Matthew, thank you for posting. In SmarterMail 16, you can modify the mailConfig.xml and change the <LoginRetries> element to a higher number that better suits your environment. A similar element is <LoginTimeout> which determines the block duration.
Regarding your second and third points, these have been already added to the SmarterMail 17 interface. The value is configurable in the IDS blocks and it can be configured to block either by IP or by account. We have kept the by IP to prevent attackers from attempting on all possible accounts.
I hope this helps,