Back to Community Threads
Changing password doesn't force re-auth?
Problem reported by Peter Konshak - 5/25/2018 at 9:46 AM
Submitted
We had an account compromised by a spammer who had the account password.  Changing the password doesn't seem to force a re-auth, they were still able to send mail.  We had to kill the active connection, or failing that, I guess reboot the server.  Is this the way this is supposed to work?
JerseyConnect Team Replied
5/29/2018 at 7:08 AM
Yeah I've noticed this too on v15. Maybe it's different in v16 or will be in v17. We typically just disable compromised accounts to kill the active session, then reset the password and clean up the spool before re-enabling.
Ujjaval Patel Replied
6/8/2018 at 1:31 PM
Instead of rebooting the server, I restarted the SM service when this happens.
Peter Konshak Replied
6/18/2018 at 3:27 AM
Restarting the SM service works, but you do have to have access to the machine to do that. If you are out of town, no remote access, and trying to fix this remotely via the web-based admin, it may not be an option.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting
Integrating Google Apps with SmarterMailSmarterMail > Domain/User Configuration and Management
Setting Up Two-Step Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization
Resolving JSON IssuesSmarterMail > Troubleshooting
Force Webmail Traffic Over HTTPSSmarterMail > Server Configuration and Management