• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Password is not enforced on mailbox creation if "Access to the Customer Panel" is unchecked

Lutuh

Lutuh

New Pleskian
TITLE:
Password is not enforced on mailbox creation if "Access to the Customer Panel" is unchecked
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.5.3 Update #42
‪Ubuntu 16.04.3 LTS‬
PROBLEM DESCRIPTION:
Mailboxes can be created with an empty password if the checkbox "Access to the Customer Panel" is disabled.

This leads to the error "No such user in mail authorization database" in Postfix because the mailbox is not existing.​
STEPS TO REPRODUCE:
- Click on "Create Email Address"
- Enter something into field "Email address"
- Uncheck "Access to the Customer Panel"
- Click on "OK"​
ACTUAL RESULT:
mysql> select * from accounts where password='';
+----+-------+----------+
| id | type | password |
+----+-------+----------+
| 9 | plain | |
+----+-------+----------+
1 row in set (0.00 sec)​
EXPECTED RESULT:
mysql> select * from accounts where password='';
+----+-------+----------------------------+
| id | type | password |
+----+-------+----------------------------+
| 9 | plain | $AES-128-CBC$oEQyr[...] |
+----+-------+----------------------------+
1 row in set (0.00 sec)​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Thank you for report!
Issue PPPM-8076 was created.
 
Hi
As this has been implemented now, I see (in my case) unappreciated consequences:
90% of Mail addresses created by me are mail forwards.
Thus I disabled the Plesk-Account and Mailbox checkboxes when creating the forward and only had a mail redirect set up.
No password was needed because it couldn't be used for anything.
Now I always need to fill in the password field.

I hope you consider improving the behavior here:
Either by differentiating the behavior between mail accounts and simple forwards (which don't need an user account at all), as it's done in some other products.
Or by setting a random password (without asking the user) if both checkboxes (Plesk-User and Mailbox) are disabled.

Thank you
 
CHfish said:
I hope you consider improving the behavior here:
Either by differentiating the behavior between mail accounts and simple forwards (which don't need an user account at all), as it's done in some other products.
Or by setting a random password (without asking the user) if both checkboxes (Plesk-User and Mailbox) are disabled.
Click to expand...
I agree completely. It is more than a little silly to require a password for a forwarding alias. Users find it confusing too, which leads to higher workload on support teams.
 
You must log in or register to reply here.

Similar threads

K
Forwarded to devs Custom domain name configured for autodiscovery not used for iOS QR code
Replies
2
Views
935
Peter Debik
P
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
2K
Peter Debik
P
T
Question Error when trying to change IP to dedicated
Replies
1
Views
938
scsa20
scsa20
G
Issue Plesk Migrator: Subscribers, Service Plans and Customers not properly transferred
Replies
12
Views
2K
Peter Debik
P
O
Forwarded to devs Plesk account creation using UTF-8 credentials fails
Replies
1
Views
1K
IgorG
IgorG
Back
Top