Unable to change Adobe password
Posted: Sun Oct 06, 2013 2:31 pmAs most of us probably know by now Adobe suffered a security breach recently. As an Adobe customer, I received an email requesting me to change my password by going to the Adobe Login and resetting my password, which would initiate an email back to me with a password reset token which I could use to reset and change my password.
Checking the source of the email and manually browsing to adobe.com confirmed that the initial email was legit, so I followed the instructions and reset my password. Only problem is, the resulting email containing the token never arrived. I figured the Adobe servers were overloaded, so left it for a day or so. Still no email. I reset it again, and waited. NO EMAIL! What the...
I got onto my host's email system and checked the logs. Our host checks and verifies sender domains and rejects those that do not verify. This eliminates a vast quantity of spam, and it is a common tactic in the arms war on spam.
So, the info from the logs:
The original email was sent from [yadayada]@bounce.mail.adobesystems.com and the sender host was mta8.mail.adobesystems.com - this was verified and processed for delivery into my inbox.
The password token reset emails came from either @adobe.com or @acrobat.com yet the sender host was exprod6og119.obsmtp.com. The host mail system reports "Sender verify failed" and the incoming mail was rejected.
It's possible that this direction of email via obsmtp.com is a result of the security breach, in which case there will be further dramas. Perhaps our host has some misconfiguration also, but I suspect that the obsmtp service is legit yet Adobe have not thought through the impact of sending a critical password token via a third party host.
Fail.
Checking the source of the email and manually browsing to adobe.com confirmed that the initial email was legit, so I followed the instructions and reset my password. Only problem is, the resulting email containing the token never arrived. I figured the Adobe servers were overloaded, so left it for a day or so. Still no email. I reset it again, and waited. NO EMAIL! What the...
I got onto my host's email system and checked the logs. Our host checks and verifies sender domains and rejects those that do not verify. This eliminates a vast quantity of spam, and it is a common tactic in the arms war on spam.
So, the info from the logs:
The original email was sent from [yadayada]@bounce.mail.adobesystems.com and the sender host was mta8.mail.adobesystems.com - this was verified and processed for delivery into my inbox.
The password token reset emails came from either @adobe.com or @acrobat.com yet the sender host was exprod6og119.obsmtp.com. The host mail system reports "Sender verify failed" and the incoming mail was rejected.
It's possible that this direction of email via obsmtp.com is a result of the security breach, in which case there will be further dramas. Perhaps our host has some misconfiguration also, but I suspect that the obsmtp service is legit yet Adobe have not thought through the impact of sending a critical password token via a third party host.
Fail.
