Posted by Jan Fulín, Last modified by Ondrej Vanek on 05 August 2016 05:02 AM
Subject: Intrusion Prevention can flag IP as "L"(to many fail authentication) when user in Outlook uses his email address as login name and in IWS is set "users login with their usernames"
Affected version: 11.4.0.x
Resolution scheduled for: 11.5.0
Description: This problem can happened if POP3 client is set to check for new emails every minute, because with this settings client fail to authenticate at first try (method=4) and succeed with second try (method=0)
x.x.x.x [128C] 08:27:23 Authentication [POP3] - Result=0, User=usename, Method=4
x.x.x.x [128C] 08:27:23 Authentication [POP3] - Result=1, Userfirstname.lastname@example.org, Method=0
Those failed attempts are counting toward Intrusion Prevention and can cause IP flag as "L"(to many fail authentication)
This behavior will be fixed in the next major release where every successful login will decrease the Intrusion Prevention count by 1
Temporary solution: let the user to change username to format corresponding with IWS settings.