Facebook
Twitter
burnley
Regular Pleskian
18.0.23 CentOS 7 1800200130.12
We had a client today fiddling with the SSL/TLS Certificates feature and they ended up with an entry that contain the CSR and key components. No certificate and no CA certificate. However that didn't prevent the client to [ab]use "Secure Email" option, which generated this type of configuration in /etc/dovecot/conf.d/14-plesk-sni-mail.domain.com.au.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
local_name mail.domain.com.au {
ssl_cert = </usr/local/psa/var/certificates/
ssl_key = </usr/local/psa/var/certificates/
}
See the path, it's missing the filename and "systemctl status dovecot" was displaying:
Apr 02 15:47:51 plesk systemd[1]: Started Dovecot IMAP/POP3 email server.
Apr 02 15:47:51 plesk dovecot[25966]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/14-plesk-sni-domain.com.au.conf line 7: ssl_cert: r...a directory
Apr 02 15:47:51 plesk systemd[1]: dovecot.service: main process exited, code=exited, status=89/n/a
Apr 02 15:47:52 plesk doveadm[25971]: Fatal: Dovecot is not running (read from /var/run/dovecot/master.pid)
It's a very serious issue, any client can break the IMAP/POP3 server if they don't quite know how to handle the SSL certificate in the panel. Plesk should do some validation here.
One more question: is there a switch we can use to disable "Secure Email" feature in Plesk? We don't need it, all our Plesk servers are behind mail proxies and the clients can't access the SMTP, POP3 and IMAP ports on the Plesk servers directly hence this feature is redundant for us.
We had a client today fiddling with the SSL/TLS Certificates feature and they ended up with an entry that contain the CSR and key components. No certificate and no CA certificate. However that didn't prevent the client to [ab]use "Secure Email" option, which generated this type of configuration in /etc/dovecot/conf.d/14-plesk-sni-mail.domain.com.au.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
local_name mail.domain.com.au {
ssl_cert = </usr/local/psa/var/certificates/
ssl_key = </usr/local/psa/var/certificates/
}
See the path, it's missing the filename and "systemctl status dovecot" was displaying:
Apr 02 15:47:51 plesk systemd[1]: Started Dovecot IMAP/POP3 email server.
Apr 02 15:47:51 plesk dovecot[25966]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/14-plesk-sni-domain.com.au.conf line 7: ssl_cert: r...a directory
Apr 02 15:47:51 plesk systemd[1]: dovecot.service: main process exited, code=exited, status=89/n/a
Apr 02 15:47:52 plesk doveadm[25971]: Fatal: Dovecot is not running (read from /var/run/dovecot/master.pid)
It's a very serious issue, any client can break the IMAP/POP3 server if they don't quite know how to handle the SSL certificate in the panel. Plesk should do some validation here.
One more question: is there a switch we can use to disable "Secure Email" feature in Plesk? We don't need it, all our Plesk servers are behind mail proxies and the clients can't access the SMTP, POP3 and IMAP ports on the Plesk servers directly hence this feature is redundant for us.
