Webmail autoresponder wide-open (allows any email for any domain)

barlow

Member
Mar 27, 2013
7
0
1
cPanel Access Level
Reseller Owner
I have a new VPS server and just discovered that end-user going into webmail and autoresponder setup are free to browse the domain list and enter an email ID as if they were an admin. How do I close this down and restrict autoresponders to an end-user's own email address? Thanks.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
"going into webmail"? which one?

EDIT:
oops forgot it's in the view where you select the webmail client.
I tested it and it doesn't behave as you explained.
 
Last edited:

barlow

Member
Mar 27, 2013
7
0
1
cPanel Access Level
Reseller Owner
I tested it and it doesn't behave as you explained.
Great, but how did you manage to log on to my server? :)

My point is that the autoresponder page is offering too much to the wrong email account user and I need to turn this off - how do I do it? Sure, its not meant to do this. That is my problem.

So, please, anyone know how to turn off this presentation of domains and opportunity to type in an email ID? It should just default to the user's own email.

Or is it a bug?
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
Great, but how did you manage to log on to my server? :)

My point is that the autoresponder page is offering too much to the wrong email account user and I need to turn this off - how do I do it? Sure, its not meant to do this. That is my problem.

So, please, anyone know how to turn off this presentation of domains and opportunity to type in an email ID? It should just default to the user's own email.

Or is it a bug?
Of course I didn't test it in your server, I tested it in my server.
My point is that it is not acting like that in every server, so it might be something different in your server's configuration causing that.

It's hardly a feature you could just "turn off".
 

barlow

Member
Mar 27, 2013
7
0
1
cPanel Access Level
Reseller Owner
Of course I didn't test it in your server, I tested it in my server.
My point is that it is not acting like that in every server, so it might be something different in your server's configuration causing that.

It's hardly a feature you could just "turn off".
Dear god, is this what these forums are like all the time?
 

markaharper

Registered
Mar 9, 2011
1
0
51
WHM 11.36.1 (build 6)

Just wanted to confirm as Barlow said, the Webmail Autoresponder is wide-open.

And as InfoPro said, the Feature Manager can disable Autoresponder.

details:

/webmail/x3/index.html

After my clients log into their personal webmail accounts, they are shown the choice to enter different webmail interfaces: Horde, Roundcube or SquirrelMail.

On this index.html page the clients can manage Change Password, Forwarding Options, Auto Responders, Configure Client Mail, Email Filtering, Email Trace.

The Forwarding Options does limit the client ONLY to their email address.

But the Auto Responders gives them Admin permissions to add Auto Responders to any email under any domain name.

Sad, but I had to disable Auto Responder after a client successfully added Auto Responder to my email to prove the the interface was not secure.

To Your Success!!!

Mark