Roundcube, Fedora and SELinux

If you are installing Roundcube on a Fedora server, you might have some troubles with SELinux, as the default configuration for Apache's HTTP server blocks outgoing connections initiated by scripts. As you might expect, Roundcube needs this capability to be able to connect to the IMAP and SMTP servers. So, if you see this on your logs:

[24-Aug-2013 10:06:26 +0000]: IMAP Error: Login failed for username@domain.de from 123.123.123.123. Could not connect to mail.domain.de:143: Permission denied in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 184 (POST /roundcubemail/?_task=login&_action=login)

Then check your /var/log/audit/audit.log. If you get an entry like this:

type=AVC msg=audit(1377338840.503:34514): avc:  denied  { name_connect } for  pid=8325 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket

Then SELinux is indeed blocking your outgoing connections. To tell SELinux that you want to allow Apache's HTTP server to make outgoing connections, run this:

sudo /usr/sbin/setsebool -P httpd_can_network_connect on