dovecot_plain authenticator failed

attroll · Jan 28, 2019

I am getting a lot of these errors in my exim_rejectlog.
I don't know anything about this. Can someone explain this and how I could fix this or at least send me in the right direction.

2019-01-28 05:30:01 dovecot_plain authenticator failed for (127.0.0.1) [37.237.180.205]:44986: 535 Incorrect authentication data (set_id=attroll@****.com)
2019-01-28 05:30:07 dovecot_login authenticator failed for (127.0.0.1) [37.237.180.205]:44986: 535 Incorrect authentication data (set_id=AB\023)

keat63 · Jan 29, 2019

Looks to me like somebody or something is trying to log in to the email account attroll@xxx.com and AB\023 (which probably doesn't exist)
Maybe a smtp connection trying to send emails.
The I.P 37.xxx.xxx.xxx appears to be Iraq.

Do you have CSF firewall installed ?

cPanelLauren · Jan 30, 2019

If that originating IP address isn't your local IP address (or your client's) it does indeed look like a brute force attempt. Along with @keat63 suggestion cPhulk would also be helpful in this instance. cPHulk Brute Force Protection - Version 76 Documentation - cPanel Documentation

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

dovecot_plain authenticator failed

attroll Member

keat63 Well-Known Member

cPanelLauren Forums Analyst II Staff Member

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

dovecot_plain authenticator failed

attroll Member

keat63 Well-Known Member

cPanelLauren Forums Analyst II Staff Member

Share This Page