[ postfixadmin-Feature Requests-1748385 ] let admin manage users' mails
Brought to you by:
christian_boltz,
gingerdog
From: SourceForge.net <no...@so...> - 2007-12-30 21:33:12
|
Feature Requests item #1748385, was opened at 2007-07-05 14:41 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1748385&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Wont Fix Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: let admin manage users' mails Initial Comment: maybe you adda a support to SMTP/IMAP/POP3+SASL+SSL/TLS that will be more scure :D ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-12-30 22:33 Message: Logged In: YES user_id=593261 Originator: NO Only negative votes from several developers. Sorry, but we won't implement this. The reasons are given in the various comments, amsys has written a good and short summary. ---------------------------------------------------------------------- Comment By: amsys (amsys) Date: 2007-12-17 01:38 Message: Logged In: YES user_id=1299438 Originator: NO a) user privacy b) excess complexity negative vote. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-10-07 23:56 Message: Logged In: YES user_id=593261 Originator: NO changing summary to a better one - Gingerdog, you should have the permissions to do this yourself ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2007-10-07 15:31 Message: Logged In: YES user_id=1761957 Originator: NO It's an interesting question - should administrators be allowed to see user(s) email, with e.g. the intention of marking it as spam or whatever. I think, due to the privacy implications, at the very least, there would have to be some sort of 'opt-in' request from the user allowing an admin to do this - along the lines of allowing sharing mailboxes within outlook/exchange. I'm not sure how the technical aspect of this could be undertaken - most passwords are encrypted, so it wouldn't be easy/feasible to open the mailbox via IMAP/POP3/whatever. I suppose if you were using Cyrus for the backend mailstore you could alter the permissions on the mailbox, but this isn't something you could do with Courier. FWIW, the title of this ticket is misleading. ---------------------------------------------------------------------- Comment By: Sergey Litvinenko (lisergey) Date: 2007-10-06 04:32 Message: Logged In: YES user_id=1902244 Originator: NO grep'ing maildirs?? with what argument? if this works, it is the solution of misdirected mails problem without breaking privacy, yes. but how to produce a string for grep search? ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-10-05 23:47 Message: Logged In: YES user_id=593261 Originator: NO Personal note: I don't want to be the admin in a company that follows your example (it would be a very annoying admin job) and don't think that going through everybody's mailbox to delete a specific mail is reasonable. In this case, grep'ing through the maildirs on the disk is ways faster and also reduces privacy implications (because you don't see other mails "accidently"). Anyway: I really think this could (and will) cause privacy problems, and it's not a real difference if you call it "read" or "manage misdirected mails" ;-) I also see no real difference in (not) encrypting the password and would _always_ ask for the password. So IMHO we are down to "link to squirrelmail, with the mail address already entered in the login form". ---------------------------------------------------------------------- Comment By: Sergey Litvinenko (lisergey) Date: 2007-10-05 12:38 Message: Logged In: YES user_id=1902244 Originator: NO if passwords are encrypted, than the admin who wish to check the mailbox for spam or misdirected mails, would be forced to enter the passwords, and it's okay for that case. the idea is for admin not to READ the other's mails, but to MANAGE misdirected mails. example - one of employee by impulse of her bad mood was to sent alot of stupid jokes to everyones addresses - practically spam. if there would be interface for admin to remove erroneously sent mails, I think, it would be of great help. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-10-05 01:26 Message: Logged In: YES user_id=593261 Originator: NO I see two problems here: a) technical: passwords are often encrypted in the database, therefore it could be difficult or even impossible to pass them to squirrelmail etc. b) legal: In germany, you aren't allowed to read other people's mails, and I guess there are similar rules in other countries as well. Even if it isn't forbidden by law, this would make it too easy to ignore the privacy of your users. ---------------------------------------------------------------------- Comment By: Sergey Litvinenko (lisergey) Date: 2007-10-05 00:32 Message: Logged In: YES user_id=1902244 Originator: NO what kind of support to PostfixAdmin?? I'd love to see the ability for admin of a domain to see/manage the mail in any mailbox for that domain. probably with squirrelmail or alike, but without intermediate additional login/password interaction ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1748385&group_id=191583 |