How Do You DISABLE User's Webmail Email Filter?

[convoluted]

Hi, my situation is this:

I have a supplier with supplier@somecompany.com that sends me CONFIDENTIAL emails every day.

I have 20 users/email accounts in our Web Host.

We're using IMAP because we have an office computer and individual laptops and IMAP is better to synchronize emails well.

However, recently, I tried to login in http://webmail.mydomain.com and sign up as one of the regular users/email account. Then I found out, my users can FILTER all incoming mails on the server, that contains

supplier@somecompany.com - Redirect it to their accounts And they Can READ my confidential emails from our supplier!

Not that I don't trust them, but it's a Good Security for me. My question: How can I disable these FILTER features for my regular/email users when they login via the webmail? Or is there a better way?

I've attached the picture of what I mean.

Thanks for reading.

[JordiCS]

my users can FILTER all incoming mails on the server, that contains supplier@somecompany.com - Redirect it to their accounts

Hello,

Sorry, but this is not possible. You as an user can filter and/or redirect only your own mail, but you cannot retrieve mail sent to other users. If you manage your cPanel, then you can filter and/or redirect all email for the domain and for every account, but only in this case. You also can do it, of course, if you gain illegal access to that cPanel account (or the whole server).

If there were a filter or redirection like this, it is only in your account that you should look for it. Check your filters and redirects. Check also the headers of those confidential messages and look for other addresses on the CC field, maybe the sender is sending these messages to more recipients without you knowing. And last but not least, change your cPanel password if you suspect any of your users may have gained access to it.

Regards,

[convoluted]

Hi JordiCS thanks for helping me.

Yes, I have full access to our cpanel because I'm the only IT guy in our small company. So this is what I mean.

Example 1: get email from supplier

1. Create Employee Email: robert@mycompany.com
2. Robert Logs In: http://webmail.mycompany.com
3. Robert Manages Filters -> Creates a new filter
4. Filter Name: from Supplier
5. Rules: From, Contains @supplier.com
6. Actions: Deliver To Folder (Robert's INBOX)
7. Robert gets supplier's email!

Example 2: get ANY EMAIL!

1. Robert Logs In: http://webmail.mycompany.com
2. Create Filter -> Create a new filter
3. Filter Name: from anyone
4. Rules: From, Contains, @
5. Actions: Deliver To Folder (Robert's INBOX)
6. Robert gets ANY EMAIL!

Am I doing something wrong?

From a security stand point all I can see is this: Our employees can login to their webmail, filter emails and redirect ANY EMAIL to their INBOX! Please help!

[cpanelkenneth]

Hi JordiCS thanks for helping me.

Yes, I have full access to our cpanel because I'm the only IT guy in our small company. So this is what I mean.

Example 1: get email from supplier



Example 2: get ANY EMAIL!



Am I doing something wrong?

From a security stand point all I can see is this: Our employees can login to their webmail, filter emails and redirect ANY EMAIL to their INBOX! Please help!

As Jordi mentioned, users can only filter email of which they are direct recipients.

For example, if you and I worked at example.com and had the following email addresses:

convoluted@example.com
cpanelkenneth@example.com

I can only filter email addressed to my email address.

This is confirmed by testing the scenario you presented.

If a user is able to filter email, that means the suer is a recipient, or addressee, of the email. Otherwise the filter is not examined.

[convoluted]

I see maybe I was wrong. Thanks for clearing up the confusion in my head, will test it again soon. Thanks kenneth and Jordi. God bless you.