Mail Log - What is this account doing?

[Networkologist]

Sorry for the flood of posts, but I'm just getting a handle on all of this.

At first I received a bounced e-mail to plain.rackshack.net even tho I changed the hostname a while ago. I id a relay check using sam spade and it says it won't talk to me; so how did this happen?:

This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

martyn@mjryan.fsnet.co.uk
(ultimately generated from rockfall@ultimateforce.net)
SMTP error from remote mailer after RCPT TO:<martyn@mjryan.fsnet.co.uk>:
host mail-in.pol.net.uk [195.92.193.155]: 550-Verification failed for <nobody@plain.rackshack.net>
550-Unrouteable address
550 Sender verify failed

======================================
So I looked at my mail log and saw one account with hundreds of the these for days on end:

x's were added by me

Mar 22 15:53:09 secure cpanelpop[27889]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
Mar 22 15:53:09 secure cpanelpop[27889]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
Mar 22 15:53:09 secure cpanelpop[27889]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
Mar 22 15:54:14 secure cpanelpop[27893]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
Mar 22 15:54:14 secure cpanelpop[27893]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
Mar 22 15:54:14 secure cpanelpop[27893]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
Mar 22 15:54:56 secure imapd[27899]: Logout user=??? domain=??? host=localhost [127.0.0.1]
Mar 22 15:55:19 secure cpanelpop[27924]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
Mar 22 15:55:19 secure cpanelpop[27924]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
Mar 22 15:55:20 secure cpanelpop[27924]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
Mar 22 15:56:25 secure cpanelpop[27928]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
Mar 22 15:56:25 secure cpanelpop[27928]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
Mar 22 15:56:25 secure cpanelpop[27928]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
Mar 22 15:57:30 secure cpanelpop[27933]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
Mar 22 15:57:30 secure cpanelpop[27933]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
Mar 22 15:57:31 secure cpanelpop[27933]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
Mar 22 15:58:35 secure cpanelpop[27948]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
Mar 22 15:58:35 secure cpanelpop[27948]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
Mar 22 15:58:36 secure cpanelpop[27948]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
Mar 22 15:59:40 secure cpanelpop[27973]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx

[webprox]

I would like to know this as well. Have the same thing in my logs

cPanel.net Support Ticket Number:

[howard]

I would think that the person could either be trying to abuse antirelayd by ensuring his ip always stays in the allow list? Or for reasons known to himself has set his cliennt to check every minute, Have you asked them?

Did you also try restarting exim after changing your hostname? is the plain.rackshack.net shown in the banner when you connect to the smtp port?

cPanel.net Support Ticket Number:

[nsz]

I also have TONS of these lines in my logs.

Mar 22 15:54:56 secure imapd[27899]: Logout user=??? domain=??? host=localhost [127.0.0.1]

What would be causing this? I have no uses using IMAP at this time.

Any info would be appreciated.