Issue Updating to Plesk to 18.0.74 says mail users have wrong password - what are "mail users"?

[MHC_1]

Server operating system version

Alma Linux 9

Plesk version and microupdate number

Plesk Obsidian 18.0.73 Update #4

Plesk update has a solution guide here:

https://support.plesk.com/hc/en-us/articles/12377596588311-Plesk-upgrade-shows-warning-There-are-accounts-with-passwords-encrypted-using-a-deprecated-algorithm

This shows how to list accounts across the Plesk system with the wrong password encryption for the update. One of these is:



Which outputs a list of domain names and something called "mail_users" which looks like account names.

The Plesk link above, says "Change the password for affected users using Plesk UI." but I can't see what these actually are in Plesk? These don't appear to be individual email accounts? The user name appears to be the "system user" but is titled the "mail_name" , so what do we need to do in the Plesk UI to update these various specific passwords?

Please can you clarify and update the Documentation.



PS All passwords that need updating have been imported with the Plesk Migrator. Please can you update the migrator so that imported account details are re-encrypted if possible to the correct encryption type?

 

[yspirin]

In Plesk, to change the password for affected mail users:

1. Go to Domains → select the domain.
2. Open the Mail tab → Mail Settings → Email Addresses.
3. Select the mailbox you want to update.
4. On that page, generate a new password.

 

[MHC_1]

@yspirin thanks; so the listing from the documentation is for ALL email addresses under each named account?

Can you confirm that replacing the password in the field here (with the same plaintext password) will NOT effect the end user logging in to their emails?

 

[MHC_1]

UPDATE:
@yspirin One of the domains highlighted has only a single mailbox, re-entering the password for this mailbox via the Plesk UI and restarting Postfix / SMTP does not remove this domain from the list outlined in the documentation.

Next steps?

 

[Kaspar]

What password "Storage method" has been selected on the Tools & Settings > Security Policy settings page?

 

[MHC_1]

What password "Storage method" has been selected on the Tools & Settings > Security Policy settings page?

"Symmetric encryption". I guess perhaps this should be changed to Hashed? ( I wasn't previously aware of this option)

Thanks.

 

[Sebahat.hadzhi]

@MHC_1 , do you happen to know whether the server those email accounts were migrated from was configured with hashing for mail passwords? If yes, please try switching to hashing and then reset the password of the affected email account. During migrations the storage mechanism depends on the destination server's default setting, so it could be ground for the reported issue. If necessary, you can then switch back to symmetric encryption (you will need to change the password again).