Ouch! A disabled account can send mail in SM? That's not good at all. The conversion also seems less than optimal not taking all account settings with it.
Thanks for the heads up. Darin. ----- Original Message ----- From: "Michael Graveen" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, February 09, 2007 1:08 PM Subject: Re: [IMail Forum] Is there a default password for the root account? Thanks Darin. So I'm pretty sure this is a known password to the world. This may be off topic for the IMail forum, but I think I should share it to keep others from making the mistake I did. I converted a couple of IMail domains over to SmarterMail taking the "root" account in each domain with it. This account maybe disabled in IMail, but when you convert it over to SmarterMail the account gets enabled. I didn't even think about it at the time. Just this morning I noticed the volume on the mail server was really up. I was catching over 1000 viruses an hour (my usual virus volume on this server is about 10 per day). My root accounts had been compromised. You cannot just disable the account in SmarterMail, you must change the password of the account. There is a bug in Smarter Mail that will still let a user send mail even if the account is disabled. One good thing was that because almost all the SPAM that was being sent was some virus/phishing scam, ClamAv caught them and looks like it deleted the email before it left the server. Just thought I'd pass this on. Thanks, Mike At 10:52 AM 2/9/2007, you wrote: >I'm not sure, but I would try "password". That is what is set by default >when adding a new user, if no password is specified. I checked by >decrypting the root password on one of our domains and it was also >"password". > >Darin. > > >----- Original Message ----- >From: "Michael Graveen" <[EMAIL PROTECTED]> >To: <[email protected]> >Sent: Friday, February 09, 2007 11:19 AM >Subject: [IMail Forum] Is there a default password for the root account? > > >I apologize if this has been asked in the past, but I couldn't find >the answer in the archives. Does the "root" account in every domain >in IMail have a default password? I know the account is disabled by >default, but I was just curious if there was a default password or is it >blank? > >Thanks, > >Mike > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
