The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

disabling admin from reading email

Discussion in 'E-mail Discussions' started by ana.pofuk, Jul 27, 2012.

  1. ana.pofuk

    ana.pofuk Registered

    Joined:
    Jul 27, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi
    When installing cpanel i have a privacy request from a customer. CEO doesn't want anyone to be able to read his emails, not even site admin.

    Is it possbile to disable administrator from reading emails of all the accounts without having the password for the specific account?
    Now it is easy to do it - you just click "Access Webmail" link in the email accounts link.

    Of course there are other ways with having acess to every file on the server, but this would be a great first step, usable at least for non technical administrators (people just managing email accounts)
    Thank you
     
    #1 ana.pofuk, Jul 27, 2012
    Last edited: Jul 27, 2012
  2. azurecoast

    azurecoast Member

    Joined:
    Jul 25, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    As with any type of "content" the security is all about access; usually physical. I mean most "stuff" is stored on a drive or NAS/SAN someplace, and if somebody can get to that or even back ups.... Email in the "cloud" raises a whole new set of complexities for companies as the "CEO" has a fiduciary responsibility to the company, and typically that means preservation of company assets like IPR that might be inside those emails.

    So, one of the better ways to deal with this issue is to encrypt all the emails. Your CEO can do this for his "email storage" and you can do it for yours, using S/MIME. That way each account stored has its own set of keys, and the mail server does not care, it just sees "files" and presents those to the MUA like Outlook that will need to decrypt. iPhone with ver. 5.1 supports S/MIME too.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can ensure the following option is turned off in "WHM >> Server Configuration >> Tweak Settings" under the "Mail" tab:

    "Mail authentication via domain owner password"

    Disabling this option prevents mail account authentication using the password of the domain owner’s account. While there are definitely methods to circumvent this feature and access emails (e.g. changing the password of the email account), this is a basic option available that some users prefer to use.

    Thank you.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please keep in mind that anyone who has access to cPanel files themselves (such as FTP to /home/username) or File Manager can access /home/username/mail/domain.com/emailuser where username is the cPanel username, domain.com is the domain name and emailuser is the email username.

    Additionally, the system administator of the server itself can access these locations.

    The only way to have such privacy would be to encrypt the emails. If they are encrypted, then only the sender and receiver would be able to easily read them.

    Here's a guide on using this for Thunderbird:

    How to encrypt your email

    He'd need to ask people emailing him that they also encrypt, but it makes a lot of sense to utilize encryption for sensitive data.
     
Loading...

Share This Page