Patrick Ben Koetter:
> My primary goal would be to detect SASL login attacks/abuse and block the
> client/temporarily disable the account. Catching envelope-sender abuse is
> less important to me.
There is no way to find out about login failure, unless the client
sends HELO, MAIL FROM, RCPT TO, or DATA after failing to log in.
Specifically, there is no "hook" in the AUTH command to invoke the
policy protocol (or Milter protocol). One AUTH attempt may involve
multiple protocol iterations depending on the method used.
Wietse
