Plesk 11 Setup Tips Please

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Plesk 11 Setup Tips Please

Unread post by faris »

Users should not be connecting on port 25. They should use 587, where authentication is mandatory and no rbl is used.

I think zen. includes IP ranges used by ISPs which should not be sending email, thus your user is rejected. And if it isn't that, then their IP has been or is being used to send spam and got blacklisted.

So, keep zen, and ask the user to switch to 587 with full authentication (make sure the Submission tick box is ticked in the Plesk email settings section). Also consider disallowing any sending via port 25 - but maybe give your users some warning about that :-)
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Plesk 11 Setup Tips Please

Unread post by laughingbuddha »

I read on spamhaus website there is a limit on the free tariff, as a web host are you worried about hitting that?
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Plesk 11 Setup Tips Please

Unread post by faris »

There are a lot of people using the spamhaus lists. Most of the known universe, at a guess.

You'd have to try very hard to get past their free tier*, but keep in mind that (for example) spamassassin and spamdyke combined could result in 10 or more spamhaus DNS lookups for one received email. However, the majority of lookups will have been cached in your local DNS server, so the real number of lookups requiring a direct lookup on spamhaus servers per X emails received can potentially be less than X on average.

You can also use OpenDNS's nameservers for the caching bit, but note that they have arrangements with the big rbls so that your individual use is accounted for. What I mean is you can't bypass limits by using OpenDNS (and obviously nobody should be trying to anyway).

To give a specific example, the OpenDNS folks contacted us quite recently to let us know that an IP used by one of our VPS customers (who had configured their system to use OpenDNS in their resolve.conf) was going to be blocked from doing SURBL lookups unless said customer paid SURBL a commercial fee, due to them going well over the limit of SURBL's free tier.

*there is no free tier for commercial use of the spamhaus rbls.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Plesk 11 Setup Tips Please

Unread post by laughingbuddha »

Fare enough I guess.

I did make another mod to Plesk 11 tonight, changed PHP back to Apache from Fast-CGI. The Fast-CGI was giving me all sorts of issues, and I prefer that Apachie mod anyway.

One thing that did annoy me though was Plesks Server Wide Security Policy message that kept coming up, especially as I had no-idea what it was talking about.

Also when I made the change in the Subscription, it didn't update the domains. I had to go through the lot and change it myself. Pain in the arse!
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Plesk 11 Setup Tips Please

Unread post by faris »

was that Service Plan associated with the Subscriptions containing the domains in question, and were the Subscriptions Unlocked? If they say "Custom" then they are also un-associated with any Service Plan.

Duplicate your current service plans and change the duplicates to have php-fastCGI instead of mod_php. Then you can change each one individually if need be, and still have a Service Plan that will allow you to make global changes.

If the problems you were having were scripts not working for Migrated/Upgraded domains, make sure the ownership of the /httpdocs and other folders is correct. Compare to a fresh Subscription + Domain you create in Plesk 11 rather than having Migrated/Upgraded.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Plesk 11 Setup Tips Please

Unread post by laughingbuddha »

Thanks dude.

I ended up changing the subscriptions to use mod_php and then changed all the domains.

In Plesks own details on the versions of PHP they say themselves that mod_php uses less memory, but is more insecure. But as I'm on my own dedicated server (not vps), plus I'll be installing ASL shortly, it makes more sense when you only have less than 4GB of RAM (32 bit server) to use mod_php, then a variation that uses more memory.
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
AntiochInteractive
Forum User
Forum User
Posts: 35
Joined: Thu Jan 08, 2009 4:31 am
Location: Fort Worth, TX
Contact:

Re: Plesk 11 Setup Tips Please

Unread post by AntiochInteractive »

RBLs are essential - don't remove them :)

Instead, play around with the site below to find out which ones are going to block spam the best.

http://www.anti-abuse.org/multi-rbl-check-results/

I disabled RBLs in PLESK simply because it was easier to edit them in spamdyke and I prefer how they are logged.

I have the following stack of RBLs in my SpamDyke configuration:

#RBL BLOCKLISTS
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=dnsbl-1.uceprotect.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=ix.dnsbl.manitu.net
Post Reply