Topic: Proposal for a Exchange like Shared Mailbox aka login as
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 PGSQL edition
- Linux/BSD distribution name and version: CentOS Linux release 7.3.1611 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? YES
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi there,
since i wanted to have a mechanism that's more or less the same like or at least very similar to an exchange shared mailbox (at least the way it's most often used imho => you define a mailbox and allow certain users to fully use that as if it would be their own) i did the following:
=========================================================================================
/etc/dovecot/dovecot.conf:
...
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master-users
master = yes
}
# HERE THE NEW PART FOR LOGINAS - START
passdb {
driver = sql
args = /etc/dovecot/dovecot-loginas.conf
master = yes
pass = yes
}
# HERE THE NEW PART FOR LOGINAS - END
...
=========================================================================================
/etc/dovecot/dovecot-loginas.conf:
driver = pgsql
default_pass_scheme = CRYPT
connect = host=127.0.0.1 dbname=vmail user=vmail password=***ENTER_YOUR_OWN***
password_query = SELECT password, allow_nets \
FROM mailbox,loginas \
WHERE mailbox.username='%u' \
AND mailbox.enable%Ls%Lc=1 \
AND mailbox.active=1 \
AND mailbox.username=loginas.master_user \
AND loginas.login_as_user='%{login_user}'
=========================================================================================
/etc/dovecot/dovecot-pgsql.conf: (the new part ist the '%u' as master_user thingie)
...
driver = pgsql
default_pass_scheme = CRYPT
connect = host=127.0.0.1 dbname=vmail user=vmail password=***ENTER_YOUR_OWN***
password_query = SELECT password, allow_nets FROM mailbox WHERE username='%u' AND enable%Ls%Lc=1 AND active=1
user_query = SELECT \
mailbox.storagebasedirectory || '/' || mailbox.storagenode || '/' || mailbox.maildir AS home, \
'*:bytes=' || mailbox.quota*1048576 AS quota_rule, \
'%u' as master_user \
FROM mailbox,domain \
WHERE mailbox.username='%u' \
AND mailbox.domain='%d' \
AND mailbox."enable%Ls%Lc"=1 \
AND mailbox.domain=domain.domain \
AND domain.backupmx=0 \
AND domain.active=1 \
AND mailbox.active=1
...
=========================================================================================
create_loginas_table.sql:
-- Table: loginas
-- DROP TABLE loginas;
CREATE TABLE loginas
(
master_user character varying(255) NOT NULL,
login_as_user character varying(255) NOT NULL,
CONSTRAINT masteruser_to_loginuser PRIMARY KEY (master_user, login_as_user)
)
WITH (
OIDS=FALSE
);
ALTER TABLE loginas
OWNER TO vmailadmin;
GRANT ALL ON TABLE loginas TO vmailadmin;
GRANT SELECT ON TABLE loginas TO vmail;
GRANT SELECT, UPDATE ON TABLE loginas TO roundcube;
=========================================================================================
With that in place and the table loginas filled with the right values you can now allow certain existing users to login as another user and work like you would be that user - including sending mail as this user
Just wanted to share this. Perhaps you could extend the docs http://www.iredmail.org/docs/public.folder.html &| https://docs.iredmail.org/mailbox.sharing.html
Imho this way is way easier to use and has less implications (acl, mail send as, etc.) then the sharing variant.
It would also be cool to see this as an option in iRedAdmin (pro)
mfG,
Martin
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.