dovecot_plain authenticator failed for and executable attachment "ForwardedMessage.eml

Post Reply
n2rga
Junior Member
Posts: 9
Joined: 09 Apr 2014, 03:48

dovecot_plain authenticator failed for and executable attachment "ForwardedMessage.eml

Post by n2rga »

I just move my clients to a new server.
I have dovecot and Exim
CSF and imunify360

I get a lot of emails about lfd on jds1.3aliXXXXXXXX.com: blocked XX.68.245.XX (US/United States/c-XX-68-245-xx.hsd1.xx.xxxxxxx.net)

T
ime: Fri Jul 8 11:59:08 2022 -0400
IP: XX.68.245.XX (US/United States/c-XX-68-245-xx.hsd1.xx.xxxxxxx.net)
Failures: 5 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block [LF_SMTPAUTH] (IP match in csf.allow, block may not work)

Log entries:

2022-07-08 11:31:03 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62954: 535 Incorrect authentication data (set_id=rick@XXXXXXX.com)
2022-07-08 11:31:09 dovecot_login authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62954: 535 Incorrect authentication data (set_id=rick@XXXXXXX.com)
2022-07-08 11:31:15 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62956: 535 Incorrect authentication data (set_id=rick@XXXXXXX.com)
2022-07-08 11:31:21 dovecot_login authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:62956: 535 Incorrect authentication data (set_id=rick@XXXXXXX.com)
2022-07-08 11:59:03 dovecot_plain authenticator failed for c-xx.68-245-xx.hsd1.xx.xxx.net ([IPv6:::ffff:192.168.1.2]) [XX.68.245.XX]:63107: 535 Incorrect authentication data (set_id=rick@XXXXXXX.com)
My client said when he forwards messages he gets a return failure.

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

robertXXXXX@gmail.com
This message has been rejected because it has
a potentially executable attachment "ForwardedMessage.eml"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
XXXXXX@3aliXXXXXXXX.com
This message has been rejected because it has
a potentially executable attachment "ForwardedMessage.eml"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.


Reporting-MTA: dns; XXXX.3alienswebXXXXXX.com

Action: failed
Final-Recipient: rfc822;XXXX.3alienswebXXXXXX.com
Status: 5.0.0

Action: failed
Final-Recipient: rfc822;robertclements345@gmail.com
Status: 5.0.0

ForwardedMessage.eml
Subject:
Fwd: Mail delivery failed: returning message to sender
From:
rick XXXXXX <rick@XXXXXXX.com>
Date:
7/8/2022, 1:56 PM
To:
3 Aliens Web Hosting <XXXX.3alienswebXXXXXX.com>
CC:
Rob XXXXXXXX <robertXXXXX@gmail.com>
when he sends it from his personal ISP email it goes through fine.
His IP is also listed on: SORBS DUHL and Spamhaus ZEN

The IPs on the black list are my clients. and was wondering if there was something I did to cause it?
The machine IPs are clean.
Is there something I did as far as a config to get these messages?
I had to white-list him so he could get his email.

Mitch
Post Reply