The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Imap failure notices on many servers after upgrade

Discussion in 'E-mail Discussions' started by max_payne, Jun 25, 2015.

  1. max_payne

    max_payne Active Member

    Joined:
    Feb 1, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Chkservd is reporting imap failures with the following:

    Code:
    [B]Service Name[/B] imap
    [B]Service Status[/B] failed 
    [B]Notification[/B] The service “imap” appears to be down.
    [B]Service Check Method[/B] The system failed to connect to this service’s TCP/IP port.
    [B]Reason[/B] 
    TCP Transaction Log:
    << * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information.
    >> A001 LOGIN __cpanel__service__auth__imap__4_8xl04p1fqfrjYsIwVYloQTuR80iQeQfHKzFIwJ8KE6PjtYHeW5OIFe5ijZzoYz YVsYxHdH1e3ggUcTh9KOG5UfDFKXDdsJV0wVGsY4jPQRDtZFSvTk5DzbyoKxoGLx
    << * BYE Temporary problem, please try again later
    imap: ** [* BYE Temporary problem, please try again later != A001 OK]
    : Died
    
    
    This is happening across multiple servers. Is this a known issue?
     
    #1 max_payne, Jun 25, 2015
    Last edited by a moderator: Jun 25, 2015
  2. Kellykk2005

    Kellykk2005 Registered

    Joined:
    Jun 25, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    orange county, ca
    cPanel Access Level:
    Root Administrator
    We have been having this problem for the last few weeks. It did seem to crop up after a cpanel/whm upgrade.
    The service “imap” appears to be down. Here is the email from the cpanel monitor. any help would be greatly apprechiated.

    fyi: I do see this in /var/log/maillog:

    Code:
    Jun 25 21:50:22 host1 imapd-ssl: LOGOUT, user=<removed>, ip=[::ffff:98.191.201.25], headers=0, body=0, rcvd=322, sent=63422, time=21, starttls=1
    
    Jun 25 21:50:22 host1 imapd-ssl: Unexpected SSL connection shutdown.
    ------------------------------------
    
    Service Check Method
    
    The system failed to connect to this service’s TCP/IP port.
    
    Reason
    
    TCP Transaction Log:
    
    << * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc.  See COPYING for distribution information.
    
    >> A001 LOGIN __cpanel__service__auth__imap__eI8yxx23QD6YIbnuJxDP3tlSYz_H8UoAJD91XT8MaluzeUg7rGUR3LclN9OO_Ay2 Gb5a2bQyULAp2sBFT2fw_iiXKbpToliEdSD0W2TzvwJ7JGzlQEvzhHk2TOqPiic_
    
    << * BYE Temporary problem, please try again later
    
    imap: ** [* BYE Temporary problem, please try again later != A001 OK]
    
    : Died
    
    
     
    #2 Kellykk2005, Jun 25, 2015
    Last edited by a moderator: Jun 26, 2015
  3. max_payne

    max_payne Active Member

    Joined:
    Feb 1, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator

    Yes, this issue started popping up after the cPanel upgrade to 11.50. It's happening on multiple VPS servers and is not an isolated issue. Anyone from cPanel have any insight on this?
     
  4. kbisignani

    kbisignani Member

    Joined:
    Jan 29, 2012
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Same thing here - upgraded to 11.50 on my VPS and all of a sudden I'm getting calls from clients that they can't check their email, and then I see this failure report come through. Checking the logs, I'm finding, right before the crash email is sent, the following error:

    Jun 25 03:12:27 swan pop3d: LOGIN FAILED, user=xxxx@xxxxxxxx.xxxx, ip=[::ffff:xxx.xx.xxx.xx]
    Jun 25 03:12:27 swan pop3d: authentication error: Input/output error

    The log has a dozens of instances like this, with some using pop3d, some imapd...


    I'm trying a upgrade to 11.50.20 and seeing if that resolves the issue, even though I don't really see anything in the changelog that sounds like this issue was fixed. But I'm willing to try anything.

    I'm also using Courier... I've contemplated switching to Dovecot to see if that resolves the issue but since this is used by a number of clients I'm afraid to start messing with their email...
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Please open a ticket at https://tickets.cpanel.net/submit/ so we can help.

    This is not something we have seen commonly on 11.50. The only ticket I could find that looked similar was the result of an out of disk space condition.

    Also, I'd definitely recommend switching dovecot as we see significantly less problems with it.
     
  6. kbisignani

    kbisignani Member

    Joined:
    Jan 29, 2012
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you Nick - I've done that. Guess I'll keep my fingers crossed that we can get this resolved!
    Support Request Id 6750949
     
  7. kbisignani

    kbisignani Member

    Joined:
    Jan 29, 2012
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    To update those following the thread, we've increased the amount of authentication daemons. This setting is found in WHM > Service Configuration > Mailserver Configuration and then scroll all the way to the bottom. Number of Authentication Daemons was set to "2" on my setup. We've changed it to 8 just a few moments ago and are crossing our fingers and hope this works.

    My guess is that something in the 11.50 update created some type of instability between the IMAP service and the authentication mechanisms, which probably should be investigated further, but as a temporary workaround I'll be content if this keeps IMAP from crashing!
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    This could indicate a brute force attack on your mail server. The following command is useful if you are using Courier:

    Code:
    grep 'LOGIN FAILED' /var/log/maillog|awk '{print $9}'|sort|uniq -c | sort -n
    It will list IP addresses with failed logins to the mail server. You may want to block any IP addresses with an excessive number of failed login attempts, or install a third-party firewall management utility such as CSF if you have not already done so.

    Thank you.
     
Loading...

Share This Page