Search results

Having found the CNAME records for my domain, it raises 2 questions to me. 1. Should I point the NS records for my domain to my server in the DNS config of my provider? 2. If 1 is true, shouldn't then Plesk have the CNAME entrys for IMAP and SMTP in the Zone Records Template by default?

Correction: it seems that my old provider has added DNS aliases for IMAP and SMTP. At least a dig +trace imap.{mydomain} revealed a CNAME record coming from the provider's name server. As the provider did not only host the domain but also my vServer there could be some interaction when I did...

There is no /var/named/chroot directory and there is also no domain.tld file on Ubuntu. There is an /etc/bind directory with some files in it but they are rather old and I suppose they are not used by Plesk. In the meantime, I found that the imap.{mydomain} record was also missing, which made my...

Thanks for pointing me there, but there is no smtp entry in the template although nslookup shows an smtp record for my other (still untouched) domain. In the meantime I have added an smtp.{mydomain2} entry in the DNS web GUI of my new hoster, and now I can send mails from the transferred domain...

I have a Linux server with Plesk Obsidian 18.0.49 and I'm running 2 domains on it. Both domains have Let's encrypt setup and sending and receiving mails used to work properly for years. Two days ago I did transfer one of the two domains to another hoster and now I cannot send mails from that...

When I look into the log files of my linux server, I can see some frequent vulnerability access attempts which are not addressed by Plesk's preconfigured fail2ban filters. I suggest adding filters for postfix-sasl and postfix-ssl as well as for apache-404 scans into plesk to more harden a...

Did you try to change the default application in Preferences - Global Preferences - Display Preferences ? I set mine to Mail instead of "Horde"

I did not modify the plesk default filter, and the high ports are not open. I want to ban a scanning system because it creates system load, obfuscates other problems by cluttering the log file and possibly tries other methods to find a vulnerability.

Thanks for all the replies. As I said, the fail2ban filter for ssh works correctly. That is, the sshd filter detects all the failed attempts via ssh, as can be verified with: fail2ban-regex --print-all-matched /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf After the filter, the jail...

I did check the filter with fail2ban-regex --print-all-matched /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf and the lines were filtered correctly. Thus, it obviously is the ssh jail which doesn't block the scan as expected. The current jail shows: [ssh] enabled = true filter = sshd...

Yesterday, my Ubuntu 18 server with Obsidian 18.0.36 was port scanned with ssh. Plesk fail2ban did not block this scan. Why doesn't the ssh filter kick in here? The log lines in auth.log look like this: Jul 2 01:14:30 host12907 sshd[14010]: Failed password for root from 64.225.102.51 port...

There are frequent attempts to brute force login to my mail server which show up in /var/log/maillog as shown below. The filter in /etc/fail2ban/filter.d/postfix.conf does not detect those lines and thus does not ban the IPs in question. I did check with the following command, and it indeed does...

I found that the regular plesk postfix configuration in /etc/fail2ban/filter.d/postfix.conf already also filters on the SASL authentication failures. The drawback is, that brute force attackers get only banned for 10 minutes after 5 failure attempts and that with the combined postfix filter the...

I did uninstalled as suggested and did a cleanup by 'rm -r /etc/fail2ban'. After that I re-installed fail2ban and activated all the jails. There is no plesk-sasl jail though and the plesk-sasl.local file which I did see before is not there anymore. I have attached the fail2ban jails page...

Does anybody have the postfix-sasl filter activated? I wonder that I seem to be the only one with the problem as I think that every Linux server with postfix will show the problem. Every day I see IP addresses being blocked by fail2ban for other reasons, but dictionary attacks on postfix do not...

The postfix jail is enabled, the postfix sasl jail isn't. There is a difference in that the postfix filter is named postfix.conf whereas the postfix-sasl filter is named postfix-sasl.local. The jails in jail.d/plesk.conf reference the filters without extension and there is no postfix-sasl entry...

I have enabled fail2ban and most of the jails are working properly. I have also enabled the recidive jail. Alas, I often see messages like this in /var/log/maillog: Apr 24 05:30:10 h2731888 postfix/smtpd[32272]: warning: unknown[203.159.80.233]: SASL LOGIN authentication failed: authentication...

check the solution at Logwatch / Discussion / Open Discussion: dovecot unmatched entries "service=imap" and "service=lda"

Most default log rotations suck (as does the defaults coming with logrotate) I want all my log files rotate by size only, never by date, and I want a certain history. Having my log files with the standard names (i.e mail.log instead of maillog) also works out of the box with logwatch. I like...

Sorry for being not precise enough. I do not want to manage rotation settings for /var/log/maillog. I am looking to change /etc/rsysllog.d/plesk-mail.conf to mail.* -/var/log/mail.log or even remove /etc/rsyslog.d/plesk-mail.conf at all. Then mail logs should be in...