The customization of roundcube to prevent users from being able to download email attachments is by (1) using a custom “skin” that does not include the controls for downloading attachments, and (2) using a configuration file that prevents downloads and also prevents changing to a different “skin.”
To configure this, you first need to use docker-compose to start the roundcubemail container once; that container will see that the roundcube source has not been copied to the host, and will copy it. Then, stop the roundcubemail container.
The modifications are then made within ./roundcubesource, into which the roundcube source has been copied.
Create config.inc.php within ./roundcubesource . The sample file is :
<?php
$config['db_dsnw'] = 'sqlite:////var/www/html/db/sqlite.db?mode=0646';
$config['db_dsnr'] = '';
$config['default_host'] = 'ssl://yourpairaccount.mail.pairserver.com';
$config['default_port'] = '993';
$config['smtp_server'] = 'tls://yourpairaccount.mail.pairserver.com';
$config['smtp_port'] = '587';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['temp_dir'] = '/tmp/roundcube-temp';
$config['plugins'] = ['archive'];
$config['log_driver'] = 'stdout';
$config['inline_images'] = false;
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = 'rcmail-!24ByteDESkey*Str';
$config['dont_override'] = Array('skin', 'inline_images', 'show_images'); // also removes the selection option in settings
$config['skin'] = 'nodownloads';
//$config['force_https'] = true;
$config['show_images'] = 0;
$config['text_attachment_list'] = true;Setting the default hosts allows the users to access the correct email servers without having to select them, but they will be asked for their username and passwords to connect to their IMAP and SMTP servers.
The plugins setting has the zipdownload plugin removed. The dont_override prevents the user from being able to change the skin, inline_images, and show_images settings. The skin is set to ‘nodownloads’ show_images is turned off, and a text_attachment_list is set to show attachments as a text list of files rather than by links. force_https is turned off, because https is managed by nginx, and if this is turned on, roundcube will erroneously redirect to https within the container.
The ‘nodownloads’ skin is customized from the ‘larry’ skin that is default for roundcube, and comes with roundcube. To create this, create a directory within ./roundcubesource/skins:
mkdir ./roundcubesource/skins/nodownloadsThen, create a file meta.json within ./roundcubesource/skins/nodownloads :
{
"name": "No Downloads",
"author": "James Nachbar, based on Larry by FLINT / Büro für Gestaltung, Switzerland",
"license": "Creative Commons Attribution-ShareAlike",
"license-url": "http://creativecommons.org/licenses/by-sa/3.0/",
"extends": "larry"
}Then, copy the file mailtoolbar.html from ./roundcubesource/skins/larry/include to ./roundcubesource/skins/nodownloads/include , and then modify that file by commenting out the line that contains the word ‘download’ to (the sample also includes the one above and below the lines being changed) :
<roundcube:button type="link-menuitem" command="print" label="printmessage" class="icon" classAct="icon active" innerclass="icon print" />
<!-- JMN <roundcube:button type="link-menuitem" command="download" label="emlsave" class="icon" classAct="icon active" innerclass="icon download" /> -->
<roundcube:button type="link-menuitem" command="edit" prop="new" label="editasnew" class="icon" classAct="icon active" innerclass="icon edit" />That will remove the “download” button from the mail toolbar.
Then, copy three files from ./roundcubesource/skins/larry/templates to ./roundcubesource/skins/nodownloads/templates — the files to copy are message.html , messagepart.html , and messagepreview.html .
Each one of those files needs a few lines commented out. (The files with the commenting out are included in the files provided) In message.html, comment out (with the line before and after commenting included for context)
<div id="messagecontent">
<!-- JMN - hide attachments to right
<div class="rightcol" role="region" aria-labelledby="aria-label-messageattachments">
<h2 id="aria-label-messageattachments" class="voice"><roundcube:label name="attachments" /></h2>
<roundcube:object name="messageAttachments" id="attachment-list" class="attachmentslist" />
</div>
-->
<div class="leftcol" role="region" aria-labelledby="aria-label-messagebody">and
</div><!-- end mainscreen -->
<!-- JMN
<div id="attachmentmenu" class="popupmenu" aria-hidden="true">
<ul class="toolbarmenu" id="attachmentoptionsmenu" role="menu">
<roundcube:button command="open-attachment" id="attachmenuopen" type="link-menuitem" label="open" class="icon" classAct="icon active" innerclass="icon extwin" />
<roundcube:button command="download-attachment" id="attachmenudownload" type="link-menuitem" label="download" class="icon" classAct="icon active" innerclass="icon download" />
<roundcube:container name="attachmentmenu" id="attachmentoptionsmenu" />
</ul>
</div>
-->
<roundcube:include file="/includes/footer.html" />For messagepart.html, comment out:
</div>
<!-- JMN
<div id="messagepartcontainer" class="uibox" role="main" aria-labelledby="aria-label-messagepart">
<h2 id="aria-label-messagepart" class="voice"><roundcube:label name="arialabelattachmentpreview" /></h2>
<div class="iframebox">
<roundcube:object name="messagePartFrame" id="messagepartframe" frameborder="0" title="arialabelattachmentpreview" />
</div>
</div>
-->
</div>In messagepreview.html, two sections need to be commented out:
<div id="messagepreview" role="main">
<!-- JMN
<div class="rightcol" role="region" aria-labelledby="aria-label-messageattachments">
<h2 id="aria-label-messageattachments" class="voice"><roundcube:label name="attachments" /></h2>
<roundcube:object name="messageAttachments" id="attachment-list" class="attachmentslist" />
</div>
-->
<div class="leftcol" role="region" aria-labelledby="aria-label-messagebody">and
</div>
<!-- JMN
<div id="attachmentmenu" class="popupmenu" aria-hidden="true">
<ul class="toolbarmenu" id="attachmentoptionsmenu" role="menu">
<roundcube:button command="open-attachment" id="attachmenuopen" type="link-menuitem" label="open" class="icon" classAct="icon active" innerclass="icon extwin" />
<roundcube:button command="download-attachment" id="attachmenudownload" type="link-menuitem" label="download" class="icon" classAct="icon active" innerclass="icon download" />
<roundcube:container name="attachmentmenu" id="attachmentoptionsmenu" />
</ul>
</div>
-->
<roundcube:include file="/includes/footer.html" />Those files in the template directory will be used instead of the ‘larry’ files for our modified skin. The commented out sections remove the UI elements used for downloading attachments, while the config file prevents the user from selecting another skin.
Now, all any of your staff need to do is go to IP address of your Webmail server and log in using their IMAP username and password.
Note that if the browsers are set to use the squid proxy (which they should), you will need to except the IP address and/or DNS name of the Webmail server in the Internet settings on each office PC so that they do not try to access the Webmail server through the proxy.