Outgoing mail control warning question

[Pagemakers]

In Tools & Settings/Mail Server Settings/White List, we have the following: 127.0.0.0 / 8 and ::1 / 128. The following message below is then displayed by Plesk. What exactly does it mean?


Warning: The limits on outgoing mail will not work for mail senders whose IP addresses are in the mail server's white list. For example, if there is localhost (127.0.0.0 / 8, ::1 / 128) in the white list, all mail from the local server will be successfully sent regardless of the limitations. Mail senders can use either local IP addresses (websites and custom scripts hosted on the local server) or external ones (customers who send mail from mail clients installed on their computers or mobile devices). To make the limits work for all mail senders (both local and external), remove all IP addresses and networks from the white list. Note that removing localhost (127.0.0.0 / 8, ::1 / 128) from the white list might disrupt the operation of websites and scripts that send mail from this server. For details about limitations on outgoing mail, see the Administrator's Guide, Protection from Outbound Spam.

 

[MichalisZ]

Hello,

i also do not know exaclty what does this mean, but these addreses are listed at the whitelist tab at the mail server settings.
As far as i can understand the outgoing check tool will not stop/limit emails from the localhost (which means all sites/scripts/phpmail/webmail etc...) if you let them as whitelisted.
It will only check and limit (external) smtp clients.

So in order for it to offer complete check/limiting you must remove them from the whitelist, but... this could affect the local sending/relaying of mails.
For my short expereince as we have just recently updated, the webmails and local scripts are working fine. We have not got any complain so far about it.

So i would say, go for it and if anything breaks just rewhitelist the localhost ips.

 

[Pagemakers]

When we removed them some of our scripts stop sending email.

However if having this setting means that each domain can send unlimited emails from scrips then I don't see the point.

We only upgraded to Plesk 12 for this feature.

I hope somebody can clarify the issue.

 

[Pagemakers]

Can somebody from Parallels (or anybody else who knows the answer) give a reply to this please.

 

[Pagemakers]

I don’t understand that the Plesk admin guide says Remove all IP addresses and networks from the mail server's white list (located in Plesk for Linux in Tools & Settings > Mail Server Settings > White List tab, in Plesk for Windows in Tools & Settings > Mail Server Settings > Relay options > Use to relay restrictions for the following networks). The limits on outgoing mail will not work for mail senders whose IP addresses are in the white list.

So it’s saying if I don’t add the IP addresses to the whitelist php scripts will not be able to send email and if I do add the IP addresses to the white list Plesk 12’s outgoing mail limitations will not work. I just don’t get it!!

Help!

 

[Pagemakers]

Anybody?

Part of that warning says Note that removing localhost (127.0.0.0 / 8, ::1 / 128) from the white list might disrupt the operation of websites and scripts that send mail from this server.

Why?

 

[JohanSki]

I don't use Plesk yet, but as I understand it's like this. If an IP-address is in the white list, it will be excluded from the mail limits. So if your mail limit is set to 100 it is still possible to send 1.000 mails from localhost since localhost is in your whitelist. If you delete localhost from your whitelist, then only 100 mails can be send at once from localhost. If your current applications (for example newsletter) send more than 100 mails, only the first 100 mails will be send.

I'm not a Plesk user yet, but hope this was helpful...

 

[Pagemakers]

Nope! You have to have 127.0.0.0 / 8, ::1 / 128 in the whitelist otherwise some of your scripts that send email won't work. If they then bypassed the outgoing mail control there would actually be no point I having it!

I have an open ticket with Plesk second line support and they are confused as well!! Some of them say mail on the whitelist bypasses the outgoing mail control and some say it doesn't!! It's certainly gets blocked by the outgoing mail control during my testing even if it's in the whitelist.

The big amber popup that plesk displays on the mail page is certainly wrong.

 

[JohanSki]

I found this in the documentation:

Remove all IP addresses and networks from the mail server's white list (located in Plesk for Linux in Tools & Settings > Mail Server Settings > White List tab, in Plesk for Windows in Tools & Settings > Mail Server Settings > Relay options > Use to relay restrictions for the following networks). The limits on outgoing mail will not work for mail senders whose IP addresses are in the white list.

Note: If the 127.0.0.0/8 network is removed from the white list on Windows, PHP scripts will not be able to send mail out. It might also affect webmail and other scripting engines.

So it seems deleting the local host from the white list is not an option, so you can't set a limit on your local host, meaning that php scripts are always able to send e-mails.

 

[Pagemakers]

Nope again!

Local host scripts in the whitelist ARE limited by the outgoing mail control. If they weren't limited there's no point having the outgoing mail control.

Plesk support have also confirmed this to be the case.

That documentation does not reflect what is currently happening.

 

[Pagemakers]

This is what one support guy told me (although one of his colleagues told me something different)!!

If Outgoing Mail Control feature is being used by the Plesk Panel then Mail functionality will check the whitelisted IP's first.

In Outgoing Mail Control whitelist feature, IP may be for the localhost or the domain, subscription or hostname also.

If IP is whitelisted for domain / subscription then it will simply prevent the email sending after exeeds the limit.

If it is the part of localhost that means 127.0.0.0 / 8 & ::1 / 128 then it simply referes the script which is going to be used at backend.

The scripts includes (SMTP authentication) with the mail relying which gives the default warning which you are trying to ignore.

The documentations which you are talking about is itself saying regarding relay restrictions for the networks mentioned in whitelisted IP.

It will simply follow the setting limits which has been set through Panel for Outgoing Mail Control.

And note itself is mentioned that script will not send mail out and it will directly affect mail functionality.

It will increase the server security to avoid the spamming, spoofing and blacklisting IPs accordingly. This is the good and recommended best functionality.

 

[JohanSki]

I was just telling you what the documentation says. So then eitherway the documentation is wrong, or it's a bug.

 

[bradz]

I would like to know what the best settings are for a Linux server running Plesk 12 and sites that use php in some cases to send emails, and at the same time, make sure any server or client email spamming is very quickly stopped. The outgoing limit control has saved the day several times already by pointing out clients that have be compromised.

Should I remove
127.0.0.0 / 8
::1 / 128
from the white list to better monitor server scripts which send emails?
or will this cause other server issues / stress or php scripts to not send?
thanks for any advice.
Sincerely, Brad

 

[Marcel-cmsZ]

How I resolved the problem is to just remove mailman. From the Plesk updates and upgrades section and also remove the IP's from the whitelist. Why? Because the 2 conflict with eachother. You can not use mailing list and the outgoing email protection together as referenced here: http://docs.plesk.com/en-US/12.5/administrator-guide/mail/mailing-lists/

"It is important to note that to use the mailing lists functionality, you need to add “localhost” to the mail server's white list. To do so, go to Tools & Settings > Mail Server Settings, open the White List tab and add 127.0.0.1 to the white list. However, this will make it impossible to use outgoing mail control. If you need to both use outgoing mail control and provide the mailing lists functionality to your customers, you can suggest that your customers use mail forwarding instead."

First i did turn of all maillist options in Plesk but that keeps showing the error message... When i deleted mailman from Plesk toolsandsettings/updates and upgrades the error message was gone in mailsettings... I think its better like this because... Who needs maillists from webmail accounts anyway? Better to use differend or external email providers to send bulk mail... So better not to have this functionality for you and clients...

 

[Pagemakers]

Did this stop some of your email scripts from working?

 

[Marcel-cmsZ]

Don't know. I have only a few clients. And i have email provided with qmail outgoing SMTP and dovecot for incoming POP and IMAP... I do not have users who use webmail but webmail is still working. But not the email LISTING functionality i suppose. But that is a good thing in my opinion.

 

[TomBoB]

Just from experience...
on CentOS 6, running Plesk 12.0
Outgoing mail control enabled for email addresses, domains, subscriptions.
127.0.0.0 / 8, ::1 / 128 in whitelist

a client had their site hacked (FTP credentials) and the site started to send massive amounts of mails generated by a php mail script.
email address and domain outgoing mail control did NOT kick in / catch it, but the subscription mail control DID and stopped / throttled the email flood.

Just from experience...