Roundcube Community Forum

 

[RESOLVED] Weird problem with mails

Started by maks, September 11, 2024, 04:46:14 AM

Previous topic - Next topic

maks

Hi guys,
I have really weird problem with RC 1.6.8-1 on ArchLinux machine. I try to build mail server. Right now I have dovecot installed and configured correctly. My users are store in LDAP and I'm able to login - everything is ok. I can read my emails via Thinderbird without a problem.

When I log into my account via Roundcube, I don't see any emails even though RC shows me the correct folder size and number of emails.
My config.inc.php

<?php

/*
+-----------------------------------------------------------------------+
| Local configuration for the Roundcube Webmail installation.          |
|                                                                      |
| This is a sample configuration file only containing the minimum      |
| setup required for a functional installation. Copy more options      |
| from defaults.inc.php to this file to override the defaults.          |
|                                                                      |
| This file is part of the Roundcube Webmail client                    |
| Copyright (C) The Roundcube Dev Team                                  |
|                                                                      |
| Licensed under the GNU General Public License version 3 or            |
| any later version with exceptions for skins & plugins.                |
| See the README file for a full license statement.                    |
+-----------------------------------------------------------------------+
*/

$config = [];

// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
//      or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
$config['db_dsnw'] = 'mysql://roundcube:Passw0rd@localhost/roundcubemail';;

// IMAP host chosen to perform the log-in.
// See defaults.inc.php for the option description.
$config['imap_host'] = 'ssl://myhost:993&#39;;
// 'tls://localhost:143&#39;

$config['imap_auth_type'] = 'LOGIN';

$config['imap_conn_options'] = array(
  'ssl' => array(
    'verify_peer' => false,
    'verify_peer_name' => false,
  ),
);

// $config['default_folders'] = array('INBOX', 'Inbox.Drafts', 'Inbox.Sent', 'Inbox.spam', 'Inbox.Trash');
// $config['default_folders'] = array('INBOX');
// SMTP server host (for sending mails).
// See defaults.inc.php for the option description.
$config['smtp_host'] = 'tls://myhost:587&#39;;

// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';

// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';

// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = 'My new, shiny Roundcube';

// This key is used to encrypt the users imap password which is stored
// in the session record. For the default cipher method it must be
// exactly 24 characters long.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = '4amAY/YSU7IbkGu+B7XpQJv8MLTtqAeY';

$config['enable_caching'] = false;
$config['message_sort_limit'] = 5000;


// List of active plugins (in plugins/ directory)
$config['plugins'] = [
        'archive',
        'zipdownload',
//      'contextmenu',
//      'globaladdressbook',
//      'swipe',
//      'advanced_search',
//      'removeattachments',
//      'identity_from_directory',
        'password'
];

// skin name: folder from skins/
// $config['skin'] = 'elastic';
$config['mime_types'] = RCUBE_INSTALL_PATH . 'config/mime.types';
$config['imap_debug'] = true;
$config['smtp_debug'] = true;
$config['imap_log_session'] = true;
$config['sql_debug'] = true;
$config['debug_level'] = 5;

$config['log_driver'] = 'file';
$config['log_dir'] = '/var/log/roundcubemail/';
$config['log_file'] = 'all_logs.txt';


$config['enable_installer'] = false;
$config['enable_caching'] = true;
$config['imap_timeout'] = 30;
$config['imap_force_lsub'] = true;
$config['imap_force_ns'] = true;
$config['imap_log_session'] = true;
$config['imap_debug'] = true;
$config['message_sort_col'] = 'date';
$config['message_sort_order'] = 'DESC';

And I stuck here - why RC do not want to show me my emails?

Thanks for help.

JohnDoh

i see you have already enabled `imap_debug`. That log is probably the first place to look for answer. You should see a `UID FETCH` request when you try and list messages.

BTW in your config file you have both "$config['enable_caching'] = false;" and "$config['enable_caching'] = true;" and `enable_caching` is not a Roundcube config option. If you are trying to enable IMAP caching then leave it disabled while you are investigating the listing issue.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more...

maks

#2
I think I found it. The source of my problem was the nginx configuration. I try to hardening nginx against CSP and X-XSS-Protection with this directive:
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
inside my /etc/nginx/modules/headers.conf
When I commented out this line RC is working fine.
My headers.conf file:
Quote# security headers

add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

# . files
location ~ /\.(?!well-known) {
    deny all;
}
How can I modify Content-Security-Policy to be more secure? Is it ok to add just unsafe-eval like this?
Quote# security headers

add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

# . files
location ~ /\.(?!well-known) {
    deny all;
}