You can configure the POA to lock out a user that provides the wrong mailbox password too many times, as described in Section 36.3.5, Enabling Intruder Detection.