scott wrote:Ok I see whats going on, thats a different format for the log than in other versions of cpanel. So the decoder doesn't know how to detect the IP address in the version you're in. Not a hard fix, out of curiosity which version of cpanel are you using?
Thanks for the replies. I'll check the mail issue later.
I'm using CPanel 11.40.1 (build 0). It's the latest "Release" version.
WHM says:
Code: Select all
CENTOS 6.5 x86_64 standard – myServerName | WHM 11.40.1 (build 9)
I'm usinge the ASL kernel.
There is an option in WHM where you can choose your mailserver. I think I had Courier before. But it seems like CPanel now favors Dovecot ("This is the default choice.").
I just saw that I missed something in the log line:
Code: Select all
Jan 15 22:25:17 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<franco>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<94//8AjwLwDAb06e>
Jan 15 22:25:34 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<friday>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<ab4C8gjwjwDAb06e>
Jan 15 22:25:51 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gabby>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<vuQF8wjwywDAb06e>
Jan 15 22:26:08 myServerName dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gabe>, method=PLAIN, rip=192.111.78.158, lip=46.4.89.8, session=<jDUJ9AjwnQDAb06e>
Jan 15 22:26:28 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gabi>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<GEg69QjwVgDAb06e>
Jan 15 22:26:45 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gabriela>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<exlF9gjwGADAb06e>
Jan 15 22:27:02 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gabriel>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<OjFI9wjwJwDAb06e>
Jan 15 22:27:19 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gabriella>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<9FlL+AjwdADAb06e>
Jan 15 22:27:39 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gaby>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<R2B8+QjwzQDAb06e>
Jan 15 22:27:56 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gada>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<2tt/+gjwpgDAb06e>
Jan 15 22:28:13 myHostNameWithoutDomain dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<gad>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<d02D+wjw5ADAb06e>
or
Code: Select all
Jan 15 23:26:15 myHostNameWithoutDomain dovecot: pop3-login: Disconnected: Inactivity (auth failed, 1 attempts in 180 secs): user=<jojo>, method=PLAIN, rip=192.111.78.158, lip=46.x.y.z, session=<XdJSwQnwtADAb06e>
I also saw that the SMTP-Errors are logged to /var/log/exim_reject
Code: Select all
2014-01-16 05:54:06 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:52648: 535 Incorrect authentication data (set_id=test@downhill-rangers.com)
2014-01-16 05:54:10 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:52684: 535 Incorrect authentication data (set_id=test@downhillschrott.com)
2014-01-16 05:54:11 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:52743: 535 Incorrect authentication data (set_id=test@dh-rangers.com)
2014-01-16 05:54:13 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:52818: 535 Incorrect authentication data (set_id=test@downhill-rangers.com)
2014-01-16 05:54:19 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53046: 535 Incorrect authentication data
2014-01-16 05:54:19 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53097: 535 Incorrect authentication data
2014-01-16 05:54:20 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53113: 535 Incorrect authentication data
2014-01-16 05:54:21 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53154: 535 Incorrect authentication data
2014-01-16 05:54:23 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53242: 535 Incorrect authentication data
2014-01-16 05:54:37 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53749: 535 Incorrect authentication data
2014-01-16 05:54:38 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53843: 535 Incorrect authentication data
2014-01-16 05:54:39 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:53954: 535 Incorrect authentication data
2014-01-16 05:54:41 dovecot_login authenticator failed for 108.168.250.170-static.reverse.softlayer.com (USER) [108.168.250.170]:54023: 535 Incorrect authentication data
2014-01-16 20:25:34 H=(microsof-088e7c) [217.8.95.146]:63746 rejected MAIL <info@bico.su>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2014-01-16 20:25:42 dovecot_login authenticator failed for 38215.vs.webtropia.com (ylmf-pc) [62.141.38.215]:61817: 535 Incorrect authentication data
2014-01-16 20:25:50 H=(customer-187-237-215-98.uninet-ide.com.mx) [187.237.215.98]:1943 F=<eiyeobnpz@00359.net> rejected RCPT <tyqsanq327@domainonmyserver.com>: No Such User Here"
2014-01-16 20:25:52 dovecot_login authenticator failed for 38215.vs.webtropia.com (ylmf-pc) [62.141.38.215]:62815: 535 Incorrect authentication data
2014-01-16 20:25:53 H=([84.79.136.249]) [84.79.136.249]:4160 F=<volepfs@portalsado.com> rejected RCPT <zmkyyauhg170@domainonmyserver.com>: No Such User Here"
2014-01-16 20:25:54 H=93-86-103-135.dynamic.isp.telekom.rs [93.86.103.135]:3761 F=<hajdoot@datasmith.net> rejected RCPT <sxvbpgrom831@26zoll.com>: No Such User Here"
2014-01-16 20:25:55 H=net-93-67-192-255.cust.dsl.vodafone.it ([46.182.90.79]) [93.67.192.255]:62572 F=<wpxehiqanupe@jazfry.com> rejected RCPT <cpiyhhvw837@domainonmyserver.com>: No Such User Here"
2014-01-16 20:25:56 H=boi59-4-82-240-113-18.fbx.proxad.net [82.240.113.18]:30804 F=<ixgilgdpkg@menagulfgate.com> rejected RCPT <ctpaduivp871@26zoll.com>: No Such User Here"
2014-01-16 20:25:59 H=222.17.217.87.dynamic.jazztel.es (95.19.217.87.dynamic.jazztel.es) [87.217.17.222]:65145 F=<ilpfcwmbv@fusionjewellers.com.au> rejected RCPT <fvgxp194@domainonmyserver.com>: No Such User Here"
In the exim reject log I saw the reason, why I did not get the mails:
Code: Select all
2014-01-16 20:32:02 H=localhost (notify.ossec.net) [127.0.0.1]:41582 sender verify fail for <asl@myhost.mydomain.com>: Unrouteable address
2014-01-16 20:32:02 H=localhost (notify.ossec.net) [127.0.0.1]:41582 F=<asl@myhost.mydomain.com> rejected RCPT <anything.offnetwork@myprovider.at>: Sender verify failed
I changed the sender email from
asl@myhostname.com to root@.... Now I'm receiving the mails. I'm just asking myself why I did not look into that earlier
.