Plesk 12.x / Linux :: Unable To Disable SSL V2 And V3 In Postfix And Courier
Dec 13, 2014
I am trying to secure my VPS and one thing noted in a recent scan was SSL v2 and v3 being supported for SMTP, POP3 and IMAP. So a check of ‘Disabling SSLv3 Support on Servers’ and the Postfix configuration settings suggest:
Examining both only the copy in /etc/postfix/ is configured and at the end of this file I can find all the Plesk settings, including some RBLs I’ve defined via the UI. Hence I know this is the working config as of the two, it’s the only one actually configured. Hence I add the required commands to the config:
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
I then go to the Plesk Tools & Settings > Services Management and restart:
I am unable to disable or modify the firewall by using the plesk firewall extention. Plesk throw the two errors below:
Error: Could not disable firewall: util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/register_service
Error: Could not activate firewall configuration: util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/safeact I checked the symlinks, they point to the same location: /opt/psa/admin/bin/modules/firewall/mod_wrapper -r-s--x--- 1 root root 18896 Jun 6 10:37 mod_wrapper
My issue started ince a couple of months seemed to increase with update to Plesk 12.0 (though I can't guarantee it).I am using Centos 6.5, all updated. What happens is that postfix usage starts to increase without any apparent reason (during week-ends for example). Then postfix is not responding anymore.
Hopefully I'm posting this in the correct area. Our server runs CentOS 4.4 on x86_64 arch.
So basically everything was going rather smoothly...
Problems began to arise at the point where I finished installing/configuring SquirrelMail. Upon logging in, I saw this:
Ok, so I checked maillog and saw:
Feb 11 13:50:46 zeus imapd: LOGIN, user=alex, ip=[::ffff:127.0.0.1], protocol=IMAP Feb 11 13:50:47 zeus imapd: Failed to connect to socket /tmp/fam-- Feb 11 13:50:47 zeus imapd: Failed to create cache file: maildirwatch (alex) Feb 11 13:50:47 zeus imapd: Error: Input/output error Feb 11 13:50:47 zeus imapd: Check for proper operation and configuration Feb 11 13:50:47 zeus imapd: of the File Access Monitor daemon (famd). Feb 11 13:50:47 zeus imapd: DISCONNECTED, user=alex, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=21, sent=57, time=1
So I did some searching and determined it was a problem with Courier-IMAP being compiled with File Alteration Monitor support and famd not running (I built RPM directly from source tarball without any customization whatsoever per the instructions on the Courier website).
I found some possible solutions to be:
1) Install and run fam and be sure portmapper is running as well (problem being is that fam has since been replaced by gamin on CentOS, which is installed properly on my system). 2) Do a source install of Courier-IMAP and --disable-fam
Ok, so route 1 went like this: I uninstalled gamin, found fam-2.6.8, installed it, started it manually, made sure portmapper was running and tried again. This time, I still got the same errors in SquirrelMail, but the errors in maillog didn't show up. However, shortly after the page loaded, the famd process I had started manually promptly ended without my intervention. Ok, onto trying #2.
Route 2 went like this: reinstalled gamin, then I tried building a custom RPM by manually configuring with --disable-fam and then using rpmbuild -bc --short-circuit and rpmbuild -bi --short-circuit. That didn't change anything at all, I still had the same errors both with SquirrelMail and in maillog. Then I said ok, I'll just do a complete source install. ./configure --disable-fam && make && make install. Manually started that server, tried again, same deal, both errors.
So I've got problems. Either with Courier-IMAP, SquirrelMail, or both. The other daemons seem to run fine, I just mentioned them in case of the possibility of some kind of (unknown to me) conflict.
If you need to see any of my configs, let me know...any information greatly appreciated...I'm desperate.
Yesterday we upgraded two of our servers to the latest Plesk 12.
The 1st server is an CentOS/CLoudlinux 6.x server and the 2nd an CentOS 5.x server.
Both of them were running Plesk 11.5 before the upgrade.
After the upgrade, we have the same issue in both servers which is that the START/TLS, SSL protocols at Courier imaps or pop3s do not work, and mail clients (outlook, thunderbird) return that the password is wrong when they connect over a secure connection.
In both of them, at the /var/log/maillog, we are getting the same messages, as the following one:
I'm trying to find Courier IMAP config: /etc/courier/imapd
Because i would like to edit the parameters for the trash folder (see qoute and link below)
The file on my server is not there. I did some grep and locate commands and was unable to find it.
##NAME: IMAP_EMPTYTRASH:0 # # The following setting is optional, and causes messages from the given # folder to be automatically deleted after the given number of days. # IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default # setting, below, purges 7 day old messages from the Trash folder. # Another useful setting would be: # # IMAP_EMPTYTRASH=Trash:7,Sent:30
I would like each of my clients who have a dedicated IP address and an SSL certificate to be able to use their own domain name (and own certificate) when sending mail on ports 465 or 587. I have managed to change the default certificate used by Postfix to my own server's certificate, but I want users to use their OWN IP address and SSL certificate when sending, so this is not an option.
I have been able to update Dovecot to use a specific certificate for each IP address, but I can't seem to update Postfix. I was trying to follow these instructions but my postfix master.cf was quite different than the poster's file and I didn't succeed: [URL] ....
I know many people will simply say "it can't be done" or "just get the users to use the shared IP address", but I know there must be some workaround to make this work, even if it means manually updating the config file after every Plesk update. I'm even prepared (if possible) to have Plesk abandon management of Postfix and have me manage it manually, if that's even an option.
on a fresh debian 7 64bit openvz system we actually have a problem with the new plesk 12 feature of limiting outgoing mails.We migrated about 25 systems to plesk, this is the first that makes problems.If limiting outgoing mails is activated (i double-checked all possible checkboxes in plesk) a fresh mailbox gives us the following error while trying to send via smtp:
Aug 15 13:09:32 2d4 postfix/smtpd: connect from unknown[XX.XX.XX.XX] Aug 15 13:09:32 2d4 postfix/smtpd: E9AF61C58851: client=unknown[XX.XX.XX.XX], sasl_method=PLAIN, sasl_username=XX@XXX.XX Aug 15 13:09:32 2d4 greylisting filter: Starting greylisting filter... Aug 15 13:09:32 2d4 /usr/lib/plesk-9.0/psa-pc-remote: handlers_stderr: SKIP
After deactivating the feature all mail is sent without any problems. We use postfix + dovecot.
There are several big domains that frequently defer accepting mail from us causing long delays or rejections. Google, AOL, and Yahoo are examples. I'm considering trying the suggestions found in this online posting regarding rate limiting the sending of messages to those domains. In the below URL, please see the section titled "Different policies for different domains"...URL....
Would these changes be safe to make on a CentOS 6.4 server running Plesk 11.0.9 with Postfix 2.8.4? Would any special modifications for Plesk be necessary?
My server is Plesk 12 with Postfix and Courier IMAP i am also using Thunderbird as mail client...
My question is when i create a folder from my mail client or webmail they just appear as sub folders of my inbox which is not what i want, i want root level folders not to be under inbox... When i searched for this i found [URL] ....
Is this still the case? Is there anything i can do to have root level folders?
I have a hard problem with my VPS. I have postfix as mail server on plesk 12 under ubuntu 12.
I dont know why the outgoing mails of all my domains in my servers are getting spam in servers like gmail, yahoo, hotmail...
I'm using mxtoolbox to fix errors and warnings and finally fixed all of them, but my mails are still outgoing to spam.
In mxtoolbox actually I have no mail server errors / warning, u can see it with, for example, this one of my domains: [URL] ....
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community.
I have a brandnew server with CENTOS 6.5 Final with Plesk 12.
For some reason unknown i'm not able to configure Postfix as smtp server and accept plain text autentication. It only accept TLS autentication both on port 25 or 587. If i install Qmail everything works without any problem.
My environment: Parallels Plesk v12.0.18_build1200140606.15 os_Debian 7.0 64bits - postfix
In documentation about Server-wide-mail settings
In Plesk for Linux with the Postfix mail server, you can change the IP address used for sending mail. Also, if your server sends mail from domain IP addresses, you can specify which name will be used as a host name in SMTP greetings.
Choose from the three options:
◦Send from domain IP addresses. By default, mail from each domain is sent using the domain's IP address. The host name used in SMTP greeting is defined by the configuration of the mail server.
◦Send from domain IP addresses and use domain names in SMTP greeting. If selected, Plesk changes the mail server configuration so that the SMTP greeting will contain the name of the domain from which an email message is sent.
This option prevent the sender's IP address from being put into public black lists, such as the Spamhaus or OpenBL lists. This might happen if the mail server host name is used in SMTP greeting for the messages sent from domain IP addresses. Some recipient servers consider such messages as spam.
We recommend that you use this option if you host less than 100 domains. In case of a large number of domains, using this option significantly increases the load on the server.
◦Send from the specified IP address. You might want to use certain IPv4 and IPv6 addresses for all outgoing mail.
Sending all mail from the specified address might be useful, for example, if the IP address of the mail server was put into public black lists, such as the Spamhaus or OpenBL lists. If you select None, outgoing mail will not be sent.Click to expand...