IMAP and POP3 authentication DOS attack


IMAP and POP3 authentication DOS attack


If you have IMAP and POP3 authentication constantly fails and having problems with your mail clients. Large  IMAP and POP3 authentication request, It may be DOS attack.

Check your cPHulk Brute Force Protection, Look under “Login/Brute History Report” if cPHulk is enabled and see if any of your email accounts have been locked out for excessive failed login attempts.

WHM Home » Security Center » cPHulk Brute Force Protection

It’s also possible the mail server is running out of available authentication daemons. Check your authentication processes values

WHM Home » Service Configuration » Mailserver Configuration

Use the following command to check large number of authentication failures per ip address.

awk ‘/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}’ /var/log/maillog |sort|uniq -c|sort -n| tail

Try to block large authentication request ip address in your Firewall.

For CSF firewall,

csf -d <ipaddress>

Bu cevap yeterince yardımcı oldu mu?

Diğer Dökümanlar


  • Email server troubleshooting

    Email / Exim server troubleshooting techniques. You can use the following email server troubleshooting options in your cpanel. Mostly used this command to find spam emails and bulk email senders....

  • Enable SMTP Authentication on cpanel

    POP before SMTP authentication allows you to send messages via a POP mail server for 30 minutes before you will need to re-authenticate a session through SMTP. POP before SMTP authentication is...

  • cPanel Log file locations

    cPanel log file locations and Basic troubleshooting, most activity that happens on a server to log files, so that you can go back and review log entries for problems, instead of having to be on the...

  • How to change Exim mail server IP address

    By default Exim will be using the main server shared IP address to send mails. If the main server IP is listed in any spam database, then we will not be able to send mails. In order to fix this, we...

  • Most used exim commands

    You can use the following most used cpanel server exim commands Show the mail in queue for $name exim -bp|grep $name View message header exim -Mvh $MSGID View message body exim -Mvb $MSGID...