LFD catching failed IMAP logins during cPanel updates
Posted: 25 Jul 2022, 15:38
We are seeing that imap-login is aborting IMAP connections during our nightly upcp cron job which is triggering LFD to add customer IPs to the deny list even though the password is correct and after unblocking they continue to check email fine. Likely a problem with cPanel directly, but since the problem presents itself in CSF first, I wanted to see if anyone else has been seeing this happen? We have seen this over the last 7 to 10 days now across three different servers.
While upcp is running, we see in /var/log/maillog:
Then as a result of those failures, LFD kicks in and denies the IP:
Anyone else seeing this and have you found the cause or a resolution?
While upcp is running, we see in /var/log/maillog:
Code: Select all
dovecot: imap-login: Disconnected: Aborted login by logging out (auth failed, 2 attempts in 4 secs)
Code: Select all
lfd: (imapd) Failed IMAP login from [IP ADDRESS...] : 20 in the last 300 secs