• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Password reset request for email [email protected] was denied: user 'bar' may intercept mail sent to the domain example.com / passwords diverge

websi

New Pleskian
TITLE
Password reset request for email [email protected] was denied: user 'bar' may intercept mail sent to the domain example.com

+ email account and plesk passwords diverge after reset per link

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Version 18.0.43 Update #1
Linux CentOS Linux 7.9.2009 (Core) - (Yes, I know I have to migrate..)

PROBLEM DESCRIPTION
I noticed that whenever I update passwords of mail accounts via a "Password reset link" created on plesk.example.com/smb/email-address/edit/id/FOO/domainId/XY the mail accounts password gets updated but the password of the corresponding plesk user does not.
Therefore I tried to reset the plesk users password via plesk.example.com/get_password.php and noticed the following error in /var/log/plesk/panel.log:

Password reset request for email '[email protected]' (user '[email protected]') was denied: user 'bar' may intercept mail sent to the domain 'example.com'

User bar in this case is a user with a webmaster or webdesigner role.
User foo is an application user.

STEPS TO REPRODUCE
1) Create a User for a Subscription with at least Webmaster or Webdesigner role.
2) Create an Email Address for a Subscription with "Can be used to log in to Plesk" enabled.
3) Send a password reset link to the email address.
4) Change the password of the user.
5) Log in to the webmail portal. (this will work)
6) Log in to the plesk panel with the new password. (this will NOT work)
7) Reset the users password via "plesk.example.com/get_password.php". (this will NOT work)

ACTUAL RESULT
Passwords diverge after reset per link.
Password reset request for email does not send an email.

EXPECTED RESULT
Password reset request for email does send an email.
Password reset per link resets both users passwords.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
 
Back
Top