How Do You DISABLE User's Webmail Email Filter?

convoluted

Registered
Feb 6, 2010
4
0
51
Hi, my situation is this:

I have a supplier with [email protected] that sends me CONFIDENTIAL emails every day.

I have 20 users/email accounts in our Web Host.

We're using IMAP because we have an office computer and individual laptops and IMAP is better to synchronize emails well.

However, recently, I tried to login in http://webmail.mydomain.com and sign up as one of the regular users/email account. Then I found out, my users can FILTER all incoming mails on the server, that contains

[email protected] - Redirect it to their accounts And they Can READ my confidential emails from our supplier!

Not that I don't trust them, but it's a Good Security for me. My question: How can I disable these FILTER features for my regular/email users when they login via the webmail? Or is there a better way?

I've attached the picture of what I mean.

Thanks for reading.
 

Attachments

JordiCS

Well-Known Member
Dec 3, 2003
57
0
156
Catalonia, EU
cPanel Access Level
Root Administrator
my users can FILTER all incoming mails on the server, that contains [email protected] - Redirect it to their accounts
Hello,

Sorry, but this is not possible. You as an user can filter and/or redirect only your own mail, but you cannot retrieve mail sent to other users. If you manage your cPanel, then you can filter and/or redirect all email for the domain and for every account, but only in this case. You also can do it, of course, if you gain illegal access to that cPanel account (or the whole server).

If there were a filter or redirection like this, it is only in your account that you should look for it. Check your filters and redirects. Check also the headers of those confidential messages and look for other addresses on the CC field, maybe the sender is sending these messages to more recipients without you knowing. And last but not least, change your cPanel password if you suspect any of your users may have gained access to it.

Regards,
 

convoluted

Registered
Feb 6, 2010
4
0
51
Hi JordiCS thanks for helping me.

Yes, I have full access to our cpanel because I'm the only IT guy in our small company. So this is what I mean.

Example 1: get email from supplier

1. Create Employee Email: [email protected]
2. Robert Logs In: http://webmail.mycompany.com
3. Robert Manages Filters -> Creates a new filter
4. Filter Name: from Supplier
5. Rules: From, Contains @supplier.com
6. Actions: Deliver To Folder (Robert's INBOX)
7. Robert gets supplier's email!
Example 2: get ANY EMAIL!

1. Robert Logs In: http://webmail.mycompany.com
2. Create Filter -> Create a new filter
3. Filter Name: from anyone
4. Rules: From, Contains, @
5. Actions: Deliver To Folder (Robert's INBOX)
6. Robert gets ANY EMAIL!
Am I doing something wrong?

From a security stand point all I can see is this: Our employees can login to their webmail, filter emails and redirect ANY EMAIL to their INBOX! Please help! :confused:
 
Last edited:

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
Hi JordiCS thanks for helping me.

Yes, I have full access to our cpanel because I'm the only IT guy in our small company. So this is what I mean.

Example 1: get email from supplier



Example 2: get ANY EMAIL!



Am I doing something wrong?

From a security stand point all I can see is this: Our employees can login to their webmail, filter emails and redirect ANY EMAIL to their INBOX! Please help! :confused:
As Jordi mentioned, users can only filter email of which they are direct recipients.

For example, if you and I worked at example.com and had the following email addresses:

[email protected]
[email protected]

I can only filter email addressed to my email address.

This is confirmed by testing the scenario you presented.

If a user is able to filter email, that means the suer is a recipient, or addressee, of the email. Otherwise the filter is not examined.
 

convoluted

Registered
Feb 6, 2010
4
0
51
I see maybe I was wrong. Thanks for clearing up the confusion in my head, will test it again soon. Thanks kenneth and Jordi. God bless you.