Vpopmail 5.4.5, Mysql 3.23.54. Also, I'm aware of Tonix's patch to prevent invalid users BEFORE SMTPD accepts mail. Am considering it, but want to understand options if I'm willing to take the bandwidth hit but not provide hints to dictionary attackers.
You may use CHKUSER intrusion thresholds to answer an "intruder rejection message" after "x" wrong rcpts (x is set by you).
I'm considering if and how to keep alive these thresholds throught following SMTP sessions coming from the same IP.
Any suggestion is welcome.