This installation assumes a few things:

1. You have PostfixAdmin already installed somewhere.  (While it is not required. It is nice to have since this doesn’t do domain admin.)
2. You are using the default database structure that comes with PostfixAdmin
3. You know what you are doing.  (You have to modify the postfix database.)
4. You are using the latest subversion release of RoundCube that supports plugins.

It also does have some limitations:

1. It only allows for add/removal/editing of  accounts under a single domain. The accounts that are being edited must match the domain of the logged in user.
2. I am not an excellent programmer. This version is a complete mess of code and may or may not break on you. If it does, please tell me how, when, where, and why and I will do my best to fix it.
3. You must manually edit the database to create the superuser that cannot be deleted.
4. This must be done perfectly or stuff will break.
5. It does not remove account data.
6. This also currently must be installed on the same server as the e-mail.

Installation Steps:

Altering the database structure + configs.

1. Add a field to the mailbox table

   ALTER TABLE `mailbox` ADD `is_admin` TINYINT NOT NULL AFTER `active`;

2. Create a table called quotacron

   CREATE TABLE IF NOT EXISTS `quotacron` ( `path` varchar(255) NOT NULL, `bytes` varchar(255) NOT NULL, `time` datetime NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=latin1;

3. Modify dovecot and postfix configuation (Make sure to do this for ANY query that checks the database for a virtual user.
4. Change the SQL string to use WHERE username = ‘%u’ AND active > 0′ instead of ‘WHERE username = ‘%u’ AND active = 1′
5. Okay, now reload postfix and dovecot. The reason we did this is because a normal user will be active = 1 and is_admin = 1. The super user will have a value of 2 for both fields. This is so that we can make sure that if we grant another user admin, they cannot steal it.

Installing the Plug-in

1. Download the Plugin

   http://hexhost.net/files/roundcube_plugin-manage_users.zip

2. Unzip the plugin in the roundcube plugins directory

   unzip roundcube_plugin-manage_users.zip

3. Edit roundcube configuration file (/path/to/roundcube/config/main.inc.php)

   $rcmail_config['plugins'] = Array('manage_users');

4. Edit Plugin configuration file (/path/to/roundcube/plugins/config.inc.php)

   $rcmail_config['postfixadmin_user'] = 'postfix'; // Username to access the postfix database$rcmail_config['postfixadmin_pass'] = 'password'; // Password to access the postfix database$rcmail_config['postfixadmin_db'] = 'postfix'; // Name for the postfix database$rcmail_config['postfixadmin_host'] = 'localhost'; // Host for the postfix database$rcmail_config['physical_mail_path'] = '/path/to/virtual/mail/root/';  //Path to virtual Mailboxes (MUST HAVE BEGINNINGAND TRAILING SLASHES!

5. If you want quota’s to work, Create a cron for the user that is owner of the virtual mailboxes. In it add the following line (editing it appropriately):

   */5 * * * * cd /path/to/roundcube/plugins/manage_users/; php quota_cron.php

Configuring the superuser

1. Using SQL administrator change the is_admin and active field for your superuser to a value of 2 in the MySQL database. This will make the superuser irremovable and nobody can deactivate it without manually editing the database.

Using the plugin

1. Log into RounCube interface as super-administrator
2. Go to User Preferences
3. Click on User Admin
4. You can now edit users.

In the end

• This probably will break. It might or might not work. Remember you HAVE to know what your doing. And, this is VERY alpha, and you are charged with knowing what you are doing!

Everyone in the community seems to think that RoundCube should never have the distinction between a user and an administrator. I think differently. I have embarked on an adventure to create a plug-in that will allow an ‘administrator’ user as defined in the Postfix database to be used in RoundCube. I deem it.. PostCube

Once I have a beta / release-candidate I will post it here. Should be here within a week.

3 April, 2009

Dear K*****, K**** L,

As a result of your dedication to scholarly success in University of North
Texas, North
America Scholar Consortium extends to you an invitation to apply for
membership in the NASC Honor Society. Membership application is by
invitation only; therefore, membership is a special honor afforded to
a small group of outstanding students.

Membership applications are available at
http://inv.naschonor.org//lt.php?id=ZkgDBQxQxxxITQMfBxxxCAME Please use
your
assigned invitation code when you apply.

Invitation Code: xxxxxxx

To learn more about the opportunities that accompany NASC Honor
Society membership, please visit
http://inv.naschonor.org//lt.php?id=ZkgDBQxQV1EBTQMxxxVCAME for more
information. I encourage you to seize this valuable and rewarding
opportunity and look forward to seeing your name among the next list
of new NASC Honor Society members!

Sincerely,

Louis Birch
President 2009-2010
NASC Honor Society

So I start to do some digging. I had never heard of this scholar program and shes psyched that shes done so good in school that she’s gotten this e-mail. Just by the way the e-mail was formatted, a lack of phone number and further details as to what they do got me suspicious and made me smell a rat.

So I google the name to find the #1 search result to see if this may be a phishing scam. Nope, the website referenced is the #1 result. Okay so far so good. Whois returns:

Created On:30-Oct-2008 17:55:00 UTC

okay, 6 months old… kinda fishy but not completely out of the question.

Registrant ID:GODA-055102752
Registrant Name:Registration Private
Registrant Organization:Domains by Proxy, Inc.
Registrant Street1:DomainsByProxy.com
Registrant Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Registrant Street3:
Registrant City:Scottsdale
Registrant State/Province:Arizona
Registrant Postal Code:85260
Registrant Country:US

You would think a legitimate organization would have contact details. Strike 1.

Membership Application Form

By Invitation Only

Application submission is free of charge. Please DO NOT send us any payment at this stage.
A life-time membership fee of $68 will be required only if your application is approved.

BZZZZ strike 2. Something like this is usually sponsored and free.

No phone number on the contact us page? Strike 3. Its a scam.

I go to tell my friend this and she has called her mom and told her how cool it is and i tell her its a scam. I swear she almost started crying.

UPDATE: As it turns out. She did cry after she left the room. ASSHOLES I’m going to find you.

It’s one thing to phish and spam. But to use something like a fake scholars program, that’s just not cool.

Thanks assholes, now i feel like a douche bag for something you got her hopes up on.

Jackasses. I hope you burn in hell.