Strange IP address logged into my IMAP server

Discussion forum for Enterprise Edition.
Post Reply
Ehenzel1978
Posts: 98
Joined: Mon Dec 31, 2012 4:48 pm
Location: Leland, NC 28451

Strange IP address logged into my IMAP server

Post by Ehenzel1978 » Thu Aug 06, 2015 1:55 pm

Hello all,

I have a strange IP address logged into my IMAP service. The ip is 54.210.254.159. When I do a lookup on it, it says it's an Amazon Cloud server. The IP address doesn't appear to be doing any harm, but it's not supposed to be there. Does anyone know how I can stop this address from being able to connect to my IMAP service?
Eric Henzel
IT Department
Leather Italia USA

MailEnable-Ian
Site Admin
Posts: 9321
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Strange IP address logged into my IMAP server

Post by MailEnable-Ian » Fri Aug 07, 2015 4:28 am

Hi,

You will need to block the IP in your firewall.
Regards,

Ian Margarone
MailEnable Support

Ehenzel1978
Posts: 98
Joined: Mon Dec 31, 2012 4:48 pm
Location: Leland, NC 28451

Re: Strange IP address logged into my IMAP server

Post by Ehenzel1978 » Mon Aug 10, 2015 1:39 pm

Thank you very much Ian. That's what I did and it corrected the problem.
Eric Henzel
IT Department
Leather Italia USA

Ehenzel1978
Posts: 98
Joined: Mon Dec 31, 2012 4:48 pm
Location: Leland, NC 28451

Re: Strange IP address logged into my IMAP server

Post by Ehenzel1978 » Wed Aug 12, 2015 3:55 pm

After blocking the strange IP address through my firewall, the user that the IP address was tied to came to me and said that they were no longer getting email on their iPhone. After investigating, I found that the user had installed and was using an app called Cloud Magic. This app copies the credentials that are stored in it, sends them to the Cloud Magic server, which is hosted on the Amazon AWS, and the server then communicates with the mail server. It then forwards the mail to and from the phone and the server, acting as a middle man.

The user is my boss and he uses the Cloud Magic app because none of the other apps he could find did everything he needed them too. So, I can't block the IP address any more. The Amazon IP address hasn't caused any problems directly, but, I have noticed that the intrusion prevention warning emails I get about his address have gone way up in the last couple of weeks.

Does anyone know if there is a pattern of this with Cloud Magic? I've looked, but couldn't find much on that. Also, does anyone know of an IOS app that does the "push" with IMAP well? That is the main feature he is using. I tried to get him to switch to EAS protocols, but the built in mail client that he has DOES NOT play well with EAS. The only IOS apps I've found that really do are things like TouchDown. TouchDOwn is fantastic, but is a paid app.
Eric Henzel
IT Department
Leather Italia USA

Post Reply