Install Roundcube Webmail on Ubuntu 22.04/20.04 with PostgreSQL

Roundcube is a free open source, full-featured webmail client written in PHP. A webmail is a mail client in your browser, which means instead of reading and sending emails from a desktop mail client like Mozilla Thunderbird, you can access your email from a web browser. This tutorial is going to show you how to install Roundcube webmail on Ubuntu 22.04/20.04 with PostgreSQL database server.

Roundcube Features

Roundcube functionality includes:

  • Address book
  • Folder management
  • Message searching
  • Message filter
  • Spell checking
  • MIME support
  • PGP encryption and signing
  • Mailvelope integration
  • Users are able to change their passwords in Roundcube.
  • Import MIME or Mbox formatted emails.
  • Email Resent (Bounce)
  • Support for Redis and Memcached cache
  • Support for SMTPUTF8 and GSSAPI
  • A responsive skin called Elastic with full mobile device support
  • OAuth2/XOauth support (with plugin hooks)
  • Collected recipients and trusted senders
  • Full Unicode support with MySQL database
  • Support of IMAP LITERAL- extension

Requirements

To follow this tutorial, it’s assumed that

If not, please click the above links and follow the instructions to complete the prerequisites. Note that if you set up your email server using iRedMail before, then you server meets all requirements, and Roundcube is already installed on your server.

Now let’s proceed to install Roundcube.

Step 1: Download Roundcube Webmail on Ubuntu 22.04/20.04

Log in to your Ubuntu server via SSH, then run the following command to download the latest 1.6 stable version from Roundcube Github repository.

wget https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz

Note: You can always use the above URL format to download Roundcube from command line. If a new version comes out, simply replace 1.6.0 with the new version number. You can check if there’s new release at Roundcube downloade page.

Extract the tarball, move the newly created folder to web root (/var/www/) and rename it as roundcube at the same time.

tar xvf roundcubemail-1.6.0-complete.tar.gz

sudo mv roundcubemail-1.6.0 /var/www/roundcube

Change into the roundcube directory.

cd /var/www/roundcube

Make the web server user (www-data) as the owner of the temp and logs directory so that web server can write to these two directories.

sudo chown www-data:www-data temp/ logs/ -R

Step 2: Install PHP Extensions

Run the following command to install the required PHP extensions.

sudo apt install software-properties-common

sudo add-apt-repository ppa:ondrej/php

sudo apt update

sudo apt install php-net-ldap2 php-net-ldap3 php-imagick php8.1-common php8.1-pgsql php8.1-gd php8.1-imap php8.1-curl php8.1-zip php8.1-xml php8.1-mbstring php8.1-bz2 php8.1-intl php8.1-gmp php8.1-redis

Step 3: Create a Database and User for Roundcube in PostgreSQL

Install PostgreSQL

Enter the following command to install PostgreSQL on Ubuntu.

sudo apt install postgresql postgresql-contrib

After it’s installed, PostgreSQL database server will automatically start and listens on 127.0.0.1:5432, as can be shown with:

sudo ss -lnpt | grep 5432

Sample output:

LISTEN 0      244        127.0.0.1:5432       0.0.0.0:*    users:(("postgres",pid=24074,fd=5))

If you don’t see any output in the command line window, then PostgreSQL isn’t running. Start it with this command:

sudo systemctl start postgresql

To enable PostgreSQL to automatically start at boot time, run

sudo systemctl enable postgresql

If it still refuses to start, you need to check the log file under /var/log/postgresql/ to find out what went wrong.

Create Database

Log into PostgreSQL as the postgres user.

sudo -u postgres -i psql

Create the roundcube database. I named it roundcube, but you can use whatever name you like. (Don’t leave out the semicolon.)

CREATE DATABASE roundcubemail;

Create a database user (roundcubeuser) and set a password. Replace roundcube_password with your preferred password. Note that the password should not contain the # character, or you might not be able to log in later.

CREATE USER roundcube WITH PASSWORD 'roundcube_password';

Grant permissions to the database user.

ALTER DATABASE roundcubemail OWNER TO roundcube; 

GRANT ALL PRIVILEGES ON DATABASE roundcubemail TO roundcube;

Press Ctrl+D to log out of the PostgreSQL console.

Import the initial tables to the roundcube database. You will need to enter the password you just created.

psql -h 127.0.0.1 -d roundcubemail -U roundcube -W -f /var/www/roundcube/SQL/postgres.initial.sql

Step 4: Create Apache Virtual Host or Nginx Config File for Roundcube

Apache

If you use Apache web server, create a virtual host for Roundcube.

sudo nano /etc/apache2/sites-available/roundcube.conf

Note: If you followed my Postfix/Dovecot tutorial, a virtual host already exists. you should edit the following file. (Remove the texts in this file that was added in part 2 and add the new texts below.)

sudo nano /etc/apache2/sites-available/mail.example.com.conf

Put the following text into the file. Replace mail.example.com with your real domain name and don’t forget to set DNS A record for it.

<VirtualHost *:80>
  ServerName mail.example.com
  DocumentRoot /var/www/roundcube/

  ErrorLog ${APACHE_LOG_DIR}/roundcube_error.log
  CustomLog ${APACHE_LOG_DIR}/roundcube_access.log combined

  <Directory />
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  <Directory /var/www/roundcube/>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Directory>

</VirtualHost>

Save and close the file. Then enable this virtual host with:

sudo a2ensite roundcube.conf

Reload Apache for the changes to take effect.

sudo systemctl reload apache2

Now you should be able to see the Roundcube web-based install wizard at http://mail.example.com/installer.

Nginx

If you use Nginx web server, create a virtual host for Roundcube.

sudo nano /etc/nginx/conf.d/roundcube.conf

Note: If you followed my Postfix/Dovecot tutorial, a virtual host already exists. you should edit the following file. (Remove the texts in this file that was added in part 2 and add the new texts below.)

sudo nano /etc/nginx/conf.d/mail.example.com.conf

Put the following text into the file. Replace the domain name and don’t forget to set DNS A record for it.

server {
  listen 80;
  listen [::]:80;
  server_name mail.example.com;
  root /var/www/roundcube/;
  index index.php index.html index.htm;

  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ \.php$ {
   try_files $uri =404;
    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /.well-known/acme-challenge {
    allow all;
  }
 location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
  }
 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }
}

Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now you should be able to see the Roundcube web-based install wizard at http://mail.example.com/installer.

Step 5: Enabling HTTPS

It’s highly recommended that you use TLS to encrypt your webmail. We can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. Run the following command to install Let’s Encrypt client (certbot) on Ubuntu 22.04/20.04 server.

sudo apt install certbot

If you use Nginx, then you also need to install the Certbot Nginx plugin.

sudo apt install python3-certbot-nginx

Next, run the following command to obtain and install TLS certificate.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.example.com

If you use Apache, install the Certbot Apache plugin.

sudo apt install python3-certbot-apache

And run this command to obtain and install TLS certificate.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.example.com

Where

  • --nginx: Use the nginx plugin.
  • --apache: Use the Apache plugin.
  • --agree-tos: Agree to terms of service.
  • --redirect: Force HTTPS by 301 redirect.
  • --hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
  • --staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

The certificate should now be obtained and automatically installed.

roundcube webmail https letsencrypt

Note: If you followed my Postfix/Dovecot tutorial, and now you install Roundcube on the same server, then certbot will probably tell you that a certificate for mail.example.com already exists as shown below, so you can choose to install the existing TLS certificate to your web server configuration file.

roundcube postfix dovecot certbot https certificate

Step 6: Adding Local DNS Entry

It’s recommended to edit the /etc/hosts file on the mail server and add the following entry, so that Roundcube won’t have to query the public DNS, which will speed up web page loading a little bit.

127.0.0.1  localhost mail.example.com

Step 7: Configure Roundcube

Go to the Roundcube configuration directory.

cd /var/www/roundcube/config/

Copy the sample configuration file.

sudo cp config.inc.php.sample config.inc.php

Edit the new file.

sudo nano config.inc.php

Find the following line, which tells Roundcube how to connect to the database.

$config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

Replace mysql with pgsql.

Then replace pass with the real Roundcube password. If the password contains special characters, you need to use percent encoding. For example, if the password is mPcEIRxyJhCz8uiWIUopqWzaSTk=, then the line will look like this:

$config['db_dsnw'] = 'pgsql://roundcube:mPcEIRxyJhCz8uiWIUopqWzaSTk%3D@localhost/roundcubemail';

The special character = is represented by %3D.

Then find the following two lines.

$config['imap_host'] = 'localhost:143';

$config['smtp_host'] = 'localhost:587';

Replace the value as follows:

$config['imap_host'] = 'tls://mail.example.com:143';

$config['smtp_host'] = 'tls://mail.example.com:587';

Find the following line.

$config['des_key'] = 'rcmail-!24ByteDESkey*Str';

Replace the default key with some random characters like below.

$config['des_key'] = '58kptbzEcNKi/bc9OL90//3ATnQ=';

Next, find the following lines

// List of active plugins (in plugins/ directory)
$config['plugins'] = [
    'archive',
    'zipdownload',
];

By default, only two plugins are enabled. We can enable more plugins like below.

// List of active plugins (in plugins/ directory)
$config['plugins'] = ['acl', 'additional_message_headers', 'archive', 'attachment_reminder', 'autologon', 'debug_logger', 'emoticons', 'enigma', 'filesystem_attachments', 'help', 'hide_blockquote', 'http_authentication', 'identicon', 'identity_select', 'jqueryui', 'krb_authentication', 'managesieve', 'markasjunk', 'new_user_dialog', 'new_user_identity', 'newmail_notifier', 'password', 'reconnect', 'redundant_attachments', 'show_additional_headers', 'squirrelmail_usercopy', 'subscriptions_option', 'userinfo', 'vcard_attachments', 'virtuser_file', 'virtuser_query', 'zipdownload'];

Finally, we can enable the built-in spell-checker by adding the following line at the end of this file.

$config['enable_spellcheck'] = true;

Save and close the file.

Go to your Webmail domain and log in.

roundcube webmail elastic skin

Roundcube Webmail interface

roundcube ubuntu server apache nginx

Now you should remove the whole installer folder from the document root or make sure that enable_installer option in config.inc.php file is disabled.

sudo rm /var/www/roundcube/installer/ -r

These files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access the installer page from your browser.

If the web page displays an error, please check the Roundcube error log file (/var/www/roundcube/logs/error.log) to find out what went wrong.

Step 8: Configure the Sieve Message Filter

You can create folders in Roundcube webmail and then create rules to filter email messages into different folders. In order to do this, you need to install the ManageSieve server with the following command.

sudo apt install dovecot-sieve dovecot-managesieved

By default, Postfix uses its built-in local delivery agent (LDA) to move inbound emails to the message store (inbox, sent, trash, Junk, etc). We can configure it to use Dovecot to deliver emails, via the LMTP protocol, which is a simplified version of SMTP. LMTP allows for a highly scalable and reliable mail system and it is required if you want to use the sieve plugin to filter inbound messages to different folders.

Install the Dovecot LMTP Server.

sudo apt install dovecot-lmtpd

Edit the Dovecot main configuration file.

sudo nano /etc/dovecot/dovecot.conf

Add lmtp and sieve to the supported protocols.

protocols = imap lmtp sieve

Save and close the file. Then edit the Dovecot 10-master.conf file.

sudo nano /etc/dovecot/conf.d/10-master.conf

Change the lmtp service definition to the following.

service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
  }
}

Next, edit the Postfix main configuration file.

sudo nano /etc/postfix/main.cf

Add the following lines at the end of the file. The first line tells Postfix to deliver emails to local message store via the dovecot LMTP server.  The second line disables SMTPUTF8 in Postfix, because Dovecot-LMTP doesn’t support this email extension.

mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no

Save and close the file. Open the /etc/dovecot/conf.d/15-lda.conf file.

sudo nano /etc/dovecot/conf.d/15-lda.conf

Scroll to the end of the file, uncomment the mail_plugins line and add the sieve plugin to local delivery agent (LDA).

protocol lda {
    # Space separated list of plugins to load (default is global mail_plugins).
    mail_plugins = $mail_plugins sieve
}

Save and close the file. If you can find the 20-lmtp.conf file under /etc/dovecot/conf.d/ directory, then you should also enable the sieve plugin in that file like below.

protocol lmtp {
      mail_plugins = quota sieve
}

Edit the /etc/dovecot/conf.d/10-mail.conf file.

sudo nano /etc/dovecot/conf.d/10-mail.conf

Sieve scripts are stored under each user’s home directory. If you followed my PostfixAdmin tutorial and are using virtual mailbox domains, then you need to enable mail_home for the virtual users by adding the following line in the file, because virtual users don’t have home directories by default.

mail_home = /var/vmail/%d/%n

Save and close the file.

Finally, restart Postfix and Dovecot.

sudo systemctl restart postfix dovecot

Now you can go to Roundcube webmail, open an email message and click the more button, and select create filters to create message filters. For example, I create a filter that moves every email sent from redhat.com to the Red Hat folder.

roundcube sieve filter

If you don’t have the create filter option, it’s probably because you didn’t enable the managesieve plugin. Edit the config.inc.php file.

sudo nano /var/www/roundcube/config/config.inc.php

At the end of this file, you will find a list of active plugins. add the managesieve plugin in the arrary. The plugin order doesn’t matter.

// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = ['acl', 'additional_message_headers', 'archive', 'attachment_reminder', 'autologon', 'database_attachments', 'debug_logger', 'emoticons', 'enigma', 'filesystem_attachments', 'help', 'hide_blockquote', 'http_authentication', 'identicon', 'identity_select', 'jqueryui', 'krb_authentication', 'managesieve', 'markasjunk', 'new_user_dialog', 'new_user_identity', 'newmail_notifier', 'password', 'reconnect', 'redundant_attachments', 'show_additional_headers', 'squirrelmail_usercopy', 'subscriptions_option', 'userinfo', 'vcard_attachments', 'virtuser_file', 'virtuser_query', 'zipdownload'];

Save and close the file.

Note that if you move a sieve filter set from an old mail server to your new mail server, you need to go to Settings -> Filters, then click Actions and enable the filter set, or Dovecot LMTP server won’t execute the sieve filter.

Step 9: Removing Sensitive Information from Email Headers

By default, Roundcube will add a User-Agent email header, indicating that you are using Roundcube webmail and the version number. You can tell Postfix to ignore it so recipient can not see it. Run the followingcommand to create a header check file.

sudo nano /etc/postfix/smtp_header_checks

Put the following lines into the file.

/^User-Agent.*Roundcube Webmail/            IGNORE

Save and close the file. Then edit the Postfix main configuration file.

sudo nano /etc/postfix/main.cf

Add the following line at the end of the file.

smtp_header_checks = regexp:/etc/postfix/smtp_header_checks

Save and close the file. Then run the following command to rebuild hash table.

sudo postmap /etc/postfix/smtp_header_checks

Reload Postfix for the change to take effect.

sudo systemctl reload postfix

Now Postfix won’t include User-Agent: Roundcube Webmail in the headers when sending outgoing emails.

Step 10: Configure the Password Plugin in Roundcube

Roundcube includes a password plugin that allows users to change their passwords from the webmail interface. Edit the config.inc.php file.

sudo nano /var/www/roundcube/config/config.inc.php

Make sure the password plugin in the plugin list at the end of this file. The plugin order doesn’t matter.

$config['plugins'] = array('acl', 'additional_message_headers', 'password', .....);

Save and close the file.

However, we need to configure this plugin before it will work. Run the following command to copy the distributed password plugin config file to a new file.

sudo cp /var/www/roundcube/plugins/password/config.inc.php.dist /var/www/roundcube/plugins/password/config.inc.php

Edit the password plugin configuration file.

sudo nano /var/www/roundcube/plugins/password/config.inc.php

Find the following line:

$config['password_db_dsn'] = '';

This parameter is used to tell the password plugin where the user passwords are stored. By default, the value is empty and it will query the roundcube database, which doesn’t store user passwords. If you followed my PostfixAdmin tutorial, then user passwords are stored in the postfixadmin.mailbox table, so we need to change the value to:

$config['password_db_dsn'] = 'pgsql://postfixadmin:postfixadmin_database_password@127.0.0.1/postfixadmin';

The tells the password plugin to connect to the postfixadmin database. If you don’t remember your postfixadmin database password, you can find it in the /etc/dovecot/dovecot-sql.conf.ext file. If your PostfixAdmin password contains a single quote character, then you can use backslash (\') to escape it.

Then find the following line.

$config['password_query'] = 'SELECT update_passwd(%c, %u)';

Change it to the following.

$config['password_query'] = 'UPDATE mailbox SET password=%P,modified=NOW() WHERE username=%u';

I recommend enabling a password strength checker to prevent users from setting week passwords. Go to the beginning of this file, you can find the following line.

$config['password_strength_driver'] = null;

We can use the zxcvbn password strength driver, so change it to:

$config['password_strength_driver'] = 'zxcvbn';

Add the following line in this file to allow strong passwords only.

$config['password_zxcvbn_min_score'] = 5;

Note: The $config['password_minimum_score'] parameter doesn’t work with the zxcvbn driver, so leave it alone.

You can also set a minimum length for the password. Find the following line.

$config['password_minimum_length'] = 0;

Change it to:

$config['password_minimum_length'] = 8;

Recall that we used the ARGON2I password scheme in the PostfixAdmin tutorial, so we also need to configure the password plugin to use ARGON2I. Find the following lines in the file.

$config['password_algorithm'] = 'clear';

By default, the password will be stored as clear text, change the value to the following to use Dovecot’s builtin password algorithm.

$config['password_algorithm'] = 'dovecot';

Then find the following line, which tells where the Dovecot’s password hash generator is located.

$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x

Change it to the following.

$config['password_dovecotpw'] = '/usr/bin/doveadm pw -r 5';

Then find the following line, which tells which password scheme will be used.

$config['password_dovecotpw_method'] = 'CRAM-MD5';

Change it to:

$config['password_dovecotpw_method'] = 'ARGON2I';

Find the following line.

$config['password_dovecotpw_with_method'] = false;

Change false to true. This will add a {ARGON2I} prefix to the hashed password, so you will recognize which password scheme is used.

$config['password_dovecotpw_with_method'] = true;

Save and close the file. Since this file contains the database password, we should allow only the www-data user to read and write to this file.

sudo chown www-data:www-data /var/www/roundcube/plugins/password/config.inc.php
sudo chmod 600 /var/www/roundcube/plugins/password/config.inc.php

Now users should be able to change their passwords in the Roundcube webmail interface.

roundcube webmail change password

How to Set Up Vacation/Out-of-Office Messages

We can use the sieve filter to create vacation/out-of-office messages. Go to Roundcube Settings -> Filters. Then click the create button to create a filter.

  • Give this filer a name like “out of office”.
  • New filters are not disabled, so you can leave the button alone.
  • In the Scope field, select all messages.
  • Select Replay with message in the Actions settings, and enter the message that will be automatically sent.
  • Enter 1 in how often send messages, so the auto-reply will be sent only once per day for each sender. If you set this value to 7, then the auto-reply will be sent once per 7 days for each sender.
  • Leave other text fields empty.
  • Click the Save button and you are done.

roundcube vacation out of office message

When you are back in the office, you can toggle the “Filter disabled” button, and click the Save button to disable this filter.

Increase Upload File Size Limit

If you use PHP-FPM to run PHP scripts, then files such as images, PDF files uploaded to Roundcube can not be larger than 2MB. To increase the upload size limit, edit the PHP configuration file.

sudo nano /etc/php/8.1/fpm/php.ini

Find the following line (line 846).

upload_max_filesize = 2M

Change the value like below. Note that this value should not be larger than the attachment size limit set by Postfix SMTP server.

upload_max_filesize = 50M

Then find the following line (line 694).

post_max_size = 8M

Change the maximum size of POST data that PHP will accept.

post_max_size = 50M

Save and close the file. Alternatively, you can run the following two commands to change the value without manually opening the file.

sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 50M/g' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/post_max_size = 8M/post_max_size = 50M/g' /etc/php/8.1/fpm/php.ini

Then restart PHP-FPM.

sudo systemctl restart php8.1-fpm

Nginx also sets a limit on upload file size. The default maximum upload file size limit set by Nginx is 1MB. If you use Nginx, edit the Nginx configuration file.

sudo nano /etc/nginx/conf.d/mail.example.com.conf

Add the following line in the SSL virtual host.

client_max_body_size 50M;

Save and close the file. Then reload Nginx for the changes to take effect.

sudo systemctl reload nginx

There are 3 plugins in Roundcube for attachments/file upload:

  • database_attachments
  • filesystem_attachments
  • redundant_attachments

Roundcube can use only one plugin for attachments/file uploads. I found that the database_attachment plugin can be error_prone and cause you trouble. To disable it, edit the Roundcube config file.

sudo nano /var/www/roundcube/config/config.inc.php

Scroll down to the end of this file. You will see a list of active plugins. Remove 'database_attachments' from the list. Note that you need to activate at least one other attachment plugin, for example, filesystem_attachments.

// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = ['acl', 'additional_message_headers', 'archive', 'attachment_reminder', 'autologon', 'debug_logger', 'emoticons', 'enigma', 'filesystem_attachments', 'help', 'hide_blockquote', 'http_authentication', 'identicon', 'identity_select', 'jqueryui', 'krb_authentication', 'managesieve', 'markasjunk', 'new_user_dialog', 'new_user_identity', 'newmail_notifier', 'password', 'reconnect', 'redundant_attachments', 'show_additional_headers', 'squirrelmail_usercopy', 'subscriptions_option', 'userinfo', 'vcard_attachments', 'virtuser_file', 'virtuser_query', 'zipdownload'];

Save and close the file.

Setting Up Multiple Mail Domains

To host multiple mail domains, please read the following article:

Troubleshooting Tips

If you encounter errors, you can check the web server error logs at /var/log/apache2/roundcube_error.log (if you are using Apache), or /var/log/nginx/roundcube.error (if you are using Nginx.), also the Roundcube error logs in /var/www/roundcube/logs/ directory.

Connection to Storage Server Failed

If you see the Connection to storage server failed error when trying to log into RoundCube, it’s probably because

  • Dovecot server isn’t running. You can restart Dovecot with sudo systemctl restart dovecot and check its status with systemctl status dovecot.
  • You are using a self-signed TLS certificate. Roundcube requires a valid TLS certificate issued from a trusted certificate authority such as Let’s Encrypt.
  • Your TLS certificate expired. You can renew the Let’s Encrypt TLS certificate with sudo certbot renew, then restart Postfix and Dovecot (sudo systemctl restart postfix dovecot).

You can also try adding a custom DNS entry in /etc/hosts file as described in step 8 on the Roundcube server, so Roundcube can properly resolve the mail server hostname.

Could Not Load Message From Server

If you see the “Internal error: could not load message from server” error, it’s probably because you are trying to open a deleted email (invalid URL). Try going to the mail root domain (mail.example.com) to see if it works.

Temporary lookup failure (Code: 451)

If you encounter this error when trying to send an email in Roundcube, it’s probably something wrong with your Postfix configuration. For example, some folks might have the following error in the /var/log/mail.log file.

warning: connect to pgsql server localhost: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "postfixadmin"?connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "postfixadmin"?

This means your password authentication for the Postfixadmin database is not working.

Wrapping Up

I hope this tutorial helped you install Roundcube Webmail on Ubuntu 22.04/20.04. As always, if you found this post useful,  subscribe to our free newsletter to get more tips and tricks 🙂

Rate this tutorial
[Total: 8 Average: 5]

53 Responses to “Install Roundcube Webmail on Ubuntu 22.04/20.04 with PostgreSQL

  • Hi!

    I successfully login with roundcube but unable to login with config filed credentials.

    Can you help me out?

    Thanks

    • Xiao Guoan (Admin)
      4 years ago

      What do you mean by “successfully login with roundcube but unable to login with config filed credentials”?

  • After roundcube installer(configuration) setting with login details it shows error like

    IMAP connect: NOT OK(Login failed for roundcubeuser against mail.domain.com from 122.170.102.157. AUTHENTICATE PLAIN: Authentication failed.)

    • Xiao Guoan (Admin)
      4 years ago

      IMAP login requires you to use an email account on the mail server, not the database user account.

  • i don’t have email account with register domain name.
    so try my personal gmail account that says login failed,

    and also try root login with domain as suffix says connection to IMAP server failed.

    How i solved this puzzle?

    • Xiao Guoan (Admin)
      4 years ago

      Then create an email account for the domain name.

  • Is this necessary to create email account for domain name?
    Is there any another option to login in roundcube?

    • Xiao Guoan (Admin)
      4 years ago

      You use Roundcube to log into your email account, right? If you don’t have an email account on your own domain name, then why are you installing Roundcube?

      By the way, What’s your domain name?

    • Xiao Guoan (Admin)
      4 years ago

      If you don’t have an email account at your domain name, I think you need to follow the iRedMail tutorial, instead of installing Roundcube.

  • thapelo
    4 years ago

    I had to add the below:

    smtpd_sasl_auth_enable = yes

    in /etc/postfix/main.cf ?

    • Xiao Guoan (Admin)
      4 years ago

      I usually add it in the submission service in /etc/postfix/master.cf.

      submission     inet     n    -    y    -    -    smtpd
       -o syslog_name=postfix/submission
       -o smtpd_tls_security_level=encrypt
       -o smtpd_tls_wrappermode=no
       -o smtpd_sasl_auth_enable=yes
       -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
       -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
       -o smtpd_sasl_type=dovecot
       -o smtpd_sasl_path=private/auth

      This will enable SASL authentication on port 587.

      If you add it in the /etc/postfix/main.cf file, then SASL authentication will also be enabled on port 25, which I don’t recommend.

  • Ken D'Ambrosio
    4 years ago

    Hi! I’ve had RoundCube running for a few years, now, and love it. And even better, some of the newer skins have great mobile support. But one thing has bugged me: having to keep logging in on devices that are mine. I found one old plugin that I never was able to get to work… and then I found this: https://github.com/mfreiholz/persistent_login — actively being updated (I don’t even know what-all he’s adding), and works like a charm. Made me remove a fat client from my (Android) phone and tablet altogether. (For notifications — which RoundCube doesn’t, to the best of my knowledge, supply — I use Poppy, an app which polls the mailboxes and notifies on new mail.)

  • moulnengsonarat
    4 years ago

    i already install successfully all are work but how can i add new user for example [email protected] password123
    [email protected] password123 for aroundcube i have no idea i am newbie for linux just follow your tutorial is working fine but i want to create 3 or 4 user for that mail server please kindly help

    • Xiao Guoan (Admin)
      4 years ago

      If you followed my email server from scratch tutorial series, then you can use PostfixAdmin to manage users.

      • moulnengsonarat
        4 years ago

        thank you so much for replay in my server i use ubuntu 18.04 i installed LAMP , postfix dovecote and roundcube and follow the instruction all are good but when i log in it said ” connection to server storage failed ” here is the video i follow and kind of mix together. https://www.youtube.com/watch?v=HPV1hJsRud0&t=773s but i replace the squirrelmail with roundcube

        please kindly help

    • Xiao Guoan (Admin)
      4 years ago

      In the YouTube video, the mail_location is changed to /var/spool/mail. I think you need to use the default location as below.

      mail_location = mbox:~/mail:INBOX=/var/mail/%u

      PS: I don’t recommend mixing mail server tutorials from different places. You can follow my comprehensive mail server tutorial series here: https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu

  • Hi,
    I tried to config the Sieve Message Filter with your but the server doesn’t have the port 4190 open and I cannot connect from roundcube.

    Can you help me?

    Thnkx.

    • Xiao Guoan (Admin)
      4 years ago

      Edit the Dovecot main configuration file.

      sudo nano /etc/dovecot/dovecot.conf

      Add the sieve protocol.

      protocols = imap lmtp sieve

      Save and close the file. Then restart Dovecot.

      sudo systemctl restart dovecot
      • Willy Tjahjono
        4 years ago

        Hi, I have followed your instructions but am still getting that unable to connect managesieve server. Which config file should I modify? Thank you.

  • Etienne
    4 years ago

    Ok, well I can now authenticate on the Thunderbird client without any issue. Sending mail and receiving mail : O.K. And it is awesome!

    But I wanted to implement a webmail interface. So I followed your tutorial step by step for the installation of Roundcube. The authentication to the smtp server works ->
    Screenshot

    But when I try the with the imap server, I get an error.

    Feb 11 11:43:24 mail.rt-lanparty.fr dovecot[14101]: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=, rip=144.91.87.246, lip=144.91.87.246, TLS handshaking: SSL_accept() failed: error:14094418:SSL rout
    • Xiao Guoan (Admin)
      4 years ago

      You can try editing the dovecot SSL configuration file.

      sudo nano /etc/dovecot/conf.d/10-ssl.conf

      Set ssl_prefer_server_ciphers to yes.

      ssl_prefer_server_ciphers = yes

      Restart Dovecot.

      sudo systemctl restart dovecot
  • Etienne
    4 years ago

    I found interesting settings for roundcube imaps connection. Actually your setting with these made things work.

    Here is what I added to config.inc.php :

    $config['imap_conn_options'] = array(
        'ssl' => array(
            'ciphers' => 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:DH+AES:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5',
            'verify_peer'      => false,
            'verify_peer_name' => false,
        ),
    );
    

    Now everything works as it should. I thank you a lot for the time spend to help me. Keep up with your work ! Have a nice day !! 🙂

  • I made a mistake on creating the PostgreSQL Database and User for Roundcube.

    How can I remove a create a new one?

    • Xiao Guoan (Admin)
      4 years ago

      You can log into PostgreSQL console

      sudo -u postgres psql

      and list existing databases.

      \l

      To delete a database, run the following command. Replace database-name with the real database name.

      drop database database-name;

      Then, you can create the database again.

    • Thank You.

      Do I need to fill the “username_domain” in IMAP settings ?

    • Xiao Guoan (Admin)
      4 years ago

      No.

  • hi, in roundcube config
    can’t connect to imap server
    i followed your basic tutorial mail setup

    Connecting to ssl://mail.xxxxxxx.cd…
    IMAP connect: NOT OK(Login failed for [email protected] against mail.xxxxxxxx.cd from 102.128.71.241. Could not connect to ssl://mail.cmr-covid19.cd:993: Unknown reason)

    • Xiao Guoan (Admin)
      2 years ago

      Check your mail server log file (/var/log/mail.log). Also, edit the /etc/dovecot/dovecot.conf and enable debugging by adding the following line at the end of this file.

      mail_debug=yes

      Then restart Dovecot.

  • IMRON HS
    3 years ago

    First, where is the line I can put this command Xiao?

    client_max_body_size 50M;
    
    • Xiao Guoan (Admin)
      3 years ago

      Inside the SSL server block, like this:

      server {
        server_name mail.linuxbabe.com;
        root /var/www/roundcube/;
        index index.php index.html index.htm;
      
        client_max_body_size 50M;
      
        .....
      
          listen 443 ssl ; # managed by Certbot
          ssl_certificate /etc/letsencrypt/live/mail.linuxbabe.com/fullchain.pem; # managed by Certbot
          ssl_certificate_key /etc/letsencrypt/live/mail.linuxbabe.com/privkey.pem; # managed by Certbot
          include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
          ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
      
      
          add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
      
      
          ssl_trusted_certificate /etc/letsencrypt/live/mail.linuxbabe.com/chain.pem; # managed by Certbot
          ssl_stapling on; # managed by Certbot
          ssl_stapling_verify on; # managed by Certbot
      }
      
  • IMRON HS
    3 years ago

    Hi Xiao Guoan, I check the web server error log

    root@mail:~# tail -f /var/log/nginx/roundcube.error
    

    I got the error like this:

    2020/09/12 10:41:52 [crit] 23041#23041: *198 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 74.82.47.5, server: 0.0.0.0:443
    2020/09/13 08:31:54 [crit] 29815#29815: *530 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 184.105.247.196, server: 0.0.0.0:443
    

    Please help, thank you Xiao Guoan

    • Xiao Guoan (Admin)
      3 years ago

      It simply means the client was trying to use SSL parameters that aren’t supported by your Nginx server. This is nothing to worry about. The default SSL configuration added by Let’s Encrypt (certbot) is compatible with modern web browsers. It could be that some guy was trying to test your Nginx SSL configurations, or a user was using a really old web browser to access the webmail.

  • Hey. Hope you are doing well.
    I followed all the steps of Step 1 and step 2 of your tutorial and installed Postfix and Dovecot, and I did all you said.
    But when I click login or send email in roundcube, nothing happens but a 504 gateway time-out.
    I sent emails successfully via SSH to my yahoo and gmail account, but not able to login in roundcube test!
    Why is it happening? I even entered ports as you told, but no idea why I don’t see nothing?
    I leave an attachment. Is that ok?
    Thank you

    • Xiao Guoan (Admin)
      3 years ago

      Maybe you need to restart PHP-FPM.

      sudo systemctl restart php7.2-fpm
    • Xiao Guoan (Admin)
      3 years ago

      By the way, you should not enable the Cloudflare proxy (CDN) feature for the A record of your mail server.

      Cloudflare doesn’t support SMTP proxy. You will not be able to receive emails when Cloudflare CDN is turned on for your mail server.

  • Hi Xiao,

    I have created the subdomain but it constantly redirects to the root domain, cleared cache of the browser, and syntax on Nginx is ok and successful.

    I have been trying hours for a solution.

    What could be the issue?

    Thanks.

  • Hi, do I need to have separate Roundcube installations for different domains I have? I have already configured them through postfix and postfixadmin, they are working like a charm using an email client. I’m only asking this for the web-client Roundcube.

  • Cluster
    3 years ago

    Hi, Xiao
    I followed your brilliant instruction carefully and all is fine
    By the way, after install Roundcube, I cant pass properly SMTP, IMAP testing through installer steps and tried to login to Roundcube.
    what login credential info should be use to login RoundCube?
    And already tried with postfixadmin user name and info, but failed
    Please give me some tips for this
    Thanks

    • Xiao Guoan (Admin)
      3 years ago

      Roundcube is a web-based mail client that allows your users to log into their email account in a web browser. So the login credential is the email account, not the PostfixAdmin login credential.

  • Shane Hartman
    3 years ago

    Excellent writeup. I had a few issues for remote users authenticated with sssd via Active Directory but i resolved that in pam config for dovecot (had nothing to do with roundcube or these instructions). Way better than Squirrel Mail, which became a dead project anyway. Thanks!

  • David Lopes
    3 years ago

    If you have this error for testing the SMTP
    Error: Authentication failure: STARTTLS failed (Code: )

    try this in config.inc.php

    $config['smtp_conn_options'] = array(
       'ssl' => array(
       'verify_peer' => false,
       'verify_peer_name' => false,
      ),
    );
    
  • hi
    Is there any way that just few client can change their email password via trouncer?

  • Firdouse R
    2 years ago

    Hello,

    Can you please share how to create username and password for the domain name?where is this stored on the server?I completed all 3 parts except that I am stuck at login on roundcube,am not able to figure out what username and password to use,any help is greatly appreciated.

    thanks

  • Firdouse Rao
    2 years ago

    Hello,

    I am facing this error, not sure how to resolve it.

    thanks

  • Firdouse R
    2 years ago

    Hello,

    Now facing this issue,any help is appreciated.

    thanks

  • Duffman
    2 years ago

    Great Instructions

    A+

    Thank you LinuxBabe!!!

  • Option 'enigma_pgp_homedir' not specified in /var/www/roundcube/plugins/enigma/lib/enigma_engine.php on line 91 (POST /?_task=settings&_action=plugin.enigmakeys)
    

    I get this error when I visit the page https://roundcube.falcon-utility.com/?_task=settings&_action=plugin.enigmakeys
    I added

    $config[‘enigma_pgp_homedir’] = null;

    to the config.inc.php but still shows that error

    also when updating password it shows cannot save new password error but in the logs it shows nothing

    please help

  • Hi there!

    I have running postfix, dovecot, fetchmailrc and Roundcube smoothly for some years.
    I updated Roundcube from 1.4.9 to 1.6, since I can’t send some mails – it always says an 250 error (SMTP authentication fail)

    mail.log:
    postfix/submission/smtpd[14906]: connect from localhost[127.0.0.1]
    postfix/submission/smtpd[14906]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2

    What happened here?!

  • Hi mate. How can i get Auto-reply working? I was able to create the filter, but the message is not being send.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here