• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Feature request: SMTP Relay setup for plesk notifications

R

rackset

Guest
FACT: To prevent UNSOLICITED BULK E-MAIL sending from hacked sites on windows, we have to disable local relay (to remote) from unauthenticated email account.

This will cause Plesk to not be able sending it's notifications to domain owners/ resellers/ clients ...
There should be a setting to send plesk emails with SMTP authentication, from local or remote server.

This issue caused many customers being angry of why they do not receive notices for over usage, etc...
 
SMTP is still not an option for notifications in Plesk....

rackset said:
FACT: To prevent UNSOLICITED BULK E-MAIL sending from hacked sites on windows, we have to disable local relay (to remote) from unauthenticated email account.

This will cause Plesk to not be able sending it's notifications to domain owners/ resellers/ clients ...
There should be a setting to send plesk emails with SMTP authentication, from local or remote server.

This issue caused many customers being angry of why they do not receive notices for over usage, etc...
Click to expand...


Now - almost 2 years later this major problem hasn´t been properly addressed...?

Nowadays, it is against common sense to make a controlpanel that is unable to be configured to NOT use localhost/127.0.0.1 when sending cp notifications to clients!
Naturally a controlpanel NEEDS to be able to be configured properly with SMTP/authentication for all mails.

Hackers has indeed got their eyes up for Plesk and abuse the fact that the cp is not able to use other settings than localhost for cp notifications - Parallels, get this done ASAP to assist your clients in maintaining a proper cp with less chance possible for abuse...

Actually all the hackers needs to do is autosearch for Plesk installations and then also autocheck if it is possible to abuse the localhost setting and the - also automatically - start the abuse big style...

This is a bug in Plesk and needs immediate attention.
 
You must log in or register to reply here.

Similar threads

K
Issue All Plesk notification delivering to spam or junk folders
Replies
2
Views
475
Ickov
I
K
Resolved Placeholders for reseller resource overuse notices don't work
Replies
3
Views
451
Hangover2
Hangover2
carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
1K
rkbonatto
rkbonatto
PeopleInside
Forwarded to devs Backup Manager email notification issue: wrong from address
Replies
7
Views
2K
Oskar3210
O
S
Issue SMTP/Qmail stop working suddenly without any cause
Replies
3
Views
531
Stephen_Stephen
S
Back
Top