Hello, I have searched through internet and this forum and didn't find any answer. Let me start with quick description of the problem:
I have a couple of servers running DirectAdmin on Centos and Roundcube set as webmail. There are not so few hosting accounts and each has some email accounts. Each server has it's own Roundcube installed and configured to use "localhost" as imap and smtp server. By accident I went to another server's Roundcube (completely separate server, completely different company, completely different domain and all) and I was able to login to one of e-mail accounts configured on one of my servers. I didn't choose which server to sign in, I didn't give any information about server at all, I just filled username (full email address) and password fields on login page and it logged me in. What's more, it showed me exactly contents of my Inbox. I could read messages and stuff, only thing I couldn't do was to send a message. When I tested that Roundcube was working for a longer time and then gave me "SMTP error (-1)". I tried to login from various webbrowsers (also on mobile phone), I tested in normal and also in incognito mode on few various Roundcube instances not connected with eachother in any way, result was the same everytime. That was kinda scary since Roundcube instances i tested were not able to know about my servers and email account configured on them.
Now question is:
How is it possible that I was able to login to an email account configured on a completely different server?
