Intermittent prompt for email username/password on mail clients

Hello,

I have an unusual problem with the email service. All of a sudden the mail clients of all accounts would prompt users to enter their username/password and of course would keep prompting even if user puts correct credentials. Then shortly after, everything is back to normal without changing anything.
During this time, load of the server is good, memory usage is good, and the mail service would still be running.

Background Info

1. CENTOS 6.5 x86_64
2. WHM 11.44.0 (build 19)
3. Running Exim
4. Running Courier
5. Maximum IMAP Connections: 50
6. Maximum POP3 Connections: 50

The Number of Authentication Daemons was 5, but I have increased it to 6 just now to see if this is going to solve the problem. Yet, what could the other reason for such a behavior?

Many thanks

 

Hello Micheal,
Thanks for the reply. As mentioned earlier, I am running Courier.
CPhulk is disabled; and in all cases the service resumes is shorter interval that if CPhulk was to automatically unblock the IP address later.
I am using however, ConfigServer Security & Firewall (CSF), but this is not the cause of this issue and I don't'see any blocks and our IP addresses are all white-listed.

 

I have executed the suggested line and I have errors such

Code:

Jul  7 00:13:31 server pop3d-ssl: authentication error: Input/output error
Jul  7 04:43:33 server pop3d: authentication error: Input/output error

These errors are however mostly occurring outside the peak hours of our server; so they can't be legitimate log-in attempts - check the following section of this thread.

I have CSF automatically dealing with this after 5 failed login attempts; and actually i have a lot of these cases, just yesterday I had 190x5 unique failed login attempts mainly to smtpauth.


I have already increased the number of mail deamons from 5 to 6 before creating this thread; shall I increase it more despite the above?

 

I am suspecting it is not due to legitimate high traffic, it is most likely due to DOS (due to the facts mentioned upthere).
It would be nice to have a feature in cPanel to adjust daemons based on schedule (hours of the day/days of the week).

I have checked LFD log for any occurrence related to that but it doesn't seem to be killing these processes.

 

What I noticed is that when this thing happens, whostmgr2 - top ./top would top the CPU usage. Is that of any sort related?

 

No worries then.

I have another question, why does the server consider them as failed login attempts when it is actually running out of daemons?
Ex. Jul 16 12:43:06 server pop3d-ssl: LOGIN FAILED

This is causing CSF to block the IPs of legitimate users.

Thanks