How can we block the IP from an attacker using brute force attacks? I have someone constantly trying to guess my password when trying to login but also change their IP each time.

When attackers send from a range of different IP addresses these hosts are usually already known to be compromised. Using a blocklist like Spamhaus will catch a lot of it. This can be set up in Mercury S configuration / Spam control.

Thanks, I will look at setting that up later today.

I did notice a nasty little tactic that some bots are using to get my domain banned on spamhaus, I have to keep making unban requests.

They register using email addresses from other official sites, then constantly keep requesting a password reset, which in turn spams that email address with password reset emails. The bots always use port 25 on my server, if I only listen to port 587 then I no longer receive emails from gmail or google...

Clearly, the real owner of those email addresses will report my domain name to spamhaus. Not sure if you have come across this issue before?