Is there a way to acces all mail accounts with one password?

dutkovsky · January 15, 2024, 3:24pm

Hi,

I couldn’t find a solution to my problem, so I’ll ask.

The situation is as follows:

MIAB set up on one server is used by Company A and Company B. They both have a dozen email accounts for their employees each.

Company A’s boss wants to be able to log in to all employees’ accounts with one password as follows:

a)
example1@example.com
superPasswordForBoss

b)
example2@example.com
superPasswordForBoss

and so on.

Is it possible to configure such an option for selected email accounts?

I don’t know if I explained everything well. If you need anything, feel free to ask.

JoshData · January 18, 2024, 6:05pm

There’s no built-in functionality to have two passwords for the same account (that is, a user’s password and the boss’s password to snoop).

dutkovsky · January 23, 2024, 12:14pm

Is there any way to do this without using built-in functions?

JoshData · January 23, 2024, 1:22pm

It would be difficult.

I don’t have the time to help with things that don’t exist in Mail-in-a-Box, and whether anyone else on this forum will volunteer their time for you is up to them.

solomon · January 23, 2024, 9:38pm

There is a way, bear in mind that, this is not part of Mail-in-a-Box setup, you’ll have to make sure that you repeat steps 3(e) to 3(h) after a Mail-in-a-Box update.

Also, you’ll have to manually add new users to the company_A.sqlite database.

How to setup a master password:

Create the master password:

1(a). Run the following command:
```
doveadm pw -s SHA512-CRYPT
```
1(b). Save the hashed password for step 2(e).

Create a duplicate Sqlite database only for users from company A.

2(a). Start sqlite3:

sqlite3

2(b). Attach current users.sqlite database and the new company_A.sqlite database:

ATTACH '/home/user-data/mail/users.sqlite' AS DB1;
ATTACH '/home/user-data/mail/company_A.sqlite' AS DB2;

2(c). Create users table in DB2 database:

CREATE TABLE DB2.users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '');

2(d). Copy only users from company A to DB2 database:

INSERT INTO DB2.users SELECT * FROM DB1.users WHERE email LIKE '%@company_A.com';

2(e). Replace all users passwords with the master password:

UPDATE DB2.users SET password = 'Paste hashed password from step 1(a) here';

2(f). Exit sqlite:

.quit

2(g). Set owner to root:www-data for company_A.sqlite:

chown root:www-data /home/user-data/mail/company_A.sqlite

2(h). Change company_A.sqlite mode to 660

chmod 660 /home/user-data/mail/company_A.sqlite

Dovecot settings:

3(a). Copy the file dovecot-sql.conf.ext:
```
cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql-company_A.conf.ext
```
3(b). Open the file dovecot-sql-company_A.conf.ext using nano:
```
nano /etc/dovecot/dovecot-sql-company_A.conf.ext
```
3(c). Change the line “connect =” to:
```
connect = /home/user-data/mail/company_A.sqlite
```
3(d). Save and exit from nano:
Ctrl+x
y
Enter

3(e). Open the file /etc/dovecot/conf.d/auth-sql.conf.ext using nano:
```
nano /etc/dovecot/conf.d/auth-sql.conf.ext
```
3(f). Paste the following lines at the beginning of the file:
```
passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql-company_A.conf.ext
  result_success = continue
}
```
3(g). Save and exit from nano:
Ctrl+x
y
Enter

3(h). Restart Dovecot service:
```
systemctl restart dovecot.service
```

How to add a new user to company_A.sqlite database:

Open company_A.sqlite with sqlite3:

sqlite3 /home/user-data/mail/company_A.sqlite

Run the following command in sqlite:
```
INSERT INTO users (email,password) values ( 'new_user@company_A.com', 'Paste hashed password from step 1(a) here' );
```
Tip:
You can retrieve the master hashed password from within the database by executing the following command at the sqlite command prompt:
```
SELECT password FROM users;
```
Exit sqlite:
```
.quit
```

P.S.
You can read more on this topic here

dutkovsky · January 29, 2024, 8:45pm

Thank you very much for your answer and your time. I managed to achieve what I wanted thanks to your method.

system · February 5, 2024, 8:46pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.