RoundCube mail on RHEL/Fedora

I run my own mail server and for years I’ve used squirrelmail as it was a simple interface that just worked and I never really use many of the advanced web mail features anyway. The squirrelmail project hasn’t really advanced a whole lot though and while they do keep up the security fixes and make it work with the latest releases of php there’s been no real development in quite some time so with the move to a new hosted server I decided it was time for a change. I decided to go with RoundCube Mail. The instructions are identical for Fedora as well.

Initial Install
RoundCube is packaged in EPEL and while 0.8.6 isn’t the latest release the ability to “yum install” works for me.

Install the roundcubemail package, mysql and mod_nss for HTTPS (or mod_ssl if you prefer), I’m assuming here you already have a working imap/smtp server. So just a:

yum install roundcubemail mysql-server mod_nss

I plan to use a MySQL DB so to create that I did the following to create the DB and db user:

# mysql -u root -p
mysql> create database roundcubemail;
mysql> create user roundcube;
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'changeme';
mysql> FLUSH PRIVILEGES;
mysql> quit
# mysql -u root -p roundcubemail < /usr/share/doc/roundcubemail-0.8.6/SQL/mysql.initial.sql

To configure RoundCube to access the database edit /etc/roundcubemail/db.inc.php:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:changeme@localhost/roundcubemail';

To configure RoundCube for mail server settings edit /etc/roundcubemail/main.inc.php:

$rcmail_config['default_host'] = 'localhost';

The only config changes I made for the mod_nss was to change the default port from 8443 to the standard HTTPS port of 443 by editing /etc/httpd/conf.d/nss.conf

Configure RoundCube URL and various other apache config like enforcing HTTP edit /etc/httpd/conf.d/roundcubemail.conf:

Alias /webmail /usr/share/roundcubemail

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I'll likely tweak the apache config a little more but that ensures its running over SSL for now.

Finally restart apache to make it work 🙂 with a "service httpd restart"

Fixes to enable running SELinux in Enforcing mode
Initial on testing I wad getting an error in the apache logs about writing to logs. I figured this might be a SELinux error so I did a quick setenforce 0 to test my theory and I was right on.

[error] [client 192.168.100.1] PHP Warning:  Error writing to log file /var/log/roundcubemail/errors; Please check permissions in /usr/share/roundcubemail/program/include/main.inc on line 1965

To fix running in enforcing mode I needed to change two SELinux settings. The first was to set the log directory with http_log and the second was to allow httpd to connect to the network. Fixed easily with these two commands:

chcon -R system_u:object_r:httpd_log_t:s0 /var/log/roundcubemail
setsebool -P httpd_can_network_connect=1

Now I don't need to upset Major Hayden or make Dan weep 😉

Fixing the date display
The date column in the mail initially didn't display. Looking at the apache logs I needed to set the php date.timezone setting in /etc/php.ini. I have users in a number of timezones so I was a little concerned at first of chosing one in particular but it doesn't seem to make much difference. Just search for date.timezone in /etc/php.ini and your good to go.

Conclusion
I like my new mail setup. The migration has enabled me to clean up a number of things I've wanted to for some time and just never got around to it. All the commands are basically identical on Fedora or any other EL6 clones. Hopefully it will be useful for others, and of course feedback is welcome.