The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webmail autoresponder wide-open (allows any email for any domain)

Discussion in 'E-mail Discussions' started by barlow, Mar 27, 2013.

  1. barlow

    barlow Member

    Joined:
    Mar 27, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I have a new VPS server and just discovered that end-user going into webmail and autoresponder setup are free to browse the domain list and enter an email ID as if they were an admin. How do I close this down and restrict autoresponders to an end-user's own email address? Thanks.
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    "going into webmail"? which one?

    EDIT:
    oops forgot it's in the view where you select the webmail client.
    I tested it and it doesn't behave as you explained.
     
    #2 quietFinn, Mar 28, 2013
    Last edited: Mar 28, 2013
  3. barlow

    barlow Member

    Joined:
    Mar 27, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Great, but how did you manage to log on to my server? :)

    My point is that the autoresponder page is offering too much to the wrong email account user and I need to turn this off - how do I do it? Sure, its not meant to do this. That is my problem.

    So, please, anyone know how to turn off this presentation of domains and opportunity to type in an email ID? It should just default to the user's own email.

    Or is it a bug?
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Of course I didn't test it in your server, I tested it in my server.
    My point is that it is not acting like that in every server, so it might be something different in your server's configuration causing that.

    It's hardly a feature you could just "turn off".
     
  5. barlow

    barlow Member

    Joined:
    Mar 27, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Dear god, is this what these forums are like all the time?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The Autoresponder Manager can be enabled/disabled from the Feature manager.
     
  7. markaharper

    markaharper Registered

    Joined:
    Mar 9, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    WHM 11.36.1 (build 6)

    Just wanted to confirm as Barlow said, the Webmail Autoresponder is wide-open.

    And as InfoPro said, the Feature Manager can disable Autoresponder.

    details:

    /webmail/x3/index.html

    After my clients log into their personal webmail accounts, they are shown the choice to enter different webmail interfaces: Horde, Roundcube or SquirrelMail.

    On this index.html page the clients can manage Change Password, Forwarding Options, Auto Responders, Configure Client Mail, Email Filtering, Email Trace.

    The Forwarding Options does limit the client ONLY to their email address.

    But the Auto Responders gives them Admin permissions to add Auto Responders to any email under any domain name.

    Sad, but I had to disable Auto Responder after a client successfully added Auto Responder to my email to prove the the interface was not secure.

    To Your Success!!!

    Mark
     
  8. rezman

    rezman Well-Known Member

    Joined:
    Feb 3, 2011
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    This appears to have been fixed.
     
Loading...

Share This Page