• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Password Security Update/Changes

Tsi-Shawn

Basic Pleskian
OS CentOS 6.5 (Final)
Panel version 11.0.9 Update #62, last updated at July 22, 2014 04:25 AM
The system is up-to-date; last checked at Sept 6, 2014 04:12 AM


Last week I made a change to the security policy going from Medium to Strong. This week I began my final push of a migration from this server to a new VM with Cent 6.5 and Plesk 12. The migration failed and in looking for the reason it was suggested by Igor that I try the commands below. I did so and I found several domains that had empty passwords.

While making changes to those email addresses I received a call from our Biz dept and was advised that all the domain customers on the server were calling in because their email was failing. The fix was to change(update) their passwords. Can anyone confirm (or deny) that the commands below would force the domains to start using the stronger password policy?

I find it quite suspicious that I ran these and not 5 minutes later we were taking calls for bad passwords.



Check whether there are any mail accounts without a password set up. Log in to the PSA database and execute:

mysql> SELECT CONCAT_WS('@',mail.mail_name,domains.name),accounts.password FROM domains,mail,accounts WHERE domains.id=mail.dom_id AND accounts.id=mail.account_id AND accounts.password='' ORDER BY domains.name ASC,mail.mail_name ASC;

Check whether there are accounts for which passwords cannot be decrypted by Parallels Plesk Panel (Plesk):

/usr/local/psa/admin/sbin/mail_auth_view | grep '$AES'


Check for mailboxes with an incorrect encryption method defined in the Plesk database:

mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -Ne "SELECT CONCAT_WS('@',mail.mail_name,domains.name),accounts.password FROM domains,mail,accounts WHERE domains.id=mail.dom_id AND accounts.id=mail.account_id AND accounts.type='sym' and accounts.password not like '%AES%' ORDER BY domains.name ASC,mail.mail_name ASC"
 
Any thoughts from anyone? While it is not a service interrupting problem it did generate a ton of calls and I need to know why this happened.
 
Back
Top