Is there any option available for me to help inhibit/prevent brute-force login attempts?
I (and many others) use fail2ban. It works outside of dovecot, et al, by tailing your log files. When it finds a configurable number of failed attempts in a configurable time window, it blocks the remote IP address for a configurable amount of time. It can protect you against a lot more than failed email login attempts. I'm quite happy with it. I typically turn back several brute force SSH login attempts every day. I also have it watching my dovecot logins, but so far don't get many attempts there.
