I'm not sure you have thought this completely through. Even if this were possible, it is not practical.
Your users are going to want to check their email other than their home and work IP. What are they going to do when they are in starbucks and miss a big email, because you have the IP limited? They are going to be pissed. Or they hire a new employee, and he can not connect from his house?
I believe the way to handle this is with the tools SM already has. Setting the timeout periods for authentication failures, and blocking IP's for longer periods of time for the same thing. This page also has good protocol settings.
I don't think this is possible, as the IP isn't part of the authentication. I could be wrong on this. Might be able to be done in IIS but i can't imagine how, yet I am not really a server admin.
Did you encounter a specific incident that would make you want to do this. Did you have an email account get hacked? Did you get blacklisted? Do you use a gateway server in/and or out? I would say you keep your cool, and listen to the others on this board for advice? Good luck!
Remember kids, every time a spam message gets blocked, a nerd gets their glasses. spamhurts/July 15