We are using Thunderbird as email client with IMAP Protocol.
The scenario is, the whole day or any given days / hours it authenticate properly but suddenly without any changes made Axigen detect connection with Invalid Password on the specific user.
After unblocking the user for the failed retry, then he can connect properly again. Do you have and ideas how this problem occur?
If yes, please also configure IMAP service log level on Protocol Communication and compare the logs for a “good” and “wrong” session (security.txt logs could point quickly to such sessions as it will log OP_OK, respectively OP_FAIL and the session IDs beside other details).
I have to say that I have never found a scenario matching your description* so if you still could not spot the problem please share here some extracts from the beginning of the “good” (at least till the authentication is validated) and from the beginning of the “wrong” (at least till the authentication is rejected) so we could have a better idea of what is happening on your system.
Best regards,
Ioan
is the problem only for one specific user? did you check if the wrong authentications come, in fact, from some external IMAP sessions trying to guess that specific account’s password?
For me as well did not encounter said issue till today. Without any changes from the specific user and even after unblocking the email client fetch properly without issue.
From shared data should we understand that the problem is related only to one account - namely 8@1.com - is this right?
The strange part is that all connections are coming from same IP address 0.0.0.135 despite having many other IMAP accounts there. Is your setup unable to present the real IP address of the IMAP mail client so you will “see” the public / local IP address of your router / firewall / load balancer / network device / etc?
And exactly how are you “unblocking the email cleint”?
8@1.com and 4@1.com, I set the limit 5 failed attempts will be block using fail2ban. That is why it got only fewer authentication attempt recorded on the specific user till it will block.
This is a private IP and the user is inside the local network. I filter only the specific User for reference as it did not happen to other local users and or remote users.