Roundcube Webmail 1.2-beta out now

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Roundcube Webmail 1.2-beta out now

Thomas Bruederli-2
We're proud to announce that the beta release of the next major
version 1.2 of Roundcube webmail is out now for download and testing.
With this milestone
we introduce new features primarily focusing on security and PGP encryption:

* PHP7 compatibility
* PGP encryption
* Drag-n-drop attachments from mail preview to compose window
* Mail messages searching with predefined date interval
* Improved security measures to protect from brute-force attacks

And of course plenty of small improvements and bug fixes.

The PGP encryption support in Roundcube comes with two options:

Mailvelope
--------------
The integration of this browser plugin [1] for Firefox and Chrome
comes  out of the box in Roundcube 1.2 and is enabled if the
Mailvelope API is detected in a user's browser. See the Mailvelope
documentation [2] how to enable it for your site.

Read more about the Mailvelope integration and how this looks like in
Alec's blog [3].

Enigma plugin
-------------------
This Roundcube plugin adds server-side PGP encryption features to
Roundcube. Enabling this means that users need to fully trust the
webmail server as encryption is done on the server GnuPG and private
keys are also stored there.

In order to activate server-side PGP encryption for all your users,
the 'enigma' plugin, which is shipped with this package, has to be
enabled in the Roundcube config. See the plugin's README for details.

Also read Alec's blogpost about the Enigma plugin and how it works [4].

Both encryption features are pretty new and not yet perfectly
documented. We'd much appreciate your feedback and your contribution
to the end-user documentation [5] or our wiki page [6].

IMPORTANT: with this version, we finally deprecate some old Roundcube
library functions [7]. Plugin developers, please test your plugins
thoroughly and look for deprecation warnings in the logs. These
function will be removed in the final 1.2.0 release and can therefore
render plugins dysfunctional.

See the full changelog on trac.roundcube.net [8] and download the new
packages from https://roundcube.net/download

Please note that this is a beta release and we recommend to test it on
a separate environment. And don't forget to backup your data before
installing it!

Enjoy and please share your experience either through our mailing
lists or as comments in the blog posts mentioned above.

Kind regards,
Thomas


[1] https://www.mailvelope.com
[2] https://www.mailvelope.com/en/help#watchlist
[3] https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encryption/
[4] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/
[5] http://trac.roundcube.net/wiki/Online_Help
[6] http://trac.roundcube.net/wiki/Dev_Encryption
[7] https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.php
[8] http://trac.roundcube.net/wiki/Changelog
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube Webmail 1.2-beta out now

Noel Butler
Awesome features Thomas and Alec,one thing though, may I suggest that
for enigma key storage, it be an option to store in a DB rather than on
file system, since a fair few of us I imagine keep everything to do with
users in MySQL/MariaDB.


just a though for future...

Cheers



On 24/11/2015 02:15, Thomas Bruederli wrote:

> We're proud to announce that the beta release of the next major
> version 1.2 of Roundcube webmail is out now for download and testing.
> With this milestone
> we introduce new features primarily focusing on security and PGP
> encryption:
>
> * PHP7 compatibility
> * PGP encryption
> * Drag-n-drop attachments from mail preview to compose window
> * Mail messages searching with predefined date interval
> * Improved security measures to protect from brute-force attacks
>
> And of course plenty of small improvements and bug fixes.
>
> The PGP encryption support in Roundcube comes with two options:
>
> Mailvelope
> --------------
> The integration of this browser plugin [1] for Firefox and Chrome
> comes  out of the box in Roundcube 1.2 and is enabled if the
> Mailvelope API is detected in a user's browser. See the Mailvelope
> documentation [2] how to enable it for your site.
>
> Read more about the Mailvelope integration and how this looks like in
> Alec's blog [3].
>
> Enigma plugin
> -------------------
> This Roundcube plugin adds server-side PGP encryption features to
> Roundcube. Enabling this means that users need to fully trust the
> webmail server as encryption is done on the server GnuPG and private
> keys are also stored there.
>
> In order to activate server-side PGP encryption for all your users,
> the 'enigma' plugin, which is shipped with this package, has to be
> enabled in the Roundcube config. See the plugin's README for details.
>
> Also read Alec's blogpost about the Enigma plugin and how it works [4].
>
> Both encryption features are pretty new and not yet perfectly
> documented. We'd much appreciate your feedback and your contribution
> to the end-user documentation [5] or our wiki page [6].
>
> IMPORTANT: with this version, we finally deprecate some old Roundcube
> library functions [7]. Plugin developers, please test your plugins
> thoroughly and look for deprecation warnings in the logs. These
> function will be removed in the final 1.2.0 release and can therefore
> render plugins dysfunctional.
>
> See the full changelog on trac.roundcube.net [8] and download the new
> packages from https://roundcube.net/download
>
> Please note that this is a beta release and we recommend to test it on
> a separate environment. And don't forget to backup your data before
> installing it!
>
> Enjoy and please share your experience either through our mailing
> lists or as comments in the blog posts mentioned above.
>
> Kind regards,
> Thomas
>
>
> [1] https://www.mailvelope.com
> [2] https://www.mailvelope.com/en/help#watchlist
> [3]
> https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encryption/
> [4]
> https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/
> [5] http://trac.roundcube.net/wiki/Online_Help
> [6] http://trac.roundcube.net/wiki/Dev_Encryption
> [7]
> https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.php
> [8] http://trac.roundcube.net/wiki/Changelog
> _______________________________________________
> Roundcube Users mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/users

--
If you have the urge to reply to all rather than reply to list, you best
read  http://members.ausics.net/qwerty/
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube Webmail 1.2-beta out now

A.L.E.C
On 11/24/2015 08:18 AM, Noel Butler wrote:
> Awesome features Thomas and Alec,one thing though, may I suggest that
> for enigma key storage, it be an option to store in a DB rather than on
> file system, since a fair few of us I imagine keep everything to do with
> users in MySQL/MariaDB.

As I know GnuPG does not talk SQL. So, we need keys in the filesystem
anyway. However, I agree that using (redundant) SQL storage may be
needed e.g. for multi-server installations.

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        [http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube Webmail 1.2-beta out now

Noel Butler
On 24/11/2015 17:34, A.L.E.C wrote:

> On 11/24/2015 08:18 AM, Noel Butler wrote:
>> Awesome features Thomas and Alec,one thing though, may I suggest that
>> for enigma key storage, it be an option to store in a DB rather than
>> on
>> file system, since a fair few of us I imagine keep everything to do
>> with
>> users in MySQL/MariaDB.
>
> As I know GnuPG does not talk SQL. So, we need keys in the filesystem
> anyway. However, I agree that using (redundant) SQL storage may be
> needed e.g. for multi-server installations.


yes! this is why I suggest a  "fair few of us use mysql" etc :)

not an easy solution, though since we use NFS, it may be easier than I
first thought, so long as there is a way to link keys-on-fs to each user
so that should user X delete their email, it deletes their keys as well
(which is simple in sql), I will play around with this on our dev server
this week if I can hopefully before holidays

--
If you have the urge to reply to all rather than reply to list, you best
read  http://members.ausics.net/qwerty/
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube Webmail 1.2-beta out now

A.L.E.C
On 11/24/2015 12:00 PM, Noel Butler wrote:
> not an easy solution, though since we use NFS, it may be easier than I
> first thought, so long as there is a way to link keys-on-fs to each user
> so that should user X delete their email, it deletes their keys as well
> (which is simple in sql)

As we have bin/deluser.sh script, enigma plugin should just do the
cleanup on user_delete_commit hook. There's no other automation for user
deletes in Roundcube.

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        [http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube Webmail 1.2-beta out now

Noel Butler
On 24/11/2015 21:22, A.L.E.C wrote:

> On 11/24/2015 12:00 PM, Noel Butler wrote:
>> not an easy solution, though since we use NFS, it may be easier than I
>> first thought, so long as there is a way to link keys-on-fs to each
>> user
>> so that should user X delete their email, it deletes their keys as
>> well
>> (which is simple in sql)
>
> As we have bin/deluser.sh script, enigma plugin should just do the
> cleanup on user_delete_commit hook. There's no other automation for
> user
> deletes in Roundcube.


No, but in CRM software that does all the commanding
(add/del/suspend/mod user/alias etc etc etc) it is critical, if it sends
a deluser, it just backs up all relative user rows in the databases for
Rc and the plugins like addressbook and so on, then deletes the rows,
then it  goes off and does physical delete of that users vmail directory
(unless its a users primary a/c which can only be deleted by
close-customers it also backs up their mail), so, so long as there can
be some reference to match it up, our other physical cleanup scripts
(written in perl) cleans up whats left behind - but needs a way to know
what it should cleanup.

I'll look at it more when I throw it on the dev box, hopefully before
holidays.

--
If you have the urge to reply to all rather than reply to list, you best
read  http://members.ausics.net/qwerty/
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users