Markif

Member
Nov 9, 2016
23
2
78
Toulouse
cPanel Access Level
Root Administrator
Hello,
I see in /var/log/maillog repeating IMAP attempts to the "mailer-daemon" user of a domain.
Is this something to worry about,
or is this just a robot making errors...
example

Code:
-----
May 19 03:40:09 is30 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 14 secs): user=<[email protected]***>, method=PLAIN, rip=***, lip=***, TLS, session=<8GJEJYVssQQFvAmR>
May 19 03:40:24 is30 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 14 secs): user=<[email protected]***>, method=PLAIN, rip=***, lip=***, TLS, session=<kZ4rJoVsgEtcP8E3>
-----
Thanks,
Marco
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello Marco,

It looks like a failed login attempt that you can safely ignore. Can you verify if the IP addresses you removed from the log output are remote or local IP addresses?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello Marco,

In that case, it's just showing you a failed authentication attempt with that username from that IP address. You could block the IP address in your firewall if you'd like to prevent it from making additional authentication attempts.

Thank you.