cPanel AUTO-login to Webmail ... why is it AUTO and not setable ?

CTRLpanel

Registered
Feb 16, 2014
1
0
1
cPanel Access Level
Website Owner
Hi
I am only a cPanl user, I do not have a VPS or Server that I can set cPanel the way I want it.

One or two questions I always wanted to ask.

Why when after you click on Webmail from cPanel/HOME and sends you to the Webmail page you get a link saying:

Go to Webmail Login - and it AUTO-login for you?

How do I set the 'Go to Webmail Login' link to be PW protected at least - I would also set a USER name either than the main cPanel user name.

The reason is, anybody within the HOST company might login in there and 'read' personal emails if left there!

I really do not understand that.

One this is for the Technicians to be able to log in cPanel freely [of course] to help you out and Webmail STRUCTURE not be able to read emails.

That I find a silly problem - I think.

Thanks in advance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Authentication is required for individual email accounts when accessing webmail through cPanel. However, some hosting providers might enable the following option under the "Mail" tab in "WHM Home » Server Configuration » Tweak Settings":

"Mail authentication via domain owner password"

This will allow mail account authentication using the password of the domain owner’s account.

Thank you.
 

Hostbox.be

Well-Known Member
Nov 4, 2002
61
0
156
** Mail authentication via domain owner password is set to OFF !

Is it possible this option does not work anymore as from WHM 11.46.0 (build 14) ? When logged in to the control panel, we can access all mailboxes via webmail Horde, without password ?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Is it possible this option does not work anymore as from WHM 11.46.0 (build 14) ? When logged in to the control panel, we can access all mailboxes via webmail Horde, without password ?
This is actually by design. Here are some quotes from internal case number 132677 where this has been discussed:

The cPanel user is not actually authenticating with their password; a temporary session is created for the transfer. If you attempt to log into webmail directly (as a webmail user) with the cPanel user's password, or you attempt to do the same thing over IMAP, it will still fail.
The setting previously had two effects (preventing login through cPanel and preventing logging in directly using the password, through webmail or IMAP/POP), and now it has one.
We are in the process of updating our documentation to better clarify this change.

Thank you.