Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Application and/or Groups Passwords for Mailboxes

Application and/or Groups Passwords for Mailboxes

Scheduled Pinned Locked Moved Feature Requests
mailboxemailmail
14 Posts 6 Posters 2.3k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by girish
    #1

    Lets say I want to setup some shared mailboxes:

    • accounts@
    • marketing@
    • developers@
    • hr@

    Common usage in setting up Help Desk client apps, so it needs to be Mailboxes and not Mailing Lists, then departmental email visibility is segregated, especially important with a shared mailbox like hr@ can contain private personnel information.

    Currently I have to select a User and then that's the mailbox password - but then that user's password has to be used in mail clients, and needs to also be shared with other system admins - but it would be a user password being shared.

    The only workaround I can see is setting up these generic users with my email address and setting the passwords up that way and selecting those as the mailbox owners - but then that's unnecessary user accounts.

    An alternative to Application and/or Groups Passwords could just be to setup these mailbox users in a group that has no Dashboard access, since these users are just for mail clients. How to change the passwords in that context still needs considering or to remain available though.

    A creative solution could be to allow multiple user owners for Mailboxes, if that would allow for each user to use their own password for mailbox connection and therefore revoking the user would revoke their access to these group mailboxes but I suspect that might be hacky behind the scenes.

    Searching I didn't find anyone else with this use-case or need strangely, but it seems a pretty standard thing I just expected so maybe I'm missing something?

    Web Design https://www.evergreen.je
    Development https://brandlight.org
    Life https://marcusquinn.com

    murgeroM 1 Reply Last reply
    1
    • marcusquinnM marcusquinn

      Lets say I want to setup some shared mailboxes:

      • accounts@
      • marketing@
      • developers@
      • hr@

      Common usage in setting up Help Desk client apps, so it needs to be Mailboxes and not Mailing Lists, then departmental email visibility is segregated, especially important with a shared mailbox like hr@ can contain private personnel information.

      Currently I have to select a User and then that's the mailbox password - but then that user's password has to be used in mail clients, and needs to also be shared with other system admins - but it would be a user password being shared.

      The only workaround I can see is setting up these generic users with my email address and setting the passwords up that way and selecting those as the mailbox owners - but then that's unnecessary user accounts.

      An alternative to Application and/or Groups Passwords could just be to setup these mailbox users in a group that has no Dashboard access, since these users are just for mail clients. How to change the passwords in that context still needs considering or to remain available though.

      A creative solution could be to allow multiple user owners for Mailboxes, if that would allow for each user to use their own password for mailbox connection and therefore revoking the user would revoke their access to these group mailboxes but I suspect that might be hacky behind the scenes.

      Searching I didn't find anyone else with this use-case or need strangely, but it seems a pretty standard thing I just expected so maybe I'm missing something?

      murgeroM Offline
      murgeroM Offline
      murgero
      App Dev
      wrote on last edited by
      #2

      @marcusquinn Just setup an alias and add the users in question to it.

      --
      https://urgero.org
      ~ Professional Nerd. Freelance Programmer. ~

      marcusquinnM 1 Reply Last reply
      0
      • murgeroM murgero

        @marcusquinn Just setup an alias and add the users in question to it.

        marcusquinnM Offline
        marcusquinnM Offline
        marcusquinn
        wrote on last edited by marcusquinn
        #3

        @murgero that doesn't work. FreeScout is Cloudron app, so that can be the example, it needs one or more mailboxes to connect too.

        Let's say you setup a customerservices@domain.com mailbox.

        Now, what Cloudron User to you assign to that mailbox?

        If I use my user, now my Cloudron password is saved in FreeScout.

        Let's say I'm off-duty and another sys admin has an issue and need to re-add the password in FreeScout. Do they use my password or change that mailbox to be their username?

        But let's say EspoCRM also has that mailbox setup, they have to change it there too now.

        The current data-relationship is One User to Many Mailboxes but it needs to be either Many to Many or there should be Application Passwords, which can probably still be Cloudron users behind the scenes but then you need to attach an email address to receive the password set/reset email.

        I guess that email address could be changed by any Sys Admin to their own if they need to change the password for any reason.

        Right now, that's the only way to create an independent password for a Shared Mailbox managed by more than one Sys Admin.

        (we have between 3 and 10 Sys Admins depending on the area of the business)

        Web Design https://www.evergreen.je
        Development https://brandlight.org
        Life https://marcusquinn.com

        murgeroM 1 Reply Last reply
        1
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by girish
          #4

          What we do is: Create a user called support. Generate a random password. Now assign this user as the owner of all the shared mailboxes. We then setup Freescout (the help desk app we use) with the mailboxes. Nobody other than the one who sets up Freescout needs to know the password because once the shared mailboxes are setup, other people don't need to know the password. We have a similar setup going inside EspoCRM as well.

          If for some reason, you have to pass around a password (maybe you all want to use different clients), then you can generate mail passwords. Login as this support user and go to Profile -> App Passwords. There is a Mail Client option in the drop down. For example, to hand out a password for User1. This also makes it easy for you to revoke it later.

          bc12bda2-3c0c-4328-8307-477cbcffc6ee-image.png

          Finally, for 5.5, I am looking into shared mailboxes. This is dovecot acl mailbox sharing. With this, if you setup a shared mailbox, then when people login with an IMAP client, they will already see the shared mailbox as a subdirectory. I cannot guarantee how well this feature will work in practice though. I have not used shared mailboxes via IMAP in the past but we are building it for a client. 🤞

          marcusquinnM O 2 Replies Last reply
          4
          • girishG girish

            What we do is: Create a user called support. Generate a random password. Now assign this user as the owner of all the shared mailboxes. We then setup Freescout (the help desk app we use) with the mailboxes. Nobody other than the one who sets up Freescout needs to know the password because once the shared mailboxes are setup, other people don't need to know the password. We have a similar setup going inside EspoCRM as well.

            If for some reason, you have to pass around a password (maybe you all want to use different clients), then you can generate mail passwords. Login as this support user and go to Profile -> App Passwords. There is a Mail Client option in the drop down. For example, to hand out a password for User1. This also makes it easy for you to revoke it later.

            bc12bda2-3c0c-4328-8307-477cbcffc6ee-image.png

            Finally, for 5.5, I am looking into shared mailboxes. This is dovecot acl mailbox sharing. With this, if you setup a shared mailbox, then when people login with an IMAP client, they will already see the shared mailbox as a subdirectory. I cannot guarantee how well this feature will work in practice though. I have not used shared mailboxes via IMAP in the past but we are building it for a client. 🤞

            marcusquinnM Offline
            marcusquinnM Offline
            marcusquinn
            wrote on last edited by
            #5

            @girish Sounds good - will work with what we have and leave you in peace for that which I'll certainly help with testing and feedback on too.

            Web Design https://www.evergreen.je
            Development https://brandlight.org
            Life https://marcusquinn.com

            1 Reply Last reply
            0
            • marcusquinnM marcusquinn

              @murgero that doesn't work. FreeScout is Cloudron app, so that can be the example, it needs one or more mailboxes to connect too.

              Let's say you setup a customerservices@domain.com mailbox.

              Now, what Cloudron User to you assign to that mailbox?

              If I use my user, now my Cloudron password is saved in FreeScout.

              Let's say I'm off-duty and another sys admin has an issue and need to re-add the password in FreeScout. Do they use my password or change that mailbox to be their username?

              But let's say EspoCRM also has that mailbox setup, they have to change it there too now.

              The current data-relationship is One User to Many Mailboxes but it needs to be either Many to Many or there should be Application Passwords, which can probably still be Cloudron users behind the scenes but then you need to attach an email address to receive the password set/reset email.

              I guess that email address could be changed by any Sys Admin to their own if they need to change the password for any reason.

              Right now, that's the only way to create an independent password for a Shared Mailbox managed by more than one Sys Admin.

              (we have between 3 and 10 Sys Admins depending on the area of the business)

              murgeroM Offline
              murgeroM Offline
              murgero
              App Dev
              wrote on last edited by
              #6

              @marcusquinn Sorry - I think I misunderstood the question 🙂

              --
              https://urgero.org
              ~ Professional Nerd. Freelance Programmer. ~

              1 Reply Last reply
              1
              • girishG girish

                What we do is: Create a user called support. Generate a random password. Now assign this user as the owner of all the shared mailboxes. We then setup Freescout (the help desk app we use) with the mailboxes. Nobody other than the one who sets up Freescout needs to know the password because once the shared mailboxes are setup, other people don't need to know the password. We have a similar setup going inside EspoCRM as well.

                If for some reason, you have to pass around a password (maybe you all want to use different clients), then you can generate mail passwords. Login as this support user and go to Profile -> App Passwords. There is a Mail Client option in the drop down. For example, to hand out a password for User1. This also makes it easy for you to revoke it later.

                bc12bda2-3c0c-4328-8307-477cbcffc6ee-image.png

                Finally, for 5.5, I am looking into shared mailboxes. This is dovecot acl mailbox sharing. With this, if you setup a shared mailbox, then when people login with an IMAP client, they will already see the shared mailbox as a subdirectory. I cannot guarantee how well this feature will work in practice though. I have not used shared mailboxes via IMAP in the past but we are building it for a client. 🤞

                O Offline
                O Offline
                oj
                wrote on last edited by
                #7

                Hi @girish, You were "looking into shared mailboxes" for 5.5. I couldn't find it in the 5.5 docs...nor in the 5.6 forum discussions. Will it be coming soon?

                1 Reply Last reply
                0
                • girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #8

                  @oj We tried to implement this for 5.6 (via IMAP mailbox sharing) but getting this to work with SOGo+LDAP has been a nightmare. So, it's not part of the release.

                  I think maybe a better approach for Cloudron is to just allow a mailbox to have multiple owners (instead of the single owner now). That way they 2 users can access the same mailbox with their own password.

                  marcusquinnM d19dotcaD O L 4 Replies Last reply
                  3
                  • girishG girish

                    @oj We tried to implement this for 5.6 (via IMAP mailbox sharing) but getting this to work with SOGo+LDAP has been a nightmare. So, it's not part of the release.

                    I think maybe a better approach for Cloudron is to just allow a mailbox to have multiple owners (instead of the single owner now). That way they 2 users can access the same mailbox with their own password.

                    marcusquinnM Offline
                    marcusquinnM Offline
                    marcusquinn
                    wrote on last edited by
                    #9

                    @girish Completely understood, that would be a happy, secure and intuitive manageable solution.

                    Web Design https://www.evergreen.je
                    Development https://brandlight.org
                    Life https://marcusquinn.com

                    1 Reply Last reply
                    1
                    • girishG girish

                      @oj We tried to implement this for 5.6 (via IMAP mailbox sharing) but getting this to work with SOGo+LDAP has been a nightmare. So, it's not part of the release.

                      I think maybe a better approach for Cloudron is to just allow a mailbox to have multiple owners (instead of the single owner now). That way they 2 users can access the same mailbox with their own password.

                      d19dotcaD Offline
                      d19dotcaD Offline
                      d19dotca
                      wrote on last edited by
                      #10

                      @girish Yes being able to add multiple users to the same mailbox would be great! Could really use that for a couple of my clients right now.

                      --
                      Dustin Dauncey
                      www.d19.ca

                      1 Reply Last reply
                      1
                      • girishG girish

                        @oj We tried to implement this for 5.6 (via IMAP mailbox sharing) but getting this to work with SOGo+LDAP has been a nightmare. So, it's not part of the release.

                        I think maybe a better approach for Cloudron is to just allow a mailbox to have multiple owners (instead of the single owner now). That way they 2 users can access the same mailbox with their own password.

                        O Offline
                        O Offline
                        oj
                        wrote on last edited by
                        #11

                        @girish Thanks!

                        1 Reply Last reply
                        0
                        • girishG girish

                          @oj We tried to implement this for 5.6 (via IMAP mailbox sharing) but getting this to work with SOGo+LDAP has been a nightmare. So, it's not part of the release.

                          I think maybe a better approach for Cloudron is to just allow a mailbox to have multiple owners (instead of the single owner now). That way they 2 users can access the same mailbox with their own password.

                          L Offline
                          L Offline
                          LowTech
                          wrote on last edited by
                          #12

                          @girish I was just looking up how to do something similar as the OP, and I believe this solution would be sufficient.

                          girishG 1 Reply Last reply
                          0
                          • L LowTech

                            @girish I was just looking up how to do something similar as the OP, and I believe this solution would be sufficient.

                            girishG Offline
                            girishG Offline
                            girish
                            Staff
                            wrote on last edited by
                            #13

                            @lowtech For Cloudron 6, we are trying to make a group as owner of a mailbox to implement this feature. 🤞

                            1 Reply Last reply
                            4
                            • girishG Offline
                              girishG Offline
                              girish
                              Staff
                              wrote on last edited by
                              #14

                              This is implemented in Cloudron 6 ! https://forum.cloudron.io/topic/3205/what-s-coming-in-6-0-take-2/99

                              1 Reply Last reply
                              3
                              Reply
                              • Reply as topic
                              Log in to reply
                              • Oldest to Newest
                              • Newest to Oldest
                              • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search