CENTOS6.4中安裝roundcube webmail－K'隨手記

安裝環境說明：

郵件伺服器postfix + dovecot

dovecot 提供pop3 pop3s imap imaps

官方說明如下：

REQUIREMENTS
============

* The Apache, Lighttpd, Cherokee or Hiawatha web server
* .htaccess support allowing overrides for DirectoryIndex
* PHP Version 5.2.1 or greater including
   - PCRE, DOM, JSON, XML, Session, Sockets (required)
   - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
     Note: MySQL database driver requires PHP 5.3 or newer.
   - Libiconv, Zip (recommended)
   - Fileinfo, Mcrypt, mbstring (optional)
* PEAR packages distributed with Roundcube or external:
   - Mail_Mime 1.8.1 or newer
   - Mail_mimeDecode 1.5.5 or newer
   - Net_SMTP (latest from https://github.com/pear/Net_SMTP/)
   - Net_IDNA2 0.1.1 or newer
   - Auth_SASL 1.0.6 or newer
* php.ini options (see .htaccess file):
   - error_reporting E_ALL & ~E_NOTICE (or lower)
   - memory_limit > 16MB (increase as suitable to support large attachments)
   - file_uploads enabled (for attachment upload features)
   - session.auto_start disabled
   - zend.ze1_compatibility_mode disabled
   - suhosin.session.encrypt disabled
   - mbstring.func_overload disabled
   - magic_quotes_runtime disabled
   - magic_quotes_sybase disabled
* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
or SQLite support in PHP
* One of the above databases with permission to create tables
* An SMTP server (recommended) or PHP configured for mail delivery

1.登入mysql

[root@dns etc]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.69 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

2.建立Roundcube使用的資料庫名為ROUNDCUBE

mysql> CREATE DATABASE IF NOT EXISTS ROUNDCUBE;
Query OK, 1 row affected (0.00 sec)

3.建立存取ROUNDCUBE資料庫的帳號roundcube

mysql> CREATE USER 'roundcube'@'localhost' IDENTIFIED BY '密碼';
Query OK, 0 rows affected (0.00 sec)

4.授權帳號roundcube存取資料庫roundcube權限

mysql> GRANT ALL PRIVILEGES ON ROUNDCUBE . * TO 'roundcube'@'localhost';
Query OK, 0 rows affected (0.00 sec)

5.重新裝載授權表讓新設定的權限生效

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye
[root@dns etc]#

6.下載roundcube

於http://roundcube.net/download/ 目前最新版本為roundcubemail-0.9.5.tar.gz

7.解縮縮檔案到/var/www，解壓縮後會產生/var/www/roundcube-0.9.5目錄

tar -xzvf roundcubemail-0.9.5.tar.gz -C /var/www/html

8.更改目錄名稱

mv /var/www/html/roundcubemail-0.9.5 /var/www/html/roundcube

9.更改權限

[root@dns ~]# chown root:root -R /var/www/html/roundcube
[root@dns ~]# chmod 777 -R /var/www/html/roundcube/temp/
[root@dns ~]# chmod 777 -R /var/www/html/roundcube/logs/

10.執行 http://你的網址/roundcube/installer/ 進行設定與安裝

此頁面會檢查roundcube所需的一切環境設定，若確認問題都已排除且滿足系統安裝的需求後，點選下方的Next按鈕進行下一步驟

若執行產生下列錯誤訊息：

ERROR: Wrong 'suhosin.session.encrypt' option value and it wasn't possible to set it to required value (). Check your PHP configuration (including php_admin_flag).

解決方法：

修改php suhosin設定檔/etc/php.d/suhosin.ini 參數

suhosin.session.encrypt = off

重啟動apache

service httpd restart

12.於第二步驟填入您系統的相關設定

General configuration

product_name: The name of your service (used to compose page titles)
support_url: Provide an URL where a user can get support for this Roundcube installation.
PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!

Enter an absolute URL (inculding http://) to a support page/form or a mailto: link.
skin_logo: Custom image to display instead of the Roundcube logo.

Enter a URL relative to the document root of this Roundcube installation.
temp_dir: Use this folder to store temp files (must be writeable for webserver)
des_key: This key is used to encrypt the users imap password before storing in the session record

It's a random generated string to ensure that every installation has its own key. If you enter it manually please provide a string of exactly 24 chars.
ip_check: Check client IP in session authorization

This increases security but can cause sudden logouts when someone uses a proxy with changing IPs.
enable_spellcheck: Make use of the spell checker
spellcheck_engine: Which spell checker to use

GoogieSpell implies that the message content will be sent to Google in order to check the spelling.
identities_level: Level of identities access

Defines what users can do with their identities.

Logging & Debugging

debug_level: Log errors
Print errors (to the browser)
Verbose display (enables debug console)
log_driver: How to do logging? 'file' - write to files in the log directory, 'syslog' - use the syslog facility.
log_dir: Use this folder to store log files (must be writeable for webserver). Note that this only applies if you are using the 'file' log_driver.
syslog_id: What ID to use when logging with syslog. Note that this only applies if you are using the 'syslog' log_driver.
syslog_facility: What ID to use when logging with syslog. Note that this only applies if you are using the 'syslog' log_driver.

Database setup

db_dsnw: Database settings for read/write operations:
Database type
Database server (omit for sqlite)
Database name (use absolute path and filename for sqlite)
Database user name (needs write permissions)(omit for sqlite)
Database password (omit for sqlite)

IMAP Settings

default_host

The IMAP host(s) chosen to perform the log-in

add

Leave blank to show a textbox at login. To use SSL/IMAPS connection, type ssl://hostname

default_port

TCP port used for IMAP connections

username_domain

Automatically add this domain to user names for login

Only for IMAP servers that require full e-mail addresses for login

auto_create_user

Automatically create a new Roundcube user when log-in the first time

A user is authenticated by the IMAP server but it requires a local record to store settings and contacts. With this option enabled a new user record will automatically be created once the IMAP login succeeds.

If this option is disabled, the login only succeeds if there's a matching user-record in the local Roundcube database what means that you have to create those records manually or disable this option after the first login.

sent_mbox

Store sent messages in this folder

Leave blank if sent messages should not be stored. Note: folder must include namespace prefix if any.

trash_mbox

Move messages to this folder when deleting them

Leave blank if they should be deleted directly. Note: folder must include namespace prefix if any.

drafts_mbox

Store draft messages in this folder

Leave blank if they should not be stored. Note: folder must include namespace prefix if any.

junk_mbox

Store spam messages in this folder

Note: folder must include namespace prefix if any.

SMTP Settings

smtp_server: Use this host for sending mails

To use SSL connection, set ssl://smtp.host.com. If left blank, the PHP mail() function is used
smtp_port: SMTP port (default is 25; 465 for SSL; 587 for submission)
smtp_user/smtp_pass: SMTP username and password (if required)

Use the current IMAP username and password for SMTP authentication
smtp_log: Log sent messages in {log_dir}/sendmail or to syslog.

Display settings & user prefs

language *: The default locale setting. This also defines the language of the login screen.
Leave it empty to auto-detect the user agent language.

Enter a RFC1766 formatted language name. Examples: en_US, de_DE, de_CH, fr_FR, pt_BR
skin *: Name of interface skin (folder in /skins)
mail_pagesize *: Show up to X items in the mail messages list view.
addressbook_pagesize *: Show up to X items in the contacts list view.
prefer_html *: Prefer displaying HTML messages
preview_pane *: If preview pane is enabled
htmleditor *: Compose HTML formatted messages
draft_autosave *: Save compose message every
mdn_requests *: Behavior if a received message requests a message delivery notification (read receipt)
mime_param_folding *: How to encode attachment long/non-ascii names

* These settings are defaults for the user preferences

13.將產生的兩個檔案main.inc.php和db.inc.php置入 /var/www/html/roundcube/config後，點選

CONTINUE按鈕繼續

14.點選 Initialize database按鈕初建立系統要用的資料表

15.設定roundcube存取權限，建立檔案/etc/httpd/conf.d/roundcube.conf

內容如下：

Alias /webmail /var/www/html/roundcube

<Directory /var/www/html/roundcube>
  Options -Indexes
  AllowOverride All
</Directory>

<Directory /var/www/html/roundcube/config>
  Order Deny,Allow
  Deny from All
</Directory>

<Directory /var/www/html/roundcube/temp>
  Order Deny,Allow
  Deny from All
</Directory>

<Directory /var/www/html/roundcube/logs>
  Order Deny,Allow
  Deny from All
</Directory>

16.編輯ROUNDCUBE設定檔 /var/www/html/roundcube/config/main.inc.php，設定與檢查下列參數

roundcube進階設定

//設定各類除錯與記錄檔參數，請依個人需求設定
// system error reporting, sum of: 1 = log; 4 = show, 8 = trace
$rcmail_config['debug_level'] = 1;

// Log sent messages to <log_dir>/sendmail or to syslog
$rcmail_config['smtp_log'] = true;

// Log successful logins to <log_dir>/userlogins or to syslog
$rcmail_config['log_logins'] = true;

// Log session authentication errors to <log_dir>/session or to syslog
$rcmail_config['log_session'] = true;

// Log SQL queries to <log_dir>/sql or to syslog
$rcmail_config['sql_debug'] = true;

// Log IMAP conversation to <log_dir>/imap or to syslog
$rcmail_config['imap_debug'] = true;

// Log LDAP conversation to <log_dir>/ldap or to syslog
$rcmail_config['ldap_debug'] = true;

// Log SMTP conversation to <log_dir>/smtp or to syslog
$rcmail_config['smtp_debug'] = true;

//設定郵件伺服器相關參數
// ----------------------------------
// IMAP
// ----------------------------------
//設定您的郵件伺服器位置
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
// required to match old user data records with the new host.
$rcmail_config['default_host'] = 'localhost';//若使用DOVECOT提供imaps服務時，則寫成ssl://localhost

// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143; //若使用imaps，則改為993

// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'.
$rcmail_config['imap_cache'] = null;

// Enables messages cache. Only 'db' cache is supported.
$rcmail_config['messages_cache'] = false;

//設定SMTP伺服器連線位置與方式
// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$rcmail_config['smtp_server'] = '您的網域'; //若使用smtps，則改寫為 tls://您的網域

// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$rcmail_config['smtp_port'] = 25;

//如果寄信需要驗證，smtp_user與smtp_pass參數一定要設定
//否則無法寄信，可能會出現類似SMTP 554.5.7.1 Relay access denied的錯誤訊息
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$rcmail_config['smtp_user'] = '%u';

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$rcmail_config['smtp_pass'] = '%p';

// ----------------------------------
// SYSTEM
// ----------------------------------
//如果有設定SSL，請啟用此參數，增加安全性
//若force_https為true且未使用SSL連線網頁郵件伺服器時，
//會登入失敗並顯示類似下列錯誤訊息
//要求無效！未儲存任何資料。
//若force_https和use_https都設定為true時，
//當使用者連線到網頁郵件伺服器時時，
//系統不會強迫轉址使用https，
//此兩參數只有一個能設定為true，
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$rcmail_config['force_https'] = true;

// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$rcmail_config['use_https'] = false;

//設定網頁快取，如果系統有提供
// Use these hosts for accessing memcached
// Define any number of hosts in the form of hostname:port or unix:///path/to/socket.file
$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' );

//記得修改roundcube用來加密儲存使用者密碼的字串
//目前使用系統自動產生的字串
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$rcmail_config['des_key'] = 'CPINUNb*f509w$$oA2DBI*dp';

//設定後，網頁郵件伺服器登入頁面的帳號欄位只需要輸入帳號，
//無需輸入完整電子郵件帳號
// Automatically add this domain to user names for login
// Only for IMAP servers that require full e-mail addresses for login
// Specify an array with 'host' => 'domain' values to support multiple hosts
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$rcmail_config['username_domain'] = '您的網域';

// This domain will be used to form e-mail addresses of new users
// Specify an array with 'host' => 'domain' values to support multiple hosts
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$rcmail_config['mail_domain'] = '您的網域';

// use this name to compose page titles
//$rcmail_config['product_name'] = 'Roundcube Webmail';
$rcmail_config['product_name'] = '我的郵件伺服器';

// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$rcmail_config['language'] = 'zh_TW';

// Use this charset as fallback for message decoding
//$rcmail_config['default_charset'] = 'ISO-8859-1';
$rcmail_config['default_charset'] = 'BIG5';

// Make use of the built-in spell checker. It is based on GoogieSpell.
// Since Google only accepts connections over https your PHP installatation
// requires to be compiled with Open SSL support
$rcmail_config['enable_spellcheck'] = true;

//設定拼字檢查
// Enables spellchecker exceptions dictionary.
// Setting it to 'shared' will make the dictionary shared by all users.
//$rcmail_config['spellcheck_dictionary'] = false;
$rcmail_config['spellcheck_dictionary'] = shared;

#開啟上傳附件檔案進度列的功能
// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option.
// By default refresh time is set to 1 second. You can set this value to true
// or any integer value indicating number of seconds.
//$rcmail_config['upload_progress'] = false;
$rcmail_config['upload_progress'] = true;

//設定時區為亞洲臺北
// use this timezone to display date/time
// valid timezone identifers are listed here: php.net/manual/en/timezones.php
// 'auto' will use the browser's timezone settings
//$rcmail_config['timezone'] = 'auto';
$rcmail_config['timezone'] = 'Asia/Taipei';

//顯示郵件中嵌入的外部圖片的方式
/var/www/html/roundcube/config/main.inc.php
// display remote inline images
// 0 - Never, always ask
// 1 - Ask if sender is not in address book
// 2 - Always show inline images
$rcmail_config['show_images'] = 0;

//啟用郵件預覽
// default setting if preview pane is enabled
//$rcmail_config['preview_pane'] = false;
$rcmail_config['preview_pane'] = true;

17.郵件附件檔案上傳相關設定

.檢查/etc/php.ini 參數設定

file_uploads = on ;啟用http上傳功能

memory_limit = 256M ;每次執行PHP腳本可使用記憶體上限

post_max_size = 200M ;ＰＨＰ接受POST傳值的上限，此值需大於upload_max_filesize

upload_max_filesize = 100M ;上傳檔案大小上限

max_input_time = 60 ;每次執行PHP腳本解析資料時的最長執行時間

max_execution_time = 30 ;執行每一段PHP腳本的最長執行時間

請依伺服器與網路狀況設定上列參數值

.編輯/var/www/html/roundcube/.htaccess 設定附件上傳大小

將下列參數值設定與/etc/php.ini中相同參數名稱的值一樣

php_value upload_max_filesize 100M
php_value post_max_size 200M
php_value memory_limit 256M

.檢查postfix設定檔設定 /etc/postfox/main.cf 郵件信箱與信件大小是否大於附件檔大小

#每個人收件匣mailbox大小上限需大於message_size_limit

#收件匣mailbox大小改為1G

mailbox_size_limit = 1073741824

#信件大小改為150MB

message_size_limit = 157286400

18.重啟動apache

[root@dns ~]#servce httpd restart

19.測試登入 http://localhost/roundcube/

若一直無法登入時，先檢查錯誤記錄檔

/var/www/html/roundcube/logs/errors

若記錄檔出現下列類似訊息：

[22-Nov-2013 16:21:58 +0800]: IMAP Error:

Could not connect to localhost:143:

拒絕不符權限的操作

in /var/www/html/roundcube/program/lib/Roundcube/

rcube_imap.php on line 184

(POST /roundcube/?_task=login&_action=login)

則是因為SELinux造成的權限問題，需執行下列指令

[root@dns audit]# setsebool -P httpd_can_network_connect 1

若仍然無法登入，在檢視dovecot的相關記錄

發現有下列類似訊息：

Nov 22 19:10:27 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<帳號@網域名稱>, method=PLAIN, rip=::1, lip=::1, secured

去設定 /etc/dovecot/conf.d/10-auth.conf ，設定auth_username_format參數為

# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
#auth_username_format =
auth_username_format = %n

20.由Roundcube試著寄信給同網域收件人與外部收件人，測試寄件功能是否正常

如果一直無法透過網頁寄信，檢查SELinux中有關httpd的規則

[root@dns log]# getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_verify_dns --> off
[root@dns log]#

發現

httpd_can_sendmail --> off

httpd_read_user_content --> off

執行指令開啟上列功能並寫入規則

[root@dns audit]# setsebool -P httpd_can_sendmail 1

21.若測試成功則移除安裝設定檔

[root@dns ~]#rm -rf /var/www/html/roundcube/installer

備註：

安裝完成設定檔放入/var/www/roundcube/config後,
http://localhost/roundcube/installer連結便無法正常執行,
會出現錯誤訊息

The installer is disabled!

To enable it again, set $rcmail_config['enable_installer'] = true; in RCUBE_CONFIG_DIR/main.inc.php

安裝參考資料：

http://trac.roundcube.net/wiki/Howto_Install