WebMail problem (password)

**pino** · 21st February 2007, 09:32 AM

Hi,

I searched the forum but found nothig, so here I am asking: How can my users change their email password using Webmail? In the Setting->Options I read: "Change your account information such as name, password, signature, reply format, and list display and mail forwarding preferences." but clicking on Options is possible to change all the settings BUT the password

Any hint? What am I missing?

Cheers
Pino

**Staff: Warren Ashcroft** · 21st February 2007, 10:20 AM

For synchronization reasons users cant change their password in Webmail, instead they need to use Helm - or this special utility:

http://cp.redfoxhosting.com/MailAdmin.asp

(or cp.yourdomain.com)

**pino** · 21st February 2007, 10:47 AM

Thanks for the info

**RFH Reseller: Rappie** · 15th April 2007, 10:07 PM

This is really weird. Its just like having a car that needs to be started form the outside. I does not feel right to me. Its so much easyer to be able to change to password from within webmail.

Some of my users only use webmail, they don't use and care about helm. It feels weird to tell them that the cant change to password form within webmail.

**Staff: Warren Ashcroft** · 15th April 2007, 10:11 PM

Originally Posted by Rappie

This is really weird. Its just like having a car that needs to be started form the outside. I does not feel right to me. Its so much easyer to be able to change to password from within webmail.

Some of my users only use webmail, they don't use and care about helm. It feels weird to tell them that the cant change to password form within webmail.

Which is why we created the external mailbox admin site:
http://cp.redfoxhosting.com/MailAdmin.asp

**RFH Reseller: Rappie** · 16th April 2007, 10:21 AM

I am happy with the fact that there is a solution to change passwords like the external mailbox admin site.

But is still seems strange to me. All the users who only use webmail, need to remeber jet another URL just to change their password. They need to go outside webmail to do so. I am talking about the users who don't use HELM, and probably never heard of helm because their admin/webmaster controls the website. And now they are confronted with URL/page that doesn't resamble the look and feel of the webmail interface.

Isn't possible to work towards a solution with those things more intergreated?

**Staff: Warren Ashcroft** · 16th April 2007, 12:06 PM

The reason is that there are two databases of user information involves - the mail server and Helm. If Helm needs to do a "restore" on a mailbox or you change settings such as the AutoResponder - Helm might send the old password when it updates the mailbox; it is crucial that Helm has the right password currently in use.

**RFH Reseller: Sol** · 16th April 2007, 03:32 PM

I'd like to pipe in here as I do believe I have one of the largest email domains on RFH server with a whopping 212 mailboxes with users accessing them from several countries.

As someone rightly mentions a lot of users are blissfully unaware of the 'special admin' screen and especially in a case like the above a single administrator is required.

I was recently asked by this domain's administrator if we could put up a page allowing for 'Auto-Response' and 'Forwarding' functionality without the change password functionality. I immediately replied with a NO.

As I see it the only reason an administrator wants to disallow users to change passwords is so that they can login and diagnose any issues the user may be experiencing. However, from my experience if they can login they typically won't get further and hence either way the issue will be reported.

So basically, I turn this around and say that email privacy is guaranteed. You know the privacy is compromised if someone else knows your existing password (so don't tell them!) or if you try to login and find your password has been changed. Of course, some companies don't like this since they want to be able to monitor the email, however, to be able to truly do that they would need an inhouse solution so that all mail needs to run through their own server which can capture outbound as well as inbound email.

I do agree it's a bit of a pain having to deal with two unique URL's, but I understand how this all works and don't think there is an easy solution. It may however, be possible to change the 'Change Passord' link in webmail to 'pop-up' a new window with the helm page (would be up to Warren to implement this, which would be a pain as it would need to be re-implemented everytime the web mail software is upgraded).

**RFH Reseller: Rappie** · 16th April 2007, 07:10 PM

Originally Posted by Warren

The reason is that there are two databases of user information involves - the mail server and Helm. If Helm needs to do a "restore" on a mailbox or you change settings such as the AutoResponder - Helm might send the old password when it updates the mailbox; it is crucial that Helm has the right password currently in use.

I understand the technical difficulties and the need to synchronize the databases. However i do feel the need to have both things (password and webmail) as closely (integrated if you will) together from a users point of view.

Originally Posted by Sol

I was recently asked by this domain's administrator if we could put up a page allowing for 'Auto-Response' and 'Forwarding' functionality without the change password functionality. I immediately replied with a NO.

As I see it the only reason an administrator wants to disallow users to change passwords is so that they can login and diagnose any issues the user may be experiencing. However, from my experience if they can login they typically won't get further and hence either way the issue will be reported.

So basically, I turn this around and say that email privacy is guaranteed. You know the privacy is compromised if someone else knows your existing password (so don't tell them!) or if you try to login and find your password has been changed. Of course, some companies don't like this since they want to be able to monitor the email, however, to be able to truly do that they would need an inhouse solution so that all mail needs to run through their own server which can capture outbound as well as inbound email.

Sorry Sol, i am not sure what you are trying to tell me here

I like my users to be able to change the password as often as they would want too. Of course its the user his responsibility to protect his password. But its my experience that passwords arent kept ...err.. very secret.

I believe that there is a responsibility for ISP's as well. One of the things must be to keep it as simple as possible for users to change their passwords. Its in no one’s interest to make things more complicated. And you know, people are very easy distracted

Users may not directly blame you if their mailbox has been hacked, (althoug i am sure some of them will) but its one more unnecessary negative experience with your company.