Recent content by iainh

Thanks for your help and advice @Bitpalast

dnf update run and looking better now: # dnf update Last metadata expiration check: 2:17:08 ago on Fri 08 May 2026 18:17:10 BST. Dependencies resolved. Nothing to do. Complete!

Perfect. Thank you again. I have done this, just not applied the (test) kernal patch. I see I'm back on kernel-5.14.0-611.54.3.el9_7 (for AlmaLinux 9), so maybe I need to look into doing a more comprehensive update via sudo dnf update

Many thanks @Bitpalast. I have reviewed that and noted it was a patch form a test repo, but it sounds like you have confidecne in it. Thank you

And now we have CVE-2026-43284

Thanks for this. I see: So no joy here. But, I'm not running http/2 and there are no other users on the box, so I think I'm in a reasonable position. But it would be interesting to know what is coming to 'officially' mitigate these two CVE, and yes, ploughing into a manual update brings fears...

As a little further info... CVE-2026-23918 (CVSS score: 8.8) only applies to 2.4.66 and is in http/2 support, so I presume 2.4.62 and not enabling http/2 mean this shouldn't be an issue. And CVE-2026-24072 (also CVSS score: 8.8) permits local .htaccess authors to read files with the privileges...

Is there any advice on updating from Apache/2.4.62 (AlmaLinux) to 2.4.67 to mitigate CVE-2026-23918 and CVE-2026-24072? Would using: break all manner of things, or will Plesk magically bring along an emergency update to mitigate these CVE and make the issue go away (as is so often the case?)...

Many thanks @Kaspar for your time, thoughts and advice :) Yes, I get that fail2ban is dynamic and have that locked down (maxretry = 3) to help limit things, but there is also the fail2ban 'plesk-permanent-ban' jail, although that is an all ports, TCP and UDP total ban, but you could create...

I am looking to remove some of the noise and brute force attempt from the maillog and would appreciate people's thoughts and experience. There seem to be three options: 1. The Plesk firewall 2. Fail2ban 3. AbuseIPDB Plesk firewall The firewall (iptables) allows me to be specific and so I...

@TorbHo, set your DMARC policy to none or quarantine, then send a message to another mail service (which should be delivered with a DMARC policy of 'none') and inspect the header. As @Sebahat.hadzhi said, you likly have a domain conformance failure, probably due to you setting the 5322.From...

Ah ... I knoew it. As soon as I post, I'll find the fix... I recall in the rapid migration, SpamAssin is no longer availe and I presume has been incorporated into Plesk Email security. I therefore looked at Warden Anti-spam and Virus Protection, but didn't go through with licensing it. All has...

Mail stopped being delivered on our Plesk server in the early hours of this morning with: Looking through KB articles, I have... Restarted Dovecot and Postfix milter and SMTP via Tools & Settings > Services Management and requeued all mail ... failed Restarting amavisd and postfix and...

I can confirm, cert rotation with wildcard deselected now goes not only without challenge, but oh so quickly. You have just saved me a bunch of time. Thank you so much @Kaspar :cool:

Hi @Kaspar ... so it is the wildcard option that triggers the _acme.challenge update at every cert rotation? If that's the case, it will save me a lot of hassle. Plesk/SSL It! like to 'encourage' including the wildcard option, but if ignoring this removes the need for TXT record update each...