mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
9.02k stars 1.18k forks source link

Share mailboxes functionality #3933

Open CodeNinja1337 opened 3 years ago

CodeNinja1337 commented 3 years ago

Summary

Shared mailboxes would be a great functionality to improve collaboration, especially when the webmail is used.

Motivation

Currently its not possible to create a mailbox and share it across users, e.g. support@mail.com. Currently we created just another mail account (support@mail.com) and gave the credentials to each employee which needs to have access to the concerning address. The employees configure the concerning e-mail account to their e-mail client (e.g. Thunderbird) as work arround.

Additional context

It would be great if there where a possibility to create "userless" mailboxes which can be accessed by the configured (allowed) users by imap, pop and via the webmail.

Thanks for the great product so far #teammailcow 🐮🤠❤

Keessaus commented 3 years ago

Currently, it is possible to share mailboxes, either from SOGo or via the doveadm utility. The former is the easiest. The mailcow documentation mentions it briefly and refers to the SOGo documentation, although I cannot find any good information on this there. As an avid user of shared mailboxing, I'll try to help you.

Say you want to share the inbox of support@mail.com. Create mailbox support@mail.com, login to it via SOGo, open the settings for folder Inbox afbeelding and select Sharing. afbeelding

There you can search for a user and grants them permissions. These permissions are compatible with the IMAP4 ACL extension and are described in the Dovecot documentation on https://doc.dovecot.org/settings/plugin/acl/#acl-files/. afbeelding

After granting the desired permissions to a user (at least reading), the user can see the mailbox under Other users, if they are subscribed to the mailbox. You may need to do this first. In SOGo, that looks like this. afbeelding

If you grant your normal user the admin rights ("Modify the acl of this folder"), you can forget the password of the functional mailbox and just change these permissions from your own mailbox in the future. Besides SOGo, also Roundcube supports changing the ACL permissions using their acl plugin. It, however, cannot search for users, as it users LDAP for that, and mailcow does not use LDAP. Thunderbird can also read the permissions, but cannot change them.

andryyy commented 3 years ago

Thank you. :)

CrazyLinuxNerd commented 3 years ago

What Keessaus said is the best method of doing what you want to achieve. I've just migrated our old Zimbra install over to Mailcow, and since we were doing that before, I've had to do exactly this myself - can say he forgot one minor step!

If you plan to have a support@example.com address, then you'll probably want the assigned users to be able to send as support@example.com aswell.

You'll need to delegate them as senders for this to work. Again, it's pretty simple straight through the SOGo UI, just click the menu icon next to your support users email (the first one below the settings icon) and select delegate. Now add the users who should be allowed to send as support@example.com.

Done, now any users who you selected should be able to send as support@example.com

PS: SOGo seems to have a minor bug when sharing folders, if you share two folders or more to the same user twice in a row (exactly, no other users between) it may not actually share it. Make sure you select different users.

Example User A, Then User B, back to A for folder 2, followed by B.

Going Folder 1, User A, Folder 2, User A may result in the folder not being shared correctly.

If you need to only add one user per folder, just refresh each time you add the user, seems to fix the issue. I ran into this non-issue with our setup:-).

CodeNinja1337 commented 3 years ago

Thanks for all the info. Shortly after posting this request i found the "share folder" function which is quit close to what i'm looking for and usable for us. It would be nice if i could select all folders of a mailbox i want to share at once. When i understand correctly, this is not a restriction of Mailcow but of SOGo.

I think it would be even better if the "share mailbox with" functionality could be managed from the (Mailcow) admin interface. It would make administration of shared mailboxes easier.

It could be the same logic as SOGo uses ("share with, select the accounts to share the mailbox with) with that difference that it shares all folders/whole mailbox at once. I'm not sure if that is realizable. A thing that also comes up into my mind for this scenario/functionality is how should be dealed when new folders which are created in/for the shared mailbox. Its should be picked up automatically.

zeigerpuppy commented 3 years ago

if I remember correctly, shared mailboxes can also be created by simply symlinking maildirs... yep, here it is in the dovecot docs - https://wiki.dovecot.org/SharedMailboxes/Symlinks

dragoangel commented 3 years ago

Symlinks not fine here. Acls always better. Also want to note: apple mail not support (simply not showing) shared mail so better use thunderbird under macos if you want get desktop client on macos.

0xVavaldi commented 3 years ago

Would like to point out that having to two email addresses with 3 users wanting access to both requires you to share the INBOX, Spam, Archive and Trash folder with all 3 users for both email addresses and delegate access. For each inbox you have to also have to click the correct ACL list. In my case 7 of them.

All in all that's 7x4x3x2+3. 171 actions and logging into 2 different accounts.

Instead the ability to have groups or shared mailboxes which you can assign in full to a user so they can both receive and send mail from an address is way more convenient and would drop this particular scenario down to: 2x 7 acl configuration actions / choices 3 emails to add as 'having access'

Down to 13 actions from 171.

0xVavaldi commented 3 years ago

https://github.com/mailcow/mailcow-dockerized/issues/2898 This also matches a feature request mentioned here in usability

jaitaiwan commented 2 years ago

Furthermore, there is an issue where you cannot delegate or share mailboxes between domains as well.

Keessaus commented 2 years ago

Sharing (and I guess delegation also) between domains is possible. It can be done using SOGo and doveadm as described above, but the SOGo method first requires you to enable sharing between domains by the SOGoDomainsVisibility setting. Every pair of domains for which you want this needs to be set in the SOGo settings, which is a little awkward. More details are in the mailcow docs: https://mailcow.github.io/mailcow-dockerized-docs/manual-guides/SOGo/u_e-sogo/#connect-domains.

KiaraGrouwstra commented 2 years ago

@TheWorkingDeveloper I agree this could be improved on, perhaps first off by exposing this functionality through the mailcow API, if anything. As a workaround, I found one can inspect the http requests made by the browser to replicate the two calls. The gist of it is, only the X-XSRF-TOKEN and Cookie headers are used to verify calls (or for the latter, specifically its 0xHIGHFLYxSOGo=... segment). Any other headers seem unused in these requests. While not ideal, this may help cut down on the many actions involved.

VermiumSifell commented 1 year ago

This is implemented in SoGo I think, and should then be closed @DerLinkman

FingerlessGlov3s commented 1 year ago

I think there needs to be a way to do this via the Mailcow Admin interface, so it makes automating and giving access to new people easier to shared team mailboxes.

dalferth commented 1 year ago

@FingerlessGlov3s Thats a very good idea and I hope the mailcow Team or an other developer could implement this cool feature. @DerLinkman

53c70r commented 8 months ago

I think there needs to be a way to do this via the Mailcow Admin interface, so it makes automating and giving access to new people easier to shared team mailboxes.

This is absolutely correct. In my opinion this should be considered a basic functionality but there is no administrative friendly way of doing it.

mrjd19811 commented 5 months ago

Yes, agreed.

DerLinkman commented 5 months ago

SOGo nowadays has a Super User function which allows to define Mailboxes which are granted with the global sharing functions directly inside SOGo.

Currently there is no such plan to integrate it into mailcow UI im Afraid :( But feel free to support the project with a pr about it.

vatanparvar commented 2 months ago

Hi,

Sorry for hijacking this issue, since my problem is related to the shared mailboxes, I thought I ask here and if needed, I can open a new issue.

Here are the steps I've taken:

  1. Created user1@example.com
  2. Logged into SOGo with user1@example.com
  3. Set up a delegation for user2@example.com
  4. Shared “Inbox” with user2@example.com
  5. In the admin settings of user2@example.com, I've selected user1@example.com in the “Allow to send as” setting.

Following this, everything works as expected when I log into SOGo as user2@example.com. However, in the Mail app on my Android phone (using Microsoft Exchange ActiveSync protocol)

I would appreciate it if you could help me out with this. Cheers.

NoirPi commented 2 weeks ago

SOGo nowadays has a Super User function which allows to define Mailboxes which are granted with the global sharing functions directly inside SOGo.

Currently there is no such plan to integrate it into mailcow UI im Afraid :( But feel free to support the project with a pr about it.

Also hijacking this to give my opinion.

Tha actual way of doing this is functional if you do it rarely. It's inconvenient (something that doesn't fit my experiences with mailcow) and I would live to see something like this inside the mailcow ui.

Sadly I'm unable to do a PR in this myself but maybe there is a good fairy here with some free time.