How To Install Roundcube Webmail on AlmaLinux 10

Roundcube Webmail stands as one of the most popular open-source webmail solutions available today. This browser-based IMAP client offers a modern, intuitive interface that rivals commercial email platforms while maintaining complete control over your email infrastructure. Its rich feature set includes drag-and-drop functionality, advanced search capabilities, spell checking, address book management, and extensive plugin support.

AlmaLinux 10 provides the perfect foundation for hosting Roundcube Webmail. As a community-driven, enterprise-grade Linux distribution, AlmaLinux offers exceptional stability, security, and long-term support that makes it ideal for production email environments. The distribution’s binary compatibility with Red Hat Enterprise Linux ensures reliable performance and extensive software compatibility.

Modern businesses increasingly require sophisticated email solutions that provide both functionality and security. Roundcube delivers these requirements through its comprehensive webmail interface, while AlmaLinux 10 ensures the underlying infrastructure remains robust and secure. This combination creates a powerful email platform suitable for organizations of any size.

The installation process involves several interconnected components working together seamlessly. Understanding how these pieces fit together will help ensure a successful deployment and easier troubleshooting when issues arise.

Prerequisites and Environment Preparation

System Requirements and Initial Setup

Before beginning the Roundcube installation, ensure your AlmaLinux 10 system meets the minimum hardware requirements. A modern server with at least 2GB of RAM, 20GB of available disk space, and a dual-core processor will provide adequate performance for small to medium deployments. Larger organizations should consider scaling these specifications accordingly.

Root or sudo privileges are essential for installing and configuring the required components. Verify your administrative access before proceeding with any installation steps. This access will be necessary for installing packages, modifying system configurations, and managing services.

Network Configuration Essentials

Proper network configuration forms the foundation of any email server deployment. Configure a static IP address for your server to ensure consistent connectivity and reliable DNS resolution. Dynamic IP addresses can cause mail delivery issues and complicate SSL certificate management.

Set up a fully qualified domain name (FQDN) that properly resolves to your server’s IP address. This FQDN will be crucial for email delivery, SSL certificate generation, and overall server identification. Verify that both forward and reverse DNS lookups work correctly.

System Updates and Security

Update your AlmaLinux 10 system to the latest packages before installing any additional software:

sudo dnf update -y
sudo dnf upgrade -y

Install essential development tools and utilities that will be needed throughout the installation process:

sudo dnf groupinstall "Development Tools" -y
sudo dnf install wget curl unzip vim -y

Configure the system firewall to allow necessary services while maintaining security. The firewalld service should be enabled and properly configured to protect your server from unauthorized access.

Planning Your Mail and Webmail Architecture

Server Architecture Considerations

Deciding between a combined mail server and webmail server versus separate dedicated servers depends on your organization’s size, security requirements, and performance needs. A combined approach simplifies management and reduces costs for smaller deployments, while separate servers provide better security isolation and scalability for larger organizations.

For most small to medium businesses, hosting Roundcube on the same server as your mail services (Postfix and Dovecot) provides an efficient and cost-effective solution. This configuration reduces complexity while maintaining adequate performance and security.

DNS Configuration Requirements

Proper DNS configuration is critical for email delivery and webmail accessibility. Configure the following DNS records for optimal functionality:

• A Record: Points your webmail subdomain to your server’s IP address
• MX Record: Directs email delivery to your mail server
• SPF Record: Specifies authorized sending servers for your domain
• DKIM Record: Provides cryptographic authentication for outgoing emails
• DMARC Record: Defines policy for handling authentication failures

Consider using a dedicated subdomain like webmail.yourdomain.com for accessing Roundcube. This approach provides clear separation between your main website and webmail services while simplifying SSL certificate management.

Installing and Configuring the LAMP Stack

Apache Web Server Installation

Apache HTTP Server provides the web platform for serving Roundcube to users. Install Apache and enable it to start automatically:

sudo dnf install httpd -y
sudo systemctl enable httpd
sudo systemctl start httpd

Verify Apache is running correctly by checking its status:

sudo systemctl status httpd

Configure Apache to handle Roundcube’s specific requirements by enabling necessary modules:

sudo dnf install mod_ssl mod_rewrite -y

MariaDB Database Server Setup

MariaDB serves as the backend database for storing Roundcube’s configuration, user preferences, and other application data. Install and secure MariaDB:

sudo dnf install mariadb-server mariadb -y
sudo systemctl enable mariadb
sudo systemctl start mariadb

Run the security script to harden your MariaDB installation:

sudo mysql_secure_installation

Follow the prompts to set a strong root password, remove anonymous users, disable remote root login, and remove test databases. These steps significantly improve your database security.

PHP Installation and Configuration

Roundcube requires PHP with specific extensions for full functionality. Install PHP and required modules:

sudo dnf install php php-mysqlnd php-gd php-mbstring php-curl php-xml php-zip php-intl php-ldap -y

Configure PHP settings for optimal Roundcube performance by editing /etc/php.ini:

sudo nano /etc/php.ini

Adjust the following settings:

• memory_limit = 256M
• upload_max_filesize = 25M
• post_max_size = 25M
• max_execution_time = 300

Firewall and SELinux Configuration

Configure firewalld to allow HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Adjust SELinux policies to allow Apache to connect to the network and access required directories:

sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_sendmail 1

Creating and Securing the Roundcube Database

Database Creation Process

Create a dedicated database and user for Roundcube with appropriate privileges. Log into MariaDB as root:

sudo mysql -u root -p

Execute the following SQL commands to create the database and user:

CREATE DATABASE roundcube DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'SecurePassword123!';
GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Replace SecurePassword123! with a strong, unique password. Document these credentials securely as they will be needed during Roundcube configuration.

Database Security Best Practices

Implement additional security measures for your Roundcube database:

• Use complex passwords with a mix of uppercase, lowercase, numbers, and special characters
• Limit database user privileges to only what’s necessary for Roundcube operation
• Regularly backup database credentials in a secure password manager
• Monitor database access logs for unusual activity

Downloading and Extracting Roundcube

Obtaining the Latest Release

Download the latest stable Roundcube release from the official source. Navigate to your temporary directory and download the package:

cd /tmp
wget https://github.com/roundcube/roundcubemail/releases/download/1.6.5/roundcubemail-1.6.5-complete.tar.gz

Verify the download integrity if checksums are provided on the official download page. Extract the downloaded archive:

tar -xzf roundcubemail-1.6.5-complete.tar.gz

File System Setup

Create the Roundcube directory and move files to the appropriate location:

sudo mkdir -p /var/www/roundcube
sudo mv roundcubemail-1.6.5/* /var/www/roundcube/

Set proper ownership and permissions for Roundcube files:

sudo chown -R apache:apache /var/www/roundcube/
sudo chmod -R 755 /var/www/roundcube/

Create specific directories with appropriate permissions for logs and temporary files:

sudo mkdir -p /var/www/roundcube/temp /var/www/roundcube/logs
sudo chmod 777 /var/www/roundcube/temp /var/www/roundcube/logs

Configuring Apache for Roundcube

Virtual Host Configuration

Create a dedicated Apache virtual host configuration for Roundcube. Create a new configuration file:

sudo vim /etc/httpd/conf.d/roundcube.conf

Add the following virtual host configuration:

<VirtualHost *:80>
    ServerName webmail.yourdomain.com
    DocumentRoot /var/www/roundcube
    
    <Directory /var/www/roundcube>
        Options -Indexes
        AllowOverride All
        Require all granted
    </Directory>
    
    ErrorLog /var/log/httpd/roundcube_error.log
    CustomLog /var/log/httpd/roundcube_access.log combined
</VirtualHost>

SSL Certificate Implementation

Install Certbot for automatic SSL certificate management:

sudo dnf install certbot python3-certbot-apache -y

Obtain and configure an SSL certificate for your webmail domain:

sudo certbot --apache -d webmail.yourdomain.com

Certbot will automatically modify your Apache configuration to include SSL settings and redirect HTTP traffic to HTTPS. Verify the SSL configuration by testing the certificate:

sudo systemctl reload httpd

Apache Service Management

Restart Apache to apply all configuration changes:

sudo systemctl restart httpd

Enable Apache to start automatically on system boot and verify it’s running:

sudo systemctl enable httpd
sudo systemctl status httpd

Running the Roundcube Web Installer

Accessing the Installation Interface

Open your web browser and navigate to the Roundcube installer:

https://webmail.yourdomain.com/installer

The installer provides a web-based interface for configuring Roundcube’s settings. This approach simplifies the configuration process and helps identify potential issues early.

Database Configuration Step

In the installer’s database section, provide the connection details:

• Database type: MySQL
• Database server: localhost
• Database name: roundcube
• Database user name: roundcube
• Database password: [Your secure password]

Test the database connection to ensure proper connectivity before proceeding. The installer will validate these credentials and create necessary database tables.

IMAP and SMTP Configuration

Configure the email server settings that Roundcube will use:

IMAP Settings:

• Server: localhost
• Port: 993 (SSL) or 143 (STARTTLS)
• Use SSL: Yes (recommended)

SMTP Settings:

• Server: localhost
• Port: 587 (STARTTLS) or 465 (SSL)
• Use SSL: Yes (recommended)
• Authentication: Yes

Plugin Selection and Configuration

Select plugins based on your requirements. Essential plugins include:

• Password: Allows users to change passwords through the webmail interface
• Archive: Provides email archiving functionality
• Zipdownload: Enables downloading multiple emails as a ZIP file
• Managesieve: Allows server-side email filtering

Save the configuration file when prompted. The installer will generate /var/www/roundcube/config/config.inc.php with your specified settings.

Integrating Roundcube with Postfix and Dovecot

Postfix SMTP Configuration

Configure Postfix to work seamlessly with Roundcube for sending emails. Edit the main Postfix configuration:

sudo vim /etc/postfix/main.cf

Ensure the following settings are configured:

smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Dovecot IMAP Configuration

Verify Dovecot configuration for proper IMAP functionality. Check the main configuration file:

sudo vim /etc/dovecot/dovecot.conf

Ensure SSL is properly configured:

ssl = required
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem

Testing Email Functionality

Test email sending and receiving through the Roundcube interface. Create a test user account and verify that emails can be sent and received successfully. This testing validates the integration between Roundcube, Postfix, and Dovecot.

Securing Roundcube: Best Practices

Post-Installation Security Steps

Remove the installer directory immediately after completing the installation:

sudo rm -rf /var/www/roundcube/installer

This step prevents unauthorized access to the installation interface and potential security vulnerabilities.

File System Hardening

Implement strict file permissions to protect Roundcube files:

sudo chmod 644 /var/www/roundcube/config/config.inc.php
sudo chown root:apache /var/www/roundcube/config/config.inc.php

Restrict access to sensitive directories:

sudo chmod 750 /var/www/roundcube/config
sudo chmod 750 /var/www/roundcube/temp
sudo chmod 750 /var/www/roundcube/logs

Network Security Configuration

Configure firewall rules to allow only necessary ports:

sudo firewall-cmd --permanent --add-port=993/tcp  # IMAPS
sudo firewall-cmd --permanent --add-port=587/tcp  # SMTP submission
sudo firewall-cmd --reload

Fail2Ban Implementation

Install and configure Fail2Ban to protect against brute force attacks:

sudo dnf install fail2ban -y

Create a custom filter for Roundcube:

sudo vim /etc/fail2ban/filter.d/roundcube.conf

Add the following filter configuration:

[Definition]
failregex = FAILED login for .* from <HOST>
ignoreregex =

Configure a jail for Roundcube protection:

sudo vim /etc/fail2ban/jail.local

Add the Roundcube jail configuration:

[roundcube]
enabled = true
filter = roundcube
logpath = /var/www/roundcube/logs/userlogins
maxretry = 5
findtime = 600
bantime = 3600

Enabling and Configuring Roundcube Plugins

Plugin Management System

Roundcube’s plugin system extends functionality through modular components. Access plugin configuration through the main configuration file:

sudo vim /var/www/roundcube/config/config.inc.php

Enable plugins by adding them to the plugins array:

$config['plugins'] = array(
    'archive',
    'zipdownload',
    'password',
    'managesieve',
    'additional_message_headers'
);

Essential Plugin Configuration

Password Plugin Setup:

Configure the password plugin to allow users to change passwords:

sudo cp /var/www/roundcube/plugins/password/config.inc.php.dist /var/www/roundcube/plugins/password/config.inc.php
sudo vim /var/www/roundcube/plugins/password/config.inc.php

ManageSieve Plugin:

Enable server-side email filtering by configuring ManageSieve:

$config['managesieve_port'] = 4190;
$config['managesieve_host'] = 'localhost';
$config['managesieve_auth_type'] = null;

Third-Party Plugin Installation

Install additional plugins by downloading them to the plugins directory:

cd /var/www/roundcube/plugins/
sudo wget https://github.com/example/plugin-name/archive/master.zip
sudo unzip master.zip
sudo chown -R apache:apache plugin-name/

Advanced Security Measures

Two-Factor Authentication Implementation

Enhance security by implementing two-factor authentication through appropriate plugins. Search for compatible 2FA plugins that integrate with your existing authentication infrastructure.

Security Headers Configuration

Add security headers to Apache configuration for enhanced protection:

sudo vim /etc/httpd/conf.d/security.conf

Include the following headers:

Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Regular Security Auditing

Implement regular security audits using tools like:

• Lynis: System security auditing
• ClamAV: Antivirus scanning
• AIDE: File integrity monitoring

Schedule these tools to run automatically and review their reports regularly.

Customizing the Roundcube Interface

Theme and Skin Management

Roundcube includes multiple themes that can be configured per user or globally. Modify the default skin by editing the configuration:

$config['skin'] = 'elastic';

Available skins include Elastic (default), Classic, and Larry. Each provides different visual styles and user experience approaches.

Corporate Branding

Customize Roundcube with your organization’s branding by modifying templates and CSS files. Create custom logos and adjust color schemes to match corporate identity guidelines.

User Preference Configuration

Set default user preferences that align with organizational policies:

$config['default_charset'] = 'UTF-8';
$config['timezone'] = 'America/New_York';
$config['date_format'] = 'Y-m-d';
$config['time_format'] = 'H:i';

Troubleshooting Common Issues

Installation Problems

Missing PHP Extensions:

If the installer reports missing PHP extensions, install them using:

sudo dnf install php-[extension-name] -y
sudo systemctl restart httpd

Database Connection Errors:

Verify MariaDB is running and accessible:

sudo systemctl status mariadb
sudo mysql -u roundcube -p roundcube

Authentication Issues

IMAP Connection Failures:

Check Dovecot service status and configuration:

sudo systemctl status dovecot
sudo doveconf -n

Verify SSL certificates are properly configured and not expired.

SMTP Authentication Problems:

Examine Postfix logs for error messages:

sudo tail -f /var/log/maillog

Ensure SMTP authentication mechanisms are properly configured.

Performance Optimization

Slow Loading Issues:

Optimize PHP settings for better performance:

opcache.enable=1
opcache.memory_consumption=128
opcache.max_accelerated_files=4000

Enable Apache compression:

LoadModule deflate_module modules/mod_deflate.so
<Location />
    SetOutputFilter DEFLATE
</Location>

Log Analysis and Debugging

Monitor Roundcube logs for error messages and unusual activity:

sudo tail -f /var/www/roundcube/logs/errors
sudo tail -f /var/log/httpd/roundcube_error.log

Enable debug mode temporarily for detailed troubleshooting:

$config['debug_level'] = 4;
$config['log_driver'] = 'file';

Maintenance, Updates, and Scaling

Regular Update Procedures

Maintain system security by regularly updating all components:

sudo dnf update -y

Monitor Roundcube releases for security updates and new features. Download and test updates in a staging environment before applying to production.

Backup Strategies

Implement comprehensive backup procedures covering:

• Database: Regular MySQL dumps
• Configuration: Roundcube config files
• Mail data: Complete mailbox backups
• SSL certificates: Certificate and key files

Automate backups using cron jobs:

sudo crontab -e

Add backup schedule:

0 2 * * * /usr/local/bin/backup-roundcube.sh

Performance Monitoring

Monitor system performance using tools like:

• htop: Real-time process monitoring
• iotop: Disk I/O monitoring
• netstat: Network connection analysis

Set up monitoring alerts for critical thresholds like disk space, memory usage, and service availability.

Scaling Considerations

For growing organizations, consider:

• Load balancing: Distribute traffic across multiple servers
• Database optimization: Implement master-slave replication
• Caching: Add Redis or Memcached for session storage
• CDN integration: Serve static assets through content delivery networks

Frequently Asked Questions

Can Roundcube run on nginx instead of Apache?

Yes, Roundcube works with nginx. The configuration requires adjusting virtual host settings and ensuring proper PHP-FPM integration.

What PHP version does Roundcube require?

Roundcube requires PHP 7.3 or higher, with PHP 8.x providing better performance and security features.

Is Roundcube suitable for large enterprises?

Roundcube scales well for enterprise environments when properly configured with appropriate infrastructure including load balancing, database optimization, and caching systems.

How do I troubleshoot SSL certificate issues?

Verify certificate validity using SSL testing tools, check Apache SSL configuration, and ensure proper certificate chain installation.

What’s the safest way to upgrade Roundcube?

Always backup your installation, test upgrades in a staging environment, and follow the official upgrade documentation step-by-step.

Congratulations! You have successfully installed Roundcube. Thanks for using this tutorial for installing Roundcube Webmail on your AlmaLinux 10 system. For additional help or useful information, we recommend you check the official Roundcube Webmail website.