They do work on POP3.  Doesn't stop the attacker from trying however.

All attempts were being blocked properly by SurgeMail and all attempts 
were logged.

I will note that all these attempts were for unqualified user names.  In 
other words, noHIDDEN@n.name in them.  So the attacker got absolutely 
nothing.  I have no accounts in the main domain except the 
postmaster(with a complex password).

This was coming from a hosted server, and not a dynamic home ip address. 
I was pleasently surprised that the hosting company did in fact respond 
relatively quickly.

However this attack was generating several hundred attempts per hour and 
had been on-going for about 5 hrs when I blackholed him in IP tables. 
And they were only up to D in the alphabet with the names being attempted.

Lyle Giese
LCR Computer Services, Inc.

On 12/21/2011 1:52 PM, Ed wrote:
> I always thought that the failed password [count] options that I know
> work on SMTP would work on POP3 but it appears not. Sure would be nice
> if the settings worked for all protocols. X [small number like 4] bad
> SMTP guesses and it just drops the connections.
>
> --Ed
>
> On 12/21/2011 02:46 PM, Lyle Giese wrote:
>> On 12/21/2011 11:17 AM, Lyle Giese wrote:
>>> FYI,
>>> we have been under a concerted long term POP3 password attack from
>>> 216.231.134.98
>>>
>>> I have a host in front of our Surgemail servers running IPTables and am
>>> dropping all packets from this host. I have not had time to look into
>>> this, but it looks like a hosting company of some sort.
>>>
>>> Lyle Giese
>>> LCR Computer Services, Inc.
>>>
>>
>> Just a quick followup, I have not looked to see if the attacker is gone,
>> but the ISP (Continuum Data Centers, LLC) has already responding and it
>> working on the issue from their end.
>>
>> This POP3 brute force password attack was running for about 6 hrs before
>> I noticed and adjusted the IPTables to cut him off.
>>
>> Lyle
>>
>>
>>
>