Plesk Obsidian 18.0.73 (Update 1 & Update 2): everything you need to know — Dovecot starts again, CRAM-MD5 restored for Thunderbird, and an important heads-up for Warden users

Plesk has shipped two maintenance rounds for Obsidian 18.0.73—Update 1 (Oct 2, 2025) and Update 2 (Oct 6, 2025)—that fix several mail issues introduced with the base release, especially after the jump to Dovecot 2.4.1-4. Extensions have also been updated for the new stack. If you run the Warden Anti-spam and Virus Protection extension, you must apply a short, manual Dovecot 2.4 config patch until the extension update lands (link coming next; see the Warden note below).

---

Mail stability: what Update 1 & Update 2 fix

Update 2 — 6 Oct 2025

• Dovecot failed to start if the default mailbox location had been changed following a KB article. Fixed. (PPPM-15145)
• Thunderbird could not send/receive when “Encrypted Password” was selected. CRAM-MD5 support restored. (PPPM-15147)

After updating: systemctl status dovecot should be running; test IMAP/SMTP from Thunderbird with “Encrypted Password”.

Update 1 — 2 Oct 2025

• Dovecot didn’t start due to unknown directives (ssl_prefer_server_ciphers, disable_plaintext_auth). Fixed. (PPPM-15139)
• POP3 UIDL format change caused emails to be re-downloaded. Fixed. (PPP-69700)

---

Important for Warden Anti-spam users (Dovecot 2.4)

Plesk 18.0.73 upgrades Dovecot to 2.4.1-4, which changes config syntax. If Warden is installed, Dovecot may fail to start due to an outdated 99-warden.conf.

Temporary workaround (until the Warden extension ships a permanent fix):

• Replace /etc/dovecot/conf.d/99-warden.conf with a Dovecot 2.4-compatible version matching your Warden spam action (move/quarantine/block/tag), verify with doveconf -n, and restart Dovecot.
• Do not change Warden’s Policy/Blacklist/Whitelist after applying the fix (it will regenerate the old config and break Dovecot again).

We’ll add the step-by-step fix link here (with the exact config blocks, validation, and restart commands).

---

Third-party component updates

Linux

• Dovecot → 2.4.1-4
• libmariadbclient → 3.4.7
• sw-engine PHP → 8.4.12

Windows

• ASP.NET Core 9.0 → 9.0.9 | ASP.NET Core 8.0 → 8.0.20
• Perl → 5.42.0
• OWASP ModSecurity CRS → 4.18.0
• ModSecurity PCRE → PCRE2 10.45
• plesk-engine PHP → 8.4.12

---

Extension fixes and updates (highlights)

• Log Browser 1.9.15 (Oct 6) — fixed mail log parsing when partially processed messages were marked as spam. (EXTPLESK-9678)
• WP Toolkit 6.8.3 (Oct 2) — (cPanel) Ubuntu 24.04 support; (Plesk) plugin deletion no longer fails on Windows. (EXTWPTOOLK-13700)
• Node.js Toolkit 2.4.4 (Sep 30) — AlmaLinux 10 support; enable Node.js even if nginx is not installed. (EXTPLESK-7653)
• Plesk Email Security 1.5.21 (Sep 30) — fixed Postfix double inet_protocols; Dovecot 2.4 support.
• SOGo Webmail 1.2.3 (Sep 29) — stable packages on Debian 13.
• Plesk Migrator 2.31.0 (Sep 29) — Debian 13 support and multiple migration fixes.
• Plesk DNSSEC 1.5.3 (Sep 29) — supports AlmaLinux 10 (PPP-69211) and Debian 13 (PPP-69541).
• Docker 2.1.6 (Sep 23) — Debian 13 support; installation fix on AlmaLinux 10.

(Additional minor improvements in Advisor, Watchdog, Laravel Toolkit, Site Import, Premium Email, .NET Toolkit, etc.)

---

What’s new in 18.0.73 (Sep 30, 2025)

Sitejet Builder

• Added Turnstile as an upcoming CAPTCHA alternative.
• Plesk UI language is passed to Sitejet for consistent localization.
• Fixed the target of the Sitejet Website Builder button in the domain wizard.

Jodit Editor improvements (on top of 18.0.72)

• Cut/Copy/Paste toolbar buttons.
• Copy/paste with formatting preserved.
• Source editor, with windowed/full-size modes.
• Jodit interface follows Plesk language (and ltr/rtl direction).
• Image insertion supported.

Feature tweaks

• New -a/--all option in plesk ext performance-booster db:apply-settings to apply all supported MariaDB tuning at once.
• Popular extensions can now be zoomed to 200% in a browser without losing functionality (accessibility).
• “Suggest an Idea” now points to Plesk Productboard (UserVoice deprecation).

---

Deprecations & removals

• Plesk UserVoice deprecates October 2025 → ideas move to Plesk Productboard (features.plesk.com).
• APS Catalog will be removed in 18.0.77 (installed apps continue to work but no Plesk support).
  • Removed in 18.0.75: AfterLogic WebMail Lite/Pro, Moodle, Drupal, MediaWiki, phpBB, osTicket, TYPO3.
  • Removed in 18.0.77: WordPress, Joomla, PrestaShop.

---

Admin checklist (recommended)

1. Apply Update 2 (and Update 1 if you skipped it).
2. Validate Dovecot (doveconf -n, systemctl status dovecot) and mail clients (Thunderbird “Encrypted Password”).
3. If you use Warden, apply the manual Dovecot 2.4 patch before changing Warden policies (link to guide will be added).
4. Update Log Browser to 1.9.15 if you parse mail logs.
5. Note deprecations (UserVoice, APS) and plan migrations.
6. If you run Debian 13 or AlmaLinux 10, check corresponding extension updates (SOGo, DNSSEC, Migrator, Docker, Node.js Toolkit, Watchdog).

---

Next steps (and Warden fix link)

We’ll attach the Warden+Dovecot 2.4 manual fix guide link here (with exact config blocks, validation steps, and restart), so you can recover mail service immediately and avoid regressions until the extension’s permanent fix lands.

In the meantime, focus on applying updates, verifying Dovecot/Thunderbird, and avoiding Warden policy changes until the patch is in place or the next Warden version resolves it permanently.