IMAP and POP3 authentication DOS attack

If you have IMAP and POP3 authentication constantly fails and having problems with your mail clients. Large IMAP and POP3 authentication request, It may be DOS attack.

Check your cPHulk Brute Force Protection, Look under “Login/Brute History Report” if cPHulk is enabled and see if any of your email accounts have been locked out for excessive failed login attempts.

“WHM Home » Security Center » cPHulk Brute Force Protection”

It’s also possible the mail server is running out of available authentication daemons. Check your authentication processes values

“WHM Home » Service Configuration » Mailserver Configuration”

Use the following command to check large number of authentication failures per ip address.

awk ‘/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}’ /var/log/maillog |sort|uniq -c|sort -n| tail

Try to block large authentication request ip address in your Firewall.

For CSF firewall,

csf -d <ipaddress>

0 Bu dökümanı faydalı bulan kullanıcılar:

Diğer Dökümanlar

Email server troubleshooting
Email / Exim server troubleshooting techniques. You can use the following email server troubleshooting options in your cpanel. Mostly used this command to find spam emails and bulk email senders....
Enable SMTP Authentication on cpanel
POP before SMTP authentication allows you to send messages via a POP mail server for 30 minutes before you will need to re-authenticate a session through SMTP. POP before SMTP authentication is...
cPanel Log file locations
cPanel log file locations and Basic troubleshooting, most activity that happens on a server to log files, so that you can go back and review log entries for problems, instead of having to be on the...
How to change Exim mail server IP address
By default Exim will be using the main server shared IP address to send mails. If the main server IP is listed in any spam database, then we will not be able to send mails. In order to fix this, we...
Most used exim commands
You can use the following most used cpanel server exim commands Show the mail in queue for $name exim -bp|grep $name View message header exim -Mvh $MSGID View message body exim -Mvb $MSGID...