Good morning, currently running GW802HP2 but see this issue in POA log entries from before I did that service pack update, I'm seeing a bunch of entries like this:

07:08:52 03E C/S Login dos ::GW Id=abuse ::

"abuse" is a nickname...

There would be a bunch of these at the same time for the same GW Id, then for another nickname, then sometimes for a legit user name, then sometimes for a distribution list. After some digging I came up with an old TID that says this can be from an authentication on the GWIA so I looked in the logs there and I find corresponding entries for all the ones I see in the POA (I didn't check every single one but enough to be pretty sure), entries such as:

07:08:52 1C2 Successful login with client/server access: would be the local NW65SP8 server running the MTA / POA / GWIA / WebAccess.

Why would there be such entries in the GWIA and POA logs? It's not clear which of these 2 is initiating all this or if it's something else causing this. How can a nickname authenticate (there's no pswd)?

I just want to be sure I don't have a security issue here.

I found similar entries on another NW65SP8 server at a different location, running similar software.

Any help appreciated as usual.