Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#6 let admin manage users' mails

closed-wont-fix
nobody
None
5
2007-12-30
2007-07-05
Anonymous
No

maybe you adda a support to SMTP/IMAP/POP3+SASL+SSL/TLS that will be more scure :D

Discussion

  • Logged In: YES
    user_id=1902244
    Originator: NO

    what kind of support to PostfixAdmin??

    I'd love to see the ability for admin of a domain to see/manage the mail in any mailbox for that domain.
    probably with squirrelmail or alike, but without intermediate additional login/password interaction

     
  • Logged In: YES
    user_id=593261
    Originator: NO

    I see two problems here:

    a) technical: passwords are often encrypted in the database, therefore it could be
    difficult or even impossible to pass them to squirrelmail etc.

    b) legal: In germany, you aren't allowed to read other people's mails, and I guess
    there are similar rules in other countries as well. Even if it isn't forbidden
    by law, this would make it too easy to ignore the privacy of your users.

     
  • Logged In: YES
    user_id=1902244
    Originator: NO

    if passwords are encrypted, than the admin who wish to check the mailbox for spam or misdirected mails, would be forced to enter the passwords, and it's okay for that case.

    the idea is for admin not to READ the other's mails, but to MANAGE misdirected mails.
    example - one of employee by impulse of her bad mood was to sent alot of stupid jokes to everyones addresses - practically spam.

    if there would be interface for admin to remove erroneously sent mails, I think, it would be of great help.

     
  • Logged In: YES
    user_id=593261
    Originator: NO

    Personal note: I don't want to be the admin in a company that follows your example (it would be a very annoying admin job) and don't think that going through everybody's mailbox to delete a specific mail is reasonable. In this case, grep'ing through the maildirs on the disk is ways faster and also reduces privacy implications (because you don't see other mails "accidently").

    Anyway: I really think this could (and will) cause privacy problems, and it's not a real difference if you call it "read" or "manage misdirected mails" ;-) I also see no real difference in (not) encrypting the password and would _always_ ask for the password.

    So IMHO we are down to "link to squirrelmail, with the mail address already entered in the login form".

     
  • Logged In: YES
    user_id=1902244
    Originator: NO

    grep'ing maildirs??
    with what argument?
    if this works, it is the solution of misdirected mails problem without breaking privacy, yes.
    but how to produce a string for grep search?

     
  • GingerDog
    GingerDog
    2007-10-07

    Logged In: YES
    user_id=1761957
    Originator: NO

    It's an interesting question - should administrators be allowed to see user(s) email, with e.g. the intention of marking it as spam or whatever.

    I think, due to the privacy implications, at the very least, there would have to be some sort of 'opt-in' request from the user allowing an admin to do this - along the lines of allowing sharing mailboxes within outlook/exchange.

    I'm not sure how the technical aspect of this could be undertaken - most passwords are encrypted, so it wouldn't be easy/feasible to open the mailbox via IMAP/POP3/whatever. I suppose if you were using Cyrus for the backend mailstore you could alter the permissions on the mailbox, but this isn't something you could do with Courier.

    FWIW, the title of this ticket is misleading.

     
  • Logged In: YES
    user_id=593261
    Originator: NO

    changing summary to a better one - Gingerdog, you should have the permissions to do this yourself

     
    • summary: SMTP/IMAP/POP3+SASL+SSL/TLS --> let admin manage users' mails
     
  • amsys
    amsys
    2007-12-17

    Logged In: YES
    user_id=1299438
    Originator: NO

    a) user privacy
    b) excess complexity

    negative vote.

     
  • Logged In: YES
    user_id=593261
    Originator: NO

    Only negative votes from several developers.

    Sorry, but we won't implement this. The reasons are given in the various comments, amsys has written a good and short summary.

     
    • status: open --> closed-wont-fix