Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Eamil tranport issue / false positive authentication issue

Discussion in 'E-mail Discussion' started by doulos61, Jul 30, 2011.

  1. doulos61

    doulos61 Well-Known Member

    Dec 13, 2006
    Likes Received:
    Trophy Points:
    I am having an issue with my EXIM email and need a resolution please. Here are two indicators of what has happened -

    I am getting warnings from the server as follows;

    Subject: lfd on Email queue size alert
    Time: Sat Jul 30 18:47:58 2011 -0500
    The exim delivery queue size is 2612

    In addition My outlook is not able to connect to email and generates the following error;

    Task ' - Receiving' reported error (0x800CCC92) : 'Your e-mail server rejected your login. Verify your user name and password in your account properties. Under Tools, click E-mail accounts. The server responded: -ERR Authentication failed (bad password?)'

    By way of troubleshooting I have successfully authenticated and connected to my web email ( for the account in question. I then use the horde gui to send an email to another address target of mine to check the outgoing from the server. I then reply to the received email to check the incoming.

    From the Horde GUI, I can both send and receive emails. I then take those same credentials and ensure that is what outlooks is using. When I test the email in outlook, it fails with the aforementioned error.

    All of this worked until recently when my VPS was locked down for being over quota as a result of my providers recent patching efforts of the VPS upper level host.

    As far as everything else, EXIM is working correctly. I have also restarted the service.

    Where is the problem? What should I look into? HOW do I FIXT IT!?

    Much thnx
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Oct 2, 2010
    Likes Received:
    Trophy Points:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Could you try removing and re-adding the email account in Outlook, or changing the email account password in cPanel > Email Accounts area, and then changing that email account password in Outlook as well?
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. doulos61

    doulos61 Well-Known Member

    Dec 13, 2006
    Likes Received:
    Trophy Points:
    Thanks for the reply Tristan - I actually thought about PM you on this.

    I have it fixed. It appears that I had/have two issues going on here - the email queue issue is because my server is sending out SPAM, and the authentication/POP3 validation is a known issue.

    I tracked it down by checking the message log (/var/log/messages). I noticed alot of these entries reoccuring;

    server1 popa3d(pam_unix)[13128]: check pass; user unknown
    server1 popa3d(pam_unix)[13128]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
    server1 popa3d[13128]: Authentication failed for UNKNOWN USER from
    I searched around and found out "There’s a bug in cPanel which prevents user from checking mail from mail client, while you can login to webmail without a problem and you can send out email without a problem."

    The fix is this -

    SSH into the server
    cd /etc/xinetd.d/
    edit these files:

    (*my server only had these two files.)

    You’ll see one line saying: disable = ‘no’ make it disable = ‘yes’

    Save and exit. Then restart xinetd and cppop.

    This resolved the problem for the POP3. Now I have to move on to addressing my server sending out spam. I am totally unsure if this is true. Any post suggestion or advise is appreciated. Here is a sample header -

    mailnull 47 12
    1312340530 0
    -ident mailnull
    -received_protocol local
    -body_linecount 128
    -max_received_linelength 629
    -frozen 1312340531
    146P Received: from mailnull by with local (Exim 4.69)
    	id 1QoRik-0000Rt-U5
    	for; Tue, 02 Aug 2011 22:01:46 -0500
    037  X-Failed-Recipients:
    029  Auto-Submitted: auto-replied
    064F From: Mail Delivery System <>
    020T To:
    059  Subject: Mail delivery failed: returning message to sender
    053I Message-Id: <>
    038  Date: Tue, 02 Aug 2011 22:01:46 -0500
    This message was created automatically by mail delivery software.
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:
        The mail server detected your message as spam and has prevented delivery (50).
    ------ This is a copy of the message, including all the headers. ------
    Return-path: <>
    Received: from [] (port=50182
    	by with esmtp (Exim 4.69)
    	(envelope-from <>)
    	id 1QoRig-0000RM-4L
    	for; Tue, 02 Aug 2011 22:01:46 -0500
    Received: from; Tue, 02 Aug 2011 21:02:58 -0600
    Received: from
    From: "�ھ���" <>
    Subject: ����Ϊʲô���֣�
    MIME-Version: 1.0
    Content-Type: text/html;
    X-mailer: Mnzcb 6
    Date: Tue, 02 Aug 2011 21:02:58 -0600
    Message-ID: <>
    X-Spam-Subject: ***SPAM*** ����Ϊʲô���֣�
    X-Spam-Status: Yes, score=16.6
    X-Spam-Score: 166
    X-Spam-Bar: ++++++++++++++++
    X-Spam-Report: Spam detection software, running on the system "", has
    	identified this incoming email as possible spam.  The original message
    	has been attached to this so you can view it (if it isn't spam) or label
    	similar future email.  If you have any questions, see
    	the administrator of that system for details.
    	Content preview:  ����Ϊʲô���� ����Ϊʲô���֣� �� [...] 
    	Content analysis details:   (16.6 points, 5.0 required)
    	pts rule name              description
    I have substituted my domain for the above example as ""

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice