Zhang Huangbin | 14 Sep 11:48 2014

[RCD] Possible bug in Roundcube password plugin: cannot generate correct bcrypt hash

Dear developers,

I'm running Roundcubemail-1.0.2 on OpenBSD 5.5, i tried to generate bcrypt password hash with
ldap_simple password driver, it generates password hash with prefix '{crypt}$2a$' which identities
it's a blowfish/bcrypt hash, but Dovecot cannot verify it.

Dovecot works fine if i generated password hash with Dovecot command 'doveadm pw -s BLF-CRYPT' or Python
bcrypt module. So i think there might be something wrong in Roundcube password driver. Could you help
inspect it?

Thank you very much.

Roundcube Development discussion mailing list
dev <at> lists.roundcube.net

Dima Dorfman | 3 Sep 12:05 2014

[RCD] [PATCH] password plugin driver for ldappasswd(1)


I wrote a backend for the password plugin that uses OpenLDAP's
ldappasswd(1). My motivation for this was to remove the requirement to
retrieve the user's full LDAP record, which our policy does not allow,
but this method is also easier to configure, obviates the need for php
to be able to produce the password hash, and supports a more complete
range of password storage and authentication options (e.g. SASL binds)

In particular, this might satisfy New Feature Request #1486349:
password plugin: using LDAP EXOP for changing passwords (RFC3062)

From the comments:

* Advantages of this method:
*  - No extra configuration if OpenLDAP/ldappasswd are already configured
*  - Indifferent to password storage (attribute) and hashing details
*  - Future-proof: supports everything ldappasswd(1) can do now, and later
*  - TLS/SSF verification is done by OpenLDAP according to system settings
*  - Uses PASSMOD extended operation; no need to retrieve full user record

Please review. If possible, I would like to see this in the main tree so
I don't have to maintain it locally

Patch attached



(Continue reading)

Michael Heydekamp | 28 Aug 20:37 2014

[RCD] Login to git-master not working

Any idea why we can't login to git-master anymore...? After login, I'm
seeing ... nothing. RC attempts to load the page ****/?_task=login rather
than ****/?_task=mail (which would be the correct one).

We reverted back to the stage of Aug 26th, and everything is working again.

Win7/64, FF 27.0.1.


Michael Heydekamp
Co-Admin freexp.de
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
Robert Bilbrey | 28 Aug 18:58 2014

[RCD] Feature Request

To be able to store PGP keys in the roundmail client,encrypt and
decrypt messages automatically.
Thanks, Bob

Robert Bilbrey, CISSP,PMP

If you wish to send me a private email,Please use the following key:
Version: GnuPG v1

(Continue reading)

Admin DC | 22 Aug 02:37 2014

[RCD] Error on Moving/Copying messages from INBOX to nested folders within INBOX; works from INBOX to other Top_Level folders


I first tried posting this with my gmail and didn't see it showing up on 
the archive. So I wanted to make sure this went through so I used a 
non-free email domain.

If I created a duplicate thread I apologize.

Now on to the issue at hand.

We just oddly started experiencing this issue. We've spent quite a bit 
of time troubleshooting with logging increased on both our IMAP servers 
(Debian Wheezy 7.6 64bit with dovecot vers 2.1.7-7+deb7u1 )

I am absolutely able to reproduce this on numerous accts, even with 
logging up to 8 we do not see any "ERROR" or any reason why the copy and 
expunge would fail.

Our production copy of webmail was older (0.9-rc), so I suspected 
possibly it was a bug or something wrong with that version, so we 
created a "ourwebmail-new.foo.com" domain and do an inplace upgrade on 
our database (to preserve our address book and other client info), with 
no issues on upgrade to v 1.0.2

Currently we have been diffing a successful copy/move and an 
unsuccessful copy/move and just cant figure out what's going on

To sum up:

(Continue reading)

Thomas Bruederli | 20 Aug 09:14 2014

[RCD] Message compose Zen mode

Hello folks

We have a pending ticket [1] for the upcoming Roundcube 1.1 release
which asks for more space when composing messages. My proposition was
to add a Zen mode as some of you might know from github. I have now
implemented this in a separate branch 'dev-zenmode' in the Roundcube
git repository and I'd like to hear your comments on this. So if you
have a git checkout somewhere, please quickly switch to the
'dev-zenmode' branch and have a look.


[1] http://trac.roundcube.net/ticket/1489198
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net

Cor Bosman | 17 Aug 16:47 2014

[RCD] searching

Hey all, im playing with searching and an FTS enabled mail server (dovecot) with 1.2 million emails. This
works very well. But i wish there was a way to allow the full power of imap searching in roundcube. Roundcube
only seems to allow a very limited set.

For instance, in dovecot I can do:   SEARCH FROM COR TO ROUNDCUBE BODY FOOBAR 

This will give me all emails matching From:*cor* , To:*roundcube* where anywhere in the body it says
foobar. And with FTS lucene engine this is fast :)

Would it be an idea to allow the keyword raw, so you could say in the roundcube search box:  raw:FROM COR TO
ROUNDCUBE BODY FOOBAR  , which passes that search string unaltered to the backend imap server?


Roundcube Development discussion mailing list
dev <at> lists.roundcube.net

Cor Bosman | 15 Aug 11:33 2014

[RCD] prefs hostname revisited

Hey all, every so often we have this discussion about the hostname in the preferences db. It is quite a hassle
for us to have the imap hostname be part of the preferences. For instance, we allow some customer service
people to impersonate customers, and only 1 specific imap server allows impersonation, which is only
accessible through internal networks. But then we cant have these customer service people actually
interact with settings..

I went into the code a bit, and maybe this is a workable solution. There seems to be only 2 times when the
hostname is used to interact with the db. One in rcube_user::query(), and one in rcube_user::create().

Interestingly, create() has a plugin hook, which allows you to modify the hostname. But query() does not.

The code that calls query() is in rcmail.php.

>         $host     = rcube_utils::idn_to_ascii($host);
>         $username = rcube_utils::idn_to_ascii($username);
>         // user already registered -> overwrite username
>         if ($user = rcube_user::query($username, $host)) {
>             $username = $user->data['username'];
>         }

What if we add a plugin hook there (or actually in query()), so you can modify the created hostname during
login? That way, this can all be done using plugins and people that want to can set a static hostname for preferences.


Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
(Continue reading)

Rosali | 15 Aug 07:50 2014

Re: [RCD] Plugin API register task

Am 2014-08-14 18:28, schrieb Thomas Bruederli:
> On Thu, Aug 14, 2014 at 3:52 PM, Rosali <myroundcube <at> mail4us.net> 
> wrote:
>> Hello Devs,
>> I don't understand how I should handle $this->register_task.
>> I have noticed if a plugin is running on its own task then it behaves
>> strange.
>> I think it is best to give an example:
>> [...]
>> So, what am I doing wrong? How do I have to register the action in a 
>> plugin
>> so that they are properly recognized while staying on a task which is
>> registered/owned by another plugin?
> I guess looking at the request dispatching routine [1] clarifies the
> situation. First it checks is_plugin_task() and only if it isn't, the
> 'plugin.' prefix is checked. We might change the order of these checks
> and give precedence to 'plugin.*' actions but I can't imagine the
> side-effects such a change might have.
> A work-around for your particular situation could be to execute
> rcmail.http_post('mail/plugin.carddav-addressbook-sync') or
> rcmail.http_post('foo/plugin.carddav-addressbook-sync') in order to
> not hit a task that is registered by a plugin.

(Continue reading)

Rosali | 14 Aug 15:52 2014

[RCD] Plugin API register task

Hello Devs,

I don't understand how I should handle $this->register_task.

I have noticed if a plugin is running on its own task then it behaves 

I think it is best to give an example:

I inlude a javascript file into each task which triggers an AJAX sync 
request as follows:

           rcmail.env.task == 'addressbook' ? 
'carddav'), 'loading') : false

If this request is executed f.e. in Kolab's calendar task I get an 

PHP Error: No handler found for action 
calendar.plugin.carddav-addressbook-sync in 
C:\xxxx\program\lib\Roundcube\rcube_plugin_api.php on line 462 (POST 

(Continue reading)

Lorenzo Petracchi | 13 Aug 09:27 2014

[RCD] adding transparent managesieve-vacation tests

Let managesieve-vacation plugin insert default tests in every users sieve
script, without the users see them on UI? Or do I need to modify the code
for this?

default tests to insert:
if allof (not exists
ist-archive","list-id","Mailing-List"], not header :is "Precedence"
["list","bulk","junk"], not header :matches "To" "Multiple recipients of*")

so I need to have something like this:

require ["vacation"];
# rule:[Vacanze]
if allof (not exists
ist-archive","list-id","Mailing-List"], not header :is "Precedence"
["list","bulk","junk"], not header :matches "To" "Multiple recipients of*")
    vacation :days 7 :addresses
["roundcube-test <at> unifi.it","rc-test <at> unifi.it"] :subject "assenza" text:
-- risposta automatica --

Sono assente. ciao

Roundcube Development discussion mailing list
(Continue reading)