Some spammers use 'brute force' attacks on mail systems, sending random names and passwords to system POP, IMAP, and other access ports. If the system sends different error messages for the "unknown account" and "incorrect password" situations, the attacker can harvest a large portion of the system Account names and then use those names for spam mailings.
Use the WebAdmin Interface to configure the Login Security options. Open the General pages in the Settings realm, and find the Login Security panel on the Others page:
Hide Unknown Account Messages: If this option is enabled, the Server does not send the Unknown Account and Incorrect Password error messages. Instead, both messages are replaced with the Incorrect Account Name or Password error message.
The CommuniGate Pro Server can temporarily disable all types of login operation for an Account that has seen too many incorrect login attempts. The Account Settings specify a time period and the number of incorrect login attempts that a user or users can make before the Account is disabled for login operations. The Account is re-enabled after the same period of time.