Jeffrey 'jf' Lim: > > Disabling auth does not stop them from trying; I scan my logs for the > > string > > "auth=0/1", and add the offending IP address to a blacklist - a > > do-it-yourself > > fail2ban. > > > > It should. Unless they're the dumbest bots of all time, because you > should have stopped advertising auth in your EHLO response after > disabling.
Some bots are stupid. My server does not announce AUTH, but that
does not stop them from trying.
Wietse
