Plesk 12.x / Linux :: Force Password Encryption For Mail Users?
Mar 10, 2015
I have plesk12 set up but when i set a mail (dovecot) password, it gets stored in plain text (which I can verify by running /usr/local/psa/admin/sbin/mail_auth_view ). I would like to change this default setting to be encrypted.
I have set the values for outgoing mail control low enough to catch the problems without affecting all but one of my clients. I have given him increased limits on certain of his mailboxes.
However when he wants to modify the mailbox, for example change the password he gets the following error.
The maximum number of outgoing email messages (in a pink box)
"The value must be in the range 0..50. Only the Plesk administrator can adjust this setting."
He cannot change the password for this mailbox.
Is there anyway of setting a custom limit on an account and also allow the client to retain the ability to reset his own password.
In Plesk (V. 12.0.18) there is no possibility to create mail accounts for subdomains via web interface. The KB article [URL] ..... describes this problem. The article suggests two possible ways.
I don´t want to use option 1 (create subdomain as additional domain) because a subdomain as domain wastes a domain in the license model.
Instead of that I tried the second way (command line interface). I can execute the first command without problems. When I try to execute the second command, I get the following error: "An error occured during mailname creation: Unable to set password: Domain of type subdomain selected".
today i changed the password for the admin panel for a customer (username eg. mylogin). 10 minutes later he called me and said that he cannot get into his emailaccount anymore. Checked the password and saw that the emailpassword for his emailaddress (eg. mylogin@mydomain.com) is now the same from the admin panel login. So i changed the emailpassword and checked the admin panel login - it now has the emailpassword. What a mess.. I'm running Plesk Panel 11.5.30 MU47.
In my linux vps (cpanel based) hackers have hacked the password of the user ( website owner ) and he have uploaded some hack files(PHP) through FTP. Sometimes the hacker uploads perl/CGI scripts and sends spam mails .This happens frequently in server. How the hacker gets the users password? How can i prevent my users and server from this security issue?
We are planning to move the mail accounts and domains from plesk to other control panel. Is there any way to view the password of the accounts (domain and emails) of plesk. So we can create the same accounts on new server with same password.
I'm contemplating creating a website that could store extremely sensitivity information. It's more than likely that a MySQL database would house this information.
My question is. Does anybody have any experience when it comes to encrypting an entire server disk?
we have identified a number of customers with weak passwords - we wish to send them an email and then wait 1 hour - then change their passwords to the new password we have identified - due to them being across multiple domains, we don't want to do this via the PPA web gui - it would take quite a long time.
What is/are the commands for changing mailbox password for SMTP/IMAP/POP3??
i.e., is there a PPA command for changing both sides of send/receive?
my server has just compromised and someone can retrieve all databases on server with my root sql password.
i changed the root sql password to avoid attacking again and want to ask a question...do i have to change all user's databases password too?
many users have wordpress, forum and other php scripts with config file contains current database password.If i change their pass their sites will stop working.
from some time, the plesk password is no more stored in chrome.I mean that even I delete all passwords/history etc chrome don't ask to save password...so something changed in the login page I suppose.from same time every time I connect to any plesk panel. Chrome say that it's not safe and I have to click "advanced" to continue, even it's a new installation make some minute before.
My reseller have got one plan, where option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment).
This plan contains only one subscription in which I would like to permit users to use sftp. If I go in the subscription, and then I click on "Customize subscription", I can see option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment)...
=> So same than in the plan.
After that, when I click on subscription => WebSites and Domain => One domain => FTP Access and I choose a ftp user, I don't have any option to allow ssh access to the user.
Is it possible to query for a list of system users using the API RPC? I know it's possible with a MySQL query
Code: select id, login, account_id from sys_users order by login;
I've searched through the API RPC manual, but I don't see a way to do this. I always have to specify a filter, I can't find a way to just query for all users.
After some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:
Connect ok! "/" is the current directory Get directory 227 Entering Passive Mode 550 Access is denied.
Server logs: /var/log/messages Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709 from=::ffff:xxx.xxx.xxx.xxx Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d' Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened.
But: /var/log/secure:
Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/pam_stack.so Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - USER client: Login successful.
ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured ad2: everything was fine until recent updates ad3: this is happening only for passive users only ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19
I get an error when i try to access my webmail(horde) over the i-net i get error Unable to get webmail password every time. The error appeared when i upgraded from 11.09 to 11.5. I also followed this tutorial but it didn't worked too. --> [URL] ....
i have installed phpMyAdmin becouse I don't like the limitation of db management of Plesk, but I can't find the root password to access in it. I read that Plesk rename "root" user in "admin", but I can't find the password. Where is it?
I want to create a webpage where users can make a SRV record. I thought this is possible with the Plesk API but i dont have any expierance with the API. How to create it?
I am experiencing a weird issue after a Plesk upgrade (from 11 to 12, installed on Ubuntu 12.04).
FTP/SFTP is not working for all users in one specific domain. When using the latest Filezilla client, I receive the following error when I try to connect in SFTP with the main user of this domain
Error: Received unexpected end-of-file from SFTP server Error: Could not connect to serverClick to expand...
I am seeing some some some strange behaviour when password protecting directories served by nginx and PHP-FPM. If I have a site set up so that 'Process PHP by nginx' is selected under ('Websites & Domains>Web Server Settings>nginx settings') and set up password protection ('Websites & Domains>Password-Protected Directories') PHP pages are still served without asking for a password.
If I untick 'Process PHP by nginx' the behaviour returns to normal and an attempt to any access files results in the password request.Is this behaviour by design? If so, it is not made clear when you set up the password protection that it will not apply to PHP pages if you have nginx process the PHP pages.