On 10/5/2013 9:19 AM, Paul Shuttleworth wrote:
I have changed the password on the domain in question and they are still getting in. I have tried changing the password and sending mail with the old password, this gets .. relying denied, so SMTP auth is working ok. I have been through the server and looked at each domain for these users, I did find one called jon on an old domain which I have now deleted, just in case this was accepting the SMTP auth.
domains don't have passwords, user accounts do. if you had a jon user associated with domain1.com and another jon user associated with domain2.com how did you keep them straight? my usual solution is jon1, jon2 or jon_dom1 jon_dom2
also, what PAM are you using for user accounts? simple passwd/shadow static files? LDAP/activedirectory/something centralized ?