we don't use aliases, so it is not set to 'on'.
however, after chris took a look, it turns out the offending account was
not only redirected, but also had an entry in nwauth, which meant it was
possible to log in.
the individual whom i set up as domain manager apparently screwed things up.
i will now go back and check my users to ensure there aren't other cases
like this.
are we having fun yet?????
david camm
On 5/26/2015 2:53 PM, Paul M. Beck wrote:
> If you don't mind me asking...
>
> I don't know if it works across domains but what is your setting for g_alias_login_disable
>
> Paul
>
> On May 26, 2015, at 2:46 PM, David Camm HIDDEN@advwebsys.com> wrote:
>
>> chris - definitely not in domuser.dat. let's take this offline.
>>
>> david camm
>> advanced web systems
>> keller, tx
>>
>>
>> On 5/25/2015 4:36 PM, surgemail-support wrote:
>>> isHIDDEN@y.com mentioned in domuser.dat by any chance?
>>>
>>> Failing that I'm a little surprized, I could take a look directly if you like.
>>>
>>> ChrisP.
>>>
>>>
>>> On 26/05/2015 1:20 a.m., David Camm wrote:
>>>> checking my email this morning i cam across the following (redacted):
>>>>
>>>> g_user_send_warning: HIDDEN@y.com) 500 >= 500, User send warning reached (from ip 96.47.226.20), user has sent a lot in one day, g_user_send_max=0
>>>>
>>>> the ip address is registered to a network in germany, so obviously something amiss. the spammer used several different combinations of user name/source ip addresses in the from envelope and i've seen that before.
>>>>
>>>> what i DON'T understand is the account HIDDEN@y.com) is a redirect (was='xxx' to='zzz@qqq.com') anad, as such doesn't have a login.
>>>>
>>>> so, how could it be used to send????
>>>>
>>>> david camm
>>>> advanced web systems
>>>> keller, tx
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>
>
|
