Back to Community Threads
Unable to login to SmarterMail
Problem reported by Mark Milton - Today at 1:49 AM
Submitted
M
Something has happened over night and I can no longer login to the webmail as a user or admin

If I try login as a Admin I get
That domain was not found. Double check your email address.

As a user
There was an error logging into this account. Please contact your domain or system administrator.

Any ideas how I can fix this ASAP?
J
Jack. Replied
Today at 1:54 AM
M
Mark Milton Replied
Today at 2:07 AM
Thanks

Will reset the Admin password now

I guess doing the upgrade route will remove all files they have uploaded to the MRS folder
M
Mark Milton Replied
Today at 2:12 AM
Stopped the SM Service to do the password reset and now the service won't start

Windows could not start the SmarterMail Server service on Local Computer.
Error 1053: The service did not repond to the start or control request in a timely fashion.
Howell Dell Replied
Today at 2:22 AM
I am afraid to have to inform you that SmarterMail had several CVEs that were just announced in the last few weeks that would allow many "older" versions of SmarterMail to be taken over by bad actors. This sounds like this is what happened to you. 

Not sure what build version is nor more about your config or your situation with the license, however, its more than likely that is your issue. Any version of SM prior to Build 9526 (Jan 30, 2026) is now compromised. You need to upgrade to the version above ASSP. 

If the future do use Admin or Administrator usernames as your login, also have 2FA on and Restrict IP if possible.

But since the CVEs allow for file auth bypass upload and admin auth bypass its an serious issue. It is also more than likely your server has been loaded with various kinds of backdoors aka RATs (Remote Access Tools) and other malware.

Everything I Host is via a VM so I built a new VM from scratch and only migrated the data in less than 24 hours. I did see that some RATs were installed on my server. I caught this very quickly so the damage seems to have been minimal on my end.

If you are on a newer version of SmarterMail that uses JSON files for config then you can follow these notes to regain access--https://portal.smartertools.com/kb/a2739/reset-administrator-username-and-password.aspx. If you are on an older version then I'm not exactly sure.

I wrote and PowerShell script to scan all users to report when was the last password change so I could see how much trouble I was in. If you go back a few posts you can learn more about this. You can ask Co-Pilot to help you with Powershell.

Good luck to you....
M
Mark Milton Replied
Today at 2:25 AM
So the only way to get access again is by building a new VM and move the domains over?

I did try to admin password reset by editing the json file but I can't get the service to restart

I have 2 SM servers so far only one has been hut. The other is running a really old version 16

Be happy to pay someone to fix this
Howell Dell Replied
Today at 2:29 AM
 
Mark Milton: I guess doing the upgrade route will remove all files they have uploaded to the MRS folder...
The bad actors have escaped the MRS folder and files can be any place. The latest version of SM has its own Web Server built in so the MRS folder is only a proxy now.

What build are you on? A .Net Core Edition?

The bad actors likely have installed other software like they did on mine. You are going to have to do a deep clean of the server. If you are on a VM my recommendation it to build a refresh install then follow the SM migration process to a new Server.

For newer versions of SM sometime you often have to manually stop the mailservice.exe that is hanging around. I normally go into task manager and stop that process so I can restart SmarterMail Service.
Howell Dell Replied
Today at 2:39 AM
If you are on a newer version of SmarterMail then migration is fairly straight forward... Check out https://portal.smartertools.com/kb/a2724/migrate-smartermail-to-a-different-server.aspx. You only need the C:\Program Files*\SmarterTools\SmarterMail\Service\Settings and the SmarterMail Folder with Domains, Spool and so on... Often in C:\SmarterMail but I place mine on a D: drive.

I just went thru this twice in a matter of months as my backup software (unrelated to this issue) failed for some strange reason that I could not figure. Build a new VM I did!
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
500 Error After Upgrading to the Latest BuildSmarterMail > Troubleshooting
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Migrating SmarterMail to LinuxSmarterMail > Server Configuration and Management
Customizing SmarterMail's Webmail InterfaceSmarterMail > Installation and Configuration
Key Feature and Version Milestones in SmarterMailSmarterMail