Users October 2019

users@lists.roundcube.net

8 participants
7 discussions

Strange sieve script
by Jorge Bastos 24 Nov '19

24 Nov '19

Howdy, I've seen some some time and in distinct users, a redirect script been added to an email that has nothing to do with them. Maybe it's for fishing or other intention, maybe even espionage, which is real nowadays. Did anyone saw this in your users? I catched this in a regular "mailq" investigation for problems

2 2

getting 500 - internal server error after creating filter
by Marchello 07 Nov '19

07 Nov '19

Hi all, [sorry, forgot to include attachments in my previous message, fixed now] I'm trying to use roundcube and it is critical for me to have filtering rules. I am using squirrelmail and it has filters, but the UI is not mobile-friendly. Roundcube has mobile-friendly themes, so I would like to use it. But when I installed filters and created one test filter, it started to show 500 - internal server error. When I delete filter, it works fine again. I will put all needed technical details here. Roundcube Webmail 1.1.4 additional_message_headers 1.2.0 GPLv2 archive 2.3 GPLv3+ Attachment Reminder 1.1 GPLv3+ filesystem_attachments 1.0 GPLv3+ filters 2.1.4 GNU GPLv3+ hide_block 1.0 GPLv3+ identity_select 1.0 GPLv3+ jqueryui 1.10.4 GPLv3+ markasjunk 1.2 GPLv3+ mobile 0.4.5 GPL-3.0+ newmail_notifier 0.7 GPLv3+ new_user_dialog 2.1 GPLv3+ new_user_identity 1.1 GPLv3+ show_additional_headers 2.0 GPLv3+ squirrelmail_usercopy 1.4 GPLv3+ userinfo 1.0 GPLv3+ vcard_attachments 3.2 GPLv3+ zipdownload 3.0 GPLv3+ $ apache2 -v Server version: Apache/2.4.7 (Ubuntu) Server built: Apr 3 2019 18:04:25 $ php -v PHP 5.5.9-1ubuntu4.29 (cli) (built: Apr 22 2019 18:33:52) Copyright (c) 1997-2014 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies $ mysql -V mysql Ver 14.14 Distrib 5.5.62, for debian-linux-gnu (x86_64) using readline 6.3 attachments: error screenshot (it doesn't want to display my inbox messages after filter is created) filter example (very simple as for me) Please let me know what else do you need to advise. Asked also on https://www.roundcubeforum.net/index.php/topic,28592.0.html previously, but no answer so far. Best, Marchello

3 4

question about using Round Cube webmail
by billk＠bluestradatours.com 01 Nov '19

01 Nov '19

I have been using this program for 9 years... mostly putting up with it. Today, I really needed to move some folders from one 'parent' folder to another. I could not figure out how to do that. Any input is greatly appreciated. Bill Kniegge

2 2

getting 500 - internal server error after creating filter
by Marchello 01 Nov '19

01 Nov '19

Hi all, I'm trying to use roundcube and it is critical for me to have filtering rules. I am using squirrelmail and it has filters, but the UI is not mobile-friendly. Roundcube has mobile-friendly themes, so I would like to use it. But when I installed filters and created one test filter, it started to show 500 - internal server error. When I delete filter, it works fine again. I will put all needed technical details here. Roundcube Webmail 1.1.4 additional_message_headers 1.2.0 GPLv2 archive 2.3 GPLv3+ Attachment Reminder 1.1 GPLv3+ filesystem_attachments 1.0 GPLv3+ filters 2.1.4 GNU GPLv3+ hide_block 1.0 GPLv3+ identity_select 1.0 GPLv3+ jqueryui 1.10.4 GPLv3+ markasjunk 1.2 GPLv3+ mobile 0.4.5 GPL-3.0+ newmail_notifier 0.7 GPLv3+ new_user_dialog 2.1 GPLv3+ new_user_identity 1.1 GPLv3+ show_additional_headers 2.0 GPLv3+ squirrelmail_usercopy 1.4 GPLv3+ userinfo 1.0 GPLv3+ vcard_attachments 3.2 GPLv3+ zipdownload 3.0 GPLv3+ $ apache2 -v Server version: Apache/2.4.7 (Ubuntu) Server built: Apr 3 2019 18:04:25 $ php -v PHP 5.5.9-1ubuntu4.29 (cli) (built: Apr 22 2019 18:33:52) Copyright (c) 1997-2014 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies $ mysql -V mysql Ver 14.14 Distrib 5.5.62, for debian-linux-gnu (x86_64) using readline 6.3 attachments: error screenshot (it doesn't want to display my inbox messages after filter is created) filter example (very simple as for me) Please let me know what else do you need to advise. Asked also on https://www.roundcubeforum.net/index.php/topic,28592.0.html previously, but no answer so far. Best, Marchello.

1 0

Re: [RCU] Content Security Policy for Roundcube
by James Brown 31 Oct '19

31 Oct '19

Finally got this to work. In http.conf I put: <Directory “/parth/to/roundcube"> AllowOverride All Options +Indexes </Directory> Then created /path/to/roundcube/.htaccess and it has: Header unset Content-Security-Policy Header always set Content-Security-Policy "default-src 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src 'self'; connect-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'" Not sure if the first line with the ‘unset’ is needed. After restarting Apache it works. Hope that helps someone else. James. > On 11 Oct 2019, at 4:55 pm, James Brown <jlbrown(a)bordo.com.au> wrote: > > Good suggestion. > > Unfortunately it still doesn’t work. > > In http.conf I put: > > <Directory “path/to/sites/roundcube” > AllowOverride All > </Directory> > > But I would always get “.../roundcube/.htaccess: Header not allowed here” > > So commented everything out of roundcube/.htaccess and in http.conf I put: > > <Directory "path/to/sites/roundcube"> > AllowOverride All > #Header unset Content-Security-Policy > Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content" > </Directory> > > But still get: > > [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. (roundcube, line 17) > [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. (roundcube, line 57) > > Maddening! > > James. > >> On 11 Oct 2019, at 12:02 am, @lbutlr <kremels(a)kreme.com> wrote: >> >> On Oct 9, 2019, at 11:46 PM, James Brown <jlbrown(a)bordo.com.au> wrote: >>> I think you could be right Thomas, as whatever I put into the .htaccess file doesn’t seem to make a difference. >> >> Sounds like your .htaccess file is not being processed then. >> >> What is the AllowOverride directive in your http.conf for the roundcube directory or parent directory. >> >> For example, my roundcube install is in /usr/local/www/roundcube and in http.conf I have >> >> <Directory "/usr/local/www”> >> . . . stuff >> AllowOverride All >> . . . stuff >> </Directory> >> >> >> >> -- >> The thing standing in the way of your dreams is that the person having them is >> *you* https://xkcd.com/1027/ >> >> _______________________________________________ >> Roundcube Users mailing list >> users(a)lists.roundcube.net >> http://lists.roundcube.net/mailman/listinfo/users > > > _______________________________________________ > Roundcube Users mailing list > users(a)lists.roundcube.net > http://lists.roundcube.net/mailman/listinfo/users

1 0

Content Security Policy for Roundcube
by James Brown 11 Oct '19

11 Oct '19

Turning on 'Show Javascript Console' from Safari Develop menu showed me that my Content Security Policy was preventing emails displaying in mailboxes. Additionally at logout I get the message "PHP Error: Request security check failed REQUEST CHECK FAILED For your protection, access to this resource is secured against CSRF. If you see this, you probably didn't log out before leaving the web application. Human interaction is now required to continue." Please contact your server-administrator. Commenting out the CSP line in https.conf fixed it. Currently using: Header set Content-Security-Policy "default-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri ‘self' Which fails. Is there a recommended CSP for Roundcube? thanks, James.

5 9

CalDav in RoundCube
by Ing. Karol Krasňan 07 Oct '19

07 Oct '19

Hello, please is there a way how can I access existing CalDav calendars (sabredav) from roundcube? I had working installation on previous versions of RoundCube but now I have no luck with latest roundcube version. Thanks for help. Karol

3 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Users October 2019