On 10/5/2013 9:19 AM, Paul Shuttleworth wrote: > I have changed the password on the domain in question and they are still > getting in. > I have tried changing the password and sending mail with the old password, > this gets .. relying denied, so SMTP auth is working ok. > I have been through the server and looked at each domain for these users, > I did find one called jon on an old domain which I have now deleted, just > in case this was accepting the SMTP auth. domains don't have passwords, user accounts do. if you had a jon user associated with domain1.com and another jon user associated with domain2.com how did you keep them straight? my usual solution is jon1, jon2 or jon_dom1 jon_dom2 also, what PAM are you using for user accounts? simple passwd/shadow static files? LDAP/activedirectory/something centralized ? -- john r pierce 37N 122W somewhere on the middle of the left coast