IMAP and POP3 authentication DOS attack

If you have IMAP and POP3 authentication constantly fails and having problems with your mail clients. Large  IMAP and POP3 authentication request, It may be DOS attack.

Check your cPHulk Brute Force Protection, Look under “Login/Brute History Report” if cPHulk is enabled and see if any of your email accounts have been locked out for excessive failed login attempts.

WHM Home » Security Center » cPHulk Brute Force Protection

It’s also possible the mail server is running out of available authentication daemons. Check your authentication processes values

WHM Home » Service Configuration » Mailserver Configuration

Use the following command to check large number of authentication failures per ip address.

awk ‘/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}’ /var/log/maillog |sort|uniq -c|sort -n| tail

Try to block large authentication request ip address in your Firewall.

For CSF firewall,

csf -d <ipaddress>

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

mail: command not found cpanel server

If you got an error mail: command not found on a new install when running a script that emailed...

Install DKIM and SPF in cPanel

The following scripts are used to enable DKIM and SPF records...

Manage Exim Mail Queue Manager in WHM

The Mail Queue Manager allows you to view, delete, and attempt to deliver queued messages that...

Mailman Error Mailman Bug | Internal Server Error

Are you getting Internal server error while accessing mailing list? Mostly it will be displayed...

Convert MBox accounts to MailDir

MBox is the original and ancient format for storing mail on Unix systems, it consists of a single...

Powered by WHMCompleteSolution