Product: modusMail
Version & Build: All
Problem:
If your mailbox is IMAP type then you might experience the following symptoms that on one can login to webmail.
Symptoms:
- No one can login to webmail mail client.
- You get the banner only after 3 to 4 times a telnet command is issued on port 143.
- If you list the IP address connecting to your server on port 143 you should see similar to screen shot below where you should notice on the last column to the right a series of SYN_RECEIVED.
Cause: Someone form the outside world is sending to many AUTH requests creating a SYN_FLOOD scenario on port 143 making the IMAP port unresponsive.
Solution: When you locate this/these IP addresses, you MUST add them at the firewall level (your front end firewall) as adding them to the modusMail console banned IP list will not help.
|