Email account Authentication Weird

Jay · January 23, 2023, 10:30am

Good day,

Hope someone can give any idea / suggestion.

We are using Thunderbird as email client with IMAP Protocol.

The scenario is, the whole day or any given days / hours it authenticate properly but suddenly without any changes made Axigen detect connection with Invalid Password on the specific user.

After unblocking the user for the failed retry, then he can connect properly again. Do you have and ideas how this problem occur?

Regards,
Jay

indreias · January 23, 2023, 11:27am

Hello Jay,

Do you have enabled the security.txt logs?

If yes, please also configure IMAP service log level on Protocol Communication and compare the logs for a “good” and “wrong” session (security.txt logs could point quickly to such sessions as it will log OP_OK, respectively OP_FAIL and the session IDs beside other details).

I have to say that I have never found a scenario matching your description* so if you still could not spot the problem please share here some extracts from the beginning of the “good” (at least till the authentication is validated) and from the beginning of the “wrong” (at least till the authentication is rejected) so we could have a better idea of what is happening on your system.

Best regards,
Ioan

is the problem only for one specific user? did you check if the wrong authentications come, in fact, from some external IMAP sessions trying to guess that specific account’s password?

Jay · January 23, 2023, 12:01pm

@indreias

Yes I have security.txt log. Unfortunately I cannot put the IMAP Protocol Communication as it will create huge logs files till it will re occur again.

security.txt (7.6 KB)

For me as well did not encounter said issue till today. Without any changes from the specific user and even after unblocking the email client fetch properly without issue.

Jay

indreias · January 23, 2023, 12:29pm

Hello Jay,

From shared data should we understand that the problem is related only to one account - namely 8@1.com - is this right?

The strange part is that all connections are coming from same IP address 0.0.0.135 despite having many other IMAP accounts there. Is your setup unable to present the real IP address of the IMAP mail client so you will “see” the public / local IP address of your router / firewall / load balancer / network device / etc?

And exactly how are you “unblocking the email cleint”?

BR,
Ioan

Jay · January 23, 2023, 12:37pm

@indreias

8@1.com and 4@1.com, I set the limit 5 failed attempts will be block using fail2ban. That is why it got only fewer authentication attempt recorded on the specific user till it will block.

This is a private IP and the user is inside the local network. I filter only the specific User for reference as it did not happen to other local users and or remote users.

I am unblocking using fail2ban.

Jay