Plesk 12.x / Linux :: Courier SSL Shared Cipher Error
Aug 8, 2014
Yesterday we upgraded two of our servers to the latest Plesk 12.
The 1st server is an CentOS/CLoudlinux 6.x server and the 2nd an CentOS 5.x server.
Both of them were running Plesk 11.5 before the upgrade.
After the upgrade, we have the same issue in both servers which is that the START/TLS, SSL protocols at Courier imaps or pop3s do not work, and mail clients (outlook, thunderbird) return that the password is wrong when they connect over a secure connection.
In both of them, at the /var/log/maillog, we are getting the same messages, as the following one:
--------------------------------------------------------------------------
courier-imaps: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
--------------------------------------------------------------------------
As the issue is in both server, we believe thath it there is a bug in the new version or the update script.
We have already checked all configurations which seem ok, tried to... reboot the machines, mailchk repair, but nothing seems to work.
View 1 Replies
ADVERTISEMENT
Jan 5, 2015
Recently i have upgraded my system to Plesk 12 and im loving it. After upgrading i started checking and fixing all my SSL shortcommings. I think i've come from a far end upgrading it.
One of the fixes was the poodle fix, wich recommended to upgrade cipher suites. When analysing my cipher suites at ssllabs testing suite i get the following errors:
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK128
RC4Yes WEAK
I cannot find a way to remove the weak RC4 protocol and the other three weaknesses.
View 3 Replies
View Related
Jul 14, 2015
I have a problem with an account. The client connects and starts getting his mails, like this:
Jul 14 07:39:04 host courier-pop3d: LOGIN, user=*****@*****.com, ip=[::ffff:*.*.*.152], port=[*]Click to expand...
View 2 Replies
View Related
Feb 2, 2015
I'm using plesk with CentOS 6.6
After setting up some e-mail accounts over the plesk gui I tried to connect via a mail software (like thunderbird).
This failed with every combination of settings I tried. So I checked if the POP3/IMAP services are running correctly using telnet.
I connected using the following command:
Code:
telnet <host-ip> 110
The response was:
Code:
Trying <host-IP>...
Connected to <host-IP>.
Escape character is '^]'.
-ERR Cannot connect to POP server <host-IP> (<host-IP>:110), NB connect error 1460
Connection closed by foreign host.
Did I miss to enable a setting?
The Plesk gui schows me, that the corresponding services are running...
View 2 Replies
View Related
Dec 13, 2014
I am trying to secure my VPS and one thing noted in a recent scan was SSL v2 and v3 being supported for SMTP, POP3 and IMAP. So a check of ‘Disabling SSLv3 Support on Servers’ and the Postfix configuration settings suggest:
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Preferred syntax with Postfix = 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
This actually goes further than disabling SSLv2 and v3 and also excludes the use of NULL and MD5 ciphers.
The Postfix conf file, main.cf exists in two places on my VPS:
# find / -name main.cf
/usr/libexec/postfix/main.cf
/etc/postfix/main.cf
Examining both only the copy in /etc/postfix/ is configured and at the end of this file I can find all the Plesk settings, including some RBLs I’ve defined via the UI. Hence I know this is the working config as of the two, it’s the only one actually configured. Hence I add the required commands to the config:
...
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
[Code] ....
I then go to the Plesk Tools & Settings > Services Management and restart:
SMTP Server (Postfix)
And for good measure:
Plesk milter (Postfix)
I then test whether SSLv2 is enabled:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
Now what I should get back is an error as the attempt to connect with SSLv2 should fail as it's an excluded protocol, but instead what I get back is the Plesk cert and a connection:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com
verify error:num=18:self signed certificate
...
Why? What do I need to do to have Postfix use the updated config and refuse an SSL2 connection?
I seem to have the same issue with Courier having made similar changes to the /etc/courier-imap/pop3d-ssl file:
# Iain 2014-12-12
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
TLS_CIPHER_LIST="TLSv1:HIGH:MEDIUM:!LOW:!EXP:!NULL:!aNULL@STRENGTH"
And /etc/courier-imap/imapd-ssl file:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1
actually, this should probably read:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1, TLS1.1, TLD1.2
Why am I unable to disable SSL v2 and v3 for SMTP/POP3/IMAP with Postfix and Courier?
View 15 Replies
View Related
Feb 20, 2015
I'm trying to find Courier IMAP config: /etc/courier/imapd
Because i would like to edit the parameters for the trash folder (see qoute and link below)
The file on my server is not there. I did some grep and locate commands and was unable to find it.
##NAME: IMAP_EMPTYTRASH:0
#
# The following setting is optional, and causes messages from the given
# folder to be automatically deleted after the given number of days.
# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default
# setting, below, purges 7 day old messages from the Trash folder.
# Another useful setting would be:
#
# IMAP_EMPTYTRASH=Trash:7,Sent:30
[Code] ....
View 1 Replies
View Related
Jun 29, 2013
After upgrade to Plesk 11.5.30 trying to set up FTP-Backup Repository:
Repository error: Transport error: unable to list directory: Curl error: Access denied to remote resourceClick to expand...
View 7 Replies
View Related
Nov 4, 2014
I have set up a CentoS 6 & Plesk 12.0.18 server as master and a reseller. I enabled the shared IP under IP address in the tools section.
I then added a customer and domain. then I added reseller with domain and 2 customers with domain under that. I changed the nameservers at registrar to the IP of the new server. When I use the control panel and under each domain I use the PREVIEW and each domain shows the index.html file I uploaded. When I choose OPEN it opens a new window to the domains address and I get webpage not found. And yes it has been almost 36 hours since the registrar change in case you are wondering.
Is there a setting I am missing or is the server set up wrong? Why wont it show the webpages as it does in the previews?
View 7 Replies
View Related
Aug 11, 2014
Plesk Panel 11.5.30, on Centos 5.10. I have 2 'domains' running on the same ip; sub.mysite.com and mysite.com. I need to add SSL to sub.mysite.com.
From the documentation, [URL] ...., it appears that if the user is using a SNI compatible browser a single SSL certificate for sub.mysite.com should work (as I am using a linux server, SNI is enabled by default I believe).
However, the control panel for the domain (website & domains > hosting settings) states that "To employ SSL, move this site to a dedicated IP address, install an SSL certificate on the site, and then select it below." In addition, other documentation makes reference to a "Secure your sites" link on the control panel to implement a purchased SSL certificate, which is not visible to me - I presume because the domain is not on a dedicated ip address.
Can someone confirm that;
a) a SSL certificate for sub.mysite.com on a shared ip will work.
b) that the SSL for sub.mysite.com would managed at the server level (Server Management > Tools & Settings > SSL Certificates) rather than the domain's control panel.
One alternative may be to purchase a wildcard SSL certificate (*.mysite.com). This post [URL] .... suggests that this would work. However, this is a more costly option and does more that I need (i.e. delivers SSL for all domains).
I could also purchase a dedicated ip address for sub.mysite.com. I have no experience of moving domains within plesk from a shared ip to a dedicated ip. Is this a straightforward process?
View 1 Replies
View Related
Jul 15, 2008
Can anyone who is a security expert recommend the most secure option for choosing what type of "cipher" to use with our OpenVPN setup?
(I bolded the one I think might be best? Let me know what you think. We are currently using "BF-CBC", but I want to be sure it's not breakable...) ...
View 4 Replies
View Related
Apr 10, 2013
We are currently running ColdFusion 9 on an Apache server. After running a Webinspect scan for one of our web applications, a weak cipher vulnerability was flagged as critical. Their recommended change to the httpd.conf file is listed below. We made the change and restarted our server but the same vulnerability came up again. How to eliminate the weak cipher vulnerability?
SSLCipherSuite ALL:!aNull:!ADH:!eNull:!LOW:!EXP:!NULL:RC4+RSA:+HIGH:+MEDIUM
View 3 Replies
View Related
Oct 6, 2014
Whenever I try to update the Plesk key via webinterface I receive the following error:
Unable to connect to license server [URL] ....
cURL error description: Problem with the SSL CA cert (path? access rights?)(77)
Checking via command line shows that the SSL certificate of ka.parallels.com on port 5224 is expired in 2004 (!)
As it worked until today, why the SSL cert check fails now?
View 9 Replies
View Related
Jun 22, 2014
I upgraded Plesk 11.5 to the latest version 12.0.08 # 5 and now I can not configure the external FTP backup I get the error:Transport error: unable to list directory: Curl error: Timeout was reached. Also failing the backup shows this error: Unable to rotate dump: The dump rotation is failed with code '126 'at / opt / psa / admin / bin / plesk_agent_manager line 1041.
And this one:Can not upload file 'domains/domain.tld/backup_domain.tld_info_1406210716.xml' to ftp. Error code: 1..my SO Debian 6.0.8
View 19 Replies
View Related
Jul 21, 2014
I have plesk 12.0.18 Update #9 Fresh installation. When i'm done with adding an subscription i get this error:
New configuration files for the Apache web server were not created due to the errors in configuration templates:
Template processing failed: file = /usr/local/psa/admin/conf/templates/default/domainVhost.php, error = Template_Exception: No data. file: /usr/local/psa/admin/plib/Template/Processor.php line: 28 code: 0 Previous error: Template_Variable_Exception: No data. file: /usr/local/psa/admin/plib/Template/Variable/AbstractCachedData.php line: 67 code: 0. Detailed error descriptions were sent to you by email. Please resolve the issues and click here to generate broken configuration files once again or here to generate all configuration files. See the details in Configuration Troubleshooter
View 5 Replies
View Related
Feb 19, 2015
just had a server /var full because of an error_log that was 4GB in size. First entries were from 28th of august last year.
Log rotation is configured on the webspace and access.log is rotating. It's set to rotate every 10240kiB.
Since the difference between 10MiB and >4GiB is quite large and there being a lot of errors on 28th august already it should have been rotated way sooner. Even if cron only runs the job once a day.
Host OS is Ubuntu 12.04.5 in case it matter.
View 4 Replies
View Related
May 16, 2015
I am using the Slave DNS manager and I'm getting the following error in /var/log/messages on the slave server when the master/plesk tries to send change notifications.received notify for zone 'example.com': not authoritative
The domain is pointing to ns1.mydomain.com and ns2.mydomain.com, the domains zone on the master has both of these as NS records. And the SOA record lists ns1.mydomain.com as the primary authoritative nameserver.The zone has not been set on the slave server, what would be the cause here?
Slaves named.conf
bbb.bbb.bb.bbb = Slave IP
aaa.aa.aa.aaa = Master/Plesk
Code:
options {
listen-on port 53 { 127.0.0.1; bbb.bbb.bb.bbb; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
zone-statistics yes;
[code]....
View 2 Replies
View Related
Sep 22, 2014
Since upgrading to v12* I have had issues backing up to my FTP repo, the errors are limited but how to come over it?I have searched and checked all common issues, space on drive, space on destination etc.
Errors I receive are:
[root@web01 backup-2014-09-22-08-32-24-354]# tail -f backup.log
[2014-09-22 10:09:52.790|24801] INFO: Transport: Init credentials for user ''
[2014-09-22 10:09:52.790|24801] INFO: Repository '/home2/backups/': Initialized
[2014-09-22 10:09:52.803|24801] INFO: Repository 'ftp://XXX//XXX/XXX/': Initializing...
[2014-09-22 10:09:52.803|24801] INFO: Transport: Get repository transport ftp://XXX//XXX/XXX/
[2014-09-22 10:09:52.803|24801] INFO: Transport: Init credentials for user 'XXX'
[2014-09-22 10:09:52.820|24801] INFO: Repository 'ftp://XXX//XXX/XXX/': Initialized
[2014-09-22 10:09:52.840|24801] INFO: pmm-ras finished. Exit code: 1
[10918]: 2014-09-22 09:09:52 ERROR 25eebacd-8f15-492d-8297-27d25ecb68b8 Can't upload file 'backup_info_1409220832.xml' to ftp. Error code: 1
[10918]: 2014-09-22 09:09:52 DEBUG Uploader output: Error: basic_string::_S_construct NULL not valid
No matter what I try this fails, I have a v11* still backing up without issues to the same FTP.
View 1 Replies
View Related
Jul 13, 2014
Started testing my install of PP12 and found I cannot receive email from gmail.
There error is "454 4.7.0 TLS not available due to local problem"
This is a brand new install of PP ( Centos Linux ) via the AWS Marketplace EC2 instance ( offered by Parallels ).
View 4 Replies
View Related
Feb 24, 2015
We successfully migrated web and email from a Plesk 9.3 system to the new Plesk 12.0 system. Afterwards i try to install new extensions and / or try to delete existing extensions and receive the following error:
Die Erweiterung Webserver Configurations Troubleshooter kann nicht entfernt werden: crontabmng failed: /usr/bin/crontab execution failed: "crontabViWP46":11: bad command errors in crontab file, can't install. System error: crontab execution error
Means that i am not able to delete the extension "Webserver Configurations Troubleshooter". But the extension is delete (but not completelly - only a checkbox is shown without entry).
Is something comes with a config of the old server? All works proper until migration.
View 3 Replies
View Related
May 27, 2014
I get this error by installing joomla attached...
View 2 Replies
View Related
Nov 16, 2014
i have make a full Plesk Backup on my Old Server with Plesk 12.0(Ubuntu) and will restore the Backup on my new Server with Plesk 12.0(CentOS).When i will restore the backup i get this error: "Error: The source file is not a valid XML file. If you supplied an archive file containing a backup from Plesk version 9 or later, then extract the contents of this archive, and process the extracted XML file with the converter. If you want to convert a backup file from a Plesk version earlier than 9, then you first need to process it with the pre9-backup-convert utility, and then process the resulting file with the pre10-backup-convert utility."
In the Logs i found this:
deployer.log - [URL] ...
import.log - [URL] ...
pmmcli.log - [URL] ...
View 4 Replies
View Related
Nov 17, 2014
When I try to unlock a subscription I get the following error message. The fact is that I have not customized any time any parameter of this subscription, but has blocked me.ERROR: Call to a member function isDefault() on a non-object (Domain.php:966)
View 6 Replies
View Related
Jun 29, 2015
I tried access my plesk box via http://ipaddress:8443 but am met with an web page not available error. I checked my disk df -h and found
/dev/mapper/VolGroup00-LogVol00 Use% is at 100%. What can I clear out to get it up and running again?
View 4 Replies
View Related
May 20, 2015
I wanted to activate nginx on my server als describes on [URL] ...
Installing was no problem, but when i try to enable nginx, I always get errors:
/usr/local/psa/admin/sbin/nginxmng -e
[2015-05-20 10:42:36] ERR [util_exec] proc_close() failed
Error occured while sending feedback. HTTP code returned: 502
[2015-05-20 10:42:37] ERR [util_exec] proc_close() failed
[Code] ....
View 7 Replies
View Related
Mar 18, 2015
how is it possible that after an update my main site is down? This site: www.orderhosting.it has plesk Panel and I have 20 sites. They work perfectly but my main site is off. I think there is an error in the configuration because:
[root@orderhosting ~]# grep -r 199.99.36.73 /etc/nginx/
[root@orderhosting ~]#
This is strange.Error log does not report any errors, only this: [warn] RSA server certificate CommonName (CN) `Parallels Panel' does NOT match server name!?
View 7 Replies
View Related
Mar 10, 2015
HTTP Error (404)
[URL] ....
This is the error I get when trying to install wordpress
View 10 Replies
View Related
Sep 3, 2014
I disabled the reverse proxy and i got following error:
Code:
Fehler: Aufgrund von Fehlern in den Konfigurations-Templates konnten keine neuen Konfigurationsdateien für den Apache Webserver erstellt werden: Template processing failed: file = /opt/psa/admin/conf/templates/default/server.php, error = Template_Exception: syntax error, unexpected '=>' (T_DOUBLE_ARROW)
file: /opt/psa/admin/plib/Template/Processor.php
[Code] ....
Now I got the problem that i can't create the /etc/apache2/plesk.conf.d/server.conf
View 1 Replies
View Related
Feb 9, 2015
After upgrading my vps (running CentOS 5.10) to Plesk Panel 12 all the websites hosted we're showing the Plesk default page. So I ran the httpdmng to reconfigure all the sites and I got this error back:
~]# /usr/local/psa/admin/bin/httpdmng --reconfigure-all
Execution failed.
Command: httpdmng
Arguments: Array
(
[0] => --reconfigure-domains
[1] => domain1.tld,domain2.tld,domain3.tld
)
Details: Empty error message from utility.
I already restarted all the services, rebooted the server and followed this kb article: [URL]
Unfortunately no success.
View 1 Replies
View Related
May 15, 2015
since yesterday I'm receiving this errors on some website: see attachment
View 2 Replies
View Related
Jun 18, 2015
We get this same error on every subscription we create. It doesn't seem to affect anything but it's more of an annoyance than anything. It did it on plesk 11.5 and now with plesk 12.
[2015-06-18 08:35:13] ERR [util_exec] proc_close() failed
PHP Fatal error: Uncaught exception 'PleskUtilException' with message 'glmng failed: ' in /usr/local/psa/admin/plib/Service/Agent.php:243
Stack trace:
[Code] .....
View 7 Replies
View Related
May 11, 2014
I'm facing a problems with my plesk 11.5.30 (latest update with CentOS 6.x).
One subscription can't switch between horde and round-cube. When they change to round-cube, it's still running Horde. To solve this problems, I tried remove Horde (everything's fine, successful) and install it again (error).
View 9 Replies
View Related
