Tracking Qpopper Attacts

I use Qpopper (/user/local/sbin/popper) and I have the normal rash of attempts which sometimes gets close to a DOS attack. What is the exact syntax for setting up blockhost to trap these. Everything else seems to working AOK.

need log lines

Need the lines from the log to create the regular expressions, which can then be added to blockhosts configuration.
This will work assuming that popper follows the other requirements such as using TCP wrappers (alternatively, the --iproute or --iptables blockhosts options can be used to halt all network communication from the bad hosts).

need log lines

Well hopefully this is what you need
I will use the main mails server and theis is from /var/log/messages
APR 1 08:40:34 ms1 qpopper{19252] : Stats: user
If you need more let me know

no, need log lines showing access failure for IP address

That is not correct - need to have a specific log line that contains the IP address of the remote host, and words that indicate that there was an access failure.
See blockhosts.cfg for examples of log lines for SSH, FTP, etc, it should be something like that. If such log lines do not exist, then it is not possible to use blockhosts for qpopper.