During my last inspections of some external Dovecot Servers, i often integrated Auth Caching for better performance with i.e database auth setups.
Configuration is done in /etc/dovecot/conf.d/10-auth.conf:
... auth_cache_size = 50M auth_cache_ttl = 1 hour auth_cache_negative_ttl = 0 ...
This is an example, which works nicely with addtional use of fail2ban to fight brute force via POP3 and IMAP.
Please read the additional comments in the config file , specially #For now this works only with plaintext authentication !