DirectAdmin 1.58.2 Release Candidate

[DanielP]

We heard this over and over again, but that is -not- an argument to make access easier. Via file manager or FTP you have to search and try and find the correct mail. Via the simple login, you can easily see the subject and choose which to read from there. It takes extra work via file manager and you don't have any overview of which is what.
So yes, autologin -does- create an important change.

AVG/GPDR is to protect more, not to make life more easier for sysadmins.
So if it already can be done, another more difficult way where you can not see subjects at least, which is more safe, it should not be made easier with a better overview for no reason except lazyness.
Next to that, sysadmins should also not have the FTP credentials of a customer!
That the customer can read his mail is evident.


Which isn't an argument either. If another panel does not comply with laws it does not mean DA shouldn't either.

I do not talk for sysadmins ---- shell users (on accounts shell enabled - for composer, drush, wp-cli purposes) with the user account and criminals that hack a wordpres and install cgi or web shell has grep access which is faster search than that webmail search

 

[Marks]

Yea from you but not the rest OLD .../ Directadmin BOXES so ?

I did not understand
I wish all accounts had autologin

 

[DanielP]

Yea but this is no option or default function you switch on or off.

That is in design , but if you use that it is a crime.

You can see in some log access, and sometimes there is a AUDIT software and so on.

Having such easy , without permission and knowing who reads when whoms mail is a crime in EU country's

2 times against the email receiver and against the Email sender .

Having then options for this in GUI's to make it more easy without extra AUDITING could make a GUI / control panel use forbidden in EU or EU custommers mailing to and from it!?

I m only guesing, if you take time and read some of my links i post here you all understand! That reading other person mails is.... the possibilty in GUI makes this even more worse to control measurements against .
https://forum.directadmin.com/showthread.php?t=58711

So if you did read some links you can read in some or in others i don't know by head that for example mecical personal data if in mail must have end to end encryption, so not readable for serveradmins at all!

I do "sell" and as serveradmin TOBIT/DAVID emailserver that have user right settings so admin can't read/open mails from users. for more then 20 years now. ( if you do with more energy they can find out and yup you can get for 3 years in jail in Germany for that!

That is LAW for years now and the GDPR privacy is going even further with having disabled such...


THIS IS NOT GDPR but standard defualt!
https://www.anwalt.de/rechtstipps/wann-ist-neugier-strafbar_129156.html in german but translated some.

Criminals do not care ... if they decide to do the crime having autologin not having it do not change the situation.. ... It is about trusting parties with ANY access to your account to not be a criminal ... (in panel situation) when server is multi user

it is not about panels if any panels become illegal in EU and EU returns to shell access hosting only, again if someone have access to the storage - especially shell access... with a minimum requirement of account user level access... they can read / search emails almost as easy as having the auto login...

that easy access also include the criminals that already doing a crime to hack a site to install php/cgi shell on it ...

P.S. this cheap Indian developers a lot of people are using can be disguised Russian agents ... and even giving them access to wp-admin can give them access to everything - without auto login access...

 

[ikkeben]

Criminals do not care ... if they decide to do the crime having autologin not having it do not change the situation.. ... It is about trusting parties with ANY access to your account to not be a criminal ... (in panel situation) when server is multi user

it is not about panels if any panels become illegal in EU and EU returns to shell access hosting only, again if someone have access to the storage - especially shell access... with a minimum requirement of account user level access... they can read / search emails almost as easy as having the auto login...

that easy access also include the criminals that already doing a crime to hack a site to install php/cgi shell on it ...

NO then it comes to encryption for such data! Making unreadable for serveradmins and so!
Trusted party even has no right to gain / reading mails at all.

Even if you reading mail from your trusted partner in life it can be jail, if this partner didn''t wanted you to read that one email

And having AUDIT options to whoever has gain acces logged!

Persons can't every time have in mind oh my serveradmin even if trusted can read my mails, this mail now is more private so i don't want to ............
how to remember all sysadmins who yes or no i have to take care of if i'm writing in mail about that one sysadmin in mail for example


Example your trusting partner, is looking for better hoster or new SYSadmin per mail UHHHHH

Discussion is partly offtopic sorry but for having access to users mail it isn't , discussion here or better for this > https://forum.directadmin.com/showthread.php?t=58711

You're talking to oldy having made mistake in younger years reading the FAX negative roll about contract from CEO selling our "Company" while it was possible, and yup ............

i was only the one changing new rolls

P.S. this cheap Indian developers a lot of people are using can be disguised Russian agents ... and even giving them access to wp-admin can give them access to everything - without auto login access...

Last edited by DanielP; Today at 11:25 PM. Reason: adding possibility some cheap website developers to be Intelligence Agency agents in disguise

YUp but do/are they? ( if you've a good AUDIT system then you know)

And what is wrong with Russian agent doing only their JOB little joke but American do the same the other way arround.

 

[DanielP]

NO then it comes to encryption for such data! Making unreadable for serveradmins and so!
Trusted party even has no right to gain / reading mails at all.

Even if you reading mail from your trusted partner in life it can be jail, if this partner didn''t wanted you to read that one email

And having AUDIT options to whoever has gain acces logged!

Persons can't every time have in mind oh my serveradmin even if trusted can read my mails, this mail now is more private so i don't want to ............
how to remmber all sysadmin who yes or no i have to take care of if i'm writing in mail about that one sysadmin in mail for example


Example your trusting partner, is looking for better hoster or new SYSadmin per mail UHHHHH

Discussion is partly offtopic sorry but for having access to users mail it isn't , discussion her or better for this > https://forum.directadmin.com/showthread.php?t=58711

i was only the one changing new rolls

It is not about sysadmins having access... they always have... they do not need auto login to do it ... if they are criminals or intelligence agents (they also have logs access) so if they have elevate access to the sysadmin level they can clean their tracks ...

but we talk for minimum required level to have access to emails and it is user level access to the account for that domain (having or not having autologin do not change that situation)

I actually agree that every one should use encryption so no one could read any one communication, but I'm almost sure eurocrats will not spend a dime to teach EU citizens to use encryption everywhere, as it will make spying on your citizens Chinese style for future social credit system harder for them ...

I'll write something in the other thread too but not now...

to summarize it I'm pro encryption for every one and pro autologin for the user leve (first will guarantee that emails are unread) and the second will cut support request and cut diagnostic times without changing current level of privacy for the user level....

 

[ikkeben]

I actually agree that every one should use encryption so no one could read any one communication, but I'm almost sure eurocrats will not spend a dime to teach EU citizens to use encryption everywhere, as it will make spying on your citizens Chinese style for future social credit system harder for them ...

Worse they are trying to make LAWS against such encryption possibilities they can't read themselves by their AGENTS / POLICE , and the other LAWS are wanting to have such encryption. ( so such encryption yup but we have to have normal access for our Police)

Problem is with Domainuser in DA isn't always the real owner of the/all emailaddresses that are in those domain!

See my FAX example, that was really really hard and bad for me! I was the FAX USER and responsible for that silly device.

Another Example to explain as IT i had to restore backuped old deleted emails from EX CEO (By that person saying those deleted emails where only private ones) that was also against the EXISTING LAWS! LONG to long time ago so i can write here.

 

[DanielP]

Worse they are trying to make LAWS against such encryption possibilities they can't read themselves by their AGENTS / POLICE , and the other LAWS are wanting to have such encryption. ( so such encryption yup but we have to have normal access for our Police)

Problem is with Domainuser in DA isn't always the real owner of the/all emailaddresses that are in those domain!

See my FAX example, that was really really hard and bad for me! I was the FAX USER and responsible for that silly device.

Another Example to explain as IT i had to restore backuped old deleted emails from EX CEO (By that person saying those deleted emails where only private ones) that was also against the EXISTING LAWS! LONG to long time ago so i can write here.

My arguing is how the sysadmin is the master of the universe for the server that way (with some only minor limitations / or impossibility to clear some of the traces ) Domainuser is the master of the universe for the account

 

[ikkeben]

My arguing is how the sysadmin is the master of the universe for the server that way (with some only minor limitations / or impossibility to clear some of the traces ) Domainuser is the master of the universe for the account

I understand ofcourse.
I was the master of the universe for that FAXmachine, still it wasn't good and right to read that text on the negative roll. !

Also for restoring that EX CEO mails...

So you are responsible even if you can, but making more and to easy reading stuff that doesn't belong to you, and for sure a lot of people don't wan't you to read.

This should be as difficult as reasonable possible. ( depending which level it should by LAW as mentioned medical data must be out of sight and encrypted).

So making a simple GUI / control panel way access is nonononono

I know it is possible to have only the one email / ftp user accessing their DATA and no others so!? ( if changing RIGHTs / OWNER then the AUDIT in log files and so on)

TSS with backups is often a loophole if not encrypted the right way for example!

 

[blueice]

Hello,
i think it is 2 different things:
1. The auto login feature, if it is work well, etc.
2. If it is allowed for EU customers.

My opinion is to keep this things separate. So to keep this thread only for the technical things and use another thread for the law.
I am almost sure that if there any problem with EU law, the directadmin team can make this feature optional.
Also please keep in mind that cpanel have this feature enabled by default and it is the most popular panel in EU. I not say that this is legal or not, but i think this is reason to keep the development of this feature open and just ask the option to disable it via directadmin.conf.

 

[ikkeben]

Hello,
i think it is 2 different things:
1. The auto login feature, if it is work well, etc.
2. If it is allowed for EU customers.

My opinion is to keep this things separate. So to keep this thread only for the technical things and use another thread for the law.
I am almost sure that if there any problem with EU law, the directadmin team can make this feature optional.
Also please keep in mind that cpanel have this feature enabled by default and it is the most popular panel in EU. I not say that this is legal or not, but i think this is reason to keep the development of this feature open and just ask the option to disable it via directadmin.conf.

hum yup fair reply.

I don't agree if technical possible but ..not.. then. read >

Technical only switch is not enough, then better together with vissible warning for Domainusers themselves to that this option is switched on ( and warning at contact email adres on website for those who want to send mails), also a AUDIT not possible to delete log event if short switched on .

But i'm almost sure in USA reading mails from others is also forbidden without the knowledge and permissions? ( i mean also the emailasenders who can't know about such possible on or of switch! )

So why put in such option if "not allowed" or even put a Control panel in beeing less Trustworthy.
For this:

het briefgeheim the confidentiality of mail
briefgeheim inviolability of the mail

Having Domainusers and MAILuser and everybody sending receiving mails to those accounts. not knowing it because of default on or even switch option for such?

So if optional then only SERVER admin who is setting this in ***.conf knows? NONONO

 

[blueice]

I have install the RC release in one of my servers and seems the autologin feature working fine
the version of directadmin i have is:
./directadmin o
Compiled on 'CentOS 7.0 64-Bit'
Compile time: Aug 25 2019 at 16:26:24
Timestamp: '1566771931'
Compiled with IPv6

They work in all domains in my server

Also it is very good that we can option to have enabled or disabled this feature in directadmin.conf with the option one_click_webmail_login.
This can allow us to have it disabled or enabled depending our needs.

Right now the roundcube open in the same tab, i recommended to open it in another tab so we can still have the directadmin tab open.
Thank you

 

[Richard G]

I think it's a good thing that it's disabled by default.
This way European sysadmins can figure out a way to ask their customers for permission to either use it by default or get permission on a per needed base.