Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


How to secure an email account in a shared hosting environment

Posted on 2013-01-18
Medium Priority
Last Modified: 2013-01-22
What is the best way to secure an email account so that even the systems administrator cannot read a user's email?

Here is the scenario I am facing:

I am the site administrator for a domain that is hosted in a shared Linux / Apache / Cpanel environment managed by site5.com.  One of the email accounts for the domain I manage is used to send / receive confidential information that even I should not have access to.  Since I am the site administrator, I have full access to the system, so I can get in and view the files used to store the email messages.  Basically, I have the ability to snoop on other users if I want to.

Is there any way that this sensitive email account can be secured so that even I cannot view the emails if I desire?

Question by:jbaird123
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
LVL 33

Expert Comment

by:Dave Howe
ID: 38793819
Not as such, no. at the worst case, if you were completely locked out of the email box, the email still has to get INTO that box, so you could intercept the mail in transit and take a copy at that point.

However, there are multiple good solutions for email encryption out there - it would be down to the user and his correspondents to use that securely though, and its hard going for most users.

there are two major standards for encrypted mail - s/mime (uses x509 certificates, usually uses the openssl libraries) and openpgp (uses a similar hybrid solution - commonly implemented using gnupg)

many thick client solutions come bundled with s/mime support - in fact, lacking it is the exception rather than the rule. openpgp support is less common, but there are plugins for many major thick clients (such as thunderbird)

webmail is not commonly associated with either. horde imp supports s/mime, squirrelmail has a gpg plugin, and there are browser plugins to add support to popular solutions, but that is no better than a thick client really.

Email itself however is rarely secure; even SMTPS is rare in the real world, with most email being sent unencrypted. If I really had to remove temptation, I would therefore implement a fully local solution, using a webserver, encryption (asymmetric), user logins, and so forth. while nothing can prevent later modification of such a system to allow access, It would at least be secure until tampered with (I would have suggested the hushmail approach there but given the twin and fatal flaws of
a) the current security problems with java and
b) that hushmail have been guilty in the past of deliberately compromising the security of users on receipt of an american court order,
That probably wouldn't go down too well :)
LVL 11

Accepted Solution

RedLondon earned 2000 total points
ID: 38794028
Do the communications need to be via email?

I can send a message to my bank using its "secure messaging" service that is visible only after I log into my internet banking account.  

When they reply, I get an email to tell me that they've replied, and to see their message, I should log into my internet banking account again.  

Your confidential information could be transmitted in a similar system, with notifications that the messages are there ready and waiting for the right eyes to log in and see them.  I've never used it, but there's one called Kana that I found with a quick search - you could use their page to explain better to your customer what happens.

If you just want to remove your ability to see the messages, you could instead change the domain's MX records so that email doesn't pass through the cPanel server at all, and use an email system like either Fastmail or Google Apps - but that just means that some other admin somewhere else could look at the email if they so wished.

Expert Comment

ID: 38794198
Have you tried calling site5 and explain your concern?  as the above experts stated, anyone that has physical access to the server will be able to gain access.  I am sure that your hosting company can assist you.  good luck
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

LVL 32

Expert Comment

ID: 38799281
The service provider would just tell you to get free or paid email certain to encrypt the message traffic.  Even if SMTP is transmitted plain-text over port 25, the contents are already encrypted.

Users need to trade keys first.  So the first messages between users will be in the clear.  After that, it's up to the users to use a mail client that supports encryption.

For other mail that is not user-to-user, you should contact the third party.  Banks and insurance companies will have their own message systems that email alerts for you to login.
But, at some point, you must trust your admin...or find a new service.  What would stop an admin from generating and intercepting a password reset?  Or getting the link from a cert provider to download your email encryption key?

Author Closing Comment

ID: 38801123
I decided that the easiest solution with the greatest flexibility would be to simply use Google Apps.  This works because I am able to make the person who needs the confidential email the only administrator.  

This solution is easier than the others because it does not require that the user implement encryption.
LVL 33

Expert Comment

by:Dave Howe
ID: 38804352
That should be ok, just bear in mind that the administrators at Google Apps can (and will, if given a court order by an American court) give the lot to whomever is holding the court order.

Author Comment

ID: 38805507
Thanks, Dave.
LVL 32

Expert Comment

ID: 38805890
Does not require a court order any more.  NSL will do it without any oversight, and the ISP is threatened to not disclose the letter even exists.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
What we learned in Webroot's webinar on multi-vector protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question