The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IMAP Keeps Failing

Discussion in 'E-mail Discussions' started by c0re, Feb 26, 2012.

  1. c0re

    c0re Registered

    Joined:
    Jun 17, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hey community,

    I have a rather puzzling issue with the imap server. It's running courier at the moment and recently (in the last 2 weeks or so) I've been occasionally receiving emails about imap having failed. Usually it corrects itself after 5 or 6 attempts, but there are also other times where it seems unable to start for hours on end. The email that I keep receiving is the following:

    Now after some searching, I did seem to get it working again last week by doing the following:

    /scripts/restartsrv_cppop
    /scripts/restartsrv_imap
    /scripts/courierup --force
    /scripts/eximup –force
    /scripts/checkperlmodules –full –force
    /scripts/upcp –force

    Finally, I did also try switching to dovecot, but for some reason users still could not log into webmail on dovecot so I switched back to courier...

    The problems returned a couple of days later, however, and I'm really not sure where else to look to solve this issue. Curiously, when I try to restart imap from WHM, it shows the following (but IMAP shows as down in the service status and it does not actually work).

    I do apologize for being a Linux n00b - I spend most of my time administering IIS7/IIS7.5 servers which tend to produce much "friendlier" error messages.

    Thanks for reading!
     
  2. Promethyl

    Promethyl Well-Known Member

    Joined:
    Mar 27, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Any resolution on this? I'm experiencing it as well.
     
  3. wwwcad

    wwwcad Member

    Joined:
    Oct 4, 2006
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Same problem here.
     
  4. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    18
  5. alexio

    alexio Registered

    Joined:
    Oct 30, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I'm also just started experiencing this issue as of 5 days ago.

    When you say to try increasing the authentication daemons...
    Mine is set to 5...which I assume is the default.
    Should I up it to say, 7, and see if the issue persists, or do you suggest a higher number?

    Thanks ;-)
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Look for instances of "authentication error: Input/output error" in /var/log/maillog. EX:

    Code:
    # grep "Input/output error" /var/log/maillog
    You will typically see several occurrences of this error when there are not enough authentication daemons.

    However, it could also indicate there are IP addresses with several failed login attempts which should be blocked. For example, you can run this command:

    Code:
    # grep 'LOGIN FAILED' /var/log/maillog|awk '{print $9}'|sort|uniq -c | sort -n
    Blocking the IP addresses that have several failed connection attempts (this is typically a brute force attack) in your firewall can be useful in these types of cases.

    Thank you.
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Of note, if you have cPHulk Brute Force Protection enabled, it isn't blocking the courier LOGIN FAILED connections because cPHulk doesn't currently work for courier to detect failed logins. It only works for Dovecot. We have an internal case (39736) about this issue, since it cannot be fixed until the pluggable authentication project has been completed.

    If you do have failed logins causing a high number of connections to Courier and in turn impacting services, you could always install CSF to block the brute force attacks on the server instead, since cPHulk cannot currently do it. CSF details for installation are available here:

    http://forums.cpanel.net/f185/where-do-lookup-brute-force-attacks-243182.html#post1002822
     
Loading...

Share This Page