We're proud to announce that the beta release of the next major version 1.2 of Roundcube webmail is out now for download and testing. With this milestone we introduce new features primarily focusing on security and PGP encryption:
And of course plenty of small improvements and bug fixes.
The PGP encryption support in Roundcube comes with two options:
The integration of this browser plugin [1] for Firefox and Chrome comes out of the box in Roundcube 1.2 and is enabled if the Mailvelope API is detected in a user's browser. See the Mailvelope documentation [2] how to enable it for your site.
Read more about the Mailvelope integration and how this looks like in Alec's blog [3].
This Roundcube plugin adds server-side PGP encryption features to Roundcube. Enabling this means that users need to fully trust the webmail server as encryption is done on the server GnuPG and private keys are also stored there.
In order to activate server-side PGP encryption for all your users, the 'enigma' plugin, which is shipped with this package, has to be enabled in the Roundcube config. See the plugin's README for details.
Also read Alec's blogpost about the Enigma plugin and how it works [4].
Both encryption features are pretty new and not yet perfectly documented. We'd much appreciate your feedback and your contribution to the end-user documentation [5] or our wiki page [6].
IMPORTANT: with this version, we finally deprecate some old Roundcube library functions [7]. Plugin developers, please test your plugins thoroughly and look for deprecation warnings in the logs. These function will be removed in the final 1.2.0 release and can therefore render plugins dysfunctional.
See the full changelog on trac.roundcube.net [8] and download the new packages from https://roundcube.net/download
Please note that this is a beta release and we recommend to test it on a separate environment. And don't forget to backup your data before installing it!
Enjoy and please share your experience either through our mailing lists or as comments in the blog posts mentioned above.
Kind regards, Thomas
[1] https://www.mailvelope.com [2] https://www.mailvelope.com/en/help#watchlist [3] https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encrypt... [4] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/ [5] http://trac.roundcube.net/wiki/Online_Help [6] http://trac.roundcube.net/wiki/Dev_Encryption [7] https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.ph... [8] http://trac.roundcube.net/wiki/Changelog
Awesome features Thomas and Alec,one thing though, may I suggest that for enigma key storage, it be an option to store in a DB rather than on file system, since a fair few of us I imagine keep everything to do with users in MySQL/MariaDB.
just a though for future...
Cheers
On 24/11/2015 02:15, Thomas Bruederli wrote:
We're proud to announce that the beta release of the next major version 1.2 of Roundcube webmail is out now for download and testing. With this milestone we introduce new features primarily focusing on security and PGP encryption:
- PHP7 compatibility
- PGP encryption
- Drag-n-drop attachments from mail preview to compose window
- Mail messages searching with predefined date interval
- Improved security measures to protect from brute-force attacks
And of course plenty of small improvements and bug fixes.
The PGP encryption support in Roundcube comes with two options:
Mailvelope
The integration of this browser plugin [1] for Firefox and Chrome comes out of the box in Roundcube 1.2 and is enabled if the Mailvelope API is detected in a user's browser. See the Mailvelope documentation [2] how to enable it for your site.
Read more about the Mailvelope integration and how this looks like in Alec's blog [3].
Enigma plugin
This Roundcube plugin adds server-side PGP encryption features to Roundcube. Enabling this means that users need to fully trust the webmail server as encryption is done on the server GnuPG and private keys are also stored there.
In order to activate server-side PGP encryption for all your users, the 'enigma' plugin, which is shipped with this package, has to be enabled in the Roundcube config. See the plugin's README for details.
Also read Alec's blogpost about the Enigma plugin and how it works [4].
Both encryption features are pretty new and not yet perfectly documented. We'd much appreciate your feedback and your contribution to the end-user documentation [5] or our wiki page [6].
IMPORTANT: with this version, we finally deprecate some old Roundcube library functions [7]. Plugin developers, please test your plugins thoroughly and look for deprecation warnings in the logs. These function will be removed in the final 1.2.0 release and can therefore render plugins dysfunctional.
See the full changelog on trac.roundcube.net [8] and download the new packages from https://roundcube.net/download
Please note that this is a beta release and we recommend to test it on a separate environment. And don't forget to backup your data before installing it!
Enjoy and please share your experience either through our mailing lists or as comments in the blog posts mentioned above.
Kind regards, Thomas
[1] https://www.mailvelope.com [2] https://www.mailvelope.com/en/help#watchlist [3] https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encrypt... [4] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/ [5] http://trac.roundcube.net/wiki/Online_Help [6] http://trac.roundcube.net/wiki/Dev_Encryption [7] https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.ph... [8] http://trac.roundcube.net/wiki/Changelog _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
On 11/24/2015 08:18 AM, Noel Butler wrote:
Awesome features Thomas and Alec,one thing though, may I suggest that for enigma key storage, it be an option to store in a DB rather than on file system, since a fair few of us I imagine keep everything to do with users in MySQL/MariaDB.
As I know GnuPG does not talk SQL. So, we need keys in the filesystem anyway. However, I agree that using (redundant) SQL storage may be needed e.g. for multi-server installations.
On 24/11/2015 17:34, A.L.E.C wrote:
On 11/24/2015 08:18 AM, Noel Butler wrote:
Awesome features Thomas and Alec,one thing though, may I suggest that for enigma key storage, it be an option to store in a DB rather than on file system, since a fair few of us I imagine keep everything to do with users in MySQL/MariaDB.
As I know GnuPG does not talk SQL. So, we need keys in the filesystem anyway. However, I agree that using (redundant) SQL storage may be needed e.g. for multi-server installations.
yes! this is why I suggest a "fair few of us use mysql" etc :)
not an easy solution, though since we use NFS, it may be easier than I first thought, so long as there is a way to link keys-on-fs to each user so that should user X delete their email, it deletes their keys as well (which is simple in sql), I will play around with this on our dev server this week if I can hopefully before holidays
On 11/24/2015 12:00 PM, Noel Butler wrote:
not an easy solution, though since we use NFS, it may be easier than I first thought, so long as there is a way to link keys-on-fs to each user so that should user X delete their email, it deletes their keys as well (which is simple in sql)
As we have bin/deluser.sh script, enigma plugin should just do the cleanup on user_delete_commit hook. There's no other automation for user deletes in Roundcube.
On 24/11/2015 21:22, A.L.E.C wrote:
On 11/24/2015 12:00 PM, Noel Butler wrote:
not an easy solution, though since we use NFS, it may be easier than I first thought, so long as there is a way to link keys-on-fs to each user so that should user X delete their email, it deletes their keys as well (which is simple in sql)
As we have bin/deluser.sh script, enigma plugin should just do the cleanup on user_delete_commit hook. There's no other automation for user deletes in Roundcube.
No, but in CRM software that does all the commanding (add/del/suspend/mod user/alias etc etc etc) it is critical, if it sends a deluser, it just backs up all relative user rows in the databases for Rc and the plugins like addressbook and so on, then deletes the rows, then it goes off and does physical delete of that users vmail directory (unless its a users primary a/c which can only be deleted by close-customers it also backs up their mail), so, so long as there can be some reference to match it up, our other physical cleanup scripts (written in perl) cleans up whats left behind - but needs a way to know what it should cleanup.
I'll look at it more when I throw it on the dev box, hopefully before holidays.