If you have IMAP and POP3 authentication constantly fails and having problems with your mail clients. Large IMAP and POP3 authentication request, It may be DOS attack.
Check your cPHulk Brute Force Protection, Look under “Login/Brute History Report” if cPHulk is enabled and see if any of your email accounts have been locked out for excessive failed login attempts.
“WHM Home » Security Center » cPHulk Brute Force Protection”
It’s also possible the mail server is running out of available authentication daemons. Check your authentication processes values
“WHM Home » Service Configuration » Mailserver Configuration”
Use the following command to check large number of authentication failures per ip address.
awk ‘/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}’ /var/log/maillog |sort|uniq -c|sort -n| tail
Try to block large authentication request ip address in your Firewall.
For CSF firewall,
csf -d <ipaddress>