Roundcube mods to config.inc.php

consider adding the following to /usr/local/lib/roundcubemail/config/config.inc.php ?

$config['htmleditor'] = 1;   # enables html editor by default
$config['show_images'] = 2;   #displays images by default
$config['session_lifetime'] = 480;  #changes session auto log off to 8 hours ( guess this is debatable) 
$config['login_rate_limit'] = 5;  #rate limits 5 attempts to log into roundcube before banning you for 1 minute
$config['search_mods'] = array('*' => array('subject'=>1, 'from'=>1, 'to'=>1, 'cc'=>1, 'bcc'=>1, 'body'=>1));  # enables search that works much better by default

You could try submitting a PR if you already have the changes figured out.

I’m not sure the benefit of the login rate limit, since MiaB has Fail2Ban and people with bots are likely hitting on the SMTP/IMAP login.

1 Like

This is bad practice for privacy reasons and shouldn’t be the default. But users can enable it in the settings of Roundcube on a per account / user basis.

1 Like

I respectfully disagree. I think it makes the webmail client feel ancient. Most modern webmail loads images and html by default. Maybe this is just something I’ve gotten used to. Id really like to hear from others though… To me I feel like it should be the other way around, this should be the default behavior and if you want to set it for not doing this by default then that should be the exception.

I realize that this project has always had it setup the other way so moving the user base could be an issue if more individuals believe it should be your way, which is why I doubt submitting a PR would get me a great result.

I am curious though… how many people would expect HTML and Images to load by default… Please reply.

:grinning:

I think the setting makes it default to not private and other webmail systems that are default not private are equally undesirable. It should be user choice, because the remote content is explicitly tracking tools.

2 Likes

Security and bandwidth wise I think that images should probably not be loaded by default and that is fine.

The html editor is a different thing, I think that probably should be on by default because it’s just a more useful writing experience and doesn’t come with any big issues attached - I don’t think that there are many people out there nowadays who can only receive plain text mails.

2 Likes

This issue comes out in a different way, and it is that there are still mobile applications that display many HTML messages poorly by making the text way to small to read. I have experienced this with the default Android mail app that for whatever reason displays plain text messages with an easily readable font size.

I have noticed several of the large newsletters I subscribe to switch to using plain text from HTML, and I suspect this is part of the reason (although possibly it could also be spam filters, but I don’t have experience here).

basically I came to the conclusion that I will be changing this after each upgrade to fit my needs.

Maybe Ideally during the install process some questions could be answered that makes these changes happen based on personal preference or some kind of answer file.

I’m not a programmer and don’t have the skills to do the leg work on coding that though.

So for now, I guess we could close this thread.

This topic was automatically closed after 61 days. New replies are no longer allowed.