Author Topic: Control Panel Security  (Read 304 times)

Offline TheBearJew

  • Newbie
  • *
  • Posts: 1
Control Panel Security
« on: February 26, 2021, 03:20:27 PM »
Greetings everyone!

I am running into an issue with Roundcube with our current domain host. I am not sure if they are just being lazy or if this is an issue with Roundcube in general and I cannot find an answer online for some reason. The issue is anyone with access to our host provider's control panel can access any email account that we host. Our host provider says that this is an issue that they cannot fix as it is standard for Roundcube.

I do have linux and windows hosted boxes and can create my own mail server but before I learn all of that and do it I was hoping to get an answer about the control panel security thing. If I host my own server is there a setting that can be changed where anyone who has access to the control panel will still be required to use a password to access the Roundcube email from the control panel itself.

I hope this makes sense and I don't sound like a blathering idiot.

Any response is most definitely appreciated,

With kind regards,
Chris

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,577
Re: Control Panel Security
« Reply #1 on: February 27, 2021, 09:28:14 AM »
I'm assuming you don't see Roundcube's login screen. Out of the box non authenticated users see the login screen where they must enter their IMAP credentials. Roundcube does not do authentication itself but submits those credentials to the server. Probably your provider is using a plugin to integrate Roundcube with their control panel and that plugin is doing the user authentication.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and moreā€¦