Hi.
Hopefully someone can help as I'm lost. I've had my server running for about half a year, in the past few weeks some of my clients have been complaining of getting locked out completely.
As in CSF or cphulk blocks their IP, almost always due to failed IMAP logins
(csf.deny: IPHERE # lfd: (imapd) Failed IMAP login from IPHERE (Moderator Note: removed ip/host): 10 in the last 3600 secs - Wed Jul 31 21:12:29 2019)
Above is the block example. If I unblock, they usually get blocked straight after anyway. I've checked var/log/maillog and found that there's lots of entries like this:
Jul 31 21:10:02 server dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<EMAILHERE>, method=PLAIN, rip=CLIENTIP, lip=MAILSERVERIP, TLS, session=<removed>
Earlier I was seeing errors like this:
I made adjustments to SSL minimum protocol for the above (to SSLv3) but I'd prefer to avoid doing this where possible. However I can't see any errors now in relation to this specific one, maybe just coincidence it hasn't popped up yet.
On top of this, recently my emails haven't been delivering from my own email (under cpanel) to only certain clients. Particularly one who definitely uses outlook, said that she didn't receive any emails from me directly or automated by WHMCS -- But sending from a gmail account worked. They didn't pop up in spam either or junk.
Confused really, sorry for the big wall of text and about 3 issues in one. Happy to split them up but didn't want to spam the forums. Thanks in advance.
Hopefully someone can help as I'm lost. I've had my server running for about half a year, in the past few weeks some of my clients have been complaining of getting locked out completely.
As in CSF or cphulk blocks their IP, almost always due to failed IMAP logins
(csf.deny: IPHERE # lfd: (imapd) Failed IMAP login from IPHERE (Moderator Note: removed ip/host): 10 in the last 3600 secs - Wed Jul 31 21:12:29 2019)
Above is the block example. If I unblock, they usually get blocked straight after anyway. I've checked var/log/maillog and found that there's lots of entries like this:
Jul 31 21:10:02 server dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<EMAILHERE>, method=PLAIN, rip=CLIENTIP, lip=MAILSERVERIP, TLS, session=<removed>
Earlier I was seeing errors like this:
Code:
Jul 31 21:04:27 server dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=CLIENTIP, lip=MAILSERVERIP, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<removed>
On top of this, recently my emails haven't been delivering from my own email (under cpanel) to only certain clients. Particularly one who definitely uses outlook, said that she didn't receive any emails from me directly or automated by WHMCS -- But sending from a gmail account worked. They didn't pop up in spam either or junk.
Confused really, sorry for the big wall of text and about 3 issues in one. Happy to split them up but didn't want to spam the forums. Thanks in advance.
Last edited by a moderator: