SYSTEM INFORMATION | |
---|---|
OS type and version | Ubuntu 20.04 |
Webmin version | 1.994 |
Virtualmin version | 7.1-1 Pro |
Related packages | Roundcube 1.5.2 |
Hey folks…
At the risk of asking a dumb-dumb noob question… I need a bit of confirmation as to verify that my browser & session coookies are just creating the illlusion of a security hole… rather than an actual security hole really existing.
My goal is create a centralized install of Roundcube on a virtual server and use that for webmail for my users rather than usermin.
I followed these rather straight forward instructions…
https://www.virtualmin.com/documentation/web/faq/
Additionally, I used the solution below to resolve a SMTP 250 authentication error.
During my inital testing, I tried to log into 3 different email accounts in different Chromium browser windows… which failed miserably.
Example:
I successfully accessed the inbox for “webmail.domain.com”
Then, in a different Chromiunm browser window I entered “webmail.different-domain.com” and instead of being asked for username and password, I was immediately brought to the inbox of “webmail.domain.com”.
I immediately, assumed that I screwed something up, but is this rather the result of session cookies?
With the same exact install method. I can go to 3 different browsers and access webmail for 3 different domains without problem. At this point, I am guessing my installation is correct and secure… just looking for verification…