From ZhoubaWiki
Jump to: navigation, search

How to set up Roundcube (en)

The best free webmail interface out there at the moment is RoundCube. Download the latest version from http://roundcube.net/download and extract the contents to the /usr/share directory. Change owner and permissions using the following commands:

chown -R root:www-data /usr/share/roundcube
find /usr/share/roundcube -type f -exec chmod 640 {} \;
find /usr/share/roundcube -type d -exec chmod 750 {} \;
chmod 770 /usr/share/roundcube/logs
chmod 770 /usr/share/roundcube/temp

Also create a new directory called roundcube under the /var/log directory. It needs to be writable by Apache.

sudo mkdir /var/log/roundcube
sudo chown www-data:adm /var/log/roundcube
sudo chmod 750 /var/log/roundcube

Because we want the communication between user and server to be secure, we'll use a HTTPS virtual host. Let's start by preparing a self-signed SSL certificate.

cd /etc/ssl
openssl genrsa -des3 -rand /etc/hosts -out ./private/{hostname}.key 1024
chmod 600 ./private/{hostname}.key
openssl req -new -key ./private/{hostname}.key -out ./private/{hostname}.csr

You'll be asked to provide details for the new certificate. These details will be available for anybody to view so be careful not to disclose any sensitive information. The Common Name should always be the exact host name of the webmail system (e.g. mail.moredigital.com). Leave the challenge password empty. Now we need to self-sign the certificate and strip the passphrase.

openssl x509 -req -days 3650 -in ./private/{hostname}.csr -signkey ./private/{hostname}.key -out ./certs/{hostname}.crt
openssl rsa -in ./private/{hostname}.key -out ./private/{hostname}.key.unencrypted
mv -f ./private/{hostname}.key.unencrypted ./private/{hostname}.key
chmod 600 ./private/{hostname}.key
rm ./private/{hostname}.csr

You should be aware that web browsers won't treat these certificated as trusted and will display a warning. But that's not a big problem for us as our primary goal is to secure the connection and not to validate identity of the server.

	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

	ServerName mail.hostname.tld
	DocumentRoot /usr/share/roundcubemail-0.3.1
	ServerAdmin admin@hostname.tld

	ErrorLog /var/log/roundcube/apache-error.log
	CustomLog /var/log/roundcube/apache-access.log combined

	# SSL
	SSLEngine On
	SSLCertificateFile /etc/ssl/certs/{hostname}.crt
	SSLCertificateKeyFile /etc/ssl/private/{hostname}.key

Roundcube comes with a user friendly installation interface. You can access it by pointing your browser to the /installer sub-path of your newly setup virtual host. Follow the instructions and after your configuration is ready and has been tested, tweak roundcube config file to force HTTPS protocol.

$rcmail_config['force_https'] = TRUE;

Now you should modify /usr/share/roundcube/config/main.inc.php:

$rcmail_config['default_host'] = 'tls://%n';
$rcmail_config['smtp_server'] = 'tls://%h';
$rcmail_config['mail_domain'] = '%d'

Add LDAP Address Book

You must install php5-ldap:

aptitude install php5-ldap

You must uncomment "ADDRESSBOOK SETTINGS" in /usr/share/roundcube/config/main.inc.php and modify it:

$rcmail_config['address_book_type'] = 'ldap';
'name'			=> 'name',
'hosts'			=> array('Hostname'),
'port'			=> Port number,
'base_dn'		=> 'Base DN',
'bind_dn'		=> 'Bind DN',
'bind_pass'		=> 'password',