Are they using SmarterMail as a webmail client or are they using outlook or even mobile devices and using their WiFi to connect ?

I am going to assume they are not using the SmarterMail web interface, but instead outlook or something mobile too.

A DoS in that context is that they have multiple accounts making connections over and over again, possibly concurrent connections.  (our POP is Time : 10, Count :300)  Some of their staff may have outlook set to check for mail every 5 minutes even every minute !  See in the logs if you have a particular user showing up disproportionately to others.

Likewise, if a single person checks 2 or 3 different accounts (like "Susie", "Marketing" and "Sales") and they have outlook set to check mail every minute, that is 3 connections per minute. 15 of your 50 used by 1 person.

When this started, did they happen to have any staff changes (like fired some staff) ?  If they have older user accounts stored in the outlook or mobile devices, and the users accounts no longer exist on smartermail, that will cause problems. (but more like a brute force attack)

They are using email clients.. like emclient and/or Outlook

They are growing company. and yes.. they are checking their email between 5-10 minutes.

I think they are up to 25 employees.  Had asked them if they would consider using webmail, or going to imapi.. but basically got a big yawn.

So.. at the heart of what I was asking.. is their some way to whitelist their IP address specifically from Pop3 abuse

(if not in SM15.x; perhaps in SM17)