Mail Server Series — Part 9
In the previous chapters, we completed:
- Postfix (SMTP)
- Dovecot (IMAP/POP3)
- Amavis / ClamAV / SpamAssassin (security filtering)
- MariaDB + PostfixAdmin (domain & mailbox management)
- Piler (email archiving)
- Manticore Search (full-text search with Chinese tokenizer)
In this article, we will deploy Roundcube Webmail and integrate it with our mail ecosystem.
This chapter covers:
- ✔ Deploying Roundcube using Docker
- ✔ IMAP over TLS
- ✔ SMTP Submission over TLS
- ✔ Dovecot ManageSieve integration (server-side filters)
- ✔ Proxying Roundcube behind Apache/Nginx
- ✔ Logging and troubleshooting
Roundcube is a lightweight, modern, and extensible webmail solution widely adopted for enterprise and educational environments.
Let’s begin.
1. Why Roundcube Webmail?
Roundcube provides essential capabilities such as:
| Use Case | Benefits |
|---|---|
| Users traveling | Check email via browser without installing clients |
| Mobile/Tablet access | Works on all browsers |
| Internal testing | Validate IMAP/SMTP functionality |
| Small/medium enterprises | No need to install Outlook/Thunderbird |
| Custom integration | Plugins, branding, SSO, user tools |
Roundcube supports:
- IMAP / SMTP
- TLS/SSL
- ManageSieve (server-side rules)
- Plugins (Calendar, signatures, etc.)
2. Creating Required Directories
mkdir -p /opt/docker/mail/roundcube/config
mkdir -p /opt/docker/mail/roundcube/db
mkdir -p /opt/docker/mail/roundcube/log
chown -Rf 33:33 /opt/docker/mail/roundcube/db
chown -Rf 33:33 /opt/docker/mail/roundcube/log
Roundcube runs as user www-data (UID 33).
SQLite and log directories must be writable.
3. Pull the Official Docker Image
We use the secure non-root version:
docker pull roundcube/roundcubemail:1.6.11-apache-nonroot
4. Container Startup Script (webmail.sh)
docker run -dit --name webmail \
--restart=always \
--network intranet-net \
--add-host it.demo.tw:172.18.0.1 \
-e TZ=Asia/Taipei \
-e ROUNDCUBEMAIL_DEFAULT_HOST=tls://it.demo.tw \
-e ROUNDCUBEMAIL_DEFAULT_PORT=143 \
-e ROUNDCUBEMAIL_SMTP_SERVER=tls://it.demo.tw \
-e ROUNDCUBEMAIL_SMTP_PORT=587 \
-e ROUNDCUBEMAIL_DB_TYPE=sqlite \
-e ROUNDCUBEMAIL_USERNAME_DOMAIN=it.demo.tw \
-e ROUNDCUBEMAIL_PLUGINS=managesieve \
-v $PWD/config:/var/roundcube/config \
-v $PWD/db:/var/roundcube/db \
-v $PWD/config/managesieve.config.inc.php:/var/roundcube/plugins/managesieve/config.inc.php \
roundcube/roundcubemail:1.6.11-apache-nonroot
Roundcube connects to:
| Purpose | Protocol |
|---|---|
| IMAP | TLS (STARTTLS) on port 143 |
| SMTP | TLS (Submission) on port 587 |
**5. Roundcube Main Configuration
(config.inc.php)**
Path:
/opt/docker/mail/roundcube/config/config.inc.php
date_default_timezone_set('Asia/Taipei');
$config['default_host'] = 'tls://it.demo.tw';
$config['default_port'] = 143;
$config['imap_conn_options'] = [
'ssl' => [
'verify_peer' => true,
'verify_peer_name' => true,
],
];
$config['smtp_server'] = 'tls://it.demo.tw';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_conn_options'] = [
'ssl' => [
'verify_peer' => true,
'verify_peer_name' => true,
],
];
$config['smtp_helo_host'] = 'webmail.it.demo.tw';
$config['smtp_log'] = true;
$config['log_driver'] = 'file';
$config['log_dir'] = '/var/log/webmail';
$config['debug_level'] = 4;
6. ManageSieve Plugin (Server-side Email Rules)
Path:
/opt/docker/mail/roundcube/config/managesieve.config.inc.php
Content:
<?php
$config['managesieve_host'] = 'tls://dovecot';
$config['managesieve_port'] = 4190;
$config['managesieve_usetls'] = false;
$config['managesieve_conn_options'] = [
'ssl' => [
'verify_peer' => true,
'verify_peer_name' => true,
'peer_name' => 'it.demo.tw',
'cafile' => '/etc/ssl/certs/ca-certificates.crt',
],
];
This allows Roundcube users to manage:
- Auto-sorting filters
- Spam/Ham custom rules
- Auto-forward
- Vacation autoreply
- Per-folder routing
7. Reverse Proxy Setup (Apache)
Roundcube is accessed through HTTPS, served by Apache proxy.
(1) HTTP → HTTPS Redirect
<VirtualHost *:80>
ServerName webmail.it.demo.tw
RewriteEngine on
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
(2) HTTPS Proxy to Webmail Container
<VirtualHost *:443>
ServerName webmail.it.demo.tw
ProxyPass / http://webmail:8000/
ProxyPassReverse / http://webmail:8000/
SSLCertificateFile /etc/letsencrypt/live/webmail.it.demo.tw/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.it.demo.tw/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Benefits:
- Centralized SSL certificate handling
- Clean architecture
- Roundcube container remains HTTP-only internally
8. Common Troubleshooting
❌ IMAP login failed
Cause: firewall blocks container → host (143/993)
Example fix:
iptables -t filter -I DOCKER-USER 1 \
-s 172.18.0.0/16 -d 172.18.0.1 -p tcp -j ACCEPT
❌ SMTP authentication failed
Check master.cf:
submission inet ...
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=inet:dovecot:12345
❌ ManageSieve errors
Verify:
- Dovecot managesieve enabled
- Roundcube plugin loaded
- TLS settings match Dovecot
9. What Users Can Do After Installation
Users can:
- ✔ Send/receive email (IMAP/SMTP/TLS)
- ✔ Manage email folders
- ✔ Edit server-side Sieve rules
- ✔ Configure signatures
- ✔ Search emails
- ✔ Use mobile browsers to access mail
Admins can:
- Use Webmail for diagnostics/testing
- Validate authentication and message flow
- Test filters/sieve rules easily
10. Conclusion
In this article, we completed:
✔ Deploying Roundcube Webmail using Docker
✔ Integrating IMAP/SMTP via TLS
✔ Enabling server-side Sieve rule management
✔ Configuring HTTPS reverse proxy
✔ Troubleshooting common issues
With Roundcube in place, our mail system now offers:
- A complete and user-friendly Webmail interface
- Secure email access
- Server-side filtering rules
- Full integration with Postfix + Dovecot
- Seamless access to the Piler archive system