I'm hoping someone has an idea here.
Have something very baffling on a server running centos + ispconfig2 with dovecot.
Essentially this server is configured so all email user accounts are in the format: domain.ext_user (all these accounts are system users)
But somehow, I've got some bad hats managing to authenticate as email@example.com
I have no idea how this is being done, I have looked everywhere I can think of for a user account matching the smtp login without success. I've isolated the login in the maillogs that show things like: firstname.lastname@example.org
The email address expressed in the sasl username does exist.
I've already done the usual such as changing the password for the user in question that has that email address but somehow the successful authentication continues.
I did find an old ssh enabled user that has a username that matches the user portion of the email address which I've disabled but again my question is how is this authentication possible.
I've checked postfix and saslauthd is the only pwcheck method available.
I've attempted to enable some debug logging to see if that sheds any light but no joy yet.
Any ideas on this would be of great interest.