Mail password update, aliases not updated

[Christian_S]

OS CloudLinux Server 6.5
Panel version 11.5.30 Update #32
SMTP: Postfix

After password update in Plesk, mail aliases still uses old password.

Recreate error:
1. Create Email Address with password XXX
2. Create Aliases, e.g. two aliases
3. Change password for Email Address to YYY
4. Now alias can still be used with password XXX. Email address only with the new password YYY
(can be checked using /usr/local/psa/admin/bin/mail_auth_view )

Some spam has been sent from one of our servers using an aliases, and it can't be stopped without deleting and creating the alias again (the it uses the new password)

Please fix it.

 

[IgorG]

Can't reproduce.

1. Mailbox [email protected] with password 123qwe created
2. Aliases [email protected] and [email protected] added

[root@ppu11-5 ~]# /usr/local/psa/admin/bin/mail_auth_view
Authentication database contents:
+--------------------------------------+-----+--------------------------------------+
| address |flags| password |
+--------------------------------------+-----+--------------------------------------+
| [email protected] | | 123qwe |
| [email protected] | | 123qwe |
| [email protected] | | 123qwe |


3. Password for [email protected] changed to chu098

[root@ppu11-5 ~]# /usr/local/psa/admin/bin/mail_auth_view
Authentication database contents:
+--------------------------------------+-----+--------------------------------------+
| address |flags| password |
+--------------------------------------+-----+--------------------------------------+
| [email protected] | | chu098 |
| [email protected] | | chu098 |
| [email protected] | | chu098 |


As you can see all works fine.

 

[Christian_S]

Ok, strange, I can't reproduce the error today, but I could yesterday.

I will write again if we later can reproduce the error.

 

[cmaxwell]

We just saw this occurring today on a Plesk 11.5.30 server running on CentOS 6.8 - when updating the mailbox password from Plesk it does not update the passwords used for the rest of the mail aliases for that mailbox. Qmail is used as the MTA.

Example:

[root@server ~]# /usr/local/psa/sbin/mail_auth_view | grep domain.com
|               [email protected] |     |                             Xidk3#59 |
|                [email protected] |     |                             XiG8h7~7 |

In the above output [email protected] is an alias of [email protected], but the password is different/unchanged from the original.

I guess a short-term fix would be to script the removal and re-adding of all mail aliases for each mailbox.

@IgorG - any suggestions what we can do? Can you open a bug report please?

 

[cmaxwell]

Update: we set up a test server from scratch and it's not affected by this bug. So we have two identical servers: one with the problem and one without. The only difference is that the affected server has gone through various upgrades from earlier Plesk versions, so possibly something related to earlier versions?