I just move my clients to a new server.
I have dovecot and Exim
CSF and imunify360
I get a lot of emails about lfd on jds1.3aliXXXXXXXX.com: blocked XX.68.245.XX (US/United States/c-XX-68-245-xx.hsd1.xx.xxxxxxx.net)
Time: Fri Jul 8 11:59:08 2022 -0400
IP: XX.68.245.XX (US/United States/c-XX-68-245-xx.hsd1.xx.xxxxxxx.net)
Failures: 5 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block [LF_SMTPAUTH] (IP match in csf.allow, block may not work)
Log entries:
2022-07-08 11:31:03 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62954: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:31:09 dovecot_login authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62954: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:31:15 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62956: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:31:21 dovecot_login authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62956: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:59:03 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:63107: 535 Incorrect authentication data (set_id=[email protected])
My client said when he forwards messages he get a return failure.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
This message has been rejected because it has
a potentially executable attachment "ForwardedMessage.eml"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
[email protected]
This message has been rejected because it has
a potentially executable attachment "ForwardedMessage.eml"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
Reporting-MTA: dns; XXXX.3alienswebXXXXXX.com
Action: failed
Final-Recipient: rfc822;XXXX.3alienswebXXXXXX.com
Status: 5.0.0
Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
ForwardedMessage.eml
Subject:
Fwd: Mail delivery failed: returning message to sender
From:
rick XXXXXX <[email protected]>
Date:
7/8/2022, 1:56 PM
To:
3 Aliens Web Hosting <XXXX.3alienswebXXXXXX.com>
CC:
Rob XXXXXXXX <[email protected]>
when he sends it from his personal ISP email it goes through fine.
His IP is also listed on: SORBS DUHL and Spamhaus ZEN
Mitch
I have dovecot and Exim
CSF and imunify360
I get a lot of emails about lfd on jds1.3aliXXXXXXXX.com: blocked XX.68.245.XX (US/United States/c-XX-68-245-xx.hsd1.xx.xxxxxxx.net)
Time: Fri Jul 8 11:59:08 2022 -0400
IP: XX.68.245.XX (US/United States/c-XX-68-245-xx.hsd1.xx.xxxxxxx.net)
Failures: 5 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block [LF_SMTPAUTH] (IP match in csf.allow, block may not work)
Log entries:
2022-07-08 11:31:03 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62954: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:31:09 dovecot_login authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62954: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:31:15 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62956: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:31:21 dovecot_login authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62956: 535 Incorrect authentication data (set_id=[email protected])
2022-07-08 11:59:03 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:63107: 535 Incorrect authentication data (set_id=[email protected])
My client said when he forwards messages he get a return failure.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
This message has been rejected because it has
a potentially executable attachment "ForwardedMessage.eml"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
[email protected]
This message has been rejected because it has
a potentially executable attachment "ForwardedMessage.eml"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
Reporting-MTA: dns; XXXX.3alienswebXXXXXX.com
Action: failed
Final-Recipient: rfc822;XXXX.3alienswebXXXXXX.com
Status: 5.0.0
Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
ForwardedMessage.eml
Subject:
Fwd: Mail delivery failed: returning message to sender
From:
rick XXXXXX <[email protected]>
Date:
7/8/2022, 1:56 PM
To:
3 Aliens Web Hosting <XXXX.3alienswebXXXXXX.com>
CC:
Rob XXXXXXXX <[email protected]>
when he sends it from his personal ISP email it goes through fine.
His IP is also listed on: SORBS DUHL and Spamhaus ZEN
Mitch
Last edited by a moderator:
