535 Incorrect authentication data not logging correctly

[Mauritz]

We recently installed configserver and have had a customer constantly blocked due to SMTP authentication issues. I have verified the exim_mainlog and saw the following:

2016-04-19 15:49:30 dovecot_plain authenticator failed for ([192.168.10.188]) [196.15.245.***]:58395: 535 Incorrect authentication data (set_id=**[email protected]**)

The issue is that although the IP address is correct, the masked email address does not belong to that specific customer but another one domain / customer on the server. They do not share the same premises and the IP address is definately different at the 2 offices (2 seperate customers altogether).

Although it does not seem probable, how is it that dovecot is misrepresenting the customers when logging? I see that 2 IP addresses are added (internal and external), could dovecot have the login attempts incorrect or is there something more serious we should look at?

 

[dalem]

are the [email protected] addresses similar do the 2 clients know each other?

 

[Mauritz]

The only similarities would be (I am guessing here because I cannot determine which address is supposedly blocked by client A as it the logs only lists the address of client b) may be [email protected]{definatelynotthesame}.co.za - I have also confirmed with the customers and they do not know each other.

 

[cPanelMichael]

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.