How to install Roundcubemail (webmail alternative)

I would post issues relating to Roundcube installation on http://www.roundcubeforum.net/ for swift replies.

If you can only log in with one address, you should probably have a look at your config file and see if you have a specific email address hardcoded.
 
Roundcube rules :)

If interested, it's possible to add HTML mail writing support with TinyMCE.
Took me about 45 to 70 minutes to do.

Guide for it is available at the roundcube forums.
 

Attachments

  • roundcube.png
    roundcube.png
    71.8 KB · Views: 589
spell check button does not work for me. The spell check link does.
 
Argh...

Just spent an hour to find out that in beta2 the db.inc.php is called db.inc.php.dist and main.inc.php is called main.inc.php.dist. So after making all your changes you have to rename these files. (Maybe nice to include in the start post?)

Besides that it 's also wise to do a 'chown root.apache db.inc.php && chmod 640 db.inc.php'. As it contains your db-password...
 
Last edited:
Eeeks! Has anyone investigated the claims of all the VULN's in this application? It has been spoken about and beaten to death on the cpanel forums and all in all the general concenus is that this application is not fit for production use due to all the security issues associated with it.

But good luck if you installed it. Hopefully, your box wont be owned.
 
We've installed RCM on all of our servers and have not had any "owned"
 
I also installed it, following the how-to, on my DA VPS with the newest stable release of Roundcube and it works fine! :D Thanks
 
pucky said:
Eeeks! Has anyone investigated the claims of all the VULN's in this application? It has been spoken about and beaten to death on the cpanel forums and all in all the general concenus is that this application is not fit for production use due to all the security issues associated with it.

But good luck if you installed it. Hopefully, your box wont be owned.
Click to expand...

Please provide direct links as I cannot find this on cpanel forums or anywhere else for that fact, in fact people are making requests to cpanel to add this as another mail client...
 
In the DA panel, only user can create a DB. How do we create it so that root can use? or how do we do that? Thanks!
 
pluk said:
In the DA panel, only user can create a DB. How do we create it so that root can use? or how do we do that? Thanks!
Click to expand...

Just login as Admin and switch to the 'user panel'. There you can create the database for the admin user.
 
Oh, I don't have anything configured as a domain in it :( Hmmm... let me check.
 
Since we haven't heard back from the gent with the security concern I did some checking:
http://tinyurl.com/yjgxdj

Looks like there are some XSS and path disclusure issues. To test for the XSS try this or something similar to get an alert popup. Exploit code is here:

http://downloads.securityfocus.com/vulnerabilities/exploits/21042.html

And of course if it doesn't give you one you are clear. Normally servers configured properly with mod_security wouldn't respond to this attempt.

As for the path disclosures you should be able to set the following in the config files to quiet down the error messages:
$rcmail_config['debug_level'] = 0;

Now that I know these things I will go install it and give them a shot. I will report my findings as time permits.

Cheers,

Big Wil
 
Last edited:
You must log in or register to reply here.
Back
Top