First of, I have upgraded from v15 to v16 recently and have had very few issues - most tend to be where are the v15 functions now located in v16 menus.
Wonder if anyone else is seeing this particular problem on IMAP connections
I have, for a number of years, based a number of my security settings on the excellent document from Bruce Barnes, especially the Denial of Services settings on the IMAP/SMTP connections. These have, by and large, been really successful and for example limit the number of connections from an IP address within a fixed timescale.
Since upgrading to v16, I have noticed a large number of (especially) IMAP DoS blocks occurring where they did not occur under v15 with exactly the same settings. What appears to be happening is that some users are clocking up 50 - 100+ connections in short timescales (e.g. ten minutes) and on looking through the IMAP logs, I can see IMAP connections being made and within seconds, the logs will record that the same user has logged in again but there has been no IMAP command to log in or authenticate with it.
Sometimes these login records will simply appear in the middle of an ongoing IMAP retrieval session and little or no other traffic associated with that login is reported. The log does then record the session being disconnected, typically up to 30 minutes after the login.
I am trying to trace the users setup to check to see exactly how they have their devices configured but I do know that nothing on their end has changed since I have upgraded to v16.
Any information as to why the number of IMAP logins appears to be massively increasing under v16, only for some users, or any other methods of trying to track down the cause, would be seriously welcome.