Are they using SmarterMail as a webmail client or are they using outlook or even mobile devices and using their WiFi to connect ?
I am going to assume they are not using the SmarterMail web interface, but instead outlook or something mobile too.
A DoS in that context is that they have multiple accounts making connections over and over again, possibly concurrent connections. (our POP is Time : 10, Count :300) Some of their staff may have outlook set to check for mail every 5 minutes even every minute ! See in the logs if you have a particular user showing up disproportionately to others.
Likewise, if a single person checks 2 or 3 different accounts (like "Susie", "Marketing" and "Sales") and they have outlook set to check mail every minute, that is 3 connections per minute. 15 of your 50 used by 1 person.
When this started, did they happen to have any staff changes (like fired some staff) ? If they have older user accounts stored in the outlook or mobile devices, and the users accounts no longer exist on smartermail, that will cause problems. (but more like a brute force attack)
www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. in 2018, in just one year, we gave away 1,000 Free Computers !