When an authentication failure occurs from a particular client IP address, subsequent authentication attempts from that IP address are treated as "BadGuys" and are delayed. If an authentication failure is followed by a successful authentication, the successful authentication is delayed, but the IP address ceases to be treated as a "BadGuy" for subsequent attempts.
bgpenalty option (available under
popproxy) specifies the length of time in seconds added to the authentication delay after each failed authentication.
The default value is: 2