We allow some of our users to use an Imap client if they wish and that
of course means we allow them to use a specific smtp only gwia server
which requires logins in order for them to send email. I am having a
problem where a specific user is being targeted for a password brute
force attack on the smtp server. The gwia log shows login attempts
every 30 seconds or so and it's always coming from a different IP
address. After 10 or 15 minutes the user's account ends up getting
locked out due to too many bad password attempts. If it was a single
source IP address I would just block it at the firewall, but since this
seems to be a concerted attack coming from many IP's so I can't do that.
The user in question doesn't even use imap or this specific smtp server.

Any suggestions as to what I can do to prevent this user's account from
being constantly locked out?