Roundcube for macOS Server

What’s new in version 1.3.6?
Compatibility
  • Mac OS X Server 10.8.3 w/ Server 2.x – through -> 10.13.x High Sierra w/ Server.app 5.6.x
Why we made this installer

Mac OS X Server administrators usually wear many hats (entrepreneur, designer, etc.). We choose the Mac expecting it to have a nice GUI interface and all our basic needs to be met out of the box.
Apple used to provide webmail services in earlier versions of OS X Server (10.7 and earlier). For reasons unknown, webmail was dropped in 10.8 leaving it up to administrators to roll their own solution.

An OS X Server administrator with a Unix background could jump through all the hoops in a couple of hours – but lets face it, most OS X Server administrators would be stuck facing a day or more of tutorials, articles and frustration to get webmail working on their server.

As consultants specializing in mail services for OS X Server, we found ourselves repeating the same steps over and over with each new server installation. So we decided to apply our rule of thumb: if a repeatable process takes more than 30 minutes – document, automate and share.

What does the installer do?

Our installer for Roundcube for OS X Server installs Roundcube Webmail as a simple WebApp available to any website configured inside Server.app. When the WebApp is enabled (by default, its enabled for all sites), you can access webmail by adding /mail /webmail or /roundcube to your website URL.

Please browse our FAQs for answers to most questions.

See current changelog for a complete list of fixes and additions.
Please read our FAQs as well.

The topicdesk Roundcube installer is a free download.

 

 

212 replies
« Older CommentsNewer Comments »
  1. Chris Leach
    Chris Leach says:

    So all I can say is WOW. I recently upgraded from an OS X server running 10.6 to a new server running El Capitan. I was shocked that webmail wasn’t included. I had literally just sat down with drinks, snacks, and the next 4 hours of my life cleared to install roundcube from scratch. Then I stumbled onto your site and within 10 minutes I’m looking at my e-mail in a web browser? Outstanding. If you all are ever out in the Bay Area I owe you a beer or 6. If not I’d be happy to paypal or bitcoin a token of appreciation.

    Reply
  2. Gavin Lawrie
    Gavin Lawrie says:

    Roundcube working fine on Server 5, but not displaying any message dates. The dates are there (e.g. if you look at mail in Mail.app the messages all have dates) and messages appear be sorted by these dates (i.e. latest messages appear at top of Roundcube window) – but just not showing up. Also, if you reply or forward a message within Roundcube, the replied to message has the fomr “On , Username wrote:” – i.e. the date element is simply missing.

    I guess something needs to be adjusted in Roundcube settings – any thoughts about what?

    Thanks!

    Reply
    • Jeff Johnson
      Jeff Johnson says:

      A few possibilities….

      The left-most column has a gear which allows each user to choose which columns are visible to them.
      Did you confirm the date column is selected?

      The fact that the date isn’t displayed in the reply-quote “On , Username wrote:” is curious..
      Each user can choose their time zone (Preferences/User Interface). The defautl is Auto, try setting the timezone vs Auto.

      Have you made any changes to the roundcube config files? You will find them here:
      /usr/local/topicdesk/roundcube/WebApp/config/config.inc.php
      /usr/local/topicdesk/roundcube/WebApp/config/defaults.inc.php

      PHP might have a config problem, watch the apache logs during roundcube login.

      Hope that helps… If you are still stuck, I’d like to take a look myself (screensharing). You can reach me from the contact page.

      Jeff

      Reply
      • Gavin Lawrie
        Gavin Lawrie says:

        Hi Jeff

        Yes, date column selected (that’s how I know it is blank).
        Changing from Auto to UTC for timezone has no effect (as in date not displayed either way).
        Made no changes to files.
        Recently the only error appearing in Apache error log is this one, which is appearing daily just once:

        [Wed Mar 30 06:49:47.848567 2016] [cgi:error] [pid 69008] [client 188.138.41.45:64398] AH02811: script not found or unable to stat: /Library/Server/Web/Data/CGI-Executables/system_cmd.cgi

        Happy for you to have a look via screen sharing – I’ll drop you a note directly.

        Reply
        • Alex
          Alex says:

          I had same issue. Finally solved.

          Turns out that OSX Server has its own php.ini override in

          /Library/Server/Web/Config/php/php.ini

          which by default doesn’t specify a timezone and that then overrides the /etc php.ini to nothing

          Editing that for UTC or your preferred timezone and then re-starting web server did the trick.

          Reply
    • MacCrack
      MacCrack says:

      @ Simon

      That happened to me too. In installed Roundcube again and it worked just like before. All the settings were still there.

      Reply
    • Jeff Johnson
      Jeff Johnson says:

      Server 5.1 doesn’t activate webapps properly for the two default sites.
      The webapp may be checked/enabled on all sites, but only the customSites (not default sites) will be updated.

      The quick fix is:
      sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/webappctl start com.topicdesk.roundcube

      Reply
  3. Sean
    Sean says:

    Some comments on the included config.inc.php:

    1) Shouldn’t this:
    $config[list_cols] = array(chbox, subject, status, fromto, date, size, flag, attachment);

    have quotes like this:
    $config[‘list_cols’] = array(‘chbox’, ‘subject’, ‘status’, ‘fromto’, ‘date’, ‘size’, ‘flag’, ‘attachment’);

    2) $config[‘imap_auth_type’] = CRAM_MD5;

    I think null would be better, as per defaults.inc.php, which says “or null to use best server supported one”.

    3) I would argue for security by default, in other words, instead of:

    $config[‘default_host’] = ‘localhost’;
    $config[‘default_port’] = 143;
    $config[‘smtp_server’] = ‘localhost’;

    I would suggest:

    $config[‘default_host’] = ‘ssl://localhost’;
    $config[‘default_port’] = 993;
    $config[‘smtp_server’] = ‘ssl://localhost’;
    $config[‘smtp_port’] = 587;

    4) Why are some lines “$config” and others “$rcmail_config”? I don’t see “rcmail_config” anywhere in defaults.inc.php.

    5) What is this?:
    $config[‘default_folders’] = array(‘INBOX’, ‘Drafts’, ‘Sent Messages’, ‘Junk’, ‘Deleted Messages’);

    I don’t find “default_folders” anywhere in defaults.inc.php. It’s the only one not in there. Is it maybe leftover from an older roundcube?

    Thanks.

    Reply
  4. Jeff Johnson
    Jeff Johnson says:

    Hi Sean…

    $config[list_cols] = array(chbox, subject, status, fromto, date, size, flag, attachment);
    Should these be quotes?

    Quotes aren’t necessary for this array, but its a good idea to use them anyway.
    I’ll add it to the list for the next update.

    $config[‘imap_auth_type’] = CRAM_MD5;
    I think null would be better, as per defaults.inc.php, which says “or null to use best server supported one”.

    I’ve had a few issues letting roundcube choose the best auth method.
    CRAM-MD5 is enabled by default on every server version supported with this package.

    $config[‘default_host’] = ‘ssl://localhost’;
    $config[‘default_port’] = 993;
    $config[‘smtp_server’] = ‘ssl://localhost’;
    $config[‘smtp_port’] = 587;
    I would argue for security by default, in other words, instead of:

    These are localhost connections. No traffic passing across a network.
    It’s common practice to accep less secure methods for localhost connections.
    We like these settings to maintain compatability with older server versions which may not have SSL enabled.

    Why are some lines “$config” and others “$rcmail_config”? I don’t see “rcmail_config” anywhere in defaults.inc.php.

    This is a carrover from older ( < 1.0 ) versions of roundcube, for now – either works.
    Thanks for mentioning this, we’ll update the config file in the next release.

    What is this?:
    $config[‘default_folders’] = array(‘INBOX’, ‘Drafts’, ‘Sent Messages’, ‘Junk’, ‘Deleted Messages’);
    I don’t find “default_folders” anywhere in defaults.inc.php. It’s the only one not in there. Is it maybe leftover from an older roundcube?

    Its not well documented.
    As I understand it, these are the folders every user should have.
    Its used alog with the “create_default_folders” option to setup the user’s folder structure automatically.


    How can we improve the Roundcube Installer ?
    We’d like to hear any suggestions: better defaults, useful plugins, etc.
    Please post any suggestions here.

    Reply
    • Sean
      Sean says:

      Jeff, thanks for your helpful reply. Not sure how to quote here, but…

      Anything with “md5” in its name worries me, since md5 is long since broken, as I’m sure you know. https://en.wikipedia.org/wiki/MD5#Security I’m not sure what the strongest authentication mechanism OS X’s dovecot supports… maybe GSSAPI? http://wiki.dovecot.org/Authentication/Mechanisms So far, using null for the setting is working for me. Have you seen issues in 1.1.4 or only older?

      It’s your product of course, but I still feel strongly that the setup should be more secure out-of-the-box. If you don’t want to set SSL by default, might I suggest at least keeping the comments from “defaults.inc.php” in your custom config file? That way people can know they can add the “ssl://” prefix. I naively assumed roundcube would automatically prefer SSL, but it seems not. 🙁

      Reply
      • Jeff Johnson
        Jeff Johnson says:

        Sean

        When roundcube and the imap/smtp server exist on the same host and use the loopback interface (127.0.0.1), there are zero packets to sniff on a wire. While it can be possible to sniff the loopback, this requires admin creds and access to the machine, if a hacker has that type of access, you have bigger problems – they can simply navigate to your mailstore and read all the mail stored in plain-text.

        Same goes with SSL. Sure, you can use SSL on a the loopback… If I were a bad guy with the necessary access to your system, I wouldn’t be sniffing packets when I could simply read each message (past and present) straight from the disk.

        IMO, there’s no point discussing how to secure imap/smtp traffic which never leaves the host when the focus should be on securing the server which stores that data in clear-text in postfix queues, backups, mailstore, bcc archive, etc.

        I agree with your opinion when roundcube and the imap/smtp server are on different hosts.
        Our installer is made for same-host installations but can be adapted as needed.

        Jeff

        Reply
  5. Sean
    Sean says:

    Jeff, sorry, let me try to be more clear. Yes, I understand your point about being on the same host, and agree. I should have said explicitly: I run roundcube and imap/smtp on different hosts. Your last paragraph above is key.

    Here’s a not-so-hypothetical scenario: someone installs your package. He finds your config.inc.php file. He sees “$config[‘default_host’] = ‘localhost’;” (with no surrounding comments) and naively changes it to the hostname of his mail server. Things work. He assumes things prefer SSL automagically, but they don’t. He didn’t know about defaults.inc.php, where the comments indicate an explicit “ssl://” prefix is required.

    To be sure, in this scenario, the admin is at fault for not investigating thoroughly enough. But the Mac philosophy has always been one of user-friendliness and forgiveness of errors. And I’d wager most of your users are not full time UNIX greybeards. 🙂

    If at least you include the defaults.inc.php comments, the error above is made much less likely.

    If you additionally include “ssl://” by default, it’s less likely still. Agreed, it’s not so beneficial when using localhost, but it’s not harmful either! (Except I guess if your mail server doesn’t support SSL, but really who running their own email server doesn’t want their email private?!)

    I guess my thinking is that as there’s little harm, but possibly great benefit, in including the “ssl://” by default, that it is preferable.

    Reply
    • Jeff Johnson
      Jeff Johnson says:

      I see your case for including comments, I’ll include that in the next rev.

      The settings will remain as-is to maintain the broadest compatability with default installations with or without SSL.
      Somoene modifying the config to support other configurations is on their own 🙂

      Thanks for the discussion, you had several great points we’ll use to improve the installation.

      Jeff

      Reply
  6. Andreanne D.
    Andreanne D. says:

    I just can’t get Roundcube to work on my Macbook Pro, no matter if I try to reinstall it. It’s as if it disappears right after I download it.

    The app tries to send me to the following address, but it doesn’T work every time.
    (https://127.0.0.1/roundcube).

    Anybody can help with that? (I use round cube to host my email for my professional portfolio online).

    Thank you in advance!

    Reply
  7. Gik
    Gik says:

    Very nice installer, all work fine, but when the mail (body) has unicode characters (i.e. Greek, like: Ελληνικά) the message can not be displayed and I get an message saying: “An error occurred! Could not load message from server.”…

    Any ideas on what can I do to fix this?
    (SquirrelMail has no problem on reading the same message,
    so this is not a problem on the message/IMAP/server side)

    Reply
      • Gik
        Gik says:

        Well, you kinda helped…
        Although the forum seems broken, I found an answer that solved my problem.

        Changing in rcube_imap_generic.php from $binary = true; to $binary = false; fixes the problem.

        I guess it’s a unicode thing…
        (If you could include it at your FAQ, it would help a lot of non-english-using people… there are a lot of us out there) 😉

        Reply
        • Jeff Johnson
          Jeff Johnson says:

          Thanks for posting the solution.

          Hopefully the issue is fixed in Roundcube 1.2 (released and available on roundcube.net)
          If its not fixed in 1.2, we’ll add the FAQ.

          FYI… We’ll have our installer upgraded to 1.2 in a few weeks
          For those that want to try 1.2 asap, its easy enough to upgrade.

          First step is alway to backup 🙂

          Download 1.2 and unpack it
          https://github.com/roundcube/roundcubemail/releases/download/1.2.0/roundcubemail-1.2.0-complete.tar.gz

          In Terminal, cd into the bin directory of the new version, something like:
          cd ~/Downloads/roundcubemail-1.2.0/bin

          Then run the install script
          sudo ./installto.sh /usr/local/topicdesk/roundcube/WebApp

          Reply
          • Gik
            Gik says:

            Installed it and it works fine.
            So it looks like its probably fixed
            (assuming that the new rcube_imap_generic.php is not the one from 1.1 that I had fixed)
            THNX! 🙂

          • Steve
            Steve says:

            Jeff, I realize this is free software that you do on your own time. That said, about 7 months ago you said, “We’ll have our installer upgraded to 1.2 in a few weeks.”

            The last release of your installer for RoundCube was 1.1.4, and that was 11 months ago.

            Are you dong this? If not, let us know and we’ll look for another option. No hard feelings, and thanks for the work so far.

  8. Patrick
    Patrick says:

    Server 5.2 breaks my Roundcube under OS X 10.11.6 ? Also after clean install Roundcube on a other server running 5.2 ?
    Anybody know where to look. I can see the login page, i can login but after that the screen goes blank.

    Reply
  9. Jeff Johnson
    Jeff Johnson says:

    I finally had a chance to check a machine with Server 5.2 installed.

    The issue I encountered today stems from a change in the CardDAV server port.
    CardDAV has defaulted to 8443 in the past, but Server 5.2 defaults to 443.

    To confirm, look at the carddav plugin log
    /usr/local/topicdesk/roundcube/WebApp/logs/errors
    You’ll see this error
    Failed to connect to localhost port 8443: Connection refused

    To resolve this, we need to know if carddav is running:
    sudo serveradmin status addressbook
    If carddav is running, you’ll see:
    addressbook:state = “RUNNING”

    If carddav is RUNNING, change the carddav port to default with
    sudo sed -i.bak ‘s/:8443//’ /usr/local/topicdesk/roundcube/WebApp/plugins/carddav/config.inc.php
    Logout/Login to Roundcube.
    Working?

    If carddav is -NOT- RUNNING, the plugin should be disabled.
    Edit
    /usr/local/topicdesk/roundcube/WebApp/config/config.inc.php
    Find this line, and remove carddav from the array
    $config[‘plugins’] = array(‘image_paster’,’html5_notifier’,’chbox’,’carddav’,’managesieve’);
    result
    $config[‘plugins’] = array(‘image_paster’,’html5_notifier’,’chbox’,’managesieve’);

    Hope that works for everyone 🙂

    Reply
  10. Eric Boinaud
    Eric Boinaud says:

    Hi Jeff,
    i have always this message..

    Forbidden
    You don’t have permission to access /webmail/ on this server.
    Apache Server at miniserver.domaine-boinaud.com Port 80

    Any solution Please ?

    Eric

    Reply
  11. Jan Cobb
    Jan Cobb says:

    I was originally going to follow up on the problem raised by Eric Boinaud, in that I was receiving an error very similar to his, together with an error log entry of:

    “[Sat Nov 19 23:04:35.760521 2016] [autoindex:error] [pid 82841] [client 192.168.147.21:64917] AH01276: Cannot serve directory /usr/local/topicdesk/roundcube/WebApp: No matching DirectoryIndex (index.php,index.html) found, and server-generated directory index forbidden by Options directive”.

    However, part of my problem was camouflaged by having my own redirect in operation in Server 5.2 which meant that the (alias) contents of ‘/usr/local/topicdesk/roundcube/httpd.topicdeskroundcube.conf’ were bypassed. Nevertheless, I still found a problem because the main website uses a CMSms configuration that rewrites URLs to include .html for appearance’s sake, which meant that /mail was not aliased to the roundcube directory but was transformed to /mail.html, which went nowhere!! Eventually, to prevent the pre-emptive action of my PHP scripts (and .htaccess) and to ensure consistency, I amended ‘/usr/local/topicdesk/roundcube/httpd.topicdeskroundcube.conf’ to read:

    Alias “/webmail/” “/usr/local/topicdesk/roundcube/WebApp/”
    Alias “/Webmail/” “/usr/local/topicdesk/roundcube/WebApp/”
    Alias “/WebMail/” “/usr/local/topicdesk/roundcube/WebApp/”
    Alias “/mail/” “/usr/local/topicdesk/roundcube/WebApp/”
    Alias “/roundcube/” “/usr/local/topicdesk/roundcube/WebApp/”
    Alias “/Roundcube/” “/usr/local/topicdesk/roundcube/WebApp/”

    AllowOverride All
    Options -Indexes +FollowSymLinks

    with trailing slashes. While the original format, Jeff, works adequately and correctly, to be absolutely specific could you do the same in the next iteration of the installation package, please?

    Reply
  12. Hina Mirza
    Hina Mirza says:

    I am no expert at things like this and if anyone can help, it will be much appreciated. I have my own company email address hence I need to have access to it on my mac and specially on my phone 24/7. The mail default for the business emails are Roundcube. I cam across this page and tried to download it, however once the Safari page opens, it says, ‘Safari was unable to connect to server’. Am I doing something wrong? Or is there a setting which needs to be adjusted? I just want it on both my devices (and my employers too) so they have access to it rather than going safari and logging in.

    Reply
  13. Hina Mirza
    Hina Mirza says:

    I am no expert at things like this and if anyone can help, it will be much appreciated. I have my own company email address hence I need to have access to it on my mac and specially on my phone 24/7. The mail default for the business emails are Roundcube. I cam across this page and tried to download it, however once the Safari page opens, it says, ‘Safari was unable to connect to server’. Am I doing something wrong? Or is there a setting which needs to be adjusted? I just want it on both my devices (and my employers too) so they have access to it rather than going safari and logging in.

    Reply
  14. Mike
    Mike says:

    Hi Guys!

    Is there a way to configure Roundcube to allow using the user’s email address for login? I see this done on other Roundcube installs, just don’t know how they’re implementing the capability. Users can use their email address to login to the MyDevices and WebCal portals, but round cube will only accept the account name on the authentication form.

    Reply
    • Johan Ylinenjarvi
      Johan Ylinenjarvi says:

      remove the %n from auth_username_format in /Library/Server/Mail/Config/dovecot/conf.d/10-auth.conf and it works to login with the emai-adress.

      Reply
      • Mike
        Mike says:

        I actually got it working via

        $config[‘user_aliases’] = true;

        in config.inc.php, which allows login via email addresses found in identities. Additionally, when also configuring $rcmail_config[‘mail_domain’] = ‘%d’; in a multi domain environment, you can even have first time users login at their respective <client_domain.tld>/mail with their email address. Would editing the dovecot config be better?

        Thanks for your help,
        — Mike

        Reply
  15. Mike
    Mike says:

    I’m looking to add a link to the tool bar, let’s say between the Address Book and Settings buttons, that opens a new window/tab to the macOS server’s webcal portal page. It works well manually, that is to say, after authenticating into roundcube, that same token lets you open a new tab, enter the webcal url, and be presented with your calendar without additional login.

    Reply
  16. Taylor
    Taylor says:

    I just ran the installer on a fresh OS X 10.11.6 install with Server version 5.2. The install went fine and the login page loads but when users try and login they get “Login Failed” messages. In the apache logs I see “SSL Library Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol — speaking not SSL to HTTPS port!?” and “[ssl:info] [pid 666] (70007)The timeout specified has expired: [client 10.8.0.2:54382] AH01991: SSL input filter read failed.” Is this an Apache config issue? Has anyone else seen this?

    Reply
    • Taylor
      Taylor says:

      I figured it out. I changed the IMAP config to:

      Added SSL to host:
      $config[‘default_host’] = ‘ssl://localhost’;

      Changed port from 143 to 993:
      $config[‘default_port’] = 993;

      Changed auth type from MD5 to PLAIN:
      $config[‘imap_auth_type’] = PLAIN;

      Now the login works fine.

      Reply
  17. Andrew
    Andrew says:

    macOS 10.12.5; server 5.3.1 – after installing is possible to login, than the page goes to blank. If I remove ?_task=login than it could be possible to see mails & to use web app.
    Is there any step by step instruction how to fix the problem?
    Regards.

    Reply
    • Sean
      Sean says:

      I have almost the exact same problem.

      I have OS X 10.11.6 with Server 5.1.7 and roundcube 1.2.5. Yesterday I upgraded to macOS 10.12.5 and Server 5.3.1 and I now I see the roundcube login page, but after clicking “login” it’s just a blank page. I don’t see any errors in the web server logs. Removing the “?_task=login” doesn’t make any difference in my case.

      Reply
  18. Jeff Johnson
    Jeff Johnson says:

    Andrew/Sean

    Try removing the carddav reference from
    /usr/local/topicdesk/roundcube/WebApp/config/config.inc.php

    Jeff

    Reply
    • Sean
      Sean says:

      In my case, it’s already not there. I have:
      $config[‘plugins’] = array(‘html5_notifier’,’chbox’,’managesieve’);

      Any other ideas?

      Reply
« Older CommentsNewer Comments »

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *