mail
mail copied to clipboard
nextcloud
Share and receive mailboxes via IMAP ACLs
Is your feature request related to a problem? Please describe.
I have an email account that receives emails that are relevant to a group of people, so I want everyone to be able to see that email account without giving out access data. I might want to limit read / write / delete / ... access to this mailbox.
Requirements
- 1.0 Possibly send replies from sharer email. If that is not possible, at least set a "reply-to" as a sharee, so that the reply to the outgoing message returns into the shared mailbox.
- 2.0 Save sent email centrally as well, so those are accessible to everyone part of the share.
- 3.0 Only offer this if the IMAP server has support for it
Describe the solution you'd like
The goal is to offer sharing / unsharing of mailboxes via ACL. The feature is standardized in RFC4314 and RFC2086.
This is an optional IMAP feature. The Mailserver must support the capability ACL. In dovecot, for example, this is a plugin.
Implementation
Backend
Command to be sent to IMAP - see example here: https://docs.iredmail.org/mailbox.sharing.html
Reading ACLs
\Horde_Imap_Client_Base::getACL\Horde_Imap_Client_Base::allAclRights\Horde_Imap_Client_Base::getMyACLRights\Horde_Imap_Client_Base::listACLRights
Changing ACLs
\Horde_Imap_Client_Base::setACL\Horde_Imap_Client_Base::deleteACL
Frontend
Mailboxes are shared to other users of the IMAP server. So there is no guaranteed relation between other users of the Nextcloud instance and other users on the IMAP server. E.g. I configure my Mail account with provider1, another user uses provider2. Only with provisioned accounts we can somewhat assume that other users with the same email domain are valid sharees.
From a UI perspective, we should not display a sharing option if the IMAP server doesn't support it. (Capabilities Check will tell us if ACLs are supported)
There is also an option for Public Sharing where I share a mailbox with the whole instance. These mailboxes have the $identifier set to "anyone" and will allow all IMAP users on this server to access this mailbox.
Identifiers could also be, depending on your IMAP server, things like group names. They could be unix or ldap groups. This is guesswork, though, and depends on the IMAP configuration. The important part is to detect this mailbox and display it.
There is also a possibility of using negative rights, although not every server support it, where you specify the right beginning with a minus. (<- needs more investigation what exactly the difference to deleting someone's right is)
⚠️ Also something to look out for is the "Seen" flag, this could theoretically overwrite either the IMAP flag or when syncing back, the DB flag.
Reference implementations
Roundcube
https://docs.roundcube.net/doc/help/1.1/en_US/settings/folders.html
SOGO Mail
They offer an autocompleted list of email addresses that you can share your mailbox with.
 |
 |
 |
|---|
Thunderbird
Requires a plugin: https://addons.thunderbird.net/en-us/thunderbird/addon/imap-acl-extension
 |
 |
|---|
Describe alternatives you've considered
N/a
Additional context
Ref https://github.com/nextcloud/mail/issues/572#issuecomment-640543204 Ref https://docs.iredmail.org/mailbox.sharing.html
See https://github.com/nextcloud/mail/issues/572#issuecomment-640543204 as well.
Also something to look out for is the "Seen" flag, this could theoretically overwrite either the IMAP flag or when syncing back, the DB flag.
What do you mean with that @miaulalala? I assume the \seen flag is the same for messages in own mailboxes as it is for shared maiboxes. So if I share a mailbox with you and you read one of the messages in it, it will show up as read for me as well.
Also something to look out for is the "Seen" flag, this could theoretically overwrite either the IMAP flag or when syncing back, the DB flag.
What do you mean with that @miaulalala? I assume the
\seenflag is the same for messages in own mailboxes as it is for shared maiboxes. So if I share a mailbox with you and you read one of the messages in it, it will show up as read for me as well.
Setting the \SEEN flag is it's own ACL setting. Not every user on a shared mailbox will be allowed to set that flag on IMAP. This is where we need to be careful with how we implement this.
Got it. And that case we'll have to treat the mailbox purely read-only: disallow flag modifications and only sync imap->db.
We will tackle this in two steps
- Support ACLs defined elsewhere in all operations
- Add ACL editing UI
Further features to check for ACL permissions
All issues were extracted.
Please create tickets for all work packages that are still identified.
^ @st3iny will add some more actionables to the list above
Done. I added more entries to the list.
@GretaD @hamza221 we should probably do another round of testing with a received and restricted mailbox once the work packages listed above are done, just to check if there is more code to adjust/fix.
