After updating to WHM 108 I was no longer able to access imap email from IP addresses not specifically set to be ignored in the firewall. After much investigation I discovered that Host Access Control has changed in how it handles sshd connections. On WHM 106 a "sshd ALL deny" command only blocked connections to sshd. On WHM 108 the same command also blocks imap connections. To resolve the issue I added a "imap ALL allow" command before the "sshd ALL deny" command. Now I can check email from ip addresses not specifically listed in Host Access Control or in the ConfigServer Firewall.
Actually, before I do that, can you let me know your operating system? It sounds like you may be on CentOS 7, but I'd just like to confirm that before I do my testing.
Thanks for that clarification. I wasn't able to reproduce this behavior on a test machine. I setup a CentOS 7 server using cPanel 108, configured SSH to be blocked completely, and I was still able to send a message using IMAP to both ports 143 and 993.
Do you possibly have another rule that could be interfering with the IMAP delivery?
Do you possibly have another rule that could be interfering with the IMAP delivery?
I will take a closer look at our current rules but when I remove the rule "sshd ALL deny" from Host Access Control I can check email from ip addresses not specifically listed in Host Access Control or in the ConfigServer Firewall. When it is added back email is blocked until the rule "smtp ALL allow" is added before the "sshd ALL deny" rule.
When you say "send a message" do you mean check messages via IMAP or send a message via SMTP? What I am experiencing is blocking of checking mail via IMAP not sending mail via SMTP.
You are correct. When CSF is disabled I can check email without the "imap ALL allow" rule. When CSF is enabled, I can not. I will take it up with their support.
I'm glad it was that! Just to clarify, I was sending and checking - trying to test as much as I could on my end from all angles.
