dovecot_plain authenticator failed

attroll · Jan 28, 2019

I am getting a lot of these errors in my exim_rejectlog.
I don't know anything about this. Can someone explain this and how I could fix this or at least send me in the right direction.

2019-01-28 05:30:01 dovecot_plain authenticator failed for (127.0.0.1) [37.237.180.205]:44986: 535 Incorrect authentication data ([email protected]****.com)
2019-01-28 05:30:07 dovecot_login authenticator failed for (127.0.0.1) [37.237.180.205]:44986: 535 Incorrect authentication data (set_id=AB\023)

keat63 · Jan 29, 2019

Looks to me like somebody or something is trying to log in to the email account [email protected] and AB\023 (which probably doesn't exist)
Maybe a smtp connection trying to send emails.
The I.P 37.xxx.xxx.xxx appears to be Iraq.

Do you have CSF firewall installed ?

cPanelLauren · Jan 30, 2019

If that originating IP address isn't your local IP address (or your client's) it does indeed look like a brute force attempt. Along with @keat63 suggestion cPhulk would also be helpful in this instance. cPHulk Brute Force Protection - Version 76 Documentation - cPanel Documentation

mamati.yazdanbakhsh · May 31, 2020

hello i have receved this log in whm for a acount host

2020-05-31 10:17:40 dovecot_login authenticator failed for ([127.0.0.1]) [37.152.162.4]:44764: 535 Incorrect authentication data ([email protected] ac .ir)
2020-05-31 10:17:42 dovecot_plain authenticator failed for ([127.0.0.1]) [37.152.162.4]:44764: 535 Incorrect authentication data ([email protected] .ac .ir)
2020-05-31 10:17:42 dovecot_login authenticator failed for ([127.0.0.1]) [37.152.162.4]:44776: 535 Incorrect authentication data ([email protected] .ac .ir)
2020-05-31 10:17:44 dovecot_plain authenticator failed for ([127.0.0.1]) [37.152.162.4]:44776: 535 Incorrect authentication data ([email protected] .ac .ir)
2020-05-31 10:17:46 dovecot_login authenticator failed for ([127.0.0.1]) [37.152.162.4]:44782: 535 Incorrect authentication data ([email protected] ac. ir)

i susbended this acount but again receved this log.
pleace help me. and sorry for bad english

mamati.yazdanbakhsh · Jun 2, 2020

hello i removed my problem
IPREMOVED this ip in the white list and we remove this ip addres
thanks cpanel.net

keat63 · Jun 2, 2020

I would guess that even if the account is suspended you could still get these errors.
I quite often see these for accounts that don't even exist.

If someone is trying to gain access to [email protected]****.ac.ir, then it would be best to determine if this is the actual user who has maybe forgotten his/her password.

If you believe this to be a hacker trying to gain access, then ensure that the password would be impossible to guess.
Consider blocking the IP address in CSF.

mamati.yazdanbakhsh · Jun 2, 2020

keat63 said:
I would guess that even if the account is suspended you could still get these errors.
I quite often see these for accounts that don't even exist.

If someone is trying to gain access to [email protected]****.ac.ir, then it would be best to determine if this is the actual user who has maybe forgotten his/her password.

If you believe this to be a hacker trying to gain access, then ensure that the password would be impossible to guess.
Consider blocking the IP address in CSF.

thanks for answer

Thread starter	Similar threads	Forum	Replies	Date
S	dovecot_plain authenticator failed	Email	1	Apr 27, 2020
C	Spammer using Gmail provided smtp (Dovecot_Plain auth, TLS/SSL) ... gmail problem? client problem?..	Email	1	Jun 5, 2014
H	SMTP Failures (smtpauth) -dovecot_plain authenticator failed	Email	9	May 21, 2014
F	localhost gives dovecot authenticator error using trying to auth smtp to external server	Email	5	Mar 28, 2014
L	courier_login authenticator failed in exim email	Email	2	Nov 8, 2013

Search

Search

dovecot_plain authenticator failed

attroll

Member

keat63

Well-Known Member

cPanelLauren

Product Owner

mamati.yazdanbakhsh

Member

mamati.yazdanbakhsh

Member

keat63

Well-Known Member

mamati.yazdanbakhsh

Member