Roundcube Settings Reference Guide

Roundcube is configured using a default settings file, a settings file for site-specific configuration, host-specific configuration files, and configuration files specific to plugins.

The configuration inheritance model looks as follows:


This configuration file ships the default settings for Roundcube.


On the expanded sources (from tarball releases), this file is at your/install/path/config/ On packaged distributions however, this path is a symbolic link to /etc/roundcubemail/


Site-specific global settings are in this configuration file.


On the expanded sources (from tarball releases), this file starts out as your/install/path/config/

You would rename this original .dist file to your/install/path/config/, but on packaged distributions, this is already done by the packaging. Similar to, this configuration file also lives in /etc/roundcubemail/, at /etc/roundcubemail/ to be precise, and a symbolic link is created from to original file location to this location.


<site> being a placeholder for an arbitrary site name, Roundcube allows the inclusion of additional configuration using the include_host_config setting.

This is, however, NOT the recommended solution.


Each plugin that requires configuration ships a

As you may have suspected, these configuration files too are created symbolic links for, to /etc/roundcubemail/<plugin_name>.inc.php.

Since the configuration files are PHP code that is being executed while the configuration loads, one might add include statements such that configured condititions load additional configuration files on top of the aforementioned four (types).

For example, /etc/roundcubemail/ might have a segment to establish defaults at the start, then include a site specific configuration file:

// Do test whether the file exists before requiring it.
if (file_exists(dirname(__FILE__) . PATH_SEPARATOR . $_SERVER["HTTP_HOST"] . PATH_SEPARATOR . basename(__FILE__))) {
    require_once(dirname(__FILE__) . PATH_SEPARATOR . $_SERVER["HTTP_HOST"] . PATH_SEPARATOR . basename(__FILE__));

and then re-apply mandatory defaults:

$mandatory_plugins = Array(
        'kolab_auth',           # Applies globally required routines
                                # including authentication,
                                # authorization and canonification.

        'kolab_folders',        # Hides groupware folders if the
                                # plugins for them are not loaded.

foreach ( $mandatory_plugins as $num => $plugin ) {
    if (!in_array($plugin, $config['plugins'])) {
            $config['plugins'][] = $plugin;

Database Settings


The database URI read-only operations.

Read operations are executed against this URI, but – by default – only if there is no penalty requiring Roundcube to reconnect or separately connect to this DSN after one or more write operations.

In a replicated database environment, the write vs. read operations might be balanced unfairly – see db_dsnw_noread.


The write DSN to the database.

If specified exclusively, meaning db_dsnr is an empty value, or the same value, the write DSN becomes the database URI for both write and read operations.


Only applicable if db_dsnr is set to a non-empty value not equal to db_dsnw, this setting adjusts the default behaviour of Roundcube with regards to database read operations.

By default, when Roundcube writes out to a database, subsequent read operations are executed over the same database connection.

This may not be desirable in a replicated database environment, for most page hits (by far) include one or more write operations against the database – such as an update to the session – resulting in write vs. read operations being unfairly balanced between the write master(s) and read-only slave(s).

Set db_dsnw_noread to true to ensure all read operations are executed against read slave(s) rather then write master(s), despite the potential overhead in needing to create a new database connection, and regardless of the read slave(s) potentially lagging in replication.


Setting db_dsnw_noread to true implies you have your database replication sorted out, and monitored continuously.

There is great benefit in enabling this setting when you have multiple read slaves with optimal query cache settings, versus limited numbers of write masters.


Whether or not pconnect() or simply connect() capabilities should be used if at all available.

Persistent connections, as the name suggests, are not closed when the processing of a request ends. When using persistent connections, you’re trusting the verification routines that PHP applies to make sure a connection that was around already, and is being re-used, is not suddenly privileged more or less than it should be, and is the right database server and database.

You enable persistent connections to reduce the overhead of needing to build new database connections on every request.


Prefix Roundcube’s table names with the prefix configured here.

When, for example, only a single database is available to you, should multiple applications you wish to run both have a table named users, than specify a db_prefix to make sure the Roundcube table for users can be created next to an existing table users, and avoid the conflict in the schema definitions for the tables.

Example Configuration

$config['db_prefix'] = 'rc_';


Sadly, this setting has not yet been documented.

See also

For more database related settings, see also:

IMAP Settings


Cache generic IMAP metadata, such as lists of mailboxes, and the last known status of each mailbox in that list.

The default for Roundcube is set to null, meaning not cache anything. In Kolab Groupware, the default is db (see below).

In many deployments, disk I/O on the IMAP server is a major concern and possibly a bottleneck, so it is recommended to turn on caching.

If caching is not enabled, Roundcube will address IMAP directly every time it needs metadata about IMAP folders.

Valid values include one of:

  • db

    Store IMAP caches in the database configured with db_dsnw.

    In Kolab Groupware, this is made the default, as it does not introduce any additional requirements to the environment.

    Using the database for IMAP caches however does introduce a little bit of overhead, for connections need to be made, authenticated, databases selected, connections authorized, queries be executed, authorized and awaited the answer for. That said, IMAP caches make little use of the relational capabilities of such database.

  • apc

    Store IMAP caches in the Alternative PHP Cache (or “APC) – the memory segment(s) for PHP originally intended to store already binary compiled PHP code, so that PHP does not need to read from disk, interpret, compile and execute the PHP code every time a user hits a page.


    It is recommended to use APC for caching binary compiled PHP code, but it is not recommended to use APC for IMAP caches.

  • memcache

    Store the IMAP caches in memcache, configured using memcache_hosts.

    Memcache introduces far less overhead compared to a relational database, and does not require authentication and authorization.

    For larger deployments, this is the recommended setting. However, you would need to configure memcache hosts, and making those highly available is possible with replicated memcached daemons available and supported only as part of Kolab Enterprise 13 and later enterprise editions.


The Time To Live (TTL) for the IMAP caches – the time it should be considered valid, or expunged from the current caches at the first opportunity.

Really applicable when used alongside a caching technology that allows the retention to be specified upon entry, and purges caches automatically.

This setting controls, for example, how long folder lists are retained in cache.

With the folder list being cached, should the user create a folder and subscribe the folder (using a different client), than the web client session will have to wait for as long as the imap_cache is within its defined TTL before it is made visible automatically, or, alternatively, the user might look in his Settings > Folders to bypass caches and refresh the folder list.


Controls whether or not to cache messages.

Valid configuration values are limited to db only, for message caching makes extensive use of the relational capabilities of the database.

Store cached messages in the database configured with db_dsnw.


Messages with a size over the configured threshold are not cached.

This allows an administrator to make sure no cheap 30 MB videos of cats wearing a custome end up in the expensive database.


Messages are usually displayed ordered by date (of submission or arrival), with the most recent few first.

In effect, this tends to result in a view that does underappreciate older messages – they are not regularly displayed in the user’s mail (list) views.

Since these messages are only retrieved occasionally, it makes sense to not spend too much cache capacity on these messages.

Set messages_cache_ttl to the maximum amount of time that may have passed since the message became available, during which caching is still considered appropriate.


A rule of thumb for establishing the appropriate TTL for the messages cache would be to cache 2 times a single mail_pagesize for any one mail folder (using the default, that would amount to 80 messages).

Example: Low-turnover Sites

Example settings with only a few mails per week per mail folder, and not too many users.

$config['messages_cache_ttl'] = '3m';       # Three months

Example: High-turnover Sites

$config['messages_cache_ttl'] = '5d';       # 5 days


The messages_cache_ttl does not impact the kolab_cache, but may impact the applicability of kolab_messages_cache_bypass being set to 0.


Configure a list of memcached hosts to use for caches and/or storage.

Usually, it is sufficient to use one memcached host address in this list, and this one memcached host address might be a load-balanced, high-availability replicated memcached cluster.

Replicated memcached is available and supported only as part of Kolab Enterprise 13, and later, however.

Use multiple addresses in case the size of all information stored exceeds the capacity of one (replicated) memcached host.

Example Configuration for a Replicated Memcached Cluster

$config['memcache_hosts'] = Array(

Example Configuration for Multiple Memcached Hosts

$config['memcache_hosts'] = Array(


This setting controls whether mail should be deleted, even when moving the mail to the Trash folder fails.


This setting has no effect in a default Kolab Groupware installation, which does not attempt to move the mail to the Trash folder in the first place.


Delete messages marked as junk right-away, and do not move them to the Trash folder.


Expunge a user’s INBOX upon logout. To expunge a user’s INBOX means to issue an EXPUNGE command to the IMAP server, deleting all messages from the mailbox that have previously been flagged as Deleted.


Note that this requires a successful logout, and does not kick in when the browser (tab) is simply closed.


Purge the Trash folder upon successful logout.


Note that this requires a successful logout, and does not kick in when the browser (tab) is simply closed.


When a user deletes a message, should Roundcube flag the message as deleted in IMAP, or move the message to the Trash folder?

The default in Kolab Groupware is to flag a message as deleted.


Whether or not Roundcube should create the default folders configured for the user.

This includes, for example, the folders for sent items and the trash folder.


In a Kolab Groupware environment, a set of default folders is usually created by the Kolab daemon. Which folders are created is controlled through the autocreate_folders setting in kolab.conf(5).


This setting is obsolete and should not be used.


The name of the folder to use as the Junk folder.


Protect the configured create_default_folders from being unsubscribed.


If true all folders will be checked for recent messages.


The default_host setting configures the IMAP server address to connect to, and if omitted, allows the user to specify the IMAP server address.

A drop-down select list could be provided by configuring default_host as follows:

$config['default_host'] = Array(

To show user-friendly, legible labels instead of server addresses, give each of the items in the list a value:

$config['default_host'] = Array(
        '' => "Example",
        'tls://' => "GMail",

Neither of these options is used by Kolab Groupware. By default, the default_host is set to tls://localhost.

For environments with multiple parent or alias domains, and hosted environments, and co-located service providers, we recommend using the file inclusion method outlined at the very start of the Roundcube Settings Reference Guide, for the flexibility required in such environments is likely to exceed just the IMAP server address to use.

Furthermore, Kolab Groupware really likes the Cyrus IMAP Murder topology, where the IMAP server address used to connect to matters less.


TCP port used for IMAP connections


Optional IMAP authentication identifier to be used as authorization proxy


Optional IMAP authentication password to be used for imap_auth_cid


IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use best server supported)


Set the delimiter to use in IMAP.

Be warned that the delimiter is a hierarchy element (i.e., for nested folders), and often has implications if configured incorrectly.

The default is not configured, so that the results of the IMAP command NAMESPACE are interpreted. This is the recommended setting, and we suggest you only fiddle with this setting should your IMAP server not support the NAMESPACE command.


Specify a list of capabilities to filter from the capabilities advertised by the server.

Useful if you do not have control over the server, so useless for Kolab Groupware deployments in production (but useful again in testing and development).

Examples of capabilities advertised by a server that you may want to disable include ESEARCH for UW-IMAP.

Default: Array()


By default IMAP capabilities are readed after connection to IMAP server In some cases, e.g. when using IMAP proxy, there’s a need to refresh the list after login. Set to True if you’ve got this case.


Force the use of the LSUB command over the LIST-EXTENDED command to list folders.

Some IMAP servers (including Dovecot 1.x) return wrong results when using LIST-EXTENDED.


Some server configurations (e.g. Courier) doesn’t list folders in all namespaces Enable this option to force listing of folders in all namespaces


Sadly, this setting has not yet been documented.


Sadly, this setting has not yet been documented.


Sadly, this setting has not yet been documented.


IMAP connection timeout, in seconds. Default: 0 (use default_socket_timeout)


Minimal value of user’s ‘refresh_interval’ setting (in seconds)


Disables saving sent messages in Sent folder (like gmail) (Default: false) Note: useful when SMTP server stores sent mail in user mailbox


if in your system 0 quota means no limit set this option to true


Default interval for auto-refresh requests (in seconds) These are requests for system state updates e.g. checking for new messages, etc. Setting it to 0 disables the feature.


Store sent message is this mailbox. Leave blank if sent messages should not be stored. NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)


Set true if deleted messages should not be displayed This will make the application run slower


Move messages to this folder when deleting them. Leave blank if they should be deleted directly. NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP).

LDAP Settings


A list of so-called Global Address Books, or Global Address Lists, useful for auto-completion of addresses being typed in to the To, CC and BCC fields when composing an email, when using the ACL plugin, and for searches from mobile devices and desktop clients using ActiveSync (through Syncroton) and/or CardDAV (through iRony).

The first item configured here is the identifier of the address book. That being said, an example would look as follows:

$config['ldap_public'] = Array(
        'addressbook1' => Array(
                (... settings for address book #1 omitted ...)

        'addressbook2' => Array(
                (... settings for address book #2 omitted ...)

While it is not very common to have multiple global address books, some organizations put one address book in the list of address books to use for auto-completion, and use another address book to store a copy of the local phone book – you know, with residents and businesses in the area – or address books of partner organizations.

Using the autocomplete_addressbooks setting, one address book can be used for auto-completion, while the other address book is available for searching in the web client, on mobile devices and using desktop clients using ActiveSync (through Syncroton) and/or CardDAV (through iRony).

A large amount of settings are available for the global address books. By default, Kolab Groupware configures the organization’s address book to use a set of configuration options that is designed to provide an easy growth-path to beyond 1.000 entries.


The name of the address book as it is presented in Roundcube.


$config['ldap_public'] = Array(
        'addressbook1' => Array(
                'name' => 'Global Address Book',


The label used here is not available for localization.


A list of LDAP server addresses to use to connect to.

Magic configuration values are available:


The user’s IMAP hostname.


The value of $_SERVER['SERVER_NAME'].


The $_SERVER['SERVER_NAME'] value is not the same as the $_SERVER['HTTP_HOST'] value.

$_SERVER['SERVER_NAME'] is a server-side configuration item, $_SERVER['HTTP_HOST'] is an item specified by the client.


The value of $_SERVER['SERVER_NAME'] but without the hostname – ergo, this is the domain name space that $_SERVER['SERVER_NAME'] resides in.

For a webserver virtualhost named, %t is

For a webserver virtualhost named webmail.someone.somewhere.tld, %t is someone.somewhere.tld.


The port to use to connect to LDAP.


Note that the port number specified here is used for all server addresses configured in hosts.


Whether or not to encrypt the connection. Useful with port set to 389 (explicit SSL through STARTTLS), not so much with the port set to 636 (implicit SSL).


The LDAP protocol version to use. Set this to 3 or be prepared to be (unpleasantly) surprised.


The timeout.


Whether or not to bind to LDAP with the user’s credentials, as opposed to global credentials, allowing for organizations to hide or show parts of the Directory Information Tree hierarchy, and/or hide or show certain attributes of certain entries.

Set this to true – the default in Kolab Groupware – and configure search_base_dn and search_filter, and if anonymous binding is not allowed – the default in Kolab Groupware – or anonymous searches are not allowed – the default in Kolab Groupware – also configure search_bind_dn and search_bind_pw.


There is no setting for the search scope.


The base DN to use for searching entries to be presented in the global address book, such as ou=Employees,ou=People,dc=example,dc=org.

See group_filters for more examples on what else this allows you to do.


The bind dn to use for displaying the address book. Kolab Groupware sets this to %dn by default, to have the connection be bound with the user’s credentials.


The password, which when bind_dn is set to %dn (the default), better be %p.


Use config_root_dn to search for VLV and SSS settings.






When searching for object entries that match the logged in user, start searching at this base DN.

Useful when you want to limit who can use the address book with their own credentials, versus ‘anonymously’, and/or when attribute values searched for are not globally unique.

One could set base_dn to ou=People,dc=example,dc=org, while setting search_base_dn to ou=Management,ou=Employees,ou=People,dc=example,dc=org.

One could then set an ACL on ou=Employees,ou=People,dc=example,dc=org, that does not permit the credentials configured in search_dn_default to read certain attributes of entries, such as street, mobile, and other such information that might be personal in nature.


When searching for object entries that match the logged in user, use the search filter configured with this setting.

Magic configuration values are available:


The full username, usually also the user’s primary email address, though possibly of the form <username>@<imaphostname>.

The full extent of possibilities (which depend on configuration and plugins interacting with the authentication process) is beyond the scope of this document, so suffice it to say that The kolab_auth Plugin applies a process called canonification that makes %fu be substituted by the fully qualified primary recipient email address of the Kolab user.

In Kolab Groupware, by default, the attribute value of mail is used.

This is also the user’s mailbox name (user/<mail> or user/ for user and is globally unique.

Example: (&(objectclass=kolabinetorgperson)(mail=%fu)).


The username local part, or “everything before the ‘@’”.

In, this would become john.doe.

To allow users to log in with their uid attribute value, one could specify (&(objectclass=kolabinetorgperson)(uid=%u)).


The domain name space of the username, or “everything after the ‘@’”.

In, this would become


The root dn that corresponds with the domain name space used to login.

When logs in, the domain name space of would typically correspond with a root dn of dc=example,dc=org – if is a parent domain name space and no domain_result_attribute is available for the domainrelatedobject entry.


The bind dn to use when searching for object entries that match the user currently logged in.

This should be a privileged entity that is allowed to search throughout the tree configured in search_base_dn, but has no privileges other than to read the relevant attributes of entries.

By default, Kolab Groupware configures this setting to be the same setting used for Postfix lookup tables, namely uid=kolab-service,ou=Special Users,dc=example,dc=org.

This entry has specific search, time and lookthrough limitations configured, allowing it to search throughout the entire Directory Information Tree hierarchy.


The bind password to use alongside search_bind_dn.






Not used in Kolab Groupware.


Not used in Kolab Groupware.


A boolean, this configuration option allows you to hide this address book from the address book task view. Default: false.


Renders the address book searchable only – meaning, its contents cannot be browsed. Default: false.


Not used in Kolab Groupware.


Not used in Kolab Groupware.


Not used in Kolab Groupware.


Not used in Kolab Groupware.


A list of attribute names to search values for, when searching is executed.

Default: displayName, mail.


Only list attribute names for which the appropriate indexes have been created. In the context of searching, presence and equality indexes are insufficient.


The attribute alias is not included by default, because the attribute does not – by default – have an index created on it. See Controlling Indexes and Indexing for information on indexes.


The fieldmap maps LDAP attribute names to Roundcube placeholder names.


'fieldmap' => Array(
        'name'          => 'displayName',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'initials'      => 'initials',
        'jobtitle'      => 'title',
        'email'         => 'mail:*'
        'phone:home'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'department'    => 'ou',






A list of attribute names to sort entries by.

Kolab Groupware uses a default of displayname, sn, givenname, cn, in that order, which very much corresponds with the default Server-Side Sorting configuration we recommend you use when your Directory Information Tree is likely to contain over 1.000 entries.

See also


The search scope to use when looking for address book entries, starting at the base_dn.


The filter to use when searching for entries to display in the address book.

By default, Kolab Groupware sets this to (objectclass=inetorgperson), so that not only Kolab users ((objectclass=kolabinetorgperson)) are a part of the address book, but any non-Kolab users in LDAP, and any non-Groupware users (such as external contacts) are part of the address book too.

See also


true or false (default), the vlv boolean configures Roundcube to use the server-side Virtual List View control, ideal for sorting, pagination and – a particular feature of Kolab Groupware’s Net/LDAP3 – responsive, fuzzy searching capabilities regardless of the size of the Directory Information Tree.

In order to automatically delect available VLV indexes, the option config_root_dn needs to be set as well.

See also


With vlv enabled, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting.

Only set this option if your php-ldap module doesn’t support the ldap_parse_virtuallist_control() function which is part of an unofficial patch to php-ldap.


The base DN to be used for searching LDAP configuration sesstings such as VLV indexes. Set to cn=config as the default value for standard Kolab setups.

Without this option, no VLV will be used for LDAP queries.






























Group filters are used for advanced navigation of LDAP hierarchies, using the web client’s address book pages.












Type of LDAP cache. Supported values: ‘db’, ‘apc’ and ‘memcache’.


Lifetime of LDAP cache. Possible units: s, m, h, d, w


Specify a list of address books to search for auto-completion.

The list includes the names of address books as they are defined in ldap_public – i.e. we start that section by naming ‘addressbook1’ and ‘addressbook2’, and those are the names you use here.


Names of Kolab address books do not need to be included in the list of address books to use for autocompletion.

Session & Login Configuration


The assets_path setting controls where Roundcube (and also plugins) point the user’s browser to to obtain static content such as skin markup files (Cascaded Style Sheets or CSS files) and JavaScript files, commonly referred to as assets.

In combination with use_secure_urls, which enforces a dynamic base URL to Roundcube, this helps the browsers retain their cached assets and prevents page load times from increasing.

New in version roundcubemail-1.0.1: Available for Kolab Enterprise 13

New in version roundcubemail-1.1: Available with Kolab 3.3

See also


Enforce a session may only come from one source IP address.

Should a user be a roaming user – for example, connect from one source IP address that is one Wifi network, and later connect from another source IP address that is another Wifi network – then enabling the IP check using this setting will force the existing session to be invalidated, and require the user to login again.

This is useful for paranoid tracking of user’s session validity with as many parameters as possible, but also has major caveats.

To have to login again is not user-friendly, and some networks employ load-balanced outgoing connections (with help of proxies) – meaning that the user may appear to come from two or more separate source IP addresses, while in fact the user has not been roaming.


Enable or disable parts of the login form to allow for auto-completion.

This setting knows three distinct values:

  • 0, meaning no parts of the login form should be remembered by the browser.

  • 1, meaning the login username may be remembered.


    Note that the login username is a regular form field, and as such it may be difficult for the user to opt-out of remembering the form field value.

  • 2, meaning the login username and password may both be remembered.


    This leaves the user to choose whether or not to store the password using the browser, but still implies the login username is remembered – without too many options to opt-out of that.

    As such, this setting should only be set to 2, if the users are known to only use private and personal computers.

The default in Kolab Groupware is to indicate to the browser no form field values should be remembered (0).


Should Roundcube lower-case the login username? A boolean, the default in Kolab Groupware is set to true – exploiting case-sensitivity in email addresses, which are the default logins and result attributes, is prohibited.


Log successful/failed logins to <log_dir>/userlogins or to syslog


Log session authentication errors to <log_dir>/session or to syslog


Session authentication cookie name. Default: ‘roundcube_sessauth’


Session domain:


Session lifetime in minutes


Sadly, this setting has not yet been documented.


Session path. Defaults to PHP session.cookie_path setting.


Backend to use for session storage. Can either be ‘db’ (default), ‘redis’, ‘memcache’, or ‘php’

If set to ‘memcache’, a list of servers need to be specified in ‘memcache_hosts’. Make sure the Memcache extension ( version >= 2.0.0 is installed.

If set to ‘redis’, a server needs to be specified in ‘redis_hosts’ Make sure the Redis extension ( version >= 2.0.0 is installed.

Setting this value to ‘php’ will use the default session save handler configured in PHP.


Enables possibility to log in using email address from user identities


This domain will be used to form e-mail addresses of new users Specify an array with ‘host’ => ‘domain’ values to support multiple hosts Supported replacement variables:

  • %h - user’s IMAP hostname

  • %n - http hostname ($_SERVER[‘SERVER_NAME’])

  • %d - domain (http hostname without the first part)

  • %z - IMAP domain (IMAP hostname without the first part)

For example %n = mail.domain.tld, %t = domain.tld


check referer of incoming requests


Improve the system’s security by enabling the use of secure URLs.

Using secure URLs is to say that once a user’s session is authenticated, the session is directly correlated with a unique URL that is very hard to guess. This way, so-called Cross-Site Rquest Forgery attacks can be prevented.


Using this setting, which is enabled in Kolab by default, requires the use of a mod_rewrite ruleset such as the following:

RewriteRule ^/roundcubemail/[a-f0-9]{16}/(.*) /roundcubemail/$1 [PT]

New in version roundcubemail-1.0.1: Available for Kolab Enterprise 13

New in version roundcubemail-1.1: Available with Kolab 3.3

See also


Force domain configured in username_domain to be used for login. Any domain in username will be replaced by username_domain.


Automatically add this domain to user names for login Only for IMAP servers that require full e-mail addresses for login Specify an array with ‘host’ => ‘domain’ values to support multiple hosts Supported replacement variables:

  • %h - user’s IMAP hostname

  • %n - hostname ($_SERVER[‘SERVER_NAME’])

  • %t - hostname without the first part

  • %d - domain (http hostname $_SERVER[‘HTTP_HOST’] without the first part)

  • %z - IMAP domain (IMAP hostname without the first part)

For example %n = mail.domain.tld, %t = domain.tld

Log Settings


System error reporting, sum of: 1 = log; 4 = show


To debug, or not do debug IMAP.

When enabled, provides a near protocol level dump of events in the imap file in the log directory specified by log_dir.

See also


Log LDAP conversation to <log_dir>/ldap or to syslog.


date format for log entries (read for all format characters)


Activate this option if logs should be written to per-user directories. Data will only be logged if a directry <log_dir>/<username>/ exists and is writable.


log driver: ‘syslog’ or ‘file’.


Extremely useful for production sites with a lot of traffic, that want to debug a particular user.

Normally, debugging is enabled on a global level – this is not feasible for two reasons:

  1. Your disk I/O for logging and incurred latency in processing requests goes through the proverbial roof (though more likely literally).

  2. The way logging is implemented does not make a user session, or the log items related to a given user, very recognizable. An insurmountable heap of log messages would require analysis, and you could probably throw away 99.9% of the logs you collected.

This setting, when turned on, enables an administrator to make a user-specific directory writeable for the webserver user.

If this option is enabled, and the directory for a particular exists, only then is all debugging turned on, and only for the relevant user.

Example Usage

  1. User “John Doe <>” has a problem.

  2. Enable per_user_logging, and create the directory for the user:

    # mkdir -p /var/log/roundcubemail/
    # chown apache /var/log/roundcubemail/
  3. Get a cup of coffee while John reproduces his problem.

  4. Disable per_user_logging.


Do not “just” enable per_user_logging for the sake of it. The amount of stat() calls executed are, for busy sites, causing your production to run far from optimally.


Log SMTP conversation to <log_dir>/smtp or to syslog.


Log SQL queries to <log_dir>/sql or to syslog.


Syslog facility to use, if using the ‘syslog’ log driver. For possible values see installer or


Syslog ident string to use, if using the ‘syslog’ log driver.

Other Settings


the way how contact names are displayed in the list - 0: display name - 1: (prefix) firstname middlename surname (suffix) - 2: (prefix) surname firstname middlename (suffix) - 3: (prefix) surname, firstname middlename (suffix)


Show up to X items in contacts list view.


Matching mode for addressbook search (including autocompletion)

  • 0 - partial (abc), default

  • 1 - strict (abc)

  • 2 - prefix (abc*)

Note: For LDAP sources fuzzy_search must be enabled to use ‘partial’ or ‘prefix’ mode.


Defaults of the addressbook search field configuration. Example: array(‘name’=>1, ‘firstname’=>1, ‘surname’=>1, ‘email’=>1, ‘*’=>1);


Sort contacts by this column (preferably either one of name, firstname, surname)


This indicates which type of address book to use. Possible choises: ‘sql’ (default), ‘ldap’ and ‘’.

If set to ‘ldap’ then it will look at using the first writable LDAP address book as the primary address book and it will not display the SQL address book in the ‘Address Book’ view. If set to ‘’ then no address book will be displayed or only the addressbook which is created by a plugin (like CardDAV).


Show address fields in this order. Available placeholders: {street}, {locality}, {zipcode}, {country}, {region}


Define which settings should be listed under the ‘advanced’ block which is hidden by default


Max. numer of entries in autocomplete popup. Default: 15.


The minimum number of characters required to be typed in an autocomplete field before address books will be searched. Most useful for LDAP directories that may need to do lengthy results building given overly-broad searches


Default font for composed HTML message. Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana


Number of parallel autocomplete requests. If there’s more than one address book, n parallel (async) requests will be created, where each request will search in one address book. By default (0), all address books are searched in one request.


Automatically create a new Roundcube user when log-in the first time. A new user will be created once the IMAP login succeeds. Set to false if only registered users can use this service


0 - Do not expand threads 1 - Expand all threads automatically 2 - Expand only threads with unread messages


Mimetypes supported by the browser. Attachments of these types will open in a preview window either a comma-separated list or an array: ‘text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf’


Open message compose form in new window


A static list of canned responses which are immutable for the user


Maximum size of uploaded contact photos in pixels.


Give this choice of date formats to the user to select from Note: do not use ambiguous formats like m/d/Y


Use this format for date display (date or strftime format).


Use this format for detailed date/time formatting (derived from date_format and time_format).


Use this format for detailed date/time formatting (derived from date_format and time_format).


Defines address book (internal index) to which new contacts will be added. By default it is the first writeable addressbook. Note: Use ‘0’ for built-in address book.


Use this charset as fallback for message decoding.


Default font size for composed HTML message. Supported sizes: 8pt, 10pt, 12pt, 14pt, 18pt, 24pt, 36pt.


Default font for composed HTML message. Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana.


This key is used for encrypting purposes, like storing of imap password in the session. For historical reasons it’s called DES_key, but it’s used with any configured cipher_method (see below).


If true, after message delete/move, the next message will be displayed.


Display software version on login screen.


Don’t allow these settings to be overriden by the user.


Save compose message every 300 seconds (5min)


Store draft message is this mailbox. Leave blank if draft messages should not be stored. NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)


Delivery Status Notification checkbox default state. Note: This can be used only if smtp_server is non-empty.


Enable DNS checking for e-mail address validation.




Make use of the built-in spell checker. It is based on GoogieSpell.


The URL that is used by Chwala to internally connect to its API.


Use MIME encoding (quoted-printable) for 8bit characters in message body.


Enforce connections over https. With this option enabled, all non-secure connections will be redirected. Set the port for the ssl connection as value of this option if it differs from the default 443.


Sets default mode of Forward feature to “forward as attachment”


Compose html formatted messages by default 0 - never, 1 - always, 2 - on reply to HTML message, 3 - on forward or reply to HTML message 4 - always, except when replying to plain text message


Whether or not to encrypt the IP address and the host name. These could, in some circles, be considered as sensitive information; however, for the administrator, these could be invaluable help when tracking down issues.


Add a received header to outgoing mails containing the creators IP and hostname.


Set identities access level:

0 - many identities with possibility to edit all params 1 - many identities with possibility to edit all params but not email address 2 - one identity with possibility to edit all params 3 - one identity with possibility to edit all params but not email address 4 - one identity with possibility to edit only signature


Size of thumbnails from image attachments displayed below the message content. Note: whether images are displayed at all depends on the ‘inline_images’ option. Set to 0 to display images in full size.


Path to imagemagick convert binary (if not set we’ll use Imagick or GD extensions).


Path to imagemagick identify binary (if not set we’ll use Imagick or GD extensions)


Try to load host-specific configuration. See for more details.


Display attached images below the message body.


Sadly, this setting has not yet been documented.


Sadly, this setting has not yet been documented.


These cols are shown in the message list. Available cols are: subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, ‘priority’


This string is used as a delimiter for message headers when sending a message via mail() function. Leave empty for auto-detection.


The mail_pagesize setting is a user preference default, meaning users can normally edit this preference in their settings.

The user’s preferred mail_pagesize causes the mail view to list as many individual messages (list view) or as many threads (thread view) to be displayed in message lists.

To lock down the mail_pagesize to a value and not allow users to indicate and configure their own preference, use dont_override:

$config['dont_override'] = Array('mail_pagesize');

To establish a maximum page size users may select, see max_pagesize.


Maximum allowed number of members of an address group. Default: 0 (no limit). If ‘max_recipients’ is set this value should be less or equal.


Don’t let users set pagesize to more than this value if set.


Maximum number of recipients per message. Default: 0 (no limit).


Return receipt checkbox default state


Behavior if a received message requests a message delivery notification (read receipt):

0 = ask the user 1 = send automatically 2 = ignore (never send or ask) 3 = send automatically if sender is in addressbook, otherwise ask the user 4 = send automatically if sender is in addressbook, otherwise ignore


According to RFC2298, return receipt envelope sender address must be empty. If this option is true, Roundcube will use user’s identity as envelope sender for MDN responses.


Open messages in a new window.


Enables display of email address with name instead of a name (and address in title).


Default messages sort column. Use empty value for default server’s sorting, or ‘arrival’, ‘date’, ‘subject’, ‘from’, ‘to’, ‘fromto’, ‘size’, ‘cc’


Default messages sort order.


Path to a local mime magic database file for PHPs finfo extension. Set to null if the default path should be used.


Encoding of long/non-ascii attachment names:

0 - Full RFC 2231 compatible 1 - RFC 2047 for ‘name’ and RFC 2231 for ‘filename’ parameter (Thunderbird’s default) 2 - Full 2047 compatible


Absolute path to a local mime.types mapping table file. This is used to derive mime-types from the filename extension or vice versa. Such a file is usually part of the apache webserver. If you don’t find a file named mime.types on your system, download it from


Password character set. If your authentication backend supports it, use “UTF-8”. Otherwise, use the appropriate character set. Defaults to ISO-8859-1 for backward compatibility


List of active plugins (in plugins/ directory).


Prefer displaying HTML messages.


Show pretty dates as standard.


Mark as read when viewed in preview pane (delay in seconds). Set to -1 if messages in preview pane should not be marked as read.


Mark as read when viewed in preview pane (delay in seconds). Set to -1 if messages in preview pane should not be marked as read.


Name your service. This is displayed on the login screen and in the window title.


Set true to Mark deleted messages as read as well as deleted. False means that a message’s read status is not affected by marking it as deleted.


Use this char/string to separate recipients when composing a new message.


Default behavior of Reply-All button: 0 - Reply-All always 1 - Reply-List if mailing list is detected


When replying: -1 - don’t cite the original message 0 - place cursor below the original message 1 - place cursor above original message (top posting)


Place replies in the folder of the message being replied to.

See also


Defaults of the search field configuration. The array can contain a per-folder list of header fields which should be considered when searching. The entry with key ‘*’ stands for all folders which do not have a specific list set. Please note that folder names should to be in sync with $config[’*_mbox’] options.


Send plaintext messages as format=flowed.


How many seconds must pass between emails sent by a user.


Display remote inline images:

0 - Never, always ask 1 - Ask if sender is not in address book 2 - Always show inline images


Disable localization of the default folder names listed above.


Show signature:

0 - Never 1 - Always 2 - New messages only 3 - Forwards and Replies only


Includes should be interpreted as PHP files


Skin name: Name of the folder relative to skins/


Optional SMTP authentication identifier to be used as authorization proxy.


Sadly, this setting has not yet been documented.


SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use best server supported)


SMTP socket context options. See The example below enables server certificate validation, and requires ‘smtp_timeout’ to be non zero.

$config[‘smtp_conn_options’] = array(

‘ssl’ => array(

‘verify_peer’ => true, ‘verify_depth’ => 3, ‘cafile’ => ‘/etc/openssl/certs/ca.crt’,




SMTP HELO host. Hostname to give to the remote server for SMTP ‘HELO’ or ‘EHLO’ messages. Leave this blank and you will get the server variable ‘server_name’ or localhost if that isn’t defined.


Log sent messages to <log_dir>/sendmail or to syslog


SMTP password (if required). If you use %p as the password Roundcube will use the current user’s password for login.


SMTP port (default is 25; use 587 for STARTTLS or 465 for the deprecated SSL over SMTP (aka SMTPS))


SMTP server host (for sending mails). To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://

Supported replacement variables:

%h - user’s IMAP hostname %n - hostname ($_SERVER[‘SERVER_NAME’]) %t - hostname without the first part %d - domain (http hostname $_SERVER[‘HTTP_HOST’] without the first part) %z - IMAP domain (IMAP hostname without the first part)

For example %n = mail.domain.tld, %t = domain.tld


SMTP connection timeout, in seconds. Default: 0 (use default_socket_timeout). Note: There’s a known issue where using ssl connection with timeout > 0 causes connection errors (


SMTP username (if required). If you use %u as the username Roundcube will use the current username for login.


Enables spell checking before sending a message.


Enables spellchecker exceptions dictionary. Setting it to ‘shared’ will make the dictionary shared by all users.


Set the spell checking engine. Possible values:

  • ‘googie’ - the default (also used for connecting to Nox Spell Server, see ‘spellcheck_uri’ setting)

  • ‘pspell’ - requires the PHP Pspell module and aspell installed

  • ‘enchant’ - requires the PHP Enchant module

  • ‘atd’ - install your own After the Deadline server or check with the people at before using their API

Since Google shut down their public spell checking service, the default settings connect to which is a hosted service provided by Roundcube. You can connect to any other googie-compliant service by setting ‘spellcheck_uri’ accordingly.


Makes that words with all letters capitalized will be ignored (e.g. GOOGLE).


Makes that words with numbers will be ignored (e.g. g00gle).


Makes that words with symbols will be ignored (e.g. g@@gle).


These languages can be selected for spell checking. Configure as a PHP style hash array: array(‘en’=>’English’, ‘de’=>’Deutsch’); Leave empty for default set of available language.


For locally installed Nox Spell Server or After the Deadline services, please specify the URI to call it. Get Nox Spell Server from or the After the Deadline package from Leave empty to use the public API of


Enables using standard browser windows (that can be handled as tabs) instead of popup windows


When replying strip original signature from message.


provide an URL where a user can get support for this Roundcube installation. PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!


Expire files in temp_dir after the set time (default: 48 hours). Possible units: s, m, h, d, w


Use this folder to store temp files. Must be writeable for the user who runs PHP process (Apache user if mod_php is being used).


Give this choice of time formats to the user to select from.


Use this format for time display (date or strftime format).


Use this timezone to display date/time. Valid timezone identifers are listed here: ‘auto’ will use the browser’s timezone settings.


Specifies for how many seconds the Undo button will be available after object delete action. Currently used with supporting address book sources. Setting it to 0, disables the feature.


Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. By default refresh time is set to 1 second. You can set this value to true or any integer value indicating number of seconds.


Tell PHP that it should work as under secure connection even if it doesn’t recognize it as secure ($_SERVER[‘HTTPS’] is not set). e.g. when you’re running Roundcube behind a https proxy. This option is mutually exclusive to ‘force_https’ and only either one of them should be set to true.


Add this user-agent to message headers when sending.


X-Frame-Options HTTP header value sent to prevent from Clickjacking. Possible values: sameorigin|deny. Set to false in order to disable sending them.

Plugin Settings

The acl Plugin

The archive Plugin

The calendar Plugin


Calendar backend type.

Possible values: ‘kolab’ or ‘database’


Base URL to build fully qualified URIs to access calendars via CALDAV. Primarily used in a Kolab environment where CalDAV access is provided by the iRony service.

The following replacement variables are supported:


Current HTTP host


Current webmail user name


Calendar name


Calendar UUID


$config['calendar_caldav_url'] = 'http://%h/iRony/calendars/%u/%i';


Boolean. Enables a read-only birthdays calendar from the user’s address book(s).


Boolean. Allows users to invite/edit attendees for events in shared folders which were created/organized by others.


Boolean. Allow users to accecpt iTip invitations who are no explicitly listed as an attendee in the invitation message. This can be the case if invitations are sent to mailing lists or alias email addresses.


Default view shown when entering the calendar screen.

Possible values: ‘agendaDay’, ‘agendaWeek’, ‘month’, ‘table’.


























SMTP host to used for send iTip replies from the unauthenticated web view where external users can accept or decline invitations.

Set to ‘’ in order to use PHP’s mail() function for email delivery. To override the SMTP port or connection method, provide a full URL like tls://somehost:587


SMTP username used to send unauthenticated itip replies.

Explicity set to ‘’ for overriding the default configuration from smtp_user.


SMTP password used to send unauthenticated itip replies.

Explicity set to ‘’ for overriding the default configuration from smtp_pass.


Boolean. Show virtual calendars with pending or declined event invitations.

This option only has an effect with the Kolab backend.


Driver to provide a directory for resource booking. Leave empty or commented out to disable resources support.

‘ldap’ is the only implementation and possible value yet.


LDAP directory configuration to find available resources for events.

Specify a full LDAP directory as described for ldap_public.

Some special considerations apply for the LDAP filter and other properties:

$config['calendar_resources_directory'] = array(
    'base_dn'        => 'ou=Resources,dc=example,dc=org',
    'filter'         => '(\|(objectclass=kolabgroupofuniquenames)(objectclass=kolabsharedfolder))',
    'search_fields'  => array('cn'),
    'sort'           => array('cn'),
    'fieldmap'       => array(
        // Internal    => LDAP
        'name'         => 'cn',
        'email'        => 'mail',
        'owner'        => 'owner',
        'description'  => 'description',
        'attributes'   => 'kolabdescattribute',  // "{ <name>:<VALUE> }"
        'members'      => 'uniquemember',
        // these mappings are required for owner display
        'phone'        => 'telephoneNumber',
        'mobile'       => 'mobile',
    'class_type_map' => array(      // Mapping of object class to _type attribute
        'kolabsharedfolder'  => 'resource',
        'groupofuniquenames' => 'collection',
    'groups'  => array(
      'name_attr' => 'cn',  // resource collections are detected as groups

The kolab_activesync Plugin


An URL of the page with Activesync clients configuration manual. Default:;

The kolab_auth Plugin


The ID of the LDAP address book (which refers to a entry in ldap_public) or a complete addressbook definition hash array.

See also


This will overwrite filter property defined in the kolab_auth_addressbook. Use the same placeholders as in the search_filter property.


Use this field (from the kolab_auth_addressbook fieldmap configuration) to get authentication ID for the logged in user.



























The kolab_addressbook Plugin


This option allows to set addressbooks priority or to disable some of them. Disabled addressbooks will be not shown in the UI. Default: 0. Possible values: 0 - “Global address book(s) first”. Use all address books, starting with the global (LDAP) 1 - “Personal address book(s) first”. Use all address books, starting with the personal (Kolab) 2 - “Global address book(s) only”. Use the global (LDAP) addressbook. Disable the personal. 3 - “Personal address book(s) only”. Use the personal (Kolab) addressbook(s). Disable the global.


Base URL to build fully qualified URIs to access address books via CardDAV. By default not set. The following replacement variables are supported: %h - Current HTTP host %u - Current webmail user name %n - Folder name %i - Folder UUID Example: $config['kolab_addressbook_carddav_url'] = 'http://%h/iRony/addressbooks/%u/%i';.


Name of LDAP addressbook (a key in ldap_public configuration array) for which the CardDAV URI will be displayed if kolab_addressbook_carddav_url is set. Use it when iRony’s kolabdav_ldap_directory is enabled. Note that kolab_addressbook_carddav_url must use %i and not %n.


There are limitations with volume and performance: - CardDAV does a full sync of the entire contact resource. For LDAP this means that all entries matching the base_dn/filter are synced to every client.

It’s thus only recommended for small setups with a couple hundred LDAP entries.

  • Other than that, the ldap-directory exposed in iRony is strictly read-only.

    Although correctly stated in the CardDAV properties, some clients (e.g. the Thunderbird SoGO connector) ignore these properties and allow modifications which then result in sync errors because the server denies such updates.

The kolab_config Plugin

kolab_config has no configuration options.

The kolab_delegation Plugin


Delegation plugin uses LDAP addressbook defined in kolab_auth plugin. This option will overwrite defined LDAP filter. Default: (|(objectClass=kolabInetOrgPerson)(&(objectclass=kolabsharedfolder)(kolabFolderType=mail))).


Delegates field (from fieldmap configuration) to get delegates list. Note: This is a field name, not LDAP attribute name. Default: kolabDelegate.


Delegation plugin creates automatically identities for delegator’s addresses. After the delegation is removed identities should be removed too. This option removes all user identities which do not match the user’s primary or alias addresses and delegator’s addresses. Default: false.

The kolab_files Plugin


An URL of kolab-chwala installation. Example: $config['kolab_files_url'] = 'https://localhost/kolab-chwala/public_html';.


Default list of columns on files list. Available are: name, size, mtime, type. Example: $config['kolab_files_list_cols'] = array('name', 'mtime', 'size');


Name of the column to sort files list by. Default: name`.


Order of the files list sort. Default: asc.


Number of concurent requests for searching and collections listing. Default: 1. Increasing this number may improve performance of multi-folder searches, but also increase server load.

The kolab_folders Plugin

kolab_folders_configuration_default kolab_folders_event_default kolab_folders_contact_default kolab_folders_task_default kolab_folders_note_default kolab_folders_journal_default kolab_folders_file_default kolab_folders_freebusy_default kolab_folders_mail_inbox kolab_folders_mail_drafts kolab_folders_mail_sentitems kolab_folders_mail_wastebasket kolab_folders_mail_outbox kolab_folders_mail_junkemail ================================

Default kolab-specific folders. Set values to non-empty strings to create default folders of apropriate type. If there is no such folder with specified type in user mailbox, it will be created. Note that mail folders will be also subscribed.

The libkolab Plugin


This setting controls whether Kolab Groupware data and metadata is being cached.

Caching helps, especially since the data is stored in a relation database. The structure of how information is cached accelerates views such as “this week”, or “this month” in the Calendar, and sorting and pagination for address books.


New in version roundcubemail-plugins-kolab-3.1.9.

This option is only relevant when kolab_cache is enabled.

Three valid settings are available for kolab_messages_cache_bypass:

  1. Setting kolab_messages_cache_bypass to 0 does not bypass the messages cache at all.

  2. Setting kolab_messages_cache_bypass to 1 bypasses only the message content (i.e. payload) of the core messages cache, but uses the index cache.

  3. Setting kolab_messages_cache_bypass to 2 bypasses the core messages cache completely.


With kolab_cache enabled, a set of Kolab specific database tables already cache payload. For larger environments, it is certainly recommended to consider setting kolab_messages_cache_bypass to at least 1.


New in version roundcubemail-plugins-kolab-3.0.1.

When listing folders with groupware content available for display, should all folders to which the user has access be listed, or should only those folders to which the user is subscribed be included?

The value false means all folders to which the user has access will be included.

The default for a Kolab Groupware deployment is true.


Specify format version to write Kolab objects. Defaults to ‘3.0’ but can be set to ‘2.0’ for using the old Kolab v2 format for storing groupware objects.


Optional override of the base URL to read Free/Busy information of Kolab users from.

Defaults to https://<imap-server->/freebusy.


Lists only subscribed groupware folders in the web client (e.g. calendar view or address books).


A list with any of ‘personal’,’shared’,’other’ namespaces to be excluded from groupware folder listing. With the new folder searching features in Kolab 3.3, this setting can be used to exclude shared folders from e.g. the ‘other’ namespace in regular folder listings and searches.


$config['kolab_skip_namespace'] =  array('other');


Configuration options of HTTP requests sent from the server to external systems (e.g. for Free/Busy) data fetching. See HTTP_Request2 Docs or list of supported configuration options. Provide the options as hash array with key-value pairs.


LDAP directory to find avilable users for folder sharing. This is used when searching for groupware folders shared by other users. The web client will perform an LDAP search with the given search term and resolve the matches to shared folders in the ‘other’ namespace.

Either contains an array with a full LDAP addressbook configuration or a string value which refers to an entry in ldap_public.

If not specified, the configuration from kolab_auth_addressbook will be used.


Filter to be used for resolving user folders in LDAP.

Defaults to the kolab_auth_filter configuration option from the kolab_auth plugin.


Which property of the LDAP user record to use for user folder mapping in IMAP.

Defaults to the kolab_auth_login configuration option from the kolab_auth plugin.


List of LDAP attributes to be used when searching users in folder search queries.

Defaults to array('cn','mail','alias')

The libcalendaring Plugin

This plugin contains code shared by other plugins and itself does not have any configuration.

The managesieve Plugin


Managesieve server port. When empty the port will be determined automatically using getservbyname() function, with 4190 as a fallback.


Managesieve server address, default is localhost. Replacement variables supported in host name: %h - user’s IMAP hostname %n - http hostname ($_SERVER[‘SERVER_NAME’]) %d - domain (http hostname without the first part) For example %n = mail.domain.tld, %d = domain.tld


Authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL or none. Optional, defaults to best method supported by the server.


Optional managesieve authentication identifier to be used as authorization proxy. Authenticate as a different user but act on behalf of the logged in user. Works with PLAIN and DIGEST-MD5 authentication.


Optional managesieve authentication password to be used for managesieve_auth_cid.


Use or not TLS for managesieve server connection. Note that tls:// prefix in managesieve_host is also supported


Connection socket context options. See The example below enables server certificate validation:

$config['managesieve_conn_options'] = array(
    'ssl'         => array(
        'verify_peer'  => true,
        'verify_depth' => 3,
        'cafile'       => '/etc/openssl/certs/ca.crt',


Path to a file with default contents of filters script (e.g. default spam filter)


The name of the script which will be used when there’s no user script. Default: managesieve.


Sieve RFC says that we should use UTF-8 endcoding for mailbox names, but some implementations does not covert UTF-8 to modified UTF-7. Defaults to UTF-8.


An array containing a list of disabled protocol extensions. This way you can limit managesieve features awailable to the user.


Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve


Enables features described in Disabled by default.


Script name extension used for scripts including. Dovecot uses ‘.sieve’, Cyrus uses ‘.siv’. Doesn’t matter if you have managesieve_kolab_master disabled. Default is .sieve.


List of reserved script names (without extension). Scripts listed here will be not presented to the user.


List of domains limiting destination emails in redirect action. If not empty, user will need to select domain from a list.


Enables separate management interface for vacation responses (out-of-office). Possible values: 0 - no separate section (default), 1 - add Vacation section, 2 - add Vacation section, but hide Filters section.


Default vacation interval (in days). Note: If server supports vacation-seconds extension it is possible to define interval in seconds here (as a string), e.g. 3600s.


Some servers require vacation :addresses to be filled with all user addresses (aliases). This option enables automatic filling of these on initial vacation form creation.


List of supported methods of notify extension. Default: mailto.

The password Plugin


A driver to use for password change. Default: sql.


Determine whether current password is required to change password. Default: true.


Require the new password to be a certain length. Set to blank to allow passwords of any length.


Require the new password to contain a letter and punctuation character. Change to false to remove this check.


Enables logging of password changes into logs/password file.


Comma-separated list of login exceptions for which password change will be not available (no Password tab in Settings).


An array of hosts that support password changing. Default is NULL. Listed hosts will feature a Password option in Settings, others will not.


Enables saving the new password even if it matches the old password. Useful for upgrading the stored passwords after the encryption scheme has changed.


Enables forcing new users to change their password at their first login.

The redundant_attachments Plugin


By default this plugin stores attachments in filesystem and copies them into sql database. In environments with replicated database it is possible to use memcache as a fallback when write-master is unavailable. This option enables this memcache use as a fallback store.


Attachment data expires after specified TTL time in seconds (max. 2592000). Default is 12 hours.

The tasklist Plugin


Backend type (database, kolab). Default is kolab.


Default sorting order of tasks listing (auto, datetime, startdatetime, flagged, complete, changed).


Default sorting order for tasks listing (asc or desc). Default is asc.