Back to Community Threads
Gillions of authentication failed exceptions in IMAP logs - normal ?
Problem reported by Sébastien Riccio - Today at 1:29 PM
Submitted
Hello,

While taking a look at our IMAP logs, I noticed those are flooded by these kind of entries:

[2026.02.20] 21:20:51.562 [11.22.33.44][11183494][993] Exception: (PooledTcpItem.cs) Authentication failed, see inner exception.
[2026.02.20] 21:20:51.562 [11.22.33.44][11183494][993] StackTrace:    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
[2026.02.20] 21:20:51.652 [11.22.33.44][10804380][993] Exception: (PooledTcpItem.cs) Authentication failed, see inner exception.
[2026.02.20] 21:20:51.653 [11.22.33.44][10804380][993] StackTrace:    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
[2026.02.20] 21:20:51.653 [11.22.33.44][49456733][993] Exception: (PooledTcpItem.cs) Authentication failed, see inner exception.
[2026.02.20] 21:20:51.653 [11.22.33.44][49456733][993] StackTrace:    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
[2026.02.20] 21:20:51.731 [11.22.33.44][35458098][993] Exception: (PooledTcpItem.cs) Authentication failed, see inner exception.
[2026.02.20] 21:20:51.731 [11.22.33.44][35458098][993] StackTrace:    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
[2026.02.20] 21:20:51.732 [11.22.33.44][65916768][993] Exception: (PooledTcpItem.cs) Authentication failed, see inner exception.
[2026.02.20] 21:20:51.732 [11.22.33.44][65916768][993] StackTrace:    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
[2026.02.20] 21:20:51.739 [11.22.33.44][46843242][993] Exception: (PooledTcpItem.cs) Authentication failed, see inner exception.
[2026.02.20] 21:20:51.739 [11.22.33.44][46843242][993] StackTrace:    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
IP is obfuscated to 11.22.33.44 for the paste, but there are many différents IPs and after looking up a few of these IPs, these seem to belong to legit customers IPs.

I notice It is always related to port 993 (IMAP SSL).

Is this really authentication errors ? I enabled detailed login but there are no additional information, only this Exception throwing multiple time per second from different customers IPs. There is no information about which account is failing authentication.

With recent issues I try to be sure that now everything is back to normal, but I don't like that much these entries in the log...

Kind regards
Sébastien Riccio
System & Network Admin
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
eM Client Fails to Connect to IMAPSmarterMail > Troubleshooting
Key Feature and Version Milestones in SmarterMailSmarterMail
Setting Up Two-Factor Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Client Fails to Connect After an Active Directory Password ChangeSmarterMail > Desktop and Mobile Synchronization