|OS type and version||Ubuntu 20.04|
|Virtualmin version||7.1-1 Pro|
|Related packages||Roundcube 1.5.2|
At the risk of asking a dumb-dumb noob question… I need a bit of confirmation as to verify that my browser & session coookies are just creating the illlusion of a security hole… rather than an actual security hole really existing.
My goal is create a centralized install of Roundcube on a virtual server and use that for webmail for my users rather than usermin.
I followed these rather straight forward instructions…
Additionally, I used the solution below to resolve a SMTP 250 authentication error.
During my inital testing, I tried to log into 3 different email accounts in different Chromium browser windows… which failed miserably.
I successfully accessed the inbox for “webmail.domain.com”
Then, in a different Chromiunm browser window I entered “webmail.different-domain.com” and instead of being asked for username and password, I was immediately brought to the inbox of “webmail.domain.com”.
I immediately, assumed that I screwed something up, but is this rather the result of session cookies?
With the same exact install method. I can go to 3 different browsers and access webmail for 3 different domains without problem. At this point, I am guessing my installation is correct and secure… just looking for verification…