Markif

Well-Known Member
Nov 9, 2016
55
7
133
Toulouse
cPanel Access Level
Root Administrator
Hello,
I see in /var/log/maillog repeating IMAP attempts to the "mailer-daemon" user of a domain.
Is this something to worry about,
or is this just a robot making errors...
example

Code:
-----
May 19 03:40:09 is30 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 14 secs): user=<[email protected]***>, method=PLAIN, rip=***, lip=***, TLS, session=<8GJEJYVssQQFvAmR>
May 19 03:40:24 is30 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 14 secs): user=<[email protected]***>, method=PLAIN, rip=***, lip=***, TLS, session=<kZ4rJoVsgEtcP8E3>
-----
Thanks,
Marco
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello Marco,

It looks like a failed login attempt that you can safely ignore. Can you verify if the IP addresses you removed from the log output are remote or local IP addresses?

Thank you.
 

Markif

Well-Known Member
Nov 9, 2016
55
7
133
Toulouse
cPanel Access Level
Root Administrator
Hello,

rip is a always changing remote IP, lip is the server IP

Thank you,
Marco
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello Marco,

In that case, it's just showing you a failed authentication attempt with that username from that IP address. You could block the IP address in your firewall if you'd like to prevent it from making additional authentication attempts.

Thank you.