I used the following script to test brute-force protection:
#!/usr/bin/php
<?php
for( $i=0; $i<99; $i++ ){
echo “Will try [$i] now. \n”;
$mbox = imap_open(“{mail.mailserver.com:143/imap/novalidate-cert}INBOX”,”user_test_$i”,”foobar”,0,0);
}
?>
Edit: You will need php-cli and php-imap