Moin,

roundcube has been working flawlessly on my computer for many years. I hadn't used it for a while now because I was using MUA on my laptop. In the meantime, there were a few updates on my server, including the upgrade from Debian 12 to 13.

Now Roundcube isn't working anymore. Error in /var/log/roundcube/errors.log:

Quote[26-Mar-2026 13:26:55 +0000]: <43a93627> DB Error: SQLSTATE[HY000] [1045] Access denied for user 'roundcube'@'localhost' (using password: NO) in /usr/share/roundcube/program/lib/Roundcube/rcube_db.php on line 202 (GET /roundcube/?_task=mail&_mbox=INBOX)

The settings in /etc/roundcube/debian-db.php are correct, however, the file has not been edited since 2022.

Installed:

root@boulder ~ # dpkg --list | grep roundcube
ii roundcube-core 1.6.13+dfsg-0+deb13u1 all skinnable AJAX based webmail solution for IMAP servers
ii roundcube-mysql 1.6.13+dfsg-0+deb13u1 all metapackage providing MySQL dependencies for RoundCube
ii roundcube-skin-classic 1.6.0+ds-3 all skinnable AJAX based webmail solution for IMAP servers - classic theme
ii roundcube-skin-larry 1.6.1+ds-3 all skinnable AJAX based webmail solution for IMAP servers - Larry theme

Any hint?

Quote from: alec on March 24, 2026, 02:41:44 AMhttps://github.com/roundcube/roundcubemail/issues/10121

O, many thanks!

This patch actually fixed the problem. I pointed AI to this link; It didn't know the solution until now.

The indication that the problem was in versions 1.6.12 and 1.6.13 is my mistake. The problem only appeared in 1.6.14, as far as I understand.

G'day for all!

After upgrading roundcube to 1.6.12 (1.6.13, 1.6.14, too) we can't do serching in folders in Russian (non ASCII symbols).

QuoteServer error: UID THREAD: Error in IMAP command UID THREAD: Missing LF after literal size (0.001 + 0.000 secs).

Search is only possible in English (ASCII). Where error from?

This is now solved. I was being affected by an already-reported roundcube bug

I fixed as suggested by the bug reporter by setting
mail_attachment_detection_options="" in dovecot.conf

The other largest attack vector I see is social engineering where emails are sent saying there are coming from "Roundcube". A simple and quick fix would be to change the name and logo shown to users so they are less likely to click on links claiming to be from Roundcube.

That fact that you referenced upgrading Ubuntu both breaking the Roundcube and fixing it, are you installing Roundcube from the Ubuntu package? If so I have seen that in the past they change the Roundcube config location so that maybe why you saw it not pickup your SMTP settings and why the skins disappeared if it overwrote them while updating the package.

OK.  I managed to restore the ability to send mail by performing another upgrade of Ubuntu from 20.04 to 22.04 (which moved PHP for 8.1).  So, I can log in, check mail and all those things.

But I can no longer choose to use one of the skins I bought from RoundCube+.  I suspect that I will need to remove what I have and then follow their install instructions again.  Hopefully that will set things straight.  But this is no longer a question for this forum.

Thanks for trying to help (and accusing me of lying about my config -- that's a new one.)

I'm curious where roundcube is getting the host name it is using in the EHLO message.  That domain name only appears in the xskin/config.inc.php file where local assets are use for some skin features.  Why is roundcube not using the smtp_host name from roundcube/config/config.inc.php?  Is there some other place where this type of setting might be stored that I have not found?  If so, there might be other settings overriding that are causing my problems.

I should also mention that roundcube v1.3.x was working just fine (and successfully logging in to send mail) for over SIX YEARS.  However, after updating the system from Ubuntu 18.04 to 20.04, roundcube no longer connects.

One of my users also discovered that his email client was only using TLS 1.0 and we needed to make a configuration change for him so that his mail client would support TLS v1.2, which is now required.  Is there any chance something like that is biting me here?

That's no the problem. AUTH capabilities should get listed after establishing a secure connection, but for some reason Roundcube does not use STARTTLS command. I'm not sure why when smtp_host has tls:// prefix. Lack of php-ssl module? Or you don't tell us truth.