All emails passwords not working now
Good day.
Not sure what is going on but one client of mine is having issues with his outlook not connecting and asking for passwords for his 4 email accounts all of a sudden. he also said that his iphone is not even working. I have a few emails on this server as well and all works perfect for me and I also created one email on his account for myself and no issues at all.
Scanned server and a few domains are not using any website for him just the domain is added to c panel to use the emails and I can login via c panel and test his emails and again no issues.
Just wondering that you think could be happening as he is the only one experiencing issues with not connecting to outlook and also his Iphone. Would c panel reste these passwords for some odd reason? I am almost positive nothing is compromised on server side, just weird that there are 3 accounts using different email addresses for him and all fo them just stopped working due to outlook asking for password and also his phone.
Any help would be greatly appreciated.
Steve
-
I would blame it all on outlook and maybe credential manager on his PC, but what gets me a little confused is he says his emails dont work on his Iphone also. Now this is concerning.
0 -
Are there any helpful entries in /var/log/maillog when he tries to connect? Are you able to connect with an alternative account on his device?
0 -
This is the thing, I ran a few commands and it looks like it was only my IP address that changed any email password on this server. So, it looks like no one did login or gained access to any place within c panel to change any email password unless it does not show within the logs.
The issue is that all his accounts 4 with me on my server, has emails and each and everyone of his emails did not work with Outlook and all of a sudden asked for passwords and even his Iphone which then got me thinking, what is going on here. However, I also have a few emails on his account that did not have any issues at all and I could see no other IP on the email password log changes and I also could not see any vulerability and scanned all accounts using two methods and all super clean.
I ran this grep -a passwd_pop /usr/local/cpanel/logs/access_log | grep "ACCOUNT-NAME-HERE"
I even checked account logs and again, no ones IP except my own. No one logs in normally with this server except me as its relatively new and I manage it all and they dont need to login.
0 -
Its just strange that his passwords were changed and only his for his emails. When he could nto connect also I changed the passwords for him and he was able to connect very easily so this is very strange how on earth this happened and it concerns me. Evidence points to his password being changed on his end, not the server but why, at what ends? I dont get what was happening I just know that I have a few emails, one account as example, has two emails we both use as I do admin stuff for him on his website so I also use an email on his account and my email had absolutely no issues, while his email did not work because outlook did not know the password or it was changed there. Just confusing and weird
0 -
When checking logs for his login, he was locked out by CPHulk because his email was not authenticated which makes sense as his passwords were not working for him and he kept trying locking himself out. This is very strange and weird and it’s bothering me because its not just his outlook, its his iPhone also but all logs show all email password changes were done by me and the dates correspond to my recollection and this is accurate.
This started on the 20th and no password was changed until the 21st by me and only when he could not login, so I tried changing password which worked for him and he was able to connect right away. The emails I use the password did NOT need changed, ONLY his emails. Very strange indeed.
0 -
It definitely sounds strange, and I certainly don't have a good explanation on my end from the outside looking in. You can always submit a ticket so this can be investigated directly on the system.
0 -
I did submit a ticket, just takes a long time to get any responses.
I looked at the main access_log file and I can see a lot of IP's trying to gain access to webmail.domain.com using several ports. I enabled 2FA on everythign including all webmail access through browser, whm and all c panel accounts. I also know that the logs I have seen for password changes are just my own IP, so maybe for some odd reason he got blocked by CPHulk with one account, while the others he could nto login due to cool down IP being blocked. Strange indeed.
0
Please sign in to leave a comment.
Comments
7 comments