Users June 2025

users@lists.roundcube.net

12 participants
6 discussions

Correct way to configure with imapproxy != imap server
by Nicolas George 13 Jun '25

13 Jun '25

Hi. We have a mail server, let us call it clipper, and Roundcube running on a distinct server, let us call it localhost. We already have users, with their identities and their address books in the database. I want to add imapproxy in the chain, to reduce the load on clipper. It will run on localhost. Unfortunately, if I just write: $config['default_host'] = 'localhost'; … then for the database the mail_host column will be localhost instead of clipper, and everybody will be considered a new user when connecting the next time. I could do “UPDATE users SET mail_host = 'localhost' WHERE mail_host = 'clipper'” but I do not want to: for reasons of elegance and the ability to move back or to host multiple servers on the same instance, I want the database to contain the real host name. What are the options? I found a hack: I added “127.0.0.2 clipper” in /etc/hosts and configured imapproxy with a different FQDN for clipper. That way, Roundcube thinks it is talking to clipper when it is really talking to the proxy. And since the proxy is running on localhost I can dispense with TLS and all the security theatre of certificates. Before thinking of this hack, I tried another one that I got halfway working: configure the firewall with a NAT chain “ip daddr $clipper tcp dport 143 counter redirect to :143”. The solution with /etc/hosts is simpler and more robust. But these are hacks. Is there a clean supported solution? Thanks in advance. -- Nicolas George, responsable adjoint du Pôle numérique, pédagogique et scientifique, École normale supérieure

2 1

Periodic Request #1 - Paid Job: Checkbox to list only folders with new, unread mail
by Philip Rhoades 13 Jun '25

13 Jun '25

People, Every year or so I ask this Q but haven't had any responses . . trying yet again: Currently I have 756 primary (Maildir) mail folders - very many of which have emails moved directly into them via a .mailfilter Maildrop file. When new mail arrives in one of these folders, in RCM the folder name changes to a blue colour - which is very convenient (thank you RCM devs!) but in my case it would be EVEN MORE convenient if I didn't have to scroll down 756 lines looking for blue coloured folders . . Is it possible to have a new checkbox which causes RCM, in Classic Mode, to only display the folders which have new, unread mail in them somehow? Is there someone who knows how to code this and to do the work as a paid job? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: phil(a)pricom.com.au _______________________________________________ Users mailing list -- users(a)lists.roundcube.net To unsubscribe send an email to users-leave(a)lists.roundcube.net

3 4

[RCD] Security updates 1.5.10 and 1.6.11 released
by Aleksander Machniak 09 Jun '25

09 Jun '25

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain a fix for recently reported security vulnerability. Security fixes: - Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.11 and 1.5.10. https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions. -- Alec

3 3

IOCs for the recently disclosed RCE
by Drew Weaver 05 Jun '25

05 Jun '25

Hello, Has anyone figured out any IOCs for the recently disclosed RCE? I'm guessing they were just going to Shodan and looking for any RC systems running <= 1.6.10 and then popping them automatically but does anyone have any things to look for to check? We're probably just going to re-do our instances from scratch anyway but I'm just wondering. Thanks, -Drew

1 0

1.7 changes wtf
by Nick Edwards 05 Jun '25

05 Jun '25

I know its not released but my jaw dropped when I read this *Updating to 1.7 or higher* *From Roundcube 1.7 you must configure your web server to use the public_html folder as the document root.* ummm, what the actual fsck? public_htrml ???????? who the hell uses public_html on webmail servers, or any hosting server for that matter, I've not seen that directory used since the 90s, please tell us that is a placeholder, or some left over from version 0.01a

6 7

Ever imagined about owning a
by g5dntegj＠nqmo.com 02 Jun '25

02 Jun '25

Ever imagined about owning a piece of land that is adjacent to your existing property? What if you've been using it openly and without interruption for years, even though the title isn't officially in your name? https://www.marsillpost.com

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Users June 2025