Kyle Francis | 26 Jun 01:47 2016

[RCD] Enigma decryption password prompt

I hit a road block and I've kind of been putting off finishing up the SMIME support because of it.  I originally didn't have a password protected private keys for testing purposes, but have now added that.  Prior to that signing and decrypting worked just fine.  Now with the password, I can get Enigma to prompt for the password if it's not cached for signing outgoing (in the compose task) but I'm not able to figure out how to get it to prompt for the password from the inbox task when attempting to decrypt a message.  If the password is cached the message decrypts perfectly. 

I tried looking at how this is handled for PGP encrypted messages but everything I've tried hasn't worked.  Any pointers at all would be appreciated. 

My repo is at in the SMIME branch.

Thanks in advance.


Roundcube Development discussion mailing list
dev <at>
Olivier Thauvin | 20 Jun 16:26 2016

[RCD] Patch for french translation


There is a small but very anoying typo in the french translation.

In a nutshell the current translation is:

on = No
off = Yes.

I did a patch few month ago, can please apply it to definitivly solve this



Olivier Thauvin
♖ ♘ ♗ ♕ ♔ ♗ ♘ ♖
commit 6f87c428f99d9388a9d0f828b4622beed45d7f1a
Author: Olivier Thauvin <olivier.thauvin <at>>
Date:   Fri Mar 27 13:48:18 2015 +0100

    Fix french translation (reverse on/off)

diff --git a/plugins/managesieve/localization/ b/plugins/managesieve/localization/
index a0a38b0..51cc299 100644
--- a/plugins/managesieve/localization/
+++ b/plugins/managesieve/localization/
 <at>  <at>  -168,8 +168,8  <at>  <at>  $labels['vacation.body'] = 'Corps';
 $labels['vacation.start'] = 'Début de vacances';
 $labels['vacation.end'] = 'Fin de vacances';
 $labels['vacation.status'] = 'État';
-$labels['vacation.on'] = 'Arrêt';
-$labels[''] = 'Marche';
+$labels['vacation.on'] = 'Marche';
+$labels[''] = 'Arrêt';
 $labels['vacation.addresses'] = 'Mes adresses supplémentaires';
 $labels['vacation.interval'] = 'Plage de réponse';
 $labels['vacation.after'] = 'Mettre en place la règle de vacances après';
Roundcube Development discussion mailing list
dev <at>
Alex H. | 14 Jun 20:50 2016

[RCD] Security issue in​


I just subscribed to tell you this issue I stumbled upon.

In​ [1] there is this line for generating the des
key and then putting it in the config. The way it is made, the key might
contain characters which break the sed expression putting the key in the
config file, so that the configured key is broken:

The line generating the key:

deskey=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9-_#&!*%?' | fold -w 24 |
head -n 1)

Taking a look on this example key:


It can contain a '&', which will break the sed expression:

sed -i "s|^\(\$config\['des_key'\] =\).*$|\1 \'${deskey}\';|"

so that the example key will bring this result in the config:

$config['des_key'] = '2S0?w1*6GXrxFSah!%$config['des_key'] =

instead of:

$config['des_key'] = '2S0?w1*6GXrxFSah!%&xjnaq';

Some info about my environment:

# cat /etc/centos-release
CentOS release 6.8 (Final)

# sed --version
GNU sed version 4.2.1

Best regards,
Alex H.

Roundcube Development discussion mailing list
dev <at>
A.L.E.C | 10 Jun 12:42 2016

[RCD] [1.3] Modify search box

This one is not so significant, but there is a couple of options.


Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        []
Roundcube Webmail Developer  []
PGP: 19359DC1  <at>  <at>  GG: 2275252  <at>  <at>  WWW:
Roundcube Development discussion mailing list
dev <at>

A.L.E.C | 10 Jun 12:39 2016

[RCD] [1.3] Drop legacy browser support

Hi! there's a couple of things that should be discussed/voted for
Roundcube 1.3.

So, please put your comment here or in the ticket in case you are
against the proposed changes.

This is about dropping IE7, IE8, and maybe IE9 support, including
removal of legacy_browser plugin.


Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        []
Roundcube Webmail Developer  []
PGP: 19359DC1  <at>  <at>  GG: 2275252  <at>  <at>  WWW:
Roundcube Development discussion mailing list
dev <at>

A.L.E.C | 10 Jun 12:37 2016

[RCD] [1.3] Addressbook -> Contacts

Hi! there's a couple of things that should be discussed/voted for
Roundcube 1.3.

So, please put your comment here or in the ticket in case you against
the proposed changes.


Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        []
Roundcube Webmail Developer  []
PGP: 19359DC1  <at>  <at>  GG: 2275252  <at>  <at>  WWW:
Roundcube Development discussion mailing list
dev <at>

Michael Heydekamp | 8 Jun 02:07 2016

[RCD] Searching for messages...

...still seems to be quite a strange thing in Roundcube.

Just did a search for the term "Ibiza" in the subject:

1) First of all, some messages even when searching in just one specific
   folder are not found at all. Although the subject clearly contains this
   string, a message with the subject
   "Auftragsbestätigung Düsseldorf-Valencia-Ibiza 12JUN16"
   is not being found. Looking at the source of the message, it becomes
   quite clear, why:

   > Subject:
   >  =?UTF-8?Q?a_12JUN16?=

   See...? The subject is folded right before the last character of "Ibiza",
   and the search routine apparently doesn't unfold such headers. Not good.

2) OTOH, a search for the same string "Ibiza" across ALL folders does find
   messages which do not contain this string in the subject at all and
   therefore shouldn't be found:

   "Re: Anfrage Mexiko-Miami 02DEC16 und Montréal-New York 10DEC16"
   "Re: IBZ - Vigo"
   "✈ Aktuelle Flugzeugverfügbarkeiten"
   "Re: EMPTY LEG C650 (CITATION III ) Availability"
   "Re: ZRH - DUS"

   Just a few examples of HUNDREDS of (wrong) matches. What's the search
   routine looking for? Apparently not only for "Ibiza", but for what else?

   Indeed, those messages DO contain the string "Ibiza" in the body, but
   I didn't ask for a search in the subject AND the body.

I still may have more issues with regards to searching messages which I did
report last year already, but that should be it for today.

Searching for messages is quite critical for me, as I'm using Roundcube not
(only) for private purposes - as you may see above.


Michael Heydekamp
Roundcube Development discussion mailing list
dev <at>
Thomas Bruederli | 22 May 20:30 2016

[RCD] Roundcube Webmail 1.2.0 released

Dear subscribers

Today we proudly announce the stable version 1.2.0 of Roundcube
Webmail which is now available for download. It introduces new
features since version 1.1 covering security and PGP encryption

- PHP7 compatibility
- PGP encryption
- Drag-n-drop attachments from mail preview to compose window
- Mail messages searching with pre-defined date interval
- Improved security measures to protect from brute-force attacks

And of course plenty of small improvements and bug fixes.

There wasn't much feedback on the 1.2-beta version and the release
candidate which we consider a good sign. Some cleanup and
stabilization of the Enigma plugin just happened for the now stable

As already announced with the 1.2-beta release [1], PGP encryption
comes in two flavors: client-side using the Mailvelope browser
extension and server-side with the Enigma plugin using GnuPG on the

Support with the Mailvelope browser plugin comes out of the box and is
automatically enabled if the Mailvelope API is detected in a user’s
browser. The Mailvelope documentation [2] explains how to enable it
for your site.

The features of the Enigma plugin, which comes with the release
package and simply needs to be activated for your Roundcube
installation are explained in Alec's blog post [3].

With the release of Roundcube 1.2.0, the previous stable release
branches 1.0.x and 1.1.x will switch in to LTS low maintenance mode
which means they will only receive important security updates but no
longer any regular improvements from upstream.

See the complete Changelog in our wiki [4] and download the new
packages from

Roundcube 1.2.0 is considered stable and we recommend to update all
productive installations of Roundcube. As usual, don’t forget to
backup your data before updating ;-)


Roundcube Development discussion mailing list
dev <at>
Kyle Francis | 19 May 01:31 2016

[RCD] Enigma S/MIME support

So I'm trying to wrap up implementing S/MIME support in the Enigma plugin. I've got cert import (from .p12) implemented, as well as verifying and decrypting working. Certs show up in the Settings menu as well with basic info.

For signing and encrypting openssl_pkcs7_sign/encrypt return fully encoded text files that are ready to be sent by a mail agent, whereas the message_ready hook is looking for a Mail_mime object. 

What would be the recommended course, either parse the file to create a Mail_mime object, or would there be a way to pass along the fully mail agent ready text from opening_pkcs7?


Roundcube Development discussion mailing list
dev <at>
Zhang Huangbin | 27 Apr 02:12 2016

[RCD] Please restore upgrade tutorial

Dear developers,

Could you please help restore the Roundcube upgrade tutorial? Old link is:

But i cannot find it in github repo. It's very important to sysadmins who need to upgrade. Thanks.

Zhang Huangbin, founder of iRedMail project:
Time zone: GMT+8 (China/Beijing).

Roundcube Development discussion mailing list
dev <at>

Brendan | 25 Apr 20:00 2016

[RCD] bug: html spellcheck on send

in roundcube-1.1.4 (and almost certainly other versions), we have
noticed the following behavior (using the enchant spell engine):

if you have a link (ie, {a href=""}Happy{/a} - brackets
changed so no one's email client interprets them as a link) in an html
email, the behavior of using the spellcheck button is different than
when you go to send the email (and are configured to check spelling upon

with the spellcheck button the client only passes the plain text through
to the spellcheck engine, ie:


when sending, the client sends the full html and before being passed to
the spellcheck engine it gets converted into text email content, ie:

Happy [1]


the enchant spell engine then throws errors on "http" and "",
both of which it really ought to be ignoring.

i see two different solutions:

1) in program/lib/Roundcube/rcube_spellchecker.php function check(),
  $this->content = $this->html2text($text);
  $this->content = strip_tags($text);

2) in program/lib/Roundcube/rcube_spellchecker_enchant.php (and
rcube_spellchecker_pspell.php, etc) function check(), add in a regex to
strip out lines matching /^\[\d+\] http:\/\/.*/ prior to tokenizing the

#1 seems cleaner, but i'm not sure if there is a reason we need to use
html2text there. does anyone from kolab have any input on the preferred
way to deal with this?
Roundcube Development discussion mailing list
dev <at>