How to force login when accessing webmail via cPanel

ramystyle

Well-Known Member
Feb 9, 2004
67
0
156
Montreal
Hi,

A user of mine accessed his cPanel and told me that he can access all email accounts via webmail once he is logged in to cPanel. He is not asked to enter a password for each email account.

I tried changing "Mail authentication via domain owner password" in whm to on and off but nothing changed.

I would like to force a logged in user in cPanel to enter the password for an email account before viewing its inbox.

Thanks for your help.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,110
660
263
Houston
cPanel Access Level
DataCenter Provider
Hi @ramystyle


I'm a bit confused here, you should most definitely be asked for a password when logging into an email account unless you're logged in as the cPanel user, in which case you can access other email accounts from the cPanel UI.

Would it be possible to provide screenshots/more information on how the user is accessing?
 

ramystyle

Well-Known Member
Feb 9, 2004
67
0
156
Montreal
Don’t be confused.
Your understanding is correct. If user tried to access webmail, he is asked for a username and password.

If user is logged into Cpanel, the he has access to all emails inboxes without the need to enter a password. I would like to for that user to enter a password because I don’t want him to go read other users emails. He needs cpanel access to add remove emails but I would like to limit him to not view the inboxes of all email accounts within Cpanel..

Let me know if I’m not clear.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,110
660
263
Houston
cPanel Access Level
DataCenter Provider
Hello @ramystyle

This isn't possible as the cPanel user is meant to be an administrative user - they have access to all emails on the account through file manager as well. The only method to restrict access to email accounts would be through the package's feature list by removing the "Email Accounts" feature but this would also restrict them from managing, creating or removing email accounts as well.

Our reasoning behind this decision is detailed here: Remove 'Access Webmail' from Email Accounts

Thanks!