Okay here's my problem...

I created the domain lcauction.com about a month ago, and setup an email address for it - sales@lcauction.com

Yesterday I setup the domain logoperfect.com on my server, and setup the email address sales@logoperfect.com.

Both accounts were setup with the same password, and were setup as mailboxes.

I went to webmail.logoperfect.com and tried to login with - sales@lgooperfect.com,

The mailbox for sales@lcauction.com loaded instead of sales@logoperfect.com.

Is there a security fix for this so that people on different accounts can't login to other people's email accounts from their webmail.domain.com? Thanks alot!~

I didn't think it was possible to have both usernames & passwords identical on different mailboxes. Clearly it is :confused:

well I guess it is.. I couldn't believe my eyes when another client's email loaded in the other box! I think that "atomicrocketturtle" talked about a fix for this in some other post or on his site. I'm hoping there's some security fix though! Let me know if you see anything.

What you're describing can't happen PSA version 5.0.x or earlier. If you try to set the same password for two same usernames, PSA will stop you with an error message.

Double check the passwords and re-set them... It sounds to me like you've simply logged in with the 1st account's username and password, using the 2nd account's webmail URL...

PSA 6.0 has the option to choose between using "sales" and "sales@domain.com" type of username. A big improvement in my book...

Alex, that wouldn't be possible either, as you go log in to any webmail URL and view any account, as long as you enter the correct username & password.

I made the passwords exactly the same. Both accounts had a "sales@domain.com" email address... with the same password. I was able to see domain1.com's email, from domain2.com's login... wierd...

Gentle Giant: well, yes, I know you can use any webmail URL to login with any existing username / password and view that account. That's exactly the scenario I suggested in my previous post, so what are you trying to say? :confused: What we're discussing here is the existance of the two same passords...

jaredweb: as you probably know, what I described is the default behaviour of Plesk, in regards to mail passwords. It does give an error if you try to set two same passwords... It seems that you've stumbled on a bug or your install is in some way different...

Which version of Plesk / RedHat has this happened on...? Can you do the same with other mailboxes on the server in question?

I have a RedHat 7.3, Running Plesk 5.05,

To fix this I just changed the password on the new account. I was just surprised that it was even possible in Plesk to check other peoples email addresses from other's webmail page.

Hi Jaredweb,

I'm sorry that I caught this thread late, but I had the same exact problem a few weeks ago.
sales@domain.com
sales@domain.net
with the same passwords, and they were seeing each other's emails. The end user changed the password and the problem was solved. Appears that Plesk uses passwords to differentiate if the usernames are the same? :confused:

Ales (sorry I got your anme wrong earlier :o ) - you said

I couldn't see how that was possible, as you do not need to use your own webmail URL - even if you entered the 1st accounts usernam & password into the 2nd accounts webmail URL, you should still get the 1st account's mail.