login with user name

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
AndreL
Normal user
Normal user
Posts: 31
Joined: 2016-06-07 15:42

login with user name

Post by AndreL » 2016-06-11 20:39

I'm preparing a migration from my current email server to hmailserver.

The current server allow login with the username without domain name. Hmailserver server imposes the full email address including the domain name.

Could be hard to update every client devices in the office and ouside.

Any script or other tips to allow short username login to a 'default' domain ?

Thanks.

User avatar
SorenR
Senior user
Senior user
Posts: 4712
Joined: 2006-08-21 15:38
Location: Denmark

Re: login with user name

Post by SorenR » 2016-06-11 21:10

hMailAdmin -> Settings -> Advanced -> Default domain....
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

AndreL
Normal user
Normal user
Posts: 31
Joined: 2016-06-07 15:42

Re: login with user name

Post by AndreL » 2016-06-11 21:21

Super.

I missed it !
Thanks a lot.

User avatar
jimimaseye
Moderator
Moderator
Posts: 9185
Joined: 2011-09-08 17:48

Re: login with user name

Post by jimimaseye » 2016-06-11 21:44

Remember that having a 'default domain' in this way makes it easy for brute force guessing of passwords (they only need to enter the name/localpart and not the full address). Most spambot attempts dont supply the '@domain' part eg, "contact", "info", "sales", "geoff" etc). So ensuring strong passwords is advised.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 4712
Joined: 2006-08-21 15:38
Location: Denmark

Re: login with user name

Post by SorenR » 2016-06-11 22:25

jimimaseye wrote:Remember that having a 'default domain' in this way makes it easy for brute force guessing of passwords (they only need to enter the name/localpart and not the full address). Most spambot attempts dont supply the '@domain' part eg, "contact", "info", "sales", "geoff" etc). So ensuring strong passwords is advised.
Well.... If the FQDN of your mailserver is "mail.acme.inc" there is a 95% probability that you have a "postmaster@acme.inc" so why not just state the obvious yourself :mrgreen:

I use "default domain" and 98% of the password guessing games I see, have the full email address of either "postmaster@acme.inc" or my kids names... (Go figure :wink: )
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

User avatar
jimimaseye
Moderator
Moderator
Posts: 9185
Joined: 2011-09-08 17:48

Re: login with user name

Post by jimimaseye » 2016-06-11 22:37

My current autobans:
capture.png
No "...@domains" in there. And I DO have a valid "sales@mydomain" address which would have left them open to guessing the password if I had used 'default domain' (they tried with "sales", as you can see).

(And I dont operate postmaster@ or abuse@. I know, naughty naughty.)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply