[imp] Spam issues, need help.

[Dos Wizard]

Hello,

I am running a free webmail service based on IMP, and while I had 
successfully controlled incoming spam on the mail server level, I have 
issues of outgoing spam, thus someone attempts to use an automated bot 
process to send outgoing spam via horde.

Now, probably I would need the following measures:
a) To use captcha on the login box of horde. Is there any mod around for 
that, or I should alter the code myself?
b) To call spamc directly from horde per each mail sent to block 
whatever spamassassin can block as spam.
c) To put a delay routine which would allow only one mail per two 
minutes to be sent per account
d) To trim a setting to disallow someone to replace the sender e-mail 
given by the service thus instead of send <user>@<myfreemail>.tld to 
change it to <myspamname>@<myspamdomain>.tld

The problem is that users have sometimes stupid passwords like 1234 or 
12345 making very easy for a spammer to break into accounts, with 
trivial automated bot process.

Now what I need:
for (a) I need someone to point where in the code, is the imap 
authentication routine. (To alter it). Or if there's a mod around for that.
for (b) and (c) where in the code is the routine which connects to imap 
to send mails.
for (d) which is the setting (obvious).

Best Regards
Nick.

PS: In the meanwhile I am planning to run the service in https:// there 
are fewer robots able to understand SSL around.