cornishman33

Member
Jun 25, 2014
11
2
3
Kernow, Nr England
cPanel Access Level
Root Administrator
Hello. I have encountered a situation that I don't understand.
I have denied Host Access Control to webmaild, imap, pop3 and smtp for "ALL" apart from five IP's.
I applied the "Allowed" IP's first, then the "Deny's" so I believe they are entered correctly. We tested it by getting staff NOT in the whitelist to try to access those areas, and hey! they were blocked. Good so far.
This morning, the cPHulk History reports were full of login attempts (about 40) to service "Mail" authentication service "Dovecot". Have I misunderstood it, or have I done something wrong?

Any suggestions would be sincerely appreciated.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
This morning, the cPHulk History reports were full of login attempts (about 40) to service "Mail" authentication service "Dovecot". Have I misunderstood it, or have I done something wrong?
Hello,

Could you provide an example of one of the cPHulk entries that was listed in the history reports? Ensure to replace real domain names and IP addresses with examples.

Thank you.
 

cornishman33

Member
Jun 25, 2014
11
2
3
Kernow, Nr England
cPanel Access Level
Root Administrator
Hello, here are a couple of the entries from the cPHulk log file.
[2017-08-03 17:22:29 +0100] info [cphulkd] 6092 Login Blocked: The IP address is blacklisted. [Service]=[dovecot] [Local IP Address]=[xx.xx.xx.xx] [Local Port]=[993] [Remote IP Address]=[xx.xx.xx.xx] [Remote Port]=[4149] [Authentication Database]=[mail] [Username]=[[email protected]]
[2017-08-03 17:23:23 +0100] info [cphulkd] 6205 Login Blocked: The IP address is blacklisted. [Service]=[dovecot] [Local IP Address]=[xxx.xxx.xxx.xxx] [Local Port]=[993] [Remote IP Address]=[xxx.xxx.xxx.xxx] [Remote Port]=[3977] [Authentication Database]=[mail] [Username]=[info]
I now see that even though the IP's are recognised as blacklisted they still appear within the cPHulk history list.
I had assumed that IP's that were not in the list would simply be blocked, without being added to the list, I was obviously wrong.
 
Last edited by a moderator:

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter