Skip to main content

Failed IMAP login from ... as I have NO imap acount configured

Comments

10 comments

  • cPanelMichael
    Re: # lfd: (imapd) Failed IMAP login from ... as I have NO imap acount configured Hello :) Please have your hosting provider review /var/log/maillog or the cPHulk brute force detection logs to determine why you are unable to authenticate. Thank you.
    0
  • chris427
    Re: # lfd: (imapd) Failed IMAP login from ... as I have NO imap acount configured
    ]Hello :) Please have your hosting provider review /var/log/maillog or the cPHulk brute force detection logs to determine why you are unable to authenticate. Thank you.

    Hi Michael, Here is the error message : xxx.xxx.xxx.216 # lfd: (imapd) Failed IMAP login from xxx.xxx.xxx.216 as xxx.xxx.xxx.216 is my IP address that I have hidden. My problem is that I have only 2 pop3 account configured on my pc, nothing else, no IMAP account anymore. Thank you, Chris
    0
  • chris427
    Hi Michael, I have more information now : Nov 10 07:40:59 server dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=23.92.215.10, TLS: SSL_read() syscall failed: Connection reset by peer, session= Nov 10 07:41:01 server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=23.92.215.10, TLS, session=<8seEeYAHXwC4kbfY> Nov 10 07:41:06 server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=23.92.215.10, TLS, session= Thank you for your help, Christine
    0
  • cPanelMichael
    Are you sure that you are not accessing Webmail or using some other application or website script that utilizes IMAP for that email account? If so, report that information to your hosting provider because there is not much further you can do to investigate without root access. Thank you.
    0
  • chris427
    ]Are you sure that you are not accessing Webmail or using some other application or website script that utilizes IMAP for that email account?

    Well, I have deleted all accounts on tablet and cell. I have deleted the IMAP account on my pc (I use Outlook 2007) and configured a pop3 account. I've never used another e-mail programm except Thunderbird lately, but the problem were still there so I've deleted the programm. So there might be in my computer something that try to send e-mail with my old imap account. I that possible ? "If so, report that information to your hosting provider because there is not much further you can do to investigate without root access." Of course I've told my provider. And we have made many tests and as well deleted completely the account on CPANEL and create it again, etc. But he says that the problem comes obviously from my computer. So what can I do now ? "format C:" for my computer ? Many thanks for your help, Chris
    0
  • cPanelMichael
    Does the issue persist if you temporarily shut down the workstation and use a different computer? Thank you.
    0
  • chris427
    Hi ! In fact, I don't know if I'm blocked when the computer is on or off. I just discover, sometimes, that I'm blocked. I haven't been blocked today neither yesterday afternoon. I'm putting the "automatic receipt/send" option at off. So I will see if it does block when I'm not working on my computer. Thanks again for your help to find where the problem comes from ! Chris
    0
  • chris427
    Hi Michael, I've been blocked at 2:38 am (during the night). I had desactivated the automatic "send and receipt" action. Here is the error message : xxx.xxx.xxx.xxx # lfd: (imapd) Failed IMAP login from xxx.xxx.xxx.xxx (CA/Canada/bas1-quebec15-3096557528.dsl.bell.ca): 10 in the last 3600 secs - Fri Nov 14 02:38:12 2014 My computer was on. What kind of application could try to get my e-mails ? Thank you, Chris
    0
  • chris427
    Hi Michael, I have installed TCP View. I think the problem doesn't come from my cpanel, but I still ask here as I don't know where to ask : On TCP View and the CMD netstat, I see this : TCP 192.168.5.5:21177 c75.152.63-26.clta.globetrotter.net:microsoft-ds SYN_SENT Impossible d'obtenir les informations de propri"taire TCP 192.168.5.5:21178 c75.152.63-26.clta.globetrotter.net:microsoft-ds SYN_SENT Impossible d'obtenir les informations de propri"taire TCP 192.168.5.5:21179 c75.152.63-26.clta.globetrotter.net:netbios-ssn SYN_SENT Impossible d'obtenir les informations de propri"taire Apparently, my Computer tryes to connect somewhere but I don't know where. With TCP view I see the PID 4. and il my task manager I don't see any connexion with PID 4. Do you know how to get the programm which tryes to connect ? Thank you for your help, Chris .vB
    0
  • cPanelMichael
    It's possible that it's malware installed on your workstation. You may want to run a virus scan or consider reinstalling the OS to see if the issue continues. Thank you.
    0

Please sign in to leave a comment.