Disable access to all users email accounts?

Rick Davis

Registered
Jun 28, 2018
2
0
1
Cincinnati, OH
cPanel Access Level
Root Administrator
There are many old or closed threads on this topic, which is basically about the ability for a cPanel admin user to read or access all user email accounts from the cPanel webmail link without having to enter the individual email account password. I understand that the cPanel admin is a root user and can change any users email password, so there is no way to stop them from viewing any user email if they want to. So many questions. Looking for a best practice recommendation.

Is it as simple as disabling webmail access?

I am curious to know whether the discussion continues, is considered resolved, or just not worth discussing? I would also like to know what admins in this position tell the persons or companies that they administer cPanel accounts for in regards to this topic? Is it a don't ask don't tell type of topic? Or do you fully disclose the discussed possibilities? And/or offer them a different email solution that is more secure? If so, how do you disclose this info? And what other options do you offer?
 

Rick Davis

Registered
Jun 28, 2018
2
0
1
Cincinnati, OH
cPanel Access Level
Root Administrator
Thank you. That was one of the three year old discussions I mentioned. It's obvious the developers of cPanel don't consider this a bug or feature worth removing or restricting. So I guess my real question is "How do cPanel admins disclose this flaw to users that have their email stored on a server with cPanel?" I think the real answer or solution that I am considering is to remove email as a service on any web hosting server that uses cPanel and instruct users to use Gmail or some other email service instead.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,285
313
Houston
There are many old or closed threads on this topic, which is basically about the ability for a cPanel admin user to read or access all user email accounts from the cPanel webmail link without having to enter the individual email account password. I understand that the cPanel admin is a root user and can change any users email password, so there is no way to stop them from viewing any user email if they want to. So many questions. Looking for a best practice recommendation.
This is because the cPanel admin (which is NOT in any way a "root" user it does not have root access to the system) has access to the emails in a number of other ways, the only thing this would do is provide an illusion that the cPanel user wouldn't be able to access the mail. Mail for all email users is accessible through the File Manager UI, through FTP with the cPanel user, and email user's inbox's can be subscribed to by the default email account.

Is it as simple as disabling webmail access?
You can disable webmail access using the feature manager for the Featurelist assigned to the account's package. This would remove the Access webmail link as well as the ability to access Webmail for any email account on the account using that package+featurelist

"How do cPanel admins disclose this flaw to users that have their email stored on a server with cPanel?" I think the real answer or solution that I am considering is to remove email as a service on any web hosting server that uses cPanel and instruct users to use Gmail or some other email service instead.
It should be assumed that the cPanel admin user has access to all items within the account, I wouldn't consider this a flaw it's a purposeful design element.

Thanks!
 

vinnie6669

Member
Nov 24, 2021
5
1
3
Indian
cPanel Access Level
Root Administrator
Hello everyone, I am replying to this old post as I have some kind of issue. Disabling webmail from feature list will disable direct access to webmail aswell. Means if I type serverIP:2095 on browser and give email ID and password it does not take me to webmail. is it possible that we disable Check Mail option in cpanel but still able to access webmail directly on browser with email ID and password.

Thanks

Vivek
 

GillianS

Member
Oct 24, 2014
7
0
51
cPanel Access Level
Reseller Owner
No-one seems to have mentioned the elephant in the room - i.e. GDPR!

I have clients that are church ministers who currently use email forwarders and can send and be sent very sensitive, personal communications. If they had real emails accounts on their domain, there is nothing to stop me, if I wanted, to read those emails. [I wouldn't, of course]. Microsoft in their wisdom, won't allow aliases from 'real' domains, only Gmail, Hotmail, etc. So what's to do? The ministers don't really want to use their personal emails for work. Why should they? And using a Gmail or Hotmail account for work looks very unprofessional.

It should be a simple setting in WHM, although my reseller WHM seems to have limited features.

The last comment on " Remove 'Access Webmail' from Email Accounts " was seven years ago (Feb 2015). The EU General Data Protection Regulation (GDPR) - came into effect in the UK on 25 May 2018. Please, cPanel, look at this again!
 

JoaoMachado

Registered
Nov 29, 2021
2
0
1
Portugal
cPanel Access Level
Root Administrator
@cPRex I am sorry but cPanel needs to/must make this change. the argument of "illusion of security" is absolutely rubbish. It is a matter of Privacy! The issue is not that cPanel is broken or unusable, the issue is a matter of customer care. It is clear, from all of the threads on here that cPanel's customers want this feature, to disable easy access to read email accounts.

Let me explain this in a way that everyone at cPanel may relate to...
A customer brings their car in to the dealer complaining about road noise. The dealer inspects the vehicle and finds nothing wrong with it, everything is normal. The customer however still complains about the road noise, let me ask you, is the issue with the car or the customer? That is correct, the customer is what needs to be fixed and that is what cPanel needs to address. Now the dealer, may have some some suggestions for the customer, the most common is to just turn the radio up louder or maybe the customer may be interested in having an undercoating treatment done to minimize the noise.

This is what all of cPanel's customers are asking for, give us the undercoating, that is, the option to remove the easy access to all emails buttons. We are discussing a clients perception, not illusions and perceptions can make or break you.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,999
1,734
363
cPanel Access Level
Root Administrator
Not every idea or feature that gets requested will be included with the product. This one has had MUCH discussion with various viewpoints, and our team has decided this isn't something we want to include, for the reasons already presented.