The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Single email account can't login or change password

Discussion in 'E-mail Discussions' started by smartmoney, Jun 20, 2017.

  1. smartmoney

    smartmoney Registered

    Joined:
    Jun 20, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    St Louis
    cPanel Access Level:
    Root Administrator
    Start off i am a beginner level user and this is mostly for personal use and learning. It is my server/whm account
    I have a single account (family member) that i cannot access any longer using imap. I thought it might be a password issue but i cannot login using webmail either. I then went to cpanel and changed the password and choose "Access Webmail" while logged in. I get the next screen to choose the webmail application and choose "roundcube" and i get the error "login failed" with a blank username and password box. I checked and have my ip whitelisted so its not blocking me as i can login to other email accounts on the same domain.

    error in /var/log/maillog
    server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<emailaddress@removed/cpses_paewtytjpk>, method=PLAIN, rip=::1, lip=::1, secured, session=<GhtefGRS3JEAAAAAAAAAAAAAAAAAAAAB>

    If i try to login to the domain.com/webmail instead of going through cpanel i get the login box, type in email address and password and the next screen again i get to choose the webmail application and choose squirrel mail instead and i get "error please login first go to the login page" and the error in var/log/maillog
    Jun 20 09:00:35 server dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<KHnwrGRSdpIAAAAAAAAAAAAAAAAAAAAB>
    Jun 20 09:00:37 server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<emailaddress@removed>, method=PLAIN, rip=::1, lip=::1, secured, session=<r4XwrGRSeJIAAAAAAAAAAAAAAAAAAAAB>

    What could be wrong that this single account i can no longer access?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Is cPHulk brute force detection enabled on this system? If so, browse to "WHM >> Security Center >> cPHulk Brute Force Detection" and click on the "History Reports" tab to see if the email account is a blocked user. Also, in cPanel, under Email Accounts, click on the "More" button next to the affected email user to verify the login is not suspended.

    Thank you.
     
  3. smartmoney

    smartmoney Registered

    Joined:
    Jun 20, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    St Louis
    cPanel Access Level:
    Root Administrator
    Thanks Machael,
    I did check that the account was not suspended, I actually suspended and un-suspended to make sure before I posted.
    I also checked the cPHulk and did whitelist her ip address but never checked her actual email address under "blocked users" and sure enough it is blocked. I disabled cPHulk and was able to login just to check so you were correct her email address was in there as a "blocked user"
    Now I know how to unblock/whitelist/blacklist a ip addresses (have a long list of foreign ip's in there) but how do you unblock a cpanel user account/ftp/email address? The email address listed in the "blocked users" is there but the IP is not one she had been using. I was afraid to click the big blue "Remove Blocks and Clear Reports" button as I don't want to remove ALL the auto blocks in there (and there are many)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    With "Username-based Protection" in cPHulk, it only blocks users for 5 minutes by default. You can configure this value with the “Brute Force Protection Period (in minutes)” option under the "Configuration Settings" tab in "WHM >> cPHulk Brute Force Protection". If you want to clear the existing blocks, you have to click on the "Remove Blocks and Clear Reports" option under the "History Reports" tab. This won't remove entries from your whitelists and blacklists.

    Thank you.
     
Loading...

Share This Page