I installed it an hour ago (it's 6:43 am here).
According to my tests, IMAP size limit being handled gracefully seems to be fixed. That's a good thing.
However I did reset the IDS settings that I had removed due to the previous issue and saw some customer IPs being blacklisted.
[2026.02.17] 00:00:38.388 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 00:00:38.388 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 00:30:36.411 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 00:30:36.411 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 01:36:56.225 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 01:36:56.225 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 02:35:07.346 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 02:35:07.346 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 03:38:11.383 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 03:38:11.383 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 04:29:00.336 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 04:29:00.336 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 05:29:13.419 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 05:29:13.419 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 06:29:04.474 [w.x.y.z] IMAP Attempting to login user: happy@customer.com
[2026.02.17] 06:29:04.474 [w.x.y.z] IMAP Login successful: With user happy@customer.com
[2026.02.17] 06:36:24.952 DenialOfService [DenialOfService w.x.y.z] Added IP to IDS block list. Duration: 1799,9959026 seconds, Description: Default DoS rule
Ok the customer is successfully logging in with IMAP a couple of time in a few hours time frame but the IP gets blacklisted. I don't get why because it's it's absolutely not connecting 200 times in a 5 minute time frame.... ??
EDIT: Another one just got banned but in Administrative log I see no login attempts, only the ban line: ??? I can't find anywhere else in the log what justifies the ban (looked for the IP in SMTP, IMAP, POP logs)
[2026.02.17] 07:09:02.307 DenialOfService [DenialOfService w.x.y.z] Added IP to IDS block list. Duration: 1799,9980358 seconds, Description: Default DoS rule
EDIT2: Ok I found it in IMAP log, there are plenty of these, maybe an SSL issue...
[2026.02.17] 06:34:46.298 [w.x.y.z][20485989] Connection initiated
[2026.02.17] 06:34:46.301 [w.x.y.z][62933395] Connection initiated
[2026.02.17] 06:34:46.303 [w.x.y.z][17744703] Connection initiated
[2026.02.17] 06:34:46.305 [w.x.y.z][49934855] Connection initiated
[2026.02.17] 06:34:46.307 [w.x.y.z][48795366] Connection initiated
[2026.02.17] 06:34:46.309 [w.x.y.z][52990363] Connection initiated
EDIT3: Other than that it seems there is way more DDoS IDS rule triggered comparing to bogus build 9540... I'm maybe a bit too sensible, watching closely the server after the issues we went through yesterday...