Greetings, I'm in the process of building a new (vCenter 7.0.2) VMware virtual machine (Ubuntu 20.04.02) using the Automated Installer with the below parameters. The VM is behind a pfsense 1:1 NAT translation firewall for security reasons as vCenter functionality is desired, i.e., vMotion, cluster load balancing, etc. No matter what I've tried, the control panel (8080) cannot get an acme.sh certificate, so for $5 a commercial cert is being used then manually building the /usr/local/ispconfig/interface/ssl/ispconfig.pem (key + crt) and replacing the content in .key & .crt accordingly; then following up with ispconfig_update.sh --force (answering no to new cert). When building the ispconfig.pem file, should the issuing cert bundle be included below the crt entry? Example file concatenation, key, crt, intermediate and root? Expand: AI Link https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ I want to complement and thank the developers for the AI. It has surely matured from the initial stages and my previous attempts of usage. I would also like to share the experience and put some additional feature requests into the mix. Is there a dedicated place for those conversations? Code: wget -O - https://get.ispconfig.org | sh -s -- --use-php=7.3,7.4,8.0 --use-ftp-ports=40110-40210 --unattended-upgrades==autoclean,reboot --i-know-what-i-am-doing echo "A.B.C.D" > /etc/pure-ftpd/conf/ForcePassiveIP && service pure-ftpd-mysql restart The ISPConfig Roundcube remote user (with the 11 required permissions + remote with the single Roundcube plugins function + remote) and plugins are installed and functioning properly using the supplied link and below instructions. Expand: Plugin Link https://www.howtoforge.com/install-ispconfig-3-roundcube-plugins-on-debian-10/ Expand: ISPConfig Plugin Installation Code: mkdir -p /root/install cd /root/install wget https://github.com/w2c/ispconfig3_roundcube/archive/master.zip unzip master.zip cd ./ispconfig3_roundcube-master cp -r ./ispconfig3_* /usr/share/roundcube/plugins ln -s /usr/share/roundcube/plugins/ispconfig* /var/lib/roundcube/plugins/ cp /usr/share/roundcube/plugins/ispconfig3_account/config/config.inc.php.dist /usr/share/roundcube/plugins/ispconfig3_account/config/config.inc.php # Edit the remote user credentials nano /usr/share/roundcube/plugins/ispconfig3_account/config/config.inc.php Taking it further, setting useful UI defaults and installing the Context Menus from the thread was accomplished using the following. Expand: Tweaking Thread Link https://www.howtoforge.com/community/threads/tweaking-the-roundcube-settings.86387/ Expand: Context Menu Plugin Installation Code: mkdir -p cd /root/install/contextmenu cd /root/install/contextmenu wget https://github.com/johndoh/roundcube-contextmenu/archive/refs/tags/3.2.1.zip unzip 3.2.1.zip cd ./roundcube-contextmenu-3.2.1 mkdir /usr/share/roundcube/plugins/contextmenu cp -r ./* /usr/share/roundcube/plugins/contextmenu ln -s /usr/share/roundcube/plugins/contextmenu /var/lib/roundcube/plugins/contextmenu To enact the plugin installation, edit the file Code: nano /etc/roundcube/config.inc.php Changes to the $config['plugins'] = array(); value must include the double quoted list of named plugins (separated by a comma) to enable. Note that the jqueryui plugin must be first. PHP: $config['plugins'] = array("jqueryui", "ispconfig3_account", "ispconfig3_autoreply", "ispconfig3_pass", "ispconfig3_spam", "ispconfig3_fetchmail", "ispconfig3_filter", "ispconfig3_forward", "contextmenu"); The UI enhancements/defaults are taken (and modified) from the above tweaking thread and appended in /etc/roundcube/config.inc.php Expand: UI Tweaks PHP: // ----------------------------------// USER INTERFACE custom settings// ----------------------------------// default messages sort column. Use empty value for default server's sorting,// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc'$config['message_sort_col'] = 'date';// the default locale setting (leave empty for auto-detection)// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR$config['language'] = 'en_US';// use this format for date display (date or strftime format)$config['date_format'] = 'm-d-Y';// use this format for detailed date/time formatting (derived from date_format and time_format)$config['date_long'] = 'm-d-Y H:i';// Message size limit. Note that SMTP server(s) may use a different value.// This limit is verified when user attaches files to a composed message.// Size in bytes (possible unit suffix: K, M, G)$config['max_message_size'] = '100M';// Maximum number of recipients per message (including To, Cc, Bcc).// Default: 0 (no limit)$config['max_recipients'] = 50;// Set identities access level:// 0 - many identities with possibility to edit all params// 1 - many identities with possibility to edit all params but not email address// 2 - one identity with possibility to edit all params// 3 - one identity with possibility to edit all params but not email address// 4 - one identity with possibility to edit only signature$config['identities_level'] = 3;// ----------------------------------// USER PREFERENCES custom settings// ----------------------------------// sort contacts by this col (preferably either one of name, firstname, surname)$config['addressbook_sort_col'] = 'firstname';// display remote inline images// 0 - Never, always ask// 1 - Ask if sender is not in address book// 2 - Always show inline images$config['show_images'] = 2;// Default interval for auto-refresh requests (in seconds)// These are requests for system state updates e.g. checking for new messages, etc.// Setting it to 0 disables the feature.$config['refresh_interval'] = 120;// Enables adding of standard separator to the signature$config['sig_separator'] = false;// When replying:// -1 - don't cite the original message// 0 - place cursor below the original message// 1 - place cursor above original message (top posting)// 2 - place cursor above original message (top posting), but do not indent th$$config['reply_mode'] = 2;// compose html formatted messages by default// 0 - never,// 1 - always,// 2 - on reply to HTML message,// 3 - on forward or reply to HTML message// 4 - always, except when replying to plain text message$config['htmleditor'] = 1;// Enables display of email address with name instead of a name (and address in title)$config['message_show_email'] = true; Now that the long winded introduction and configuration is over, on to the question. The goal is to increase the maximum message/attachment size to 100M. I have searched for ways to increase this and two recurring approaches are mentioned. The first is that roundcube will use the PHP version (default 7.4 in this case) from /etc/php/7.4/fpm/php.ini. After modifying the file and restarting php7.4-fpm, the below values are set and active. The second approach was to set the $config['max_message_size'] in the /etc/roundcube/config.inc.php file; it is set per the above detail. Having to increase the default post and upload sizes does not give me warm and fuzzy feeling as that becomes system-wide for PHP 7.4. I would typically override this setting at the client website options/custom php settings. Will this create a problem later on? Code: cat /etc/php/7.4/fpm/php.ini | grep post_max_size post_max_size = 125M cat /etc/php/7.4/fpm/php.ini | grep upload_max_filesize upload_max_filesize = 125M Further reviewing postfix, the value is zero implying unlimited Code: cat /etc/postfix/main.cf | grep message_size_limit message_size_limit = 0 # Alt method postconf | grep message_size_limit message_size_limit = 0 With the above modified PHP and UI settings, roundcube produces a maximum size of 75M. How can I get this valued bumped up to the requested 100M sizing? On a personal note, I am not a believer that email should be used for such large files. The client needs are for high resolution camera raw files and small video clips. I am in the process of re-education and implementing Nextcloud for the client which is better suited with storage capacity as needed but that does not resolve the ask. I absolutely love Nextcloud; it too has matured into a very nice product but I only use the community edition. I'm glad that I have spent the time with roundcube. If I can make roundcube as full featured and robust as Outlook Web Access, then I can present an alternative to the Exchange hosting currently offered but that's for a different thread. Thanks!
ISPConfig uses only the key and certificate for the letsencrypt hook. https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller/-/issues Note there is now a single permission you should use for the roundcube plugins, the others are *way* too broad (though required at the time). With base64 encoding, every 3 bytes of input is 4 bytes of output - possibly this explains your 75M max (input = 100M output). Just a guess, but try setting that at 200M and see if it changes.
I could not locate anything other than the original link posted which has the broad permissions. Can you please point me to what the new permissions should be? OK, changed the configuration as displayed below and now have a 100M message size reported in roundcube. Code: cat /etc/roundcube/config.inc.php | grep max_message_size $config['max_message_size'] = '134M'; cat /etc/php/7.4/fpm/php.ini | grep post_max_size post_max_size = 720M cat /etc/php/7.4/fpm/php.ini | grep upload_max_filesize upload_max_filesize = 720M Thanks for your help Jesse, it is appreciated.
Probably the permission Code: Roundcube plugins functions I have not found any documentation on that, though. That permission is in ISPConfig 3.2.5 at least. I do not know when it appeared. PS Now I did find: https://www.howtoforge.com/community/threads/ispconfig3_roundcube-security.86410/
Reading the above supplied thread, it definitely reduces the security exposure footprint. I have removed the 11 permissions and have now only selected the "Roundcube plugin functions" and have successfully tested the ISPConfig plugins. I would +1 suggest modifying the original thread covering the installation guide. Additionally, I have experimented with the "Remote Access" setting and have found that it is required for the plugin to function. Thanks for your help Taleman, it is appreciated.