Can't login to Dovecot during distributed imap login attack

rch7 · Apr 21, 2021

Can't login to Dovecot, e.g. from Cpanel "Check Mail" link to Roundcube, when distributed imap/pop3 login attack is going on. The question isn't about attack mitigation, but how to prevent it to from locking out imap login with correct password for the same email account at least temporary. Is it some standard PAM setup issue?
Contents /etc/pam.d/dovecot are:
#%PAM-1.0
auth required pam_nologin.so
auth include system-auth
account include system-auth
session include system-auth

CentOS 7.9.2009 Cpanel v94.0.4

cPRex · Apr 22, 2021

Hey there! This is more likely a cPHulk issue if you have that tool enabled on the system: cPHulk Brute Force Protection | cPanel & WHM Documentation

Can you check that area and see if that is what you're experiencing?

rch7 · Apr 22, 2021

Thank you it should be the issue

Thread starter	Similar threads	Forum	Replies	Date
G	SOLVED Can't login to WebMail: "The page isn’t redirecting properly"	Email	11	Dec 27, 2020
E	Can't login to cPanel or Webmail	Email	4	May 21, 2019
C	Can't login to e-mail or cPanel	Email	5	Jun 19, 2018
A	Can't login to Webmail using dovecot master password	Email	3	Jan 13, 2018
S	Single email account can't login or change password	Email	3	Jun 20, 2017

Search

Search

Can't login to Dovecot during distributed imap login attack

rch7

Member

cPRex

Jurassic Moderator

rch7

Member