Symptoms
Accessing an email account using the cPanel password over direct IMAP/POP3 still goes through despite disabling Mail authentication via domain owner password in "WHM /Tweak Settings".
Description
When Exim+Dovecot anti-brute-force is enabled under "WHM / Imunify360/ Settings", the dovecot configuration file is altered for the authentication section.
Because of this, even when Mail authentication via domain owner password is disabled, users are still able to login into the email account using the cPanel password when accessing the email account over direct IMAP/POP3 (e.g. ThunderBird/Outlook/Mac Mail).
It's worth noting that this issue is not present when attempting to authenticate over webmail.
We've opened an internal case for our development team to investigate this further. For reference, the case number is UPS-310. Follow this article to receive an email notification when a solution is published in the product.
Workaround
Current workaround in place is to disable Exim+Dovecot anti-brute-force under "WHM / Imunify360 / Settings". You may need to rebuild the Dovecot configuration and restart it for the changes to take place:
# /scripts/builddovecotconf && /scripts/restartsrv_dovecot
Comments
0 comments
Article is closed for comments.