The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

535 Incorrect authentication data not logging correctly

Discussion in 'E-mail Discussions' started by Mauritz, Apr 20, 2016.

  1. Mauritz

    Mauritz Active Member

    Joined:
    Apr 29, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Johannesburg
    cPanel Access Level:
    Root Administrator
    We recently installed configserver and have had a customer constantly blocked due to SMTP authentication issues. I have verified the exim_mainlog and saw the following:

    2016-04-19 15:49:30 dovecot_plain authenticator failed for ([192.168.10.188]) [196.15.245.***]:58395: 535 Incorrect authentication data (set_id=**masked@example.com**)

    The issue is that although the IP address is correct, the masked email address does not belong to that specific customer but another one domain / customer on the server. They do not share the same premises and the IP address is definately different at the 2 offices (2 seperate customers altogether).

    Although it does not seem probable, how is it that dovecot is misrepresenting the customers when logging? I see that 2 IP addresses are added (internal and external), could dovecot have the login attempts incorrect or is there something more serious we should look at?
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
  3. Mauritz

    Mauritz Active Member

    Joined:
    Apr 29, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Johannesburg
    cPanel Access Level:
    Root Administrator
    The only similarities would be (I am guessing here because I cannot determine which address is supposedly blocked by client A as it the logs only lists the address of client b) may be info@{definatelynotthesame}.co.za - I have also confirmed with the customers and they do not know each other.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page