OK, I can't have badlogincount to work...

Don't know why but $this->hasCapability('badlogincount') returns false 
even if I have:

$conf['auth']['params']['app'] = 'imp';
$conf['auth']['driver'] = 'application';
$conf['auth']['params']['count_bad_logins'] = true;
$conf['auth']['params']['login_block'] = true;
$conf['auth']['params']['login_block_count'] = 3;
$conf['auth']['params']['login_block_time'] = 5;

I'm not good enough at debugging php so as a workaround, I will use fail2ban.
Thanks for your time...

Please ask support questions on the mailing lists.

Ok, the BADLOGIN Exception is actually thrown (in /imp/lib/Imap/Exception.php)

I think I found my problem:
In /usr/share/pear/Horde/Auth/Base.php, there is a test before calling 
$this->_badLogin($userId);
Here is the test:

  if (($code == Horde_Auth::REASON_BADLOGIN) &&
                     $this->hasCapability('badlogincount')) {
                     $this->_badLogin($userId);
                 }

If I comment the line  $this->hasCapability('badlogincount')), bad 
logins are stored in the database (horde_histories) which seems ok...

Now, I can see in the same file, the constructor with another test:

if (isset($params['history_api'])) {
             $this->_history_api = $params['history_api'];
             $this->_capabilities['badlogincount'] = true;
             unset($params['history_api']);
         }

Maybe, the problem is here, so the question is:
How can I enable $params['history_api'] ???
Tell me if I am wrong or, if I'm right, how do I enable this param???
Thanks in advance.

cd imp
fgrep -r REASON_BADLOGIN *

What I can see is that IMP_Auth fails with  REASON_BADLOGIN only in 
case of empty login/password:

if (!isset($credentials['userId']) ||
                 !isset($credentials['password'])) {
                 throw new Horde_Auth_Exception('', 
Horde_Auth::REASON_BADLOGIN);
             }

I have bad login counting enabled, this is the relevant part of 
/var/www/horde/config/conf.local.php:

$conf['auth']['params']['app'] = 'imp';
$conf['auth']['driver'] = 'application';
$conf['auth']['params']['count_bad_logins'] = true;
$conf['auth']['params']['login_block'] = true;
$conf['auth']['params']['login_block_count'] = 2;
$conf['auth']['params']['login_block_time'] = 5;

But bad login count isn't working for me....
Where can I find the code that does real imp authentication and throws 
REASON_BADLOGIN exception in case of wrong authentication ?
thanks in advance.

IMP *does* fail authentication with REASON_BADLOGIN (see, e.g., IMP_Auth).

_badLogin() is only called if you activate bad login counting.

It seems that the function _badLogin($userId) (in Auth/Base.php) is 
never used with IMP authentication.
What I understand is that this function is called when en exception 
Horde_Auth::REASON_BADLOGIN is thrown. This is the code in 
Auth/Base.php:

    } catch (Horde_Auth_Exception $e) {
             if (($code = $e->getCode()) &&
                 $code != Horde_Auth::REASON_MESSAGE) {
                 if (($code == Horde_Auth::REASON_BADLOGIN) &&
                     $this->hasCapability('badlogincount')) {
                     $this->_badLogin($userId);
                 }
                 $this->setError($code, $e->getMessage());
             } else {
                 $this->setError(Horde_Auth::REASON_MESSAGE, $e->getMessage());
             }
             return false;
         }

Unfortunately, this never occurs with IMP authentication. I think some 
code is missing, in case of wrong login/password, something like:

throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);

But I don't know where.....