Hi,
After a RC upgrade (.5.4 -> 0.6), can one blindly run the
mysql.update.sql, or should I adjust it accordingly to the release I am
upgrading from? I ask as I tried and it complained:-
root@peon /www/roundcube/SQL # mysql*-p roundcubemail < mysql.update.sql *
Enter password:
ERROR 1091 (42000) at line 7: Can't DROP 'idx'; check that column/key exist
Entry in the mysql.update.sql reads:
ALTER TABLE `messages`
DROP INDEX `idx`,
DROP INDEX `uid`;
mysql> describe messages;
+------------+------------------+------+-----+---------------------+----------------+
| Field | Type | Null | Key | Default |
Extra |
+------------+------------------+------+-----+---------------------+----------------+
| message_id | int(11) unsigned | NO | PRI | NULL |
auto_increment |
| user_id | int(10) unsigned | NO | MUL | 0
| |
| del | tinyint(1) | NO | | 0
| |
| cache_key | varchar(128) | NO | | NULL
| |
| created | datetime | NO | MUL | 1000-01-01 00:00:00
| |
| *idx* | int(11) unsigned | NO | | 0
| |
| *uid* | int(11) unsigned | NO | | 0
| |
| subject | varchar(255) | NO | | NULL
| |
| from | varchar(255) | NO | | NULL
| |
| to | varchar(255) | NO | | NULL
| |
| cc | varchar(255) | NO | | NULL
| |
| date | datetime | NO | | 1000-01-01 00:00:00
| |
| size | int(11) unsigned | NO | | 0
| |
| headers | text | NO | | NULL
| |
| structure | text | YES | | NULL
| |
+------------+------------------+------+-----+---------------------+----------------+
15 rows in set (0.00 sec)
Regards, S
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
Hi,
I started playing with the modsecurity rules today.
I noticed that CRS modsecurity rule
modsecurity_crs_16_session_hijacking.conf will hit on Roundcube 0.6 on
my test server. I have not used modsec on any other version of RC.
Enabling the CRS 2.2.2 options rules breaks this RC set-up.
I'm not an expert on these rules, so it is quite likely that I
misinterpreted the results.
[24/Oct/2011:11:17:39 +0200]
[webmail.example.com/sid#7f9bb5d47e08][rid#7f9bc55babd0][/][1] Access
denied with code 403 (phase 1). Match of "streq %{SESSION.IP_HASH}"
against "TX:ip_hash" required. [file
"/etc/apache2/modsec-crs/optional_rules/modsecurity_crs_16_session_hijacking.conf"]
[line "35"] [id "981059"] [msg "Warning - Sticky SessionID Data Changed
- IP Address Mismatch."]
[24/Oct/2011:11:23:16 +0200]
[webmail.example.com/sid#7f06a783b698][rid#7f06b58a10e0][/][1] Access
denied with code 403 (phase 1). Match of "streq %{SESSION.UA_HASH}"
against "TX:ua_hash" required. [file
"/etc/apache2/modsec-crs/optional_rules/modsecurity_crs_16_session_hijacking.conf"]
[line "38"] [id "981060"] [msg "Warning - Sticky SessionID Data Changed
- User-Agent Mismatch."]
Some rules in these hit as well:
Message: Warning. Match of "eq 1" against "&ARGS:CSRF_TOKEN" required.
[file
"/etc/apache2/modsec-crs/optional_rules/modsecurity_crs_43_csrf_protection.conf"]
[line "31"] [id "981143"] [msg "CSRF Attack Detected - Missing CSRF Token."]
Message: Warning. Match of "rx (?i:\\;? ?httponly;?)" against
"TX:sessionid" required. [file
"/etc/apache2/modsec-crs/optional_rules/modsecurity_crs_55_application_defects.conf"]
[line "71"] [id "981184"] [msg "AppDefect: Missing HttpOnly Cookie Flag."]
The other CRS and ASR rules seem fine so far...
Its possible that this is a apache misconfiguration by me.
Has anyone else used the modsecurity optional rule sets on Roundcube?
Best regards, S
--
Email simon AT klunky DOT co DOT uk
PGP is optional: 4BA78604
I won't accept your confidentiality
agreement, and your Emails are kept.
~Ö¿Ö~
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
I know there is this thread:
http://lists.roundcube.net/mail-archive/users/2011-09/0000042.html
And this ticket:
http://trac.roundcube.net/ticket/1488087
But is there news on how we might roll out 0.6 (upgrade from 0.5.1)
without being able to have users remove cookies?
Perhaps relatedly, we do want to change our 'des_key' but am unsure if
that is safe to do. Also 'session_domain' which we seem to have in
production as '' (NULL)
Should we just wait on 0.7 since 0.7-beta is the "milestone?"
We have a great testbench here and would be delighted to help however we
may. . .
Ben
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
Hi there,
This message popped up in the logs whilst attempting to send a message
with a file attachment of 3.1Mb.
Oct 21 16:06:09 xx71 roundcube: PHP Fatal error: Allowed memory size of
50331648 bytes exhausted (tried to allocate 8944333 bytes) in
/www/roundcube/program/include/iniset.php on line 107
However, the .htaccess has these settings:
php_value upload_max_filesize 4M
php_value post_max_size 6M
php_value memory_limit 48M
php_value max_execution_time 340
php_value max_input_time 320
The /etc/php5/apache2/php.ini heas these values:
upload_max_filesize = 7M
post_max_size = 25M
memory_limit = 48M
max_execution_time = 60
max_input_time = 60
Are these values set else where?
Best regards.
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
Hi Folks,
-I'm using roundcube 0.6 and PostfixAdmin, I've already set
"pfa settings" on main.inc.php and "pfa connection setting" on db.inc.php,
anyway it's doesn't work for me, I tried to set manually on
$ROUNDCUBE$/plugins/password/password.inc.php the details of connections
and chance the query from SELECT to UPDATE, but I'm still no success on it.
L Does Anyone know what is going wrong ?
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
Hello!
How can i create user, who can only view email messages? (not remove)
I doest have access to email server for server-side setup :(
sry for bad english. Thx!
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
Hi, i am looking for something like this plugin:
https://github.com/JohnDoh/Roundcube-Plugin-Global-Address-Book/
Is this plugin still valid on release 0.6? because i saw many changes in
the addressbook section and i would like to be sure that is still ok to
deploy it.
Thanks!
eduardo.
--- 8< --- detachments --- 8< ---
The following attachments have been detached and are available for viewing.
http://detached.gigo.com/rc/3F/6v7sJCh5/smime.p7s
Only click these links if you trust the sender, as well as this message.
--- 8< --- detachments --- 8< ---
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
roundcube: PHP Warning: tempnam(): open_basedir restriction in effect.
File() is not within the allowed path(s)
Even setting the root (/) directory in open_basedir it does not work,
the only way is to disable open_basedir.
Is it a known issue?
Niccolò
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
Dear Sirs:
Good aftenoon.
I have a Mail Server with Postfix, Courier, MySQL and Roundcube as Webmail.
I need some help, as I can´t make the Disk Space Bar include the Trash
folder in the total percentage, only adds Sent and Cur folders to show the
Free Space available.
Please, may someone tell me where do I have to configure this, I´ve been
trying to find an answer on the Web, but I couldn´t.
Thank you very much for your kind attention.
Best regards.
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e