Roundcube (Mis-)Configuration Issues

Portal Home > Knowledgebase > Articles Database > Roundcube (Mis-)Configuration Issues

Posted by Ankheg, 08-09-2010, 02:45 PM
For anyone who's running Roundcube, there's an interesting issue we recently discovered which you should probably know about: By default, Roundcube generates (in program/steps/mail/func.inc) e-mail message IDs with the following code: This is a problem in many installations. Why? Because in 99% of installations, this will result in a message ID along the lines of ...which is not compliant with RFC2822, which mandates that that a message ID ...and then goes on to recommend the use of the originating domain name (i.e. hostname), or equivalent, on the right hand side of the message ID, to ensure uniqueness. The issue here is that Roundcube choose to use the IMAP hostname from the config file, which is "localhost" in probably better than 99% of installations, as the right-hand side of the message ID. This (IMO) is flawed, and should be changed by them. Why should you care? Because a large number of anti-spam systems in widespread use - including SpamAssassin and ASSP, to name just two - will flag 1234567887654321@localhost Message-ID headers as invalid, and score affected messages appropriately. (This is possibly based on a too-literal interpretation of RFC2822, but that's another issue for another day; let's just say that the widespread de-facto standard is to have a FQDN in the Message-ID header, and failure to comply with this standard can and will impair your ability to successfully deliver electronic mail.) (This, by the way, may also affect delivery to Yahoo and MSN, and was a phenomenally fun issue to troubleshoot, may I add.) If you're currently using Roundcube, I'd suggest you edit the config/main.inc.php file on your server(s) and ensure that the ...line be amended to something like ...as this will make your outgoing message IDs (more) RFC-compliant, and more importantly make them breeze through really anal antispam checks with ease. You're welcome.
Posted by xeonfan, 08-09-2010, 05:16 PM
if this bug really exists, how about submitting a Bug Report to RC developers. You'll help lot more people than you could imagine and help here.
Posted by Ankheg, 08-09-2010, 05:56 PM
It's on my list of things to do.
Posted by allsimple, 08-09-2010, 07:43 PM
Useful to know, thanks!