Disable access to all users email accounts?

[Rick Davis]

There are many old or closed threads on this topic, which is basically about the ability for a cPanel admin user to read or access all user email accounts from the cPanel webmail link without having to enter the individual email account password. I understand that the cPanel admin is a root user and can change any users email password, so there is no way to stop them from viewing any user email if they want to. So many questions. Looking for a best practice recommendation.

Is it as simple as disabling webmail access?

I am curious to know whether the discussion continues, is considered resolved, or just not worth discussing? I would also like to know what admins in this position tell the persons or companies that they administer cPanel accounts for in regards to this topic? Is it a don't ask don't tell type of topic? Or do you fully disclose the discussed possibilities? And/or offer them a different email solution that is more secure? If so, how do you disclose this info? And what other options do you offer?

 

[24x7server]

Hi,

A feature request for the same is discussed in the below link, which you can refer:
Remove 'Access Webmail' from Email Accounts

 

[Rick Davis]

Thank you. That was one of the three year old discussions I mentioned. It's obvious the developers of cPanel don't consider this a bug or feature worth removing or restricting. So I guess my real question is "How do cPanel admins disclose this flaw to users that have their email stored on a server with cPanel?" I think the real answer or solution that I am considering is to remove email as a service on any web hosting server that uses cPanel and instruct users to use Gmail or some other email service instead.

 

[cPanelLauren]

There are many old or closed threads on this topic, which is basically about the ability for a cPanel admin user to read or access all user email accounts from the cPanel webmail link without having to enter the individual email account password. I understand that the cPanel admin is a root user and can change any users email password, so there is no way to stop them from viewing any user email if they want to. So many questions. Looking for a best practice recommendation.

This is because the cPanel admin (which is NOT in any way a "root" user it does not have root access to the system) has access to the emails in a number of other ways, the only thing this would do is provide an illusion that the cPanel user wouldn't be able to access the mail. Mail for all email users is accessible through the File Manager UI, through FTP with the cPanel user, and email user's inbox's can be subscribed to by the default email account.

Is it as simple as disabling webmail access?

You can disable webmail access using the feature manager for the Featurelist assigned to the account's package. This would remove the Access webmail link as well as the ability to access Webmail for any email account on the account using that package+featurelist

"How do cPanel admins disclose this flaw to users that have their email stored on a server with cPanel?" I think the real answer or solution that I am considering is to remove email as a service on any web hosting server that uses cPanel and instruct users to use Gmail or some other email service instead.

It should be assumed that the cPanel admin user has access to all items within the account, I wouldn't consider this a flaw it's a purposeful design element.

Thanks!

 

[vinnie6669]

Hello everyone, I am replying to this old post as I have some kind of issue. Disabling webmail from feature list will disable direct access to webmail aswell. Means if I type serverIP:2095 on browser and give email ID and password it does not take me to webmail. is it possible that we disable Check Mail option in cpanel but still able to access webmail directly on browser with email ID and password.

Thanks

Vivek

 

[cPRex]

@vinnie6669 - at this time I don't have a way to remove the webmail access from within cPanel but keep the access through ports 2095/2096. For this to happen it would be best to submit a feature request to our team to see if that functionality is something that can be added in the future.

 

[GillianS]

No-one seems to have mentioned the elephant in the room - i.e. GDPR!

I have clients that are church ministers who currently use email forwarders and can send and be sent very sensitive, personal communications. If they had real emails accounts on their domain, there is nothing to stop me, if I wanted, to read those emails. [I wouldn't, of course]. Microsoft in their wisdom, won't allow aliases from 'real' domains, only Gmail, Hotmail, etc. So what's to do? The ministers don't really want to use their personal emails for work. Why should they? And using a Gmail or Hotmail account for work looks very unprofessional.

It should be a simple setting in WHM, although my reseller WHM seems to have limited features.

The last comment on " Remove 'Access Webmail' from Email Accounts " was seven years ago (Feb 2015). The EU General Data Protection Regulation (GDPR) - came into effect in the UK on 25 May 2018. Please, cPanel, look at this again!

 

[cPRex]

At this time we don't plan to change the behavior of that page. As we've said for years, it would only provide the illusion of security as the cPanel owner can still access and read messages without that button.

 

[JoaoMachado]

@cPRex I am sorry but cPanel needs to/must make this change. the argument of "illusion of security" is absolutely rubbish. It is a matter of Privacy! The issue is not that cPanel is broken or unusable, the issue is a matter of customer care. It is clear, from all of the threads on here that cPanel's customers want this feature, to disable easy access to read email accounts.

Let me explain this in a way that everyone at cPanel may relate to...
A customer brings their car in to the dealer complaining about road noise. The dealer inspects the vehicle and finds nothing wrong with it, everything is normal. The customer however still complains about the road noise, let me ask you, is the issue with the car or the customer? That is correct, the customer is what needs to be fixed and that is what cPanel needs to address. Now the dealer, may have some some suggestions for the customer, the most common is to just turn the radio up louder or maybe the customer may be interested in having an undercoating treatment done to minimize the noise.

This is what all of cPanel's customers are asking for, give us the undercoating, that is, the option to remove the easy access to all emails buttons. We are discussing a clients perception, not illusions and perceptions can make or break you.

 

[cPRex]

This has been discussed many times for several years, and isn't something we plan to change.

 

[JoaoMachado]

This has been discussed many times for several years, and isn't something we plan to change.

@cPRex, and you don't see anything wrong with this statement? The fact that your customers have been asking for this for "several years"?

 

[cPRex]

Not every idea or feature that gets requested will be included with the product. This one has had MUCH discussion with various viewpoints, and our team has decided this isn't something we want to include, for the reasons already presented.