1) You can see those in the Connections screen. This screen does not show authenticated email address but does break down each of the IPs to the protocol.

2) I'm looking at ours and we have a couple that are N/A. Which means we don't have a last login date. Did we show a default value before? I think we may have had a placeholder object before, now we just show N/A.
-If you go to your user's settings.json file and search for "last_login_utc" that's where this data comes from technically. This is updated when a user logs in, this could be a device syncing, webmail login, SMTP/client logins, really anything that requires us to check their password or authentication token relating to the account.

As far as spam goes, I believe some have seen some success in finding some URIBL/RBL's that seem to work well for them. I don't have too much input here as this is something I don't normally have to deal with, not on the scale of other customers at least. Maybe someone else can jump in here with some input.

Matt, 

Thanks for your reply. A few comments

1) In the past, I could easily tell from the active connections screen (v15.x) what users were connected with what IP addresses. This helped if a user somehow got their account blocked by IDS. It's very difficult now to see which users connect from which IP's for POP or IMAP.

2) In 15.x I could easily tell how old an account was and the there was a large number of dates when I checked pre-upgrade (I was removing inactive accounts and contacting users). After the uprade, everything seems to be set to N/A

I misinterpreted the original post. I was thinking you updated to a later version of V15, but 15.7.6970 is the latest for V15. I'm staying with V15 for now (it's more stable than I could ever have imagined), as I don't need the features in later versions so far, but I see lots of progress on the latest version.