• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Feature request: SMTP Relay setup for plesk notifications

R

rackset

Guest
FACT: To prevent UNSOLICITED BULK E-MAIL sending from hacked sites on windows, we have to disable local relay (to remote) from unauthenticated email account.

This will cause Plesk to not be able sending it's notifications to domain owners/ resellers/ clients ...
There should be a setting to send plesk emails with SMTP authentication, from local or remote server.

This issue caused many customers being angry of why they do not receive notices for over usage, etc...
 
SMTP is still not an option for notifications in Plesk....

rackset said:
FACT: To prevent UNSOLICITED BULK E-MAIL sending from hacked sites on windows, we have to disable local relay (to remote) from unauthenticated email account.

This will cause Plesk to not be able sending it's notifications to domain owners/ resellers/ clients ...
There should be a setting to send plesk emails with SMTP authentication, from local or remote server.

This issue caused many customers being angry of why they do not receive notices for over usage, etc...
Click to expand...


Now - almost 2 years later this major problem hasn´t been properly addressed...?

Nowadays, it is against common sense to make a controlpanel that is unable to be configured to NOT use localhost/127.0.0.1 when sending cp notifications to clients!
Naturally a controlpanel NEEDS to be able to be configured properly with SMTP/authentication for all mails.

Hackers has indeed got their eyes up for Plesk and abuse the fact that the cp is not able to use other settings than localhost for cp notifications - Parallels, get this done ASAP to assist your clients in maintaining a proper cp with less chance possible for abuse...

Actually all the hackers needs to do is autosearch for Plesk installations and then also autocheck if it is possible to abuse the localhost setting and the - also automatically - start the abuse big style...

This is a bug in Plesk and needs immediate attention.
 
You must log in or register to reply here.

Similar threads

M
Question System account sending email through smpt relay but no configuration present
Replies
3
Views
1K
maratn
M
B
Question Plesk email relay incoming emails to another server
Replies
1
Views
607
bit
B
F
Issue SOGo - emails sent from webmail, both manually created and autoresponder/vacation/out-of-office, are rejected. They miss spf, dkim, dmarc, everything
Replies
8
Views
8K
Sebahat.hadzhi
Sebahat.hadzhi
V
Issue Smarthost + SRS = relay?
Replies
2
Views
10K
vanlier
V
J
Resolved Non delivery mails notifications
Replies
1
Views
1K
JuanCar
J
Back
Top