I'm having an issue that I see some others have had, but nobody's solution has worked for me.
This is a fresh installation of Roundcube v1.2 on a new CentOS 7.2.1511 server. I'm using mod_security, but it's in log only mode. I'm not using Suhosin.
Strangely, when I tail the following logs, I see no record of the login attempt.
tail -n0 -f messages secure maillog httpd/access_log httpd/error_log /var/log/httpd/modsec_*.log /var/log/mariadb/mariadb.log
Any ideas?
I managed to work around this by using this extension: https://gist.github.com/huglester/0730e8b3835d039e1bb9.
It would seem that the CSRF functionality in RC does not work properly.