Christian Heutger

← Your Ideas for Plesk

My feedback

  1. Enhanced VPN support

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    7 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Christian Heutger commented  · 

    I already voted but I also see a need for VPN

    An error occurred while saving the comment
    Christian Heutger commented  · 

    Fully agree, for VPS as well as for Raspberry Pi there are many install scripts on how to install OpenVPN, Sophos UTM and others integrate OpenVPN as well, however none of such setups is such restricted and unusable as the Plesk VPN. Also need to adjust to use with MacOS Viscosity.

    Christian Heutger supported this idea  · 

  2. Implement ARC as addon to DMARC

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  3 comments  ·  Feature Suggestions » Panel/Mail  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Christian Heutger commented  · 

    DMARC will fail similar to SPF on forwarding, which is e.g. supported and widely used in Plesk. You implemented SRS to prevent SPF to fail, ARC is the same for DMARC.

    Christian Heutger shared this idea  · 

  3. More control of DKIM

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    3 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Christian Heutger commented  · 

    1. or EC (https://tools.ietf.org/html/rfc8463) as 2048 bit also already going down to be insecure in the near future

    Christian Heutger supported this idea  · 

  4. Conceptional failures of your SSL It! extension

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Feature Suggestions » Web / SSL  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Christian Heutger commented  · 

    Addendum: And do you also allow to set ciphers for other services like Plesk Panel here and different ciphers (because of worse support on client side) for mail server and to adjust DH param and EC DH param at cipher adjustment as otherwise it's still required to use sslmng in addition to what's provided in the plugin.

    Christian Heutger shared this idea  · 

  5. Deploy MTA Strict Transport Security

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    Christian Heutger supported this idea  · 

  6. Easy removal X-Powered-By HTTP headers

    56 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    8 comments  ·  Feature Suggestions » Web / HTTP functions  ·  Flag idea as inappropriate…  ·  Admin →
    Christian Heutger supported this idea  · 

  7. Rspamd support

    129 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    19 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Christian Heutger commented  · 

    I would welcome rspamd. SA needs very much tweaks (additional to post-greet and rbl tweaks on postfix) to get close: Pyzor, Razor(2), DCC, adjustable/addable different rulesets, special plugins, GeoIP filtering, bayes could be fed with spam by spam archives like http://artinvoice.hu/spams/, should be tweaked by KAM rules etc. Look at my post on Proxmox Mail Gateway which is an antispam gateway, but also need tweaks. Great would be to have all of this in Plesk. A global bayes database for all Plesk users may help.

    Christian Heutger supported this idea  · 

  8. Whitelist rkhunter warnings caused by Plesk

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    Christian Heutger shared this idea  · 

  9. Support HPKP

    48 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  1 comment  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    Christian Heutger supported this idea  · 

  10. steering allowed SSLCiphers (negative >noCBC; positive >only GCM) for all System-layers (mail, Plesk-Login, Apache, Nginx) via Plesk

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  2 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Christian Heutger commented  · 

    For the first step would be great to automatically apply:

    plesk sbin sslmng -vvv --strong-dh --dhparams-size=2048

    And add:

    plesk sbin sslmng --ciphers="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA" --protocols="TLSv1.2" --services="proftpd sw-cp-server nginx apache autoinstaller dovecot" --custom -vvv

  11. Support of SELinux

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  5 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Christian Heutger commented  · 

    There are many issues with selinux enabled, so that's no support.

    Christian Heutger supported this idea  · 

  12. Have multiple IPs in one subscription

    345 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    planned  ·  73 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →
    Christian Heutger supported this idea  · 
    An error occurred while saving the comment
    Christian Heutger commented  · 

    Support the idea for multi-homed environment requiring a local IP for local access in addition with a VPN IP for VPN access. With an alias I could choose a local and a VPN name.

  13. to manage cipher suite settings (e.g. Poodle SSLv3 removal) via control panel

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    3 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →
    Christian Heutger shared this idea  · 

Feedback and Knowledge Base

(thinking…)