Articles in this section

See more

Webmail is not working on a Plesk server when ModSecurity with OWASP or Comodo rule set is enabled: Error when communicating with the server

Avatar
Kuzma Ivanov
Updated
Follow
kb: technical ABT: Group A Plesk Obsidian for Linux

Applicable to:

  • Plesk Obsidian for Linux

Symptoms

  • When sending or replying to an email via Roundcube/Horde webmail, the operation is spinning with "Sending message..." or fails with one of the following errors:

    PLESK_ERROR: Forbidden
    You don't have permission to access /imp/compose.php on this server

    PLESK_ERROR: Error when communicating with the server

  • OWASP or Comodo ModSecurity rule set is selected in Plesk at Tools & Settings > Web Application Firewall (ModSecurity) > Settings.

  • One of the following error messages is logged in /var/log/modsec_audit.log:

    CONFIG_TEXT: [error] [client 203.0.113.2] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "70"] [msg "Multipart parser detected a possible unmatched boundary."] ...

    CONFIG_TEXT: [client 203.0.113.2] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] ..., referer: http://webmail.example.com/imp/dynamic.php?page=mailbox

    CONFIG_TEXT: [client 203.0.113.2] ModSecurity: Warning. Pattern match ...

Cause

ModSecurity Web Application Firewall is enabled with a strict rule set such as OWASP, Comodo or a custom rule set from Imunify360. These rule sets may block some webmail features.

Resolution

  1. Log in to Plesk.

  2. Go to Tools & Settings > Web Application Firewall (ModSecurity).

  3. Depending on the used webmail and ModSecurity rule-set, apply the required solution:

    Note: If both Roundcube and Horde are affected - apply the required solutions for each webmail.

     

    For Horde webmail and OWASP rule set

     

    1. Switch to the Settings tab.

    2. Add the lines below to the Custom directives field:

      CONFIG_TEXT: <LocationMatch "/horde/imp/compose.php">
      SecRuleRemoveById 981231
      SecRuleRemoveById 958125
      SecRuleRemoveById 950005
      SecRuleRemoveById 959914
      SecRuleRemoveById 981257
      SecRuleRemoveById 981260
      SecRuleRemoveById 48
      SecRuleRemoveById 49
      SecRuleRemoveById 50
      SecRuleRemoveById 51
      SecRuleRemoveById 52
      SecRuleRemoveById 53
      SecRuleRemoveById 54
      SecRuleRemoveById 55
      SecRuleRemoveById 56
      SecRuleRemoveById 57
      SecRuleRemoveById 58
      SecRuleRemoveById 59
      SecRuleRemoveById 60
      SecRuleRemoveById 61
      SecRuleRemoveById 62
      SecRuleRemoveById 63
      SecRuleRemoveById 64
      SecRuleRemoveById 65
      SecRuleRemoveById 66
      SecRuleRemoveById 67
      SecRuleRemoveById 68
      SecRuleRemoveById 69
      SecRuleRemoveById 70
      SecRuleRemoveById 71
      SecRuleRemoveById 72
      SecRuleRemoveById 73
      SecRuleRemoveById 74
      </LocationMatch>
      <LocationMatch "/services/ajax.php/imp">
      SecRuleRemoveById 958291
      SecRuleRemoveById 981257
      SecRuleRemoveById 958291
      SecRuleRemoveById 981245
      SecRuleRemoveById 981173
      SecRuleRemoveById 981246
      SecRuleRemoveById 981243
      SecRuleRemoveById 33350147
      </LocationMatch>

    3. Click Apply.

     

    For Horde webmail and Comodo rule set

     

    1. Switch to the General tab.

    2. Find the CWAF tag in the Active list and click on it to disable.

    3. Click Apply.

      Note: If the issue still occurs, apply the resolution from the "For Horde webmail and OWASP ModSecurity rule set" article section as well.

     

    For Roundcube webmail and OWASP rule set

     

    1. Switch to the Settings tab.

    2. Add the lines below to the Custom directives field:

      CONFIG_TEXT: <LocationMatch "/roundcube/">
      SecRuleEngine Off
      </LocationMatch>

    3. Press the Apply button.

     

    For Roundcube webmail and Comodo rule set

     

    1. Switch to the General tab.

    2. Go to Switch off security rules section and add these IDs each on new line:

      • 212880

      • 217280

      • 212740

    3. Click Apply.

 

Comments

11 comments

Sort by Date Votes
  • Avatar
    Gerasimos Perentidis

    I have the same issue with plesk 17.8.11.

    I have the Comodo rules. I added the custom settings but it did not solve the issue.

    Only when I DE-activated the CWAF rule/tag, was I able to send messages via webmail.

    1
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin

    Hi @Gerasimos Perentidis!

    Indeed, the provided resolution was for the OWASP ModSecurity rule set, while you found for the Comodo one. Thus, the solution differs

    I added your information to the article in order to make it helpful for users who have the Comodo ModSecurity rule set

    Thank you!

    0
    Comment actions Permalink
  • Avatar
    Jorge Fernández

    Hi,

    I have this problem only in IMAP email accounts and OWASP rules,  try this solutions but don´t work.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Jorge Fernández,

    You seem to have another issue.

    Submit a request to Plesk Support, as a deeper investigation is required, here's the instruction: https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-

    0
    Comment actions Permalink
  • Avatar
    Miguel Ángel

    Hi!!

    I can not disable rules for Roundcube :(

    What's wrong in this configuration:

    <Directory /usr/share/psa-roundcube>
    <IfModule mod_security2.c>
    SecRuleRemoveById 212880
    </IfModule>
    </Directory>

    Thank you!!

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Miguel Ángel

    Do I get it right that you want to disable a ModSecurity rule?

    Please, check the "Server-wide" section in this instruction: https://support.plesk.com/hc/en-us/articles/115002531753

    0
    Comment actions Permalink
  • Avatar
    Bernardo Gago (Edited )

    I'm using Roundcube with Comodo and the above suggestion to add "SecRuleEngine Off" to custom directives did NOT work for me.  I ended up fixing my issue by adding ID 212880 to the "Switch off security rules" list in Plesk.

     
     
    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Bernardo Gago

    Thank you for sharing your user experience. 

    0
    Comment actions Permalink
  • Avatar
    Gonçalo Matos

    I'm using Roubcube 1.4.11 with Plesk 18.0.34 and Comodo running on Apache (ModSecurity 2.9) and was having the same problem. The suggested solution (add ID 212880 to the Security rule IDs text box) did not work. However, I've tried the one suggested in the comments by Gerasimos Perentidis and deactivated the the CWAF rule/tag. The problem was solved. Is it bad to have this security rule deactivated? Can you suggest me another solution if so?

    0
    Comment actions Permalink
  • Avatar
    Carlo Panceri

    I use resolution for Roundcube and  OWASP ModSecurity ruleset but doesn't work. When apply rule on Custom Directives i receive this error:

    File: /etc/nginx/modsecurity.d/plesk.custom.conf. Line: 1. Column: 30. Invalid input: <LocationMatch "/roundcube/"> in /etc/nginx/conf.d/modsecurity.conf:6 nginx: configuration file /etc/nginx/nginx.conf test failed

    How can i resolve?

    Thanks

    0
    Comment actions Permalink
  • Avatar
    Thomas Seifert

    To get this work on Plesk Obsidian Version 18.0.39 Update #1 with psa-horde 5.2.23 and OWASP ModSecurity ruleset I had to disable (deactivate) "capec/1000/152/248/66" in the rule Tag on Tools & SettingsWeb Application Firewall (ModSecurity) > Switch off security rules.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles