I have added (beta) Dovecot support for the OSSEC HIDs. It will detect certain attacks and error conditions, and optionally block the attacker (similar to fail2ban). Rather than re-hash the details here, I refer you to the OSSEC mailing list for details on how to install. I would appreciate any feedback either here, there, or privately. The idea is to get a few people trying it so I thought a post here would be good, too.