Application and/or Groups Passwords for Mailboxes

marcusquinn

@murgero that doesn't work. FreeScout is Cloudron app, so that can be the example, it needs one or more mailboxes to connect too.

Let's say you setup a customerservices@domain.com mailbox.

Now, what Cloudron User to you assign to that mailbox?

If I use my user, now my Cloudron password is saved in FreeScout.

Let's say I'm off-duty and another sys admin has an issue and need to re-add the password in FreeScout. Do they use my password or change that mailbox to be their username?

But let's say EspoCRM also has that mailbox setup, they have to change it there too now.

The current data-relationship is One User to Many Mailboxes but it needs to be either Many to Many or there should be Application Passwords, which can probably still be Cloudron users behind the scenes but then you need to attach an email address to receive the password set/reset email.

I guess that email address could be changed by any Sys Admin to their own if they need to change the password for any reason.

Right now, that's the only way to create an independent password for a Shared Mailbox managed by more than one Sys Admin.

(we have between 3 and 10 Sys Admins depending on the area of the business)

girish

What we do is: Create a user called support. Generate a random password. Now assign this user as the owner of all the shared mailboxes. We then setup Freescout (the help desk app we use) with the mailboxes. Nobody other than the one who sets up Freescout needs to know the password because once the shared mailboxes are setup, other people don't need to know the password. We have a similar setup going inside EspoCRM as well.

If for some reason, you have to pass around a password (maybe you all want to use different clients), then you can generate mail passwords. Login as this support user and go to Profile -> App Passwords. There is a Mail Client option in the drop down. For example, to hand out a password for User1. This also makes it easy for you to revoke it later.

Finally, for 5.5, I am looking into shared mailboxes. This is dovecot acl mailbox sharing. With this, if you setup a shared mailbox, then when people login with an IMAP client, they will already see the shared mailbox as a subdirectory. I cannot guarantee how well this feature will work in practice though. I have not used shared mailboxes via IMAP in the past but we are building it for a client.

marcusquinn

@girish Sounds good - will work with what we have and leave you in peace for that which I'll certainly help with testing and feedback on too.

murgero

@marcusquinn Sorry - I think I misunderstood the question

oj

Hi @girish, You were "looking into shared mailboxes" for 5.5. I couldn't find it in the 5.5 docs...nor in the 5.6 forum discussions. Will it be coming soon?

girish

@oj We tried to implement this for 5.6 (via IMAP mailbox sharing) but getting this to work with SOGo+LDAP has been a nightmare. So, it's not part of the release.

I think maybe a better approach for Cloudron is to just allow a mailbox to have multiple owners (instead of the single owner now). That way they 2 users can access the same mailbox with their own password.

marcusquinn

@girish Completely understood, that would be a happy, secure and intuitive manageable solution.

d19dotca

@girish Yes being able to add multiple users to the same mailbox would be great! Could really use that for a couple of my clients right now.

oj

@girish Thanks!

LowTech

@girish I was just looking up how to do something similar as the OP, and I believe this solution would be sufficient.

girish

@lowtech For Cloudron 6, we are trying to make a group as owner of a mailbox to implement this feature.

girish

This is implemented in Cloudron 6 ! https://forum.cloudron.io/topic/3205/what-s-coming-in-6-0-take-2/99