Login as domain admin and few other questions

[th3technician]

Hi, I'm really enjoying mailcow but just need to ask about few things.

• Why can't we login as the domain admin since we can login as mailbox user ? Like if a domain admin is facing problems and want to create mailbox or something i will have to ask him for his password, Why can't we just login as him to do administrative actions.

• Why the domain admin can edit his ratelimit, Like if i give 500 emails per hour for example for a domain admin he can just login and increase his quota its just strange, Also is the per domain ratelimit is applied to all accounts or what ? and is it on incoming or outgoing mail?

• Since we can login to mailbox user account in mailcow UI, Is it possible to add the ability to login as them in webmail, That would be great as in the user logs into mailcow UI then when he clicks SOGo in the apps tab he gets logged in automatically, That would be a great feature and i think it would be simple to add since he already logged into mailcow ui with his mailbox account data so you will just have to pass that data to SOGo in a POST request or so

• There is also an issue were if you created a domain admin account and then removed it and tried to create another domain admin with same username that you removed it won't let you and says that object already exist, You will have to remove it manually from the database

Thanks in advance, And all the help is appreciated

[andryyy]

1. Why can't we login as the domain admin since we can login as mailbox user?

Because you can do everything a domain administrator can do. There is usually no reason to login as a domain admin. :-)

2. Why the domain admin can edit his ratelimit, Like if i give 500 emails per hour for example for a domain admin he can just login and increase his quota its just strange.

Why? He is a domain administrator. He can administrate a domain.

3. Since we can login to mailbox user account in mailcow UI

That's very hard to accomplish and there are issues explaining it. I will not store a users username and password in the session data... that's crazy. We could make use of a SSO provider in SOGo, but that's hard.

For the last issue: I have read about it but not yet reproduced. Can you reproduce it? Can you tell us the exact steps? I will fix it then.

[th3technician]

Thanks for the fast reply.

• Thats true, Didn't actually thought about it well

• Well but its your mailing server you know the hosting limits not the domain admin.. Like that he can get the whole mailing server suspended because he assigned more than he should send

• Is there is any workaround i can do manually, Like to at least fill in the email address and user types in password, It's not important though but a really nice addition and saves time

• Create a domain admin called "test" for example, Then remove it, Then try to create another domain admin with same username, it will say "object already exists" and if you check database the user admin is indeed still in the database, so i have to remove it manually using a code you shared on another issue to be able create a new user with same username

DELETE FROM 'domain_admins' WHERE 'username' = 'test';

DELETE FROM 'admin' WHERE 'username' = 'test';

DELETE FROM 'tfa' WHERE 'username' = 'test';

It's in "admin" table

[th3technician]

Also the ratelimit applies under all mailboxes under a domain like for example if i made the ratelimit 500 per hour is it 500 per hour for every mailbox account under that domain or 500 per hour for all the mailboxes together.

And is it limits outgoing or incoming mail ?

Btw i solved it manually by removing if session is domain admin in edit.php so the field is only enabled for admin account

[andryyy]

You can add ratelimits for mailbox users, that override a domain ratelimit.

Ratelimits are applied on outgoing msgs.

ACL: That's a feature that is mostly asked for by those to sell mailcow. I love working on the open source mailcow, but I also rely on donations to keep this going. There are barely donations (if any...) by those who sell mailcow, that's kind of sad. :-(

[th3technician]

• Yeah saw that option for ratelimiting the mailbox user but my question is if i only limited the domain itself how that goes, Does it limits all mail coming from domain (example.com) too 500 per hour for example or every mailbox under that domain will have 500 per hour ?

I feel you i'm a system admin myself, I think you should make 2 packages like iredmail a free one which is this, and a reseller alike package with more limiting and administrative features.

I'm also starting an email marketing service relying on your application + mailwizz + a web application i made myself combining all these applications so i will surely donate when it gets officially published

[th3technician]

Is the "Disable sender check for domain * (+alias domains)" means the mailbox account will be able to send as anything ?

[andryyy]

It is hard to explain without sounding greedy. :-) Thanks for your understanding.

It will limit all outgoing mail from this domain name. So one user may use 400, the user 100 = hit ratelimit.

Checking "Disable sender check for domain * (+alias domains)" will indeed disable all checks, yes.

[th3technician]

I feel you man a lot, open source is good, but you still gotta make living though, And you really done a great job with this application, Most of open source other application either aren't prepared for resellers or damn vulnerable..

And you know they say "If you good at something never do it for free" lol, You definitely should do the 2 packages thing you are way better than other applications at least you have no competitors now, Iredmail isn't that good..

Btw since last update and the "DNS" button to check records is slow

[th3technician]

Basic things to add in a Pro package, Is what i mentioned above + IP rotation ( That would track many many customers as there is NOTHING offering it even paid applications ) i'm currently doing it manually using a bash script i wrote

[th3technician]

And what do you mean by it override the domain ratelimit, If i used 500 per hour limit for a domain and then added 1000 per hour for a mailbox under that domain that mean that this special user will be able to send 1000 on his own and 500 per hour for all other mailboxes ?

[andryyy]

1. And what do you mean by it override the domain ratelimit, If i used 500 per hour limit for a domain and then added 1000 per hour for a mailbox under that domain that mean that this special user will be able to send 1000 on his own and 500 per hour for all other mailboxes ?

Yes. When a mailbox ratelimit exists, the domains RL is being ignored.

2. Btw since last update and the "DNS" button to check records is slow

Nothing changed here. I think unbound-mailcow just took a while to resolve the names. It will be faster when it cached the records.

3. Domain admin bug:

I did exactly this and cannot reproduce the bug.

[th3technician]

Domain admin bug, I actually tested now and its seems fixed since last update, I forgot to check after update but it was there.

Anyway Thanks for everything that's it you were very helpful, What about the SOGo thing is it possible to pass the email in a param to be filled in SOGo ?

Lemme know your thoughts too about the pro package, What do you think ?

[th3technician]

It would be nice too to add a checkbox to generate a dkim for the domain when trying to add a new domain, a lot of times i forget to create it

[andryyy]

We already plan a support package. :-) A "managed mailcow" with monitoring, installation, updates and support time. To guarantee reliable support, Servercow will work with Korves.Net and even provide support by phone.

• It would be nice too to add a checkbox to generate a dkim for the domain when trying to add a new domain, a lot of times i forget to create it

I have this on my todo. :-)

[th3technician]

Wow that's really great, Don't forget to add a guide to upgrade from original mailcow to it, Cuz i will buy it for sure but you must add a way so i can move all my clients to the new package.

• I have this on my todo. :-) ;)

[feldsam]

Hi all

1) Why can't we login as the domain admin since we can login as mailbox user? Because you can do everything a domain administrator can do. There is usually no reason to login as a domain admin. :-)

I actually find it useful, because when I managing mailboxes for customers, I login asi domain admin, so I have not to filter in plenty of mailboxes and other entities and I see just related domains, mailboxes and so on... So I personally think, that it is useful feature and I am also planing implement it in my fork, so I can do PR.

It would be nice too to add a checkbox to generate a dkim for the domain when trying to add a new domain, a lot of times i forget to create it

I have implemented it with ISPConfig where I have DNS zones and works fine.

[th3technician]

Hi @feldsam,

Can you please explain me how you implemented the checkbox ? and does it support importing private key on time ?

If you gonna implement the login as domain admin in your fork, you really should look at sogo too for loginning as mailbox user, They already have a feature that allows that which is the SSO, Would be really nice if you implemented these options and uploaded to github

[feldsam]

Ho @th3technician, regarding ISPConfig, it is in following two commits (there is no checkbox, it works on background if DNS zone exists in ISPConfig):

https://github.com/FELDSAM-INC/mailcow-dockerized/commit/24413053dd08445bb543f0d2719014393d91f7e1 https://github.com/FELDSAM-INC/mailcow-dockerized/commit/ed3af1bce955f34a805cf4289886460ca97c532c

My time is limited, so I have plan to just implement impersonate as domain user, but if you really want it, I can offer you custom software development services.

[th3technician]

I can do it myself, But i just don't have the time, Where can i message you ?

[th3technician]

If the main developer of mailcow is seeing this, I can hire you too if possible to do this for me!

[feldsam]

on my profile you find my mail and website

[andryyy]

A donation for this project is always welcome... ;-)

It is only a very few lines of code, I added it.

[th3technician]

Thanks @andryyy

I will donate in bitcoin in the next hour, But i'm on hurry on this, Can you please add

• A feature to login as domain admin to avoid confusion currently i have lots of users and mailboxes and it started to actually confuse me
• A check box to generate dkim on adding a new domain ( + option to IMPORT private key ) but prefely and most important thing is a select down to use another domain dkim key ( really cuts the efforts of finding the key importing and all that stuff )
• A feature to login as mailbox user to Sogo

I will donate in the next hour and after update will add a lot more

[th3technician]

Just need to get this done to get my service fully up and running, i've customers already, just need to make them happy and if they are happy, money is rolling, so donating more for sure, ( i'm a developer too i feel you ), and the flow will be rolling like this, more money i'm making i'm dedicated a percentage for this app every month, and if you made that paid package with more features you have my word 100% will buy it

[th3technician]

Hey @andryyy , Just donated in bitcoin, Also the paypal donate button isn't working when i try to login it keeps rolling back in circles, you will find my email in my profile, please email me paypal email address or an invoice or something + ETHERUM address

[andryyy]

"A feature to login as mailbox user to Sogo".

This is a feature to require a few days. I cannot save the credentials in the session.

The PayPal button should work fine. :-( I added the "official" code now.

Thanks for you support!!

I will try to add the DKIM features.

[th3technician]

No problem, You deserve a lot more, You should be thinking about the pro package like i said many times catch it before anyone else does!

Waiting on your update, Will test PayPal now, If you accept etherum cryptocurreny post your address and i will donate there too right now

[andryyy]

I am not concerned someone else will do this... ;-)

I do not have a Ethereum address.

The DKIM features are things I can implement pre-sponsored or something like that. Or when I find time for it. This will likely take 2-3 hours (when we integrate it reasonable, not "somehow" - will needs some changes to the DKIM logic).

A channel for support is already available, that's the proper way to communicate this, I think. :-)

[Mr-Martinez]

Hi @andryyy, I was wondering has anyone at Mailcow considered this as an extra source of donations?

For Vue.js I believe there are two packages, one that pays straight to the main person, the second to the organization members with transparent expenses.

There are barely donations (if any...) by those who sell mailcow, that's kind of sad. :-(

I understand for businesses, paying out as a sponsorship would be considered as advertisement and tax-deductible. Donations is another animal and harder to get taxed deductible. In the USA you need to be registered as non-profit.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.