Share mailboxes functionality

[CodeNinja1337]

Summary

Shared mailboxes would be a great functionality to improve collaboration, especially when the webmail is used.

Motivation

Currently its not possible to create a mailbox and share it across users, e.g. support@mail.com. Currently we created just another mail account (support@mail.com) and gave the credentials to each employee which needs to have access to the concerning address. The employees configure the concerning e-mail account to their e-mail client (e.g. Thunderbird) as work arround.

Additional context

It would be great if there where a possibility to create "userless" mailboxes which can be accessed by the configured (allowed) users by imap, pop and via the webmail.

Thanks for the great product so far #teammailcow 🐮🤠❤

[Keessaus]

Currently, it is possible to share mailboxes, either from SOGo or via the doveadm utility. The former is the easiest. The mailcow documentation mentions it briefly and refers to the SOGo documentation, although I cannot find any good information on this there. As an avid user of shared mailboxing, I'll try to help you.

Say you want to share the inbox of support@mail.com. Create mailbox support@mail.com, login to it via SOGo, open the settings for folder Inbox and select Sharing.

There you can search for a user and grants them permissions. These permissions are compatible with the IMAP4 ACL extension and are described in the Dovecot documentation on https://doc.dovecot.org/settings/plugin/acl/#acl-files/.

After granting the desired permissions to a user (at least reading), the user can see the mailbox under Other users, if they are subscribed to the mailbox. You may need to do this first. In SOGo, that looks like this.

If you grant your normal user the admin rights ("Modify the acl of this folder"), you can forget the password of the functional mailbox and just change these permissions from your own mailbox in the future. Besides SOGo, also Roundcube supports changing the ACL permissions using their acl plugin. It, however, cannot search for users, as it users LDAP for that, and mailcow does not use LDAP. Thunderbird can also read the permissions, but cannot change them.

[andryyy]

Thank you. :)

[CrazyLinuxNerd]

What Keessaus said is the best method of doing what you want to achieve. I've just migrated our old Zimbra install over to Mailcow, and since we were doing that before, I've had to do exactly this myself - can say he forgot one minor step!

If you plan to have a support@example.com address, then you'll probably want the assigned users to be able to send as support@example.com aswell.

You'll need to delegate them as senders for this to work. Again, it's pretty simple straight through the SOGo UI, just click the menu icon next to your support users email (the first one below the settings icon) and select delegate. Now add the users who should be allowed to send as support@example.com.

Done, now any users who you selected should be able to send as support@example.com

PS: SOGo seems to have a minor bug when sharing folders, if you share two folders or more to the same user twice in a row (exactly, no other users between) it may not actually share it. Make sure you select different users.

Example User A, Then User B, back to A for folder 2, followed by B.

Going Folder 1, User A, Folder 2, User A may result in the folder not being shared correctly.

If you need to only add one user per folder, just refresh each time you add the user, seems to fix the issue. I ran into this non-issue with our setup:-).

[CodeNinja1337]

Thanks for all the info. Shortly after posting this request i found the "share folder" function which is quit close to what i'm looking for and usable for us. It would be nice if i could select all folders of a mailbox i want to share at once. When i understand correctly, this is not a restriction of Mailcow but of SOGo.

I think it would be even better if the "share mailbox with" functionality could be managed from the (Mailcow) admin interface. It would make administration of shared mailboxes easier.

It could be the same logic as SOGo uses ("share with, select the accounts to share the mailbox with) with that difference that it shares all folders/whole mailbox at once. I'm not sure if that is realizable. A thing that also comes up into my mind for this scenario/functionality is how should be dealed when new folders which are created in/for the shared mailbox. Its should be picked up automatically.

[zeigerpuppy]

if I remember correctly, shared mailboxes can also be created by simply symlinking maildirs... yep, here it is in the dovecot docs - https://wiki.dovecot.org/SharedMailboxes/Symlinks

[dragoangel]

Symlinks not fine here. Acls always better. Also want to note: apple mail not support (simply not showing) shared mail so better use thunderbird under macos if you want get desktop client on macos.

[0xVavaldi]

Would like to point out that having to two email addresses with 3 users wanting access to both requires you to share the INBOX, Spam, Archive and Trash folder with all 3 users for both email addresses and delegate access. For each inbox you have to also have to click the correct ACL list. In my case 7 of them.

All in all that's 7x4x3x2+3. 171 actions and logging into 2 different accounts.

Instead the ability to have groups or shared mailboxes which you can assign in full to a user so they can both receive and send mail from an address is way more convenient and would drop this particular scenario down to: 2x 7 acl configuration actions / choices 3 emails to add as 'having access'

Down to 13 actions from 171.

[0xVavaldi]

https://github.com/mailcow/mailcow-dockerized/issues/2898 This also matches a feature request mentioned here in usability

[jaitaiwan]

Furthermore, there is an issue where you cannot delegate or share mailboxes between domains as well.

[Keessaus]

Sharing (and I guess delegation also) between domains is possible. It can be done using SOGo and doveadm as described above, but the SOGo method first requires you to enable sharing between domains by the SOGoDomainsVisibility setting. Every pair of domains for which you want this needs to be set in the SOGo settings, which is a little awkward. More details are in the mailcow docs: https://mailcow.github.io/mailcow-dockerized-docs/manual-guides/SOGo/u_e-sogo/#connect-domains.

[KiaraGrouwstra]

@TheWorkingDeveloper I agree this could be improved on, perhaps first off by exposing this functionality through the mailcow API, if anything. As a workaround, I found one can inspect the http requests made by the browser to replicate the two calls. The gist of it is, only the X-XSRF-TOKEN and Cookie headers are used to verify calls (or for the latter, specifically its 0xHIGHFLYxSOGo=... segment). Any other headers seem unused in these requests. While not ideal, this may help cut down on the many actions involved.

[VermiumSifell]

This is implemented in SoGo I think, and should then be closed @DerLinkman

[FingerlessGlov3s]

I think there needs to be a way to do this via the Mailcow Admin interface, so it makes automating and giving access to new people easier to shared team mailboxes.

[dalferth]

@FingerlessGlov3s Thats a very good idea and I hope the mailcow Team or an other developer could implement this cool feature. @DerLinkman

[53c70r]

I think there needs to be a way to do this via the Mailcow Admin interface, so it makes automating and giving access to new people easier to shared team mailboxes.

This is absolutely correct. In my opinion this should be considered a basic functionality but there is no administrative friendly way of doing it.

[mrjd19811]

Yes, agreed.

[DerLinkman]

SOGo nowadays has a Super User function which allows to define Mailboxes which are granted with the global sharing functions directly inside SOGo.

Currently there is no such plan to integrate it into mailcow UI im Afraid :( But feel free to support the project with a pr about it.