• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Forwarded to devs Password is not enforced on mailbox creation if "Access to the Customer Panel" is unchecked

Lutuh

New Pleskian
TITLE:
Password is not enforced on mailbox creation if "Access to the Customer Panel" is unchecked
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.5.3 Update #42
‪Ubuntu 16.04.3 LTS‬
PROBLEM DESCRIPTION:
Mailboxes can be created with an empty password if the checkbox "Access to the Customer Panel" is disabled.

This leads to the error "No such user in mail authorization database" in Postfix because the mailbox is not existing.​
STEPS TO REPRODUCE:
- Click on "Create Email Address"
- Enter something into field "Email address"
- Uncheck "Access to the Customer Panel"
- Click on "OK"​
ACTUAL RESULT:
mysql> select * from accounts where password='';
+----+-------+----------+
| id | type | password |
+----+-------+----------+
| 9 | plain | |
+----+-------+----------+
1 row in set (0.00 sec)​
EXPECTED RESULT:
mysql> select * from accounts where password='';
+----+-------+----------------------------+
| id | type | password |
+----+-------+----------------------------+
| 9 | plain | $AES-128-CBC$oEQyr[...] |
+----+-------+----------------------------+
1 row in set (0.00 sec)​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Thank you for report!
Issue PPPM-8076 was created.
 
Hi
As this has been implemented now, I see (in my case) unappreciated consequences:
90% of Mail addresses created by me are mail forwards.
Thus I disabled the Plesk-Account and Mailbox checkboxes when creating the forward and only had a mail redirect set up.
No password was needed because it couldn't be used for anything.
Now I always need to fill in the password field.

I hope you consider improving the behavior here:
Either by differentiating the behavior between mail accounts and simple forwards (which don't need an user account at all), as it's done in some other products.
Or by setting a random password (without asking the user) if both checkboxes (Plesk-User and Mailbox) are disabled.

Thank you
 
I hope you consider improving the behavior here:
Either by differentiating the behavior between mail accounts and simple forwards (which don't need an user account at all), as it's done in some other products.
Or by setting a random password (without asking the user) if both checkboxes (Plesk-User and Mailbox) are disabled.
I agree completely. It is more than a little silly to require a password for a forwarding alias. Users find it confusing too, which leads to higher workload on support teams.
 
Back
Top