Roundcube Webmail - Professionelles Webmail installieren | Blog

Roundcube ist ein moderner, funktionsreicher Webmail-Client für IMAP-Server. Er bietet eine intuitive Benutzeroberfläche und umfangreiche Funktionen.

Features

Übersicht

- Modernes AJAX-Interface
- Drag & Drop
- Adressbuch mit LDAP-Support
- Mehrere Identitäten
- HTML-Editor
- Attachment Preview
- Suchfunktion
- Plugin-System
- Mobile-optimiert

Installation

Voraussetzungen

# Webserver, PHP, Datenbank
apt install nginx php-fpm php-mysql php-xml php-mbstring php-intl php-zip php-gd php-curl php-ldap mariadb-server

Download

cd /var/www
wget https://github.com/roundcube/roundcubemail/releases/download/1.6.6/roundcubemail-1.6.6-complete.tar.gz
tar xzf roundcubemail-1.6.6-complete.tar.gz
mv roundcubemail-1.6.6 roundcube
chown -R www-data:www-data roundcube

Datenbank erstellen

mysql -u root -p

CREATE DATABASE roundcube CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'sicheres_passwort';
GRANT ALL ON roundcube.* TO 'roundcube'@'localhost';
FLUSH PRIVILEGES;
EXIT;

# Schema importieren
mysql -u roundcube -p roundcube < /var/www/roundcube/SQL/mysql.initial.sql

Nginx-Konfiguration

# /etc/nginx/sites-available/roundcube

server {
    listen 80;
    server_name webmail.example.de;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name webmail.example.de;

    ssl_certificate /etc/letsencrypt/live/webmail.example.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/webmail.example.de/privkey.pem;

    root /var/www/roundcube;
    index index.php;

    # Logs
    access_log /var/log/nginx/roundcube.access.log;
    error_log /var/log/nginx/roundcube.error.log;

    # Sensible Verzeichnisse blockieren
    location ~ ^/(config|temp|logs)/ {
        deny all;
    }

    location ~ /\. {
        deny all;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx

Konfiguration

Web-Installer

https://webmail.example.de/installer

1. Check environment
2. Create config
3. Test config
4. Remove installer

Manuelle Konfiguration

<?php
// /var/www/roundcube/config/config.inc.php

$config = [];

// Datenbank
$config['db_dsnw'] = 'mysql://roundcube:sicheres_passwort@localhost/roundcube';

// IMAP-Server
$config['imap_host'] = 'ssl://mail.example.de:993';
$config['imap_auth_type'] = 'LOGIN';
$config['imap_conn_options'] = [
    'ssl' => [
        'verify_peer' => true,
        'verify_peer_name' => true,
    ],
];

// SMTP-Server
$config['smtp_host'] = 'tls://mail.example.de:587';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';

// Allgemein
$config['product_name'] = 'Webmail';
$config['des_key'] = 'rcmail-!24BytesDESkey*Str';  // Ändern!
$config['plugins'] = [];
$config['language'] = 'de_DE';
$config['enable_installer'] = false;

// Sicherheit
$config['login_autocomplete'] = 2;
$config['session_lifetime'] = 30;
$config['ip_check'] = true;
$config['password_charset'] = 'UTF-8';
$config['sendmail_delay'] = 0;

// Benutzereinstellungen
$config['default_host'] = 'ssl://mail.example.de';
$config['default_port'] = 993;
$config['username_domain'] = 'example.de';
$config['mail_domain'] = 'example.de';
$config['support_url'] = '';
$config['skin_logo'] = null;

// Speicherorte
$config['temp_dir'] = '/var/www/roundcube/temp/';
$config['log_dir'] = '/var/www/roundcube/logs/';

Installer entfernen

rm -rf /var/www/roundcube/installer

Plugins

Plugin aktivieren

// config/config.inc.php

$config['plugins'] = [
    'archive',
    'zipdownload',
    'managesieve',
    'password',
    'markasjunk',
    'attachment_reminder',
];

Password-Plugin

// plugins/password/config.inc.php

$config['password_driver'] = 'sql';
$config['password_db_dsn'] = 'mysql://roundcube:passwort@localhost/vmail';
$config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u';
$config['password_crypt_hash'] = 'sha512-crypt';
$config['password_minimum_length'] = 8;
$config['password_require_nonalpha'] = true;

Managesieve-Plugin (Filterregeln)

// plugins/managesieve/config.inc.php

$config['managesieve_host'] = 'localhost';
$config['managesieve_port'] = 4190;
$config['managesieve_auth_type'] = null;
$config['managesieve_usetls'] = true;

Zwei-Faktor-Authentifizierung

# 2FA-Plugin installieren
cd /var/www/roundcube/plugins
git clone https://github.com/alexandregz/twofactor_gauthenticator.git

$config['plugins'][] = 'twofactor_gauthenticator';

Themes

Elastic (Standard)

$config['skin'] = 'elastic';

Larry (Klassisch)

$config['skin'] = 'larry';

Eigenes Logo

$config['skin_logo'] = '/images/logo.png';

Performance

Caching aktivieren

// Memcached
$config['imap_cache'] = 'memcache';
$config['messages_cache'] = true;
$config['session_storage'] = 'memcache';
$config['memcache_hosts'] = ['localhost:11211'];

// Oder Redis
$config['redis_hosts'] = ['localhost:6379'];
$config['session_storage'] = 'redis';

PHP-OPcache

; /etc/php/8.2/fpm/conf.d/10-opcache.ini

opcache.enable=1
opcache.memory_consumption=128
opcache.max_accelerated_files=10000
opcache.revalidate_freq=60

Sicherheit

HTTP-Header

# In Nginx-Konfiguration

add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;

Fail2ban

# /etc/fail2ban/filter.d/roundcube.conf

[Definition]
failregex = IMAP Error: Login failed for .* from <HOST>
ignoreregex =

# /etc/fail2ban/jail.local

[roundcube]
enabled = true
port = http,https
filter = roundcube
logpath = /var/www/roundcube/logs/errors.log
maxretry = 5
bantime = 3600

Session-Sicherheit

$config['session_lifetime'] = 30;
$config['session_domain'] = '';
$config['session_name'] = 'roundcube_sessid';
$config['session_auth_name'] = null;
$config['session_path'] = '/';
$config['ip_check'] = true;

Update

Manuelles Update

# Backup
cp -r /var/www/roundcube /var/www/roundcube.backup
mysqldump -u root -p roundcube > roundcube_backup.sql

# Download neue Version
cd /var/www
wget https://github.com/roundcube/roundcubemail/releases/download/1.6.7/roundcubemail-1.6.7-complete.tar.gz
tar xzf roundcubemail-1.6.7-complete.tar.gz

# Dateien kopieren
cd roundcubemail-1.6.7
cp -r program public vendor skins index.php ../roundcube/

# Konfiguration behalten
# config/config.inc.php bleibt unverändert

# Datenbank-Update
cd /var/www/roundcube
bin/update.sh

# Berechtigungen
chown -R www-data:www-data /var/www/roundcube

Troubleshooting

Logs prüfen

# Roundcube-Logs
tail -f /var/www/roundcube/logs/errors.log

# Nginx-Logs
tail -f /var/log/nginx/roundcube.error.log

# PHP-FPM
tail -f /var/log/php8.2-fpm.log

IMAP-Verbindungsprobleme

# Manuell testen
openssl s_client -connect mail.example.de:993

# In Roundcube debuggen
$config['imap_debug'] = true;
$config['smtp_debug'] = true;

Häufige Fehler

// Leerer Bildschirm
// → PHP-Fehler prüfen
ini_set('display_errors', 1);
error_reporting(E_ALL);

// Session-Probleme
// → temp-Verzeichnis prüfen
ls -la /var/www/roundcube/temp/
chmod 750 /var/www/roundcube/temp
chown www-data:www-data /var/www/roundcube/temp

Docker

Docker Compose

version: '3'

services:
  roundcube:
    image: roundcube/roundcubemail:latest
    container_name: roundcube
    restart: unless-stopped
    ports:
      - "8080:80"
    environment:
      - ROUNDCUBEMAIL_DB_TYPE=mysql
      - ROUNDCUBEMAIL_DB_HOST=db
      - ROUNDCUBEMAIL_DB_USER=roundcube
      - ROUNDCUBEMAIL_DB_PASSWORD=password
      - ROUNDCUBEMAIL_DB_NAME=roundcube
      - ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail.example.de
      - ROUNDCUBEMAIL_DEFAULT_PORT=993
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.example.de
      - ROUNDCUBEMAIL_SMTP_PORT=587
    volumes:
      - roundcube_data:/var/www/html
    depends_on:
      - db

  db:
    image: mariadb:10
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=rootpassword
      - MYSQL_DATABASE=roundcube
      - MYSQL_USER=roundcube
      - MYSQL_PASSWORD=password
    volumes:
      - db_data:/var/lib/mysql

volumes:
  roundcube_data:
  db_data:

Zusammenfassung

| Datei | Funktion | |-------|----------| | config/config.inc.php | Hauptkonfiguration | | plugins/ | Erweiterungen | | skins/ | Themes | | logs/ | Log-Dateien | | temp/ | Temporäre Dateien |

| Plugin | Funktion | |--------|----------| | archive | E-Mails archivieren | | password | Passwort ändern | | managesieve | Filterregeln | | zipdownload | Attachments als ZIP | | markasjunk | Spam markieren |

| Einstellung | Empfehlung | |-------------|------------| | session_lifetime | 30 Minuten | | ip_check | true | | login_autocomplete | 2 | | plugins | Nach Bedarf |

Fazit

Roundcube ist ein ausgereifter Webmail-Client mit allen wichtigen Funktionen. Die Installation ist straightforward, erfordert aber korrekte IMAP/SMTP-Konfiguration. Das Plugin-System ermöglicht Erweiterungen wie Passwortänderung und Filterregeln. Mit Caching und OPcache wird die Performance deutlich verbessert. Für Produktionsumgebungen sind Sicherheitseinstellungen und Fail2ban essentiell.