When moving accounts the webmail is not locked

nicklas

Well-Known Member
Dec 22, 2005
117
0
166
cPanel Access Level
Root Administrator
Hi,

I have moved several accounts to the new servers, but some users were still able to use read and send emails in their webmail account, there were using the server secure hostname for their mail, this is a serious problem! Everything should be locked when an account is locked after a move!

A bug?
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Hi,

I have moved several accounts to the new servers, but some users were still able to use read and send emails in their webmail account, there were using the server secure hostname for their mail, this is a serious problem! Everything should be locked when an account is locked after a move!

A bug?
Are the server hostnames for each machine different or are they identical?

Have you considered disabling transferred accounts on the old server by suspending them?

If the transferred accounts were not suspended, what method was used to keep them "locked"?
 

nicklas

Well-Known Member
Dec 22, 2005
117
0
166
cPanel Access Level
Root Administrator
-) Hostnames were different.

-) accounts were disabled!

- They had access to their email because they used the secure email with the hostname to get access, any other way to access their mail was blocked except this part!

They were following the instructions in the cPanel mail account when they setup their mail clients in the past, but when the account was moved accross to other server they were still accessing the old server, by using favorites!

cPanel:Mail, Manual Settings

Incoming Mail Server: (SSL) server.hostname.com
Outgoing Mail Server: (SSL) server.hostname.com (server requires authentication) port 465
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
-) Hostnames were different.

-) accounts were disabled!

- They had access to their email because they used the secure email with the hostname to get access, any other way to access their mail was blocked except this part!

They were following the instructions in the cPanel mail account when they setup their mail clients in the past, but when the account was moved accross to other server they were still accessing the old server, by using favorites!

cPanel:Mail, Manual Settings

Incoming Mail Server: (SSL) server.hostname.com
Outgoing Mail Server: (SSL) server.hostname.com (server requires authentication) port 465
By "disabled" -- does that mean the cPanel accounts were suspended?

Was it an e-mail user that (1) sent e-mail, (2) received e-mail, or (3) logged-into Webmail, via SSL access using the old server's hostname?

If you would like us to take a closer look at the situation I recommend submitting a support request; alternatively, if a bug is suspected you may submit a formal bug report using the link in the top-right corner of the forums, labeled Bugs.
 

nicklas

Well-Known Member
Dec 22, 2005
117
0
166
cPanel Access Level
Root Administrator
Hi, the accounts were disabled not suspended, I used to function to transfer accounts from one server to another.

It was (3) related to the webmail ( both send and receive with the ssl hostname )

You want me to submit a bug? that's alright for me, but all accounts are transfered over and to be sure i have deleted their accounts.
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Hi, the accounts were disabled not suspended, I used to function to transfer accounts from one server to another.

It was (3) related to the webmail ( both send and receive with the ssl hostname )

You want me to submit a bug? that's alright for me, but all accounts are transfered over and to be sure i have deleted their accounts.
If a bug is suspected you may submit a bug report using the links provided; however, based on the information provided thus far I am not certain what steps we can use to effectively reproduce the same scenario. If you're able to provide more specific details I believe that would help.

If the cPanel accounts were not suspended on the old system, what is the precise method used and what were the exact steps that were performed to "disable" the cPanel accounts?