Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Disable access to all users email accounts?

Discussion in 'Security' started by Rick Davis, Jun 28, 2018.

  1. Rick Davis

    Rick Davis Registered

    Joined:
    Jun 28, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cincinnati, OH
    cPanel Access Level:
    Root Administrator
    There are many old or closed threads on this topic, which is basically about the ability for a cPanel admin user to read or access all user email accounts from the cPanel webmail link without having to enter the individual email account password. I understand that the cPanel admin is a root user and can change any users email password, so there is no way to stop them from viewing any user email if they want to. So many questions. Looking for a best practice recommendation.

    Is it as simple as disabling webmail access?

    I am curious to know whether the discussion continues, is considered resolved, or just not worth discussing? I would also like to know what admins in this position tell the persons or companies that they administer cPanel accounts for in regards to this topic? Is it a don't ask don't tell type of topic? Or do you fully disclose the discussed possibilities? And/or offer them a different email solution that is more secure? If so, how do you disclose this info? And what other options do you offer?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,861
    Likes Received:
    89
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Rick Davis

    Rick Davis Registered

    Joined:
    Jun 28, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cincinnati, OH
    cPanel Access Level:
    Root Administrator
    Thank you. That was one of the three year old discussions I mentioned. It's obvious the developers of cPanel don't consider this a bug or feature worth removing or restricting. So I guess my real question is "How do cPanel admins disclose this flaw to users that have their email stored on a server with cPanel?" I think the real answer or solution that I am considering is to remove email as a service on any web hosting server that uses cPanel and instruct users to use Gmail or some other email service instead.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    This is because the cPanel admin (which is NOT in any way a "root" user it does not have root access to the system) has access to the emails in a number of other ways, the only thing this would do is provide an illusion that the cPanel user wouldn't be able to access the mail. Mail for all email users is accessible through the File Manager UI, through FTP with the cPanel user, and email user's inbox's can be subscribed to by the default email account.

    You can disable webmail access using the feature manager for the Featurelist assigned to the account's package. This would remove the Access webmail link as well as the ability to access Webmail for any email account on the account using that package+featurelist

    It should be assumed that the cPanel admin user has access to all items within the account, I wouldn't consider this a flaw it's a purposeful design element.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice