How to know what's the user failing authentication?
Problem reported by Gabriele Maoret - SERSIS - 5/29/2020 at 6:17 AM
Submitted
I have this problem: A client of mine has 50 mail users connected via IMAP protocol. His IP is constantly blocked by the IDS IMAP rule because some of its users are using an incorrect LOGIN. How can I understand which user is trying to log in with the wrong credentials?

2 Replies

Reply to Thread
1
Sébastien Riccio Replied
We have the same issue. Sometimes users are locked out by the IDS and we can't find anything in the logs that would explain it, so for now we must whitelist the customer IP as a workaround, but it's not a long term solution.

We've opened a ticket about and got replied that better/dedicated logging will be added post 
"production" release. : 

Words from support:
- "I've received word we have a task submitted to add IDS logging added post-release, so I'm going to get your ticket associated with that task and see if we can get it added sooner than that. "

- " I've received word this issue has been prioritized with development and will be resolved in the near future as our post-MAPI development work. "

Crossing fingers.
Sébastien Riccio
System & Network Admin

0
Gabriele Maoret - SERSIS Replied
ok, I keep my finger crossed too...

Reply to Thread