Back to Community Threads
4
Changing password doesn't force re-auth?
Problem reported by Peter Konshak - 5/25/2018 at 9:46 AM
Submitted
We had an account compromised by a spammer who had the account password.  Changing the password doesn't seem to force a re-auth, they were still able to send mail.  We had to kill the active connection, or failing that, I guess reboot the server.  Is this the way this is supposed to work?

3 Replies

Reply to Thread
0
JerseyConnect Team Replied
5/29/2018 at 7:08 AM
Yeah I've noticed this too on v15. Maybe it's different in v16 or will be in v17. We typically just disable compromised accounts to kill the active session, then reset the password and clean up the spool before re-enabling.
0
Ujjaval Patel Replied
6/8/2018 at 1:31 PM
Instead of rebooting the server, I restarted the SM service when this happens.
0
Peter Konshak Replied
6/18/2018 at 3:27 AM
Restarting the SM service works, but you do have to have access to the machine to do that. If you are out of town, no remote access, and trying to fix this remotely via the web-based admin, it may not be an option.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Setting Up Two-Step Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization
Resolving JSON IssuesSmarterMail > Troubleshooting
Force Webmail Traffic Over HTTPSSmarterMail > Server Configuration and Management
SmarterMail Doesn't Run After Changing Windows LocaleSmarterMail > Troubleshooting