Updating Roundcube on Sentora

If you have chosen Sentora as your webhost control panel then you might want to update Roundcube and some of the other outdated software that came with it.  Sentora comes packaged already with Roundcube version 1.0.3 which is known to have vulnerabilities. By updating Roundcube on Sentora to a later version you will be protecting your server from becoming hijacked and sending spam, which can lead to being blacklisted.  This guide will cover how to update your Roundcube email client and also provide some guidance if you have already been compromised.

Updating Roundcube on Sentora

The first thing you will want to do is log into your email account and in the top left corner click the about link to view the version of roundcube you currently have. Write this down so you can later check that the update was successful and you have the new version.

Download the latest version of Roundcube from here. I went with the latest LTS or Long Term Support Version 1.1.6 (the latest of this writing)

Now SSH into your server and navigate to the directory right before where Sentora has installed roundcube. The path to roundcoube is:

/etc/sentora/panel/etc/apps/webmail

But you should now be in apps. Upload the roundcube.tar file into this directory and unpack it with

tar xf roundcubemail-*.tar.gz

This should have extracted the files into a new folder called roundcubemail. Now move into this directory.

All of the new roundcube files are in here but we want to install them to the webmail directory. You can read the UPGRADING file but basically all you need to do is run the installto.sh and pass the directory of where to install to like this:

./installto.sh /etc/sentora/panel/etc/apps/webmail

And when that is done go back and log into roundcube and check the version to see if it was successful. Leave a comment below if you need assistance.

What to do if Roundcube has already been compromised?

If your web server is already sending tons of spam messages you will want to follow the above guide and update immediately!

Once that is complete it is a good idea to change all of your email passwords just to be extra safe.

Now you want to remove all email from your postfix mail queue so run these commands below:

mailq                             ~ check to see if any spam is still trying to be sent.

postsuper -d ALL        ~ to delete all emails in the mail queue

postsuper -d ALL        ~ to delete all emails that have been deferred

postfix flush                 ~ to flush your mail queue

mailq                             ~ and finally after a little bit of time check to see that the mail queue is still empty and that the problem is solved.

Be sure to check MXTools to make sure you domain is not black listed from sending email. If it is there is a good chance emails sent from your server will not be received. Follow up with them on how to get off their lists.


							
						

5 Responses

  1. Magaret Doke says:

    I like this post, enjoyed this one regards for putting up.

  2. Florencio Detorres says:

    I like this weblog very much, Its a real nice spot to read and receive info .

  3. Alysa Vigiano says:

    WONDERFUL Post.thanks for share..extra wait .. …

  4. Hunter Egleston says:

    Hey there, I think your website might be having browser compatibility issues. When I look at your website in Opera, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, wonderful blog!

  5. Maren Hornandez says:

    Do you mind if I quote a few of your posts as long as I provide credit and sources back to your webpage? My blog is in the exact same area of interest as yours and my visitors would genuinely benefit from some of the information you provide here. Please let me know if this okay with you. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *