Author Topic: Random login failures  (Read 1791 times)

Offline SMBiker

  • Jr. Member
  • **
  • Posts: 11
Random login failures
« on: May 22, 2020, 12:56:52 PM »
I have a strange problem since I installed the latest version of Roundcube.

I have Roundcube running on IIS in front of hMailServer.

Users will attempt to log in via Roundcube, and get a "login failed" message.

If they keep trying, they keep getting a "login failed" over and over, until after 4-5 attempts, it finally succeeds. Once it has succeeded once, it tends to keep working for them fine for at least a day. The next day, they come in, and the exact same thing happens.

An example from the RC log file:

[May/22/2020 12:42:56 -0400]: <alc23rat> Failed login for user@domain.com from {ip_redacted} in session alc23ratju8a13hd (error: 0)
[May/22/2020 12:42:59 -0400]: <am7cv28s> Successful login for user@domain.com (ID: 11) from {ip_redacted} in session am7cv28sophggl80

Strangely enough, looking at the equivalent hMailserver log files, the login is actually succeeding each time:

"TCPIP"   26756   "2020-05-22 12:42:56.273"   "TCP - {ip_redacted} connected to {ip_redacted}:143."
"IMAPD"   26756   1331   "2020-05-22 12:42:56.273"   "{ip_redacted}"   "SENT: * OK mail.domain.com"
"IMAPD"   25756   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "RECEIVED: A0001 CAPABILITY"
"IMAPD"   25756   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL STARTTLS NAMESPACE RIGHTS=texk[nl]A0001 OK CAPABILITY completed"
"IMAPD"   24336   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "RECEIVED: A0002 CAPABILITY"
"IMAPD"   24336   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL STARTTLS NAMESPACE RIGHTS=texk[nl]A0002 OK CAPABILITY completed"
"IMAPD"   25756   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "RECEIVED: A0003 LOGIN user@domain.com ***"
"IMAPD"   25756   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "SENT: A0003 OK LOGIN completed"
"IMAPD"   26756   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "RECEIVED: A0004 NAMESPACE"
"IMAPD"   26756   1331   "2020-05-22 12:42:56.289"   "{ip_redacted}"   "SENT: * NAMESPACE (("" ".")) NIL (("#Public" "."))[nl]A0004 OK namespace command complete"
"IMAPD"   24336   1331   "2020-05-22 12:42:56.336"   "{ip_redacted}"   "RECEIVED: A0005 LOGOUT"
"IMAPD"   24336   1331   "2020-05-22 12:42:56.336"   "{ip_redacted}"   "SENT: * BYE Have a nice day[nl]A0005 OK Logout completed"
"TCPIP"   26756   "2020-05-22 12:42:59.633"   "TCP - {ip_redacted} connected to {ip_redacted}:143."
"IMAPD"   26756   1332   "2020-05-22 12:42:59.633"   "{ip_redacted}"   "SENT: * OK mail.domain.com"
"IMAPD"   24336   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "RECEIVED: A0001 CAPABILITY"
"IMAPD"   24336   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL STARTTLS NAMESPACE RIGHTS=texk[nl]A0001 OK CAPABILITY completed"
"IMAPD"   26756   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "RECEIVED: A0002 CAPABILITY"
"IMAPD"   26756   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL STARTTLS NAMESPACE RIGHTS=texk[nl]A0002 OK CAPABILITY completed"
"IMAPD"   25756   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "RECEIVED: A0003 LOGIN user@domain.com ***"
"IMAPD"   25756   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "SENT: A0003 OK LOGIN completed"
"IMAPD"   24336   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "RECEIVED: A0004 NAMESPACE"
"IMAPD"   24336   1332   "2020-05-22 12:42:59.648"   "{ip_redacted}"   "SENT: * NAMESPACE (("" ".")) NIL (("#Public" "."))[nl]A0004 OK namespace command complete"

Not only is Roundcube actually logging in successfully, it is RECOGNIZING that it logged in successfully, and then sending a Namespace command followed by a logout command (seen at 12:42:56.336) - but then reporting back to the user "Login failed."

I'm at a bit of a loss here - anybody have any idea of what's going on, and why this is happening? It's happening for ALL users on the server, on ALL domains.