535 Incorrect authentication data not logging correctly

Mauritz

• April 20, 2016 06:14

We recently installed configserver and have had a customer constantly blocked due to SMTP authentication issues. I have verified the exim_mainlog and saw the following: 2016-04-19 15:49:30 dovecot_plain authenticator failed for ([192.168.10.188]) [196.15.245.***]:58395: 535 Incorrect authentication data (set_id=**masked@example.com**) The issue is that although the IP address is correct, the masked email address does not belong to that specific customer but another one domain / customer on the server. They do not share the same premises and the IP address is definately different at the 2 offices (2 seperate customers altogether). Although it does not seem probable, how is it that dovecot is misrepresenting the customers when logging? I see that 2 IP addresses are added (internal and external), could dovecot have the login attempts incorrect or is there something more serious we should look at?

• 

  dalem

  • April 20, 2016 14:24

  are the masked@example.com addresses similar do the 2 clients know each other?

  0
• 

  Mauritz

  • April 21, 2016 05:06

  The only similarities would be (I am guessing here because I cannot determine which address is supposedly blocked by client A as it the logs only lists the address of client b) may be info@{definatelynotthesame}.co.za - I have also confirmed with the customers and they do not know each other.

  0
• 

  cPanelMichael

  • April 21, 2016 19:22

  Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.

  0

Please sign in to leave a comment.