Search results

Custom rules can only be added by the administrator. Yes it does. You can't run both at the same time.

@FutureX Yes Warden does have a rules area where admins can add custom rules to match keywords, subject lines, any mail headers. There are pre-built templates for most rules.

@Maarten. No the Sitejet extension isn't installed (we removed it after the upgrade). This definitely seems related to the new pager. Maybe they are trying to pull in more information with the buttons on the right hand side. > Do you see any timeouts in the browser console? We are seeing an...

@Peter Debik Unfortunately a lot of the slowness seems in relation to the new pager that was introduced in 18.0.57.1 (We do not have the Xovi SEO Toolkit extension installed). After upgrading the pager defaulted to displaying all domains so when you click the domains page it would take over 10...

It looks like this was fixed in Plesk Obsidian 18.0.56 Update 3 :) https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18056-mu3 Remember that you have to run plesk bin apache --listen-on-localhost true again after updating.

@mschenk If your applications are sending out using the PHP mail function then you should enable the X-PHP-Originating-Script header...

@Peter Debik Yes I agree that there isn't a way for Plesk developers to fix this. The big problem is that there are so many PHP applications that can't handle this new change. Webpros own WHMCS breaks entirely as it invalidates the their WHMCS license checks and remote client logging. My take is...

Some additional information from other users: $_SERVER['REMOTE_ADDR'] is showing (127.0.0.1) localhost $_SERVER['SERVER_ADDR'] is showing (127.0.0.1) localhost $_SERVER['HTTP_X_FORWARDED_FOR'] is showing correct IP address of the server $_SERVER['HTTP_X_REAL_IP'] is showing the correct IP...

@EmperorFPI That recent fix is only for the the correct IP address being logged in Apache. It won't fix the PHP $_SERVER vars showing 127.0.0.1. The only way to fix this now is to disable the new Apache localhost feature with: plesk bin apache --listen-on-localhost false

@mschenk You cannot pick and choose which domains your license applies to as Warden scans all incoming and outgoing mail. Many clients use Warden exclusively to track all outgoing PHP based mail even if the domain doesn't have any mailboxes.

@Peter Debik I opened a bug report: https://talk.plesk.com/threads/running-plesk-bin-apache-listen-on-localhost-true-breaks-php-_server-server_addr.372069/

Username: TITLE Running plesk bin apache --listen-on-localhost true breaks PHP $_SERVER["SERVER_ADDR"]; PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Product version: Plesk Obsidian 18.0.56.2 OS version: AlmaLinux 9.2 x86_64 Build date: 2023/10/26 16:00 Revision...

@Peter Debik Unfortunately in my testing it looks like there is another big issue with this change. After enabling "plesk bin apache --listen-on-localhost true" the PHP $_SERVER["SERVER_ADDR"] reports as "127.0.0.1" instead of the real server IP address. This means that any PHP applications...

Guys this is actually fixed in Plesk 18.0.56 Update 2 which was just released: https://docs.plesk.com/release-notes/obsidian/change-log/?18056#plesk-18056-mu2

@TorbHo I'm not sure if this is related to your problem but there is a bug after updating Plesk to 18.0.56 where the Plesk panel interface PHP secure curl functions do not work properly unless the Plesk panel interface is restarted. We are seeing this issue with our Plesk extensions as the curl...

I'm surprised how fast an exploit can make the front page of Arstechnica :( Plesk is very quick at patching CVEs. I'm sure they are aware of the issue now that it's made front page of the tech news sites.

Wow that was quick. Looks like it's already being actively exploited: https://arstechnica.com/security/2023/10/pro-russia-hackers-target-inboxes-with-0-day-in-webmail-app-used-by-millions/

@Peter Debik Just a note that this is a bug (PPPM-14170) when the new Apache listen on localhost is enabled. The Plesk developers already have it fixed and should release it shortly with one of the next updates :)

@jsmp Try disabling the new "Apache listen on localhost" setting that was introduced in 18.0.56 and see if it fixes it for you: plesk bin apache --listen-on-localhost false

You can do all of this and more using our Warden Anti-spam and Virus Protection extension. If money is tight and you don't want to use our extension then I recommend looking over this KB article for how to set tighter SMTPD restrictions in Postfix (Warden sets these automatically but you can do...