Install and configure Rainloop Webmail in Debian

In this guide, you will learn how to install and configure the latest version of Rainloop Webmail in Debian to retrieve emails from popular email services such as Gmail, Yahoo! Mail and Microsoft Outlook. This guide will configure the Gmail services for demonstration purposes only. However, feel free to add your own domain to handle emails with Rainloop, as the procedure for adding domain settings is mostly the same as configuring other public mail services. Rainloop webmail client serves as an interface to IMAP and SMTP services provided by Yahoo! Mail, Gmail and Outlook accounts.

Rainloop is a free, modern open-source mail user agent or web client written in PHP and deployed on Linux with Apache/Nginx, PHP and MySQL/MariaDB components. Rainloop provides a modern, simple, customizable interface for clients to access mail services via IMAP and SMTP protocols to synchronize mail files and send mail.


  • Minimal installation of Debian 9.1 on a bare-metal machine or on a virtual private server
  • One of the server’s network cards configured with a static IP address
  • Direct access to the root account via the console or remotely via the SSH service or sudo root privileges for a local or remote account
  • A domain name, private or public depending on the deployment, with the proper DNS records configured for web services
  • A properly configured email service with remote access to its IMAP and SMTP services.

Initial configurations

Before you start installing and configuring the Rainloop webmail client from your own server’s sources, you need to make sure that your system meets all the software requirements for compiling and installing the application. In the first step, update your system repositories and software packages by running the following commands.

apt update
apt upgrade

In the next step, run the following command to install some necessary utilities to manage your system from the command line.

apt install wget bash-completion unzip

Next, set the name for your system by running the following command. Replace the hostname variable accordingly.

hostnamectl set-hostname mail

Check the hostname of the machine and the hosts file by running the following commands.

cat /etc/hostname
hostname –s

Finally, restart the Debian server so that the kernel updates and hostname changes are applied correctly.

init 6

Install LAMP

Rainloop is a webmail client written and developed primarily in the PHP server-side programming language. In order to run Rainloop’s PHP file scripts, a web server such as the Apache HTTP server and a PHP processing gateway must be installed and commissioned in the system. To install the Apache web server and PHP interpreter along with all the PHP modules Rainloop needs to run properly, enter the following command in your server console.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-xml php7.0-mcrypt php7.0-opcache php7.0-xml php7.0-mbstring php7.0-curl php7.0-json

After Apache and PHP are installed, test that the web server is running and listening for network connections on port 80 by entering the following command with root privileges.

netstat –tlpn

If the netstat network utility is not installed by default in your Debian system, run the following command to install it.

apt install net-tools

From the netstat command output, you can see that the Apache web server is listening for incoming network connections on port 80. You can also use the ss command for the same task, which is automatically installed in Debian 9.

ss- tulpn

If you have a firewall enabled on your system, such as the UFW firewall application, you should add a new rule to allow HTTP traffic through the firewall by typing the following command.

ufw allow WWW


ufw allow 80/tcp

If you use iptables raw rules to manage the firewall rules on your Debian server, add the following rule to allow incoming traffic through port 80 on the firewall to allow visitors to browse the Rainloop interface.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload

Next, enable the following Apache modules and apply them to redirect HTTP connections to HTTPS by typing the following command.

a2enmod rewrite
systemctl restart apache2

Finally, test if the default Apache web page can be displayed in your clients’ browsers by calling the IP address of your Debian machine or your domain name or server FQDN via the HTTP protocol. If you don’t know the IP address of your machine, you can run the ifconfig or ip a commands to find out the IP address of your server. The default Apache page for Debian is displayed in your browser.


To install and access the Rainloop application using the HTTPS protocol, which secures traffic for your clients, enter the following command to enable the Apache web server SSL module and SSL site configuration file.

a2enmod ssl
a2ensite default-ssl.conf

Next, open Apache’s default SSL site configuration file with a text editor and enable the URL rewrite rules by adding the following lines of code to DocumentRoot directive, as shown in the following example:

nano /etc/apache2/sites-enabled/default-ssl.conf

Excerpt from the SSL site configuration file:

<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
Require all granted

Also, change the VirtualHost line to look like the excerpt below:

<VirtualHost *:443>

Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as in the SSL configuration file. Add the lines of code after the DocumentRoot statement, as shown in the following example.

<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
Require all granted

Finally, restart the Apache daemon to apply all the rules configured so far and visit your domain using the HTTP protocol. Since you are using the self-signed certificate pairs automatically issued by Apache during installation, an error warning should be displayed in the browser, as shown in the screenshot below.

systemctl restart apache2

Accept the warning to continue and be redirected to the default Apache web page using the HTTPS protocol. The following page will be displayed in your browser.

If the UFW firewall application blocks incoming network connections to the HTTPS port, you should add a new rule to allow HTTPS traffic through the firewall by entering the following command.

ufw allow 'WWW Full'


ufw allow 443/tcp

If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow incoming traffic through port 443 in the firewall to allow visitors to browse your domain name.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload

In the next step, we need to make some more changes to the PHP default configuration file to ensure that the following PHP variables are enabled and that the PHP time zone setting is configured correctly and matches the geographical location of your system. Open the /etc/php/7.0/apache2/php.ini file for editing and make sure that the following lines are set as follows. Also, first make a backup copy of the PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini

Find, edit, and change the following variables in the php.ini configuration file:

file_uploads = On
allow_url_fopen = On
memory_limit = 128 M
upload_max_file_size = 64M
date.timezone = Europe/London

Increase the variable memory_limit to support large file attachments, and replace the variable variable according to your physical time by consulting the list of timezones in the PHP documents at the following link: http: //

If you want to increase the loading speed of your web pages using the OPCache plugin available for PHP7, add the following OPCache settings to the end of the PHP interpreter configuration file as described below:


Close the php.ini configuration file and check the end of the PHP configuration file to see if the variables were added correctly by typing the following command.

tail /etc/php/7.0/apache2/php.ini

After you have made all the changes described above, restart the Apache daemon to apply the new changes by entering the following command.

systemctl restart apache2

Finally, create a PHP info file by running the following command, and verify that the PHP time zone is configured correctly by accessing the PHP info file in a browser at the following URL (see figure below). Scroll down to the date setting to verify the PHP time zone configuration.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php


Rainloop webmail client stores contacts in a specific RDBMS database, such as MySQL, SQLite or PostgreSQL. In this tutorial, we will configure Rainloop with MariaDB database, a variation of MySQL database, as the backend. Enter the following command to install the MariaDB database and the PHP module needed to access the MySQL database.

apt install mariadb-server php7.0-mysql

After you install MariaDB, check that the daemon is running and waiting for connections on localhost, port 3306, by running the netstat or ss command.

netstat –tlpn | grep mysql

Then log in to the MySQL console and secure the MariaDB root account by running the following commands.

mysql -h localhost
use mysql;
update user set plugin='' where user='root';
flush privileges;

In the next step, secure MariaDB by running the mysql_secure_installation script included in the installation packages from the Debian Stretch repositories. As the script runs, it asks a series of questions about securing the MariaDB database, such as changing the MySQL root password, removing anonymous users, disabling removed root logins, and deleting the test database. Run the script using the command below and make sure you answer yes to all questions to secure MySQL daemon fully. Use the script output below as a guide only.

sudo mysql_secure_installation

To test the security of MariaDB, try logging into the database from the console without a root password. Access to the database should be denied if no password is provided for the root account. If the password is provided, you should be able to log in to the MySQL console, as shown in the screenshot below.

mysql -h localhost -u root
mysql -h localhost -u root –p

Next, log in to the MariaDB database console and create a database for Rainloop and a user with a password to manage the Rainloop database. Replace the Rainloop database name, user and password accordingly.

mysql –u root -p
create database rainloop_db;
grant all privileges on rainloop_db.* to 'rainloop_user'@'localhost' identified by 'rainloop_pass';
flush privileges; 

To apply all the changes made so far, restart the MySQL and Apache daemons and check if the daemons are running by entering the following commands.

systemctl restart mysql apache2
systemctl status mysql apache2

Install Rainloop Webmail

If all the system requirements for installing your e-commerce online store are met, visit the official Rainloop website and download the latest compressed zip package using the wget program, as shown in the following example.


After the zip archive download is complete, unpack the compressed Rainloop zip archive directly into the root directory of your web server and list the unpacked files using the following commands. Also, remove the default index.html file installed by the Apache web server from the webroot path and also delete the info.php file created earlier.

rm /var/www/html/index.html
rm /var/www/html/info.php
unzip -d /var/www/html/
ls –al /var/www/html/

Next, run the following commands to give the Apache runtime user full write permissions to the /rainloop and /data directories in your server’s webroot path. Use the ls command to list the permissions for the Rainloop installation files in the /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/rainloop/
chown -R www-data:www-data /var/www/html/data/
ls –al /var/www/html/

Proceed directly with the Rainloop configuration process by opening a browser and navigating your server’s IP address or domain name to the /?admin URL query string using the HTTPS protocol. Use the following default credentials to log in to the Rainloop admin area:


username: admin

Password: 12345

On the first configuration screen of Rainloop, you will be prompted to change the default admin password to protect the admin panel interface. Click on the ” Change Password ” link to go to change the admin panel password, as shown in the figure below.

In the security area, enter your current password for the admin panel and also change the default admin username. Enter a secure password for the new admin user, repeat the same password and click the Update Password button to change the Rainloop Admin Panel credentials, as shown in the screenshot below.

Next, navigate to the Domains menu and click Add Domain if you want to add your own domain to the list. Enter your mail domain settings, such as IMAP and SMTP servers with the required ports, the type of connection (None, SSL/TLS or STARTTLS), enable the Use authentication for SMTP servers option if needed and click the Test button to check your domain’s mail settings. When all tests are passed, click Update to add your domain to the list.

If you want to use Rainloop Webmail to handle mail for public mail services like Gmail, Microsoft Outlook or Yahoo! Mail, click on each domain and test the settings. For example, to check if the domain is accessible from your server, click on the domain in the list to open the domain settings and click the Test button. If the Gmail SMTP and IMAP services are reachable from your server, the Test button should turn green, as you can see in the screenshot below.

On the other hand, if errors are returned after running the tests, you should check your server’s network interface configuration, routing table or Internet connection settings. You should also check your server’s outbound firewall rules or your gateway router to ensure that the required SMTP and IMAP ports can pass through the firewall.

To enable contacts in Ranloop Webmail, navigate to the Contacts menu and select the Enable contacts checkbox. Then select the MySQL storage type from the list and add the name of your Rainloop database at the end of the Dsn field. Enter the database user and password and click the Test button to connect to the MySQL storage, as shown in the figure below.

The Rainloop webmail application also allows integrating its interface with popular social or file sharing services like Google, Facebook, Twitter and Dropbox. You can also customize the interface and add a name for your Rainloop service’s website, a description of the service or your own favicon.

To log in to the Rainloop webmail app with a Gmail account, navigate to your domain name using the HTTPS protocol and enter your Gmail account credentials, as shown in the figure below. A list of your Gmail messages will be displayed in the Rainloop interface.

If you are unable to log in to the Rainloop webmail interface using your Gmail account credentials, navigate to the link below to enable Less secure apps to access your Google account. To enable Google Less secure apps, sign in with your Gmail account details and enable Less secure apps as shown in the screenshot below.

To force visitors to access the Rainloop UI via the HTTPS protocol, reconnect to your server console and create a new .htaccess file in the root of your web server with the following content.

nano /var/www/html/.htaccess

Extract from the.htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


RewriteEngine on
Options -Indexes 

That’s it! You have successfully installed and configured the Rainloop webmail application on Debian 9.1. However, since your Apache HTTP server uses self-signed certificates to encrypt traffic between the server and the client’s browser, a warning message is generated and displayed in your browser every time your domain is accessed. In this case, you should purchase a certificate issued by a trusted certificate authority or get a free pair of certificates from Let’s Encrypt CA. You can find more custom configurations for Rainloop on the documentation page at the following address: