Multiple dovecot_login authenticator failed

Operating System & Version
CentOS v7.9.2009 STANDARD kvm
cPanel & WHM Version
106.0.11

amrit_singh

Member
Aug 16, 2022
9
3
3
India
cPanel Access Level
Reseller Owner
Hi, I need help as I am getting multiple hits on dovecot_login authenticator failed. My Inbox is full of messages such as

Time: Sat Jan 21 19:52:50 2023 +0530

IP: 80.68.125.160 (SE/Sweden/80.68.125.160.karlsborgsenergi.se)

Failures: 1 (smtpauth)

Interval: 3600 seconds

Blocked: Permanent Block [LF_TRIGGER]

Log entries:

2023-01-21 19:52:46 dovecot_login authenticator failed for (80.68.125.160.karlsborgsenergi.se) [80.68.125.160]:48636: 535 Incorrect authentication data (set_id=business)

Is there any option to reduce or harden the security to avoid such massive emails? I am new to centos and have difficulty dealing with this issue.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,427
2,113
363
cPanel Access Level
Root Administrator
Hey there! cPanel itself has the cPHulk Brute Force Detection tool here:


which does monitor the dovecot service. With the IP-based protection enabled, it can block the IP from accessing the server in the future.