deoren:
> I have two servers, one where AUTH _is_ enabled and this particular one
> that is receiving the AUTH attempts where AUTH currently is not enabled.
> It will however be reconfigured at some point in the future to allow
> remote AUTH. Before I enable it, I was going to enhance the existing
> fail2ban rules to counter the blatant abuse attempts and this seemed
> like a good example to look at.
If you think about compiling a list of bad IP addresses, that list
is obsolete very soon. These "attacks" come through hacked machines
that are constantly replaced by new hacked machines when the old
hacked machines are cleaned up.
Adding code to Postfix to only log the specific 5xx response that
you are interested in, and none of the other responses, that makes
no sense to me.
Wietse
