cphulk blocking users on mobile data but no wifi

[IISG]

Hello All,

I have a strange problem that I have confirmed several times so I know the information provided is accurate.

I have a couple of users that when they check email via iphone (6s just in case that means anything and also on tmobile) and the phone is on wifi, the users get all emails and everything works perfectly for their pop3 account (with or without ssl).
Then when the user turns off wifi and checks email via mobile data it pops up and says bad password, which can't be because the password is perfect on wifi.

I then had the cell phone in my hand, turned off cphulk , mail checked fine, turned it back on, error.

Now over time I got cphulk to block it again but show in the mailllog file the following:
dovecot: auth: Error: Cpanel::MailAuth: cphulk blocked login for user

The issue with this is that it does not show ANYTHING in the cphulk history report under any of the types.

I then "whitelist" the tmobile IP and it works, but never showed up in iptables or cphulk reporting.

any suggestions so I don't keep running into this?

And of course keep the ip I whitelisted or any other tmobile ip would be a mistake imho.

Thanks!

 

[cPanelMichael]

Hello

Do you notice any entries in /usr/local/cpanel/logs/cphulkd.log from when this happened?

Thank you.

 

[IISG]

yes I do see entries that say they are blocking an IP address, however it's like it follows the user and is blocking the user.
It's a tmobile IP address, so its not good to whitelist it, but even if I do temporarily it happens again to the same user.
I put and saved the password into the cell phone myself so I know the password is correct.

Thanks!

 

[cPanelMichael]

Hello

Browse to:

"WHM Home » Security Center » cPHulk Brute Force Protection"

Do you see a message such as "The system disabled firewall options. These options require IPTables v1.4 or higher and a non-Virtuozzo environment."?

Thank you.