Symptoms
-
After the update to Plesk Obsidian 18.0.73, Dovecot fails to start, and the following errors are found in the journal logs:
CONFIG_TEXT: Sep 30 12:44:30 example dovecot: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/11-plesk-security-ssl.conf line 2: ssl_protocols: Unknown setting: ssl_protocols
CONFIG_TEXT: Sep 30 12:59:41 example dovecot[28025]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/11-plesk-security-ssl.conf line 3: ssl_prefer_server_ciphers: Unknown setting: ssl_prefer_server_ciphers
Sep 30 12:59:41 example systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a -
The following parameter is present in file:
/etc/dovecot/conf.d/11-plesk-security-pci.confCONFIG_TEXT: disable_plaintext_auth = yes
Cause
Plesk bug ID: PPPM-15139.
Resolution
- Dovecot is stopped after upgrade because of unknown directives
ssl_prefer_server_ciphersanddisable_plaintext_auth - Incorrect UID format in Dovecot 2.4 leads to re-download messages via POP3.
Note: Issue 1 is fixed only for the upgrades from 18.0.72 and early, if the server was updated to 18.0.73.0 and then to 18,0.73.1 it still requires manual fix.
Change the parameter in file /etc/dovecot/conf.d/11-plesk-security-pci.conf from:
CONFIG_TEXT: disable_plaintext_auth = yes
to the following parameter:
CONFIG_TEXT: auth_allow_cleartext = no
If the fix doesn't work, please consider using the following workaround:
- Connect to the server via SSH.
- Open
/etc/dovecot/conf.d/11-plesk-security-ssl.confin a text editor. -
Replace the following line:
CONFIG_TEXT: ssl_prefer_server_ciphers = yes
with this:
CONFIG_TEXT: ssl_server_prefer_ciphers=server
-
Replace the following parameter:
CONFIG_TEXT: ssl_protocols
with this:
CONFIG_TEXT: ssl_min_protocol
Note: If the above parameter or the one mentioned in step 3 are not present in
/etc/dovecot/conf.d/11-plesk-security-ssl.conf, no changes are required.
Comments
Why changed the mech_list on /etc/sasl2/smtpd.conf?????
And auth_mechanisms in /etc/dovecot/dovecot.conf???
have a only PLAIN LOGIN and dozens of clients with email problems
Fix made for me and works:
sed -i 's/^mech_list: PLAIN LOGIN$/mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN/' /etc/sasl2/smtpd.conf;
sed -i 's/^auth_mechanisms = plain login apop$/auth_mechanisms = plain login digest-md5 cram-md5 apop/' /etc/dovecot/dovecot.conf;
service saslauthd restart && service postfix restart && service dovecot restart;
service saslauthd status && service postfix status && service dovecot status;
Emmanuel Delgado well switching over to cPanel will not help much. Also owned by the same investment group to which Plesk belongs to, all under the WebPros portfolio.
I said it many years ago. Plesk is really going downhill. But not much alternatives to be honest.
Thanks, Jack. According to Plesk, the PPP-69700 issue should already have been resolved with Update 1. (Fixed the issue where, after updating to Plesk Obsidian 18.0.73, the POP3 UIDL format in Dovecot was changed, causing emails to be re-downloaded)
Unfortunately, the problem occurred again after installing Update 1, so I have to assume that it has not yet been resolved.
I am very unsure whether installing update 2 will cause the same behaviour again (reloading read emails).
Does anyone know anything more about this?
It seems Plesk updates are not tested thoroughly anymore. Probably more testing will require a price hike in the Plesk licenses first again? See: https://www.plesk.com/plesk-price-adjustment-2025-2026-online-customers/
Probably they have to increase Plesk license pricing first, before they can do more and better testing before releasing untested updates?
This partial workaround for Dovecot does not address the critical issue, and users are overwhelming our Customer Support:
After updating Dovecot to version 2.4.1 included in Plesk Obsidian 18.0.73, POP3 clients began re-downloading all existing messages from the server. This behavior did not occur prior to the upgrade.
Identified Cause
The issue has been traced to a change in the configuration parameter `pop3_uidl_format` within Dovecot. Prior to the update, the value was:
pop3_uidl_format = UID%u-%v
After the update, the default value changed to:
pop3_uidl_format = UID%{uid}-${uidvalidity}
This change in UIDL format caused POP3 clients to fail to recognize previously downloaded messages, resulting in a complete re-download.
After upgrade to Plesk Obsidian 18.0.73. Be carefull to update Plesk Obsidian 18.0.73 Update 1.
Because it will be make the client re-download all existing messages from the server again.
not working for me
ralphw We are in the same situation. We have 10 servers with pleask and we are afraid that if we install update 2 the email will start to re download again.
This problem caused us to have our support inbox flooded with hundred of messages and we also lost customers who requested the migration of the service to another provider.
We are stuck with server updates permanently stopped until we know if this is going to cause a bigger problem for us.
To top it all off, we can't open a support ticket in Plesk because the license is being issued to us by our data center provider.
We are considering migrating our administration system to cPanel, but we still don't know what to do.
Best Regards
Yeah these updates by Plesk are not tested at all nowadays anymore. They just push updates on the go. Seems to be really going downhill at Plesk. :-(
ralphw, there has been a new update out today (6 Oct)
“Fixed the issue where, after updating to Plesk Obsidian 18.0.73, the POP3 UIDL format in Dovecot was changed, causing emails to be re-downloaded (PPP-69700)”
Seems my not-issue was also an issue and fixed with the latest update.
“Fixed the issue where, after updating to Plesk Obsidian 18.0.73, Thunderbird could not send or receive emails when “Encrypted Password” was selected in the email client settings, by restoring support for the CRAM-MD5 authentication scheme. (PPPM-15147)”
Poor update.
For those, where the solution above doesn´t work. There was also a change in the settings for the mail_location. → https://support.plesk.com/hc/en-us/articles/35357218764823-Dovecot-fails-to-start-after-a-Plesk-update-to-18-0-73-Unknown-setting-mail-location
ssl_protocol is not there. Does not work
Take care of custom config made on dovecot as 2.4 versions changes many config params , included mail_location or custom sieve plugins rules.
Same issue as Jack noticed after update to 18.0.73 and applying suggested modification in configuration. Looks like there is a correlation.
I am getting errors with Postfix now, complaining my SMTP server no longer supports encrypted passwords. Is this related?
commenting it out worked here BUT only with changing the extensions conf file of warden-anti-spam as well.
So everyone who uses warden anti spam needs to change that file as well - see here:
https://www.danami.com/clients/knowledgebase/299/How-can-I-fix-the-error-doveconf-Fatal-Error-in-configuration-file-oretcordovecotorconf.dor99-warden.conf-line-9-Unknown-section-name-plugin-after-upgrading-to-Plesk-18.0.73.html
Another thing:
Commenting the ssl line sadly stops monitoring from working in my case…
There is no /etc/dovecot/conf.d/11-plesk-security-pci.conf at my system.
Furthermore my POP3-clients have the same problem with re-loading mails again and again.
Any ideas solving this issues?
Can anyone open a ticket? I can't because I bought Plesk via a hosting provider.
the solution that worked for me was to comment line ssl_prefer_server_ciphers = yes and then restart dovecot
Emmanuel Delgado: Try to get a 10 bucks subscription for a server so that Plesk can investigate this.
All suggested solutions are not working.
running on: Plesk ObsidianVersion 18.0.74
Error
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/11-plesk-security-ssl.conf line 1: ssl_dh: Unknown setting: ssl_dh
dovecot.service: Main process exited, code=exited, status=89/n/a
file contents
ssl_dh=</opt/psa/etc/dhparams2048.pem
ssl_min_protocol=TLSv1.2
ssl_cipher_list=EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH
ssl=yes
ssl_cert=</etc/dovecot/private/dovecot.pem
ssl_key=</etc/dovecot/private/dovecot.pem
ssl_server_prefer_ciphers=server
ssl_server_cert_file=/etc/dovecot/private/dovecot.pem
ssl_server_key_file=/etc/dovecot/private/dovecot.pem
ssl_server_dh_file=/opt/psa/etc/dhparams2048.pem
So whats going on here?
Hi Dirk, from the code you have pasted maybe a typo in lines where you put “=</” remove “<” .
This is mi config file:
ssl_server_dh_file=/opt/psa/etc/dhparams2048.pemssl_min_protocol=TLSv1.2ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384#ssl_cipher_list=EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL>#ssl_server_prefer_ciphers=serverssl=yesssl_server_cert_file=/etc/dovecot/private/dovecot.pemssl_server_key_file=/etc/dovecot/private/dovecot.pemVolker Riehl
Please submit a ticket and the Plesk support team will assist accordingly.
Pantelis Parros Please submit a ticket and the Plesk support team will assist accordingly.
Jack Stringer This article addresses a Dovecot configuration issue. The Postfix errors that you're encountering are unlikely to be related. If the problem persists, please submit a ticket to the Plesk support team.
Please sign in to leave a comment.