This is a known issue with NTLM authentication from Mac Mail. NTLM includes a couple different options for encoding the authentication data, and the client is supposed to indicate which is being used as part of the challenge-response. As noted in the log entry you provided, Mac Mail indicates that it is using LMv1. Due to design issues, LMv1 can only be used on passwords of up to 14 characters in length. Passwords that exceed that limit cannot be used to authenticate with LMv1. Even with shorter passwords however, Mac Mail doesn't properly implement NTLM authentication, but the error message would be different in that case.

The second log line is an indication that this specific authentication failure is not being counted against your Brute Force IDS rules. Because Mac Mail attempts NTLM authentication twice before falling back to another authentication method, we saw a scenario where an office with users primarily on Mac Mail would get locked out due to bad NTLM authentications. To minimize this scenario, we added a throttling mechanism. This mechanism is specifically limited to bad NTLM authentications over POP, IMAP, and SMTP. If you go back in the logs, you should find an NTLM authentication failure from the same IP for the same username that was counted against the IDS rules.