Topic: User Banned After Password Changed
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.1
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Rocky 8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
I've noticed a regular problem that others here presumably have as well:
1. existing user has (e.g.) two desktop clients, smartphone client, and tablet client
2. user changes password on server (or admin does it for them with iRedAdmin) and changes it on one client
3. user's other clients are on same ISP connection and are regularly checking for messages, but fail since they still have the old password
4. fail2ban sees failed logins and blocks the IP for the site
5. user can't even change the password on the other devices because the IP is banned
In fact, since the phone and tablet keep trying to get email and failing, fail2ban keeps the ban rolling over (I think).
The only solution is to turn off all the clients that have the old password and wait for the ban to expire, or to clear the ban manually in the database.
What do others do about this?
Thanks for all help,
----Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team.