For anyone having these issues and trying to find a solution, read below.
I've been having lots of issues with this, ever since posting here. My colleagues mailbox and mine are obviously targeted so, we get a blocked mailbox several times per day. Smartermail developers seem to ignore this request completely.
Today I came up with the idea to rename our mailboxed and use some other address for the mailbox, that noone knows about, then create an alias to point to that mailbox. This way the user can log in with "firstname.lastname@example.org" and give out the email address "email@example.com" which is actually an alias. You can't login with an alias so... We have a solution.
Smartermail has an option to rename an existing mailbox, so that's good !
1. rename your existing mailbox from "user" to "user-randomstring" or whatever you want to login with. Keep this address private, don't list it, don't share it. This is your new username that nobody should know.
2. create an alias for "user" to point to your renamed mailbox. For this alias, enable the option to use it as "From" address. You will need this if you use webmail, to make outgoing emails from the renamed mailbox to use the alias address instead.
3. reconfigure your mailbox to use the alias address as "From address"
4. reconfigure your email clients to use your renamed mailbox address as username and keep you alias as your "From" address.
That's it. Now it not so damn easy for someone to block your mailbox x times a day. Or to crack your mailbox, which would be much worse.
I still think it would be much better (and easier and more safe) for users if Smartermail developers would implement a separate "username" for mailbox and discontinue the use of email address as the username (or give an option to turn that off, for us to have a more secure mailbox). But in the mean time - while we are waiting for the sun to shine on this one - you can use this trick with alias to achieve the same result. For a limited amount of mailboxes it's doable.