I'm not sure if any webmail option right now allows the email user to update their out of office / auto response message. I think the email user has to login to Plesk to be able to edit that right now (which is annoying).

Anyone have any suggestion on this?

Add two-factor-auth for YubiKey.

Actually it's possible to show deferred messages headers in : Tools and settings > mail server settings > mail queue

It would be very useful if it's possible to show the reason why the message is deffered or stuck in the queue (/var/spool/postfix/defer).

as brotli seams to be a up to 20% better comression library than gzip and used by many CDN Providers it should be possible to switch on in plesk.

Being able to modify the subject in notification emails.

Add support of TLS 1.3 to Plesk interface's web server. TLS 1.3. improves security.

I want to be able to set the recipient_delimiter. But, currently, any customizations to main.cf get overwritten.

Ask user to change password at next login screen after reset.
We the providers could generate a temp password (customer asks for a reset), and after the first login screen, plesk will force ask from the client to change our temp password.

imagine you get a domain with thousands of dns records and you have to create each by your self in plesk!!!

The new security option for plesk 12 is Fail2Ban, but it is only for Linux version.

There is an opensorce for windows.

http://www.digitalruby.com/securing-...icated-server/

I suggest to Parallels Team include this.

It would be much better if server-wide and per-mailbox options were available in Plesk to add SpamAssassin rules.

SpamAssassin can be configured by the command line, but this is difficult for many of us.

Please add PHP Composer to chrooted Environments.
Many Customers Need PHP Composer to install various scripts, cms Systems and libaries.

A current big Problem is the new typo-neos System - you must use Composer to install at sources correctly

A other Problem are PHP API's and Libaries like Payment Companies like PAYMILL etc..

Currently CloudFlare ServerShield is implemented using partial (CNAME) setup. What is the point in a partial setup when you can benefit from full DNS? You get anycast DNS with CloudFlare on full DNS.

We need to protect with SSL certificates panels resellers. It is currently not possible.
This should be an urgent implementation.
Resellers constantly have the error that the website is not secure.

Right now we can only put a SSL to protect the panel. We need to protect the panel for more domains.

Example:

https://domain1.es:8443
https://domain2.es:8443
https://domain3.es:8443

etc...

Forgive my translation, I use google translator.

Argon2 is a new feature of PHP 7.2 as stated here: http://php.net/releases/7_2_0.php. It won the password hashing competition and is the recommended hashing algorithm.

It must be enabled my re-compiling PHP 7.2 with `--with-password-argon2`.

It is not possible to add an ip manually to fail2ban trough Plesk interface. Sometimes you detect an offending ip address which you want to ban from your system, before it is detected by recidive rule.