1. Ports
  2. Port 2095

Port 2095: cPanel Webmail (HTTP)

What This Port Does

Port 2095 is cPanel's designated port for webmail access over HTTP. When a shared hosting provider runs cPanel, users can open a browser, navigate to http://mail.example.com:2095, and land in a webmail interface — typically Horde, Roundcube, or SquirrelMail — to read, write, and manage email.

It is not assigned by IANA. cPanel chose it, and the web hosting industry followed.

The cPanel Port Cluster

cPanel didn't just pick one port — it claimed a neighborhood:

PortServiceEncrypted?
2082cPanel control panelNo
2083cPanel control panelYes (SSL)
2086WHM (Web Host Manager)No
2087WHMYes (SSL)
2095WebmailNo
2096WebmailYes (SSL)

The pattern is intentional. Each service gets a plain port and an SSL port, paired in sequence. cPanel wanted a block of ports far from the well-known range (below 1024) and away from the commonly registered range that other major services occupy. The 2080s and 2090s were open enough to claim.

Port 2095 is the unencrypted half of the webmail pair. Port 2096 is its SSL twin.

The Security Problem

Port 2095 sends everything in plaintext. Your username. Your password. The email you're reading. Anyone on the same network — a coffee shop, a corporate LAN, a hotel Wi-Fi — can read it.

This was acceptable in an era when SSL certificates were expensive and cumbersome to obtain. That era ended. Let's Encrypt made certificates free in 2015, and the industry shifted. Most cPanel installations today redirect port 2095 traffic to 2096 automatically, or disable 2095 entirely.

If you see port 2095 open on a server you manage, ask why. The answer is usually inertia.

The Registered Port Range

Port 2095 sits in the registered port range (1024–49151). IANA maintains this range for services that register their port assignments, but registration is voluntary — and port 2095 was never formally registered. cPanel simply started using it, it became widespread enough that the hosting industry standardized on it, and it has stayed that way.

This is how much of the Internet actually works. Official assignment matters less than adoption. Port 2095 isn't in the IANA registry, but any network engineer who has touched shared hosting infrastructure knows what it is.

How to Check What's Listening

If you want to see whether port 2095 is open on a machine you control:

# Check if something is listening on port 2095 (Linux/macOS)
ss -tlnp | grep 2095

# Or with netstat
netstat -tlnp | grep 2095

# Scan a remote host (requires nmap)
nmap -p 2095 example.com

On a cPanel server, the process listening will typically be the web server (Apache or LiteSpeed) routing requests to the webmail application.

Should You Block It?

If you're running a firewall and you don't use cPanel, port 2095 has no reason to be open. If you do run cPanel, consider whether you need the unencrypted version at all — most modern configurations can safely close 2095 and route all webmail traffic through 2096 instead.

Frequently Asked Questions

Föregående

Port 2096: Unassigned — cPanel SSL Webmail

Nästa

Port 2097: Unassigned — A Registered Port with No Official Tenant

Var den här sidan till hjälp?

😔
🤨
😃