Multiple dovecot_login authenticator failed

amrit_singh · Jan 21, 2023

Hi, I need help as I am getting multiple hits on dovecot_login authenticator failed. My Inbox is full of messages such as

Time: Sat Jan 21 19:52:50 2023 +0530

IP: 80.68.125.160 (SE/Sweden/80.68.125.160.karlsborgsenergi.se)

Failures: 1 (smtpauth)

Interval: 3600 seconds

Blocked: Permanent Block [LF_TRIGGER]

Log entries:

2023-01-21 19:52:46 dovecot_login authenticator failed for (80.68.125.160.karlsborgsenergi.se) [80.68.125.160]:48636: 535 Incorrect authentication data (set_id=business)

Is there any option to reduce or harden the security to avoid such massive emails? I am new to centos and have difficulty dealing with this issue.

cPRex · Jan 23, 2023

Hey there! cPanel itself has the cPHulk Brute Force Detection tool here:

cPHulk Brute Force Protection | cPanel & WHM Documentation

This interface allows you to configure cPHulk, a service that provides protection for your server against brute force attacks.

docs.cpanel.net

which does monitor the dovecot service. With the IP-based protection enabled, it can block the IP from accessing the server in the future.

amrit_singh · Jan 23, 2023

Alright I will check it out.

Thanks for the reply.

Thread starter	Similar threads	Forum	Replies	Date
A	2FA on multiple phones	Security	4	Dec 20, 2022
K	Correct way to install multiple SSL certs on one account	Security	3	Aug 28, 2022
D	Breached cPanel - multiple logged logins even with 2FA enabled	Security	2	Jul 24, 2022
	share 2FA with multiple users	Security	3	May 10, 2022
G	Autossl renewal in pending queue for days on multiple servers	Security	6	Nov 26, 2021

Search

Search

Multiple dovecot_login authenticator failed

amrit_singh

Member

cPRex

Jurassic Moderator

cPHulk Brute Force Protection | cPanel & WHM Documentation

amrit_singh

Member