Install Roundcube Webmail on Ubuntu 22.04/20.04 with Apache/Nginx

Roundcube is a free open-source, full-featured webmail client written in PHP. A webmail is a mail client in your browser. Instead of reading and sending emails from a desktop mail client like Mozilla Thunderbird, you can access your email from a web browser. This tutorial is going to show you how to install Roundcube webmail on Ubuntu 22.04/20.04 with Apache or Nginx web server.

Roundcube Features

Roundcube functionality includes:

  • Address book
  • Folder management
  • Message searching
  • Message filter
  • Spell checking
  • MIME support
  • PGP encryption and signing
  • Mailvelope integration
  • Users are able to change their passwords in Roundcube.
  • Import MIME or Mbox formatted emails.
  • Email Resent (Bounce)
  • Support for Redis and Memcached cache
  • Support for SMTPUTF8 and GSSAPI
  • A responsive skin called Elastic with full mobile device support
  • OAuth2/XOauth support (with plugin hooks)
  • Collected recipients and trusted senders
  • Full unicode support with MySQL database
  • Support of IMAP LITERAL- extension

Requirements

To follow this tutorial, it’s assumed that

If not, please click the above links and follow the instructions to complete prerequisites. Note that if you set up your email server using iRedMail before, then your server meets all requirements and Roundcube is already installed on your server.

Now let’s proceed to install Roundcube.

Step 1: Download Roundcube Webmail on Ubuntu 22.04/20.04

Log in to your Ubuntu server via SSH, then run the following command to download the latest 1.6 stable version from Roundcube Github repository.

wget https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz

Note: You can always use the above URL format to download Roundcube from command line. If a new version comes out, simply replace 1.6.0 with the new version number. You can check if there’s a new release on Roundcube downloade page.

Extract the tarball, and move the newly created folder to web root (/var/www/) and rename it as roundcube at the same time.

tar xvf roundcubemail-1.6.0-complete.tar.gz

sudo mkdir -p /var/www/

sudo mv roundcubemail-1.6.0 /var/www/roundcube

Change into the roundcube directory.

cd /var/www/roundcube

Make the web server user (www-data) as the owner of the temp and logs directory so that web server can write to these two directories.

sudo chown www-data:www-data temp/ logs/ -R

Step 2: Install PHP Extensions

Run the following command to install the required PHP extensions. PHP8.1 is fully supported in the 1.6 release.

sudo apt install software-properties-common

sudo add-apt-repository ppa:ondrej/php

sudo apt update

sudo apt install php-net-ldap2 php-net-ldap3 php-imagick php8.1-common php8.1-gd php8.1-imap php8.1-mysql php8.1-curl php8.1-zip php8.1-xml php8.1-mbstring php8.1-bz2 php8.1-intl php8.1-gmp php8.1-redis

Step 3: Create a MariaDB Database and User for Roundcube

Log into MariaDB shell as root.

sudo mysql -u root

Then create a new database for Roundcube using the following command. This tutorial name it roundcubemail, you can use whatever name you like for the database.

CREATE DATABASE roundcubemail DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

Next, create a new database user on localhost using the following command. Again, this tutorial name it roundcube, you can use whatever name you like. Replace password with your preferred password.

CREATE USER roundcube@localhost IDENTIFIED BY 'roundcube_password';

Then grant all permission of the new database to the new user so later on Roundcube webmail can write to the database.

GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost;

Flush the privileges table for the changes to take effect.

flush privileges;

Exit MariaDB Shell:

exit;

Import the initial tables to roundcube database.

sudo mysql roundcube < /var/www/roundcube/SQL/mysql.initial.sql

Step 4: Create Apache Virtual Host or Nginx Config File for Roundcube

Apache

If you use Apache web server, create a virtual host for Roundcube.

sudo nano /etc/apache2/sites-available/roundcube.conf

Note: If you followed my Postfix/Dovecot tutorial, a virtual host already exists. you should edit the following file. (Delete the existing content.)

sudo nano /etc/apache2/sites-available/mail.example.com.conf

Put the following text into the file. Replace mail.example.com with your real domain name and don’t forget to set DNS A record for it.

<VirtualHost *:80>
  ServerName mail.example.com
  DocumentRoot /var/www/roundcube/

  ErrorLog ${APACHE_LOG_DIR}/roundcube_error.log
  CustomLog ${APACHE_LOG_DIR}/roundcube_access.log combined

  <Directory />
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  <Directory /var/www/roundcube/>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Directory>

</VirtualHost>

Save and close the file. Then enable this virtual host with:

sudo a2ensite roundcube.conf

Reload Apache for the changes to take effect.

sudo systemctl reload apache2

Now you should be able to see the Roundcube web-based install wizard at http://mail.example.com/installer.

Nginx

If you use Nginx web server, create a virtual host for Roundcube.

sudo nano /etc/nginx/conf.d/roundcube.conf

Note: If you followed my Postfix/Dovecot tutorial, a virtual host already exists. you should edit the following file. (Delete the existing content.)

sudo nano /etc/nginx/conf.d/mail.example.com.conf

Put the following text into the file. Replace the domain name and don’t forget to set DNS A record for it.

server {
  listen 80;
  listen [::]:80;
  server_name mail.example.com;
  root /var/www/roundcube/;
  index index.php index.html index.htm;

  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ \.php$ {
   try_files $uri =404;
    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /.well-known/acme-challenge {
    allow all;
  }
 location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
  }
 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }
}

Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now you should be able to see the Roundcube web-based install wizard at http://mail.example.com/installer.

Step 5: Enabling HTTPS

It’s highly recommended that you use TLS to encrypt your webmail. We can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. Run the following command to install Let’s Encrypt client (certbot) on Ubuntu 22.04/20.04 server.

sudo apt install certbot

If you use Nginx, then you also need to install the Certbot Nginx plugin.

sudo apt install python3-certbot-nginx

Next, run the following command to obtain and install TLS certificate.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.example.com

If you use Apache, install the Certbot Apache plugin.

sudo apt install python3-certbot-apache

And run this command to obtain and install TLS certificate.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.example.com

Where

  • --nginx: Use the nginx plugin.
  • --apache: Use the Apache plugin.
  • --agree-tos: Agree to terms of service.
  • --redirect: Force HTTPS by 301 redirect.
  • --hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
  • --staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

The certificate should now be obtained and automatically installed.

roundcube webmail https letsencrypt

Note: If you followed my Postfix/Dovecot tutorial, and now you install Roundcube on the same server, then certbot will probably tell you that a certificate for mail.example.com already exists as shown below, so you can choose to install the existing TLS certificate to your web server configuration file.

roundcube postfix dovecot certbot https certificate

Step 6: Adding Local DNS Entry

It’s recommended to edit the /etc/hosts file on the mail server and add the following entry, so that Roundcube won’t have to query the public DNS, which will speed up web page loading a little bit.

127.0.0.1  localhost mail.example.com

Step 7: Configure Roundcube

Go to the Roundcube configuration directory.

cd /var/www/roundcube/config/

Copy the sample configuration file.

sudo cp config.inc.php.sample config.inc.php

Edit the new file.

sudo nano config.inc.php

Find the following line, which tells Roundcube how to connect to the database.

$config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

You need to replace pass with the real Roundcube password. If the password contains special characters, you need to use percent encoding. For example, if the password is mPcEIRxyJhCz8uiWIUopqWzaSTk=, then the line will look like this:

$config['db_dsnw'] = 'mysql://roundcube:mPcEIRxyJhCz8uiWIUopqWzaSTk%3D@localhost/roundcubemail';

The special character = is represented by %3D.

Then find the following two lines.

$config['imap_host'] = 'localhost:143';

$config['smtp_host'] = 'localhost:587';

Replace the value as follows:

$config['imap_host'] = 'tls://mail.example.com:143';

$config['smtp_host'] = 'tls://mail.example.com:587';

Find the following line.

$config['des_key'] = 'rcmail-!24ByteDESkey*Str';

Replace the default key with some random characters like below.

$config['des_key'] = '58kptbzEcNKi/bc9OL90//3ATnQ=';

Next, find the following lines

// List of active plugins (in plugins/ directory)
$config['plugins'] = [
    'archive',
    'zipdownload',
];

By default, only two plugins are enabled. We can enable more plugins like below.

// List of active plugins (in plugins/ directory)
$config['plugins'] = ['acl', 'additional_message_headers', 'archive', 'attachment_reminder', 'autologon', 'debug_logger', 'emoticons', 'enigma', 'filesystem_attachments', 'help', 'hide_blockquote', 'http_authentication', 'identicon', 'identity_select', 'jqueryui', 'krb_authentication', 'managesieve', 'markasjunk', 'new_user_dialog', 'new_user_identity', 'newmail_notifier', 'password', 'reconnect', 'redundant_attachments', 'show_additional_headers', 'squirrelmail_usercopy', 'subscriptions_option', 'userinfo', 'vcard_attachments', 'virtuser_file', 'virtuser_query', 'zipdownload'];

Finally, we can enable the built-in spell-checker by adding the following line at the end of this file.

$config['enable_spellcheck'] = true;

Save and close the file.

Go to your Webmail domain and log in.

roundcube webmail elastic skin

Roundcube Webmail interface

roundcube ubuntu server apache nginx

Now you should remove the whole installer folder from the document root or make sure that enable_installer option in config.inc.php file is disabled.

sudo rm /var/www/roundcube/installer/ -r

These files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access the installer page from your browser.

Step 8: Configure the Sieve Message Filter

You can create folders in Roundcube webmail and then create rules to filter email messages into different folders. In order to do this, you need to install the ManageSieve server with the following command.

sudo apt install dovecot-sieve dovecot-managesieved

By default, Postfix uses its builtin local delivery agent (LDA) to move inbound emails to the message store (inbox, sent, trash, Junk, etc). We can configure it to use Dovecot to deliver emails, via the LMTP protocol, which is a simplified version of SMTP. LMTP allows for a highly scalable and reliable mail system and it is required if you want to use the sieve plugin to filter inbound messages to different folders.

Install the Dovecot LMTP Server.

sudo apt install dovecot-lmtpd

Edit the Dovecot main configuration file.

sudo nano /etc/dovecot/dovecot.conf

Add lmtp and sieve to the supported protocols.

protocols = imap lmtp sieve

Save and close the file. Then edit the Dovecot 10-master.conf file.

sudo nano /etc/dovecot/conf.d/10-master.conf

Change the lmtp service definition to the following.

service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
  }
}

Next, edit the Postfix main configuration file.

sudo nano /etc/postfix/main.cf

Add the following lines at the end of the file. The first line tells Postfix to deliver emails to local message store via the dovecot LMTP server. The second line disables SMTPUTF8 in Postfix, because Dovecot-LMTP doesn’t support this email extension.

mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no

Save and close the file. Open the /etc/dovecot/conf.d/15-lda.conf file.

sudo nano /etc/dovecot/conf.d/15-lda.conf

Scroll to the end of the file, uncomment the mail_plugins line and add the sieve plugin to local delivery agent (LDA).

protocol lda {
    # Space separated list of plugins to load (default is global mail_plugins).
    mail_plugins = $mail_plugins sieve
}

Save and close the file. If you can find the 20-lmtp.conf file under /etc/dovecot/conf.d/ directory, then you should also enable the sieve plugin in that file like below.

protocol lmtp {
      mail_plugins = quota sieve
}

Edit the /etc/dovecot/conf.d/10-mail.conf file.

sudo nano /etc/dovecot/conf.d/10-mail.conf

Sieve scripts are stored under each user’s home directory. If you followed my PostfixAdmin tutorial and are using virtual mailbox domains, then you need to enable mail_home for the virtual users by adding the following line in the file, because virtual users don’t have home directories by default.

mail_home = /var/vmail/%d/%n

Save and close the file.

Finally, restart Postfix and Dovecot.

sudo systemctl restart postfix dovecot

Now you can go to Roundcube webmail, open an email message and click the more button, and select create filters to create message filters. For example, I create a filter that moves every email sent from redhat.com to the Red Hat folder.

roundcube sieve filter

If you don’t have the create filter option, it’s probably because you didn’t enable the managesieve plugin. Edit the config.inc.php file.

sudo nano /var/www/roundcube/config/config.inc.php

At the end of this file, you will find a list of active plugins. add the managesieve plugin in the arrary. The plugin order doesn’t matter.

// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = ['acl', 'additional_message_headers', 'archive', 'attachment_reminder', 'autologon', 'database_attachments', 'debug_logger', 'emoticons', 'enigma', 'filesystem_attachments', 'help', 'hide_blockquote', 'http_authentication', 'identicon', 'identity_select', 'jqueryui', 'krb_authentication', 'managesieve', 'markasjunk', 'new_user_dialog', 'new_user_identity', 'newmail_notifier', 'password', 'reconnect', 'redundant_attachments', 'show_additional_headers', 'squirrelmail_usercopy', 'subscriptions_option', 'userinfo', 'vcard_attachments', 'virtuser_file', 'virtuser_query', 'zipdownload'];

Save and close the file.

Note that if you move a sieve filter set from an old mail server to your new mail server, you need to go to Settings -> Filters, then click Actions and enable the filter set, or Dovecot LMTP server won’t execute the sieve filter.

Step 9: Removing Sensitive Information from Email Headers

By default, Roundcube will add a User-Agent email header, indicating that you are using Roundcube webmail and the version number. You can tell Postfix to ignore it so recipient can not see it. Run the following command to create a header check file.

sudo nano /etc/postfix/smtp_header_checks

Put the following lines into the file.

/^User-Agent.*Roundcube Webmail/            IGNORE

Save and close the file. Then edit the Postfix main configuration file.

sudo nano /etc/postfix/main.cf

Add the following line at the end of the file.

smtp_header_checks = regexp:/etc/postfix/smtp_header_checks

Save and close the file. Then run the following command to rebuild hash table.

sudo postmap /etc/postfix/smtp_header_checks

Reload Postfix for the change to take effect.

sudo systemctl reload postfix

Now Postfix won’t include User-Agent: Roundcube Webmail in the headers when sending outgoing emails.

Step 10: Configure the Password Plugin in Roundcube

Roundcube includes a password plugin that allows users to change their passwords from the webmail interface. Edit the config.inc.php file.

sudo nano /var/www/roundcube/config/config.inc.php

Make sure the password plugin in the plugin list at the end of this file. The plugin order doesn’t matter.

$config['plugins'] = array('acl', 'additional_message_headers', 'password', .....);

Save and close the file.

However, we need to configure this plugin before it will work. Run the following command to copy the distributed password plugin config file to a new file.

sudo cp /var/www/roundcube/plugins/password/config.inc.php.dist /var/www/roundcube/plugins/password/config.inc.php

Edit the password plugin configuration file.

sudo nano /var/www/roundcube/plugins/password/config.inc.php

Find the following line:

$config['password_db_dsn'] = '';

This parameter is used to tell the password plugin where the user passwords are stored. By default, the value is empty and it will query the roundcube database, which doesn’t store user passwords. If you followed my PostfixAdmin tutorial, then user passwords are stored in the postfixadmin.mailbox table, so we need to change the value to:

$config['password_db_dsn'] = 'mysql://postfixadmin:postfixadmin_database_password@127.0.0.1/postfixadmin';

The tells the password plugin to connect to the postfixadmin database. If you don’t remember your postfixadmin database password, you can find it in the /etc/dovecot/dovecot-sql.conf.ext file. If your PostfixAdmin password contains a single quote character, then you can use backslash (\') to escape it.

Then find the following line.

$config['password_query'] = 'SELECT update_passwd(%c, %u)';

Change it to the following.

$config['password_query'] = 'UPDATE mailbox SET password=%P,modified=NOW() WHERE username=%u';

I recommend enabling a password strength checker to prevent users from setting weak passwords. Go to the beginning of this file, you can find the following line.

$config['password_strength_driver'] = null;

We can use the zxcvbn password strength driver, so change it to:

$config['password_strength_driver'] = 'zxcvbn';

Add the following line in this file to allow strong passwords only.

$config['password_zxcvbn_min_score'] = 5;

Note: The $config['password_minimum_score'] parameter doesn’t work with the zxcvbn driver, so leave it alone.

You can also set a minimum length for the password. Find the following line.

$config['password_minimum_length'] = 0;

Change it to:

$config['password_minimum_length'] = 8;

Recall that we used the ARGON2I password scheme in the PostfixAdmin tutorial, so we also need to configure the password plugin to use ARGON2I. Find the following lines in the file.

$config['password_algorithm'] = 'clear';

By default, the password will be stored as clear text, change the value to the following to use Dovecot’s builtin password algorithm.

$config['password_algorithm'] = 'dovecot';

Then find the following line, which tells where the Dovecot’s password hash generator is located.

$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x

Change it to the following.

$config['password_dovecotpw'] = '/usr/bin/doveadm pw -r 5';

Then find the following line, which tells which password scheme will be used.

$config['password_dovecotpw_method'] = 'CRAM-MD5';

Change it to:

$config['password_dovecotpw_method'] = 'ARGON2I';

Find the following line.

$config['password_dovecotpw_with_method'] = false;

Change false to true. This will add a {ARGON2I} prefix to the hashed password, so you will recognize which password scheme is used.

$config['password_dovecotpw_with_method'] = true;

Save and close the file. Since this file contains the database password, we should allow only the www-data user to read and write to this file.

sudo chown www-data:www-data /var/www/roundcube/plugins/password/config.inc.php
sudo chmod 600 /var/www/roundcube/plugins/password/config.inc.php

Now users should be able to change their passwords in the Roundcube webmail interface.

roundcube webmail change password

How to Set Up Vacation/Out-of-Office Messages

We can use the sieve filter to create vacation/out-of-office messages. Go to Roundcube Settings -> Filters. Then click the create button to create a filter.

  • Give this filer a name like “out of office”.
  • New filters are not disabled, so you can leave the button alone.
  • In the Scope field, select all messages.
  • Select Reply with message in the Actions settings, and enter the message that will be automatically sent.
  • Enter 1 in how often send messages, so the auto-reply will be sent only once per day for each sender. If you set this value to 7, then the auto-reply will be sent once per 7 days for each sender.
  • Leave other text fields empty.
  • Click the Save button and you are done.

roundcube vacation out of office message

When you are back to office, you can toggle the “Filter disabled” button, and click the Save button to disable this filter.

Increase Upload File Size Limit

If you use PHP-FPM to run PHP scripts, then files such as images, PDF files uploaded to Roundcube can not be larger than 2MB. To increase the upload size limit, edit the PHP configuration file.

sudo nano /etc/php/8.1/fpm/php.ini

Find the following line (line 846).

upload_max_filesize = 2M

Change the value like below. Note that this value should not be larger than the attachment size limit set by Postfix SMTP server.

upload_max_filesize = 50M

Then find the following line (line 694).

post_max_size = 8M

Change the maximum size of POST data that PHP will accept.

post_max_size = 50M

Save and close the file. Alternatively, you can run the following two commands to change the value without manually opening the file.

sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 50M/g' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/post_max_size = 8M/post_max_size = 50M/g' /etc/php/8.1/fpm/php.ini

Then restart PHP-FPM.

sudo systemctl restart php8.1-fpm

Nginx also sets a limit of upload file size. The default maximum upload file size limit set by Nginx is 1MB. If you use Nginx, edit the Nginx configuration file.

sudo nano /etc/nginx/conf.d/mail.example.com.conf

Add the following line in the SSL virtual host.

client_max_body_size 50M;

Save and close the file. Then reload Nginx for the changes to take effect.

sudo systemctl reload nginx

There are 3 plugins in Roundcube for attachments/file upload:

  • database_attachments
  • filesystem_attachments
  • redundant_attachments

Roundcube can use only one plugin for attachments/file uploads. I found that the database_attachment plugin can be error_prone and cause you trouble. To disable it, edit the Roundcube config file.

sudo nano /var/www/roundcube/config/config.inc.php

Scroll down to the end of this file. You will see a list of active plugins. Remove 'database_attachments' from the list. Note that you need to activate at least one other attachment plugin, for example, filesystem_attachments.

// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = ['acl', 'additional_message_headers', 'archive', 'attachment_reminder', 'autologon', 'debug_logger', 'emoticons', 'enigma', 'filesystem_attachments', 'help', 'hide_blockquote', 'http_authentication', 'identicon', 'identity_select', 'jqueryui', 'krb_authentication', 'managesieve', 'markasjunk', 'new_user_dialog', 'new_user_identity', 'newmail_notifier', 'password', 'reconnect', 'redundant_attachments', 'show_additional_headers', 'squirrelmail_usercopy', 'subscriptions_option', 'userinfo', 'vcard_attachments', 'virtuser_file', 'virtuser_query', 'zipdownload'];

Save and close the file.

Setting Up Multiple Mail Domains

To host multiple mail domains, please read the following article:

Troubleshooting Tips

If you encounter errors, you can check the web server error logs at /var/log/apache2/roundcube_error.log (if you are using Apache), or /var/log/nginx/roundcube.error (if you are using Nginx.), also the Roundcube error logs in /var/www/roundcube/logs/ directory.

Connection to Storage Server Failed

If you see the Connection to storage server failed error when trying to log into RoundCube, it’s probably because

  • Dovecot server isn’t running. You can restart Dovecot with sudo systemctl restart dovecot and check its status with systemctl status dovecot.
  • You are using a self-signed TLS certificate. Roundcube requires a valid TLS certificate issued from a trusted certificate authority such as Let’s Encrypt.
  • Your TLS certificate expired. You can renew the Let’s Encrypt TLS certificate with sudo certbot renew, then restart Postfix and Dovecot (sudo systemctl restart postfix dovecot).

You can also try adding a custom DNS entry in /etc/hosts file as described in step 8 on the Roundcube server, so Roundcube can properly resolve the mail server hostname.

Could Not Load Message From Server

If you see the “Internal error: could not load message from server” error, it’s probabaly because you are trying to open an deleted email (invalid URL). Try going to the mail root domain (mail.example.com) to see if it works.

Sieve Message Filter Doesn’t Work?

If you followed step 8 to set up sieve filter to the letter, but still can’t get it to work, then you can enable debugging in Dovecot to find out what’s wrong.

sudo nano /etc/dovecot/dovecot.conf

Add the following line at the end of this file to enable debugging in Dovecot.

mail_debug=yes

Save and close the file. Then restart Dovecot.

sudo systemctl restart dovecot

Next, send a test email to your domain email address and open the mail log file.

sudo nano /var/log/mail.log

You can find debugging information for Sieve message filter. For example, I found that Dovecot was unable to run my Sieve script.

Jan 10 11:35:24 mail dovecot: lmtp([email protected]) Debug: sieve: Aborted running script `/var/vmail/linuxbabe.com/xiao/.dovecot.svbin'

It turns out that my Sieve filter has too many rules and some of them are conflicting with each other. I delete those conflicting rules and it works again.

Temporary lookup failure (Code: 451)

If you encounter this error when trying to send an email in Roundcube, it’s probably something wrong with your Postfix configuration. For example, some folks might have the following error in the /var/log/mail.log file.

warning: connect to pgsql server localhost: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "postfixadmin"?connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "postfixadmin"?

This means your password authentication for the Postfixadmin database is not working.

How to Upgrade Roundcube

It’s very simple. For example, here’s how to upgrade to Roundcube 1.5.3 after it’s released.

Download the Roundcube latest version to your home directory.

cd ~

wget https://github.com/roundcube/roundcubemail/releases/download/1.5.3/roundcubemail-1.5.3-complete.tar.gz

Extract the archive.

tar xvf roundcubemail-1.5.3-complete.tar.gz

Change the owner to www-data.

sudo chown www-data:www-data roundcubemail-1.5.3/ -R

Then run the install script.

sudo roundcubemail-1.5.3/bin/installto.sh /var/www/roundcube/

Once it’s done, log in to Roundcube webmail and click the About button to check what version of Rouncube you are using.

Wrapping Up

I hope this tutorial helped you install Roundcube Webmail on Ubuntu 22.04/20.04. As always, if you found this post useful, subscribe to our free newsletter to get more tips and tricks 🙂

Rate this tutorial
[Total: 17 Average: 4.9]

92 Responses to “Install Roundcube Webmail on Ubuntu 22.04/20.04 with Apache/Nginx

  • Harrison
    3 years ago

    Hi! Thank you very much for the tutorials you provide. I am wondering if it’s possible to allow users to register for free on my own mail server. Just like what Gmail is providing. Thanks awaiting your response.

    • Xiao Guoan (Admin)
      3 years ago

      I didn’t find any open-source web applications that allow you to do that with PostfixAdmin/Roundcube. I think you need to develop this kind of web app by yourself.

  • Hi! Excellent tutorials!

    How would one go about configuring roundcube (on the same server with: postfix, dovecot and postfixadmin) running behind haproxy?

    SSL is terminated in haproxy and roundcube is running on the mail server.
    Ports 587 and 993 are forwarded respectively as send-proxy and send-proxy-v2 to the mail server.
    Postfix is listening to 10587(STARTTLS) and dovecot to 10993(SSL) on the mail server.

    Just can’t get a connection from roundcube to smtp and imap. Everything else is running smoothly thanks to your HAProxy tutorial! Any advice would be much appreciated. Cheers!

    • Xiao Guoan (Admin)
      3 years ago

      You can add a custom DNS record in /etc/hosts file on the mail server, pointing the A record to the mail server itself, instead of pointing it to the HAProxy server.

  • Hello Xiao,
    before starting the roundcube installation I want to ask you a question, please:
    So, if we have already our mail.example.com.conf virtual host file from the previousDovecot/Postfix tutorial file from previous we do not need to create a roundcube.conf file and to use our mail.example.com instead, right? Then, this file is already populated with content, much of it on behalf of certbot. So, what should we do, adding extra the text you provide us or delete all the old content and add this new one?
    Thank You!

    • Xiao Guoan (Admin)
      3 years ago

      Delete the old content and add the lines provided in this article.

  • Ângelo Oliveira
    3 years ago

    Hello I followed you steps but apache doesn’t show me anything i can’t see the installer could you give a hand ?

    • Xiao Guoan (Admin)
      3 years ago

      If you encounter errors, you can check the error logs at /var/log/apache2/roundcube_error.log (if you are using Apache), or /var/log/nginx/roundcube.error (if you are using Nginx.)

  • Sebka97
    3 years ago

    Hello i’m getting this error when trying to send a mail

    SMTP Error (451): Failed to add recipient “mail.mail.com” (4.3.0) “mail.mail.com” Temporary lookup failure

    • Xiao Guoan (Admin)
      3 years ago

      It’s not an email address. Of course it would fail.

  • Sebka97
    3 years ago

    It is I’m sending it to my Gmail to test it and I get this error

    • Sebka97
      3 years ago

      Is there anything I can check why I’m getting this error tried different emails same error I get

    • Xiao Guoan (Admin)
      3 years ago

      Check your mail log (/var/log/mail.log)

      • Sebka97
        3 years ago

        This is the error.

        Jun 28 06:24:18 mail postfix/submission/smtpd[50421]: warning: proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf lookup error for “[email protected]”
        Jun 28 06:24:18 mail postfix/submission/smtpd[50421]: NOQUEUE: reject: RCPT from cpc85848-haye24-2-0-cust113.17-4.cable.virginm.net[82.44.14.114]: 451 4.3.0 : Temporary lookup failure; from= to= proto=ESMTP helo=
        Jun 28 06:24:18 mail postfix/submission/smtpd[50421]: disconnect from cpc85848-haye24-2-0-cust113.17-4.cable.virginm.net[82.44.14.114] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=7/8
        
    • Xiao Guoan (Admin)
      3 years ago

      Open the /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf file. Make sure you have entered the correct password for the postfixadmin user.

      • Sebka97
        3 years ago

        I’ve checked and get same error…

      • Sebka97
        3 years ago

        Is there anything else I can check ? Why is this happening ?

    • Xiao Guoan (Admin)
      3 years ago

      Perhaps the postfixadmin password contains some special characters that are interpreted as meta-characters.

      • Sebka97
        3 years ago

        Only letters and numbers

        • Sebka97
          3 years ago

          I will try and install maybe IRedMail but could you tell me how can I run more then just the mail website as I don’t understand how to use the templates there to run the mail and other subdomains

    • Xiao Guoan (Admin)
      3 years ago

      You can edit the /etc/postfix/master.cf file

      sudo nano /etc/postfix/master.cf

      Find the following line

      smtp      inet  n       -       y       -       -       smtpd

      Add the -v flag.

      smtp      inet  n       -       y       -       -       smtpd -v

      Save and close the file. Then restart Postfix

      sudo systemctl restart postfix

      Postfix will produce more verbose debugging logs in /var/log/mail.log

  • Sebka97
    3 years ago
     Jul  8 10:35:24 mail postfix/proxymap[491828]: warning: mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf: query failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1' at line 1
    Jul  8 10:35:24 mail postfix/submission/smtpd[491827]: warning: proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf lookup error for "[email protected]"
    Jul  8 10:35:24 mail postfix/submission/smtpd[491827]: NOQUEUE: reject: RCPT from cpc85848-haye24-2-0-cust113.17-4.cable.virginm.net[82.44.14.114]: 451 4.3.0 : Temporary lookup failure; from= to= proto=ESMTP helo=
    Jul  8 10:35:24 mail postfix/submission/smtpd[491827]: disconnect from cpc85848-haye24-2-0-cust113.17-4.cable.virginm.net[82.44.14.114] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=7/8 
    query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1
    • Sebka97
      3 years ago

      I’ve fixed it but now I get this error

       host gmail-smtp-in.l.google.com[173.194.76.26] said:
          550-5.7.1 [82.44.14.114] The IP you're using to send mail is not authorized
          to 550-5.7.1 send email directly to our servers. Please use the SMTP relay
          at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1
          https://support.google.com/mail/?p=NotAuthorizedError b18si22548156wrs.358
          - gsmtp (in reply to end of DATA command) 
    • Xiao Guoan (Admin)
      3 years ago

      It seems you are running a mail server with a residential IP address. That’s why Gmail refused to receive emails from your mail server. Consider using a data center IP address (VPS).

  • James
    3 years ago

    Many thanks for this fantastic setup guide.

  • Kevin Hanrahan
    3 years ago

    I’ve followed all the steps above, and my set up is from your tutorials on how to set up a mail server from scratch, got all the way through DMARC and decided to set up Roundcube. Get to the installer, and everything checks out OK. Make the config file and everything checks OK, and then I try to test the IMAP and SMTP, and get NOT OK.

    SMTP send:  NOT OK(Invalid sender or recipient)
    IMAP connect:  NOT OK(Login failed for [email protected] against mail.example.com from 192.168.1.1. Could not connect to ssl://mail.kevinghanrahan.com:993: Unknown reason)

    Checked error logs and the apache2 roundcube log says there is an issue with deprecated {}. The error log in /var/www/roundcube/logs says:

    IMAP Error: Login failed for [email protected] against mail.example.com from 192.168.1.1. Could not connect to ssl://mail.example.com:993: Unknown reason in /var/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login

    Mail log give:

     imap-login: Disconnected (no auth attempts in 0 secs): user=, rip=192.168.1.1, lip=192.168.1.105, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session=
    

    My SSL is a wildcard SSL. Can you help me figure this out? I’ve googled until my fingers hurt, and there seems to be no answer.

    BTW: Thunderbird can send and receive just fine, as can my phone email client. Just seems this web thing is problematic.

    • Kevin Hanrahan
      3 years ago

      UPDATE: So I was able to get the login to work. Had to add the ssl config from defaults.inc.php and point to my certificate chain. Still having trouble with SMTP Invalid sender or recipient. Can’t seem to see what the issue is.

      • Kevin Hanrahan
        3 years ago

        UPDATE: So, after fiddling and fiddling, I just decided to log into Roundcube, since I could, and see if I could send an email. I was able. So, I guess it is fixed.

  • dilyan
    3 years ago

    Hello,

    Thank’s a lot fo tutorial everything works perfect.
    Is someone find a way to fix The maximum upload file size: 2 MB?
    I try many things but no result. I remember that in old Roundcube е versions there is such options in installer , but now when I make the configurations there is no such option.

    • Xiao Guoan (Admin)
      3 years ago

      Hello dilyan,

      I just added instructions here on how to increase upload file size limit in Roundcube 🙂

  • Hello Xiao,

    Do you have any fail2ban jail to protect roundcube installations?

    Thank You so much.

  • Dilyan Stoynov
    3 years ago

    Hello Xiao,

    Thank you very much for your time, the information was very useful for me.

  • Hi, this is a really good tutorial – however, I think I’ve missed a step. I’m receiving the error :

    Sep 12 12:44:06 myhost dovecot: imap(pt): Error: mkdir(/home/pt/Maildir) failed: Permission denied (euid=1000(pt) egid=1000(pt) missing +w perm: /home, dir owned by 0:0 mode=0755)
    Sep 12 12:44:06 myhost dovecot: imap(pt): Error: mkdir(/home/pt/Maildir) failed: Permission denied (euid=1000(pt) egid=1000(pt) missing +w perm: /home, dir owned by 0:0 mode=0755)
    Sep 12 12:44:06 myhost dovecot: imap(pt): Error: Mailbox INBOX: Failed to autocreate mailbox: Internal error occurred. Refer to server log for more information. [2020-09-12 12:44:06]

    I’m hoping you can help with this as to where I’ve gone wrong or how I can resolve this. Also, when you create a new user is there any thing else I would need to do ?

    • Xiao Guoan (Admin)
      3 years ago

      Are you using a canonical domain or virtual mailbox domain in Postfix?

  • Gabriel
    3 years ago

    Hi, at the beginning I would like to thank you for the mass of valuable content, thanks to which I am preparing a new mail server.
    I would like to ask you how to change the settings so that when creating a new user in linux he will have a default mailbox with a domain without the host name “mail”.
    Command: `sudo adduser user` I created a new user and when I log in to the Roundcube panel an account is assigned to the mail.example.com domain instead of example.com. How to change it ?

    Translated with www.DeepL.com/Translator (free version)

  • Darrel
    3 years ago

    Hey, I have been using a number of your guides for the past few weeks and find them to be some of the best on the internet. Well done!!

    I have a single server that is totally under my control. It is serving 4 domains. I used a new Ubuntu 20.04 installation and configured Postfix, Dovecot, and PostfixAdmin to establish a number of virtual users with associated “mailboxes” using your other guides. I can receive and send mail via Thunderbird and a phone (both remote). So far, all is well.

    When I attempt to configure the Roundcube software to connect to the email accounts, I cannot seem to find the correct combination of parameters to make the connection. When I use a “tls://mail.my-domain.com” for the IMAP or SMTP connections I get error messages. The IMAP reports “unable to negotiate TLS”. The SMTP error was “STARTTLS failed”.

    I tried using localhost as the sever and was able to connect to IMAP, but the SMTP connection indicated an error that authentication was not enabled.

    Do you have any suggestions as to what I might be doing wrong? Is my problem potentially associated with the PostfixAdmin and/or the virtual users?

    • Darrel
      3 years ago

      I have made some progress: I am able to authenticate IMAP login using “localhost” and not connecting through an SSL connection since I am on the same server. However, I am getting the following error when attempting SMTP using “localhost”: “Authentication failure: SMTP server does not support authentication (Code: )”.

      This is probably correct since I think I recall disabling local SMTP authentication. However, the RoundCube site is on the same server. So do I need to re-enable local authentication? Is that dangerous?

    • Xiao Guoan (Admin)
      3 years ago

      As explained in the article, the IMAP host should be

      tls://mail.example.com  port: 143

      The SMTP host should be

      tls://mail.example.com  port: 587

      If you can login from Thunderbird, it doesn’t make sense you can’t log in from Roundcube using the above settings.

  • Darrel
    3 years ago

    Well, you are correct: It doesn’t make sense. Until … I noticed that Thunderbird was accepting all certificates. I went and did a certificate check with a different E-mail client and found that the certificate did not list mail.example.com as served by that certificate.

    I set up a number of sites on the same server and am using PostfixAdmin (some of your other tutorials) to serve virtual accounts. And RoundCube was looking for a certificate with the matching mail server name. Your other tutorial assumes that I already have RoundCube up and running. I did not. And RoundCube installer did not give enough information to tell me why it was failing.

    It was my fault for not recognizing that the certificate had not been set up yet for multiple virtual servers. You might consider pointing to the other tutorial in this one. (Or perhaps indicating that a person would want to create a multi-site certificate if they are hosting more than one.) In any case I figured it out. Eventually.

    Thanks for your help. And thanks for the wonderful tutorials.

    • Xiao Guoan (Admin)
      3 years ago

      Yes, you need a multi-site certificate, and thanks for the tip.

  • Dudley
    3 years ago

    Hey, I’m getting an error while trying to import the initial tables to the roundcube database. I think it’s because I have a password set for my root sql user. Would there be any way to get around this?

    Error:

    ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
    • Xiao Guoan (Admin)
      3 years ago

      If you use password authentication, then use the following command to import initial tables. It will prompt you to enter MariaDB root password.

      mysql -u root -p roundcube < /var/www/roundcube/SQL/mysql.initial.sql
  • carel
    3 years ago

    Through the help of your tutorials I have been able to setup two virtual hosts, mail.teseling.me and mail.teseling.com and am able to send and receive email through Thunderbird.
    I would like to also webmail for these two email hosts and followed your tutorial. However; when I type in https://mail.teseling.me/installer the Firefox returns a “Not Found – The requested URL was not found on this server.” It also indicates under the line “Apache/2.4.41 (Ubuntu) Server at mail.teseling.me Port 443”.
    When I type just https://mail.teseling.me it returns “Index of /
    [ICO] Name Last modified Size Description
    Apache/2.4.41 (Ubuntu) Server at mail.teseling.me Port 443”

    /var/www/roundcube/logs/errors.log indicates an access issue:

    DB Error: SQLSTATE[HY000] [1044] Access denied for user 'roundcubeuser'@'localhost' to database 'roundcubemail' in /var/www/roundcube/program/lib/Roundcube/rcube_db.php on line 175 (GET /)

    your feedback would be appreciated.

    • Xiao Guoan (Admin)
      3 years ago

      If you host multiple domains on your mail server, you only need to follow this once. You don’t need to apply this tutorial on the second domain.

      As for the SQL database error, make sure you have entered the correct password for this roundcuberuser in the setup wizard. You can try to login as the roundcubeuser with the following command, which will ask you the password.

      mysql -u roundcubeuser -p

      If you messed up your roundcube files, you can remove the web directory.

      sudo rm /var/www/roundcube/ -r

      Then download the Roundcube tar.gz file again and reinstall RoundCube.

      • Carel
        3 years ago

        Thanks Xiao,
        I was able to log into mysql with the command you supplied and the password for roundcube.
        In /var/www/roundcube/config/config.inc.php I can see the following line:

        $config['db_dsnw'] = 'mysql://roundcubeuser:CORRECTpassword@localhost/roundcubemail';

        and the password is correct.
        Is there any other places I should look where I may need to correct it?

        • Carel
          3 years ago

          When I logged into mysql with the command you supplied and the entered the command mysql> show databases; it displays the following:

          +--------------------+
          | Database           |
          +--------------------+
          | information_schema |
          | roundcube          |
          +--------------------+
          2 rows in set (0.00 sec)

          Should I be concerned that there isn’t a database roundcubemail listed?

    • Xiao Guoan (Admin)
      3 years ago

      It seems your RoundCube files are corrupted. I recommend reinstalling Roundcube.

      Remove the web directory.

      sudo rm /var/www/roundcube/ -r

      Remove the roundcube database.

      sudo mysql -u root
      
      drop database roundcube;

      Then download the Roundcube tar.gz file again and reinstall RoundCube.

      • Carel
        3 years ago

        Thanks Xiao,
        I now realize the database shouldn’t have been roundcubemail (as in my second post but should have been roundcube.

        I reinstalled roundcube as you suggested and it seems as if it installed correctly. However, when I try to send the test email I get the message:
        “Trying to send email…
        SMTP send: NOT OK(Authentication failure: STARTTLS failed (Code: ))”

        and when I click on “Check login” to test IMAP config I get the following message:
        “Connecting to ssl://mail.teseling.com…
        IMAP connect: NOT OK(Login failed for [email protected] against mail.teseling.com from 127.0.0.1. Could not connect to ssl://mail.teseling.com:993: Unknown reason)”

        I can’t see any error messages in the roundcube error logs.

    • Xiao Guoan (Admin)
      3 years ago

      Check the mail log (/var/log/mail.log) to debug this error.

  • Hi Xiao

    thanks for taking the time for an excellent series of articles.

    I have a ubuntu server with apache, mariadb, and wordpress. all working beautifully and no issues.

  • Steven Griffiths
    3 years ago

    Hi 🙂 Thank you for all the guides, I’m finishing off setting up Postfix and Dovecot for someone with this Roundcube guide, I don’t suppose you’ve set up the Roundcube ACL plugin with your Postfix/Dovecot installation before?

    I’ve found a couple of partial guides to simple ACL with Dovecot, but I can’t seem to enable ACL properly, testing it in telnet gives me “BAD Error in IMAP command SETACL: ACLs disabled” as soon as I try any SETACL command. I assume I’m just enabling it in the wrong place, the guides I’m following have a single dovecot.conf file rather than the conf.d directory but I’ve tried pretty much every combination that makes sense to me, plus a few that didn’t just in case…

    Everything else is working beautifully, best guide to setting up a proper grown up mail server that I’ve seen since qmailrocks was a thing! 🙂

    Thanks, the

  • Hello and Thank you for your tutorials.

    I’m new to linux and creating a email server from scratch.

    I’ve completed steps 1 to 3 (postfix, dovecot, postfixadmin) with success.
    I’m able to send emails internally and outside however I’m really stuck with setting up roundcube
    In the installer all checks were OK accept when testing the config.

    Test SMPT config resulted in SMTP send:

     NOT OK(Connection failed: Failed to connect socket: Connection timed out)

    Test IMAP config resulted in

    NOT OK(Login failed for [email protected] against mail.domain.com from 10.10.0.80. Could not connect to ssl://mail.mydomain.com:993: Connection timed out)

    looking in the /var/www/roundcube/logs I get an error when trying to log in

    [24-Feb-2021 15:26:21 -0500]:  IMAP Error: Login failed for [email protected] against mail.mydomain.com from 10.10.0.80. Could not connect to ssl://mail.mydomain.com:993: Connection timed out in /var/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login).

    I also received a message “connection to storage server failed” when attempting to login on the webpage.

    I made sure that dovecot status was active.

    Would you have any suggestions where I can look to resolve this issue.

    Your help would be much appreciated.

    Thanks,

    • Xiao Guoan (Admin)
      3 years ago

      Are you using a self-signed TLS certificate, and is your TLS certificate expired?

  • Hello Xiao, and thank you for your reply.

    No it is not a self singed certificate. The certificate was created from letsencrypt using your tutorial.
    I just checked and it is in the directory /etc/letsencrypt/live/mail.mydomain.com

    • Xiao Guoan (Admin)
      3 years ago

      Test SMTP and IMAP again, then check the mail log (/var/log/mail.log).

  • I ran both tests, SMTP and IMAP, where both of them failed. I checked mail.log and nothing was written.

    • Xiao Guoan (Admin)
      3 years ago

      That could mean there’s firewall preventing you from connecting to the SMTP submission port and IMAP port.

      You can use telnet to check if you can access port 587 and 993.

      telnet mail.your-domain.com 587

      and

      telnet mail.your-domain.com 993

      If port 587 and 993 can be accessed, you should see something like

      Trying xx.xx.xx.xx...
      Connected to mail.linuxbabe.com.
      Escape character is '^]'.
      220 mail.linuxbabe.com ESMTP Postfix (Ubuntu)
      

      Type quit to close the connection.
      If port 587 and 993 can’t be accessed, you can see an output like

      Trying xx.xx.xx.xx...
      telnet: Unable to connect to remote host: Connection timed out
      

      By the way, I see your client’s IP address is 10.10.0.80. Is RoundCube webmail installed on the mail server or on another box?

      • I ran the telnet test as you requested on the mail server (virtualbox) with static IP 10.10.0.150 where both ports timed out with no connection.

        when I run the telnet test on a virtualbox Ubuntu desktop PC (10.10.0.143) I’m able to connect on ports 587 and 993.

        the 10.10.0.XX is on my LAN network behind a pfSense firewall. In order for me to send email internally between accounts and open postfixadmin on a web browser I need to add host overrides on dns resolver

        So in a nut shell I’m able to send emails internally between email accounts e.g. test1, test2 and test3 and send email outbound.
        When I send email from the outside (gmail) to the mail server I have a rule on the WAN interface which allows mail to reach the mail server using a public IP to private IP (1:1 NAT) which works perfectly.

        10.10.0.80 is my windows pc which is hosting the virtualbox.

        Just cannot figure out why I can’t get roundcube to connect

        Karl

    • Xiao Guoan (Admin)
      3 years ago

      If you install Roundcube on the mail server, then there shouldn’t be a firewall problem.

      On the mail server, you can edit /etc/hosts file and add the following entry, so that Roundcube won’t have to query the public DNS, which will speed up web page loading a little bit.

      127.0.0.1  localhost mail.example.com
      • Thank You for your Help Xiao,

        Adding 127.0.0.1 mail.mydomain.com to the /etc/hosts file worked.

  • Matti
    3 years ago

    Hi, i followed the tutorials and everything else seems to work, but virtual mailboxes wont work, so the mail cannot be delivered to me, but i can send mail just fine.

    This is the error im getting in syslog.log:

     
    Feb 26 20:40:49 newmail dovecot[53464]: imap([email protected]): Error: Namespace '': Mail storage autodetection failed with home=/var/vmail/newmail.domain.com/username
    
    Feb 26 20:40:49 newmail dovecot[53464]: imap([email protected]): Namespace '': Mail storage autodetection failed with home=/var/vmail/newmail.domain.com/username in=0 out=391 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
    

    Even if i manually create the corrent path i get the same error.

    • Matti
      3 years ago

      This is set, so it shouldnt it work?
      /etc/dovecot/conf.d/10-mail.conf

      mail_home = /var/vmail/%d/%n
      
      • Matti
        3 years ago

        Oh i figured it out…

        i thought i didnt need

        mail_location = maildir:~/Maildir 

        after we added

        mail_home = /var/vmail/%d/%n

        I added mail_location back and everything works 🙂

  • David Ellestad
    3 years ago

    This is by far the best set of guides I have come across in setting up LEMP, PostfixAdmin, MariaDB, and Roundcube on Linux installs in the number of years I have been running a private email server.

    One error I am coming across is when trying to send emails from the Roundcube interface. Emails are sent just fine if I use a mobile interface like my laptop or phone, but I cannot get the webmail interface from the server to send. I spun up a VPS instance at ScalaHosting to test drive this setup before I migrate my database data from the old server.

    First issue to pop up was in the Roundcube test config screen after saving the config:

    Trying to send email...
    SMTP send:  NOT OK(Connection failed: Failed to connect socket: fsockopen(): unable to connect to ssl://mail.albionparadigm.org:587 (Unknown error))
    

    Like I said before, connecting from another source like a phone/computer works just fine, but something about the localhost is causing heartburn.

    The mail.log file does not give a whole log of information to go on:

    Mar  9 21:04:45 mail postfix/submission/smtpd[6144]: connect from localhost[127.0.0.1]
    Mar  9 21:04:45 mail postfix/submission/smtpd[6144]: lost connection after UNKNOWN from localhost[127.0.0.1]
    Mar  9 21:04:45 mail postfix/submission/smtpd[6144]: disconnect from localhost[127.0.0.1] unknown=0/1 commands=0/1
    

    Content inside the master.cf file is straight from the guide:

    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_tls_wrappermode=no
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
      -o smtpd_sasl_type=dovecot
      -o smtpd_sasl_path=private/auth
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o milter_macro_daemon_name=ORIGINATING
    
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
      -o smtpd_sasl_type=dovecot
      -o smtpd_sasl_path=private/auth
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o milter_macro_daemon_name=ORIGINATING
    

    Any insight would be very helpful. Thanks.

  • David E
    3 years ago

    Woot just solved the issue!

    The Roundcube installer is setup with a default port of 587 for the outgoing SMTP server. Changing from 587 to 465 fixed the issue.

    • Xiao Guoan (Admin)
      3 years ago

      Glad to know you solved the issue. Jus want to let you know that you must use tls:// as the prefix for port 587. The ssl:// prefix should be used for port 465.

      • David E.
        3 years ago

        Ahh that explains it. Thanks for replying back!

  • Ary Angeli Mainart
    3 years ago

    I follow you tutorial from scratch,
    I was able to setup email server with postfix admin and virtual boxes.
    It is working fine.
    Then i try to follow this tutorial to setup roundcube.
    I run the installer, but i setup round cube on mailweb.my-domain.com instead your default mail.my-domain.com.
    On Test Config screen, all tests are Ok.
    When i try to test SMTP config and IMAP Config, got the error bellow:
    Trying to send email…
    SMTP send: NOT OK(Authentication failure: Invalid response code received from server (Code: 535))

    • Ary Angeli Mainart
      3 years ago

      I forgot to tell you.
      Try with tls and por 587 and ssl on port 465.
      Also, i am using the mail.my-domain.com as mx reccords.
      I belive that is because round cube is not reaching the virtual accounts database to authenticate.
      Great tutorial, by the way.
      It was the only i found that works.
      Thanks.

    • Xiao Guoan (Admin)
      3 years ago

      Use the following SMTP settings in Roundcube:

      tls://mail.your-domain.com  port: 587

      IMAP settings

      ssl://mail.your-domain.com port 993

      Make sure your TLS certificate is valid (not self-signed and not expired).

      • Ary Angeli Mainart
        3 years ago

        I did that.
        Certificate is letsencrypt, not self-signed and is not expired.

  • Ary Angeli Mainart
    3 years ago

    Forgot other thing. I still need help.
    ;p

    • Ary Angeli Mainart
      3 years ago

      Just posting here a feedback.
      Step 10: Configure the Password Plugin in Roundcube – This step is essential for roundcube to work.
      All works fine now.
      Thanks.

  • William
    3 years ago

    Sending an e-mail directly to my gmail doesn’t work. No errors in /var/log/mail.err. Replying to the e-mail from the Sent folder goes through. Replying back from gmail to my mail server fails and returns:

    The mail system
    
    : host cloudnode.pro[private/dovecot-lmtp] said: 550
        5.1.1  User doesn't exist: [email protected] (in
        reply to RCPT TO command)
    • Xiao Guoan (Admin)
      3 years ago

      It seems you didn’t follow my Postfix and Dovecot tutorial. If you follow mail server tutorials from other websites, I don’t guarantee this Roundcube tutorial will work for you.

  • William
    3 years ago

    Thanks a lot for your reply. I followed both precisely as instructed. Could you recommend some software for Ubuntu 20.04 that is easy to install and to manage email accounts?
    Otherwise after following your tutorials on postfix and dovecot, what steps would you recommend to safely start over? Maybe I accidentally missed something.

    • Xiao Guoan (Admin)
      3 years ago

      I see you use cloudnode.pro as the mail server hostname. As I said in the Postfix tutorial, you should use mail.cloudnode.pro as the hostname.

    • Xiao Guoan (Admin)
      3 years ago

      If you don’t want to set up everything from scratch, you can use iRedMail, which can automatically configure lots of the settings for you. iRedMail should be installed on a fresh clean server.

      • William
        3 years ago

        The server I am using is also utilised to host my website. The mail server is configured on the subdomain, as instructed.
        Can I completely wipe postfix and davecot using `apt purge postfix davecot roundcube && apt autoremove`, `DROP DATABASE roundcube;`?
        Will check out iRedMail. Does it really need to be a new/clean server?
        I have a LAMP setup, my objectives are to be able to send mail via `php` and easily create and suspend e-mail accounts for my team to use.

    • Xiao Guoan (Admin)
      3 years ago

      Technically you can install iRedMail on an existing LAMP server, but it’s error-prone (may break your existing applications) and requires extra complicated steps. And I won’t help users with this without getting paid.

      Fresh clean server means that there should not be any new software installed by the user. No Postfix, Dovecot, LAMP, whatsoever.

      If you create an email address in PostfixAdmin and you see the “no such user” or “user doens’t exist” error in the mail log, it must be there’s something wrong with your Dovecot configuration, especially the mail_location and mail_home parameter. I would recommend reading part 2 and part 3 again very carefully.

      • William
        3 years ago

        I must have entirely missed that part with postfix admin as I do not have it set up. I’ll try to delete everything and make sure to follow the tutorial more closely this time.

  • Luis Pereira
    3 years ago

    Hi Xiao.

    Sorry, I need to ask another question from you. I finish these roundcube installation, follow all the steps, but I cannot change the password from the web interface, it always gives an error:

    > Encryption function missing.

    I have all the configurations like you said, only difference is that I kept the default PostfixAdmin codification of MD5-CRYPT (I forgot to change before installing and now I don’t know if I can change it).

    Do you have any idea of what could I be doing wrong?

    Thanks

    • Luis Pereira
      3 years ago

      Hello Xiao.

      I solved the problem with following this guide:

      https://github.com/postfixadmin/postfixadmin/issues/381

      I found that the problem was the doveadm command was giving an error of permission denied accessing the let’s encrypt certificates. I tried changing some permissions but did not manage to make it work, so I found that issue and the problem is fixed.

      I leave it here because it could be helpful to other people.

      Again, Thank you very much for your guides.

  • You Rock! Excellent tutorial.

    There is however one issue I face when sending a mail to my own gmail account:

    Undelivered Mail Returned to Sender...
    message does not meet IPv6 sending guidelines regarding
    PTR records 550-5.7.1 and authentication...
    

    did I miss something?

    • Xiao Guoan (Admin)
      3 years ago

      You need to set PTR record for your IPv6 address.

  • this is very excellent tutorial, finally after all this time i have manage and undurstand how to build my own custom mail server, thank you very much xiao.

  • elliryc
    2 years ago

    HI,
    I have those problems:

    When on test mail for roundcube installation:

    Trying to send email…
    SMTP send: NOT OK(Authentication failure: STARTTLS failed (Code: ))

    and testing connection roundcube
    Connecting to ssl://w3bmail.marmogres.tech…
    IMAP connect: NOT OK(Login failed for [email protected] against w3bmail.marmogres.tech from [my IPv6] Could not connect to ssl://w3bmail.marmogres.tech:993: Unknown reason)

    The let’s encrypt certs are configure in the /etc/nginx/site-enable/w3bmail.marmogres.tech

    Ports are open in UFW
    i have the A and AAAA DNS OK for w3bmail

    have you an idea about the problem?

    • Xiao Guoan (Admin)
      2 years ago

      Don’t use the hostname of the webmail, which is an HTTP server. Use the hostname of the SMTP server & IMAP server.

      Your webmail should connect to the SMTP and IMAP server, not connect to itself.

  • Ernst Cliné
    2 years ago

    Hi Xiao Guoan,

    I am following your excellent guide, but with a payed certificate in stead of the Let’s encrypt one.
    I encountered a problem getting the Roundcube installer to establish the iMap connection and subsequently logging into Roundcube.

    It turned out that Roundcube / PHP could not verify the certificate because the intermediate certificates were not where they were expected.
    To solve this, I had to add the following to config.inc.php ( copied from defaults.inc.php )

    // IMAP socket context options
    // See http://php.net/manual/en/context.ssl.php
    // The example below enables server certificate validation
    $config['imap_conn_options'] = array(
      'ssl'         => array(
         'verify_peer'  => true,
         'verify_depth' => 3,
         'cafile'       => '/path_to_my_intermediate_certificate_file',
       ),
     );
    

    I hope this helps somebody 😉

    Thanks and best regards,
    Ernst

Comments are closed. For paid support, please contact [email protected]