====== Web интерфейс к почте ======
===== Web интерфейс к протоколу imap4 =====
==== Roundcube ====
* [[https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php|roundcubemail/config/defaults.inc.php]]
* [[https://unix.stackexchange.com/questions/108611/how-to-set-the-default-domain-for-a-new-roundcube-webmail-user|How to set the default domain for a new Roundcube webmail user?]]
=== Базовая конфигурация ===
* [[Сервис MySQL]]
* [[Сервис MTA#Настройка MTA на релеинг почты на основе аутентификации]]
# apt install roundcube
# cat /var/lib/roundcube/config/config.inc.php
...
$config['default_host'] = 'localhost';
$rcmail_config['mail_domain'] = 'corpX.un';
...
//https://treeone.ru/roundcube-smtp-error-code-1-connection-failed-after-upgrade-debian/
//or add port 587 to mta
$config['smtp_server'] = 'localhost:25';
...
# cat /etc/apache2/conf-enabled/roundcube.conf
...
Alias /mail /var/lib/roundcube
...
=== Roundcube LDAP Addressbook ===
* [[http://www.productionmonkeys.net/guides/qmail-server/addons/ldap-addressbook/roundcube-ldap-addressbook|Roundcube LDAP Addressbook]]
# apt install php-net-ldap3
# cat /var/lib/roundcube/config/config.inc.php
...
$config['ldap_public']['ldap'] = array(
'name' => 'Global Addresses',
'hosts' => array('server.corpX.un'),
// 'hosts' => array('server2.corpX.un'),
'port' => 389,
'use_tls' => false,
'ldap_version' => 3, // using LDAPv3
'network_timeout' => 10, // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x
'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
// 'base_dn' => 'ou=People,dc=corpX,dc=un',
'base_dn' => 'cn=Users,dc=corpX,dc=un',
// 'base_dn' => 'dc=corpX,dc=un',
'bind_dn' => 'cn=Administrator,cn=Users,dc=corpX,dc=un',
'bind_pass' => 'Pa$$w0rd',
'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))'
'fieldmap' => array(
// Roundcube => LDAP:limit
'name' => 'cn',
'surname' => 'sn',
'firstname' => 'givenName',
'jobtitle' => 'title',
'email' => 'mail:*',
'phone:home' => 'homePhone',
'phone:work' => 'telephoneNumber',
'phone:mobile' => 'mobile',
'phone:pager' => 'pager',
'phone:workfax' => 'facsimileTelephoneNumber',
'street' => 'street',
'zipcode' => 'postalCode',
'region' => 'st',
'locality' => 'l',
// if you country is a complex object, you need to configure 'sub_fields' below
'country' => 'c',
'organization' => 'o',
'department' => 'ou',
'jobtitle' => 'title',
'notes' => 'description',
'photo' => 'jpegPhoto',
// these currently don't work:
// 'manager' => 'manager',
// 'assistant' => 'secretary',
),
'sort' => 'cn', // The field to sort the listing by.
'scope' => 'sub', // search mode: sub|base|list
'filter' => '(mail=*)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
'fuzzy_search' => true, // server allows wildcard search
'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
'vlv_search' => false, // Use Virtual List View functions for autocompletion searches (if server supports it)
'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
'config_root_dn' => 'cn=config', // Root DN to search config entries (e.g. vlv indexes)
'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
'referrals' => false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
'dereference' => 0, // Sets the LDAP_OPT_DEREF option. One of: LDAP_DEREF_NEVER, LDAP_DEREF_SEARCHING, LDAP_DEREF_FINDING, LDAP_DEREF_ALWAYS
// Used where addressbook contains aliases to objects elsewhere in the LDAP tree.
);
# service apache2 restart
=== OpenID аутентификация ===
* [[https://goauthentik.io/integrations/services/roundcube/|This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account]]
* [[https://github-wiki-see.page/m/roundcube/roundcubemail/wiki/Configuration:-OAuth2|Configuration: OAuth2 - roundcube/roundcubemail Wiki]]
* [[https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2|Configuration: OAuth2]]
* [[https://www.roundcubeforum.net/index.php?topic=29984.0|[SOLVED] Keycloak and Roundcube problem]]
debian12# cat /var/lib/roundcube/config/config.inc.php
...
$config['oauth_provider'] = 'generic';
$config['oauth_provider_name'] = 'Keycloak corp13';
$config['oauth_client_id'] = "any-client";
$config['oauth_client_secret'] = "anystring";
$config['oauth_auth_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/auth";
$config['oauth_token_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token";
$config['oauth_identity_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo";
$config['oauth_verify_peer'] = false;
$config['oauth_scope'] = "email profile openid";
$config['oauth_auth_parameters'] = [];
$config['oauth_identity_fields'] = ['preferred_username'];
$config['oauth_login_redirect'] = false;
$config['login_password_maxlen'] = 4096;
debian12# cat /usr/share/roundcube/program/include/rcmail_oauth.php
...
//$oauth_token_uri = $this->options['token_uri'];
//$oauth_client_id = $this->options['client_id'];
//$oauth_client_secret = $this->options['client_secret'];
//$oauth_identity_uri = $this->options['identity_uri'];
$oauth_token_uri = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token";
$oauth_client_id = "any-client";
$oauth_client_secret = "anystring";
$oauth_identity_uri = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo";
...
* Сервер dovecot [[Сервер dovecot#OAuth аутентификация]]
===== Дополнительные материалы =====
==== squirrelmail ====
* [[http://squirrelmail.org/docs/devel/devel-3.html|Internationalization]]
* Сервис HTTP, управление модулями http сервера ([[Сервис HTTP#Модуль php]])
=== FreeBSD ===
[server:~] # pkg install squirrelmail
[server:~] # cd /usr/local/www/squirrelmail && ./configure
"2. Server Settings" -> "1. Domain" -> corpX.un
"3. Folder Defaults"
"10. Languages" -> "1. Default Language" -> ru_UA
[server:~] # cat /usr/local/etc/apache2?/httpd.conf
...
Alias /mail /usr/local/www/squirrelmail
Require all granted
...
=== Debian/Ubuntu ===
* [[Локализация окружения]]
root@server:~# apt install squirrelmail
root@server:~# /usr/sbin/squirrelmail-configure
"2. Server Settings" -> "1. Domain" -> corpX.un
"3. Folder Defaults"
"10. Languages" -> "1. Default Language" -> ru_RU
root@server:~# cat /etc/apache2/sites-available/*default.conf
...
Alias /mail /usr/share/squirrelmail
...
==== Web интерфейс к почтовым ящикам формата mbox и к протоколу pop3 (пакет openwebmail) ====
=== FreeBSD ===
# cd /usr/ports/mail/openwebmail
# make install clean
=== Ubuntu ===
# wget http://openwebmail.org/openwebmail/download/debian/owm2.53-2.deb
# dpkg -i owm2.53-2.deb
# apt-get install openwebmail
# apt-get -f install
Проверка:
http://server.corpX.un/cgi-bin/openwebmail/openwebmail.pl