The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel privacy problem: horde and squirrelmail

Discussion in 'E-mail Discussions' started by darkelder, Oct 3, 2005.

  1. darkelder

    darkelder Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
  2. cPanelBilly

    cPanelBilly Guest

    This is untrue and not needed.
    The only account that can view any other accounts email is the main account for that domain.

    Please do not post things that are inaccurate and misleading.
     
  3. darkelder

    darkelder Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    If I log as primary username of account it will show on squirrelmail and horde folders all other email folders. Is this planned?
     
  4. cPanelBilly

    cPanelBilly Guest

    Yes the main user of the account can always access the email for all other emails accounts.
     
  5. darkelder

    darkelder Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    By Horde and Squirrelmail main account can add other emails of it own domain as folders.

    This is a issue since it breaks other domain emails privacy.
     
  6. cPanelBilly

    cPanelBilly Guest

    That is correct, they are IMAP this can be done with IMAP. The user that has the main account owns the account and the email addresses in it.
     
  7. darkelder

    darkelder Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Well, I understand why IMAP list all user emails since on /home/user/mail/ is the directory and actually cPanel save it on this directory.

    But I do not agree with it since main account should has too much power and hosting companies can get some privacy problems. Here, privacy violation is against our Law.
     
  8. cPanelBilly

    cPanelBilly Guest

    The same user can FTP into the account and read the mail files, I am not sure I see the difference.
     
  9. darkelder

    darkelder Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    It is easier to access emails.
     
  10. GeekDrew

    GeekDrew Registered

    Joined:
    Jan 3, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Columbus, OH
    I'm not sure how much of a background you have with the overall theory behind security in many server applications (including the way that mail is stored, at least in this context), but in general, administrative accounts are always able to access the accounts under their authority. The "main account" for a domain is nothing more than an administrative account for that domain - thus, it should be able to access all mail relative to that domain. This concept is not unique to cPanel; it is used across servers of all kinds and sizes. In fact, the inability for an administrator to access the mail underneath his/her realm would surprise me more than the ability to do so.
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup, couldn't agree more. Since the main account has access to all the files within their account (as the should do as it's their account) then it's a completely moot point. Privacy arguments are spurious really, since it's up to the individual to not invade someones privacy, otherwise you'd have to be able to prevent root from access a whole raft of files on a server which would be impracticaly at least, and silly in reality.
     
  12. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    Chirpy,

    After "MailDir" conversion, individuals logging into Horde WebMail from main user of control panel will no longer have opportunity to access all other mailboxes under same domain name. This resolves privacy concerns, however, for some individuals the previous ability to access other mailboxes was very convenient.

    Q: does anyone know how to "connect" other mailbox under "main one" in Horde, just like it was previously done, before "MailDir" conversion?

    Thank you.


    Cretu.
     
  13. lostinspace

    lostinspace Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    122
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Colorado Springs, CO
    Yeah, being able to use a root account to subscribe to several mailboxes was great. I thought about converting back to MBOX just to get that ability back.

    Also, I have been having a helluva time with several IMAP clients (Thunderbird, Outlook, Mulberry) when adding more then 3 IMAP accounts. If you add more than 3 IMAP accounts that exist on the same server, the server starts rejecting connections. I'm still testing this out still to make sure it's nothing on my end. The issue doesn't happen with Outlook Express :confused:.

    POP seems to be fine.
     
    #13 lostinspace, Oct 8, 2005
    Last edited: Oct 8, 2005
  14. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    I would think that as root or domain main user ..it would be more of an issue NOT being able to see others emails. As far as I am concerned ..if a user is storing files and using my server for a means of communication .. then it is my responsibility to have quick easy access to make sure laws and other people are NOT being harmed by unlawful activities through my box(s). Just like if I rented a house to a crack head and they decided to start selling crack from a window in the house to kids. It's my responsibility to make sure that house is not being used in a manner that is unlawful. If you want privacy ..get your own server and break the law all you want until you are caught from the outside. I know some of you will fire back at me for this view point ..but that's what I feel.
     
  15. lostinspace

    lostinspace Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    122
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Colorado Springs, CO
    You can start to hammer on the subject all you want. The simple fact remains that you cannot use a root user to log into multiple mailboxes with maildir. Like it or not.
     
  16. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA

    right .. you are talking about technical reasons or limitations. I was talking about the privacy issues of being a super user in the first place. As root you can point anyone's mail anywhere you want if you had reason to.
     
  17. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    Is there a fix for this? From my perspective it seems very handy to be able to log in as the main cpanel account holder and view all the mail in the account easily.

    Any chance of a fix for this?
     
  18. tvcnet

    tvcnet Well-Known Member
    PartnerNOC

    Joined:
    Aug 15, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Diego
    cPanel Access Level:
    DataCenter Provider
    I majorly second this topic.

    The loss of feature is causing us harm, as many clients used this feature to clear their spam boxes, etc., and manage their employees email issues, etc.

    As root user has access to everything within the domain, there are no security advantages to this arrangement, so not sure why folks are commenting this is some security related "fix."


    Reference:
    After "MailDir" conversion, individuals logging into Horde WebMail from main user of control panel will no longer have opportunity to access all other mailboxes under same domain name. This resolves privacy concerns, however, for some individuals the previous ability to access other mailboxes was very convenient.

    Q: does anyone know how to "connect" other mailbox under "main one" in Horde, just like it was previously done, before "MailDir" conversion?



    Ideas if there is a way to "fix" this back to the way it was, such that root user can manage all email accounts within the domain name from within Horde?

    Thanks,
    Jim
    TVC.Net
     
  19. sukil

    sukil Member

    Joined:
    Nov 15, 2005
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Want this feature badly!

    I very much am in favor of having the feature by which the main user can access the emails of other user accounts within the same domain using Horde. Useful as others have stated for clearing spam emails and managing employee emails. Utility is manu bound. In response to people claiming the disablement of this feature to be some sort of "security fix" let me tell them that this same user can access cpanel and use file manager (also possible by logging in thru FTP) to read the mail folders and see emails by opening each file. Maybe it will be time lagging but to a person who has evil on his mind - what gives? So the disablement is definitely not a fix but a lack of understanding while doing the design of the software. This should be included in future versions of the software or else it should be regarded as a negative aspect of maildir.
     
  20. ujr

    ujr Well-Known Member

    Joined:
    Mar 19, 2004
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
     
Loading...

Share This Page