Hi everyone,

I have a technical question regarding how replacement variables work in Roundcube's configuration.

I am trying to ensure that new users automatically get the correct domain in their identity. My IMAP server (Dovecot) correctly returns mail.example.com when running dovecot --hostdomain, so I expected that setting:

$config['mail_domain'] = '%z';

would allow Roundcube to extract "example.com". However, the result is an empty string (users see their email as user@ without a domain). I have verified that if I change the variable to %t, it works perfectly, but I would like to understand why %z is failing.

I suspect the issue lies in how my IMAP host is defined, as I include both the protocol and the port:

$config['imap_host'] = 'tls://mail.example.com:143';
My questions are:

• What exactly does %z check? Does it extract information directly from the imap_host string, or does it query the system/server?
• Does the tls:// prefix or the :143 port break the parsing logic for the %z variable?
• Is %t the recommended workaround in these cases, or is there a way to make %z ignore the protocol and port?

Thanks in advance for your help!

About: https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc2 - Migrate existing configs with either the installto.sh or the update.sh scripts.

For upgrading from 1.6.x to 1.7 via docker (https://hub.docker.com/r/roundcube/roundcubemail) image, just to be sure, does one also require to fire that update.sh script? (for example to update the database migration / fix?)

Thank you!

Typically it is a Wordfence or mod_security on the HTTP server. Logs should tell you that.

What does the Roundcube and web server error logs say?

Im sending mails with no problems, replying no problems, BUT when i reply to e-mail that has for exapmle pictures in signature i got "Failed to reach server" error


but when i delete this signature with images, tables and so on it goes through.
how do i fix it.


thnx

Hello RC Community,

I tried to join Kabyle translation team but I think that there is a bug on Transifex to show "Kabyle" language on the list to join the team.

Our actual Coordinator is no more active. Can you please send me a link to join the team.
Thanks !

My profile is : https://app.transifex.com/user/profile/butterflyoffire_temp/
Also available on Mastodon : https://mstdn.fr/@ButterflyOfFire

We just published the second release candidate for the next major version 1.7 of Roundcube webmail.

This release fixes two security issues and one syntax error in a database migration file for Postgres databases.

The changes are:

• Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike.
• Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev.
• Fix syntax error in DDL scripts for Postgres (#10052)

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don't forget to backup your data before installing it!

Source: https://roundcube.net/news/2025/12/15/roundcube-1.7-rc2-released
Get it Now: https://roundcube.net/download

We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported two security vulnerabilities.

Security fixes

• Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike.
• Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev.

See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.12 and 1.5.12.

We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions.

Source: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
Get it Now: https://roundcube.net/download

Quote from: Kaleb47 on December 05, 2025, 02:50:07 PMReally excited for the Abu Dhabi GP with Lando, Max and Oscar still in contention to win the world drivers' championship.

Max pushed Lando till the end but he came just short as McLaren finished the season on a high by winning both the Championships.

The development team is pleased to announce the release candidate for the next major version 1.7 of Roundcube webmail!

With this milestone we introduce a few breaking changes (see below) and some further improvements in comparison to 1.7-beta2.

Some noteworthy changes are:

    Add scope parameter to contact search (#9863)
    Add ability to chose from all available contact fields on CSV import (#9419)
    Add a new plugin called markdown_editor that provides an alternative editor to compose emails using Markdown syntax.
    Add rel='noopener' to all links opening in a new window to mitigate against misuse in older browsers.

Breaking Changes

    Remove contact_search_name option in favor of contactlist_name_template (#9832)
    Replace session attribute changed by expires_at (to allow for variable session lengths per-user in a future change).
    Password: Removed the (insecure) virtualmin driver (#8007)

For full details and download links please read the release notes.

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don't forget to backup your data before installing it!

Source: https://roundcube.net/news/2025/12/10/roundcube-1.7-rc-released
Get it Now: https://roundcube.net/download