[CentOS] SMTP Auth Spam Mail Attack

Sat Oct 5 19:53:14 UTC 2013
John R Pierce <pierce at hogranch.com>

On 10/5/2013 9:19 AM, Paul Shuttleworth wrote:
> I have changed the password on the domain in question and they are still
> getting in.
> I have tried changing the password and sending mail with the old password,
> this gets .. relying denied, so SMTP auth is working ok.
> I have been through the server and looked at each domain for these users,
> I did find one called jon on an old domain which I have now deleted, just
> in case this was accepting the SMTP auth.

domains don't have passwords, user accounts do.   if you had a jon user 
associated with domain1.com and another jon user associated with 
domain2.com how did you keep them straight?    my usual solution is 
jon1, jon2 or jon_dom1  jon_dom2

also, what PAM are you using for user accounts?   simple passwd/shadow 
static files?  LDAP/activedirectory/something centralized ?

john r pierce                                      37N 122W
somewhere on the middle of the left coast