1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk 11 Unable to allow the use of short mail names for POP3/IMAP accounts

Discussion in 'Plesk 11.x for Linux' started by EMerkel, Jan 23, 2013.

  1. EMerkel

    EMerkel New Pleskian

    11
    60%
    Joined:
    Aug 16, 2012
    Messages:
    23
    Likes Received:
    0
    Hi I am using Plesk 11 and running into the following problem when I try to make changes to the mail server settings. Any change I try to make the panel gives me the following error.

    Unable to allow the use of short mail account names for POP3/IMAP accounts. There are mail accounts matching the encrypted passwords.

    This server hosts a bunch of domains migrated from Plesk 7 and 9.5 servers and a lot of these users are using short names so changing to long names would be a huge support burden to change. Based on other forum posts, I went into the Plesk 11 database and found a bunch of mail redirects that had blank passwords which I fixed but the problem persisted. On Plesk 11 all of the passwords are encrypted so I am having problems trying to determine what the duplicate username/passwords are. I did go back into the old servers which show the passwords unencrypted and I've not been able to find any duplicates either. I also did a sort on the encrypted password on plesk 11 and there are no duplicates but obviously plesk is look at the unencrypted password so this was kinda pointless but I felt it was worth a shot.

    Is there any other way on Plesk 11 to troubleshoot this to find out what the offending accounts are? Obviously the Plesk panel has a way to check this since it throws up the error. Parallels or anyone else have suggestions on how to tackle this?

    I know you can go ahead and set it to long names to make the change and then go into the database and reset plesk to use short names but I would rather have a fully functioning panel without having to use this hack.

    Thanks,
    Eric
     
  2. Sergey L

    Sergey L Golden Pleskian Staff Member

    32
    43%
    Joined:
    Aug 10, 2006
    Messages:
    1,195
    Likes Received:
    30
    The problem with short names is that password is used to distinguish john@domain1.com from john@domain2.com

    Unfortunately there are probably no way to get exact conflicts out of Plesk - the validation process is optimized for performance the way it doesn't need to get exact conflicting pair to know there are some.

    The best I could recommend now is to forcedly reset pasword into unique value for all accounts with matching short name.
     
  3. EMerkel

    EMerkel New Pleskian

    11
    60%
    Joined:
    Aug 16, 2012
    Messages:
    23
    Likes Received:
    0
    There are way too many emails to do this so let me ask what my second best option would be to get RBL's turned on.

    Option 1) Change the server to use only long names in the control panel and then make the other changes I want. Then when done do the following:

    mysql> UPDATE misc set val='enabled' where param='allow_short_pop3_names';

    Restart Plesk

    Option 2) Modify the xinetd.conf settings for smtp_psa and smtps_psa to add the RBL's and restart qmail? If I can't change any email settings these configuration files should not get regenerated right?

    Lastly, since Plesk obviously has code that checks for duplicates, perhaps they could create a utility for customers that run into this issue to identify the offending usernames/passwords. Or perhaps not lock out other email setting changes but just warn the user that there could be issues. Just a suggestion.


    Thanks,
    Eric
     
  4. Sergey L

    Sergey L Golden Pleskian Staff Member

    32
    43%
    Joined:
    Aug 10, 2006
    Messages:
    1,195
    Likes Received:
    30
    Hi Eric,

    After reviewing the code, it appears that actually there is no way to discover duplicating login/password in case of encrypted passwords and thus short names are blocked ONCE there is a conflicting name (1) and encrypted passwords are enabled (2).

    Since passwords cannot be used for distinguishing users, your only solution could be to rename all conflicting mailboxes into unique short names. i.e. john@domain1.com and john2@domain2.com

    The following query should obtain conflicting names:
    SELECT m1.mail_name, d.name FROM mail m1, mail m2, domains d WHERE d.id=m1.dom_id AND m1.id<>m2.id AND m1.mail_name=m2.mail_name;

    While suggested Option 2 may work temporarily, it will break not only on mail configuration change, but also on domain renaming or Plesk upgrade. Thus not recommended.
     
Loading...