Setup Roundcube Webmail on CentOS Linux

Setup Roundcube Webmail on CentOS Linux
– Install Centos 7
– Configure networking
– Disable selinux
– Uninstall sendmail

systemctl stop sendmail
systemctl disable sendmail
yum remove -y sendmail

– Install php

yum install -y php

– Enable EPEL repository:

cd /tmp
wget wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm

– Enable the REMI repository (for ImageMagick, etc):

cd /tmp
wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -ivh remi-release-7.rpm
vi /etc/yum.repos.d/remi-php54.repo (set "enabled=1" - because the current system has PHP version 5.4 installed. There are repo files for other PHP versions in the same directory)

– Add both the email domain name and the server’s FQDN as aliases to the “127.0.0.1” entry in file /etc/hosts
– Add another line to /etc/hosts for the server’s primary IP address mapping it to its short name and its FQDN
# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 itayemi.com myserver1.itayemi.com
192.168.109.10 myserver1.itayemi.com myserver1

– Allow incoming/outgoing connections through the firewall for apps:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=imap
firewall-cmd --permanent --zone=public --add-service=imaps
firewall-cmd --permanent --zone=public --add-service=pop3s
firewall-cmd --permanent --zone=public --add-service=smtp
firewall-cmd --permanent --zone=public --add-service=smtps
firewall-cmd --permanent --zone=public --add-service=dns
firewall-cmd --reload

– Configure Postfix

yum install -y postfix
systemctl enable postfix
yum update postfix
systemctl start postfix
systemctl status postfix

– Configure Postfix

cd /tmp
openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 730
mkdir /etc/postfix/ssl
mv mailserver.key /etc/postfix/ssl
mv mailserver.crt /etc/postfix/ssl
chmod -R 660 /etc/postfix/ssl
vi /etc/postfix/master.cf (uncomment the following lines)
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
vi /etc/postfix/main.cf (uncomment the myhostname variable and set its value to the server's hostname)

vi /etc/postfix/main.cf (uncomment the mydomain variable and set it to the domain to receive emails for)

vi /etc/postfix/main.cf (uncomment the following lines)
#inet_interfaces = all
#inet_protocols = all
#mydestination = $myhostname, localhost.$mydomain, localhost
#home_mailbox = Maildir/

vi /etc/postfix/main.cf (add the following lines to the end of the file)
smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may

– Change the home_mailbox parameter for Postfix in file /etc/postfix/main.cf to match the dovecot config as follows (uncomment if necessary):

home_mailbox = Maildir/

– Add the hostname and domainname to mydestination parameter in the Postfix configuration file /etc/postfix/main.cf or you will get the “mail loops back to myself” error when attempting to send to local users.

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

– Restart postfix:

systemctl restart postfix
systemctl status postfix

– Test Postfix with telnet (send a test mail to another local user then check that user’s /home/username/Maildir/new/ directory for the mail file)

yum install -y telnet
telnet localhost 25
quit

– Install and Configure Dovecot

yum install -y dovecot
systemctl enable dovecot
systemctl start dovecot
systemctl status dovecot

Edit config file /etc/dovecot/dovecot.conf and uncomment the line below:

protocols = imap pop3 lmtp

– Edit the file /etc/dovecot/conf.d/10-auth.conf and set the following parameters (also uncomment them as well):

disable_plaintext_auth = no
auth_mechanisms = plain login

– Edit the file /etc/dovecot/conf.d/10-master.conf and set the following section to:

unix_listener auth-userdb {
#mode = 0666
user = postfix
group = postfix
}

– Set the dovecot mail_location parameter in the file /etc/dovecot/conf.d/10-mail.conf  (Uncomment the line and change the value).

mail_location = maildir:~/Maildir

– Configure dovecot for pop3 via the file /etc/dovecot/conf.d/20-pop3.conf (Uncomment or add the following lines):

pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

– Restart dovecot to activate all the configuration changes:

systemctl restart dovecot

– Create the Maildir folder in the skeletons folder so that future users are created with the folder automatically (manually create it for all existing users and change the ownership accordingly)

mkdir -p /etc/skel/Maildir/{cur,new,tmp}

– Install and configure fetchmail and procmail (if required)

yum install -y fetchmail
yum install -y procmail
which procmail

– Install and Configure Apache webserver

yum install -y httpd
systemctl enable httpd
systemctl start httpd
systemctl status httpd

– Install Roundcube

yum install -y mysql mariadb-server php php-common php-json php-xml php-mbstring
systemctl enable mariadb
systemctl start mariadb
systemctl status mariadb
mysql -u root -p (Just press ENTER when prompted for the password)
MariaDB [(none)]> create database roundcube_db;
MariaDB [(none)]> grant all on roundcube_db.* to roundcube_user@localhost identified by 'roundcube_db_password';
MariaDB [(none)]> select user from  mysql.user;
MariaDB [(none)]> quit

NOTE: substitute your own username and password for “roundcube_user” and “roundcube_db_password” in the “grant” command above.

cd /var/www/html/
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.7/roundcubemail-1.3.7-complete.tar.gz
tar -zxvf roundcubemail-1.3.7-complete.tar.gz
mv roundcubemail-1.3.7 roundcube
chown -R apache:apache roundcube

– Install various PHP extensions (that are not installed by default)

yum install -y php-pdo
yum install -y php-intl
yum install -y php-gd
yum install -y php-pear
yum install -y php-pecl-imagick
yum install -y php-mysql
yum install -y php-ldap

– Set your timezone in /etc/php.ini (e.g., add the following line to the file)

date.timezone=Africa/Lagos

– Restart Apache webserver to detect the changes:

systemctl restart httpd

– Complete the install by using the URL http://servername-or-ip/roundcube/installer
– 1. Check environment – install any missing but required PHP extensions, DB, etc
– 2. Create config – make changes as required to various config options including the database parameters (name, user, user password – created earlier). At the end, click the “Create Config” button which creates and stores the config file defaults.inc.php in the roundcube config directory (/var/www/html/roundcube/config/). Click the “CONTINUE” button.
– 3. Test config – test that roundcube can connect login to the IMAP (dovecot) and SMTP (Postfix) servers successfully
– Click the “Initialize database” button
– Scroll down and “Test SMTP config” by supplying sender/recipient email addresses
– Then “Test IMAP config” by supplying the username and password of a local user account

– 4. Delete the installer directory (or move the directory outside /var/www/html/) to prevent reconfiguration and/or unauthorized access:

rm -rf /var/www/html/roundcube/installer

– 5. Enable Roundcube’s automatic cache-cleaning (optional but recommended):

sudo crontab -u apache -l | { cat; echo "18 11 * * * /var/www/html/roundcube/bin/cleandb.sh"; } | sudo crontab -u apache -

– 6. Confirm that the parameter default_host in the Roundcube config file /var/www/html/roundcube/config/config.inc.php is set to the email domain name.

$config['default_host'] = 'itayemi.com';

– 7. Optional:  there are 2 parameters in file /etc/php.ini that controls the maximum attachment size in a single mail:  upload_max_filesize and  post_max_size. I believe upload_max_filesize  is the maximum file size of a single attached file while post_max_size is the combined maximum total of all files attached to a single mail.  The smaller of upload_max_filesize and post_max_size takes precedence. upload_max_filesize is set to 2MB by default. You likely want to increase the value of both parameters e.g., to 10MB (means the mail will accept a single file of 10MB size or a collect of smaller files totaling 10MB max).  To increase these values, edit file /etc/php.ini and increase the value of the parameters to your desired size then restart the Apache webserver:

upload_max_filesize = 10M
post_max_size = 10M

– 8. Restart Apache webserver:

systemctl restart httpd

——————————————————————————————————–

– Enable SSL for extra security

yum install mod_ssl
mkdir /etc/httpd/ssl
openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/httpd/ssl/server.crt -keyout /etc/httpd/ssl/server.key
openssl dhparam -out /etc/httpd/ssl/dhparam.pem 2048
cat /etc/httpd/ssl/dhparam.pem | tee -a /etc/httpd/ssl/server.crt
chmod -R 660 /etc/httpd/ssl

– Edit mod_ssl config file /etc/httpd/conf.d/ssl.conf
vi /etc/httpd/conf.d/ssl.conf

– Find the section that begins with “<VirtualHost _default_:443>” and uncomment the 2 lines below. Also change the ServerName parameter to your server’s name/IP
DocumentRoot “/var/www/html”
ServerName itayemi.com:443

– Find the SSLProtocol and SSLCipherSuite lines and either delete them or comment them out.

– Find the SSLCertificateFile and SSLCertificateKeyFile lines and change them to the paths to the SSL keys we created earlier:

SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key

– Edit the file /etc/{nginx,apache2,httpd}/etc/httpd/conf.d/ssl.conf and change X-Frame-Options to SAMEORIGIN. For example, the line “Header always set X-Frame-Options DENY” becomes “Header always set X-Frame-Options SAMEORIGIN”
Note that without this change sending appears to hang (spins but a refresh shows the mail in the Sent folder, AND more importantly, attempts to attach files to the mail throws an error and fails). Without this change, Roundcube will fail to upload attachments throwing “An error occurred! file upload failed!”.  Paste in the lines below AFTER the end of the VirtualHost block – at the end of the file:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

– For additional security, redirect all traffic to be SSL encrypted. Create the file /etc/httpd/conf.d/non-ssl.conf with the content below (use your own servername or IP-address):

vi /etc/httpd/conf.d/non-ssl.conf

<VirtualHost *:80>
     ServerName mailserver.example.com
     Redirect "/" "https://mailserver.example.com/"
</VirtualHost>

– Restart Apache webserver:
systemctl restart httpd

– Access the Rouncube email client login page at:  https://<server-ip>/roundcube/  or https://<server-name>/roundcube/

——————————————————————————————————

References:
https://nolabnoparty.com/en/setup-mail-server-postfix-dovecot-roundcube-centos/
https://firewalld.org/documentation/howto/open-a-port-or-service.html
https://firewalld.org/documentation/howto/add-a-service.html
https://www.fastwebhost.in/blog/mysql-list-users-how-to-list-mysql-user-accounts-via-command-line/
https://www.1and1.com/cloud-community/learn/application/e-mail/set-up-a-postfix-mail-server-with-dovecot-and-roundcube-on-centos-7/
https://www.howtoforge.com/tutorial/perfect-server-centos-7-apache-mysql-php-pureftpd-postfix-dovecot-and-ispconfig/
https://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/
https://www.vultr.com/docs/install-imagemagick-on-centos-6
https://tecadmin.net/install-imagemagick-on-centos-rhel/
https://forums.fedoraforum.org/archive/index.php/t-262200.html
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-centos-6
https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7
https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/
https://wiki.centos.org/HowTos/Https
https://www.linode.com/docs/email/clients/using-fetchmail-to-retrieve-email/https://support.rackspace.com/how-to/dovecot-installation-and-configuration-on-centos/https://support.plesk.com/hc/en-us/articles/115002060625-Roundcube-Attachment-and-settings-do-not-work-File-Upload-Failed
https://support.rackspace.com/how-to/dovecot-installation-and-configuration-on-centos/

For nginx (webserver):
https://linuxize.com/series/setting-up-and-configuring-a-mail-server/
https://linuxize.com/post/install-and-configure-roundcube-webmail/

OTHER USEFUL NOTES
————————————————————————
– Fetchmail does not seem to come with control scripts, but if you create them yourself (under /etc/init.d and links to /etc/rc.d/rcX.d/), systemd will pick them up

– Sample Fetchmail config that downloads mails for 3 users (5 minutes interval) from a remote mail server (IP n.n.n.n or FQDN)

# cat /root/.fetchmailrc
set syslog
set no bouncemail
set no spambounce
set daemon 300
poll n.n.n.n
with proto pop3
    username user1@mydomain.com password Password@123 is localuser1 mda "/bin/procmail -d %T"
    username anotheruser@mydomain.com password my-Password@123 is localanotheruser mda "/bin/procmail -d %T"
    username thirduser@mydomain.com password justaPassword is localeusername mda "/bin/procmail -d %T"

– Fetchmail knows to use /root/.fetchmailrc because it is defined in its startup script:
# grep fetchmailrc /etc/init.d/fetchmail
FRC=/root/.fetchmailrc
FRC=/root/.fetchmailrc

————————————————-
– If you use a relayhost (i.e., your mail server can’t send mails directly), uncomment and set the relayhost variable to your service provider’s SMTP server (and port e.g., 587) – especially necessary if they are blocking TCP port 25.
See link for sample steps for postfix: https://www.linode.com/docs/email/postfix/postfix-smtp-debian7/
————————————————-
The default postfix/fetchmail/dovecot log on CentOS/RedHat/Oracle_Linux is /var/log/maillog (look in the file for troubleshooting)
————————————————-

– If you have mails in /var/mail/ (e.g., because you were using Sendmail before) and you want that mail to be accessible in Roundcube or other email clients such as Outlook, you may need to use the mbox format instead of the Maildir folder, i.e., change the mail_location in file /etc/dovecot/conf.d/10-mail.conf as follows.

NOTE: If you switch to the mbox format, make sure the permission on INBOX files in /var/mail/ is 0600

  • If you would rather “migrate” the old mails in mbox format to the Maildir format (recommended for Postfix/Dovecot), you may need to use the mb2md utility.
    The mail_location in dovecot’s configuration remains as before:
    # grep mail_location  /etc/dovecot/conf.d/10-mail.conf
    mail_location = maildir:~/Maildir
    # Install mb2md mail formatconverter utility
    yum install -y mb2md-3.20-17.el7.noarch# Migrate each existing user’s old mails with the command below:
    su – <username>
    mb2md -m -d ~/Maildir/

     

    # NOTE: I tried both dsync and doveadm for the migration but got inconsistent results – not all mails were migrated or the commands just errored out with a core dump.

Refence link: https://wiki2.dovecot.org/Errors/ChgrpNoPerm

One thought on “Setup Roundcube Webmail on CentOS Linux

  1. I think that what you said was actually very reasonable.
    But, what about this? what if you were to write a killer headline?
    I mean, I don’t wish to tell you how to run your website,
    but suppose you added a title to possibly get folk’s attention? I mean Setup
    Roundcube Webmail on CentOS Linux | Illumination is kinda vanilla.
    You could look at Yahoo’s home page and watch how they create post headlines to grab people
    to open the links. You might try adding a video
    or a related pic or two to grab people interested about everything’ve got to
    say. Just my opinion, it could bring your blog a
    little bit more interesting.

Leave a Reply

Your email address will not be published. Required fields are marked *