Search results

I would suggest checking the Virtuozzo panel to see if you can open the HTTPS port as it doesn't appear to be open. You can also check if you are using the Plesk firewall module in Plesk by looking under the extensions module on the left-hand side. Is firewall listed there? You may be best to...

I don't know exactly how you've set up the server to be able to advise further - are you using a firewall package such as CSF, APF or the Plesk Firewall module? Can you describe briefly how you've set up and installed the server so far?

Looking up your domain the-dreamstore.com resolves to 87.106.99.195, and I don't see an HTTPS server running on port 443 on that address. Have you checked your firewall and opened port 443?

Have you double checked that SSL is turned on for the domain? This is in Plesk Panel under "Website Scripting & Security" for the domain. If that setting is enabled, try re-generating the web server configuration files with: /usr/local/psa/admin/bin/httpdmng --reconfigure-all And see if that...

SNI will work out-the-box without any further configuration necessary. You just set the SSL certificate to be used for each domain in the "Website Scripting and Security" section of Plesk. Make sure you are restarting your browser (or using a private browsing mode such as Incognito mode in...

If we enable the disk quota option in Plesk (and assuming the file system has quotas enabled), should this limit the disk space that can be used by a domain even for files created by the 'apache' user? We've been testing this internally and it only seems to limit space for the domain's user...

What I suggest doing is review the Courier IMAP and Postfix SMTP sections in the current version of the KB article (http://kb.odin.com/en/123160) and compare the suggested changes with your current files - I suspect the cipher lists will be different as those were updated about a week after the...

Have you already run the script? If so, are you experiencing problems? I wouldn't run the script again if it has already been run as this will just duplicate the same configuration entries. There isn't an article on how to revert the process, but this would just be a case of working out what...

@Ultravoné It should work just fine - the ssl_v3_disable.sh script has been updated several times by Parallels in response to the feedback from users in this thread. The current version applies the cipher settings which are compatible with all modern mail clients. However, it's a simple change...

In imapd-ssl/pop3d-ssl have you made sure there are no other lines that might be overriding your settings? Check the whole file to make sure there are no other TLS_CIPHER_LIST settings in place that may be interfering with your settings. It should not be necessary to add "!SSLv2:!SSLv3" to the...

So with those settings in place, are you able to connect to the mail server and get mail? And does poodle.sh show your ports are vulnerable/not vulnerable?

I should also add - the iPhone does support TLS. It sounds as if you are using the old TLS_CIPHER_LIST settings which were found not to work properly.

What version of Plesk are you using? And did you update the TLS_CIPHER_LIST and TLS_PROTOCOL settings as per the updated KB article?

Thanks for letting us know the KB article has been revised - the new ciphers work well for for Courier POP/IMAP. Only vulnerable port left now is port 465 (Qmail). Do you use Qmail or Postfix? The fix in ssl_v3_disable.sh for Qmail is to add this line to /var/qmail/control/tlsserverciphers...

We received a ticket response from Parallels saying that it's only possible to disable SSLv3 for Courier POP/IMAP in Plesk 12, and that for earlier versions the updated OpenSSL package should be installed. My understanding is that simply updating OpenSSL is not sufficient to protect against...

@JCV Seems like enabling more ciphers in imapd-ssl/pop3d-ssl is the only solution at present. We also have a ticket open with Parallels and awaiting a solution (they said the KB article only fixes POP/IMAP for Plesk 12, but that's not much help as most users will be using < Plesk 12 as it's so new).

Yes, that's the situation we face too - please see my previous comments with the suggested TLS_CIPHER_LIST setting which works.

Also, once you do get the service running, I would suggest testing extensively to make sure mail clients can connect to the server properly (our experience has been that this doesn't work with the TLS_CIPHER_LIST value as suggested in the Parallels KB).

You would be best to configure the file as per the advice in the KB article - some of those settings won't work. In particular you will need to change the following back to the original setting for the service to start: POP3DSSLSTART=YES Without this set as above the service will not start.

We have been in touch with Parallels via ticket and they have confirmed that the suggested ciphers do not work for Courier IMAP. They say that they will be updating the KB article with the correct ciphers.