Question Auto-login on email accounts

[sme]

Hi

Is there a way to login automatically through webmail for a particular email account, without the account's password?
Some sort of auto-login from Plesk (as a super user for example), like it happens in cPanel?

Thank you

 

[linuxman1]

I just was searching for something like this, would anybody there advise?

 

[Bitpalast]

You cannot auto-login into mailboxes. However, you might consider using your browser's password manager to store user name and password for the login page of webmail, so that the fields are auto-filled by the password manager on your next visit to that page.

 

[linuxman1]

Hi Peter,
I am talking about another issue,

Auto login to webmail from the mail tab in plesk

Possibility to log in to the specified email account when you click on the email account by accessing the mail tab.

plesk.uservoice.com

Please check the above URL.

 

[IgorG]

Let's first see what the demand for this feature will be, and then consider the possibility of its implementation from a security point of view. There is no such automatic webmail login yet.

 

[linuxman1]

Let's first see what the demand for this feature will be, and then consider the possibility of its implementation from a security point of view. There is no such automatic webmail login yet.

Hi Igor,
Today one client didn't migrate from Cpanel to Plesk when he didn't find this option, he is a manager and he as an admin on his server needs to check old emails on various mail accounts for business issue, and Cpanel already has this option for years. also as an admin I some times check some mailboxes when I have a SPAM attack going out so I can check mail headers and so on, on Cpanel I also find this useful but with Plesk I have to use ssh and use commands like postcat so I can view headers of SPAM email and see what account is sending it!

 

[IgorG]

@linuxman1 I understand you and the scenario you are used to in the cPanel. But, unfortunately, we cannot implement features for which there is very little demand. In this case, we simply won't have enough resources. If your usual scenario is supported by a lot of users, we will definitely consider it for implementation.

 

[linuxman1]

@linuxman1 I understand you and the scenario you are used to in the cPanel. But, unfortunately, we cannot implement features for which there is very little demand. In this case, we simply won't have enough resources. If your usual scenario is supported by a lot of users, we will definitely consider it for implementation

Hi Igore, That would be nice as i think to add new features that will make admin life easier without the need for a lot of votes, I believe you already do! you always do enhancements and provide new features as you compete with other markets and so on.
As you know from time to time on any hosting server you will find an ongoing SPAM going out and if you will not stop it quickly the ip address of the server may get black listed, so I wish Plesk will add those enhancements like Cpanel did so we can work quickly and stop the ongoing SPAM.
Cpanel will let me read the email and headers which in queue so I find out quickly what email account compromised and used to send SPAM out so I can stop it quickly before a server may get black listed RPL.
And actially yesteday I was migrating a server for a client to Plesk and he refused when he couldn't check mailboxes for his users without entering passwords which he didn't write it down before he send it to his users and his manager asks him every some time to check old emails for business issues.

 

[Bitpalast]

Is it legal in your country to look into other people's e-mail?

 

[IgorG]

@linuxman1 Indeed, has no one heard about GDPR in your country?

 

[linuxman1]

@linuxman1 Indeed, has no one heard about GDPR in your country?

Hi peter, Hi Igor,
are you kidding man? when I saw the reply I though a non technical guy is talking!
Who in this world told you that all clients use Plesk and Cpanel or other control panels for shared hosting only? Actually most companies I supported before use them for private corporate business usage!
Do you use your business email at Plesk company like sales email or legal or support emails to do personal stuff?
There are written policies inside companies prohibit any personal usage for business mail which is paid by the company to do only business and employees know that, even if an employee may leave the company, he can't close his mail address becaue he even doesn't own it but the company provided it for him to serve the company and when he leaves another employees will use the same email so business can go on!
we have legal restrictions to preserve the business mails for 5 years to be used by legal team and tax team inside the company.

 

[Bitpalast]

Let's please stick with your initial reason you mentioned why you want to have this feature:

As you know from time to time on any hosting server you will find an ongoing SPAM going out and if you will not stop it quickly the ip address of the server may get black listed, so I wish Plesk will add those enhancements like Cpanel did so we can work quickly and stop the ongoing SPAM. Cpanel will let me read the email and headers which in queue so I find out quickly what email account compromised and used to send SPAM out so I can stop it quickly before a server may get black listed RPL.

Regarding spam you can easily determine the source of spam by other means. For example:
- Look into /var/log/maillog (mail.log) to see from which user account spam is submitted.
- Look into the email headers in Tools & Settings > Mail Server Settings > Mail Queue, then click on any mail subject to see the header of that mail.
- Look into the website structure on /var/www/vhosts/<subscription domain>/<document root> to see files or modifications that do not belong into that website, e.g. by executing a command like

# find ./* -mtime -2

to find files younger 2 days or

egrep -r -i --include=\*.php 'base64_decode|edoced_46esab|passthru|shell_exec|exec\(' --exclude-dir={system,\/*/logs,\/*/bin,\/*/dev,\/*/etc,\/*/lib,\/*/lib64,\/*/sbin,\/*/usr,\/*/var,\/*/tmp} /var/www/vhosts

to find encoded files or files that want to run operating system commands (hackers frequently encode portions of their malware) and check whether the use of encoding or other special commands is legit.

Now, your scenario for corporate use of mailboxes: If there is any urgency for a business to access an employees mailbox (e.g. the employ called in sick, died, is on vacation but the super important contract that the company needs is in his/her mail etc.) an administrator can always reset the mailbox password to gain access to that mailbox. It's a matter of seconds, actually only two mouse clicks from where you'd access webmail. Why should software developers spend many hours of work for a function that is not really needed, because there are other easy ways to achieve the goal, and that, if at all, is only rarely needed. Sure, we as admins all want a "God" mode, because it makes life even easier than what it already is. But is the wish for this God mode to access user's mailboxes really so urgent? How often does it occur that a company needs to access an employee's mailbox? And why in that case can't they simply set a new password on it and log in?

It would not be the right of a technical admin to view other people's emails anyway. If at all that would be the right of a supervisor. From my point of view, I'd rather say that in cPanel they went a bit too far to enable tech staff to check into user's mailboxes. If such a function was provided, it should be combined with an automatic notification to the user that the mailbox was accessed by a tech admin. Please feel free to repost the request on the user voice website. If it gets many votes, the feature will probably be included in a future update. Also look into the top twenty of user voice requests. There seem to be many other features that other users feel are more urgent to complete.

 

[linuxman1]

Let's please stick with your initial reason you mentioned why you want to have this feature:



Regarding spam you can easily determine the source of spam by other means. For example:
- Look into /var/log/maillog (mail.log) to see from which user account spam is submitted.
- Look into the email headers in Tools & Settings > Mail Server Settings > Mail Queue, then click on any mail subject to see the header of that mail.
- Look into the website structure on /var/www/vhosts/<subscription domain>/<document root> to see files or modifications that do not belong into that website, e.g. by executing a command like

# find ./* -mtime -2

to find files younger 2 days or

egrep -r -i --include=\*.php 'base64_decode|edoced_46esab|passthru|shell_exec|exec\(' --exclude-dir={system,\/*/logs,\/*/bin,\/*/dev,\/*/etc,\/*/lib,\/*/lib64,\/*/sbin,\/*/usr,\/*/var,\/*/tmp} /var/www/vhosts

to find encoded files or files that want to run operating system commands (hackers frequently encode portions of their malware) and check whether the use of encoding or other special commands is legit.

Now, your scenario for corporate use of mailboxes: If there is any urgency for a business to access an employees mailbox (e.g. the employ called in sick, died, is on vacation but the super important contract that the company needs is in his/her mail etc.) an administrator can always reset the mailbox password to gain access to that mailbox. It's a matter of seconds, actually only two mouse clicks from where you'd access webmail. Why should software developers spend many hours of work for a function that is not really needed, because there are other easy ways to achieve the goal, and that, if at all, is only rarely needed. Sure, we as admins all want a "God" mode, because it makes life even easier than what it already is. But is the wish for this God mode to access user's mailboxes really so urgent? How often does it occur that a company needs to access an employee's mailbox? And why in that case can't they simply set a new password on it and log in?

It would not be the right of a technical admin to view other people's emails anyway. If at all that would be the right of a supervisor. From my point of view, I'd rather say that in cPanel they went a bit too far to enable tech staff to check into user's mailboxes. If such a function was provided, it should be combined with an automatic notification to the user that the mailbox was accessed by a tech admin. Please feel free to repost the request on the user voice website. If it gets many votes, the feature will probably be included in a future update. Also look into the top twenty of user voice requests. There seem to be many other features that other users feel are more urgent to complete.

> Let's please stick with your initial reason you mentioned why you want to have this feature:
Thanks peter, actually I just said that because I wanted this feature before when I had some issues with SPAM going out quickly and I could solve similar issues easier with Cpanel, but the main reasons I did a search online this time and found a closed feature request about the issue, an IT manager works for a construction company in gulf area use this option with Cpanel when his manager asks him to find and forward some business emails to him which are needed for legal issues at courts and so on, he is migrating to a new server and I recommended migrating to Plesk so he could save some money because he has a dedicated server and he has 3 accounts only used by his company so if he uses Plesk web admin he will save a lot of money, that's all.
> Regarding spam you can easily determine the source of spam by other means. For example:
> - Look into /var/log/maillog (mail.log) to see from which user account spam is submitted.
> - Look into the email headers in Tools & Settings > Mail Server Settings > Mail Queue, then click on any mail subject to see the header of that mail.
> - Look into the website structure on /var/www/vhosts/<subscription domain>/<document root> to see files or modifications that do not belong into that website, e.g. by > executing a command like
I do this and more, it's just I wished to do it quickly, with Cpanel they provide much headers for emails in queue, Plesk will show little headers so I must use SSH and check logs to determine the compromised email account which is used by spammers to send out SPAM, as you know spammers will change everything on the mails so it's difficult sometimes to find the real compromised account, "mail from: mail identity name" and son on, so the only way I can find out the hacked account is by knowing the auth ID which headers at Cpanel provides it easily so I can change its password quickly before sending more SPAM and clean queue quickly before more SPAM to be send out.
> How often does it occur that a company needs to access an employee's mailbox?
many times actually, about 2 months ago my manager for a tourism company which I provide support for asked me to collect some specific emails from a specific company because the legal team needs it when they write the yearly tax reports, instead of doing this through UI and this will take a long time, I used SSH and issued some Linux commands like find and grep to collect the required emails and put it in a mailbox and provided the access to the legal team so they can do their work.
BTW I asked on these forums for more important issues which I had with Plesk and nobody helped whatever I asked, on another post Igor replied me and I asked him to check my recent posts and help but he seems didn't find time, so I depended on my myself as I usually do and solved my issues but took more time of course, also it's hard for me to open tickets with Plesk support because I always have and I recommend to my clients to have Plesk licenses from resellers as I do to save some money, as you know Plesk from a reseller without support is much cheaper for us, so I depend on these forums when I have urgent issues and need help.

 

[Bitpalast]

BTW I asked on these forums for more important issues which I had with Plesk and nobody helped whatever I asked

That may be because this is a user-to-user forum. Some Plesk staff randomly checks in, but in general, users (like me) are responding to stuff if they find the time and if they have something to say.

it's hard for me to open tickets with Plesk support because I always have and I recommend to my clients to have Plesk licenses from resellers as I do to save some money,

That is a decision on your own discretion. Sometimes trying to "save" money is more costly than going for the real deal. Look at it differently: The regular price for the full product including full support is X. You have made the decision that you do not want to pay X, so you are getting the product for X-n. However this also means you are getting a product that has been diminished by n.

From personal experience I can only highly recommend to have a Plesk support contract. For reseller licenses it is only around 10 bucks a month, and their staff is freaking awesome when it comes to solving issues. It's just one necessary business expense if you run a Plesk server. You probably own a car? Compare this like "I'm gonna fix everything on my car on my own." against "I fix some basic things on my own, but for the complicated stuff I'll drive to the repair service." You would not fix everything on your car on your own, would you?

Anyway, your questions on the forum are welcome, even if sometimes there might noone be around to answer them for various reasons. A lot of other users are doing their best, but sometimes others and me just don't have the time or don't have a solution.

 

[linuxman1]

That may be because this is a user-to-user forum. Some Plesk staff randomly checks in, but in general, users (like me) are responding to stuff if they find the time and if they have something to say.


That is a decision on your own discretion. Sometimes trying to "save" money is more costly than going for the real deal. Look at it differently: The regular price for the full product including full support is X. You have made the decision that you do not want to pay X, so you are getting the product for X-n. However this also means you are getting a product that has been diminished by n.

From personal experience I can only highly recommend to have a Plesk support contract. For reseller licenses it is only around 10 bucks a month, and their staff is freaking awesome when it comes to solving issues. It's just one necessary business expense if you run a Plesk server. You probably own a car? Compare this like "I'm gonna fix everything on my car on my own." against "I fix some basic things on my own, but for the complicated stuff I'll drive to the repair service." You would not fix everything on your car on your own, would you?

Anyway, your questions on the forum are welcome, even if sometimes there might noone be around to answer them for various reasons. A lot of other users are doing their best, but sometimes others and me just don't have the time or don't have a solution.

> Anyway, your questions on the forum are welcome, even if sometimes there might noone be around to answer them for various reasons. A lot of > other users are doing their best, but sometimes others and me just don't have the time or don't have a solution.
Thanks Peter, Yes I believe that Plesk team will not reply when there is no solution, although I wish they reply and sat this can't be done so they would save our times, and I recommended this behaviour for them before on a post as when nobody reply and say this can't be done I still search and work for days and at last I see it can't be done, if they said earlier that would be great, so we can search for other workarounds or other solutions, and I wish they take care more for these forums because issues will happen again and again for other and future users, so a lot of people will benefit in the future from solutions provided on posts, the first thing comes into mind when you have a technical issue is to search online.

 

[hostlv]

This feature should definitely be implemented. I'm surprised that is not asked by more users It is one of the functions that are often used in cpanel and that helps a lot of company first level support administrators, to check various aspects requested by users without having to check log files or ask the user for a password wich may lead to a security risk or to reset the password which can lead to another support ticket which involves reconfiguring the user's email client because some just can't handle it. The examples can go on and on for this kind of minor requests witch are time consuming for an administrator.