I currently have users that are being locked out of all their services because spammers are sending multiple "Invalid Username or Password" attempts.
The rate is approx 5 / minute from thousands and thousands of IP addresses throughout the day.
I tried to resolve the issue by disabling the smtp service for these users and giving them temporary user/pass for sending emails.
The theory being that "smtp not available error" should take precedence over "Invalid Username or Password error" and the error should not count towards the user account being disabled.
Is it possible to apply this logic ?
Ciao. Stuart