I still found no satisfying solution to administer email accounts. It is possible with an very extended version of roundcube see  and  to let user change their passwords. But these version of Roundcube is not ready for production use, e.g. the generated emails have an bad header, so it got stuck in my spam filter.
Now I am at the crossroad with two paths:
1) Get ISPConfig to handle change requests for user email accounts
2) Get Roundcube (not MyRoundcube as in ) to handle these, e.g. write an plugin
(There are also plugins for squirrelmail but they depend on poppassd or require to modify DB-tables)
I would like to go path 1 because it seems to be the more appropriate way and is not depended by any third party software. But I think its also more difficult. So far the following points come to my mind:
a) a user can place somewhere an alternative email address
This included the possibility for an email user to login to ISPConfig. But maybe in the first step its enough that the "mailmaster" sets this address.
b) this address needs to be confirmed by the user, e.g. by following an link (with an id) send to him
c) if the user want to request a new password, an email with a new password is send to his alternate address. Alternative the email contains an link which as to be confirmed again, which prevents the user account from unauthorized password changes
My questions are:
Is this even wanted to be included in ISPConfig? Or are there other ideas to handle this topic?
Is there some code I could build on?
Is there somebody who can point me in the right direction to start?