535 Incorrect authentication data not logging correctly

Mauritz

Well-Known Member
Apr 29, 2015
62
0
6
Johannesburg
cPanel Access Level
Root Administrator
We recently installed configserver and have had a customer constantly blocked due to SMTP authentication issues. I have verified the exim_mainlog and saw the following:

2016-04-19 15:49:30 dovecot_plain authenticator failed for ([192.168.10.188]) [196.15.245.***]:58395: 535 Incorrect authentication data (set_id=**[email protected]**)

The issue is that although the IP address is correct, the masked email address does not belong to that specific customer but another one domain / customer on the server. They do not share the same premises and the IP address is definately different at the 2 offices (2 seperate customers altogether).

Although it does not seem probable, how is it that dovecot is misrepresenting the customers when logging? I see that 2 IP addresses are added (internal and external), could dovecot have the login attempts incorrect or is there something more serious we should look at?
 

Mauritz

Well-Known Member
Apr 29, 2015
62
0
6
Johannesburg
cPanel Access Level
Root Administrator
The only similarities would be (I am guessing here because I cannot determine which address is supposedly blocked by client A as it the logs only lists the address of client b) may be [email protected]{definatelynotthesame}.co.za - I have also confirmed with the customers and they do not know each other.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.