Facebook
Twitter
Tsi-Shawn
Basic Pleskian
OS CentOS 6.5 (Final)
Panel version 11.0.9 Update #62, last updated at July 22, 2014 04:25 AM
The system is up-to-date; last checked at Sept 6, 2014 04:12 AM
Last week I made a change to the security policy going from Medium to Strong. This week I began my final push of a migration from this server to a new VM with Cent 6.5 and Plesk 12. The migration failed and in looking for the reason it was suggested by Igor that I try the commands below. I did so and I found several domains that had empty passwords.
While making changes to those email addresses I received a call from our Biz dept and was advised that all the domain customers on the server were calling in because their email was failing. The fix was to change(update) their passwords. Can anyone confirm (or deny) that the commands below would force the domains to start using the stronger password policy?
I find it quite suspicious that I ran these and not 5 minutes later we were taking calls for bad passwords.
Check whether there are any mail accounts without a password set up. Log in to the PSA database and execute:
mysql> SELECT CONCAT_WS('@',mail.mail_name,domains.name),accounts.password FROM domains,mail,accounts WHERE domains.id=mail.dom_id AND accounts.id=mail.account_id AND accounts.password='' ORDER BY domains.name ASC,mail.mail_name ASC;
Check whether there are accounts for which passwords cannot be decrypted by Parallels Plesk Panel (Plesk):
/usr/local/psa/admin/sbin/mail_auth_view | grep '$AES'
Check for mailboxes with an incorrect encryption method defined in the Plesk database:
mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -Ne "SELECT CONCAT_WS('@',mail.mail_name,domains.name),accounts.password FROM domains,mail,accounts WHERE domains.id=mail.dom_id AND accounts.id=mail.account_id AND accounts.type='sym' and accounts.password not like '%AES%' ORDER BY domains.name ASC,mail.mail_name ASC"
Panel version 11.0.9 Update #62, last updated at July 22, 2014 04:25 AM
The system is up-to-date; last checked at Sept 6, 2014 04:12 AM
Last week I made a change to the security policy going from Medium to Strong. This week I began my final push of a migration from this server to a new VM with Cent 6.5 and Plesk 12. The migration failed and in looking for the reason it was suggested by Igor that I try the commands below. I did so and I found several domains that had empty passwords.
While making changes to those email addresses I received a call from our Biz dept and was advised that all the domain customers on the server were calling in because their email was failing. The fix was to change(update) their passwords. Can anyone confirm (or deny) that the commands below would force the domains to start using the stronger password policy?
I find it quite suspicious that I ran these and not 5 minutes later we were taking calls for bad passwords.
Check whether there are any mail accounts without a password set up. Log in to the PSA database and execute:
mysql> SELECT CONCAT_WS('@',mail.mail_name,domains.name),accounts.password FROM domains,mail,accounts WHERE domains.id=mail.dom_id AND accounts.id=mail.account_id AND accounts.password='' ORDER BY domains.name ASC,mail.mail_name ASC;
Check whether there are accounts for which passwords cannot be decrypted by Parallels Plesk Panel (Plesk):
/usr/local/psa/admin/sbin/mail_auth_view | grep '$AES'
Check for mailboxes with an incorrect encryption method defined in the Plesk database:
mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -Ne "SELECT CONCAT_WS('@',mail.mail_name,domains.name),accounts.password FROM domains,mail,accounts WHERE domains.id=mail.dom_id AND accounts.id=mail.account_id AND accounts.type='sym' and accounts.password not like '%AES%' ORDER BY domains.name ASC,mail.mail_name ASC"
