There are several ways the security can be approved.
First of all the 5 minutes block time on password guessing should be configurable. A lot of zombies just keep on trying. When locked out for 5 minutes they just continue after 6 minutes.
Even worse: Kerio Connect doesn't have any protection against e-mail harvesting. Just see the attached log file. Those attacks are pretty easy to recognize and action should be taken.
Kerio Connect does have harvest attack protection. The setting is in the SMTP server Security Options tab. I think that Kerio Connect should have more granular settings for password guessing. That would help with what you described above. Also, you could block these IPs on your firewall if it is capable of that function. I have my own servers setup to only allow port 25 connections from our spam filter. Therefore, all unauthorized incoming port 25 connections are refused. That guards against spammers and attackers who bypass MX record lookups and target the mail server directly.