W3data Technologies Support SOP: Resolving Roundcube Spoofchecker Fatal Error

Issue Overview Users report an "Internal Server Error" or a blank white screen when attempting to log into Roundcube Webmail or load their inbox.

Diagnosis / Verification Before applying the fix, verify that the missing Spoofchecker class is the root cause by checking the Roundcube error logs.

1. Log into the affected server via SSH as root.

2. Check the most recent errors in the log file (note: depending on the CWP build, the file may be named errors or errors.log):

   Bash

    

   tail -n 20 /usr/local/cwpsrv/var/services/roundcube/logs/errors.log
   

3. If the output contains the following PHP Fatal Error, proceed with the resolution below: PHP Fatal error: Uncaught Error: Class 'Spoofchecker' not found in /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/rcube_spoofchecker.php

Root Cause Roundcube 1.5+ includes a security feature to detect homograph attacks (spoofed email addresses). This feature requires the PHP intl (Internationalization) extension. The pre-compiled PHP version used by CWP's internal web server (cwpsrv) frequently lacks this extension. When Roundcube calls the Spoofchecker() class, the application crashes.

Resolution: Code Bypass Method

Because recompiling the internal cwpsrv PHP can be disruptive, the standard and fastest resolution is to safely bypass the spoof check inside the Roundcube core files.

Step 1: Open the Target File Open the rcube_spoofchecker.php file using your preferred text editor (nano, vi, or vim):

nano /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/rcube_spoofchecker.php

Step 2: Locate the check() Function Scroll down to approximately line 50. You are looking for the following block of code:

        if (isset(self::$results[$domain])) {
            return self::$results[$domain];
        }

        // Spoofchecker is part of ext-intl (requires ICU >= 4.2)
        $checker = new Spoofchecker();

Step 3: Insert the Bypass Add return false; exactly above the $checker variable definition. This forces the function to exit immediately before requesting the missing PHP extension.

The corrected code block must look exactly like this:

        if (isset(self::$results[$domain])) {
            return self::$results[$domain];
        }

        return false;

        // Spoofchecker is part of ext-intl (requires ICU >= 4.2)
        $checker = new Spoofchecker();

Step 4: Save and Verify

1. Save the file and exit the text editor.

2. No service restarts (e.g., Apache, Nginx, or cwpsrv) are required.

3. Have the end-user refresh their Roundcube webmail page. The inbox will load normally.

Note: This is a localized file modification. If CWP pushes a major update to Roundcube in the future, this file may be overwritten, and the fix may need to be reapplied if the intl extension has still not been added to the internal PHP build.