Hi! I saw in a recent announcement that the Mail app now supports shared mailboxes! The relevant quote and screenshot:
We also introduce shared mailboxes so your enterprise or organization can be more efficient and better organize its teams and workflow.
However, I couldn’t find any way to activate these mailboxes. Is it something that can be done from within the app or do I have to do it from outside?
I’m currently selfhosting NextCloud 25.0.5, which seems to have been released at the time of the announcement. (I realised as I was typing this that v26 is out now, so I’ll upgrade to that in a bit).
Thanks in advance!
You would have to set up shared mailboxes on your mail server. The mail app is only a client.
1 Like
Ah okay, thanks for the clarification
I’m assuming that would be one of the first two options (“public mailboxes” and “mailbox sharing between users”) here in the case of Dovecot:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/
I’m new to Dovecot and email administration in general, but the above documentation talks about using IMAP ACLs. I just scrolled through some of the GitHub issues like this one I see the Mail app using the same mechanism too:
opened 03:51PM - 18 Aug 22 UTC
closed 12:29PM - 24 Feb 23 UTC
enhancement
4. to release
skill:backend
skill:frontend
feature: mailbox sharing
## Is your feature request related to a problem? Please describe.
I have an e… mail account that receives emails that are relevant to a group of people, so I want everyone to be able to see that email account without giving out access data. I might want to limit read / write / delete / ... access to this mailbox.
### Requirements
* 1.0 Possibly send replies from sharer email. If that is not possible, at least set a "reply-to" as a sharee, so that the reply to the outgoing message returns into the shared mailbox.
* 2.0 Save sent email centrally as well, so those are accessible to everyone part of the share.
* 3.0 Only offer this if the IMAP server has support for it
## Describe the solution you'd like
The goal is to offer sharing / unsharing of mailboxes via ACL. The feature is standardized in [RFC4314](https://www.rfc-editor.org/rfc/rfc4314) and [RFC2086](https://www.rfc-editor.org/rfc/rfc2086).
This is an optional IMAP feature. The Mailserver must support the capability `ACL`. In dovecot, for example, this is a plugin.
## Implementation idea
<details>
### Backend
Command to be sent to IMAP - see example here: https://docs.iredmail.org/mailbox.sharing.html
#### Reading ACLs
* ``\Horde_Imap_Client_Base::getACL``
* ``\Horde_Imap_Client_Base::allAclRights``
* ``\Horde_Imap_Client_Base::getMyACLRights``
* ``\Horde_Imap_Client_Base::listACLRights``
#### Changing ACLs
* ``\Horde_Imap_Client_Base::setACL``
* ``\Horde_Imap_Client_Base::deleteACL``
### Frontend
Mailboxes are shared to other *users of the IMAP server*. So there is no guaranteed relation between other users of the Nextcloud instance and other users on the IMAP server. E.g. I configure my Mail account with provider1, another user uses provider2. Only with provisioned accounts we can somewhat assume that other users with the same email domain are valid sharees.
From a UI perspective, we should not display a sharing option if the IMAP server doesn't support it. (Capabilities Check will tell us if ACLs are supported)
There is also an option for Public Sharing where I share a mailbox with the whole instance.
These mailboxes have the $identifier set to "anyone" and will allow all IMAP users on this server to access this mailbox.
Identifiers could also be, depending on your IMAP server, things like group names. They could be unix or ldap groups. This is guesswork, though, and depends on the IMAP configuration. The important part is to detect this mailbox and display it.
There is also a possibility of using negative rights, although not every server support it, where you specify the right beginning with a minus. (<- needs more investigation what exactly the difference to deleting someone's right is)
⚠️ Also something to look out for is the "Seen" flag, this could theoretically overwrite either the IMAP flag or when syncing back, the DB flag.
</details>
## Reference implementations
### Roundcube
https://docs.roundcube.net/doc/help/1.1/en_US/settings/folders.html
### SOGO Mail
They offer an autocompleted list of email addresses that you can share your mailbox with.
| | |  |
|--------------|-----------|------------|
### Thunderbird
Requires a plugin: https://addons.thunderbird.net/en-us/thunderbird/addon/imap-acl-extension
|  |  |
|--|--|
## Describe alternatives you've considered
N/a
## Work Packages
- [x] https://github.com/nextcloud/mail/issues/7732
- [x] https://github.com/nextcloud/mail/issues/7735
- [x] https://github.com/nextcloud/mail/issues/7763
- [x] https://github.com/nextcloud/mail/issues/7910
- [x] https://github.com/nextcloud/mail/issues/7888
- [x] https://github.com/nextcloud/mail/issues/7889
- [x] https://github.com/nextcloud/mail/issues/7907
- [x] https://github.com/nextcloud/mail/issues/7909
- [x] https://github.com/nextcloud/mail/issues/7908
- [x] https://github.com/nextcloud/mail/issues/7912
- [x] https://github.com/nextcloud/mail/issues/7911
- [x] https://github.com/nextcloud/mail/issues/7916
- [x] https://github.com/nextcloud/mail/issues/8071
## Additional context
Ref https://github.com/nextcloud/mail/issues/572#issuecomment-640543204
Ref https://docs.iredmail.org/mailbox.sharing.html
Ref https://doc.dovecot.org/configuration_manual/shared_mailboxes/
gaitjan
September 24, 2023, 2:30pm
4
This is not a solution. Yes, the mail app is only a client, but it should enable users to configure ACLs on mailboxes, like the ACL-plugin with e.g. RoundCube. Iff the IMAP-server has the mailbox sharing capability.
