Disable Catch-All... then no-one can log in..

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
wirelessmedia
Normal user
Normal user
Posts: 38
Joined: 2007-01-16 17:43
Location: Vancouver
Contact:

Disable Catch-All... then no-one can log in..

Post by wirelessmedia » 2008-03-09 23:50

I'm tempted to delete the domain and accounts and re-installed BUT..

When I deselect the catch all address (in 273), then no-one can login via IMAP (the logging just says 'no such user'), re-enable catch-all and users can login immediately..

Any ideas?

User avatar
mattg
Moderator
Moderator
Posts: 21115
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Post by mattg » 2008-03-10 00:42

get your users to use 'user@domainname.com' as their login, rather than just 'user'.

This is normally triggered by the 'default domain' switch though.

Matt

User avatar
wirelessmedia
Normal user
Normal user
Posts: 38
Joined: 2007-01-16 17:43
Location: Vancouver
Contact:

Post by wirelessmedia » 2008-03-10 03:32

All users were logging in with their full username, and no default domain name was specified.

I enabled logging, looked at the logs, and it was simple rejecting the IMAP login (not sure about POP as I don't have any pop users but guess that's the same), activating the catchall then allows users to login and access their IMAP mailboxes. At present our domain has been found by glorious spammers, so I just received about 50,000 returned emails (thanks guys in Russia!!) hence why I disabled the catchall and found that no users could login under their account. Other users on other domains are ok.

After further testing it appears as though all users are disabled (no emails will get through to their email accounts as well) after a catchall was specified and then the 'active' checkbox disabled. I've restarted the service and restarted the server...

Bog standard install on a custom mysql db

Any logs I can provide?

User avatar
mattg
Moderator
Moderator
Posts: 21115
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Post by mattg » 2008-03-10 04:46

Certainly some logs would help. Enable all logging and post a portion of the logs around the time where users are unable to log on to their account.

SPAMmers shouldn't be able to use your server to send mail just because you have a 'catch-all' address. They have either guessed a password or you have enabled external to external...

Matt

plobby
Normal user
Normal user
Posts: 115
Joined: 2008-01-29 07:04

Post by plobby » 2008-03-10 04:50

I think he meant that spammers found some of the mail addresses to one of his domains and use some sort of dictionary guesser for names and shot off ~50k emails and the catch-all address got the ones that weren't legit users.

User avatar
wirelessmedia
Normal user
Normal user
Posts: 38
Joined: 2007-01-16 17:43
Location: Vancouver
Contact:

Post by wirelessmedia » 2008-03-10 06:19

yea.. sorry, it's nothing to do with our mailserver.. I run a social networking site, http://FriendSite.com , and they used our usernames and fired off a ton of spam faking the from address (we've got SPF records enabled which should help block a lot of the spam), but nothing was sent from our mail server.

I'll enable logs and send them over in the next hour or so.

Thanks!

User avatar
wirelessmedia
Normal user
Normal user
Posts: 38
Joined: 2007-01-16 17:43
Location: Vancouver
Contact:

Post by wirelessmedia » 2008-03-10 20:19

Matt, can I email you the log as it has email addresses in it, and I don't need any more spam ;-) thanks!

There's nothing out of the ordinary in the logs... I deselected the ACTIVE checkbox, closed out of mail (mac), opened back in and it stated my login credentials weren't correct. Re-activated the catchall, closed mail, re-opened and all ok.

Strange eh!

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2008-03-10 21:22

That active tickbox you are deselcting is to make the domain active or not.

To remove the catchall address just make the 2 boxes blank.

User avatar
wirelessmedia
Normal user
Normal user
Posts: 38
Joined: 2007-01-16 17:43
Location: Vancouver
Contact:

Post by wirelessmedia » 2008-03-10 21:36

ahhhhhh, I wondered why all the other domains were selected as active! My mistake, but I have to admit it's not very clear regarding the layout... could you not have the title "Domain Active" together with the active/deactivate option underneath the domain name with a seperator, and then the catchall email underneath it...

Sorry for the confusion on my part!

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2008-03-10 21:36

I think this has already been changed in V5

Post Reply