Page 1 of 1

[BUG] Roundcube Webmail Can Not Write Logs

Posted: Mon Sep 28, 2015 10:25 pm
by SCelik
I think roundcube openbasedir directives is missing for logging directory. A lot of errors logged becouse of this and roundcube can not write logs.
[Tue Sep 29 01:24:23 2015] [error] [client] PHP Warning: ini_set(): open_basedir restriction in effect. File(/var/log/roundcubemail//errors) is not within the allowed path(s): (/home/admin/web:/home/admin/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/usr/share/phpMyAdmin/config:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube) in /usr/share/roundcubemail/program/lib/Roundcube/rcube_config.php on line 258

Re: [BUG] Roundcube Webmail Can Not Write Logs

Posted: Wed Sep 13, 2017 8:55 am
by Felix
Thanks SCelik for posting that info. I had the same problem and managed to solve it using your input.

I'd like to add some more info.

In the default VESTA setup in Ubuntu 14.04 and 16.04, the directory /var/log/roundcube is owned by www-data and belogns to group adm. But in this setup, I needed to set RW permissions to Others for logging to work. So I set www-data (Owner) and admin (Group) with no permissions to others. I think it's also worth mentioning that the domain https://[server-FQDN]/roundcube belongs to VESTA user admin.

In order to be able to identify users logging in to fight spam if/when needed, I also enabled some more Roundecube logging in /etc/roundcube/

Code: Select all

// Log successful logins to <log_dir>/userlogins or to syslog
$rcmail_config['log_logins'] = true;

// Log session authentication errors to <log_dir>/session or to syslog
$rcmail_config['log_session'] = true;

and created the relevant files. The above setup is working fine for my needs :)

Re: [BUG] Roundcube Webmail Can Not Write Logs

Posted: Thu Sep 14, 2017 6:00 am
by Felix
And since we're looking at Roundcube, it would be a good idea to configure Roundcube to use SMTP and NOT php mail()

If this option is left blank, the PHP mail() function is used to send emails. We don't recommend this because mail() suffers of some limitations and doesn't restrict sending to authenticated users only.
Here is another reason why.