cPanel e-mail through Godaddy
Hi,
We use cPanel e-mail through GoDaddy for a very simple, specific use purpose. I’m trying to figure out a couple of things, but my research always brings me to an older version, the full version, or a version that has interfaces I don’t have access to through GoDaddy. Is anyone familiar with GoDaddy’s implementation? If so, a couple of questions:
- Can you get a last time the user logged into the web interface anywhere?
- Can you force users to change their passwords?
- Can you lock down e-mail web access to specific IP addresse(s)?
- Can you enable any form of MFA for the e-mail?
note: for the Godaddy login, I already have MFA enabled. I’m interested in the ability to require MFA for the web e-mail client.
Thanks,
Jeff
-
Hey there! Yes to all of the above - here's some details on each process:
1 - You'd need to search the cPanel access log (/usr/local/cpanel/logs/access_log) for the IP you are looking for and then match that up with the access of the page you're looking for. I usually just access the page on my end to see what it looks like int he log, and then search the log for similar entries.
2 - We have this for cPanel accounts here
https://support.cpanel.net/hc/en-us/articles/360053012453-How-to-force-password-changes-on-users
but not for specific email addresses.
3 - You can restrict entire protocols by IP address, such as SMTP here: https://support.cpanel.net/hc/en-us/articles/360051877074-How-to-restrict-access-to-SMTP
so you can use similar things for IMAP or even restrict access to the webmail ports through the firewall.
4 - Here are details on how to set that up - https://support.cpanel.net/hc/en-us/articles/360051868994-Can-I-enable-two-factor-authentication-2FA-for-webmail
1 -
Hi cPRex,
I'm having problems getting into WHM. I know to put :2087 at the end of the cpanel URL, but as far as I can tell Godaddy assigns a random password to this account and I'm nervous about changing it as I don't understand how all of the GoDaddy & cPanel function together. Before I spend an hour on the phone talking to someone who can't give me an answer, do you have an knowledge of how this works with GoDaddy?
Also, the p12abcdefghijklmn123.prod.phx3.secureserver.net:2096 URL for the webmail login is a bit much for most users. I was thinking of creating a CNAME, but think it will break the certificate, and then I thought of creating a forward to the URL, but I'm not sure that it will allow for the port information. What is the standard, easiest, and cheapest method of creating a reasonable URL for the users webmail?
Thanks
Jeff
0 -
The access for WHM as the root user is always "root" and the root password of the server. You are free to change this, and it doesn't disrupt any cPanel operations.
As far as the crazy long hostname, that is something that is aut-generated when GoDaddy created you server. You are free to use the WHM >> Change Hostname tool to adjust that - just make sure you have the correct DNS records in place for the hostname to resolve, wherever your domain's DNS is handled. Just make sure you pick a subdomain that you don't plan to use for anything else - most people choose something like host.domain.com, or server.domain.com. The server will issue a new hostname certificate after you make that change, so there is nothing you need to do manually to get things working.
Let me know if that helps!
1 -
@cPRex,
Thanks, you are awesome and your information has been very helpful! I did some research about the godaddy implementation and found this:
https://www.godaddy.com/help/change-my-primary-ftp-password-in-linux-hosting-16011
As expected when I spoke with GoDaddy, they "don't support customization but would be glad to upgrade me or sell me more advanced e-mail." *Sigh* The best that they could provide is that I can change the admin password (see link above). The technician I was speaking to did not know anything about root user access and thought that on my basic plan that it wasn't available. Is it possible they changed the root user name to something different or created some type of root equivalent user or prevent access to the root account? (see graphic below)
I'm going to wait on changing the admin password until I hear from you just in case you tell me something like "whatever you do, don't change the admin password!" :D
Thanks a ton!
Jeff
0 -
Can you let me know exactly what plan you've purchased through them?
0 -
Yes, I finally got someone at GoDaddy who seemed to know more about cPanel and I was about to update this thread when I saw your question. We have the economy plan which is a shared plan. This technician indicated that we don't have WHM since it's a shared plan. Since we appear to lack a WHM interface, I'm guessing I can't force users to change their password, check for their last login, or setup MFA. I'd love to hear your thoughts on any improvements I could make with the platform I have access to. I'll still be using the cPanel e-mail, I was just trying to streamline it for the users. I did find a workaround for the long webmail URL that is simple. As a test, I created a 301 redirect for a domain that I own and am not using on my personal GoDaddy account and it worked bringing the entire URL including the :2096 port number and https. If they want a shorter access URL, they will just need to spend the $21/year for an short and easy domain name. I was going to put an A record in their domain for the cPanel server, but Godaddy tells me the IP address of the shared platforms aren't guaranteed to stay the same and they only update the supported records automatically if/when a change happens. Any thoughts and/or ideas will be greatly appreciated.
Thanks,
Jeff0 -
I'm glad they were able to get you more details on your plan. You are correct - without root access you wouldn't be able to use any of those things. I would still expect "domain.com/webmail" to work for easier webmail access, assuming that is configured properly on the parent server, so you could try that as well and avoid the 301 redirect system completely.
I haven't heard of the IPs being dynamic on their shared platform, but they would certainly know better than I would. As long as they are also handling any DNS changes at the same time they change the IP, things will work just fine.
It sounds like you're on a good path to success, but let me know if you have any other questions for me!
1 -
I think the problem with the domain.com/webmail is that the website is contracted out to our CRM vendor and thus the A record goes to ??CloudFlare?? and doesn't allow for a domain.com/redirect option. The redirect I found that works was at the Godaddy level for the subdomain. (i.e. webmail.domain.com) I'd use our own primary domain, but I don't want to do anything that would potentially cause a problem with our website. I tested this by setting up a webmail.jeffsdomain.com 301 redirect to the https://abcdefg123456blahblahblah.prod.prx3.yadayada.secureserver.net:2096 link for our cPanel e-mail. I was unsure if it would work with https as that's been an issue in the past and whether it would take the :2096. It worked perfectly, so I'll leave it up to the bosses.
I am curious about the URL syntax. The <random-characters>.prod.phx3.secureserver.net:2096 takes me to the webmail home. I'd prefer that the users go directly to their RoundCube INBOX. I notice that when I login to roundcube, the URL looks like this at the end:
...prod.phx3.secureserver.net:2096/cpsess<10digitnumber>/3rdparty/roundcube/index.php?_task=mail&_mbox=INBOX
Can I craft a URL that will take them into RoundCube and their INBOX? I'm not sure about the 10-digit number to the right of cpsess in the URL as it changes with each login. Thoughts on this?
Thanks,
Jeff
0 -
No, you wouldn't be able to do that - BUT - once you login once there is an option on the webmail page you can check that says "Open my inbox when I log in" so if you click that once, their next webmail access will take them straight to the inbox.
1 -
Thanks, I'll give that a try. I've seen it, but my assumption is that it's a cookie based setting and our users move between laptops, tablets, and desktops. Hopefully this is a sticky setting at the server. If not, they will just have to click on the roundcube box.
As a reward for being so knowledgeable and helpful, you get another question. :D I notice that when you drill down to the users mailbox, there is a cleanup function. I also notice that there is a chron function. Can I marry the two and have it run a cleanup monthly to delete anything older than 3 months? The examples I found on the web weren't helpful and since I have limited functionality on my shared environment, I'm not sure if it's even possible. The CHROM screen looks like this for me:
I want to say that your help is truly appreciated. I'd still be banging my head on the wall if you didn't take the time to help me out.
THANKS!
Jeff
0 -
The setting is per email account and is not cookie specific but a setting inside cPanel, so it's not device specific either - it should work just how you're expecting.
And sure, you could create a cron to automagically do that work every so often...but not easily. I would recommend doing this:
- Go to cPanel >> Email Disk Usage
- Choose the email address you want to work with from the dropdown menu at the top
- Click the "Manage" button next to the area you want to manager (inbox, Trash, etc.)
- In the new dropdown box that appears click the "Custom query" option there is a (broken, apparently) documentation link that SHOULD take you to a page on how to construct doveadm queries. https://doc.dovecot.org/2.3/admin_manual/doveadm_mailbox_commands/
That will give you more details on how you can build a custom dovecot query to delete mail messages. That could then be added to a bash script which you could call from cron. I am hesitant to put any kind of auto-delete commands here on the Forum, but with a bit of research you could set something up.
I'm going to put in a request to get that link updated in the product as well!
1 -
I was gonna cheat and use the example expanded for 3 months. I.E. savedbefore 12weeks instead of the example savedbefore 2weeks. That would have probably been my next question, what is savedbefore indicate in the query and is there a better operator to use for "any message older than".
I will keep an eye out for the wiki page to be fixed as the main documentation is not detailed enough to get me started and the documents I have found are lacking usage examples. I'm guessing it would look something like this:
doveadm expunge -u *@domain.com -A savedbefore 12weeks
It does sound like it would hit all the users at once:
"If the -A option is present, the command will be performed for all users. Using this option in combination with system users from userdb { driver = passwd } is not recommended, because it contains also users with a lower UID than the one configured with the
first_valid_uidsetting."but that warning has me concerned. I'm sure that my syntax is off, but it's confusing because the only example I find on the documentation is:
$ doveadm expunge -u jane.doe@example.org mailbox Spam savedbefore 2w
and this doesn't seem to correspond to the Syntax Synopsis:
doveadm [GLOBAL OPTIONS] expunge [-S socket_path] [-d] -A search_query
So if I go by the example instead of the syntax, it would look like this???:
doveadm expunge -u *@domain.com INBOX savedbefore 12weeks
I'll keep digging and check on that wiki link now and again to see if it's been fixed. This problem isn't critical, but right now I've got several legacy accounts that are good to test on with old data in them.
Thanks,
Jeff
0 -
Having test accounts is a must for things like this. I honestly am not sure if it will let you use a wildcard option in the command like that, but test that out and let us know!
0 -
Thanks cPRex,
Will do. Without WHM, I don't even have a terminal to play around in so I'm just going to have to put it in the command area of the cron job and see what happens. I'm not sure if I'll even get any feedback from the cron dialog. I'm thinking I'll try the command with the syntax in the docs first and see what happens. Sound right? Something like this:
doveadm expunge -u user1@domain.com -A savedbefore 12weeks
I'll hold the wildcard for my last test if the limited test works. Wish me luck.
1 -
I input it into the cron to run at 20 min after the hour as below:
My e-mail is setup in the "Cron Email" section. There is no indication that the command ran. No change to the mailbox that has e-mails from 2020, no e-mail sent to my account, nothing. Keeping in mind my limited access as a shared server account through GoDaddy, is there somewhere I can pull log files from? Any idea why it didn't work? I'm going to try the short syntax I found while I'm waiting for any replies. I will update you if that works.
0 -
Figured out why it didn't run. I'm not sure where the Hour=0 and Weekday=0 came from. Possibly prepopulated as I looked at the common settings. Just replaced the 0's with *'s. Unfortunately, got this e-mail:
/usr/local/cpanel/bin/jailshell: doveadm: command not found
Maybe going back to the I'll run manual purge on them once every 6 months. I'm hopeful that someone here knows how to get around this error.
Thanks,
Jeff0 -
Ah - this isn't going to be an option for you on your plan, then, as jailshell doesn't include access to the doveadm command. You can see if your host is willing to switch you to normal shell to see if that improves the behavior.
0 -
That is what I was afraid of. I tried starting the command with SU for grins and got:
/usr/local/cpanel/bin/jailshell: su: command not found
I'll just plan to do a manual purge every 6 months or so.
I am curious. Is this shared cPanel hosting implemented as expected in a shared environment or is this particular to GoDaddy's implementation of cPanel? This project is VERY cost sensitive, but if another host would save me hours and hours of time spent manually cleaning up, it might be worth exploring another cPanel hosting service. Do you know of any cPanel shared hosting services that may be a better fit or does cPanel have a listing of "preferred" providers?
Thanks again for all of you help. This might not have worked out as well as I'd hoped, but it's been a learning experience. It's awesome that cPanel has such engaged moderators that are out there providing help and solutions.
Thanks,
Jeff
0 -
Do you anticipate having enough email that you'll need to setup auto-cleaning protocols? In general, users either expect to have very little email, or tons of it that they will never ever delete, so they may not want that 6 month purge to happen.
Yes, I would say this is a standard implementation of shared hosting - I'm not able to recommend any specific plans or Partners.
0 -
It's not so much about running out of space, It's more that we don't want old information hanging around. I was going to make it 12 weeks if the automation worked, but since it's an issue, I'll just go through manually and do it twice a year. It will be good "braindead" work to do on a rainy day or something. :D
Thanks,
Jeff
0 -
Gotcha - that makes sense. I think you'll find you're going to be a bit limited anywhere for automation like this on a shared platform, no matter where you host with, but a dedicated server is a significantly higher cost.
0 -
@...
Thanks, that confirms a lot of things I was left wondering about. I appreciate you taking time to respond.
Thanks,
Jeff
0 -
You're very welcome - I'm happy to help!
0
Please sign in to leave a comment.
Comments
23 comments