That's Plesk's main domain. I can just filter all the mails, but it's really annoying.I've never seen this coming from a Plesk system. Most likely it is send by another system, probably the one behind the "double-bounce@..." part that is blurred in the image.
Here is the log file Jun 26 03:45:04 li1486-98 dovecot: pop3-login: Aborted login (no auth attempts i - Pastebin.com (replaced email names).There is no "double-bounce" address on Plesk installations. And "EHLO scanner.sslsonar.org" - is that your server?
Have you checked /var/log/maillog (var/log/mail.log on some systems) what the entry is there at the time when the mail is processed?
I am not using any vulnerability scanners. I need to get watchdog notifcations + plesk server update, so turning postfix and dovecot is bad idea.Disable the vulnerability scanner? If it is coming from 127.0.0.1 it means that it is running on your own machine.
Further, if your system does absolutely not use any email functions, you could simply stop Postfix and Dovecot (in that case you will not receive any notifications from the Plesk software either). Or you could put a Wildcard into the Blacklist and you could whitelist all local addresses.
Jun 26 03:50:04 li1486-98 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<9xexmvSo5LJ/AAAB>
Jun 26 03:50:04 li1486-98 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<XlKxmvSorot/AAAB>
Jun 26 03:50:04 li1486-98 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<FH2xmvSosIx/AAAB>
Jun 26 03:55:04 li1486-98 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<fu+TrPSoAKR/AAAB>
Jun 26 03:55:04 li1486-98 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<fhmUrPSoHrN/AAAB>
Jun 26 03:55:04 li1486-98 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<Y1GUrPSo6It/AAAB>
Jun 26 03:55:04 li1486-98 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<LnqUrPSo6ox/AAAB>
Jun 26 07:57:04 li1486-98 postfix/smtpd[23318]: warning: error opening chain file: /etc/postfix/postfix_default.pem: No such file or directory