The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Failed IMAP login from ... as I have NO imap acount configured

Discussion in 'E-mail Discussions' started by chris427, Nov 10, 2014.

  1. chris427

    chris427 Member

    Joined:
    Nov 10, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi everybody,

    I have a webhost who rent me a Apache server with my own domain name, with a website and a webmail server.

    Since 9 of October, I encounter a problem. The server blocks my IP address, indicating the followin error :
    xxx.xxx.xxx.xxx # lfd: (imapd) Failed IMAP login from xxx.xxx.xxx.xxx.

    (where xxx.xxx.xxx.xxx is my ip address).

    Before the 9th of October, I had imap acount configured in my pc and tablet and cell.
    As my webhost and me couldn't find where the problem came from, I havec deleted my imap acount and created a pop one on my pc. I have deleted the ones configured on my tablet and cell phone.

    I thought the problem was resolved. But today, my IP address has been blocked by the server, with the same error message,Faile imap login.

    How can I get this error message as I have no configured imap acount for more than 1 week but only a pop3 one ?

    My webhost doens't find the problem and because it is always my IP adresse which is blocked, he sais that it must be my computer. I have runned ccleaner, the Microsoft Security Scanner, sent a Hijackthis report. Nothing wrong was found on my computer.

    Have you ever experienced this kind of problem ?

    Thank you for your help,

    Christine
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Re: # lfd: (imapd) Failed IMAP login from ... as I have NO imap acount configured

    Hello :)

    Please have your hosting provider review /var/log/maillog or the cPHulk brute force detection logs to determine why you are unable to authenticate.

    Thank you.
     
  3. chris427

    chris427 Member

    Joined:
    Nov 10, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Re: # lfd: (imapd) Failed IMAP login from ... as I have NO imap acount configured

    Hi Michael,
    Here is the error message :
    xxx.xxx.xxx.216 # lfd: (imapd) Failed IMAP login from xxx.xxx.xxx.216

    as xxx.xxx.xxx.216 is my IP address that I have hidden.

    My problem is that I have only 2 pop3 account configured on my pc, nothing else, no IMAP account anymore.

    Thank you,

    Chris
     
  4. chris427

    chris427 Member

    Joined:
    Nov 10, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael, I have more information now :

    Nov 10 07:40:59 server dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=23.92.215.10, TLS: SSL_read() syscall failed: Connection reset by peer, session=<K+uGeYAHPwC4kbfY>
    Nov 10 07:41:01 server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<chris@mydomainename.com>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=23.92.215.10, TLS, session=<8seEeYAHXwC4kbfY>
    Nov 10 07:41:06 server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<chris@mydomainname.com>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=23.92.215.10, TLS, session=<TWeQeYAHqwC4kbfY>

    Thank you for your help,

    Christine
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Are you sure that you are not accessing Webmail or using some other application or website script that utilizes IMAP for that email account? If so, report that information to your hosting provider because there is not much further you can do to investigate without root access.

    Thank you.
     
  6. chris427

    chris427 Member

    Joined:
    Nov 10, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Well, I have deleted all accounts on tablet and cell.
    I have deleted the IMAP account on my pc (I use Outlook 2007) and configured a pop3 account.

    I've never used another e-mail programm except Thunderbird lately, but the problem were still there so I've deleted the programm.

    So there might be in my computer something that try to send e-mail with my old imap account.
    I that possible ?

    "If so, report that information to your hosting provider because there is not much further you can do to investigate without root access."

    Of course I've told my provider. And we have made many tests and as well deleted completely the account on CPANEL and create it again, etc. But he says that the problem comes obviously from my computer.

    So what can I do now ? "format C:" for my computer ?

    Many thanks for your help,

    Chris
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  8. chris427

    chris427 Member

    Joined:
    Nov 10, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi !
    In fact, I don't know if I'm blocked when the computer is on or off. I just discover, sometimes, that I'm blocked. I haven't been blocked today neither yesterday afternoon.
    I'm putting the "automatic receipt/send" option at off.
    So I will see if it does block when I'm not working on my computer.

    Thanks again for your help to find where the problem comes from !

    Chris
     
  9. chris427

    chris427 Member

    Joined:
    Nov 10, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael,
    I've been blocked at 2:38 am (during the night).
    I had desactivated the automatic "send and receipt" action.

    Here is the error message :
    xxx.xxx.xxx.xxx # lfd: (imapd) Failed IMAP login from xxx.xxx.xxx.xxx (CA/Canada/bas1-quebec15-3096557528.dsl.bell.ca): 10 in the last 3600 secs - Fri Nov 14 02:38:12 2014

    My computer was on.
    What kind of application could try to get my e-mails ?

    Thank you,

    Chris
     
  10. chris427

    chris427 Member

    Joined:
    Nov 10, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael,
    I have installed TCP View.
    I think the problem doesn't come from my cpanel, but I still ask here as I don't know where to ask :

    On TCP View and the CMD netstat, I see this :
    TCP 192.168.5.5:21177 c75.152.63-26.clta.globetrotter.net:microsoft-ds SYN_SENT
    Impossible d'obtenir les informations de propri‚taire
    TCP 192.168.5.5:21178 c75.152.63-26.clta.globetrotter.net:microsoft-ds SYN_SENT
    Impossible d'obtenir les informations de propri‚taire
    TCP 192.168.5.5:21179 c75.152.63-26.clta.globetrotter.net:netbios-ssn SYN_SENT
    Impossible d'obtenir les informations de propri‚taire

    Apparently, my Computer tryes to connect somewhere but I don't know where.
    With TCP view I see the PID 4. and il my task manager I don't see any connexion with PID 4.

    Do you know how to get the programm which tryes to connect ?

    Thank you for your help,

    Chris
    TCPview.jpg
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible that it's malware installed on your workstation. You may want to run a virus scan or consider reinstalling the OS to see if the issue continues.

    Thank you.
     
Loading...

Share This Page