• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Roundcube shows mails as forbidden

Fabian H

Fabian H

Basic Pleskian
While trying to open some mails on roundcube, the following appears in the content part:

Forbidden​

You don't have permission to access this resource.
Click to expand...

This only occurs by a few mails, even if they just arrived.
Right now, only from one sender.

There are no errors in /var/log/plesk-roundcube/errors and none in /var/log/plesk-php80-fpm/error.log.
I even tried a plesk repair web on the domain, but this don't fixed the problem, same as a apache restart.
While accessing the mail server with outlook and thunderbird, there is no error, seems it is a roundcube problem.
I am using Plesk Obsidian 18.0.36.0 on CentOS Linux release 8.4.2105.

I would rather not reinstall roundcube, as my customers settings would be lost.

Are there any ideas?
 
IgorG said:
What about webserver log?
Click to expand...
It's empty.

BUT:
I found that ModSecurity is blocking the access to this mails.
This is logged in /var/log/modsec_audit.log:

Code: 
Message: Access denied with code 403 (phase 4). Pattern match "(?i)(?:ORA-[0-9][0-9][0-9][0-9]|java\\.sql\\.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" at MATCHED_VAR. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/17_Outgoing_FilterSQL.conf"] [line "22"] [id "218020"] [rev "1"] [msg "COMODO WAF: Oracle SQL Information Leakage||webmail.mydomain.com|F|2"] [data "Matched Data: error found within MATCHED_VAR: <!DOCTYPE html>\x0a<html lang=\x22de\x22 class=\x22iframe\x22>\x0a<head>\x0a<meta http-equiv=\x22content-type\x22 content=\x22text/html; charset=UTF-8\x22>\x0a<title>Roundcube Webmail :: Mail subject</title>\x0a\x09<meta name=\x22viewport\x22 content=\x22width=device-width, initial-scale=1.0, shrink-to-fit=no, maximum-scale=1.0\x22>\x0a<meta name=\x22theme-color\x22 content=\x22#f4f4f4\x22>\x0a<meta name=\x22msapplicat..."] [severity "CRITICAL"] [tag "CWAF"] [tag "FilterSQL"]
Message: Warning. Operator GE matched 4 at TX:outgoing_points. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 5|webmail.mydomain.conf|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"]
I tried to disable ModSec for that domain, but seems like it cannot be disabled for webmail.
I could disable the rule global, but I don't want to do that because it could be used as security breach.
 
You must log in or register to reply here.

Similar threads

M
Issue Outgoing Mail Control is always 0
Replies
1
Views
373
MarketPC
M
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
499
W4ru
W
J
Issue SELinux blocking dovecot from writing to passwd.db
Replies
0
Views
366
John Calvert
J
F
Question Mail delivery status notifications not forwarded
Replies
2
Views
1K
fcnjd
F
T
Resolved "sent items" emails in Roundcube have all same date/time after restore of mailbox
Replies
2
Views
1K
TomBoB
T
Back
Top