Hi Community,

we had some trouble in the past because of intruder lockout. At any time dozens of users were blocked. Research in the logfiles showed that passwords were given to any valid e-mail adresses. The attacks took place with a time delay and under the use of different ip addresses.

After three failed attempts, the accounts are blocked. The lock caused by these attacks is especially annoying, since most of the blocked users do not use imap at all.

Is it possible to disable authentication in the gwia via the email address? We had not one lock because of authentication tries by user name and wrong password.

In WebAccess it is possible to set that the authentication can be done only with the user name. is there something to set for the gwia?



Regards,
Thomas