We’ve been using Roundcube for webmail for a while now without too many problems. It’s easy to install and simple enough to configure and our users seem to find it easy to use.
Recently one of our email accounts was comprimised, leading to a spammer sending a lot of spam through our server. While trying to trace which account was the culprit it became apparent that the source of the spam was the webmail interface, but reviewing the logs proved that there had been logins but no details were visible (these were after all just the apache logs).
What I needed was for Roundcube to log the users who were using the service. Some searches through Google revealed little of help, but then I came across the possibility of enabling the userlogins file. It’s listed in the default config file, but not many other places, so hopefully this post will help others.
To enable, simply add the following to your config.inc.php file.
$config[‘log_logins’] = true;
Once added, the file will be created with details of every login in the logs directory under the Roundcube installation. It confirmed that the user I suspected from a lot of other log reviewing was the culprit – potentially saving me several hours of effort!