Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim logs filled with dovecot_login fails

Discussion in 'E-mail Discussion' started by NOC SZ, Apr 18, 2019.

  1. NOC SZ

    NOC SZ Member

    Joined:
    Sep 13, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dubai
    cPanel Access Level:
    Root Administrator
    I m getting the below in my exim_mainlog
    Code:
    ==================
    2019-04-14 03:37:18 dovecot_login authenticator failed for (server.com) [178.128.xx.xxx]:57038: 535 Incorrect authentication data ([email protected])
    2019-04-14 03:37:18 SMTP connection from (server.com) [178.128.xx.xxx]:57038 lost (error: Connection reset by peer) D=1s
    2019-04-14 03:37:45 SMTP connection from [142.93.xxx.xx]:41656 (TCP/IP connection count = 1)
    2019-04-14 03:37:45 no host name found for IP address 142.93.xxx.xx
    ==================
    
    and there are lot of these entries.
    The domain(or subdomain) some.domain.ns.ca is pointing to my ip which is not my domain.
    How can I get rid of this?
    Is it any kind of attack?

    Please help.
     
    #1 NOC SZ, Apr 18, 2019
    Last edited by a moderator: Apr 18, 2019
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,534
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. NOC SZ

    NOC SZ Member

    Joined:
    Sep 13, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dubai
    cPanel Access Level:
    Root Administrator
    Thank you @cPanelMichael
    Unfortunately the thread you have shared doesn't answer my question, in fact there is no perfect solution in that thread.

    Is it possible to block the domain town.example.com before they make an attempt for smtp login?
     
    #3 NOC SZ, Apr 22, 2019
    Last edited: Apr 23, 2019
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,534
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @NOC SZ,

    You can't do this with any existing cPanel & WHM features, but you could setup a custom regular expression rule in CSF (a free firewall management plugin) to automatically block IP addresses that attempt to use "town.example.tld" as the email account username. Here's the link to the thread on the CSF forums that shows examples of how to do this:

    Custom REGEX rules for CSF. - ConfigServer Community Forum

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. NOC SZ

    NOC SZ Member

    Joined:
    Sep 13, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dubai
    cPanel Access Level:
    Root Administrator
    Thanks again for your help @cPanelMichael

    I tried that already and blocking the IPs at the very first attempt. But each time they are coming with a new IP which makes this action less useful.
    Any other means like change exim configs or anything to get rid of this?
    I think there are more people out there having same issue?
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,534
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @NOC SZ,

    You'll need to block the IP addresses at the firewall level if you want to block the connection attempts before the request is sent. You can see a list of system administration service providers on the link below should you require a custom solution:

    System Administration Services | cPanel Forums

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice