Exim4 Mainlog shows failed dovecot-login authenticator activity of deleted domain

Hi there,

I have a question concerning deleted domains. I deleted a domain (previous-domain.com) from my HestiaCP install. If I look in the exim4 mainlog it shows quit a lot of ‘dovecot-login’ authenticator failed activity with (non-existent) e-mail-addresses with that same previous-domain.com

`2022-02-07 01:40:11 TLS error on connection from scanner-25.ch1.censys-scanner.com [162.142.125.220] (recv): The TLS connection was non-properly terminated.
2022-02-07 01:45:04 no host name found for IP address 66.71.243.98
2022-02-07 01:45:07 dovecot_login authenticator failed for (USER) [66.71.243.98]: 535 Incorrect authentication data ([email protected])
2022-02-07 01:58:34 TLS error on connection from 75-108-22-188.bcstcmta02.res.dyn.suddenlink.net [75.108.22.188] (gnutls_handshake): The TLS connection was non-properly terminated.
2022-02-07 02:05:13 Start queue run: pid=273720
2022-02-07 02:05:13 1nFhrV-001ZNs-H0 == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for 'ssl-tools.net'
2022-02-07 02:05:13 End queue run: pid=273720
2022-02-07 02:10:33 no host name found for IP address 74.119.146.2
2022-02-07 02:10:36 dovecot_login authenticator failed for (USER) [74.119.146.2]: 535 Incorrect authentication data ([email protected])
2022-02-07 02:15:36 dovecot_login authenticator failed for (USER) [107.181.162.169]: 535 Incorrect authentication data ([email protected])
2022-02-07 02:32:33 dovecot_login authenticator failed for 75-108-22-188.bcstcmta02.res.dyn.suddenlink.net (User) [75.108.22.188]: 535 Incorrect authentication data ([email protected])
2022-02-07 02:35:13 Start queue run: pid=277480
2022-02-07 02:35:13 1nFhrV-001ZNs-H0 == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for 'ssl-tools.net'
2022-02-07 02:35:13 End queue run: pid=277480
2022-02-07 02:40:56 no host name found for IP address 167.94.146.57
2022-02-07 02:40:56 TLS error on connection from [167.94.146.57] (recv): The TLS connection was non-properly terminated.
2022-02-07 02:48:44 no host name found for IP address 66.71.243.98
2022-02-07 02:48:47 dovecot_login authenticator failed for (USER) [66.71.243.98]: 535 Incorrect authentication data ([email protected])
2022-02-07 03:05:13 Start queue run: pid=279723
2022-02-07 03:05:13 1nFhrV-001ZNs-H0 == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for 'ssl-tools.net'
2022-02-07 03:05:13 End queue run: pid=279723`

Is there something I can or should do to prevent this from happening?

Thanks in advance!

Looks like some devices still have the email account set up and are trying to connect to the server.

I have something similar when I connect to my mail server via thunderbird: 75-108-22-188.bcstcmta02.res.dyn.suddenlink.net This is a private provider connection host from suddenlink (internet provider)

As long domains still have point with DNS to the ip you will get this message…

Safe to ignore …,

Yes, I was thinking the same @turbopixel but I deleted that account from all devices already. I also deleted all DNS records that pointed to my server @eris. But it will probably slow down soon then. Thanks for your answers!

Even after a domain has been expired:

2022-02-08 13:43:01 dovecot_login authenticator failed for (localhost) [5.34.207.93]: 535 Incorrect authentication data ([email protected])

So don’t count on it…

Haha okey! We’ll see then. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.