diff --git a/roles/mail/templates/roundcube/config.inc.php b/roles/mail/templates/roundcube/config.inc.php
index dc9cf47cc9f845423ae221b547078db1aaaaf0ac..a0b9181f4b89ffbbb545f0382735bae6ba2187ea 100644
--- a/roles/mail/templates/roundcube/config.inc.php
+++ b/roles/mail/templates/roundcube/config.inc.php
@@ -3,64 +3,41 @@
 /*
  +-----------------------------------------------------------------------+
  | Local configuration for the Roundcube Webmail installation.           |
- |                                                                       |
- | This is a sample configuration file only containing the minumum       |
- | setup required for a functional installation. Copy more options       |
- | from defaults.inc.php to this file to override the defaults.          |
- |                                                                       |
- | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
  +-----------------------------------------------------------------------+
 */
 
-$config = array();
+$config = [];
+
+// SQL DATABASE
 
 // Database connection string (DSN) for read+write operations
-// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
-// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
-// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
-// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
-$config['db_dsnw'] = 'mysql://roundcube:{{ roundcube_db_password }}@127.0.0.1:3308/ai_roundcube?charset=utf8mb4';
-
-// The mail host chosen to perform the log-in.
-// Leave blank to show a textbox at login, give a list of hosts
-// to display a pulldown menu or set one host as string.
-// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
-// Supported replacement variables:
-// %n - hostname ($_SERVER['SERVER_NAME'])
-// %t - hostname without the first part
-// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
-// %s - domain name after the '@' from e-mail address provided at login screen
-// For example %n = mail.domain.tld, %t = domain.tld
+$config['db_dsnw'] = "mysql://roundcube:{{ roundcube_db_password }}@127.0.0.1:3308/ai_roundcube?charset=utf8mb4";
+
+// LOGGING / DEBUGGING
+
+// Logging configuration.
+$config['log_driver'] = 'syslog';
+$config['syslog_id'] = 'roundcube';
+$config['syslog_facility'] = LOG_MAIL;
+
+// IMAP
+
 $config['default_host'] = 'localhost';
 $config['default_port'] = 10143;
 
-// SMTP server host (for sending mails).
-// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
-// If left blank, the PHP mail() function is used
-// Supported replacement variables:
-// %h - user's IMAP hostname
-// %n - hostname ($_SERVER['SERVER_NAME'])
-// %t - hostname without the first part
-// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
-// %z - IMAP domain (IMAP hostname without the first part)
-// For example %n = mail.domain.tld, %t = domain.tld
-$config['smtp_server'] = '127.0.0.1';
+// IMAP protocol configuration, Dovecot-specific. Most of these are
+// optimizations so Roundcube can skip auto-detection of features.
+$config['imap_timeout'] = 10;
+$config['imap_vendor'] = 'dovecot';
+$config['imap_force_caps'] = true;
+$config['imap_dual_use_folders'] = true;
 
-// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
-// deprecated SSL over SMTP (aka SMTPS))
-$config['smtp_port'] = 10025;
+// SMTP
 
-// SMTP username (if required) if you use %u as the username Roundcube
-// will use the current username for login
+$config['smtp_server'] = '127.0.0.1';
+$config['smtp_port'] = 10025;
 $config['smtp_user'] = '%u';
-
-// SMTP password (if required) if you use %p as the password Roundcube
-// will use the current user's password for login
+// Use the SSO ticket (from the request environment via mod_sso) as the SMTP password.
 $config['smtp_pass'] = $_SERVER['SSO_TICKET'];
 
 // Other SMTP parameters.
@@ -72,17 +49,7 @@ $config['smtp_helo_host'] = '{{ shard_id }}.webmail.{{ domain }}';
 // timeout > 0 causes connection errors (https://bugs.php.net/bug.php?id=54511)
 $config['smtp_timeout'] = 0;
 
-// SMTP socket context options
-// See http://php.net/manual/en/context.ssl.php
-// The example below enables server certificate validation, and
-// requires 'smtp_timeout' to be non zero.
-// $config['smtp_conn_options'] = array(
-//   'ssl'         => array(
-//     'verify_peer'     => true,
-//     'verify_depth     => 3,
-//     'cafile'          => '/etc/ai/ca.pem',
-//   ),
-// );
+// UI CUSTOMIZATION
 
 // Name your service. This is displayed on the login screen and in the window title
 $config['product_name'] = 'A/I Webmail';
@@ -92,32 +59,28 @@ $config['product_name'] = 'A/I Webmail';
 // please provide a string of exactly 24 chars.
 // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
 $config['des_key'] = '{{ roundcube_secret }}';
-//$config['cipher_method'] = 'AES-256-CBC';
+$config['cipher_method'] = 'AES-256-CBC';
 
-// skin name: folder from skins/
 $config['skin'] = 'elastic';
 $config['skin_logo'] = '/images/r_logo.png';
 
+// SYSTEM PARAMETERS
+
 // Session cookie settings.
 $config['session_domain'] = '';
 $config['session_path'] = '/';
 $config['session_lifetime'] = 60;
 
-// Password charset.
-// Use it if your authentication backend doesn't support UTF-8.
-// Defaults to ISO-8859-1 for backward compatibility
-$config['password_charset'] = 'UTF-8';
-
 // Use this charset as fallback for message decoding
 $config['default_charset'] = 'UTF-8';
 
 // Use the system-wide mime.types file.
 $config['mime_types'] = '/etc/mime.types';
 
-// Do not leak the Roundcube version.
+// Set User-Agent on outgoing emails.
 $config['useragent'] = 'Roundcube Webmail';
 
-// Do not save drafts to browser's localstorage
+// Do not save drafts to browser's localstorage.
 $config['compose_save_localstorage'] = false;
 
 // Display these folders separately in the mailbox list.
@@ -133,14 +96,6 @@ $config['junk_mbox'] = 'Spam';
 // Disable the build-in spell checker.
 $config['enable_spellcheck'] = false;
 
-// IMAP protocol configuration, Dovecot-specific.
-// Most of these are optimizations so Roundcube can skip auto-detection of
-// some features.
-$config['imap_timeout'] = 10;
-$config['imap_vendor'] = 'dovecot';
-$config['imap_force_caps'] = true;
-$config['imap_dual_use_folders'] = true;
-
 // List of active plugins (in plugins/ directory)
 $config['plugins'] = array(
     'archive',
@@ -152,11 +107,6 @@ $config['plugins'] = array(
     'zipdownload',
 );
 
-// Logging configuration.
-$config['log_driver'] = 'syslog';
-$config['syslog_id'] = 'roundcube';
-$config['syslog_facility'] = LOG_MAIL;
-
 // Proxies to trust with the X-Forwarded-Proto header. To our Apache, all
 // addresses look like localhost. This makes Roundcube detect HTTPS properly.
 $config['proxy_whitelist'] = array(