Forward Email Using ISPConfig and Keep a Copy (Or Not!)

ISPConfig Forward Email to Other Addresses

This article details how to use ISPConfig to forward email to another email address (or addresses) of your choice and also whether to keep a copy on the server.

Many people who use a web-based email like hotmail, gmail or yahoo prefer to use their provider’s interface to pick up and/or send email from their own domain. You can configure their POP3/IMAP collector to retrieve the email for you or alternatively ‘push’ or forward it to that address.

In ISPConfig, this is done using the custom rules under the mailbox settings; depending on which LDA / POP3 / IMAP daemon you are using, the syntax differs slightly – I have shown the syntax for two of the most popular. Dovecot uses sieve syntax and is shown in the images and Courier uses the maildrop syntax – please refer to the footnotes.


  1. Log into the ISPConfig admin interface and choose “Email Inbox” under the “Email” tab:
  2. Click on the mailbox for which you want to forward mail:
  3. Under “Custom Rules” – to forward email and leave a copy on the server:
    ispconfig forward email
  4. Under “Custom Rules” – to forward email and delete from your server:

Sieve syntax:

cc "!"

Maildrop syntax:

redirect "";

Roundcube SOAP Error: Could not connect to host

Roundcube SOAP Error: Could not connect to host

This article details how to fix the Roundcube SOAP error: “could not connect to host” when integrating with ISPConfig.

Environment: Debian 8 Jessie, ISPConfig3 with Apache. Roundcube plugin installed as per the tutorial featured here on HowToForge.

This error in particular is down to the ISPConfig plugin config file
/opt/roundcube/plugins/ispconfig3_account/config/ which in its default state looks something like this:

$rcmail_config[‘identity_limit’] = false;
$rcmail_config[‘remote_soap_user’] = ’roundcube’;
$rcmail_config[‘remote_soap_pass’] = ’roundcube’;
$rcmail_config[‘soap_url’] = ‘’;

Everything comes down to the last line in this config file – the soap_url parameter; all the steps below need to be carried out for successful

  1. The SOAP url must start with https not http:
    $rcmail_config['soap_url'] = '';
  2. The local machine must be able to resolve the soap_url address hostname:
    root@jessie:~# ping
    PING ( 56(84) bytes of data.
  3. The hostname must match the hostname of the SSL certificate of the ISPConfig interface:
    • check the hostname of the ISPConfig SSL certificate: openssl x509 -in /usr/local/share/ca-certificates/ispserver.crt -text -noout | grep Subject:
    • You should see something like this: Subject: C=GB, ST=Greater London, L=London, O=Empirion, OU=IT,
    • The server’s fully qualified domain name in the “CN” field must match the soap_url in the config line.

If you are still seeing the error despite having followed all the steps, it may be that the ISPConfig certificate is not available to the roundcube plugin. Check out the footnotes at the bootom of this article for details on how to update the certificate share with the ISPConfig certificate and configure Apache’s php.ini.

This should now be working, please leave a comment if you observe different results and we can troubleshoot!

Create or Generate an ISPConfig SSL Certificate

How to Create or Generate an ISPConfig SSL Certificate

This article describes how to install, create or generate the ISPConfig SSL Certificate which secures the ISPConfig 3 control panel. There are two ways in which this can be done:

  • Create a new self-signed OpenSSL Certificate on the command line using OpenSSL or
  • Renew the ISPConfig SSL Certificate with the ISPConfig updater

1. Create a new self-signed OpenSSL Certificate on the command line using OpenSSL

  • Change the permissions to secure the file:
    root@jessie:~# chmod 600 /root/ispconfig_sslcert_backup.tar.gz
  • backup the current SSL Certs in case of the need to roll back:
    root@jessie:~# tar pcfz /root/ispconfig_sslcert_backup.tar.gz /usr/local/ispconfig/interface/ssl
  • login to your server on the shell as root user
  • Create a new SSL Certificate Request (csr) , Certificate key and a self-signed Certificate:
    root@jessie:~# cd /usr/local/ispconfig/interface/ssl
    root@jessie:~# openssl genrsa -des3 -out ispserver.key 4096
    root@jessie:~# openssl req -new -key ispserver.key -out ispserver.csr
    root@jessie:~# openssl x509 -req -days 3650 -in ispserver.csr -signkey ispserver.key -out ispserver.crt
    root@jessie:~# openssl rsa -in ispserver.key -out ispserver.key.insecure
    root@jessie:~# mv ispserver.key
    root@jessie:~# mv ispserver.key.insecure ispserver.key
  • Restart Apache to load the new SSL Certificate.
    root@jessie:~# service apache2 restart

2) Renew the ISPConfig SSL Certificate Using the Installer Script

The second way to install a new SSL Certificate is to use the script:

  • download ISPConfig to the /tmp folder, unpack the archive and start the update script:
    root@jessie:~# cd /tmp
    root@jessie:~# wget
    root@jessie:~# tar xvfz ISPConfig-3-stable.tar.gz
    root@jessie:~# cd ispconfig3_install/install
    root@jessie:~# php -q update.php
  • Answer “yes” to the following prompt during the update:
    Create new ISPConfig SSL certificate (yes,no) [no]:

    and the SSL Certificate creation dialog will start.

Optional: Make the ISPConfig certificate available to other applications which may require it:

If you are going to extend the ISPConfig with other plugins which will require the ISPConfig certificate e.g. roundcube then you should also complete the following steps:

  1. Copy the new certificate into the Debian SSL repository:
    root@jessie:~# cp /usr/local/ispconfig/interface/ssl/ispserver.crt /usr/local/share/ca-certificates/
  2. Update the ca certificate store:
    root@jessie:~# update-ca-certificates
  3. Edit the /etc/php5/apache2/php.ini file, locate the [openssl] section and add the following line:
  4. Restart Apache:
    service apache2 restart