that may +already be in place to handle bruteforce attacks on the IMAP server.

    +

    For this, the roundcube plugin must be installed.

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer require --update-no-dev -o "takerukoushirou/roundcube-dovecot_client_ip:~1"
+
    +

    Furthermore, we must configure dovecot to treat the php-fpm container as part of a trusted network so it is allowed to override +the client IP in the IMAP session. Note that this also enables plaintext authentication for the listed network ranges, so the +explicit overridings of disable_plaintext_auth done above are not necessary when using this.

    +
    cat  <<EOCONFIG >>data/conf/dovecot/extra.conf
+login_trusted_networks = ${IPV4_NETWORK}.0/24 ${IPV6_NETWORK}
+EOCONFIG
+
+docker compose restart dovecot-mailcow
+
    + +

    You can add Roundcube's link to the mailcow Apps list. +To do this, open or create data/web/inc/vars.local.inc.php and make sure it includes the following configuration +block:

    <?php
-error_reporting(0);
-if (!file_exists('/tmp/mime.types')) {
-file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
-}
-$config = array();
-$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
-$config['imap_host'] = 'tls://dovecot:143';
-$config['smtp_host'] = 'tls://postfix:587';
-$config['smtp_user'] = '%u';
-$config['smtp_pass'] = '%p';
-$config['support_url'] = '';
-$config['product_name'] = 'Roundcube Webmail';
-$config['des_key'] = 'yourrandomstring_changeme';
-$config['log_dir'] = '/dev/null';
-$config['temp_dir'] = '/tmp';
-$config['plugins'] = array(
-  'archive',
-  'managesieve'
-);
-$config['spellcheck_engine'] = 'aspell';
-$config['mime_types'] = '/tmp/mime.types';
-$config['imap_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-$config['enable_installer'] = true;
-$config['smtp_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-$config['db_prefix'] = 'mailcow_rc1';
-

    -

    Point your browser to https://myserver/rc/installer and follow the instructions. -Initialize the database and leave the installer.

    -

    Delete the directory data/web/rc/installer after a successful installation!

    -

    Configure ManageSieve filtering

    -

    Open data/web/rc/config/config.inc.php and change the following parameters (or add them at the bottom of that file): -

    $config['managesieve_host'] = 'tls://dovecot:4190';
-$config['managesieve_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-// Enables separate management interface for vacation responses (out-of-office)
-// 0 - no separate section (default),
-// 1 - add Vacation section,
-// 2 - add Vacation section, but hide Filters section
-$config['managesieve_vacation'] = 1;
-

    -

    Enable change password function in Roundcube

    -

    Open data/web/rc/config/config.inc.php and enable the password plugin:

    -
    ...
-$config['plugins'] = array(
-    'archive',
-    'password',
-);
-...
-
    -

    Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

    -
            case 'ssha256':
-            $salt = rcube_utils::random_bytes(8);
-            $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
-            $prefix  = '{SSHA256}';
-            break;
-
    -

    Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

    -
    $config['password_driver'] = 'sql';
-$config['password_algorithm'] = 'ssha256';
-$config['password_algorithm_prefix'] = '{SSHA256}';
-$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
-
    -

    Integrate CardDAV addressbooks in Roundcube

    -

    Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): -

    cd data/web/rc/plugins
-wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz  | tar xfvz -
-chown -R root: carddav/
-

    -

    Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: -

    $prefs['SOGo'] = array(
-    'name'         =>  'SOGo',
-    'username'     =>  '%u',
-    'password'     =>  '%p',
-    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
-    'carddav_name_only' => true,
-    'use_categories' => true,
-    'active'       =>  true,
-    'readonly'     =>  false,
-    'refresh_time' => '02:00:00',
-    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
-    'hide'        =>  false,
-);
-
    -Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

    -

    Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

    -

    If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

    -
    -

    Optionally, you can add Roundcube's link to the mailcow Apps list. -To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

    -

    NOTE: Don't forget to add the <?php delimiter on the first line

    -
    ...
-$MAILCOW_APPS = array(
-  array(
-    'name' => 'SOGo',
-    'link' => '/SOGo/'
-  ),
-  array(
-    'name' => 'Roundcube',
-    'link' => '/rc/'
-   )
-);
-...
-
    -

    Upgrading Roundcube

    -

    Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

    -
    # Enter a bash session of the mailcow PHP container
-docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
 
-# Install required upgrade dependency, then upgrade Roundcube to wanted release
-apk add rsync
-cd /tmp
-wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
-cd roundcubemail-1.6.1
-bin/installto.sh /web/rc
-
-# Type 'Y' and press enter to upgrade your install of Roundcube
-# Type 'N' to "Do you want me to fix your local configuration" if prompted
-
-# If you see  "NOTICE: Update dependencies by running php composer.phar update --no-dev" just download composer.phar and run it:
-cd /web/rc
-wget https://getcomposer.org/download/2.4.2/composer.phar
-php composer.phar update --no-dev
-# When asked "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " hit y and continue.
-
-
-# Remove leftover files
-cd /tmp
-rm -rf roundcube*
-
-# If you're going from 1.5 to 1.6 please run the config file changes below
-sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'tls:\/\/dovecot:143'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
-sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'tls:\/\/postfix:587'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
-sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'tls:\/\/dovecot:4190'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
+$MAILCOW_APPS = [
+    [
+        'name' => 'SOGo',
+        'link' => '/SOGo/'
+    ],
+    [
+        'name' => 'Roundcube',
+        'link' => '/rc/'
+    ]
+];
    -

    Let admins log into Roundcube without password

    +

    Let admins log into Roundcube without password

    First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

    Edit mailcow.conf and add the following:

    # Allow admins to log into Roundcube as email user (without any password)
@@ -2879,6 +3455,7 @@ services:
 
  • data/web/inc/lib/RoundcubeAutoLogin.php
    • 
 
  • data/web/rc-auth.php
    • 
 
+
    Finish installation
    
 
    Finally, restart mailcow
    
 
    
 
    
@@ -2888,19 +3465,167 @@ docker compose up
    -
    docker-compose down    
+
    docker-compose down
 docker-compose up -d
    +

    Upgrading Roundcube

    +

    Upgrading Roundcube is rather simple, go to the GitHub releases +page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below +commands and change the URL and Roundcube folder name if needed.

    +
    # Enter a bash session of the mailcow PHP container
+docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
+
+# Install required upgrade dependency, then upgrade Roundcube to wanted release
+apk add rsync
+cd /tmp
+wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
+cd roundcubemail-1.6.1
+bin/installto.sh /web/rc
+
+# Type 'Y' and press enter to upgrade your install of Roundcube
+# Type 'N' to "Do you want me to fix your local configuration" if prompted
+
+# If you see "NOTICE: Update dependencies by running php composer.phar update --no-dev" run composer:
+cd /web/rc
+composer update --no-dev -o
+# If asked "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " hit y and continue.
+
+# Remove leftover files
+rm -rf /tmp/roundcube*
+
+# If you're going from 1.5 to 1.6 please run the config file changes below
+sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'dovecot:143'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
+sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'postfix:588'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
+sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'dovecot:4190'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
+
    +

    Upgrade composer plugins

    +

    To upgrade roundcube plugins installed using composer and dependencies (e.g. RCMCardDAV plugin), you can simply run +composer in the container:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer update --no-dev -o
+
    +

    Upgrade mime type mappings

    +

    To upgrade the mime type mappings, re-download them using the command in the +installation instructions.

    +

    Uninstalling roundcube

    +

    For the uninstallation, it is also assumed that the commands are executed in the mailcow installation directory and +that mailcow.conf has been sourced in the shell, see Preparation above.

    +

    Remove the web directory

    +

    This deletes the roundcube installation and all plugins and dependencies that you may have installed, +including those installed with composer.

    +

    Note: This deletes also any custom configuration that you may have done in roundcube. If you want to preserve it, move it some +place else instead of deleting it.

    +
    rm -r data/web/rc
+
    +

    Remove the database

    +

    Note: This clears all data stored for roundcube. If you want to preserve it, you could use mysqldump before deleting the data, +or simply keep the database.

    +
    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'roundcube'@'%';"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE roundcubemail;"
+
    +

    Remove any custom configuration files we added to mailcow

    +

    To determine these, please read through the installation steps and revert what you changed there.

    +

    Migration from older mailcow roundcube setup

    +

    Older versions of this instruction used the mailcow database also for roundcube, with a configured name prefix +mailcow_rc1 on all roundcube tables.

    +

    For the migration, it is also assumed that the commands are executed in the mailcow installation directory and +that mailcow.conf has been sourced in the shell, see Preparation above. The commands of the different +steps build on each other and must be executed in the same shell. Particularly, some steps set shell variables (most +importantly the DBROUNDCUBE variable with the database password of the roundcube database user) used in later steps.

    +

    Create new roundcube database user and database

    +

    Follow the steps above to create the roundcube database user and the separate database.

    +

    Migrate roundcube data from mailcow database

    +

    Before starting the database migration, we disable roundcube to avoid further changes to the roundcube database tables +during the migration.

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location ^~ /rc/ {
+  return 503;
+}
+EOCONFIG
+docker compose exec nginx-mailcow nginx -s reload
+
    +

    Now we copy the roundcube data to the new database. We strip the database table prefix in the process, you may need to +adjust mailcow\_rc1 in case you used a different prefix. It is also possible to keep the prefix (then also keep the +respective db_prefix roundcube setting).

    +
    RCTABLES=$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -sN mailcow -e "show tables like 'mailcow_rc1%';" | tr '\n\r' ' ')
+docker exec $(docker ps -f name=mysql-mailcow -q) /bin/bash -c "mysqldump -uroot -p${DBROOT} mailcow $RCTABLES | sed 's/mailcow_rc1//' | mysql -uroot -p${DBROOT} roundcubemail"
+
    +

    Update roundcube configuration

    +

    Run the following to remove the no longer required db_prefix option. We also enable logging of roundcube by removing +the settings log_dir and temp_dir that were part of the old setup instructions.

    +
    sed -i "/\$config\['db_prefix'\].*$/d" data/web/rc/config/config.inc.php
+sed -i "/\$config\['log_dir'\].*$/d" data/web/rc/config/config.inc.php
+sed -i "/\$config\['temp_dir'\].*$/d" data/web/rc/config/config.inc.php
+
    +

    We need to adapt the nginx configuration for roundcube to not expose the non-public folders of roundcube, specifically +those containing temporary files and log files:

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location /rc/ {
+  alias /web/rc/public_html/;
+}
+EOCONFIG
+
    +

    We can also update the cipher_method to a more secure one but mind that data previously encrypted by roundcube cannot +be decrypted anymore afterwards. This specifically affects stored CardDAV passwords if you use RCMCardDAV and your +users added custom addressbooks (the preset will be fixed automatically upon next login of the user). If you want to +change the cipher_method, run:

    +
    cat <<EOCONFIG >>data/web/rc/config/config.inc.php
+\$config['cipher_method'] = 'chacha20-poly1305';
+EOCONFIG
+
    +

    Switch RCMCardDAV plugin to composer installation method

    +

    This is optional but will align your installation with these instructions and enable you to upgrade RCMCardDAV +using composer. This is simply done by deleting the carddav plugin from the installation and installing it using +composer according to the instructions above, which include the creation +of a new RCMCardDAV v5 config. In case you modified your RCMCardDAV configuration file, you may want to backup it before +deleting the plugin and carry over your changes to the new configuration afterwards as well.

    +

    To delete the carddav plugin run the following command, then re-install according to the +instructions above:

    +
    rm -r data/web/rc/plugins/carddav
+
    +

    Switch roundcube to new database

    +

    First adapt the roundcube configuration to use the new database. +

    sed -i "/\$config\['db_dsnw'\].*$/d" data/web/rc/config/config.inc.php
+cat <<EOCONFIG >>data/web/rc/config/config.inc.php
+\$config['db_dsnw'] = 'mysql://roundcube:${DBROUNDCUBE}@mysql/roundcubemail';
+EOCONFIG
+

    +

    Re-enable roundcube web access

    +

    Execute the chown and chmod commands on sensitive roundcube directories listed in Preparation, to +make sure the nginx webserver cannot access files it is not supposed to serve.

    +

    Then re-enable web access to roundcube by replacing our temporary roundcube custom config for the one described +above, and reload the nginx configuration:

    +
    docker compose exec nginx-mailcow nginx -s reload
+
    +

    Other changes

    +

    You must also adapt the configuration of the roundcube password plugin according to this instruction, specifically if +you use the password changing functionality, since the old instruction directly changed the password in the database, +whereas this version of the instruction uses the mailcow API for the password change.

    +

    Regarding other changes and additions (e.g., roundcube-dovecot_client_ip plugin), you can go through the current +installation instructions and adapt your configuration accordingly or perform the listed installation steps for new +additions.

    +

    Specifically, consider the following sections: + - Ofelia job for roundcube housekeeping + - Allow plaintext authentication in dovecot, + if you adapt the roundcube configuration to contact dovecot via non-encrypted IMAP connection. + - Forward the client network address to dovecot

    +

    Removing roundcube tables from mailcow database

    +

    After you have verified that the migration was successful and roundcube works using the separate database, you can remove +the roundcube tables from the mailcow database using the following command:

    +
    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -sN mailcow -e "SET SESSION foreign_key_checks = 0; DROP TABLE IF EXISTS $(echo $RCTABLES | sed -e 's/ \+/,/g');"
+
    Last update: - 2023-01-23 21:33:08 + 2023-07-01 21:22:02 diff --git a/search/search_index.json b/search/search_index.json index 4bb680511..050b7ce2e 100644 --- a/search/search_index.json +++ b/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en","de"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Information & Support","text":""},{"location":"#mailcow-dockerized-","title":"mailcow: dockerized - + =","text":"

    The mailserver suite with the 'moo'

    "},{"location":"#what-is-mailcow-dockerized","title":"What is mailcow: dockerized?","text":"

    Question

    Mailcow, MailCow or mailcow? What is the exact name of the project?

    Correct: mailcow, because mailcow is a registered word mark with a small m

    mailcow: dockerized is an open source groupware/email suite based on docker.

    mailcow relies on many well known and long used components, which in combination result in an all around carefree email server.

    Each container represents a single application, connected in a bridged network.

    • ACME (Automatic generation of Let's Encrypt certificates)
    • ClamAV (anti-virus scanner) (optional)
    • Dovecot (IMAP/POP server for retrieving mail)
    • MariaDB (database to store user information, etc.)
    • Memcached (cache for the SOGo webmailer)
    • Netfilter (Fail2ban-like integration of @mkuron)
    • Nginx (Web server for the mailcow UI)
    • Oletools via Olefy (analyzing office documents for viruses, macros, etc.)
    • PHP (programming language for most web-based mailcow actions)
    • Postfix (Receiver/sender for mail traffic on the Internet)
    • Redis (storage for spam information, DKIM keys, etc.)
    • Rspamd (spam filter with automatic learning of spam mails)
    • SOGo (integrated webmailer and cal/carddav interface)
    • Solr (full-text search for IMAP connections for quick email search) (optional)
    • Unbound (integrated DNS server to check DNSSEC etc.)
    • A watchdog for basic monitoring of container health inside mailcow

    But the heart of mailcow is the graphical web interface, the mailcow UI.

    It offers a place for almost all settings and allows the comfortable creation of new domains and email addresses with just a few clicks.

    But also other or more tricky tasks can be done in it with ease:

    • DKIM and ARC support/generation.
    • Black and white lists per domain and per user.
    • Spam score management per user (reject spam, flag spam, greylist).
    • Allow mailbox users to create temporary spam aliases
    • Prepend email tags to subject or move emails to subfolders (per user)
    • Allow mailbox users to toggle TLS enforcement for inbound and outbound messages
    • Users can reset caches on SOGo ActiveSync devices
    • imapsync to periodically migrate or retrieve remote mailboxes
    • TFA: Yubikey OTP and WebAuthn USB (Google Chrome and derivatives only), TOTP
    • Add whitelist hosts to forward mail to mailcow
    • Fail2ban-like integration
    • Quarantine system
    • Anti-virus scanning including macro scanning in Office documents
    • Integrated basic monitoring
    • And much more...

    The mailcow data (such as emails, user data, etc.) is stored in Docker volumes - take good care of these volumes:

    • clamd-db-vol-1
    • crypt-vol-1
    • mysql-socket-vol-1
    • mysql-vol-1
    • postfix-vol-1
    • redis-vol-1
    • rspamd-vol-1
    • sogo-userdata-backup-vol-1
    • sogo-web-vol-1
    • solr-vol-1
    • vmail-index-vol-1
    • vmail-vol-1

    Warning

    The mails are compressed and encrypted. The key pair can be found in crypt-vol-1. Please don't forget to backup this and other volumes. #nobackupnopity

    "},{"location":"#support-the-mailcow-project","title":"Support the mailcow project","text":"

    Please consider a support contract for a small monthly fee at Servercow1 to support further development. We support you while you support us. :)

    If you are super awesome and would like to support without a contract, you can get a SAL (Stay-Awesome License) that confirms your awesomeness (a flexible one-time payment) at Servercow.

    "},{"location":"#need-help","title":"Need help?","text":"

    There are two ways to achieve support for your mailcow installation.

    "},{"location":"#commercial-support","title":"Commercial support","text":"

    For professional and prioritized commercial support you can sign a basic support subscription at Servercow. For custom inquiries or questions please contact us at info@servercow.de instead.

    Furthermore we do also provide a fully featured and managed mailcow here. This way we take care about the technical magic underneath and you can enjoy your whole mail experience in a hassle-free way.

    "},{"location":"#community-support-and-chat","title":"Community support and chat","text":"

    The other alternative is our free community-support on our various channels below. Please notice, that this support is driven by our awesome community around mailcow. This kind of support is best-effort, voluntary and there is no guarantee for anything.

    • Our mailcow community @ community.mailcow.email

    • Telegram (Support) @ t.me/mailcow.

    • Telegram (Off-Topic) @ t.me/mailcowOfftopic.

    • Twitter @mailcow_email

    Telegram desktop clients are available for multiple platforms. You can search the groups history for keywords.

    For bug tracking, feature requests and code contributions only:

    • GitHub @ mailcow/mailcow-dockerized
    "},{"location":"#interested-try-it-out-right-away","title":"Interested? Try it out right away!","text":"

    Have we got your interest? Get a first overview of the functionalities of mailcow and your mailcow UI in our official mailcow demos!

    Since September 2022 we\u00b4re providing two seperate Demo instances:

    • demo.mailcow.email is the classic Demo based on the stable releases.
    • nightly-demo.mailcow.email is the new nightly demo based on unreleased testing features. (So especially interesting for those who have no possibility to create a test instance themselves.)

    Use these credentials for the demos

    • Administrator: admin / moohoo
    • Domain-Administrator: department / moohoo
    • Mailbox: demo@440044.xyz / moohoo

    The login credentials work for both variants.

    Always up to date

    The demo instances get the latest updates directly after releases from GitHub. Fully automatic, without any downtime!

    1. Servercow is a hosting/support division of The Infrastructure Company GmbH (mailcow maintainer).\u00a0\u21a9

    "},{"location":"backup_restore/b_n_r-accidental_deletion/","title":"Recover accidentally deleted data","text":"

    So you deleted a mailbox and have no backups, he?

    If you noticed your mistake within a few hours, you can probably recover the users data.

    "},{"location":"backup_restore/b_n_r-accidental_deletion/#sogo","title":"SOGo","text":"

    We automatically create daily backups (24h interval starting from running up -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/.

    Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

    Copy the file named after the user you want to restore to __MAILCOW_DIRECTORY__/data/conf/sogo.

    1. Copy the backup: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo

    2. Run the following command:

      docker compose (Plugin)docker-compose (Standalone) 
      docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org\n
      docker-compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org\n

      Run sogo-tool without parameters to check for possible restore options.

    3. Delete the copied backup by running rm __MAILCOW_DIRECTORY__/data/conf/sogo

    4. Restart SOGo and Memcached:

    docker compose (Plugin)docker-compose (Standalone) 
    docker compose restart sogo-mailcow memcached-mailcow\n
    docker-compose restart sogo-mailcow memcached-mailcow\n
    "},{"location":"backup_restore/b_n_r-accidental_deletion/#mail","title":"Mail","text":"

    In case of an accidental deletion of a mailbox, you will be able to recover for (by default) 5 days. This depends on the MAILDIR_GC_TIME parameter in mailcow.conf.

    A deleted mailbox is copied in its encrypted form to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage.

    The folder inside _garbage follows the structure [timestamp]_[domain_sanitized][user_sanitized], for example 1629109708_exampleorgtest in case of test@example.org deleted on 1629109708.

    To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1.

    Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

    Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota:

    docker compose (Plugin)docker-compose (Standalone) 
    docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'\ndocker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net\n
    docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'\ndocker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net\n
    "},{"location":"backup_restore/b_n_r-backup/","title":"Backup","text":""},{"location":"backup_restore/b_n_r-backup/#backup","title":"Backup","text":""},{"location":"backup_restore/b_n_r-backup/#manual","title":"Manual","text":"

    You can use the provided script helper-scripts/backup_and_restore.sh to backup mailcow automatically.

    Please do not copy this script to another location.

    To run a backup, write \"backup\" as first parameter and either one or more components to backup as following parameters. You can also use \"all\" as second parameter to backup all components. Append --delete-days n to delete backups older than n days.

    # Syntax:\n# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)\n\n# Backup all, delete backups older than 3 days\n./helper-scripts/backup_and_restore.sh backup all --delete-days 3\n\n# Backup vmail, crypt and mysql data, delete backups older than 30 days\n./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30\n\n# Backup vmail\n./helper-scripts/backup_and_restore.sh backup vmail\n
    "},{"location":"backup_restore/b_n_r-backup/#variables-for-backuprestore-script","title":"Variables for backup/restore script","text":""},{"location":"backup_restore/b_n_r-backup/#multithreading","title":"Multithreading","text":"

    With the 2022-10 update it is possible to run the script with multithreading support. This can be used for backups as well as for restores.

    To start the backup/restore with multithreading you have to add THREADS as an environment variable in front of the command to execute the script.

    THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all\n
    The number after the = character indicates the number of threads. Please keep your core count -2 to leave enough CPU power for mailcow itself.

    "},{"location":"backup_restore/b_n_r-backup/#backup-path","title":"Backup path","text":"

    The script will ask you for a backup location. Inside of this location it will create folders in the format \"mailcow_DATE\". You should not rename those folders to not break the restore process.

    To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script:

    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all\n

    Tip

    Both variables mentioned above can also be combined! Ex: 

    MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all\n

    "},{"location":"backup_restore/b_n_r-backup/#cronjob","title":"Cronjob","text":"

    You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists:

    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3\n

    Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).

    This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x:

    #!/bin/sh\n\n# Backup mailcow data\n# https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/\n\nset -e\n\nOUT=\"$(mktemp)\"\nexport MAILCOW_BACKUP_LOCATION=\"/opt/backup\"\nSCRIPT=\"/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh\"\nPARAMETERS=\"backup all\"\nOPTIONS=\"--delete-days 30\"\n\n# run command\nset +e\n\"${SCRIPT}\" ${PARAMETERS} ${OPTIONS} 2>&1 > \"$OUT\"\nRESULT=$?\n\nif [ $RESULT -ne 0 ]\n    then\n            echo \"${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:\"\n            echo \"RESULT=$RESULT\"\n            echo \"STDOUT / STDERR:\"\n            cat \"$OUT\"\nfi\n
    "},{"location":"backup_restore/b_n_r-backup/#backup-strategy-with-rsync-and-mailcow-backup-script","title":"Backup strategy with rsync and mailcow backup script","text":"

    Create the destination directory for mailcows helper script: 

    mkdir -p /external_share/backups/backup_script\n

    Create cronjobs: 

    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized\n40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes\n5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3\n# If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path\n

    On the destination (in this case /external_share/backups) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions!

    To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run:

    docker compose (Plugin)docker-compose (Standalone) 
    docker compose pull\ndocker compose up -d\n
    docker-compose pull\ndocker-compose up -d\n

    If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they are inconsistent). In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!

    "},{"location":"backup_restore/b_n_r-backup_restore-maildir/","title":"Maildir","text":""},{"location":"backup_restore/b_n_r-backup_restore-maildir/#backup","title":"Backup","text":"

    This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory:

    docker compose (Plugin)docker-compose (Standalone) 
    cd /path/to/mailcow-dockerized\ndocker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:bullseye-slim tar cvfz /backup/backup_vmail.tar.gz /vmail\n
    cd /path/to/mailcow-dockerized\ndocker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:bullseye-slim tar cvfz /backup/backup_vmail.tar.gz /vmail\n

    You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz

    "},{"location":"backup_restore/b_n_r-backup_restore-maildir/#restore","title":"Restore","text":"docker compose (Plugin)docker-compose (Standalone) 
    cd /path/to/mailcow-dockerized\ndocker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:bullseye-slim tar xvfz /backup/backup_vmail.tar.gz\n
    cd /path/to/mailcow-dockerized\ndocker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:bullseye-slim tar xvfz /backup/backup_vmail.tar.gz\n
    "},{"location":"backup_restore/b_n_r-backup_restore-mysql/","title":"MySQL (mysqldump)","text":""},{"location":"backup_restore/b_n_r-backup_restore-mysql/#backup","title":"Backup","text":"docker compose (Plugin)docker-compose (Standalone) 
    cd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date +\"%Y%m%d_%H%M%S\")\ndocker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql\n
    cd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date +\"%Y%m%d_%H%M%S\")\ndocker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql\n
    "},{"location":"backup_restore/b_n_r-backup_restore-mysql/#restore","title":"Restore","text":"

    Warning

    docker compose (Plugin)docker-compose (Standalone)

    You should redirect the SQL dump without docker compose to prevent parsing errors.

    You should redirect the SQL dump without docker-compose to prevent parsing errors.

    cd /path/to/mailcow-dockerized\nsource mailcow.conf\ndocker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql\n
    "},{"location":"backup_restore/b_n_r-coldstandby/","title":"Cold-standby backup","text":"

    mailcow offers an easy way to create a consistent copy of itself to be rsync'ed to a remote location without downtime.

    This may also be used to transfer your mailcow to a new server.

    "},{"location":"backup_restore/b_n_r-coldstandby/#you-should-know","title":"You should know","text":"

    The provided script will work on default installations.

    It may break when you use unsupported volume overrides. We don't support that and we will not include hacks to support that. Please run and maintain a fork if you plan to keep your changes.

    The script will use the same paths as your default mailcow installation. That is the mailcow base directory - for most users /opt/mailcow-dockerized - as well as the mountpoints.

    To find the paths of your source volumes we use docker inspect and read the destination directory of every volume related to your mailcow compose project. This means we will also transfer volumes you may have added in an override file. Local bind mounts may or may not work.

    The script uses rsync with the --delete flag. The destination will be an exact copy of the source.

    mariabackup is used to create a consistent copy of the SQL data directory.

    After rsync'ing the data we will run the command below (depending on your set docker compose type in mailcow.conf) and remove old image tags from the destination:

    docker compose (Plugin)docker-compose (Standalone) 
    docker compose pull\n
    docker-compose pull\n

    Your source will not be changed at any time.

    You may want to make sure to use the same /etc/docker/daemon.json on the remote target.

    You should not run disk snapshots (e.g. via ZFS, LVM etc.) on the target at the very same time as this script is run.

    Versioning is not part of this script, we rely on the destination (snapshots or backups). You may also want to use any other tool for that.

    "},{"location":"backup_restore/b_n_r-coldstandby/#prepare","title":"Prepare","text":"

    You will need an SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended.

    In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh.

    Edit this file and change the exported variables:

    export REMOTE_SSH_KEY=/path/to/keyfile\nexport REMOTE_SSH_PORT=22\nexport REMOTE_SSH_HOST=mailcow-backup.host.name\n

    The key must be owned and readable by root only.

    Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker compose v2 available.

    The script will detect errors automatically and exit.

    You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile.

    "},{"location":"backup_restore/b_n_r-coldstandby/#backup-and-refresh-the-cold-standby","title":"Backup and refresh the cold-standby","text":"

    Run the first backup, this may take a while depending on the connection:

    bash /opt/mailcow-dockerized/create_cold_standby.sh\n

    That was easy, wasn't it?

    Updating your cold-standby is just as easy:

    bash /opt/mailcow-dockerized/create_cold_standby.sh\n

    It's the same command.

    "},{"location":"backup_restore/b_n_r-coldstandby/#automated-backups-with-cron","title":"Automated backups with cron","text":"

    First make sure that the cron service is enabled and running:

    systemctl enable cron.service && systemctl start cron.service\n

    To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run:

    crontab -e\n

    Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file.

    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n\n0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log\n

    If saved correctly, the cron job should be shown by typing:

    crontab -l\n
    "},{"location":"backup_restore/b_n_r-restore/","title":"Restore","text":""},{"location":"backup_restore/b_n_r-restore/#restore","title":"Restore","text":"

    Please do not copy this script to another location.

    To run a restore, start mailcow, use the script with \"restore\" as first parameter.

    # Syntax:\n# ./helper-scripts/backup_and_restore.sh restore\n

    The script will ask you for a backup location containing the mailcow_DATE folders.

    "},{"location":"client/client-android/","title":"Android","text":"
    1. Open the Email app.
    2. If this is your first email account, tap Add Account; if not, tap More and Settings and then Add account.
    3. Select Microsoft Exchange ActiveSync.
    4. Enter your email address () and password.
    5. Tap Sign in.
    "},{"location":"client/client-apple/","title":"Apple macOS / iOS","text":""},{"location":"client/client-apple/#method-1-via-mobileconfig","title":"Method 1 via Mobileconfig","text":"

    Email, contacts and calendars can be configured automatically on Apple devices by installing a profile. To download a profile you must login to the mailcow UI first.

    "},{"location":"client/client-apple/#method-11-imap-smtp-and-calcarddav","title":"Method 1.1: IMAP, SMTP and Cal/CardDAV","text":"

    This method configures IMAP, CardDAV and CalDAV.

    1. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.phpmailcow.mobileconfig.
    2. Enter the unlock code (iPhone) or computer password (Mac).
    3. Enter your email password three times when prompted.
    "},{"location":"client/client-apple/#method-12-imap-smtp-no-dav","title":"Method 1.2: IMAP, SMTP (no DAV)","text":"

    This method configures IMAP and SMTP only.

    1. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_emailmailcow.mobileconfig.
    2. Enter the unlock code (iPhone) or computer password (Mac).
    3. Enter your email password when prompted.
    "},{"location":"client/client-apple/#method-2-exchange-activesync-emulation","title":"Method 2 (Exchange ActiveSync emulation)","text":"

    On iOS, Exchange ActiveSync is also supported as an alternative to the procedure above. It has the advantage of supporting push email (i.e. you are immediately notified of incoming messages), but has some limitations, e.g. it does not support more than three email addresses per contact in your address book. Follow the steps below if you decide to use Exchange instead.

    1. Open the Settings app, tap Mail, tap Accounts, tap Add Acccount, select Exchange.
    2. Enter your email address () and tap Next.
    3. Enter your password, tap Next again.
    4. Finally, tap Save.
    "},{"location":"client/client-emclient/","title":"eM Client","text":"
    1. Launch eM Client.
    2. If this is the first time you launched eM Client, it asks you to set up your account. Proceed to step 4.
    3. Go to Menu at the top, select Tools and Accounts.
    4. Enter your email address () and click Start Now.
    5. Enter your password and click Continue.
    6. Enter your name () and click Next.
    7. Click Finish.
    "},{"location":"client/client-kontact/","title":"KDE Kontact","text":"
    1. Launch Kontact.
    2. If this is the first time you launched Kontact or KMail, it asks you to set up your account. Proceed to step 4.
    3. Go to Mail in the sidebar. Go to the Tools menu and select Account Wizard.
    4. Enter your name (), email address () and your password. Click Next.
    5. Click Create Account. If prompted, re-enter your password and click OK.
    6. Close the window by clicking Finish.
    7. Go to Calendar in the sidebar.
    8. Go to the Settings menu and select Configure KOrganizer.
    9. Go to the Calendars tab and click the Add button.
    10. Choose DAV groupware resource and click OK.
    11. Enter your email address () and your password. Click Next.
    12. Select ScalableOGo from the dropdown menu and click Next.
    13. Enter your mailcow hostname into the Host field and click Next.
    14. Click Test Connection and then Finish. Finally, click OK twice.

    Once you have set up Kontact, you can also use KMail, KOrganizer and KAddressBook individually.

    "},{"location":"client/client-manual/","title":"Manual configuration","text":"

    These instructions are valid for unchanged port bindings only!

    "},{"location":"client/client-manual/#email","title":"Email","text":"Service Encryption Host Port IMAP STARTTLS mailcow hostname 143 IMAPS SSL mailcow hostname 993 POP3 STARTTLS mailcow hostname 110 POP3S SSL mailcow hostname 995 SMTP STARTTLS mailcow hostname 587 SMTPS SSL mailcow hostname 465

    Please use the \"plain\" password setting as the authentication mechanism. Contrary to what the name implies, the password will not be transferred to the server in plain text as no authentication is allowed to take place without TLS.

    "},{"location":"client/client-manual/#contacts-and-calendars","title":"Contacts and calendars","text":"

    SOGos default calendar (CalDAV) and contacts (CardDAV) URLs:

    1. CalDAV https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/https:///SOGo/dav//Calendar/personal/

    2. CardDAV https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/https:///SOGo/dav//Contacts/personal/

    Some applications may require you to use https://mail.example.com/SOGo/dav/https:///SOGo/dav/ or the full path to your calendar, which can be found and copied from within SOGo.

    "},{"location":"client/client-outlook/","title":"Microsoft Outlook","text":"
    1. Download and install Outlook CalDav Synchronizer.
    2. Launch Outlook.
    3. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 5.
    4. Go to the File menu and click Add Account.
    5. Enter your name (), email address () and your password. Click Next.
    6. Click Finish.
    7. Go to the CalDav Synchronizer ribbon and click Synchronization Profiles.
    8. Click the second button at top (Add multiple profiles), select Sogo, click Ok.
    9. Click the Get IMAP/POP3 account settings button.
    10. Click Discover resources and assign to Outlook folders.
    11. In the Select Resource window that pops up, select your main calendar (usually Personal Calendar), click the ... button, assign it to Calendar, and click OK. Go to the Address Books and Tasks tabs and repeat repeat the process accordingly. Do not assign multiple calendars, address books or task lists!
    12. Close all windows with the OK buttons.
    "},{"location":"client/client-outlook/#outlook-2016-or-higher-from-office-365-on-windows","title":"Outlook 2016 or higher from Office 365 on Windows","text":"

    This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead.

    Outlook 2016 has an issue with autodiscover. Only Outlook from Office 365 is affected. If you installed Outlook from another source, please follow the guide for Outlook 2013 or higher.

    For EAS you must use the old assistant by launching C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OLCFG.EXE. If this application opens, you can go to step 4 of the guide for Outlook 2013 below.

    If it does not open, you can completely disable the new account creation wizard and follow the guide for Outlook 2013 below.

    "},{"location":"client/client-outlook/#outlook-2007-or-2010-on-windows","title":"Outlook 2007 or 2010 on Windows","text":""},{"location":"client/client-outlook/#outlook-2007-or-higher-on-windows-calendercontacts-via-caldav-synchronizer","title":"Outlook 2007 or higher on Windows (Calender/Contacts via CalDav Synchronizer)","text":""},{"location":"client/client-outlook/#outlook-2013-or-higher-on-windows-active-sync-not-recommended","title":"Outlook 2013 or higher on Windows (Active Sync - not recommended)","text":"

    This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead.

    1. Launch Outlook.
    2. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 4.
    3. Go to the File menu and click Add Account.
    4. Enter your name (), email address () and your password. Click Next.
    5. When prompted, enter your password again, check Remember my credentials and click OK.
    6. Click the Allow button.
    7. Click Finish.
    "},{"location":"client/client-outlook/#outlook-2011-or-higher-on-macos","title":"Outlook 2011 or higher on macOS","text":"

    The Mac version of Outlook does not synchronize calendars and contacts and therefore is not supported.

    "},{"location":"client/client-thunderbird/","title":"Mozilla Thunderbird","text":"
    1. Launch Thunderbird.
    2. If this is the first time you launched Thunderbird, it asks you whether you would like a new email address. Click Skip this and use my existing email and proceed to step 4.
    3. Go to the File menu and select New, Existing Mail Account....
    4. Enter your name (), email address () and your password. Make sure the Remember password checkbox is selected and click Continue.
    5. Once the configuration has been automatically detected, make sure IMAP is selected and click Done.
    6. To use your contacts from the server, click on the arrow next to \"Address Books\" and click the Connect button on each address book you would like to use.
    7. To use your calendars from the server, click on the arrow next to \"Calendars\" and click the Connect button on each calendar you would like to use.
    8. (Optional) If you want Thunderbird to sync all subfolders, go to the Account Settings menu and select Server Settings. In the Server Settings tab, click on the Advanced button. In the Advanced Account Settings window, uncheck the \"Show only subscribed folders\" checkbox. Click OK to save the changes.
    9. Click Finish to close the Account Setup window.
    "},{"location":"client/client-windows/","title":"Windows Mail","text":"

    Windows 8 and higher support email, contacts and calendar via Exchange ActiveSync.

    1. Open the Mail app.
    2. If you have not previously used Mail, you can click Add Account in the main window. Proceed to step 4.
    3. Click Accounts in the sidebar on the left, then click Add Account on the far right.
    4. Select Exchange.
    5. Enter your email address () and click Next.
    6. Enter your password and click Log in.

    Once you have set up the Mail app, you can also use the People and Calendar apps.

    "},{"location":"client/client/","title":"Overview","text":"

    mailcow supports a variety of email clients, both on desktop computers and on smartphones. Below, you can find a number of configuration guides that explain how to configure your mailcow account.

    Tip

    If you access this page by logging into your mailcow server and clicking the \"Show configuration guides for email clients and smartphones\" link, all of the guides will be personalized with your email address and server name.

    Success

    Since you accessed this page after logging into your mailcow server, all of the guides have been personalized with your email address and server name.
    • Android
    • Apple iOS / macOS
    • eM Client
    • KDE Kontact / KMail
    • Microsoft Outlook
    • Mozilla Thunderbird
    • Windows Mail
    • Manual configuration
    "},{"location":"i_u_m/i_u_m_deinstall/","title":"Deinstallation","text":"

    To remove mailcow: dockerized with all it's volumes, images and containers do:

    docker compose (Plugin)docker-compose (Standalone) 
    docker compose down -v --rmi all --remove-orphans\n
    docker-compose down -v --rmi all --remove-orphans\n

    Info

    +

    Install mime type mappings

    +

    Download the mime.types file as it is not included in the php-fpm container.

    +
    wget -O data/web/rc/config/mime.types http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
+
    +

    Create roundcube database

    +

    Create a database for roundcube in the mailcow MySQL container. This creates a new roundcube database user +with a random password, which will be echoed to the shell and stored in a shell variable for use by later +commands. Note that when you interrupt the process and continue in a new shell, you must set the DBROUNDCUBE +shell variable manually to the password output by the following commands.

    +
    DBROUNDCUBE=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+echo Database password for user roundcube is $DBROUNDCUBE
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE roundcubemail CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER 'roundcube'@'%' IDENTIFIED BY '${DBROUNDCUBE}';"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%';"
+
    +

    Roundcube configuration

    Create a file data/web/rc/config/config.inc.php with the following content. - - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - - The db_prefix is optional but recommended. - - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. + - The des_key option is set to a random value. It is used to temporarily store your IMAP password. + - The plugins list can be adapted to your preference. I added a set of standard plugins that I consider of common + usefulness and which work well together with mailcow: + - The archive plugin adds an archive button that moves selected messages to a user-configurable archive folder. + - The managesieve plugin provides a user-friendly interface to manage server-side mail filtering and vacation / out + of office notification. + - The acl plugin allows to manage access control lists on IMAP folders, including the ability to share IMAP folders + to other users. + - The markasjunk plugin adds buttons to mark selected messages as junk (or messages in the junk folder not as junk) + and moves them to the junk folder or back to the inbox. The sieve filters included with mailcow will take care + that action triggers a learn as spam/ham action in rspamd, so no further configuration of the plugin is needed. + - The zipdownload plugin allows to download multiple message attachments or messages as a zip file. + - If you didn't install spell check in the above step, remove spellcheck_engine parameter.

    +
    cat <<EOCONFIG >data/web/rc/config/config.inc.php
+<?php
+\$config['db_dsnw'] = 'mysql://roundcube:${DBROUNDCUBE}@mysql/roundcubemail';
+\$config['imap_host'] = 'dovecot:143';
+\$config['smtp_host'] = 'postfix:588';
+\$config['smtp_user'] = '%u';
+\$config['smtp_pass'] = '%p';
+\$config['support_url'] = '';
+\$config['product_name'] = 'Roundcube Webmail';
+\$config['cipher_method'] = 'chacha20-poly1305';
+\$config['des_key'] = '$(LC_ALL=C </dev/urandom tr -dc "A-Za-z0-9 !#$%&()*+,-./:;<=>?@[\\]^_{|}~" 2> /dev/null | head -c 32)';
+\$config['plugins'] = [
+  'archive',
+  'managesieve',
+  'acl',
+  'markasjunk',
+  'zipdownload',
+];
+\$config['spellcheck_engine'] = 'aspell';
+\$config['mime_types'] = '/web/rc/config/mime.types';
+\$config['enable_installer'] = true;
+
+\$config['managesieve_host'] = 'dovecot:4190';
+// Enables separate management interface for vacation responses (out-of-office)
+// 0 - no separate section (default); 1 - add Vacation section; 2 - add Vacation section, but hide Filters section
+\$config['managesieve_vacation'] = 1;
+EOCONFIG
+
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chown root:www-data /web/rc/config/config.inc.php
+docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chmod 640 /web/rc/config/config.inc.php
+
    +

    Initialize database

    +

    Point your browser to https://myserver/rc/installer. Check that the website shows no "NOT OK" check results on +any of the steps, some "NOT AVAILABLE" are expected regarding different database extensions of which we only need MySQL. +Initialize the database and leave the installer. It is not necessary to update the configuration with +the downloaded one, unless you made some settings in the installer you would like to take over.

    +

    Webserver configuration

    +

    The roundcube directory includes some locations that we do not want to serve to web users. We add a configuration +extension to nginx to only expose the public directory of roundcube.

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location /rc/ {
+  alias /web/rc/public_html/;
+}
+EOCONFIG
+
    +

    Disable and remove installer

    +

    Delete the directory data/web/rc/installer after a successful installation, and set the enable_installer option +to false in data/web/rc/config/config.inc.php:

    +
    rm -r data/web/rc/installer
+sed -i -e "s/\(\$config\['enable_installer'\].* = \)true/\1false/" data/web/rc/config/config.inc.php
+
    +

    Update roundcube dependencies

    +

    This step is not strictly necessary, but at least at the time of this writing the dependencies shipped with roundcube +included versions with security vulnerabilities, so it may be a good idea to update the dependencies to the latest +versions. For the same reason, it may be a good idea to run the composer update once in a while.

    +
    cp -n data/web/rc/composer.json-dist data/web/rc/composer.json
+docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer update --no-dev -o
+
    +

    You can also use composer audit to check for any reported security issues with the installed set of composer packages:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer audit
+
    +

    Allow plaintext authentication for the php-fpm container without using TLS

    +

    We need to allow plaintext authentication in dovecot over unencrypted connection (inside the container network), which +is per default mailcow installation only possible for the SOGo container for the very same purpose. Afterwards restart +the dovecot container so the change becomes effective.

    +
    cat  <<EOCONFIG >>data/conf/dovecot/extra.conf
+remote ${IPV4_NETWORK}.0/24 {
+  disable_plaintext_auth = no
+}
+remote ${IPV6_NETWORK} {
+  disable_plaintext_auth = no
+}
+EOCONFIG
+
+docker compose restart dovecot-mailcow
+
    +

    Ofelia job for roundcube housekeeping

    +

    Roundcube needs to clean some stale information from the database every once in a while, +for which we will create an ofelia job that runs the roundcube cleandb.sh script.

    +

    To do this, add the following to docker-compose.override.yml (if you already have some +adaptations for the php-fpm container, add the labels to the existing section):

    +
    version: '2.1'
+services:
+  php-fpm-mailcow:
+    labels:
+      ofelia.enabled: "true"
+      ofelia.job-exec.roundcube_cleandb.schedule: "@every 168h"
+      ofelia.job-exec.roundcube_cleandb.user: "www-data"
+      ofelia.job-exec.roundcube_cleandb.command: "/bin/bash -c \"[ -f /web/rc/bin/cleandb.sh ] && /web/rc/bin/cleandb.sh\""
+
    +

    Optional extra functionality

    +

    Enable change password function in Roundcube

    +

    Changing the mailcow password from the roundcube UI is supported via the password plugin. We will configure it to use +the mailcow API to update the password, which requires to enable the API first and to get the API key (read/write API +access required). The API can be enabled in the mailcow admin interface, where you can also find the API key.

    +

    Open data/web/rc/config/config.inc.php and enable the password plugin by adding it to the $config['plugins'] array, +for example:

    +
    $config['plugins'] = array(
+  'archive',
+  'managesieve',
+  'acl',
+  'markasjunk',
+  'zipdownload',
+  'password',
+);
+
    +

    Configure the password plugin (be sure to adapt **API_KEY** to you mailcow read/write API key):

    +
    cat <<EOCONFIG >data/web/rc/plugins/password/config.inc.php
+<?php
+\$config['password_driver'] = 'mailcow';
+\$config['password_confirm_current'] = true;
+\$config['password_mailcow_api_host'] = 'http://nginx';
+\$config['password_mailcow_api_token'] = '**API_KEY**';
+EOCONFIG
+
    +

    Note: If you have changed the mailcow nginx configuration to redirect http requests to https +(e.g., as described here), then +directly talking to the nginx container via http will not work because nginx is not a hostname contained +in the certificate. In such cases, set password_mailcow_api_host in the above configuration to the +public URI instead:

    +
    cat <<EOCONFIG >data/web/rc/plugins/password/config.inc.php
+<?php
+\$config['password_driver'] = 'mailcow';
+\$config['password_confirm_current'] = true;
+\$config['password_mailcow_api_host'] = 'https://${MAILCOW_HOSTNAME}';
+\$config['password_mailcow_api_token'] = '**API_KEY**';
+EOCONFIG
+
    +

    Integrate CardDAV addressbooks in Roundcube

    +

    Install the latest v5 version (the config below is compatible with v5 releases) using composer. +Answer Y when asked if you want to activate the plugin.

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer require --update-no-dev -o "roundcube/carddav:~5"
+
    +

    Edit the file data/web/rc/plugins/carddav/config.inc.php and insert the following content:

    +
    cat <<EOCONFIG >data/web/rc/plugins/carddav/config.inc.php
+<?php
+\$prefs['_GLOBAL']['pwstore_scheme'] = 'des_key';
+
+\$prefs['SOGo'] = [
+    'accountname'    => 'SOGo',
+    'username'       => '%u',
+    'password'       => '%p',
+    'discovery_url'  => 'http://sogo:20000/SOGo/dav/',
+    'name'           => '%N',
+    'use_categories' => true,
+    'fixed'          => ['username', 'password'],
+];
+EOCONFIG
+
    +

    RCMCardDAV will add all addressbooks of the user on login, including subscribed addressbooks shared to the user by +other users.

    +

    If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks +are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

    +

    Note: RCMCardDAV uses additional database tables. After installing (or upgrading) RCMCardDAV, it is required to log +in roundcube (log out first if already logged in) because the database table creation / changes are performed only +during the login to roundcube.

    +

    Forward the client network address to dovecot

    +

    Normally, the IMAP server dovecot will see the network address of the php-fpm container when roundcube interacts with the IMAP +server. Using an IMAP extension and the roundcube-dovecot_client_ip roundcube plugin, it is possible for roundcube to tell +dovecot the client IP, so it will also show up in the logs as the remote IP. When doing this, login attempts will show in the +dovecot logs like any direct client connections to dovecot, and such failed logins into roundcube will be treated in the same +manner as failed direct IMAP logins, causing blocking of the client with the netfilter container or other mechanisms that may +already be in place to handle bruteforce attacks on the IMAP server.

    +

    For this, the roundcube plugin must be installed.

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer require --update-no-dev -o "takerukoushirou/roundcube-dovecot_client_ip:~1"
+
    +

    Furthermore, we must configure dovecot to treat the php-fpm container as part of a trusted network so it is allowed to override +the client IP in the IMAP session. Note that this also enables plaintext authentication for the listed network ranges, so the +explicit overridings of disable_plaintext_auth done above are not necessary when using this.

    +
    cat  <<EOCONFIG >>data/conf/dovecot/extra.conf
+login_trusted_networks = ${IPV4_NETWORK}.0/24 ${IPV6_NETWORK}
+EOCONFIG
+
+docker compose restart dovecot-mailcow
+
    + +

    You can add Roundcube's link to the mailcow Apps list. +To do this, open or create data/web/inc/vars.local.inc.php and make sure it includes the following configuration +block:

    <?php
-error_reporting(0);
-if (!file_exists('/tmp/mime.types')) {
-file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
-}
-$config = array();
-$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
-$config['imap_host'] = 'tls://dovecot:143';
-$config['smtp_host'] = 'tls://postfix:587';
-$config['smtp_user'] = '%u';
-$config['smtp_pass'] = '%p';
-$config['support_url'] = '';
-$config['product_name'] = 'Roundcube Webmail';
-$config['des_key'] = 'yourrandomstring_changeme';
-$config['log_dir'] = '/dev/null';
-$config['temp_dir'] = '/tmp';
-$config['plugins'] = array(
-  'archive',
-  'managesieve'
-);
-$config['spellcheck_engine'] = 'aspell';
-$config['mime_types'] = '/tmp/mime.types';
-$config['imap_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-$config['enable_installer'] = true;
-$config['smtp_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-$config['db_prefix'] = 'mailcow_rc1';
-

    -

    Point your browser to https://myserver/rc/installer and follow the instructions. -Initialize the database and leave the installer.

    -

    Delete the directory data/web/rc/installer after a successful installation!

    -

    Configure ManageSieve filtering

    -

    Open data/web/rc/config/config.inc.php and change the following parameters (or add them at the bottom of that file): -

    $config['managesieve_host'] = 'tls://dovecot:4190';
-$config['managesieve_conn_options'] = array(
-  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
-);
-// Enables separate management interface for vacation responses (out-of-office)
-// 0 - no separate section (default),
-// 1 - add Vacation section,
-// 2 - add Vacation section, but hide Filters section
-$config['managesieve_vacation'] = 1;
-

    -

    Enable change password function in Roundcube

    -

    Open data/web/rc/config/config.inc.php and enable the password plugin:

    -
    ...
-$config['plugins'] = array(
-    'archive',
-    'password',
-);
-...
-
    -

    Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

    -
            case 'ssha256':
-            $salt = rcube_utils::random_bytes(8);
-            $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
-            $prefix  = '{SSHA256}';
-            break;
-
    -

    Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

    -
    $config['password_driver'] = 'sql';
-$config['password_algorithm'] = 'ssha256';
-$config['password_algorithm_prefix'] = '{SSHA256}';
-$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
-
    -

    Integrate CardDAV addressbooks in Roundcube

    -

    Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): -

    cd data/web/rc/plugins
-wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz  | tar xfvz -
-chown -R root: carddav/
-

    -

    Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: -

    $prefs['SOGo'] = array(
-    'name'         =>  'SOGo',
-    'username'     =>  '%u',
-    'password'     =>  '%p',
-    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
-    'carddav_name_only' => true,
-    'use_categories' => true,
-    'active'       =>  true,
-    'readonly'     =>  false,
-    'refresh_time' => '02:00:00',
-    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
-    'hide'        =>  false,
-);
-
    -Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

    -

    Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

    -

    If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

    -
    -

    Optionally, you can add Roundcube's link to the mailcow Apps list. -To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

    -

    NOTE: Don't forget to add the <?php delimiter on the first line

    -
    ...
-$MAILCOW_APPS = array(
-  array(
-    'name' => 'SOGo',
-    'link' => '/SOGo/'
-  ),
-  array(
-    'name' => 'Roundcube',
-    'link' => '/rc/'
-   )
-);
-...
-
    -

    Upgrading Roundcube

    -

    Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

    -
    # Enter a bash session of the mailcow PHP container
-docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
 
-# Install required upgrade dependency, then upgrade Roundcube to wanted release
-apk add rsync
-cd /tmp
-wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
-cd roundcubemail-1.6.1
-bin/installto.sh /web/rc
-
-# Type 'Y' and press enter to upgrade your install of Roundcube
-# Type 'N' to "Do you want me to fix your local configuration" if prompted
-
-# If you see  "NOTICE: Update dependencies by running php composer.phar update --no-dev" just download composer.phar and run it:
-cd /web/rc
-wget https://getcomposer.org/download/2.4.2/composer.phar
-php composer.phar update --no-dev
-# When asked "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " hit y and continue.
-
-
-# Remove leftover files
-cd /tmp
-rm -rf roundcube*
-
-# If you're going from 1.5 to 1.6 please run the config file changes below
-sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'tls:\/\/dovecot:143'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
-sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'tls:\/\/postfix:587'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
-sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'tls:\/\/dovecot:4190'\;/" /web/rc/config/config.inc.php
-sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
+$MAILCOW_APPS = [
+    [
+        'name' => 'SOGo',
+        'link' => '/SOGo/'
+    ],
+    [
+        'name' => 'Roundcube',
+        'link' => '/rc/'
+    ]
+];
    -

    Let admins log into Roundcube without password

    +

    Let admins log into Roundcube without password

    First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

    Edit mailcow.conf and add the following:

    # Allow admins to log into Roundcube as email user (without any password)
@@ -2879,6 +3455,7 @@ services:
 
  • data/web/inc/lib/RoundcubeAutoLogin.php
    • 
 
  • data/web/rc-auth.php
    • 
 
+
    Finish installation
    
 
    Finally, restart mailcow
    
 
    
 
    
@@ -2888,19 +3465,167 @@ docker compose up
    -
    docker-compose down    
+
    docker-compose down
 docker-compose up -d
    +

    Upgrading Roundcube

    +

    Upgrading Roundcube is rather simple, go to the GitHub releases +page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below +commands and change the URL and Roundcube folder name if needed.

    +
    # Enter a bash session of the mailcow PHP container
+docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
+
+# Install required upgrade dependency, then upgrade Roundcube to wanted release
+apk add rsync
+cd /tmp
+wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz | tar xfvz -
+cd roundcubemail-1.6.1
+bin/installto.sh /web/rc
+
+# Type 'Y' and press enter to upgrade your install of Roundcube
+# Type 'N' to "Do you want me to fix your local configuration" if prompted
+
+# If you see "NOTICE: Update dependencies by running php composer.phar update --no-dev" run composer:
+cd /web/rc
+composer update --no-dev -o
+# If asked "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " hit y and continue.
+
+# Remove leftover files
+rm -rf /tmp/roundcube*
+
+# If you're going from 1.5 to 1.6 please run the config file changes below
+sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'dovecot:143'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
+sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'postfix:588'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
+sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'dovecot:4190'\;/" /web/rc/config/config.inc.php
+sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
+
    +

    Upgrade composer plugins

    +

    To upgrade roundcube plugins installed using composer and dependencies (e.g. RCMCardDAV plugin), you can simply run +composer in the container:

    +
    docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer update --no-dev -o
+
    +

    Upgrade mime type mappings

    +

    To upgrade the mime type mappings, re-download them using the command in the +installation instructions.

    +

    Uninstalling roundcube

    +

    For the uninstallation, it is also assumed that the commands are executed in the mailcow installation directory and +that mailcow.conf has been sourced in the shell, see Preparation above.

    +

    Remove the web directory

    +

    This deletes the roundcube installation and all plugins and dependencies that you may have installed, +including those installed with composer.

    +

    Note: This deletes also any custom configuration that you may have done in roundcube. If you want to preserve it, move it some +place else instead of deleting it.

    +
    rm -r data/web/rc
+
    +

    Remove the database

    +

    Note: This clears all data stored for roundcube. If you want to preserve it, you could use mysqldump before deleting the data, +or simply keep the database.

    +
    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'roundcube'@'%';"
+docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE roundcubemail;"
+
    +

    Remove any custom configuration files we added to mailcow

    +

    To determine these, please read through the installation steps and revert what you changed there.

    +

    Migration from older mailcow roundcube setup

    +

    Older versions of this instruction used the mailcow database also for roundcube, with a configured name prefix +mailcow_rc1 on all roundcube tables.

    +

    For the migration, it is also assumed that the commands are executed in the mailcow installation directory and +that mailcow.conf has been sourced in the shell, see Preparation above. The commands of the different +steps build on each other and must be executed in the same shell. Particularly, some steps set shell variables (most +importantly the DBROUNDCUBE variable with the database password of the roundcube database user) used in later steps.

    +

    Create new roundcube database user and database

    +

    Follow the steps above to create the roundcube database user and the separate database.

    +

    Migrate roundcube data from mailcow database

    +

    Before starting the database migration, we disable roundcube to avoid further changes to the roundcube database tables +during the migration.

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location ^~ /rc/ {
+  return 503;
+}
+EOCONFIG
+docker compose exec nginx-mailcow nginx -s reload
+
    +

    Now we copy the roundcube data to the new database. We strip the database table prefix in the process, you may need to +adjust mailcow\_rc1 in case you used a different prefix. It is also possible to keep the prefix (then also keep the +respective db_prefix roundcube setting).

    +
    RCTABLES=$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -sN mailcow -e "show tables like 'mailcow_rc1%';" | tr '\n\r' ' ')
+docker exec $(docker ps -f name=mysql-mailcow -q) /bin/bash -c "mysqldump -uroot -p${DBROOT} mailcow $RCTABLES | sed 's/mailcow_rc1//' | mysql -uroot -p${DBROOT} roundcubemail"
+
    +

    Update roundcube configuration

    +

    Run the following to remove the no longer required db_prefix option. We also enable logging of roundcube by removing +the settings log_dir and temp_dir that were part of the old setup instructions.

    +
    sed -i "/\$config\['db_prefix'\].*$/d" data/web/rc/config/config.inc.php
+sed -i "/\$config\['log_dir'\].*$/d" data/web/rc/config/config.inc.php
+sed -i "/\$config\['temp_dir'\].*$/d" data/web/rc/config/config.inc.php
+
    +

    We need to adapt the nginx configuration for roundcube to not expose the non-public folders of roundcube, specifically +those containing temporary files and log files:

    +
    cat <<EOCONFIG >data/conf/nginx/site.roundcube.custom
+location /rc/ {
+  alias /web/rc/public_html/;
+}
+EOCONFIG
+
    +

    We can also update the cipher_method to a more secure one but mind that data previously encrypted by roundcube cannot +be decrypted anymore afterwards. This specifically affects stored CardDAV passwords if you use RCMCardDAV and your +users added custom addressbooks (the preset will be fixed automatically upon next login of the user). If you want to +change the cipher_method, run:

    +
    cat <<EOCONFIG >>data/web/rc/config/config.inc.php
+\$config['cipher_method'] = 'chacha20-poly1305';
+EOCONFIG
+
    +

    Switch RCMCardDAV plugin to composer installation method

    +

    This is optional but will align your installation with these instructions and enable you to upgrade RCMCardDAV +using composer. This is simply done by deleting the carddav plugin from the installation and installing it using +composer according to the instructions above, which include the creation +of a new RCMCardDAV v5 config. In case you modified your RCMCardDAV configuration file, you may want to backup it before +deleting the plugin and carry over your changes to the new configuration afterwards as well.

    +

    To delete the carddav plugin run the following command, then re-install according to the +instructions above:

    +
    rm -r data/web/rc/plugins/carddav
+
    +

    Switch roundcube to new database

    +

    First adapt the roundcube configuration to use the new database. +

    sed -i "/\$config\['db_dsnw'\].*$/d" data/web/rc/config/config.inc.php
+cat <<EOCONFIG >>data/web/rc/config/config.inc.php
+\$config['db_dsnw'] = 'mysql://roundcube:${DBROUNDCUBE}@mysql/roundcubemail';
+EOCONFIG
+

    +

    Re-enable roundcube web access

    +

    Execute the chown and chmod commands on sensitive roundcube directories listed in Preparation, to +make sure the nginx webserver cannot access files it is not supposed to serve.

    +

    Then re-enable web access to roundcube by replacing our temporary roundcube custom config for the one described +above, and reload the nginx configuration:

    +
    docker compose exec nginx-mailcow nginx -s reload
+
    +

    Other changes

    +

    You must also adapt the configuration of the roundcube password plugin according to this instruction, specifically if +you use the password changing functionality, since the old instruction directly changed the password in the database, +whereas this version of the instruction uses the mailcow API for the password change.

    +

    Regarding other changes and additions (e.g., roundcube-dovecot_client_ip plugin), you can go through the current +installation instructions and adapt your configuration accordingly or perform the listed installation steps for new +additions.

    +

    Specifically, consider the following sections: + - Ofelia job for roundcube housekeeping + - Allow plaintext authentication in dovecot, + if you adapt the roundcube configuration to contact dovecot via non-encrypted IMAP connection. + - Forward the client network address to dovecot

    +

    Removing roundcube tables from mailcow database

    +

    After you have verified that the migration was successful and roundcube works using the separate database, you can remove +the roundcube tables from the mailcow database using the following command:

    +
    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -sN mailcow -e "SET SESSION foreign_key_checks = 0; DROP TABLE IF EXISTS $(echo $RCTABLES | sed -e 's/ \+/,/g');"
+
    Last update: - 2023-01-23 21:33:08 + 2023-07-01 21:22:02