Remove 'Access Webmail' from Email Accounts

Syed Fuzail Islam shared this idea 2 years ago
Completed

Hi, Our company is hosted over Amazon and we are hosting company as well. we have many clients on our server the issue raised in last meeting that the admin account user can view/read anyone email without entering their account password and we have privacy concerns with that. we want that option to be remove so anyone who know password can only view the email through webmail or any other way. i know there are other ways to read email but this is the only visible way and we do not need it its a flaw according to companies and account holder privacy

Best Answer
photo

After careful consideration we have decided not to change the functionality. It is beyond the intended design and use of this product to provide any level of privacy between an admin level account, and a non-admin level account. Or, to put it another way, between the cPanel user and an email user. It is intended that the cPanel user is an admin within the context of the cPanel login session, and the home directory. As an admin the cPanel user has full access to everything stored within the home directory.

There are numerous ways for the cPanel user to access content put within the home directory by other users (e.g. email). In some areas we intentionally configure the system to allow the cPanel user direct access to the content. For example when the cPanel user logs into webmail, the user has direct access to the inboxes for all email accounts managed by the cPanel account.

Implementing the requested control would present a false sense of security and privacy. We appreciate your input on this matter and look forward to being able to fulfill other requests in the future.

Comments (18)

photo
5

It should be removed , it is against the privacy of other users.

photo
3

Certainly it should be removed.

photo
3

Definitely it should be removed because our company needs it.

photo
5

it should be removed for the privacy concerns of user.

photo
2

Considering the cPanel user can access the email through File Manager, Command line, or simply changing the password to something they know; does this button give them more access than they already have?

photo
6

Yes i know File Manager and command line are options to read someone else email but everyone is not that much technical. 'Access Webmail' is a direct button with any person with admin access can view/read email without entering password. Alternate is that by clicking on 'Access Webmail' it should ask for that user account password. otherwise please remote it as my customers have high concern with this feature.

photo
5

Yes admin can change the account password but cannot read another account email without knowing the actual password that is what i am trying to say.

Right Now, Admin can view daily emails of everyone by simply clicking on 'Access Webmail' and users will not be aware of it.we are running a hosting company and my clients have serious concern with this feature. Kindly remove or disable it.

photo
2

wow ! just noticed the same thing. This is major ! cPanel user now have access to all emails, without password authentification...

even if this is an option, the user that have access to the cPanel could trigger it so he can still have access ! I don't understand that "feature" at all, before if you wanted to have access, you needed to flush the user password so at least, he knew something was up when trying to access his emails...

photo
3

this should be remove as per user privacy policy this could be very harmful .

photo
1

Hi admin any update?

photo
1

After careful consideration we have decided not to change the functionality. It is beyond the intended design and use of this product to provide any level of privacy between an admin level account, and a non-admin level account. Or, to put it another way, between the cPanel user and an email user. It is intended that the cPanel user is an admin within the context of the cPanel login session, and the home directory. As an admin the cPanel user has full access to everything stored within the home directory.

There are numerous ways for the cPanel user to access content put within the home directory by other users (e.g. email). In some areas we intentionally configure the system to allow the cPanel user direct access to the content. For example when the cPanel user logs into webmail, the user has direct access to the inboxes for all email accounts managed by the cPanel account.

Implementing the requested control would present a false sense of security and privacy. We appreciate your input on this matter and look forward to being able to fulfill other requests in the future.

photo
2

The cPanel admin was always able to read user emails through the file manager, the main email account, and indirectly through the specific email account (they could reset the password if they really needed to read those emails).

If cPanel wants to implement a stronger privacy system that takes the email part out of the homedir entirely and creates a separate system for it, that could be a good thing, but it would be a very significant change that could also affect how quotas are counted, who can remove email and how, etc.

Overall I agree that ideally a cPanel user shouldn't have access to users' webmail, but not having access also poses problems. For example, when the email is over quota if you can't access it via FTP/file manager, it will be very difficult to delete (since webmail shuts down). I can think of many other admin tasks which will be hugely complicated by such a removal. So it could be an opt-in or opt-out feature, but it will definitely require a major change in the way cPanel works with email.

Keep in mind that some competing control panels, such as H-Sphere, also allow direct webmail login from the admin panel.

photo
2

I think a lot people with cpanel accounts (like webmasters or sysadmins) can view all messages from all mail accounts... this is bad...

photo
1

As HostCentre says, the cPanel linux user has always had open access to the ~/mail path so this is not technically an escalation of privileges, but it does make it much easier for the cPanel GUI user to casually browse. However, he/she would not be able to impersonate a user easily as their own IP address would be recorded in the cpanel access logs, to which users don't have access.

While it would be nice if the user's mail store was available only via IMAP/POP/Webmail - and this is certainly not impossible, but is quickly made irrelevant when one considers that the cpanel user need only create an account backup to get full access to all mailbox data.

cPanel is what it is - portable - where the cpanel owner is god(ish). You aren't going to get away from this problem without moving away from the portability features.

photo
1

I don't see the point of not having the autologin so long as that user has access to the mail files anyway. However we do need a solution to not give them access to the mail files at all, that would mean allowing email to be stored either on another system user or on another server. Disabeling autologin would be hiding the symptoms but not the problem itself.

photo
2

The way it currently works, with the admin having 'easy' access to ANY users email account is a huge security concern. Yes, having cPanel access does allow access to READ the mail files but that requires at least some technical knowledge. A button granting you direct access to their account is just TOO easy especially when they can IMPERSONATE the user and SEND emails.

I have rarely needed to actually go into a users email account for any reason, instead I would always talk the user on how to do it if needed. And if I did I would always change the password first, do what was required and then walk the user though how to change their password.

Suppose I don't like my boss and I'm about to quit. I'll just send a password reset to all of his accounts, login into cPanel then into his account, get all the new passwords and then DELETE those emails. Maybe while I'm there I'll just send a few nasty emails to his suppliers or other employee's.My clients have always been happy that I don't have easy access to read their emails, when (not if) they find out about me being able to send emails from their account, and I will tell them, I don't know how many I will loose.Please bring back the enter email account password prompt...

photo
1

monarobase wrote:

I don't see the point of not having the autologin so long as that user has access to the mail files anyway. However we do need a solution to not give them access to the mail files at all, that would mean allowing email to be stored either on another system user or on another server. Disabeling autologin would be hiding the symptoms but not the problem itself.
Disabling auto-login would stop anyone being able to SEND emails as that user

photo
1

Mr Sant wrote:

However, he/she would not be able to impersonate a user easily as their own IP address would be recorded in the cpanel access logs, to which users don't have access.

access logs don't help after the fact because, in my office, everyone logs in from the same IP address.