Search results

stumbled accross the same problem (status module was no longer enabled) on a Debian11 to Debian12 upgrade so, thanks for "confirming" that this happens on a "plesk repair" operation. (that gets executed automatically on a dist upgrade)

you should delete any *kolab* config file you'll find in /etc/dovecot/conf.d/ ! These are old config files from the Plesk Premium Email extension that did not get cleaned up on deactivation/uninstallation of that extension. (do you have it only deactivated or really uninstalled? that is not...

here you go: So, this time all the VPS users get screwed with ludicrous price increase, while the last three years the same was done to the dedicated/baremetal users.

That does not make sense to me, as Roundcube does use "PLAIN" per default (maybe you've changed the imap_auth_type/smtp_auth_type in the Roundcube config once?) As we have a couple or Plesk servers where CRAM-MD5/DIGEST-MD5 is manually disabled for Postfix/Dovecot since ages, I know that...

Dunno, but we have all the auto-update settings enabled on our servers and so far not once it installed a new release automatically, at least not in the first couple of weeks after release. (all the interim and extension updates, as well as OS packages get updated though) Hmm, ok, now that I...

Debian 13 is not (yet) supported by Plesk, so you are completely out of luck. You can try do downgrade again or migrate all your webs to another server with Debian 12 or live with the current situation and wait till Debian 13 is supported.

It does not matter if you remove DIGEST-MD5 or CRAM-MD5 in retrospect, as some mail clients (Thunderbird is among them) do "detect" these server capabilities only when you setup an account. If the server does advertise MD5, Thunderbird will automatically use the encrypted password option until...

Given the circumstance that your server is compromised and the hacker has gained root access (otherwise they could not use the mail_auth_view utility anyway), what is stopping them from executing cat /etc/shadow and/or plesk db "select password from accounts" to see the hashed password of all...

I do agree on this one! Of course it will not work properly, the way Plesk rushed out this feature! As I already wrote on the 20th of August, if a mailserver does advertise any of the MD5 authentication methods, certain mail clients (Outlook ahoy!) will randomly fail when the password of the...

$2y$12$ is the hashing algorithm used, in this case bcrypt. It's the recommended method, to store the algorithm together with the password this way and I don't see why that would pose any security risk. "Security by (pseudo) Obscurity" is not a thing! and not doing it this way would only...

To get the full benefit of customers being able to see backups and restore from them, the Plesk built-in Backup Solution is the only way I know. According to the documentation, the Acronis Backup extension offers similar benefits - but of course, there is a price tag... It should be faster and...

hmm, using hashed passwords but still advertising DIGEST-MD5/CRAM-MD5 screams for disaster.... ...but so does disabling DIGEST-MD5/CRAM-MD5 on a server that is already "in use" by customers

You can change the Apache2 Port in the "ServiceNodeConfiguration" table of the "psa" database. After that you need to rebuild all webserver configuration files and should be good to go. (you can use the Configurations Troubleshooter extension for that) But just so I've mentioned it, this is...

The "Malware Scanner" is indeed enabled and usable in the free edition. In fact it's the only component that is available in the free edition and it gets installed on a Plesk server by default. While the "Malware Scanner" is somewhat limited in the free edition (like only one scan per month)...

We only used and use the Imunify "Malware Scanner" as it's very! helpful and nothing out there comes even close to the functionality and success rate of detecting malicious code on your websites. (we used ClamAV/Sophos virus scan routines, RKHunter and manual scripts before we had ImunifyAV and...

Why not (dist) upgrading to Debian 11? You still get PHP 7.4 there from Plesk. Or does your software run with the bundled PHP version that the Panel itself runs with?

A current Plesk server does use/support the exact same settings/configuration as 99.999% of all mail servers on this planet. Well, OK, quite a lot do not support the MD5 stuff anymore, but AUTH PLAIN/LOGIN works literally everywhere and so that is what should be used. (Apple Mail can/does not...

Authentication Method should be set to "Password" in Apple speak (translates to AUTH PLAIN in technical terms) for both incoming and outgoing mail server. "MD5 Challenge-Response" and "MD5 Digest" may work with most servers as well, but I recommend to not use that. The "SSL" option/toggle...

The only (negative) effect that the OCSP stapling option has and ever can have, is a warning message when reloading or restarting the nginx webserver. So yes, it may not be nice, but it will never break your system. Btw. for self-signed certificates you'll get the same warning, as these...