• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Feature request: SMTP Relay setup for plesk notifications

R

rackset

Guest
FACT: To prevent UNSOLICITED BULK E-MAIL sending from hacked sites on windows, we have to disable local relay (to remote) from unauthenticated email account.

This will cause Plesk to not be able sending it's notifications to domain owners/ resellers/ clients ...
There should be a setting to send plesk emails with SMTP authentication, from local or remote server.

This issue caused many customers being angry of why they do not receive notices for over usage, etc...
 
SMTP is still not an option for notifications in Plesk....

rackset said:
FACT: To prevent UNSOLICITED BULK E-MAIL sending from hacked sites on windows, we have to disable local relay (to remote) from unauthenticated email account.

This will cause Plesk to not be able sending it's notifications to domain owners/ resellers/ clients ...
There should be a setting to send plesk emails with SMTP authentication, from local or remote server.

This issue caused many customers being angry of why they do not receive notices for over usage, etc...
Click to expand...


Now - almost 2 years later this major problem hasn´t been properly addressed...?

Nowadays, it is against common sense to make a controlpanel that is unable to be configured to NOT use localhost/127.0.0.1 when sending cp notifications to clients!
Naturally a controlpanel NEEDS to be able to be configured properly with SMTP/authentication for all mails.

Hackers has indeed got their eyes up for Plesk and abuse the fact that the cp is not able to use other settings than localhost for cp notifications - Parallels, get this done ASAP to assist your clients in maintaining a proper cp with less chance possible for abuse...

Actually all the hackers needs to do is autosearch for Plesk installations and then also autocheck if it is possible to abuse the localhost setting and the - also automatically - start the abuse big style...

This is a bug in Plesk and needs immediate attention.
 
You must log in or register to reply here.

Similar threads

B
Question Plesk email relay incoming emails to another server
Replies
1
Views
296
bit
B
F
Issue SOGo - emails sent from webmail, both manually created and autoresponder/vacation/out-of-office, are rejected. They miss spf, dkim, dmarc, everything
Replies
1
Views
406
Farfalk
F
V
Issue Smarthost + SRS = relay?
Replies
2
Views
10K
vanlier
V
J
Resolved Non delivery mails notifications
Replies
1
Views
1K
JuanCar
J
F
Issue Relay access denied for root mails
Replies
3
Views
718
fliegerhermi
F
Back
Top