What about DDOS Protection in Plesk?

Please add PHP Composer to chrooted Environments.
Many Customers Need PHP Composer to install various scripts, cms Systems and libaries.

A current big Problem is the new typo-neos System - you must use Composer to install at sources correctly

A other Problem are PHP API's and Libaries like Payment Companies like PAYMILL etc..

SPF information is so far entered through the TXT record. Adding the emerging new SPF record would make sense.

joomla support like wordpress in plesk 12

In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
Why?
you could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds ban

There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.

A carddav and caldav Server

Advantages of hMailserver are:
- IMAP
- SSL (not available in free version of MailEnable)
- DKIM is easy to enable
- VBS scripts/API for management

Please submit other specific advantages in comments

imagine you get a domain with thousands of dns records and you have to create each by your self in plesk!!!

At some time you closed the request "fail2ban for IPv6" stating that fail2ban does not support it. That was no doubt correct at the time - but now it does, see https://github.com/fail2ban/fail2ban/tree/0.10

I'm seeing a lot of warnings in the fail2ban log on my dual stack servers, like this:

66:1000:b01c:10ab:0:1: [Errno -9] Address family for hostname not supported

and my log checking software is complaining to me about the overly long fail2ban log.

See also: https://ctrl.blog/entry/fail2ban-ipv6

Thanks! Tim.

When mailboxes on a domain get full, it would be very useful to be able to purge them. This is especially relevant when all mail in the mailbox has been downloaded to an email client since the only way to delete the mail from the server is to delete the mailbox and recreate it.

I'd like to see HPKP integrated into the SSL certificate management of Plesk. This would allow, in combination with standard Nginx/Apache config, for a strongly recommended and worthwhile security element to be added to hosted sites.

Testing tool
https://securityheaders.io

More info
https://scotthelme.co.uk/hpkp-http-public-key-pinning/

Current Login panel : http://my-domain.com:8880/

Suggest : http://plesk.my-domain.com/

I think a secundary access will be fine.

Have the ability to provide more Nginx builds/packages. For example, offer a 'nginx-full'-package with more modules.

For example, I need the Nginx headers more module. Since this need to be built-in at compile time, it isn't possible to add this later on. So that would mean replace the Plesk version of Nginx with the distro-default. (Heck, why does Plesk need it's own Nginx-build, anyway?)

No, passing headers from Apache is not an option, especially when I'm using the Nginx - PHP-FPM setup.

Within the GUI it should be possible to manage the most common tasks of SpamAssassin like the following:

- sa-update set up a cronjob for downloading new rules and scores automatically
- sa -learn spamfilter training for side/server wide configuration
-managing of black and whitelists
-adding custom rules and scores

A GUI for the spamfilter in conjunction with the planned GUI for the Greylisting will help administrators to reduce the load of incoming spam in a more comfortable way

Hi,
plz add mailman 3 as mailinglist software.