pop3 pct client_hello overflow attempt

Which report or log are you seeing this message from? Could you provide lines from relevant log? 

pop3 pct client_hello overflow attempt refers to IPS SID 2518. More information on this SID in image below:

It could be simply informational since the default action is to drop.

If users are having any mailing problems, check your IPS logs for drops under this SID. It may be necessary to create an exception to allow signature if its due to IPS dropping the traffic.

Thanks,

Karlos

Which report or log are you seeing this message from? Could you provide lines from relevant log? 

pop3 pct client_hello overflow attempt refers to IPS SID 2518. More information on this SID in image below:

It could be simply informational since the default action is to drop.

If users are having any mailing problems, check your IPS logs for drops under this SID. It may be necessary to create an exception to allow signature if its due to IPS dropping the traffic.

Thanks,

Karlos

hello Karlos 

the pop3 is showing in the intrusion attack reports in the control center - i can see this SID being dropped

how to add the exception ?

Go to Protect > Intrusion Prevention > IPS Policies > Click Add > Clone Rules: select active IPS policy > enter a Name for this new Policy > Save

Edit new IPS Policy created > Add > click SID funnel & type 2518 > change Action to Allow Packet & Save

Make sure to go to your Firewall rule and change the selection of the IPS Policy to the new Policy created.

Cheers,
Karlos