dovecot_plain authenticator failed

attroll

Member
Feb 28, 2004
19
0
151
Maine
I am getting a lot of these errors in my exim_rejectlog.
I don't know anything about this. Can someone explain this and how I could fix this or at least send me in the right direction.

2019-01-28 05:30:01 dovecot_plain authenticator failed for (127.0.0.1) [37.237.180.205]:44986: 535 Incorrect authentication data ([email protected]****.com)
2019-01-28 05:30:07 dovecot_login authenticator failed for (127.0.0.1) [37.237.180.205]:44986: 535 Incorrect authentication data (set_id=AB\023)
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
Looks to me like somebody or something is trying to log in to the email account [email protected] and AB\023 (which probably doesn't exist)
Maybe a smtp connection trying to send emails.
The I.P 37.xxx.xxx.xxx appears to be Iraq.

Do you have CSF firewall installed ?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
May 31, 2020
9
0
1
iran
cPanel Access Level
Root Administrator
hello i have receved this log in whm for a acount host

2020-05-31 10:17:40 dovecot_login authenticator failed for ([127.0.0.1]) [37.152.162.4]:44764: 535 Incorrect authentication data ([email protected] ac .ir)
2020-05-31 10:17:42 dovecot_plain authenticator failed for ([127.0.0.1]) [37.152.162.4]:44764: 535 Incorrect authentication data ([email protected] .ac .ir)
2020-05-31 10:17:42 dovecot_login authenticator failed for ([127.0.0.1]) [37.152.162.4]:44776: 535 Incorrect authentication data ([email protected] .ac .ir)
2020-05-31 10:17:44 dovecot_plain authenticator failed for ([127.0.0.1]) [37.152.162.4]:44776: 535 Incorrect authentication data ([email protected] .ac .ir)
2020-05-31 10:17:46 dovecot_login authenticator failed for ([127.0.0.1]) [37.152.162.4]:44782: 535 Incorrect authentication data ([email protected] ac. ir)

i susbended this acount but again receved this log.
pleace help me. and sorry for bad english :)
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I would guess that even if the account is suspended you could still get these errors.
I quite often see these for accounts that don't even exist.

If someone is trying to gain access to [email protected]****.ac.ir, then it would be best to determine if this is the actual user who has maybe forgotten his/her password.

If you believe this to be a hacker trying to gain access, then ensure that the password would be impossible to guess.
Consider blocking the IP address in CSF.
 
  • Like
Reactions: mamati.yazdanbakhsh
May 31, 2020
9
0
1
iran
cPanel Access Level
Root Administrator
I would guess that even if the account is suspended you could still get these errors.
I quite often see these for accounts that don't even exist.

If someone is trying to gain access to [email protected]****.ac.ir, then it would be best to determine if this is the actual user who has maybe forgotten his/her password.

If you believe this to be a hacker trying to gain access, then ensure that the password would be impossible to guess.
Consider blocking the IP address in CSF.
thanks for answer